v0.63.1

What's Changed

• Update fuzzy schedule algorithm with weighted preferred windows and peak avoidance by @Copilot in #22547
• Upload firewall audit logs as dedicated GitHub Actions artifacts by @Copilot in #22551
• Add skip-if-check-failing pre-activation gate by @Copilot in #22537
• fix: create remote branch via REST before using createCommitOnBranch for new branches by @Copilot in #22568
• fix: use GraphQL mutation to mark pull requests as ready for review by @Copilot in #22572
• Compiler: inject DIFC proxy for pre-agent gh CLI custom steps by @Copilot in #22563
• fix: safe-outputs prompt says "exactly one" even when config allows multiple calls by @Copilot in #22576
• fix: add missing SARIF upload step for create-code-scanning-alert safe output by @Copilot in #22574
• [docs] docs: unbloat editing-workflows guide (22% reduction) by @github-actions[bot] in #22583
• Add aw_context parsing from aw_info.json to logs and audit JSON output by @Copilot in #22577
• fix: surface engine failure reason in conclusion job when agent_output.json is missing by @Copilot in #22575
• Fix go/unsafe-quoting (CWE-78/89/94) in expression deprecation warning by @Copilot in #22582
• Improve compiler error messages for YAML syntax errors and permission scope validation by @Copilot in #22581
• Update MCP Gateway (gh-aw-mcpg) v0.2.2 → v0.2.3 by @Copilot in #22591
• [jsweep] Clean check_skip_if_match.cjs by @github-actions[bot] in #22596
• skip-if-check-failing: ignore checks from current workflow run by @Copilot in #22598
• Fix Upload Safe Output Items capitalization and DIFC filtered summary formatting by @Copilot in #22602
• Add proxy.golang.org and sum.golang.org to jsweep network allowlist by @Copilot in #22603
• Update content-moderation.yml by @pelikhan in #22611
• docs: document --action-tag and --actions-repo compile flags for testing against alternate actions repos by @Copilot in #22607
• Convert qmd-docs.md and qmd.md to use tools.qmd with GPU runner; remove standalone indexer by @Copilot in #22605
• Fix untrusted_checkout_exec poutine finding in smoke-workflow-call workflows by @Copilot in #22608
• Rephrase aw_context input description by @Copilot in #22614
• ci-doctor: remove workflow_run, stop-after, and if by @Copilot in #22615
• [docs] docs: remove duplicate MCP config from web-search guide by @github-actions[bot] in #22617
• fix(create-discussion): prevent double-posting when GraphQL mutation partially succeeds by @Copilot in #22601
• [code-simplifier] refactor: extract writePromptBashStep helper to deduplicate poutine-suppressed steps (#22608) by @github-actions[bot] in #22618
• fix: add labels as a valid update field for update_discussion by @Copilot in #22613
• Remove sandbox.mcp.container from smoke workflows by @Copilot in #22616
• fix: exclude .git from push_repo_memory size calculation by @Copilot in #22610
• feat: wrap qmd documentation index step summary in details/summary HTML section by @Copilot in #22623
• [instructions] Sync github-agentic-workflows.md with release v0.40.1 by @github-actions[bot] in #22649
• [ca] fix: update wasm golden files for aw_context description change by @github-actions[bot] in #22624
• [docs] Update glossary - daily scan by @github-actions[bot] in #22644
• [docs] Update Astro dependencies - 2026-03-24 by @github-actions[bot] in #22650
• [community] Update community contributions in README by @github-actions[bot] in #22646
• [docs] Consolidate developer specs into dev.md v4.2 by @github-actions[bot] in #22653
• build(deps-dev): bump @vitest/coverage-v8 from 4.0.18 to 4.1.1 in /actions/setup/js by @dependabot[bot] in #22643
• [fp-enhancer] Improve pkg/cli: replace imperative loops with sliceutil.Map/Filter by @github-actions[bot] in #22632
• Add diagnostic logging to qmd_index.cjs for empty index debugging by @Copilot in #22665
• fix(safe-outputs): add 🎭 emoji to staged mode preview in PR review handlers (USE-003) by @Copilot in #22621
• fix: add standardized error codes (USE-001) to four safe-output handlers by @Copilot in #22620
• fix(sec-004): sanitize body field in assign_to_agent.cjs by @Copilot in #22619
• Improve glossary-maintainer: allow any bash command and leverage qmd search by @Copilot in #22660
• refactor: rename codemod_permissions functions for discoverability by @Copilot in #22658
• [docs] docs: reduce bloat in safe-outputs reference by @github-actions[bot] in #22672
• fix: align qmd_index test assertion with ERR_CONFIG error message prefix by @Copilot in #22671
• fix: better diagnostics and messaging in the update command by @Copilot in #22669
• docs: fix homepage title duplication and disable glow animation on mobile for all themes by @Copilot in #22675
• fix: correct repository org in smoke cross-repo PR workflows (github → githubnext) by @Copilot in #22677
• refactor: remove ForInspector wrapper indirection and add dual-path config parity test by @Copilot in #22676
• feat: add on-demand workflow_dispatch trigger to auto-triage-issues for label backfill by @Copilot in #22688
• fix: surface full error message in agent failure issue comments by @Copilot in #22689
• chore: bump MCP Gateway v0.2.3→v0.2.4, APM v0.8.4→v0.8.5 by @Copilot in #22693
• qmd: replace paths array with pattern string and add ignore for excluded patterns by @Copilot in #22683
• Remove dual path safe output config generation by @Copilot in #22687
• Never suggest tools.github mode: remote in agent prompts by @Copilot in #22709
• fix: update wasm golden files for mcpg v0.2.4 by @Copilot in #22710
• Fix: vulnerability-alerts incorrectly emitted as job-level workflow permission in compiled lock file by @Copilot in #22708
• fix: resolve CLI help text consistency issues across 7 commands by @Copilot in #22714
• Fix filterJobLevelPermissions dropping explicit empty permissions block by @Copilot in #22720
• feat: update DIFC proxying to also proxy actions/github-script by @Copilot in #22712

Full Changelog: v0.63.0...v0.63.1