zircote · zircote · Apr 20, 2026 · Apr 20, 2026 · Apr 20, 2026
diff --git a/.claude/skills/gh-aw-report/knowledge-base.md b/.claude/skills/gh-aw-report/knowledge-base.md
@@ -6,6 +6,33 @@
 
 ---
 
+## [2026-04-20] Intelligence Update
+
+### 2026-04-20 — safe-outputs — update-pull-request `update-branch` parameter
+- **New parameter**: `update-branch: true` in `safe-outputs.update-pull-request` config block
+- **Behavior**: Calls `github.rest.pulls.updateBranch()` to sync PR branch with base before metadata updates
+- **Default**: `false` (opt-in)
+- **Source**: github/gh-aw PR #27244 (2026-04-20)
+
+### 2026-04-20 — safe-outputs — push-to-pull-request-branch `fallback-as-pull-request`
+- **New parameter**: `fallback-as-pull-request` boolean (default `true`)
+- **Behavior**: When target PR branch has diverged, creates a fallback PR rather than failing — **enabled by default**
+- **To disable**: `fallback-as-pull-request: false`
+- **Side effect**: `pull-requests: write` permission now requested by default for push-to-pull-request-branch
+- **Source**: github/gh-aw PR #27220 (2026-04-20)
+
+### 2026-04-20 — security — SEC-005 allowlist validation for workflow_dispatch
+- **Change**: `workflow_dispatch` target repo overrides now validated against SEC-005 allowlist
+- **Impact**: Cross-repo dispatch must be in `allowed-repos` or explicitly permitted
+- **Source**: github/gh-aw PR #27242 (2026-04-20)
+
+### 2026-04-20 — correction — push-to-pull-request-branch if-no-changes valid values
+- **Correct values**: `"warn"` (default), `"error"`, `"ignore"`
+- **Previously documented incorrectly as**: `"comment"`, `"skip"` — these are INVALID values
+- **Source**: github/gh-aw `pkg/workflow/push_to_pull_request_branch.go` switch statement
+
+---
+
 ## [2026-04-19] Daily Intelligence — AWF v0.25.25 / MCP Gateway v0.2.25 / Port 8080 Fix
 
 ### gh-aw Version Bumps (2026-04-19)

diff --git a/outputs/gh-aw-reports/2026-04-20.md b/outputs/gh-aw-reports/2026-04-20.md
@@ -0,0 +1,70 @@
+# gh-aw Intelligence Report — 2026-04-20
+
+**Date:** 2026-04-20  
+**Sources:** GitHub API (github/gh-aw, github/github-mcp-server commits)  
+**Last KB date:** 2026-04-18
+
+---
+
+## 1. gh-aw Core Updates
+
+### New Safe-Output: `update-pull-request` `update-branch` parameter (PR #27244, 2026-04-20)
+- **Feature**: `update-branch: true` added to `update-pull-request` safe-output
+- **Behavior**: When enabled, calls `github.rest.pulls.updateBranch()` to sync the PR branch with its base branch **before** performing other PR metadata updates (title, body, etc.)
+- **Default**: `false` (opt-in)
+- **YAML frontmatter key**: `update-branch: true` in `safe-outputs.update-pull-request` config block
+- **Source**: https://github.com/github/gh-aw/commit/ca935b6cc076763418422ead6209f1ddb939c13c
+
+### New Safe-Output: `push-to-pull-request-branch` `fallback-as-pull-request` parameter (PR #27220, 2026-04-20)
+- **Feature**: `fallback-as-pull-request` added to `push-to-pull-request-branch` safe-output
+- **Behavior**: When the target PR branch has diverged (non-fast-forward), creates a new fallback PR instead of failing
+- **Default**: `true` (opt-out behavior — it runs automatically unless disabled)
+- **To disable**: `fallback-as-pull-request: false`
+- **Side effect of default**: `pull-requests: write` permission is now requested by default even if you don't explicitly set it
+- **Source**: https://github.com/github/gh-aw/commit/4f668af8348d30b8c00a1dfc92e499f6cd4e2eb1
+
+### SEC-005 Allowlist Validation for `workflow_dispatch` Target Repo Overrides (PR #27242, 2026-04-20)
+- **Security**: `workflow_dispatch` target repository overrides are now validated against the SEC-005 allowlist
+- **Impact**: Cross-repo dispatch operations must have the target repo in the allowlist or be explicitly permitted
+- **Source**: https://github.com/github/gh-aw/commit/b50d2586f3b0453447859697656760445e06e04c
+
+### `push-to-pull-request-branch` `if-no-changes` incorrect values documented
+- **Bug in reference**: The reference file documents `"comment"` and `"skip"` as valid values for `if-no-changes`
+- **Actual valid values**: `"warn"` (default), `"error"`, `"ignore"` (from Go implementation)
+- **This is a priority-1 incorrect gap**
+
+### MCP Server CLI SSE `tools/list` fix (PR #27207, 2026-04-19)
+- **Fix**: MCP servers mounted as CLI tools now correctly handle SSE-formatted `tools/list` responses
+- **Impact**: Resolves edge case where MCP server as CLI would fail to enumerate tools
+- **Source**: https://github.com/github/gh-aw/commit/c27524b9eec4a58700270582c92660f6ef1e2895
+
+---
+
+## 2. GitHub MCP Server Updates
+
+No new releases or commits since v1.0.0 (2026-04-16). Latest commit: validation fix for `set_issue_fields` to enforce exactly one value key per field (2026-04-16).
+
+---
+
+## 3. Gap Analysis Summary
+
+| Gap | Type | File | Priority |
+|-----|------|------|----------|
+| GAP-1: `if-no-changes` has wrong values ("comment","skip") — should be "warn","error","ignore" | incorrect | `safe-outputs.md` | 1 (highest) |
+| GAP-2: `update-pull-request` missing `update-branch` parameter | missing | `safe-outputs.md` | 3 |
+| GAP-3: `push-to-pull-request-branch` missing `fallback-as-pull-request` parameter | missing | `safe-outputs.md` | 3 |
+| GAP-4: `push-to-pull-request-branch` missing `allowed-files`, `excluded-files`, `patch-format`, `ignore-missing-branch-failure` | missing | `safe-outputs.md` | 3 |
+| GAP-5: SEC-005 `workflow_dispatch` target repo allowlist not documented | missing | `production-gotchas.md` | 3 |
+
+---
+
+## 4. Knowledge Base Updates
+
+- `update-pull-request update-branch` parameter documented
+- `push-to-pull-request-branch fallback-as-pull-request` parameter documented
+- SEC-005 enforcement noted
+- `if-no-changes` correct values recorded
+
+---
+
+_Automated by Daily Intelligence Pipeline · 2026-04-20_
diff --git a/skills/aw-author/references/production-gotchas.md b/skills/aw-author/references/production-gotchas.md
@@ -417,3 +417,27 @@ If still seeing this warning:
 2. Verify MCP gateway is v0.2.24+ by checking workflow logs for the MCP gateway version line.
 
 This was a cosmetic/log-noise issue only — workflow functionality was not impacted.
+
+---
+
+## Cross-Repository Dispatch Security
+
+### SEC-005: `workflow_dispatch` Target Repo Overrides Must Pass Allowlist
+
+When using `dispatch-workflow` or `call-workflow` safe-outputs that include a `target-repo` override, gh-aw enforces **SEC-005 allowlist validation** (as of 2026-04-20, PR #27242).
+
+**What this means:**
+- The target repository must appear in `allowed-repos` on the `dispatch-workflow` or `call-workflow` safe-output config block.
+- Workflows that hard-code a `target-repo` without a matching `allowed-repos` entry will now fail at runtime with a validation error.
+
+**How to fix:**
+```yaml
+safe-outputs:
+  dispatch-workflow:
+    target-repo: owner/target-repo
+    allowed-repos:
+      - owner/target-repo   # Must be listed here for SEC-005 to pass
+    max: 1
+```
+
+**Source:** gh-aw PR #27242 (2026-04-20) — `invocation_context_helpers.cjs`
diff --git a/skills/aw-author/references/safe-outputs.md b/skills/aw-author/references/safe-outputs.md
@@ -250,6 +250,7 @@ safe-outputs:
     body: true
     footer: true
     target: "triggering"
+    update-branch: false
     max: 1
 ```
 
@@ -259,6 +260,7 @@ safe-outputs:
 | `body` | boolean | `true` | Enable body updates |
 | `footer` | boolean | `true` | Include AI footer |
 | `target` | string/int | `"triggering"` | Target PR |
+| `update-branch` | boolean | `false` | Sync PR branch with base branch before updating (calls `updateBranch` API) |
 | `max` | integer | `1` | Maximum updates per run |
 | `target-repo` | string | — | Cross-repo target |
 | `github-token` | string | — | Custom authentication token |
@@ -294,7 +296,7 @@ safe-outputs:
     title-prefix: "[fix]"
     labels: [automated]
     protected-files: fallback-to-issue
-    if-no-changes: "comment"
+    if-no-changes: "warn"
     max: 1
 ```
 
@@ -304,8 +306,18 @@ safe-outputs:
 | `title-prefix` | string | — | Require title prefix |
 | `labels` | list | — | Require all labels present |
 | `protected-files` | string | — | `"fallback-to-issue"` — protect certain files |
-| `if-no-changes` | string | — | Action when no changes: `"comment"`, `"skip"` |
+| `if-no-changes` | string | `"warn"` | Action when no changes: `"warn"` (default), `"error"`, `"ignore"` |
+| `ignore-missing-branch-failure` | boolean | `false` | Treat missing/deleted target branches as skipped instead of failures |
+| `commit-title-suffix` | string | — | Optional suffix to append to generated commit titles |
+| `allowed-files` | list | — | Glob patterns forming a strict allowlist of files eligible for push |
+| `excluded-files` | list | — | Glob patterns for files to exclude via git pathspecs (stripped before commit) |
+| `patch-format` | string | `"am"` | Transport format: `"am"` (git format-patch) or `"bundle"` (git bundle, preserves merge topology) |
+| `fallback-as-pull-request` | boolean | `true` | Create fallback PR when push fails due to diverged/non-fast-forward branch; because this defaults to `true`, `pull-requests: write` is requested by default; set `false` to disable |
+| `allow-workflows` | boolean | `false` | Add `workflows: write` to the App token (requires `safe-outputs.github-app`) |
+| `github-token-for-extra-empty-commit` | string | — | Token for empty commit to trigger CI (PAT or `"app"`) |
 | `max` | integer | `1` | Maximum pushes per run |
+| `target-repo` | string | — | Cross-repo target (`"owner/repo"`) |
+| `allowed-repos` | list | — | Additional allowed repositories |
 
 **Required permissions:** `pull-requests: write`, `contents: write`