Bumps [github/gh-aw](https://github.com/github/gh-aw) from 0.62.5 to 0.65.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/gh-aw/releases">github/gh-aw's releases</a>.</em></p> <blockquote> <h2>v0.64.4</h2> <h2>🌟 Release Highlights</h2> <p>This release delivers safe-output tooling improvements, sibling import resolution, and enhanced runner flexibility — driven largely by community feedback from <code>@j-srodka</code>.</p> <h3>✨ What's New</h3> <ul> <li><strong><code>runs-on-slim</code> for compile-stable jobs</strong> — Override the runner for <code>compile-stable</code> framework jobs using the new <code>runs-on-slim</code> key, giving you precise control over job execution environments (<a href="https://redirect.github.com/github/gh-aw/pull/23490">#23490</a>)</li> <li><strong>Compile-time validation of safe-output job ordering</strong> — The compiler now validates <code>needs:</code> ordering on custom safe-output jobs at compile time, catching dependency misconfigurations before they reach runtime (<a href="https://redirect.github.com/github/gh-aw/pull/23486">#23486</a>)</li> <li><strong>DIFC proxy feature flag</strong> — The new <code>difc-proxy</code> feature flag gates DIFC proxy emission, enabling opt-in integrity enforcement for supported environments (<a href="https://redirect.github.com/github/gh-aw/pull/23471">#23471</a>)</li> </ul> <h3>🐛 Bug Fixes & Improvements</h3> <ul> <li><strong>Sibling nested imports resolved correctly</strong> — <code>./file.md</code> imports now resolve relative to the parent file's directory, fixing broken modular workflow imports (<a href="https://redirect.github.com/github/gh-aw/pull/23475">#23475</a>)</li> <li><strong>Custom tools included in <code><safe-output-tools></code> prompt</strong> — Custom jobs, scripts, and actions are now surfaced in the <code><safe-output-tools></code> prompt block so agents are aware of all available safe-output mechanisms (<a href="https://redirect.github.com/github/gh-aw/pull/23487">#23487</a>)</li> <li><strong>Repo-memory concurrency scope tightened</strong> — Push concurrency keys are now scoped to the actual branch target, eliminating unnecessary serialization across unrelated branches (<a href="https://redirect.github.com/github/gh-aw/pull/23489">#23489</a>)</li> <li><strong>MCP error message clarity</strong> — Docker-unavailable error messages now use correct parameter syntax for MCP compatibility (<a href="https://redirect.github.com/github/gh-aw/pull/23515">#23515</a>)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>MemoryOps guide streamlined for better readability (<a href="https://redirect.github.com/github/gh-aw/pull/23506">#23506</a>)</li> <li>Broken anchor link in safe-outputs specification fixed (<a href="https://redirect.github.com/github/gh-aw/pull/23474">#23474</a>)</li> </ul> <h3>🌍 Community Contributions</h3>  <h3><code>@j-srodka</code></h3> <ul> <li><a href="https://redirect.github.com/github/gh-aw/issues/23485">Generated jobs lack a compile-stable runner override/inheritance mechanism</a> <em>(direct issue)</em></li> <li><a href="https://redirect.github.com/github/gh-aw/issues/23484">Compiled (safe-output-tools) can omit custom safe-output tools/jobs</a> <em>(direct issue)</em></li> <li><a href="https://redirect.github.com/github/gh-aw/issues/23483">Custom safe-output jobs cannot declare needs / ordering relative to generated jobs</a> <em>(direct issue)</em></li> <li><a href="https://redirect.github.com/github/gh-aw/issues/23482">Compiler-generated repo-memory push concurrency is broader than the actual write surface</a> <em>(direct issue)</em></li> </ul>  <hr /> <p>For complete details, see <a href="https://github.com/github/gh-aw/blob/main/CHANGELOG.md">CHANGELOG</a>.</p> <blockquote> <p>Generated by <a href="https://github.com/github/gh-aw/actions/runs/23731022258/agentic_workflow">Release</a></p> </blockquote>  <hr /> <h2>What's Changed</h2> <ul> <li>[docs] Self-healing documentation fixes from issue analysis - 2026-03-29 by <a href="https://github.com/github-actions"><code>@github-actions</code></a>[bot] in <a href="https://redirect.github.com/github/gh-aw/pull/23460">github/gh-aw#23460</a></li> <li>fix: add Node.js 24 runtime to daily-multi-device-docs-tester by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/23464">github/gh-aw#23464</a></li> <li>feat: guard DIFC proxy emission with <code>difc-proxy</code> feature flag by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/github/gh-aw/pull/23471">github/gh-aw#23471</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/gh-aw/blob/main/CHANGELOG.md">github/gh-aw's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <h2>v0.40.1 - 2026-02-03</h2> <h3>Move from githubnext/gh-aw to github/gh-aw</h3> <p>If you were a former user of the githubnext Agentic Workflows you might have to <strong>re-register</strong> the extension to reflect the new location. As the gh-aw project moved from githubnext to github please delete the old channel and register the new one.</p> <p>Example:</p> <pre data-meta="wrap" lang="text"><code>gh extension list NAME REPO VERSION gh aw githubnext/gh-aw v0.36.0 <p>gh extension upgrade --all [aw]: already up to date</p> <p>gh extension remove gh-aw</p> <p>gh extension install github/gh-aw ✓ Installed extension github/gh-aw</p> <p>gh extension list NAME REPO VERSION gh aw github/gh-aw v0.40.1 </code></pre></p> <h3>Bug Fixes</h3> <h4>Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.</h4> <h4>Add discussion interaction to smoke workflows and serialize the discussion</h4> <p>flag in safe-outputs handler config.</p> <p>Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the <code>"discussion": true</code> flag in <code>GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG</code> when a workflow requests discussion output, and lock files include <code>discussions: write</code> permission where applicable.</p> <h4>Add discussion interaction to smoke workflows; compiler now serializes the <code>discussion</code> flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include <code>discussions: write</code> where applicable.</h4> <p>Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.</p> <h4>Add discussion interaction to smoke workflows; deprecate the <code>discussion</code> flag and</h4>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/gh-aw/commit/89ae1c2ebfae7f8233fa4bd6a83b1121f65dc376"><code>89ae1c2</code></a> Fix argument injection in npm/pip/docker package validators (<a href="https://redirect.github.com/github/gh-aw/issues/23374">#23374</a>)</li> <li><a href="https://github.com/github/gh-aw/commit/eefc97d5b1b3f68ec03e77b200d9ed76ca15685d"><code>eefc97d</code></a> Bump MCP gateway default version to v0.2.8 (<a href="https://redirect.github.com/github/gh-aw/issues/23372">#23372</a>)</li> <li><a href="https://github.com/github/gh-aw/commit/4549e7bc20215861e29e7bc1f7e891f7ececdf68"><code>4549e7b</code></a> Fix DIFC proxy GH_HOST mismatch for user-defined setup steps (<a href="https://redirect.github.com/github/gh-aw/issues/23367">#23367</a>)</li> <li><a href="https://github.com/github/gh-aw/commit/531594a6281dadf619aba916113d528ef0804e91"><code>531594a</code></a> Security: exclude all secret-bearing env vars from agent container via AWF --...</li> <li><a href="https://github.com/github/gh-aw/commit/8f8f67be180b252722b2892152c9ed8ddb18d4b4"><code>8f8f67b</code></a> Apply DIFC integrity filtering to the main agent job (post-activation only) (...</li> <li><a href="https://github.com/github/gh-aw/commit/0962ba0ab7a72693787f109ad11ab8dd5ce22701"><code>0962ba0</code></a> fix: propagate assign-to-agent failure to status comment (<a href="https://redirect.github.com/github/gh-aw/issues/23362">#23362</a>)</li> <li><a href="https://github.com/github/gh-aw/commit/89bb63bbcf821c3ab64b6d98f94bda0cde9864de"><code>89bb63b</code></a> Add item_type, item_number, and comment_id to aw_context for current item res...</li> <li><a href="https://github.com/github/gh-aw/commit/4abbaff4fac85619bb8cecefad5ee07ff27a1774"><code>4abbaff</code></a> refactor: semantic function clustering — consolidate, move, rename, and split...</li> <li><a href="https://github.com/github/gh-aw/commit/06e7339b98bf009ea7a9fd1d4d08889d1e5efe71"><code>06e7339</code></a> Apply progressive disclosure to agent failure issues (<a href="https://redirect.github.com/github/gh-aw/issues/23361">#23361</a>)</li> <li><a href="https://github.com/github/gh-aw/commit/21e679c264d859c2d4f048118985ce6fe1ce97cf"><code>21e679c</code></a> Fix update-discussion API error logging for explicit discussion_number (<a href="https://redirect.github.com/github/gh-aw/issues/23340">#23340</a>)</li> <li>Additional commits viewable in <a href="https://github.com/github/gh-aw/compare/48d8fdfddc8cad854ac0c70ceb573f09fb8f9c9b...89ae1c2ebfae7f8233fa4bd6a83b1121f65dc376">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/gh-aw&package-manager=github_actions&previous-version=0.62.5&new-version=0.65.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>