v0.69.0

🌟 Release Highlights

v0.69.0 delivers significant safe-output workflow improvements — team reviewers, dynamic branch configuration, and update-branch support — plus the new Crush AI engine and a wave of community-reported bug fixes improving MCP reliability, secret redaction, and token reporting.

✨ What's New

🤖 Crush Engine Replaces OpenCode
The OpenCode engine has been retired and replaced with Crush across all runtime paths. Update your workflows with engine: crush to use the new engine. Learn more

👥 Team Reviewer Support for Safe Outputs
create-pull-request and add-reviewer safe outputs now support team reviewers in addition to individual users — resolving a long-requested community feature. Learn more

🌿 Dynamic Base Branch for create_pull_request
Workflows can now specify a per-run base branch via policy-gated configuration. The patch generator also correctly honors the configured base_branch instead of defaulting to the triggering repo's default branch.

🔄 Update-Branch Support in update-pull-request
Safe-output update-pull-request now supports the update-branch operation, enabling workflows to keep pull requests up to date with their base branch automatically.

↩️ Redirect Support for Workflow Updates
Workflow update operations now support a --no-redirect flag and safe-update approval checks, giving you more control over automated workflow changes.

🔀 Fallback PR Flow for Diverged Branches
When push-to-pull-request-branch diverges, the workflow now automatically falls back to an alternative PR flow. Opt-out is available for workflows that prefer the previous strict behavior.

📦 latex Network Ecosystem Group
A new latex network ecosystem identifier is available for workflows that need to fetch LaTeX packages during agentic runs. Learn more

⬆️ gh aw upgrade Improvements

• New --pre-releases flag to opt into pre-release versions
• Fixed duplicate success symbol display
• Extended rename+retry workaround to Windows

🏷️ LOW_QUALITY Comment Minimization
Safe outputs now support LOW_QUALITY as a valid comment minimization reason, expanding control over comment visibility on noisy threads.

🐛 Bug Fixes & Improvements

• Fixed MCP stdout corruption — gh aw mcp-server no longer writes diagnostic banners to stdout, preventing JSON-RPC stream poisoning (community report by @edburns)
• Fixed duplicate Token Usage section in agent summaries when MCP Gateway content was present (community report by @Daidanny008)
• Eliminated secret-redaction EACCES warnings — Redact secrets in logs no longer fails on MCP log files owned by another user (community report by @yskopets)
• Fixed pre-steps outputs unavailable to safe_outputs/conclusion/activation jobs that mint GitHub App tokens (community report by @bbonafed)
• Fixed markdown fence balancer corrupting sequential code blocks
• Fixed false-positive role assertion match in single-string test patterns (community report by @jeffhandley)
• Cap native action updates at the running CLI version to prevent over-upgrading
• Fixed missing state-reason field in close-issue JSON schema
• Added --allow-host-ports to AWF command for MCP gateway port 8080

🔒 Security

• SEC-005 allowlist validation now enforced for workflow_dispatch target repo overrides
• New gh aw fix codemods available for strict-mode secret leaks in step run and engine.env

📚 Documentation

• FAQ entry clarifying slash-command trigger noise and LabelOps mitigation
• CLI help text and engine documentation aligned with latest behavior

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@bbonafed

• pre-steps outputs unavailable to safe_outputs/conclusion/activation jobs that mint GitHub App tokens (direct issue)

@Calidus

• Safe-output patch generator uses triggering repo's default branch instead of configured base_branch (direct issue)

@Daidanny008

• Extra Token-Usage Section Rendered in Agent Summary (direct issue)

@edburns

• 🐳 MCP Fail Whale: gh aw mcp-server writes diagnostic banners to stdout, poisoning the JSON-RPC stream (direct issue)

@IEvangelist

• Feature request: dynamic/per-run base branch for create_pull_request safe output (direct issue)

@jeffhandley

• Likely false-positive match on single-string role test assert (direct issue)

@jsoref

• Types of parameters 'options' and 'encoding' are incompatible. -- Type 'string' is not assignable to type 'WriteFileOptions | undefined'. (direct issue)

@seangibeault

• Safe outputs create-pull-request / add-reviewer don't support team reviewers (spec says they should) (direct issue)

@tinytelly

• triggering unwanted actions (direct issue)

@yskopets

• Refactor *.cjs scripts to support SideRepoOps pattern natively (direct issue)
• agent: "Redact secrets in logs" step emits 3 warnings — EACCES permission denied on MCP log files (direct issue)

⚠️ Attribution Candidates Need Review

The following community issues were closed during this period but could not be automatically linked to a specific merged PR. Please verify whether they should be credited:

• @Ray961123 for Question: Why do some GitHub Actions steps intermittently have no logs (data-log-url) after completion? — closed 2026-04-19, closed as NOT_PLANNED, no confirmed PR linkage found

---

For complete details, see CHANGELOG.

Generated by Release · ● 1.6M

---

What's Changed

• test: tighten single-role GH_AW_REQUIRED_ROLES assertion (fixes #26799) by @Copilot in #26804
• Add daily Claude workflow for cross-repo gh-aw compilation compatibility checks by @Copilot in #26802
• Replace archived OpenCode engine with Crush across runtime, compiler, and workflow assets by @Copilot in #26819
• fix: prevent markdown fence balancer from corrupting sequential code blocks by @dsyme in #26785
• [architecture] Update architecture diagram - 2026-04-17 by @github-actions[bot] in #26831
• [jsweep] Clean resolve_mentions_from_payload.cjs by @github-actions[bot] in #26809
• [docs] Update glossary - daily scan by @github-actions[bot] in #26840
• [spec-extractor] Update package specifications for constants, cli (run 1) by @github-actions[bot] in #26841
• [spec-enforcer] Enforce specifications for timeutil, logger, constants by @github-actions[bot] in #26842
• [docs] Update documentation for features from 2026-04-17 by @github-actions[bot] in #26845
• [docs] docs: consolidation v6.3 — tone fixes and package structure update by @github-actions[bot] in #26851
• [docs] Self-healing documentation fix: update FAQ engine list - 2026-04-17 by @github-actions[bot] in #26872
• deps: bump bubbletea v2.0.5 → v2.0.6 for wide-char rendering fix by @Copilot in #26838
• fix: cap gh-aw native action updates at the running CLI version by @Copilot in #26827
• [aw-compat] Downgrade strict missing-permission failures for default GitHub toolsets to warnings by @Copilot in #26816
• Refactor MCP gateway converters to shared pipeline and thin engine adapters by @Copilot in #26858
• ci: compile gh-aw-marketplace workflows in CI by @Copilot in #26888
• Bump default CLI/tool versions (Claude, Copilot, Codex, GitHub MCP) and recompile lockfiles by @Copilot in #26810
• docs: clarify BYOK and MCP registry enforcement behavior by @Copilot in #26900
• Refactor activation job builder to eliminate function/file size architecture violations by @Copilot in #26879
• Reduce token overhead in Daily Compiler Quality workflow by @Copilot in #26907
• Add redirect support for updates with --no-redirect and safe-update approval checks by @Copilot in #26903
• [WIP] Fix failing GitHub Actions workflow lint-go by @Copilot in #26912
• Fix CI js typecheck errors in gateway config conversion scripts by @Copilot in #26913
• Add team reviewer support to create-pull-request and add-reviewer safe outputs by @Copilot in #26915
• [cli-consistency] Correct engine help text and align CLI command wording by @Copilot in #26917
• [aw-compat] Add gh aw fix codemods for strict-mode secret leaks in step run and engine.env by @Copilot in #26919
• Refactor workflow issue-reporting parsers and unify string-slice config extraction by @Copilot in #26924
• [actions] Update GitHub Actions versions - 2026-04-17 by @github-actions[bot] in #26937
• [log] Add debug logging to 5 pkg files for improved troubleshooting by @github-actions[bot] in #26942
• Prevent MCP stdio startup diagnostics from polluting JSON-RPC stdout by @Copilot in #26921
• Add policy-gated per-run base branch override for create_pull_request by @Copilot in #26916
• Resolve critical cross-package type-name conflicts (MCP, engine, repo, file tracking) by @Copilot in #26945
• Fix Super Linter Report artifact upload by normalizing log file permissions by @Copilot in #26946
• [deep-report] Add go ecosystem allowlist to Package Specification Enforcer network config by @Copilot in #26947
• Audit MCP stdio output paths to prevent stdout protocol corruption by @Copilot in #26954
• Nest gh-aw.job.agent under conclusion span in OTLP traces by @Copilot in #26951
• Revert default Copilot CLI to v1.0.21 and recompile lockfiles by @Copilot in #26963
• Extract shared noop reminder prompt into reusable workflow component by @Copilot in #26961
• Align generated workflow step names for engine config and cache-memory steps by @Copilot in #26960
• Refactor comment scripts for native SideRepoOps context (workflowRepo vs eventRepo) by @Copilot in #26953
• Honor configured create_pull_request.base_branch in safe-output patch generation by @Copilot in #26952
• Bump default AWF to v0.25.24 and MCP Gateway to v0.2.24 by @Copilot in #26966
• Eliminate persistent “Redact secrets in logs” warnings by running MCP gateway as runner user by @Copilot in #26658
• Harden compile MCP stdout handling and add compile stdio pollution coverage by @Copilot in #26968
• [docs] docs: unbloat maintaining-repos guide by @github-actions[bot] in #26976
• [architecture] Update architecture diagram - 2026-04-18 by @github-actions[bot] in #27001
• Align golden fixtures and lockfile hashes with current compiler output by @Copilot in #27002
• [jsweep] Clean action_setup_otlp.cjs — add comprehensive test coverage by @github-actions[bot] in #26986
• [spec-extractor] Update package specifications for agentdrain, cli, console, constants by @github-actions[bot] in #27006
• [spec-enforcer] Enforce specifications for actionpins, agentdrain, fileutil by @github-actions[bot] in #27011
• CI: authenticate gh-aw-marketplace clone in marketplace compile integration job by @Copilot in #27007
• [docs] Update documentation for features from 2026-04-18 by @github-actions[bot] in #27017
• [instructions] Sync github-agentic-workflows.md with v0.68.3 by @github-actions[bot] in #27019
• [community] Update community contributions in README by @github-actions[bot] in #27018
• Recompile workflow lockfiles to align generated Actions with current compiler output by @Copilot in #27003
• [docs] Consolidate developer docs v6.4 — fix 4 tone issues across 4 spec files by @github-actions[bot] in #27022
• Add smoke-ci agentic workflow with safeoutputs CLI command override by @Copilot in #27024
• Fix testifylint failures in spec tests for action pinning and agent drain by @Copilot in #27033
• Fix mounted MCP CLI restricted-bash allowlists across agentic engines (including codex/crush) and preserve CLI-first prompt guidance by @Copilot in #26974
• CI: disable private gh-aw-marketplace integration compile job by @Copilot in #27059
• Fix @ts-check regressions in setup JS scripts causing CI js job failure by @Copilot in #27060
• Fix MCP CLI bridge arg coercion, audit error envelopes, and logs cache readability by @Copilot in #27020
• Run MCP gateway on 8080 and add explicit host mapping for non-root containers by @Copilot in #27058
• Recompile generated workflow lock files by @Copilot in #27064
• Add dedicated agentic-maintenance operation to close agentic-workflows issues as no repro by @Copilot in #27066
• Use Octokit native GraphQL closeIssue API in agentic issue cleanup by @Copilot in #27071
• Harden Copilot AWF node bootstrap when GH_AW_NODE_BIN is invalid in container by @Copilot in #26918
• Stabilize pkg/cli include section-extraction test by removing unintended remote fetch path by @Copilot in #27079
• Reduce Issue Monster token footprint via issue-only tooling, Haiku model, and body-first triage context by @Copilot in #27084
• Split CI compute workflows into cgo.yml and cjs.yml, with integration in ci.yml by @Copilot in #27088
• Serialize engine.command into a reviewable executable script for Copilot harness runs by @Copilot in #27078
• Fix invalid needs dependencies in ci.yml by @Copilot in #27097
• fix: add --allow-host-ports to AWF command for MCP gateway port 8080 by @lpcox in #27080
• Split long-running CJS workflow into typecheck + sharded test jobs by @Copilot in #27098
• Stabilize sanitize_output CJS tests by ensuring /tmp/gh-aw exists in test setup by @Copilot in #27104
• Ensure Smoke CI emits a safe output on non-PR runs by @Copilot in #27106
• Improve anomaly detector test clarity and boundary coverage in pkg/agentdrain by @Copilot in #27107
• docs(constants): sync README with newly exported guard-policy, BYOK, and AWF version constants by @Copilot in #27111
• Fix docs build failure from invalid frontmatter redirect anchor by @Copilot in #27118
• Fix invalid Frontmatter redirect anchor in CLI setup docs by @Copilot in #27119
• Prevent false canary-go failures on canceled/failed split test runs by @Copilot in #27120
• Add copilot-opt workflow to generate 3 evidence-backed Copilot optimization issues from 14-day session analysis by @Copilot in #27121
• Refactor duplicated SHA/workflow-spec helpers into shared parser and gitutil APIs by @Copilot in #27108
• Reduce Copilot Token Usage Optimizer overhead via lean toolset, cli-proxy path, pre-aggregation, and prompt compaction by @Copilot in #27114
• Bump default AWF to v0.25.25 and MCP Gateway to v0.2.25 by @Copilot in #27102
• feat(copilot-opt): exclude non-actionable Copilot branch naming recommendations by @Copilot in #27139
• Rename GetCachedActionPin to ResolveLatestActionPin in pkg/actionpins by @Copilot in #27136
• [docs] Update dictation skill glossary with missing terms by @github-actions[bot] in #27153
• [docs] Update developer docs to v6.5: document app→github-app and safe-inputs→mcp-scripts renames by @github-actions[bot] in #27171
• [spec-extractor] Update package specifications for cli and constants by @github-actions[bot] in #27166
• [architecture] Update architecture diagram - 2026-04-19 by @github-actions[bot] in #27163
• [code-simplifier] test: remove duplicate benchmark and dead code in test files by @github-actions[bot] in #27154
• [docs] docs: reduce bloat in engines.md (21% reduction) by @github-actions[bot] in #27142
• Add ambient context metric to audit and logs commands by @Copilot in #27137
• fix: use sanitized workflow IDs for trending cache keys by @Copilot in #27126
• [workflow-style] Normalize /cloclo report formatting guidance by @Copilot in #27161
• Reduce DDUw Step 1c false “unaddressed” matches for spec-librarian closures by @Copilot in #27192
• Issue Monster: enforce issue_number for assign_to_agent and soften assignment comment wording by @Copilot in #27160
• [jsweep] Clean action_conclusion_otlp.test.cjs by @github-actions[bot] in #27144
• [spec-enforcer] Enforce specifications for gitutil, typeutil, parser by @github-actions[bot] in #27167
• Prevent false safe_outputs failures in Multi-Device Docs Tester when artifact output is empty by @Copilot in #27195
• Harden contribution-check safe-output contract for noop limits and summary issue labeling by @Copilot in #27194
• Add jobs.<job-id>.pre-steps support for custom and built-in jobs by @Copilot in #27138
• Fix MCP CLI arg normalization for dash/underscore variants by @Copilot in #27196
• perf: stabilize BenchmarkValidation by removing permission-warning/logging overhead by @Copilot in #27197
• Rename ambiguous pkg/actionpins helper to reflect return type by @Copilot in #27201
• Improve pkg/agentdrain/miner_test.go coverage for utility and error-path behavior by @Copilot in #27199
• Reduce ParseWorkflow hot-path overhead in frontmatter parsing and import scanning by @Copilot in #27200
• Refactor expression helper semantics into a single workflow source and remove duplicate CLI version state by @Copilot in #27198
• Add add-wizard tuistory integration suite in dedicated CI job by @Copilot in #27205
• Fix empty guard alert blocks in Workflow Health Dashboard issue output by @Copilot in #27202
• Handle deleted PR branches in push-to-pull-request-branch with opt-in skip mode by @Copilot in #27208
• Clarify CI false-positive in Tuistory integration step (skip vs failure) by @Copilot in #27209
• [q] fix: exclude cancelled create_discussion results from error export (#27185) by @github-actions[bot] in #27210
• Handle SSE tools/list responses when mounting MCP servers as CLIs by @Copilot in #27207
• Move frontmatter_hash_github_api.test.cjs to dedicated JS integration test path by @Copilot in #27213
• Align DIFC/CLI Proxy step names with glossary capitalization by @Copilot in #27224
• [log] Add debug logging to 5 pkg files by @github-actions[bot] in #27229
• Fix copilot_driver.cjs append callback typing mismatch in TypeScript checks by @Copilot in #27236
• Emit gh-aw.agent.agent span for timed-out runs when agent_output.json is missing by @Copilot in #27237
• Add activity_report operation to agentic maintenance workflow by @Copilot in #27212
• Align package specs with audit findings (dependencies + section structure) by @Copilot in #27241
• Add fallback PR flow for diverged push-to-pull-request-branch and make it opt-out by @Copilot in #27220
• Enforce SEC-005 allowlist validation for workflow_dispatch target repo overrides by @Copilot in #27242
• Normalize Copilot deep-research report template hierarchy and disclosure structure by @Copilot in #27247
• feat: add update-branch support to safe-outputs update-pull-request by @Copilot in #27244
• [docs] docs: unbloat guides/serena.md by @github-actions[bot] in #27263
• Add daily Claude workflow for artifact-driven docs spellcheck PRs with strict safe-output scope by @Copilot in #27264
• [docs] Update glossary - weekly full scan by @github-actions[bot] in #27302
• [spec-extractor] Update package specifications for agentdrain, sliceutil, stringutil, styles by @github-actions[bot] in #27303
• [instructions] Sync github-agentic-workflows.md with v0.68.3 by @github-actions[bot] in #27308
• [docs] docs: developer instructions v6.6 — E2E testing description, maintenance tone scan by @github-actions[bot] in #27316
• [spec-review] Update Safe Outputs conformance checker for recent spec changes by @github-actions[bot] in #27313
• [docs] Update documentation for features from April 20, 2026 by @github-actions[bot] in #27309
• Add latex network ecosystem group by @Copilot in #27291
• [community] Update community contributions in README by @github-actions[bot] in #27306
• Run daily AstroStyleLite spellcheck unconditionally by removing invalid activation gate by @Copilot in #27340
• [specs] Update layout specification - 2026-04-20 by @github-actions[bot] in #27288
• [architecture] Update architecture diagram - 2026-04-20 by @github-actions[bot] in #27298
• Reduce BenchmarkCompileSimpleWorkflow overhead to remove benchmark-only regression by @Copilot in #27285
• [dead-code] chore: remove dead functions — 5 functions removed by @github-actions[bot] in #27334
• fix: add missing state-reason to close-issue JSON schema by @Copilot in #27267
• [jsweep] Clean add_reaction_and_edit_comment.cjs by @github-actions[bot] in #27273
• [code-simplifier] simplify: extract update_branch via destructuring in update_pull_request.cjs by @github-actions[bot] in #27281
• Reduce validation pipeline overhead and make BenchmarkValidation measure validation only by @Copilot in #27284
• [blog] Weekly blog post – 2026-04-20 by @github-actions[bot] in #27348
• Improve homepage video accessibility metadata and fallback semantics by @Copilot in #27342
• [docs] Self-healing documentation fix: byok-copilot COPILOT_MODEL default - 2026-04-20 by @github-actions[bot] in #27352
• Improve parser utility test coverage for not-found detection, expression scanning, workflow spec classification, and import edge cases by @Copilot in #27327
• Refactor workflow helpers: consolidate string-slice parsing and extract engine API target resolution by @Copilot in #27325
• [spec-enforcer] Enforce specifications for tty, types, workflow by @github-actions[bot] in #27305
• fix(upgrade): extend rename+retry workaround to Windows by @Copilot in #27271
• [copilot-opt] Enforce MCP-only GitHub reads by removing direct gh API paths by @Copilot in #27358
• Enable explicit Node runtime for Daily News on aw-gpu-runner-T4 by @Copilot in #27363
• Fix markdown separation before injected security scanning caution in add_comment output by @Copilot in #27371
• Upgrade test workflow: release-created trigger, prerelease coverage, and failure conclusion/issue flow by @Copilot in #27372
• Fix daily spellcheck workflow logging and cspell invocation by @Copilot in #27353
• [cli-consistency] Resolve CLI help/docs drift and flag convention mismatches by @Copilot in #27365
• Enforce mandatory create-pull-request usage for /cloclo file changes by @Copilot in #27370
• Document 2026-04-20 major breaking changes in Unreleased changelog by @Copilot in #27383
• ci: run CI workflow on push to main by @Copilot in #27392
• Add FAQ entry clarifying slash-command trigger noise and LabelOps mitigation by @Copilot in #27389
• [slides] Add Crush engine to AI Engines slide by @github-actions[bot] in #27394
• Populate logs run engine/engine_id fields from aw_info and align with agent by @Copilot in #27390
• Tighten Design Decision Gate with deterministic prefetch and a 5-turn execution envelope by @Copilot in #27393
• Add --pre-releases support to gh aw upgrade and fix duplicate success symbol by @Copilot in #27401
• Add LOW_QUALITY support to comment minimization reasons across safe outputs by @Copilot in #27397
• Skip non-frontmatter Markdown files during compile-all workflow discovery by @Copilot in #27387
• Add codemod to migrate tools.serena to shared Serena import by @Copilot in #27403
• Add experimental gated merge-pull-request safe-output with policy-driven merge enforcement by @Copilot in #27193
• Bump default MCP Gateway to v0.2.26 and regenerate compiled workflow artifacts by @Copilot in #27400
• Reduce CI Optimization Coach token footprint across split CI workflows by trimming prompt surface and front-loading deterministic analysis by @Copilot in #27398
• Remove duplicate Token Usage rendering from MCP Gateway step summary by @Copilot in #27406

Full Changelog: v0.68.7...v0.69.0