TL;DR — GitHub Agentic Workflows went public preview on June 11, 2026. Describe what you want automated in a Markdown file; the `gh aw` CLI compiles it into standard Actions YAML; an AI agent runs inside GitHub Actions to perform reasoning-based tasks like issue triage, CI failure analysis, and documentation updates. Agents run with read-only permissions by default inside a sandboxed container. Choose Copilot, Claude, Codex, or Gemini as your engine.

How It Works: Markdown In, Actions YAML Out

Traditional GitHub Actions required developers to express every automation step, trigger, and conditional branch in YAML. Complex logic — like "if this is a bug report with no linked PR and no assignee, label it and ask for a reproduction case" — quickly becomes tangled YAML that's hard to read, write, and maintain. And classical Actions can't reason: they match conditions, they don't understand context.

GitHub Agentic Workflows takes a different approach. You write your automation goal in natural language Markdown:

When a new issue opens, label it by type and priority,
identify duplicates and link them, ask clarifying questions
if the description is unclear, and assign to the right team.

The gh aw CLI compiles that Markdown file into standard Actions YAML. That YAML runs a coding agent inside your existing GitHub Actions infrastructure — with full access to your runner groups, policy constraints, and secret management. The agent reads your repo content, reasons about it, and takes action.

Security Model

Read-only Default agent permission level
Sandboxed Runs behind Agent Workflow Firewall
4 engines Copilot · Claude · Codex · Gemini
100% Existing runner groups and policies reused

GitHub designed the security model with layered safeguards:

  • Integrity filter rules — Govern what GitHub content the agent can access
  • Read-only permissions by default — Agents cannot write to your repo unless you explicitly grant write access
  • Agent Workflow Firewall — Agents execute inside sandboxed containers with restricted network access
  • Safe Outputs process — Agent-proposed changes are validated before being applied
  • Dedicated threat detection job — Scans all proposed changes before application

Because Agentic Workflows compile to standard Actions YAML, all your existing runner groups, organization policies, and CODEOWNERS rules apply automatically. No new governance layer to configure.

💡
Quickstart: Your First Agentic Workflow in 10 Minutes
1. Install the extension: gh extension install github/gh-aw
2. From your repo root: gh aw add-wizard githubnext/agentics/daily-repo-status
3. Choose your AI engine (Copilot, Claude, Codex, or Gemini) and configure the required API key
4. Trigger the first run — a daily repo status report will be filed as a new issue

Supported AI Engines and Authentication

Agentic Workflows supports four AI engines with no vendor lock-in. You can even mix engines across different workflows in the same repository:

AI Engine Required Secret
GitHub Copilot COPILOT_GITHUB_TOKEN
Claude (Anthropic) ANTHROPIC_API_KEY
Codex (OpenAI) OPENAI_API_KEY
Gemini (Google) GEMINI_API_KEY

One notable improvement in the June 11 release: agentic workflows no longer require a Personal Access Token. The earlier requirement for a separate PAT was a friction point for teams; removing it simplifies onboarding significantly.

What You Can Automate

GitHub Next's agentics repository includes pre-built workflows ready to add to any repository:

  • Issue triage — Label by type and priority, identify duplicates, request clarification, assign to team members
  • CI failure analysis — Read failure logs, summarize root cause, open a PR with a suggested fix
  • Documentation updates — Detect code changes that affect docs and auto-generate updates
  • Daily repo status report — Summarize recent activity, open issues, and pending PRs as a filed issue
  • Compliance checks — Review PRs against team guidelines before human review
📌
Three Ways to Author Workflows
Web: Open a Copilot Chat session on github.com and describe the workflow — it drafts the Markdown file for you in minutes.
IDE/CLI agent: Run gh aw init to initialize the repo, then prompt Claude Code, Codex, or Cursor to create a workflow using the official spec.
Mobile: Once the repo is initialized, author and edit workflows from the GitHub mobile app via Copilot Chat.

Context: Part of a Larger Agentic SDLC Push

GitHub Agentic Workflows is part of GitHub's broader strategy to embed AI agents throughout the software development lifecycle. The same week as this announcement, GitHub also shipped Copilot code review configuration controls, Claude Fable 5 general availability in Copilot, and the Copilot CLI /settings command for centralized configuration.

The underlying pattern: GitHub is moving from AI that assists individual developers on individual tasks to AI that operates autonomously on the repository itself — with human review as the final gate, not the starting point.

Key Takeaways
  • GitHub Agentic Workflows launched in public preview on June 11 — AI handles issue triage, CI analysis, and doc updates autonomously
  • Write automation goals in Markdown; the gh aw CLI compiles them to standard Actions YAML
  • Choose Copilot, Claude, Codex, or Gemini as your AI engine — mix across workflows
  • Layered security: read-only by default, sandboxed container, safe outputs validation, threat detection
  • No PAT required as of June 11; uses existing runner groups and org policies
🔗
Official Sources & Documentation
GitHub Changelog: Agentic Workflows Public Preview
GitHub Docs: Your First Agentic Workflow (Quickstart)
GitHub Agentic Workflows Setup Guide (gh-aw CLI)