gh-aw 0.36.0

🌟 Release Highlights

This release brings significant improvements to network security, agent workflows, and developer experience with 94 merged pull requests.

✨ What's New

Network Security Enhancements

• Domain blocklist support - Block specific domains or ecosystems (e.g., python, node) while allowing others via network.blocked and --block-domains flag (#9063)
• Protocol-specific filtering - Restrict domains to HTTP-only or HTTPS-only with http:// and https:// prefixes (#9062)
• Localhost rewriting - Automatic localhost → host.docker.internal for MCP servers when firewall is enabled (#9281)

Agent Session Improvements

• New terminology - Migrated from "agent task" to "agent session" with automatic codemod support via gh aw fix (#9214)
• Session state logging - Copy Copilot session files to workflow artifacts for debugging (#9272)
• Conversation markdown - Transform Copilot conversation.md headers for step summaries (#9301)

Workflow System Enhancements

• Runtime imports - Import steps from external files with @import: path/to/file.md and automatic checkout (#9306, #9315, #9316)
• Missing data handler - New missing_data safe output type for reporting data gaps (#9324)
• Integrated missing_tool - Refactored to safe output handler pattern (#9322)

Developer Experience

• Firewall log summaries - Use awf logs summary for CI reports (#9055)
• Action path isolation - Move setup/compiler from /tmp/gh-aw to /opt/gh-aw for read-only agent access (#9273)
• Better error messages - Simplified compiler errors and removed regex validation noise (#9309)

🐛 Key Bug Fixes

Security Fixes

• Fixed template injection vulnerabilities by moving user inputs to environment variables (#9147, #9124)
• Resolved path traversal false positives in workflow validation (#9308, #9294)
• Removed dangerous write permissions feature flag from compiler errors (#9275)

Workflow Compilation

• Fixed invalid YAML from template conditionals in heredocs (#9289)
• Relaxed firewall log field validation to match JavaScript parser (#9227)
• Fixed read-only permissions with safe-outputs jobs (#9191)

MCP & Tools

• Skip tools validation for custom agents with array-format tools (#9307)
• Remove command stdio server support per MCP v1.0.0 specification (#9304)
• Add create_project_status_update to handler config generation (#9169)

⚡ Version Updates

• Copilot CLI → 0.0.375 with conversation markdown support (#9271)
• Codex → 0.79.0 with improved session handling (#9271)
• AWF (firewall) → v0.8.2 (#9163)
• actions/upload-artifact → v6.0.0 (#9302)
• MCP SDK → 1.25.2 (#9261)

📚 Documentation

• Added runtime-import and @path syntax documentation (#9306)
• Documented import merge semantics and BFS traversal algorithm (#9170)
• Clarified MCP Gateway containerized stdio and HTTP server requirements (#9295)
• Added protocol-specific domain filtering examples
• Fixed broken links in agent-zoo report with CI link checker (#9290)

⚠️ Breaking Changes

Agent Session Terminology

The create-agent-task frontmatter key is now deprecated. Update your workflows:

# Before
create-agent-task: true

# After  
create-agent-session: true

Run gh aw fix to automatically migrate workflows. The old key remains supported with a deprecation warning.

---

For complete details, see the CHANGELOG.

Ahoy! This treasure was crafted by 🏴‍☠️ Release

---

What's Changed

• Enable copy-project safe output by default for campaign orchestrators by @Copilot in #9121
• Remove duplicate GitHub reference escaping documentation by @Copilot in #9151
• Consolidate consecutive shell redirects to fix SC2129 warnings by @Copilot in #9153
• Add gh aw init suggestion to upgrade-agentic-workflows agent by @Copilot in #9155
• Add domain field to MCP gateway config based on sandbox.agent mode by @Copilot in #9154
• Fix copilot-setup-steps workflow npm cache path by @Copilot in #9152
• Fix template injection vulnerabilities in workflow compiler by @Copilot in #9147
• [WIP] Fix medium severity security issues in workflows by @Copilot in #9148
• Fix sandbox.mcp port parsing and require explicit container/command mode by @Copilot in #9156
• Remove VSCode extensions.json handling from init command by @Copilot in #9158
• fix: register create_project_status_update handler in HANDLER_MAP by @Copilot in #9161
• Remove Campaign Improvements & Future Directions documentation page by @Copilot in #9164
• Fix campaign_id field type to TEXT instead of SINGLE_SELECT by @Copilot in #9167
• Fix create_project_status_update handler not loaded in campaign workflows by @Copilot in #9169
• Remove awmg gateway binary and build infrastructure by @Copilot in #9160
• Security Fix: Suppress gosec warning for intentional error ignoring in semver.go (Alert #477) by @github-actions[bot] in #9166
• Update Codex CLI to version 0.78.0 by @Copilot in #9162
• Bump gh-aw-firewall (AWF) to v0.8.2 by @Copilot in #9163
• [instructions] Sync github-agentic-workflows.md with v0.35.1 by @github-actions[bot] in #9168
• Document import merge semantics and BFS traversal algorithm by @Copilot in #9170
• Fix compile-workflows CI failure: sync lock file with updated safe outputs config by @Copilot in #9173
• Security Fix: Path traversal vulnerabilities in logs_metrics.go (Alerts #476, #475) by @github-actions[bot] in #9180
• Replace custom semver parser with golang.org/x/mod/semver by @Copilot in #9178
• Add W3C-style MCP Gateway specification by @Copilot in #9181
• Fix test expectations after terminology and data changes by @Copilot in #9187
• Security Fix: Path traversal vulnerabilities in run_workflow_validation.go (Alerts #483, #482) by @github-actions[bot] in #9198
• [docs] Update glossary - daily scan by @github-actions[bot] in #9202
• Move copy-project from campaign orchestrators to campaign-generator by @Copilot in #9208
• Security Fix: Path traversal false positives in run_workflow_validation.go (alerts #483, #482) by @github-actions[bot] in #9213
• Fix campaign-generator double trigger on issue template submission by @Copilot in #9212
• Enforce compilation and strict security validation in create-agentic-workflow agent by @Copilot in #9217
• Enable CI Coach to optimize fuzz tests via artifact upload by @Copilot in #9216
• Refactor spinner to use idiomatic Bubble Tea patterns by @Copilot in #9196
• Move COPILOT_GITHUB_TOKEN to top of tokens documentation by @Copilot in #9221
• Improve copy_project error diagnostics and simplify campaign-generator configuration by @Copilot in #9219
• Remove speckit agents and .specify directory by @Copilot in #9224
• Fix firewall log parsing by relaxing field validation to match JavaScript parser by @Copilot in #9227
• Update docs index page: remove redundant intro, add workflow example, fix broken link by @Copilot in #9228
• Add responsive table component with CSS-only mobile card layout by @Copilot in #9222
• Add messages block to campaign-generator workflow with professional tone by @Copilot in #9232
• Add configurable branch-prefix option for repo-memory by @Copilot in #9195
• Migrate from "agent task" to "agent session" terminology by @Copilot in #9214
• Enforce read-only permissions by default with dangerous-permissions-write feature flag by @Copilot in #9218
• Refactor runtime_setup.go into 5 focused modules (1,016 → 1,034 lines) by @Copilot in #9242
• Refactor functions with >7 parameters to use Options structs by @Copilot in #9235
• Add automatic text wrapping for code snippets in mobile mode by @Copilot in #9246
• Implement MCP gateway step generation with multi-agent support by @Copilot in #9185
• Create error recovery patterns documentation by @Copilot in #9250
• Add daily GitHub remote MCP authentication test workflow by @Copilot in #9249
• Add domain blocklist support via --block-domains flag by @Copilot in #9063
• Security Fix: Suppress hardcoded credentials false positive in compiler_safe_outputs_steps.go (Alert #481) by @github-actions[bot] in #9258
• [docs] Add branch-prefix documentation for repo-memory (Jan 7, 2026) by @github-actions[bot] in #9266
• Bump @modelcontextprotocol/sdk from 1.24.0 to 1.25.2 in /.github/workflows by @dependabot[bot] in #9261
• Set default expiration on create discussion to 7 days by @Copilot in #9234
• Add debug logging to critical error paths in workflow compilation by @Copilot in #9263
• Fix campaign validation to use spec directory instead of global workflow directory by @Copilot in #9267
• Add comprehensive tests for idiomatic Bubble Tea spinner implementation by @Copilot in #9272
• Add ephemerals documentation for expiration and noise reduction features by @Copilot in #9273
• Fix copy_project creating duplicate projects due to module-level main() execution by @Copilot in #9245
• Fix workflow compilation errors by using read-only permissions with safe-outputs by @Copilot in #9269
• [instructions] Sync github-agentic-workflows.md with v0.35.1 by @github-actions[bot] in #9276
• Remove dangerous-permissions-write feature flag suggestion from compiler errors by @Copilot in #9275
• Update Copilot CLI to 0.0.375 and Codex to 0.79.0 with conversation markdown support by @Copilot in #9271
• Support process-*.log naming convention for Copilot session logs by @Copilot in #9278
• Convert CLI error outputs to use console formatting by @Copilot in #9251
• Replace existing spinner with simplified state management and 33% code reduction by @Copilot in #9264
• Create issues with agentic instructions when workflows need recompilation by @Copilot in #9277
• Use awf logs summary for CI firewall reports by @Copilot in #9055
• Support protocol-specific domain filtering (http/https) by @Copilot in #9062
• Enable CodeQL analysis for GitHub Actions workflows by @Copilot in #9284
• docs: document default mounted volumes for AWF sandbox by @Copilot in #9286
• Document wildcard domain support in network filters by @Copilot in #9283
• Improve The Great Escapi workflow with discussion and repo-memory persistence by @Copilot in #9288
• fix: rewrite localhost URLs to host.docker.internal when firewall is enabled by @Copilot in #9281
• Fix broken links in agent-zoo report and add link checker CI by @Copilot in #9290
• Remove overly broad Copilot CLI timestamped ERROR pattern by @Copilot in #9291
• Copy Copilot session state files to logs before secret redaction by @Copilot in #9279
• Security Fix: Path Traversal Vulnerability in logs_parsing.go (Alert #474) by @github-actions[bot] in #9294
• Fix template conditional expressions creating invalid YAML in heredocs by @Copilot in #9289
• Clarify MCP Gateway only supports containerized stdio and HTTP servers by @Copilot in #9295
• Upgrade upload-artifact to v6.0.0 by @Copilot in #9302
• Move setup action files to /opt/gh-aw for readonly access by @Copilot in #9270
• Add docs for runtime-import and @path syntax by @Copilot in #9306
• Transform Copilot conversation.md headers for step summaries by @Copilot in #9301
• Remove command stdio server support from MCP gateway per specification v1.0.0 by @Copilot in #9304
• Security Fix: Resolve path traversal false positives in run_workflow_validation.go (#483, #482) by @github-actions[bot] in #9308
• Fix: Skip tools validation for custom agent files with array-format tools by @Copilot in #9307
• Restrict runtime-import to .github folder with automatic prefix trimming by @Copilot in #9316
• Centralize workflow filename manipulation and file type detection into helper functions by @Copilot in #9310
• Add automatic checkout for runtime-import macros by @Copilot in #9315
• Move workflow recompile issue template to markdown with standardized footer by @Copilot in #9318
• [ca] CI Cleaner: Fix Go code formatting by @github-actions[bot] in #9321
• Remove error pattern regex validation system by @Copilot in #9309
• Refactor missing_tool to integrated safe output handler by @Copilot in #9322
• Add missing_data safe output type for reporting data gaps by @Copilot in #9324

Full Changelog: v0.35.1...v0.36.0