v0.68.3

🌟 Release Highlights

This release delivers a major overhaul of push_signed_commits.cjs for edge-case reliability, significant improvements to shared workflow imports, smarter AI model error handling, and a wave of community-driven fixes.

✨ What's New

• Model-not-supported detection — When a model is unavailable or not supported by your Copilot plan, the workflow now stops retrying and surfaces a clear, actionable error in the failure report rather than spinning indefinitely. (#26229)
• checkout field in shared imports — Shared importable workflows now support a checkout field, giving you control over which ref is checked out when importing a shared workflow. (#26292)
• env field in shared imports — You can now pass environment variables via env: in shared import blocks, eliminating the need for workarounds when shared workflows require custom env context. (#26113)
• Time Between Turns (TBT) metric — gh aw audit and gh aw logs now report Time Between Turns, a key indicator of whether LLM prompt caching is effective for your workflows. (#26321)
• OTEL token breakdown — Conclusion spans now include token category breakdowns as attributes, enabling richer cost analysis in your observability dashboards. (#26121)
• API consumption charts as inline images — API consumption reports now render charts as inline Markdown images for instant visibility without requiring external image hosting. (#26150)

🐛 Bug Fixes & Improvements

push_signed_commits.cjs — five targeted fixes:

• File content is now read from commit objects (not the working tree), preventing stale-file bugs in agent-driven commits. (#26287)
• Copy/rename detection and C-quoted filenames are now handled correctly. (#26277)
• Non-100644 file modes (executables, symlinks) are detected and handled gracefully. (#26259)
• Commit ordering uses --topo-order and merge commits are handled with a git push fallback. (#26306)
• Submodule entries now fall back to a plain git push instead of erroring. (#26298)

Other notable fixes:

• on.github-token propagated to activation job — Cross-org workflow_call setups no longer fail because the GitHub token was missing from checkout and hash-check steps. (#26137)
• copilot-driver --resume auth recovery — Authentication failures during --continue/--resume are now handled instead of crashing the driver. (#26146)
• add_comment gains reply_to_id — The reply_to_id parameter is now documented in the MCP tool schema so agents reliably pass it when threading replies. (#26288)
• safe-outputs.actions tools exposed — Custom action tools defined in safe-outputs.actions are now included in the agent's MCP toolset. (#26291)
• engine.max-turns preserved through shared imports — The max-turns setting no longer silently drops when the engine config is sourced from a shared import. (#26122)
• Docker no longer required for gh aw compile --validate — Validation now skips Docker image checks when Docker is unavailable; opt in with --validate-images when needed. (#26074)
• GH_HOST env var used for GH CLI calls — gh repo view and gh pr create now respect GH_HOST, fixing failures in GHES and cross-org contexts. (#26311)
• resolveIssueNumber strips stray quotes — Item numbers wrapped in quotes no longer cause resolution failures. (#26114)
• --safe-update renamed to --approve — The flag name now more clearly conveys its intent. (#26160)

📚 Documentation

• Gemini AI engine added to the introduction/how-they-work guide. (#26147)
• github-app documented as a top-level Allowed Import Field in the imports reference. (#26119)
• New working-directory navigation example in the side-repo-ops pattern. (#26123)
• Comprehensive new guide: Maintaining repos with agentic workflows at scale. (#26073)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@arthurfvives

• Feature: Auto-detect available models or gracefully fallback on 400 errors (Copilot Pro/Education) (direct issue)

@bbonafed

• on.github-token not propagated to checkout and hash check steps in activation job (breaks cross-org workflow_call) (direct issue)

@corygehr

• add-comment: reply_to_id not documented in tool schema, causing agents to skip it (direct issue)

@susmahad

• safe-outputs.actions custom action tools not exposed to agent MCP toolset (direct issue)

@tadelesh

• copilot-driver --resume fails with 'No authentication information found' after transient AI model error (direct issue)

@wtgodbe

• bug: resolveIssueNumber should strip surrounding quotes from item_number values (direct issue)

@yskopets

• feat: support checkout field in importable shared workflows (direct issue)
• Support env field in shared imports (direct issue)
• engine.max-turns is silently dropped when engine config is sourced from a shared import (direct issue)
• Remove Docker dependency from gh aw compile --validate (direct issue)
• docs: add working-directory navigation example to side-repo-ops pattern (direct issue)
• Docs: add top-level github-app to Allowed Import Fields in imports reference (direct issue)

---

For complete details, see CHANGELOG.

Generated by Release · ● 4.1M

---

What's Changed

• Add retry with jitter to create_issue safe-output handler by @Copilot in #26056
• docs: comprehensive guide for maintaining repos with agentic workflows at scale by @Copilot in #26073
• Migrate chart image uploads to upload-artifact with skip-archive in shared workflows by @Copilot in #26075
• Update instructions to use upload-artifact with skip-archive instead of upload-asset by @Copilot in #26076
• Add spec-extractor, spec-enforcer, and spec-librarian agentic workflows by @Copilot in #26083
• feat(deep-report): increase create-issue max from 3 to 7 by @Copilot in #26077
• Skip Docker image validation when Docker is unavailable, add --validate-images flag by @Copilot in #26074
• [actions] Update GitHub Actions versions - 2026-04-13 by @github-actions[bot] in #26087
• fix: update TestMCPGSupportsIntegrityReactions for MCPG v0.2.19 default by @dsyme in #26091
• fix: add imperative verbs to "Super-linter" and "Cross-repo setup guidance" step names by @Copilot in #26095
• Add --gemini-api-target to AWF proxy for Gemini API routing by @Copilot in #26060
• [safe-output-integrator] Add missing test workflow for upload-asset safe output type by @github-actions[bot] in #26103
• Add hippo-memory shared workflow and daily learn workflow by @Copilot in #26109
• Add MemPalace as a shared MCP workflow by @Copilot in #26102
• docs: add README specifications for 15 missing packages, update console and logger specs by @Copilot in #26105
• Fix gh pr checkout failing with GH_HOST mismatch in issue_comment workflows by @Copilot in #26037
• feat: resolve upload_artifact temporary IDs to artifact URLs in safe output bodies by @Copilot in #26108
• fix: strip surrounding quotes from item_number in resolveIssueNumber by @Copilot in #26114
• refactor: use ExpressionBuilder for all if expressions in maintenance_workflow.go by @Copilot in #26116
• Fix Daily Hippo Learn: remove unsupported hippo --version check by @Copilot in #26112
• test: add tests for artifact URL mapping in processMessages by @Copilot in #26118
• docs: add github-app to Allowed Import Fields in imports reference by @Copilot in #26119
• docs: add working-directory navigation example to side-repo-ops pattern by @Copilot in #26123
• feat(otel): add token breakdown attributes to conclusion spans by @Copilot in #26121
• Token optimization for contribution-check: trim deep research, pre-fetch guidelines, narrow toolset, reduce batch cap by @Copilot in #26124
• feat: support env field in shared imports by @Copilot in #26113
• deps: update golang.org/x/mod v0.34.0 → v0.35.0 by @Copilot in #26138
• chore(deps-dev): bump follow-redirects from 1.15.11 to 1.16.0 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #26141
• Replace gh pr checkout with git fetch refs/pull to avoid GH_HOST issues by @dsyme in #26136
• Remove 7 dead CJS scripts and their tests by @dsyme in #26140
• fix: prevent JS tests from hanging after completion by @Copilot in #26143
• Fix misleading fork detection for issue_comment and other minimal-PR events by @dsyme in #26144
• fix: preserve engine.max-turns through JSON roundtrip when sourced from shared import by @Copilot in #26122
• fix: propagate on.github-token to checkout and hash check steps in activation job by @Copilot in #26137
• fix: resolve vitest hang caused by mkdirSync on /proc by @dsyme in #26145
• docs: add Gemini to AI engines in introduction/how-they-work by @Copilot in #26147
• [docs] docs: remove bloat from Network Permissions reference by @github-actions[bot] in #26151
• fix: correct integrity level descriptions and auto-enable cli-proxy for reactions by @lpcox in #26154
• [docs] Update documentation for integrity-reactions feature by @github-actions[bot] in #26196
• [docs] Update Astro dependencies - 2026-04-14 by @github-actions[bot] in #26197
• [community] Update community contributions in README by @github-actions[bot] in #26195
• [spec-enforcer] Enforce specifications for console, envutil, stringutil by @github-actions[bot] in #26194
• [instructions] Sync github-agentic-workflows.md with v0.68.1 by @github-actions[bot] in #26193
• [spec-extractor] docs: add package specifications for cli, parser, and workflow by @github-actions[bot] in #26190
• [docs] docs: consolidate developer specs v6.0 — tone fixes and integrity-reactions by @github-actions[bot] in #26199
• [docs] Update glossary - daily scan 2026-04-14 by @github-actions[bot] in #26189
• [fp-enhancer] fp-enhancer: Improve pkg/agentdrain (round 1/20) by @github-actions[bot] in #26177
• [code-simplifier] refactor: use isCliProxyNeeded() in docker.go to remove logic duplication by @github-actions[bot] in #26168
• feat(api-consumption-report): render charts as inline markdown images by @Copilot in #26150
• fix: reduce agentic-workflows test scope and strengthen safe-output instructions in Agent Persona Explorer by @Copilot in #26152
• chore(deps-dev): bump vite from 8.0.5 to 8.0.8 in /actions/setup/js by @dependabot[bot] in #26188
• chore(deps-dev): bump @vitest/coverage-v8 from 4.1.3 to 4.1.4 in /actions/setup/js by @dependabot[bot] in #26185
• chore(deps): bump golang.org/x/vuln from 1.1.4 to 1.2.0 by @dependabot[bot] in #26182
• chore(deps): bump charm.land/bubbletea/v2 from 2.0.2 to 2.0.5 by @dependabot[bot] in #26179
• chore(deps-dev): bump prettier from 3.8.1 to 3.8.2 in /actions/setup/js by @dependabot[bot] in #26181
• fix: copy upload_artifact files to staging in MCP server handler (#26090) by @Copilot in #26157
• chore(deps): bump charm.land/lipgloss/v2 from 2.0.2 to 2.0.3 by @dependabot[bot] in #26178
• [jsweep] Clean add_workflow_run_comment.cjs by @github-actions[bot] in #26161
• fix(copilot-driver): handle auth failures in --continue attempts by @Copilot in #26146
• fix: deterministic audit metrics via run_summary.json cache and workflow-logs/ exclusion by @Copilot in #26148
• feat: add workflow_call support to agentic maintenance with output variables by @Copilot in #26209
• fix: resolve 6 CLI help text consistency issues by @Copilot in #26228
• feat: detect model-not-supported error, stop retrying, surface actionable guidance in failure reports by @Copilot in #26229
• fix: bump Gemini CLI default version to 0.37.2 by @Copilot in #26249
• Token optimization: auto-triage-issues workflow by @Copilot in #26247
• Add cost gate and pre-flight check to Documentation Unbloat workflow by @Copilot in #26248
• chore: remove schedule triggers from smoke-* workflows by @Copilot in #26260
• [slides] Fix toolsets default comment in MCP Servers slide by @github-actions[bot] in #26258
• Detect and handle non-100644 file modes (symlinks, executables) in push_signed_commits by @Copilot in #26259
• fix: rename --safe-update to --approve and improve safe update UX by @dsyme in #26160
• Fix C-quoted filename handling in push_signed_commits.cjs by @Copilot in #26277
• Split logs_report.go by report section by @Copilot in #26278
• fix: testifylint expected/actual order and invalid steps syntax in auto-triage-issues workflow by @Copilot in #26290
• fix: add reply_to_id to add_comment MCP tool schema by @Copilot in #26288
• fix: allow resolve_pull_request_review_thread on schedule/manual triggers when explicit thread_id is provided by @Copilot in #26285
• Fix push_signed_commits.cjs to read file content from commit objects, not working tree by @Copilot in #26287
• Split compiler_safe_outputs_config.go by concern by @Copilot in #26297
• Handle submodule entries in push_signed_commits by falling back to git push by @Copilot in #26298
• refactor: split audit_report_render.go into domain-specific files by @Copilot in #26304
• Split gateway_logs.go into concern-aligned files by @Copilot in #26296
• Split frontmatter_types.go into types, parsing, and serialization files by @Copilot in #26305
• feat: support checkout field in importable shared workflows by @Copilot in #26292
• fix: expose safe-outputs.actions custom action tools to agent MCP toolset by @Copilot in #26291
• fix(USE-003): emit staged mode preview summary in upload_artifact handler by @Copilot in #26313
• fix(USE-001): add standardized ERR_* error codes to two non-conformant handlers by @Copilot in #26315
• fix: --topo-order and merge commit fallback in push_signed_commits.cjs by @Copilot in #26306
• fix: use GH_HOST env var instead of --hostname flag for gh repo view and gh pr create by @Copilot in #26311

Full Changelog: v0.68.2...v0.68.3