v0.68.1

🌟 Release Highlights

This release delivers a critical Copilot CLI reliability hotfix, a new engine.bare control for AI context management, significant security hardening, and resolutions for 9 community-reported issues.

✨ What's New

• engine.bare frontmatter field — Disable automatic context loading for supported engines, giving you full control over what the AI agent sees. Use bare: true with copilot (suppresses AGENTS.md and user instructions) or claude (suppresses CLAUDE.md memory files). Unsupported engines emit a compiler warning. (#25661)

• Frontmatter hash checker improvements — When a stale lock file is detected, the activation job now emits step-by-step [hash-debug] log lines and creates a clear, actionable issue/comment (with progressive disclosure) to guide you through fixing it. (#25571)

• actions/github-script upgraded to v9 — Scripts now get getOctokit as a built-in context parameter, eliminating the need for dynamic @actions/github imports in safe-output handlers. (#25553)

• Squash-merge fallback in gh aw add — When a repository disallows merge commits, the setup PR now automatically falls back to squash merge rather than failing. (#25609)

🐛 Bug Fixes & Improvements

• [Critical] Copilot CLI pinned to v1.0.21 — Fixes Copilot-engine workflows that were hanging indefinitely or producing 0-byte output due to incompatibilities with v1.0.22. v1.0.21 is the last confirmed working version. (#25689)

• Security: agent-stdio.log permissions hardened — Log file is now pre-created with 0600 permissions before tee writes, preventing world-readable exposure of MCP gateway bearer tokens. Dynamic gateway token redaction added to redact_secrets.cjs. (#25618)

• Agent file injection fixed for Codex and Gemini — Both engines now read INSTRUCTION from prompt.txt (already assembled by the compiler), eliminating fragile shell-variable injection and double-inclusion of agent file content. (#25681)

• Claude agent file injection fixed — Claude now reliably reads its agent file via prompt.txt in AWF sandbox mode, resolving crashes caused by --env-all not propagating shell variables into AWF containers. (#25589)

• Write-to-read codemod no longer converts id-token/copilot-requests — The "Convert write permissions to read" codemod now correctly skips write-only permissions that cannot meaningfully be set to read. (#25604)

• Race condition in PR checkout — When a PR is merged milliseconds after triggering a workflow (stale state: open in the payload), the agent now re-queries the API before treating the checkout failure as a hard error. (#25581)

• CLI consistency fixes — Aligned --dir flag semantics across add/add-wizard/compile/fix/upgrade; added missing --dir flag to remove; corrected misleading --no-fix description; improved help text for trial, run, mcp add, and pr transfer. (#25658)

• smoke-gemini now triggers on the smoke label — Fixes the Gemini smoke test being excluded from the standard PR smoke suite. (#25639)

📚 Documentation

• firewall-audit-logs artifact reference — New docs/reference/artifacts.md documents all artifact names, their download paths, and the correct way to access token usage data (it lives in firewall-audit-logs, not agent). (#25684)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release!

@adamhenson

• compiled lock files hardcode github.token in Configure Git credentials steps -- breaks in sandboxed runners (direct issue)

@bbonafed

• MCP Gateway container missing ACTIONS_ID_TOKEN_REQUEST_URL / ACTIONS_ID_TOKEN_REQUEST_TOKEN env vars (direct issue)

@dbudym-cs

• Failed to register MCP tools | HTTP 400: Bad Request (direct issue)

@deyaaeldeen

• Codemod 'Convert write permissions to read' incorrectly changes id-token: write to read (direct issue)

@drehelis

• codex exec command line argument misplaced (direct issue)

@lukeed

• cli: support merging via squash (direct issue)

@Mossaka

• Pipeline reports failure when Copilot CLI hits rate limit after successful completion (direct issue)

@salekseev

• AWF API proxy doubles https:// scheme in --anthropic-api-target URL (direct issue)

@tore-unumed

• Agent imports: .github/agents/ path does not resolve — must be under .github/workflows/ (direct issue)

⚠️ Attribution Candidates Need Review

The following community issues were closed during this period but could not be automatically linked to a specific merged PR. Please verify whether they should be credited:

• @grahame-white for CI Coach workflow uses invalid 'copilot-requests' permission: root cause analysis and remediation plan — closed 2026-04-10, state: NOT_PLANNED, no confirmed PR linkage found

---

For complete details, see CHANGELOG.

Generated by Release · ● 696.2K

---

What's Changed

• feat: update actions/github-script to v9.0.0 with builtin getOctokit by @Copilot in #25553
• Normalize report formatting: add shared/reporting.md import to two daily workflows by @Copilot in #25561
• feat: improve frontmatter hash checker with debug logging and failure propagation to conclusion job by @Copilot in #25571
• chore: update drain3 default log pattern weights by @github-actions[bot] in #25584
• chore: bump CLI versions — Claude Code 2.1.98, Copilot 1.0.22 (unpin), Gemini 0.37.1 by @Copilot in #25577
• [jsweep] Clean check_rate_limit.cjs by @github-actions[bot] in #25580
• fix: handle race condition when PR is merged before agent job checks out branch by @Copilot in #25581
• [code-simplifier] refactor: remove redundant fs require inside arrow function by @github-actions[bot] in #25591
• [architecture] Update architecture diagram - 2026-04-10 by @github-actions[bot] in #25597
• [instructions] Sync github-agentic-workflows.md with v0.67.4 by @github-actions[bot] in #25613
• fix: apply Q's weekly workflow improvements + prevent git misuse in Q prompt by @Copilot in #25607
• Fix write-to-read codemod incorrectly converting id-token and copilot-requests permissions by @Copilot in #25604
• [docs] Developer documentation tone scan v5.7 by @github-actions[bot] in #25617
• cli: try squash merge first, fall back to merge commit if not allowed by @Copilot in #25609
• fix: introduce SupportsNativeAgentFile capability; move Claude agent-file injection to compiler by @Copilot in #25589
• Pin copilot to v1.0.20 by @Copilot in #25623
• [dead-code] chore: remove dead functions — 5 functions removed by @github-actions[bot] in #25630
• test: add regression coverage for .github/agents/ root-relative import path by @Copilot in #25636
• fix(smoke-gemini): trigger on "smoke" label instead of "water" by @Copilot in #25639
• refactor: centralize close-flow logic into shared createCloseEntityHandler factory by @Copilot in #25628
• security: fix agent-stdio.log world-readable exposure and MCP gateway token leakage in redaction pipeline by @Copilot in #25618
• fix(cli): address 7 CLI consistency issues across help text and flag behavior by @Copilot in #25658
• fix: set supportsNativeAgentFile=false for Codex and Gemini; remove AGENT_CONTENT shell code from Codex by @Copilot in #25681
• feat: add engine.bare frontmatter field to suppress automatic context loading by @Copilot in #25661
• Doc: document firewall-audit-logs artifact name for downstream consumers by @Copilot in #25684
• fix: bump Copilot CLI from v1.0.20 to v1.0.21 by @lpcox in #25689

Full Changelog: v0.68.0...v0.68.1