chore: migrate references from githubnext to github organization

.github/agents/create-agentic-workflow.agent.md

@@ -59,7 +59,7 @@ You love to use emojis to make the conversation more engaging.
 
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 - Key commands:
   - `gh aw compile` → compile all workflows
   - `gh aw compile <name>` → compile one workflow

.github/agents/debug-agentic-workflow.agent.md

@@ -18,7 +18,7 @@ The tools output is not visible to the user unless you explicitly print it. Alwa
 
 **Example: Debugging from a workflow run URL**
 
-User: "Investigate the reason there is a missing tool call in this run: https://github.com/githubnext/gh-aw/actions/runs/20135841934"
+User: "Investigate the reason there is a missing tool call in this run: https://github.com/github/gh-aw/actions/runs/20135841934"
 
 Your response:
 ```
@@ -51,7 +51,7 @@ Report back with specific findings and actionable fixes.
 - The `gh aw` CLI is already installed in this environment.
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 
 **Key Commands Available**
 
@@ -135,7 +135,7 @@ These tools provide the same functionality without requiring GitHub CLI authenti
 
 ## Debug Flow: Workflow Run URL Analysis
 
-When the user provides a workflow run URL (e.g., `https://github.com/githubnext/gh-aw/actions/runs/20135841934`):
+When the user provides a workflow run URL (e.g., `https://github.com/github/gh-aw/actions/runs/20135841934`):
 
 1. **Extract Run ID**
 
@@ -338,7 +338,7 @@ Use these tactics when a run is still executing or finishes without artifacts:
 - **Polling in-progress runs**: If `gh aw audit <run-id> --json` returns `"status": "in_progress"`, wait ~45s and re-run the command or monitor the run URL directly. Avoid spamming the API—loop with `sleep` intervals.
 - **Check run annotations**: `gh run view <run-id>` reveals whether a maintainer cancelled the run. If a manual cancellation is noted, expect missing safe-output artifacts and recommend re-running instead of searching for nonexistent files.
 - **Inspect specific job logs**: Use `gh run view --job <job-id> --log` (job IDs are listed in `gh run view <run-id>`) to see the exact failure step.
-- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=githubnext/gh-aw gh run download <run-id> -n agent-stdio.log`.
+- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=github/gh-aw gh run download <run-id> -n agent-stdio.log`.
 - **Review cached run summaries**: `gh aw audit` stores artifacts under `logs/run-<run-id>/`. Inspect `run_summary.json` or `agent-stdio.log` there for offline analysis before re-running workflows.
 
 ## Common Issues to Look For

.github/agents/technical-writer.md

@@ -184,7 +184,7 @@ Before installing, ensure you have:
 Download the latest release binary:
 
 \`\`\`bash
-curl -L https://github.com/githubnext/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf
+curl -L https://github.com/github/gh-aw-firewall/releases/latest/download/awf-linux-x64 -o awf
 chmod +x awf
 sudo mv awf /usr/local/bin/
 \`\`\`

.github/agents/upgrade-agentic-workflows.md

@@ -15,7 +15,7 @@ Read the ENTIRE content of this file carefully before proceeding. Follow the ins
 - The `gh aw` CLI may be available in this environment.
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 
 **Key Commands Available**
 
@@ -40,7 +40,7 @@ These tools provide the same functionality through the MCP server without requir
 Before upgrading, always review what's new:
 
 1. **Fetch Latest Release Information**
-   - Use GitHub tools to fetch the CHANGELOG.md from the `githubnext/gh-aw` repository
+   - Use GitHub tools to fetch the CHANGELOG.md from the `github/gh-aw` repository
    - Review and understand:
      - Breaking changes
      - New features

.github/aw/actions-lock.json

@@ -35,13 +35,13 @@
       "version": "v3",
       "sha": "8d2750c68a42422c14e847fe6c8ac0403b4cbd6f"
     },
-    "githubnext/gh-aw/actions/setup@v0.37.3": {
-      "repo": "githubnext/gh-aw/actions/setup",
+    "github/gh-aw/actions/setup@v0.37.3": {
+      "repo": "github/gh-aw/actions/setup",
       "version": "v0.37.3",
       "sha": "55503f44aef44813947980f65655a67b5ed8702f"
     },
-    "githubnext/gh-aw/actions/setup@v0.38.1": {
-      "repo": "githubnext/gh-aw/actions/setup",
+    "github/gh-aw/actions/setup@v0.38.1": {
+      "repo": "github/gh-aw/actions/setup",
       "version": "v0.38.1",
       "sha": "98493c96da3fb6a59dc232e32a7b990a4c4e8969"
     },

.github/aw/create-agentic-workflow.md

@@ -57,7 +57,7 @@ You love to use emojis to make the conversation more engaging.
 
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 - Key commands:
   - `gh aw compile` → compile all workflows
   - `gh aw compile <name>` → compile one workflow
@@ -67,7 +67,7 @@ You love to use emojis to make the conversation more engaging.
 ## Learning from Reference Materials
 
 Before creating workflows, read the Peli's Agent Factory documentation:
-- Fetch: https://githubnext.github.io/gh-aw/llms-create-agentic-workflows.txt
+- Fetch: https://github.github.io/gh-aw/llms-create-agentic-workflows.txt
 
 This llms.txt file contains workflow patterns, best practices, safe outputs, and permissions models.
 

.github/aw/create-shared-agentic-workflow.md

@@ -93,7 +93,7 @@ mcp-servers:
 \`\`\`yaml
 mcp-servers:
   serena:
-    container: "ghcr.io/githubnext/serena-mcp-server"
+    container: "ghcr.io/github/serena-mcp-server"
     version: "latest"
     args: # args come before the docker image argument
       - "-v"

.github/aw/debug-agentic-workflow.md

@@ -18,7 +18,7 @@ The tools output is not visible to the user unless you explicitly print it. Alwa
 
 **Example: Debugging from a workflow run URL**
 
-User: "Investigate the reason there is a missing tool call in this run: https://github.com/githubnext/gh-aw/actions/runs/20135841934"
+User: "Investigate the reason there is a missing tool call in this run: https://github.com/github/gh-aw/actions/runs/20135841934"
 
 Your response:
 ```
@@ -51,7 +51,7 @@ Report back with specific findings and actionable fixes.
 - The `gh aw` CLI is already installed in this environment.
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 
 **Key Commands Available**
 
@@ -136,7 +136,7 @@ Report back with specific findings and actionable fixes.
 
 ## Debug Flow: Workflow Run URL Analysis
 
-When the user provides a workflow run URL (e.g., `https://github.com/githubnext/gh-aw/actions/runs/20135841934`):
+When the user provides a workflow run URL (e.g., `https://github.com/github/gh-aw/actions/runs/20135841934`):
 
 1. **Extract Run ID**
 
@@ -339,7 +339,7 @@ Use these tactics when a run is still executing or finishes without artifacts:
 - **Polling in-progress runs**: If `gh aw audit <run-id> --json` returns `"status": "in_progress"`, wait ~45s and re-run the command or monitor the run URL directly. Avoid spamming the API—loop with `sleep` intervals.
 - **Check run annotations**: `gh run view <run-id>` reveals whether a maintainer cancelled the run. If a manual cancellation is noted, expect missing safe-output artifacts and recommend re-running instead of searching for nonexistent files.
 - **Inspect specific job logs**: Use `gh run view --job <job-id> --log` (job IDs are listed in `gh run view <run-id>`) to see the exact failure step.
-- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=githubnext/gh-aw gh run download <run-id> -n agent-stdio.log`.
+- **Download targeted artifacts**: When `gh aw logs` would fetch many runs, download only the needed artifact, e.g. `GH_REPO=github/gh-aw gh run download <run-id> -n agent-stdio.log`.
 - **Review cached run summaries**: `gh aw audit` stores artifacts under `logs/run-<run-id>/`. Inspect `run_summary.json` or `agent-stdio.log` there for offline analysis before re-running workflows.
 
 ## Common Issues to Look For

.github/aw/github-agentic-workflows.md

@@ -266,7 +266,7 @@ The YAML frontmatter supports these fields:
     sandbox:
       agent: awf                      # or "srt", or false to disable
       mcp:                            # MCP Gateway configuration (requires mcp-gateway feature flag)
-        container: ghcr.io/githubnext/mcp-gateway
+        container: ghcr.io/github/mcp-gateway
         port: 8080
         api-key: ${{ secrets.MCP_GATEWAY_API_KEY }}
     ```
@@ -1629,13 +1629,13 @@ Use `gh aw compile --verbose` to see detailed validation messages, or `gh aw com
 ### Installation
 
 ```bash
-gh extension install githubnext/gh-aw
+gh extension install github/gh-aw
 ```
 
 If there are authentication issues, use the standalone installer:
 
 ```bash
-curl -O https://raw.githubusercontent.com/githubnext/gh-aw/main/install-gh-aw.sh
+curl -O https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh
 chmod +x install-gh-aw.sh
 ./install-gh-aw.sh
 ```
@@ -1664,4 +1664,4 @@ gh aw logs <workflow-id>
 
 ### Documentation
 
-For complete CLI documentation, see: https://githubnext.github.io/gh-aw/setup/cli/
+For complete CLI documentation, see: https://github.github.io/gh-aw/setup/cli/

.github/aw/schemas/agentic-workflow.json

@@ -1,6 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "https://github.com/githubnext/gh-aw/schemas/main_workflow_schema.json",
+  "$id": "https://github.com/github/gh-aw/schemas/main_workflow_schema.json",
   "title": "GitHub Agentic Workflow Schema",
   "description": "JSON Schema for validating agentic workflow frontmatter configuration",
   "version": "1.0.0",
@@ -1806,7 +1806,7 @@
       ]
     },
     "env": {
-      "$comment": "See environment variable precedence documentation: https://githubnext.github.io/gh-aw/reference/environment-variables/",
+      "$comment": "See environment variable precedence documentation: https://github.github.io/gh-aw/reference/environment-variables/",
       "description": "Environment variables for the workflow",
       "oneOf": [
         {
@@ -2342,14 +2342,14 @@
         },
         {
           "mcp": {
-            "container": "ghcr.io/githubnext/mcp-gateway",
+            "container": "ghcr.io/github/mcp-gateway",
             "port": 8080
           }
         },
         {
           "agent": "awf",
           "mcp": {
-            "container": "ghcr.io/githubnext/mcp-gateway",
+            "container": "ghcr.io/github/mcp-gateway",
             "port": 8080,
             "api-key": "${{ secrets.MCP_GATEWAY_API_KEY }}"
           }
@@ -5363,7 +5363,7 @@
       "type": "boolean",
       "default": true,
       "$comment": "Strict mode enforces several security constraints that are validated in Go code (pkg/workflow/strict_mode_validation.go) rather than JSON Schema: (1) Write Permissions + Safe Outputs: When strict=true AND permissions contains write values (contents:write, issues:write, pull-requests:write), safe-outputs must be configured. This relationship is too complex for JSON Schema as it requires checking if ANY permission property has a 'write' value. (2) Network Requirements: When strict=true, the 'network' field must be present and cannot contain standalone wildcard '*' (but patterns like '*.example.com' ARE allowed). (3) MCP Container Network: Custom MCP servers with containers require explicit network configuration. (4) Action Pinning: Actions must be pinned to commit SHAs. These are enforced during compilation via validateStrictMode().",
-      "description": "Enable strict mode validation for enhanced security and compliance. Strict mode enforces: (1) Write Permissions - refuses contents:write, issues:write, pull-requests:write; requires safe-outputs instead, (2) Network Configuration - requires explicit network configuration with no standalone wildcard '*' in allowed domains (patterns like '*.example.com' are allowed), (3) Action Pinning - enforces actions pinned to commit SHAs instead of tags/branches, (4) MCP Network - requires network configuration for custom MCP servers with containers, (5) Deprecated Fields - refuses deprecated frontmatter fields. Can be enabled per-workflow via 'strict: true' in frontmatter, or disabled via 'strict: false'. CLI flag takes precedence over frontmatter (gh aw compile --strict enforces strict mode). Defaults to true. See: https://githubnext.github.io/gh-aw/reference/frontmatter/#strict-mode-strict",
+      "description": "Enable strict mode validation for enhanced security and compliance. Strict mode enforces: (1) Write Permissions - refuses contents:write, issues:write, pull-requests:write; requires safe-outputs instead, (2) Network Configuration - requires explicit network configuration with no standalone wildcard '*' in allowed domains (patterns like '*.example.com' are allowed), (3) Action Pinning - enforces actions pinned to commit SHAs instead of tags/branches, (4) MCP Network - requires network configuration for custom MCP servers with containers, (5) Deprecated Fields - refuses deprecated frontmatter fields. Can be enabled per-workflow via 'strict: true' in frontmatter, or disabled via 'strict: false'. CLI flag takes precedence over frontmatter (gh aw compile --strict enforces strict mode). Defaults to true. See: https://github.github.io/gh-aw/reference/frontmatter/#strict-mode-strict",
       "examples": [true, false]
     },
     "safe-inputs": {

.github/aw/update-agentic-workflow.md

@@ -24,7 +24,7 @@ You format your questions and responses similarly to the GitHub Copilot CLI chat
 
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 - Key commands:
   - `gh aw compile` → compile all workflows
   - `gh aw compile <name>` → compile one workflow

.github/aw/upgrade-agentic-workflows.md

@@ -15,7 +15,7 @@ Read the ENTIRE content of this file carefully before proceeding. Follow the ins
 - The `gh aw` CLI may be available in this environment.
 - Always consult the **instructions file** for schema and features:
   - Local copy: @.github/aw/github-agentic-workflows.md
-  - Canonical upstream: https://raw.githubusercontent.com/githubnext/gh-aw/main/.github/aw/github-agentic-workflows.md
+  - Canonical upstream: https://raw.githubusercontent.com/github/gh-aw/main/.github/aw/github-agentic-workflows.md
 
 **Key Commands Available**
 
@@ -40,7 +40,7 @@ These tools provide the same functionality through the MCP server without requir
 Before upgrading, always review what's new:
 
 1. **Fetch Latest Release Information**
-   - Use GitHub tools to fetch the CHANGELOG.md from the `githubnext/gh-aw` repository
+   - Use GitHub tools to fetch the CHANGELOG.md from the `github/gh-aw` repository
    - Review and understand:
      - Breaking changes
      - New features

.github/workflows/agentics-maintenance.yml

@@ -17,7 +17,7 @@
 #
 # To regenerate this workflow, run:
 #   gh aw compile
-# For more information: https://github.com/githubnext/gh-aw/blob/main/.github/aw/github-agentic-workflows.md
+# For more information: https://github.com/github/gh-aw/blob/main/.github/aw/github-agentic-workflows.md
 #
 # Alternative regeneration methods:
 # make recompile
@@ -46,7 +46,7 @@ jobs:
       issues: write
     steps:
       - name: Setup Scripts
-        uses: githubnext/gh-aw/actions/setup@v0.37.26
+        uses: github/gh-aw/actions/setup@v0.37.26
         with:
           destination: /opt/gh-aw/actions