diff --git a/.changeset/patch-fix-push-to-pull-request-branch-artifact.md b/.changeset/patch-fix-push-to-pull-request-branch-artifact.md
new file mode 100644
index 00000000000..c8aa7efb024
--- /dev/null
+++ b/.changeset/patch-fix-push-to-pull-request-branch-artifact.md
@@ -0,0 +1,5 @@
+---
+"gh-aw": patch
+---
+
+Fix push_to_pull_request_branch to use agent_output.json artifact instead of direct JSON output
diff --git a/.github/workflows/changeset-generator.lock.yml b/.github/workflows/changeset-generator.lock.yml
index 67fdff91b4a..d9d0e02e9d3 100644
--- a/.github/workflows/changeset-generator.lock.yml
+++ b/.github/workflows/changeset-generator.lock.yml
@@ -3897,12 +3897,23 @@ jobs:
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
           git config --global user.name "${{ github.workflow }}"
           echo "Git configured with standard GitHub Actions identity"
+      - name: Download agent output artifact
+        continue-on-error: true
+        uses: actions/download-artifact@v5
+        with:
+          name: agent_output.json
+          path: /tmp/gh-aw/safe-outputs/
+      - name: Setup agent output environment variable
+        run: |
+          mkdir -p /tmp/gh-aw/safe-outputs/
+          find /tmp/gh-aw/safe-outputs/ -type f -print
+          echo "GITHUB_AW_AGENT_OUTPUT=/tmp/gh-aw/safe-outputs/agent_output.json" >> $GITHUB_ENV
       - name: Push to Branch
         id: push_to_pull_request_branch
         uses: actions/github-script@v8
         env:
+          GITHUB_AW_AGENT_OUTPUT: ${{ env.GITHUB_AW_AGENT_OUTPUT }}
           GH_TOKEN: ${{ github.token }}
-          GITHUB_AW_AGENT_OUTPUT: ${{ needs.agent.outputs.output }}
           GITHUB_AW_PUSH_IF_NO_CHANGES: "warn"
           GITHUB_AW_MAX_PATCH_SIZE: 1024
         with:
diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml
index ec0bd2f5fe8..4e3c4443b9e 100644
--- a/.github/workflows/dev.lock.yml
+++ b/.github/workflows/dev.lock.yml
@@ -3,6 +3,11 @@
 #   gh aw compile
 # For more information: https://github.com/githubnext/gh-aw/blob/main/.github/instructions/github-agentic-workflows.instructions.md
 #
+# Resolved workflow manifest:
+#   Imports:
+#     - shared/mcp/drain3.md
+#     - shared/mcp/gh-aw.md
+#
 # Job Dependency Graph:
 # ```mermaid
 # graph LR
@@ -1411,6 +1416,10 @@ jobs:
         run: |
           mkdir -p $(dirname "$GITHUB_AW_PROMPT")
           cat > $GITHUB_AW_PROMPT << 'EOF'
+          
+          
+          
+          
           Write a poem in 3 emojis about the last pull request and publish an issue.
           
           EOF
@@ -1745,11 +1754,12 @@ jobs:
           BASH_DEFAULT_TIMEOUT_MS: "60000"
           BASH_MAX_TIMEOUT_MS: "60000"
           GITHUB_AW_SAFE_OUTPUTS: ${{ env.GITHUB_AW_SAFE_OUTPUTS }}
-          GITHUB_AW_SAFE_OUTPUTS_CONFIG: "{\"create_issue\":{\"max\":1},\"missing_tool\":{}}"
-          GITHUB_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
-          GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }}
-          GITHUB_TOKEN: ${{ secrets.COPILOT_CLI_TOKEN  }}
-          XDG_CONFIG_HOME: /home/runner
+      - name: Clean up network proxy hook files
+        if: always()
+        run: |
+          rm -rf .claude/hooks/network_permissions.py || true
+          rm -rf .claude/hooks || true
+          rm -rf .claude || true
       - name: Upload Safe Outputs
         if: always()
         uses: actions/upload-artifact@v4
@@ -3515,7 +3525,7 @@ jobs:
         env:
           WORKFLOW_NAME: "Dev"
           WORKFLOW_DESCRIPTION: "No description provided"
-          WORKFLOW_MARKDOWN: "Write a poem in 3 emojis about the last pull request and publish an issue.\n"
+          WORKFLOW_MARKDOWN: "<!--\n\nDrain3 MCP Server\nLog template mining and pattern extraction tool\n\nDrain3 is an online log template miner that extracts structured patterns from \nunstructured log files. This MCP server provides tools for indexing log files, \nquerying patterns, and listing extracted templates.\n\nDocumentation: https://github.com/logpai/Drain3\n\nThis shared configuration provides a local HTTP MCP server that runs Drain3\nfor log analysis and template extraction. The server uses streaming JSONL\nresponses for progressive results.\n\nAvailable tools:\n  - index_file: Stream-mine templates from a log file and persist snapshot\n    Parameters:\n      - path: Path to the log file to analyze\n      - encoding: File encoding (default: utf-8)\n      - max_lines: Maximum lines to process (optional)\n    Returns: Streaming JSONL events (start, progress, template, summary)\n\n  - query_file: Match a log line against previously indexed templates\n    Parameters:\n      - path: Path to the indexed log file\n      - text: Log line text to match\n    Returns: Matching cluster information (cluster_id, size, template)\n\n  - list_templates: List all extracted templates from an indexed file\n    Parameters:\n      - path: Path to the indexed log file\n      - limit: Maximum number of templates to return (optional)\n    Returns: Streaming JSONL events for each template\n\nConfiguration:\n  The server can be configured via environment variables in the workflow:\n  - DRAIN3_SIM_TH: Similarity threshold (default: 0.4)\n  - DRAIN3_DEPTH: Tree depth (default: 4)\n  - DRAIN3_MAX_CHILDREN: Maximum children per node (default: 100)\n  - DRAIN3_MAX_CLUSTERS: Maximum clusters (default: 0 = unlimited)\n  - STREAM_FLUSH_EVERY: Progress event frequency (default: 500 lines)\n  - STREAM_SLEEP: Throttle between flushes in seconds (default: 0)\n\nSetup:\n  1. Include in Your Workflow:\n     imports:\n       - shared/mcp/drain3.md\n\n  2. The server will be automatically installed and started on localhost:8766\n\nExample Usage:\n  Analyze GitHub Actions workflow logs to identify common error patterns\n  and failure templates. Index a log file, then query specific error messages\n  to find which cluster they belong to.\n\n  ```\n  Use the drain3 tool to index the workflow log file at /tmp/workflow.log\n  and extract error patterns. Then query a specific error message to find\n  its template cluster.\n  ```\n\nConnection Type:\n  This configuration uses a local HTTP MCP server running Python with FastMCP 2.0.\n  The server runs with `transport=\"http\"` which must be started by executing the\n  Python script directly (not via `fastmcp run` which defaults to stdio transport).\n  Responses stream as JSONL (JSON Lines) for progressive results.\n\nState Persistence:\n  Drain3 snapshots are stored in ${{ github.workspace }}/.drain3/ directory.\n  Each indexed file gets its own snapshot file for quick reloading.\n\nTroubleshooting:\n  Server Failed to Start:\n  - Verify Python 3.11+ is available\n  - Check that port 8766 is not in use\n  - Review server logs for dependency installation issues\n  \n  Index/Query Errors:\n  - Ensure file paths are absolute or relative to workspace\n  - Check that the file was indexed before querying\n  - Verify file permissions are readable\n\nUsage:\n  imports:\n    - shared/mcp/drain3.md\n\n-->\n\n\n\nWrite a poem in 3 emojis about the last pull request and publish an issue.\n"
         with:
           script: |
             const fs = require('fs');
diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml
index fad48807a06..ef714fbeef2 100644
--- a/.github/workflows/poem-bot.lock.yml
+++ b/.github/workflows/poem-bot.lock.yml
@@ -6053,12 +6053,23 @@ jobs:
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
           git config --global user.name "${{ github.workflow }}"
           echo "Git configured with standard GitHub Actions identity"
+      - name: Download agent output artifact
+        continue-on-error: true
+        uses: actions/download-artifact@v5
+        with:
+          name: agent_output.json
+          path: /tmp/gh-aw/safe-outputs/
+      - name: Setup agent output environment variable
+        run: |
+          mkdir -p /tmp/gh-aw/safe-outputs/
+          find /tmp/gh-aw/safe-outputs/ -type f -print
+          echo "GITHUB_AW_AGENT_OUTPUT=/tmp/gh-aw/safe-outputs/agent_output.json" >> $GITHUB_ENV
       - name: Push to Branch
         id: push_to_pull_request_branch
         uses: actions/github-script@v8
         env:
+          GITHUB_AW_AGENT_OUTPUT: ${{ env.GITHUB_AW_AGENT_OUTPUT }}
           GH_TOKEN: ${{ github.token }}
-          GITHUB_AW_AGENT_OUTPUT: ${{ needs.agent.outputs.output }}
           GITHUB_AW_PUSH_IF_NO_CHANGES: "warn"
           GITHUB_AW_MAX_PATCH_SIZE: 1024
         with:
diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml
index d99ae450d8d..0523bc8399f 100644
--- a/.github/workflows/tidy.lock.yml
+++ b/.github/workflows/tidy.lock.yml
@@ -4640,12 +4640,23 @@ jobs:
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
           git config --global user.name "${{ github.workflow }}"
           echo "Git configured with standard GitHub Actions identity"
+      - name: Download agent output artifact
+        continue-on-error: true
+        uses: actions/download-artifact@v5
+        with:
+          name: agent_output.json
+          path: /tmp/gh-aw/safe-outputs/
+      - name: Setup agent output environment variable
+        run: |
+          mkdir -p /tmp/gh-aw/safe-outputs/
+          find /tmp/gh-aw/safe-outputs/ -type f -print
+          echo "GITHUB_AW_AGENT_OUTPUT=/tmp/gh-aw/safe-outputs/agent_output.json" >> $GITHUB_ENV
       - name: Push to Branch
         id: push_to_pull_request_branch
         uses: actions/github-script@v8
         env:
+          GITHUB_AW_AGENT_OUTPUT: ${{ env.GITHUB_AW_AGENT_OUTPUT }}
           GH_TOKEN: ${{ github.token }}
-          GITHUB_AW_AGENT_OUTPUT: ${{ needs.agent.outputs.output }}
           GITHUB_AW_PUSH_IF_NO_CHANGES: "warn"
           GITHUB_AW_MAX_PATCH_SIZE: 1024
         with:
diff --git a/pkg/workflow/push_to_pull_request_branch.go b/pkg/workflow/push_to_pull_request_branch.go
index ebefc6f5d60..beb4ca75094 100644
--- a/pkg/workflow/push_to_pull_request_branch.go
+++ b/pkg/workflow/push_to_pull_request_branch.go
@@ -36,54 +36,48 @@ func (c *Compiler) buildCreateOutputPushToPullRequestBranchJob(data *WorkflowDat
 	// Step 3: Configure Git credentials
 	steps = append(steps, c.generateGitConfigurationSteps()...)
 
-	// Step 4: Push to Branch
-	steps = append(steps, "      - name: Push to Branch\n")
-	steps = append(steps, "        id: push_to_pull_request_branch\n")
-	steps = append(steps, "        uses: actions/github-script@v8\n")
-
-	// Add environment variables
-	steps = append(steps, "        env:\n")
+	// Build custom environment variables specific to push-to-pull-request-branch
+	var customEnvVars []string
 	// Add GH_TOKEN for authentication, because we shell out to 'gh' commands
-	steps = append(steps, "          GH_TOKEN: ${{ github.token }}\n")
-	// Pass the agent output content from the main job
-	steps = append(steps, fmt.Sprintf("          GITHUB_AW_AGENT_OUTPUT: ${{ needs.%s.outputs.output }}\n", mainJobName))
+	customEnvVars = append(customEnvVars, "          GH_TOKEN: ${{ github.token }}\n")
 	// Pass the target configuration
 	if data.SafeOutputs.PushToPullRequestBranch.Target != "" {
-		steps = append(steps, fmt.Sprintf("          GITHUB_AW_PUSH_TARGET: %q\n", data.SafeOutputs.PushToPullRequestBranch.Target))
+		customEnvVars = append(customEnvVars, fmt.Sprintf("          GITHUB_AW_PUSH_TARGET: %q\n", data.SafeOutputs.PushToPullRequestBranch.Target))
 	}
 	// Pass the if-no-changes configuration
-	steps = append(steps, fmt.Sprintf("          GITHUB_AW_PUSH_IF_NO_CHANGES: %q\n", data.SafeOutputs.PushToPullRequestBranch.IfNoChanges))
+	customEnvVars = append(customEnvVars, fmt.Sprintf("          GITHUB_AW_PUSH_IF_NO_CHANGES: %q\n", data.SafeOutputs.PushToPullRequestBranch.IfNoChanges))
 	// Pass the title prefix configuration
 	if data.SafeOutputs.PushToPullRequestBranch.TitlePrefix != "" {
-		steps = append(steps, fmt.Sprintf("          GITHUB_AW_PR_TITLE_PREFIX: %q\n", data.SafeOutputs.PushToPullRequestBranch.TitlePrefix))
+		customEnvVars = append(customEnvVars, fmt.Sprintf("          GITHUB_AW_PR_TITLE_PREFIX: %q\n", data.SafeOutputs.PushToPullRequestBranch.TitlePrefix))
 	}
 	// Pass the labels configuration
 	if len(data.SafeOutputs.PushToPullRequestBranch.Labels) > 0 {
 		labelsStr := strings.Join(data.SafeOutputs.PushToPullRequestBranch.Labels, ",")
-		steps = append(steps, fmt.Sprintf("          GITHUB_AW_PR_LABELS: %q\n", labelsStr))
+		customEnvVars = append(customEnvVars, fmt.Sprintf("          GITHUB_AW_PR_LABELS: %q\n", labelsStr))
 	}
 	// Pass the maximum patch size configuration
 	maxPatchSize := 1024 // Default value
 	if data.SafeOutputs != nil && data.SafeOutputs.MaximumPatchSize > 0 {
 		maxPatchSize = data.SafeOutputs.MaximumPatchSize
 	}
-	steps = append(steps, fmt.Sprintf("          GITHUB_AW_MAX_PATCH_SIZE: %d\n", maxPatchSize))
-
-	// Add custom environment variables from safe-outputs.env
-	c.addCustomSafeOutputEnvVars(&steps, data)
+	customEnvVars = append(customEnvVars, fmt.Sprintf("          GITHUB_AW_MAX_PATCH_SIZE: %d\n", maxPatchSize))
 
-	steps = append(steps, "        with:\n")
-	// Add github-token if specified
+	// Get token from config
 	var token string
 	if data.SafeOutputs.PushToPullRequestBranch != nil {
 		token = data.SafeOutputs.PushToPullRequestBranch.GitHubToken
 	}
-	c.addSafeOutputGitHubTokenForConfig(&steps, data, token)
-	steps = append(steps, "          script: |\n")
 
-	// Add each line of the script with proper indentation
-	formattedScript := FormatJavaScriptForYAML(pushToBranchScript)
-	steps = append(steps, formattedScript...)
+	// Step 4: Push to Branch using buildGitHubScriptStep
+	scriptSteps := c.buildGitHubScriptStep(data, GitHubScriptStepConfig{
+		StepName:      "Push to Branch",
+		StepID:        "push_to_pull_request_branch",
+		MainJobName:   mainJobName,
+		CustomEnvVars: customEnvVars,
+		Script:        pushToBranchScript,
+		Token:         token,
+	})
+	steps = append(steps, scriptSteps...)
 
 	// Create outputs for the job
 	outputs := map[string]string{