build(deps): bump github/gh-aw from 0.46.3 to 0.56.1

[dependabot]

Bumps github/gh-aw from 0.46.3 to 0.56.1.

Release notes

Sourced from github/gh-aw's releases.

v0.56.1

🌟 Release Highlights

This release focuses on reliability and correctness — fixing several subtle but impactful bugs in sandbox execution, bot identity matching, workflow compilation, and safe-output handling, alongside expanded documentation.

🐛 Bug Fixes & Improvements

• Bot identity canonicalization — on.bots allow-lists now correctly match GitHub App actors regardless of whether they appear as my-app or my-app[bot]. Previously, the exact-string mismatch silently blocked activations. (#20059)

• AWF sandbox git identity — The first git commit inside an AWF sandbox no longer fails with "Author identity unknown." Host Git identity environment variables are now injected into sandbox execution steps, preserving the caller's author/committer info. (#20056)

• dispatch-workflow compile-order independence — Workflows that dispatch other workflows in the same compile batch no longer require a specific compilation order. Targets that exist as .md files (without a pre-existing .lock.yml) are now accepted. (#20057)

• safe-outputs: failures now fail the workflow — When a safe-output handler returns {success: false}, the step now calls core.setFailed() and exits non-zero. Previously, failures were only emitted as warnings and the workflow continued as successful. (#20055)

• Gateway log truncation fix — Log lines exceeding 64 KB in gateway.jsonl (common with large AI tool call payloads) were silently truncated. Missing scanner.Buffer() calls have been added to prevent this. (#20074)

• Firewall analysis blocked domain display — The firewall log viewer now correctly shows the destination IP:port for iptables-dropped traffic instead of displaying "-". (#20016)

📚 Documentation

• Docker-based MCP server configuration — The MCP server reference now covers running gh-aw as an MCP server via Docker, for environments where the gh CLI is not installed locally. (#20053)

• Workflow status message style guide — A new .github/aw/messages.md establishes consistent conventions for tone and emoji usage in safe-outputs status messages across all workflows. (#20052)

• Updated feature documentation and permissions reference cleanup. (#20020, #20003)

🌍 Community Contributions

A huge thank you to the community members who reported issues that were resolved in this release:

• @samuelkahessay for safe-outputs: handler failures never escalated to core.setFailed() (#20035)
• @strawgate for Agent sandbox git identity missing: first commit fails, then agent self-configures (#20033)
• @samuelkahessay for dispatch-workflow validation is compile-order dependent (#20031)
• @samuelkahessay for on.bots matching is exact-string only and fails for (slug) vs (slug)[bot] (#20030)

---

For complete details, see CHANGELOG.

Generated by Release

---

What's Changed

• [docs] docs: reduce bloat in permissions.md by @​github-actions[bot] in github/gh-aw#20003
• [docs] Update documentation for features from 2026-03-08 by @​github-actions[bot] in github/gh-aw#20020
• Fix firewall analysis showing "-" instead of actual blocked domains for iptables-dropped traffic by @​Copilot in github/gh-aw#20016
• fix: canonicalize bot identifiers so <slug> and <slug>[bot] match in on.bots by @​Copilot in github/gh-aw#20059

... (truncated)

Changelog

Sourced from github/gh-aw's changelog.

Changelog

All notable changes to this project will be documented in this file.

v0.40.1 - 2026-02-03

Move from githubnext/gh-aw to github/gh-aw

If you were a former user of the githubnext Agentic Workflows you might have to re-register the extension to reflect the new location. As the gh-aw project moved from githubnext to github please delete the old channel and register the new one.

Example:

gh extension list
NAME   REPO              VERSION
gh aw  githubnext/gh-aw  v0.36.0
gh extension upgrade --all
[aw]: already up to date
gh extension remove gh-aw
gh extension install github/gh-aw
✓ Installed extension github/gh-aw
gh extension list
NAME   REPO          VERSION
gh aw  github/gh-aw  v0.40.1

Bug Fixes

Handle 502 Bad Gateway errors in assign_to_agent handler by treating them as success. The cloud gateway may return 502 errors during agent assignment, but the assignment typically succeeds despite the error. The handler now logs 502 errors for troubleshooting but does not fail the workflow.

Add discussion interaction to smoke workflows and serialize the discussion

flag in safe-outputs handler config.

Smoke workflows now select a random discussion and post thematic comments to validate discussion comment functionality. The compiler now emits the "discussion": true flag in GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG when a workflow requests discussion output, and lock files include discussions: write permission where applicable.

Add discussion interaction to smoke workflows; compiler now serializes the discussion flag into the safe-outputs handler config so workflows can post comments to discussions. Lock files include discussions: write where applicable.

Smoke workflows pick a random discussion and post a thematic comment (copilot: playful, claude: comic-book, codex: mystical oracle, opencode: space mission). This is a non-breaking tooling/workflow change.

Add discussion interaction to smoke workflows; deprecate the discussion flag and

... (truncated)

Commits

• fd283fd Fix: Inject git identity env vars into AWF sandbox execution steps (#20056)
• b6f48c5 Add workflow status message style guide (#20052)
• 4a22b99 Fix dispatch-workflow validation: accept .md-only targets in same compile bat...
• e312acc safe-outputs: escalate handler failures to core.setFailed() (#20055)
• cdda009 docs: add Docker-based MCP server configuration (#20053)
• 0943278 fix: canonicalize bot identifiers so \<slug> and \<slug>[bot] match in `on....
• 5482918 Fix firewall analysis showing "-" instead of actual blocked domains for iptab...
• 35d0c88 docs: document resources: field and gh aw add dependency auto-fetch (#20020)
• 04d781a docs: reduce bloat in permissions.md (#20003)
• 046e81c Improve compile command help text to clarify input/output formats (#19988)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Superseded by #108.