v0.56.2
π Release Highlights
This release focuses on reliability improvements across protected-file handling, setup CLI pinning, and cross-repo workflows β along with an upgrade to GitHub MCP server v0.32.0 and a new strict allowlist feature for protected-file protection.
β¨ What's New
allowed-filesstrict allowlist for protected-file PR safe outputs (#20051) β You can now configure an explicit allowlist of files that are permitted in protected-file PRs. Any file outside the allowlist is blocked, giving teams tighter control over what agents can modify in sensitive branches.
π Bug Fixes & Improvements
- Protected-file fallback-to-issue now works when
workflowspermission is absent (#20106) β When an agent patch touches.github/workflows/files and the GitHub App lacksworkflowspermission,gh-awnow correctly creates a fallback review issue rather than silently failing. - Default branch no longer hardcoded to
main(#20099) βcreate_pull_requestand related operations now query the repository's actual default branch, fixing failures in repos usingmaster,develop, or any non-maindefault. add-wizardcorrectly syncs working tree after PR merge (#20094) β Switching to the default branch after merging a wizard-created PR ensures workflow files are visible immediately, eliminating "workflow file not found" errors.setup-cliaction now respects pinned version input (#20081) β The action verifies the installed version matches the requested version aftergh extension install, falling back to a manual binary download if there's a mismatch.- Safe output handler gracefully handles custom safe output job types (#20114) β Unknown job types no longer surface as unhandled errors; they are now logged and skipped cleanly.
β‘ Performance
- Compiled regex patterns moved to package-level variables (#20073, #20079) β
regexp.MustCompilecalls acrosspkg/cli,pkg/workflow, and the expression-validation hot path are now initialized once at startup rather than on every invocation, reducing allocation pressure in high-frequency compilation paths.
π§ Dependencies & Infrastructure
- GitHub MCP server upgraded to v0.32.0 (#20100) β Picks up the latest GitHub MCP tooling improvements and bug fixes.
π Documentation
- New Cost Management reference page (#20078) β Added guidance on understanding and controlling the compute costs associated with running agentic workflows.
π Community Contributions
A huge thank you to the community members who reported issues that were resolved in this release:
For complete details, see CHANGELOG.
Generated by Release
What's Changed
- Add missing scanner.Buffer() calls to prevent silent truncation in gateway_logs.go by @Copilot in #20074
- chore: hoist regexp.MustCompile calls to package-level vars across pkg/cli and pkg/workflow by @Copilot in #20073
- perf: hoist regexp.MustCompile calls to package-level vars in validateExpressionForDangerousProps by @Copilot in #20079
- IMP-003: Move
generateCustomJobToolDefinitiontosafe_outputs_config_generation.goby @Copilot in #20080 - docs: add Cost Management reference page by @Copilot in #20078
- Fix setup-cli action ignoring pinned version input by @Copilot in #20081
- fix: query repo default branch instead of hardcoding 'main' (#20098) by @dsyme in #20099
- [dead-code] chore: remove dead functions β 9 functions removed by @github-actions[bot] in #20101
- fix: switch to default branch before pulling after add-wizard PR merge by @Copilot in #20094
- fix: create protected-file review issue when push fails due to workflows permission by @dsyme in #20106
- Update MCP gateway GitHub guard terminology by @claude in #20096
- Upgrade GitHub MCP server to v0.32.0, recompile workflows by @Copilot in #20100
- Add
allowed-filesstrict allowlist for protected-file protection on PR safe outputs by @Copilot in #20051 - Fix safe output handler to gracefully ignore custom safe output job types by @Copilot in #20114
- [code-simplifier] refactor: simplify generateCustomJobToolDefinition and extractDispatchWorkflowNames by @github-actions[bot] in #20107
Full Changelog: v0.56.1...v0.56.2
Contributors
claude and dsyme