GitHub Agentic Workflows

Blog

Weekly Update – May 4, 2026

Happy May the Fourth! Here’s a look at what shipped in github/gh-aw this week — a busy one packed with experiment infrastructure, compiler fixes, and engine improvements.

v0.71.3 landed on April 30th, capping off a week of rapid iteration. This release delivers major improvements to safe-outputs reusability, more resilient Copilot driver behavior, and solid self-hosted runner support.

  • Parameterized safe-outputs for reusable workflows (#29171): workflow_call inputs can now control safe-outputs.threat-detection, boolean flags, PR policy fields, and list constraints. Build reusable workflows that callers can configure without forking.

  • Configurable MCP gateway session timeout: Set engine.mcp.session-timeout in your workflow frontmatter to keep long-running MCP sessions alive. No more premature timeouts on deep analysis workflows.

  • Auto-inject create_issue safe output: Workflows without explicit safe-output configuration now automatically get a create_issue safe output, slashing boilerplate for common workflows.

  • Repo Mind Light shared workflow: A shared repo-mind-light.md workflow is now available for reuse across daily issue/PR agentic workflows (#29063).

  • Team reviewers on add_reviewer: The add_reviewer MCP tool now supports setting team_reviewers on pull requests (#29228).

  • Self-hosted runner support for non-default home directories: Workflows now work correctly on self-hosted runners where the service account home is not /home/runner (#27260).

Several impactful PRs landed this week beyond the release:

  • Compiler detects single-quoted bash commands that crash Copilot CLI: The compiler now catches and sanitizes single-quoted bash tool commands before they reach the Copilot CLI, preventing cryptic runtime crashes. A small fix with a big quality-of-life impact.

  • Default Codex harness with retry logic: The Codex engine now ships a default codex_harness.cjs with built-in retry logic, making Codex-powered workflows more resilient out of the box.

  • A/B experiments framework: A hidden experiments CLI command lets you read experiment state from storage repo branches, enabling controlled A/B testing of workflow behavior across runs.

  • Statistical analysis for experiments: The experiments analyze command now computes statistical significance, so you can tell whether a prompt change actually improved things — or just got lucky.

  • Multiple OTLP endpoints: The endpoint field in OTLP configuration is now polymorphic — send telemetry to multiple backends simultaneously.

  • Fix: round-robin random start on cache miss: Round-robin workflows now randomly select their starting item when the cache is cold, preventing all instances from piling onto the first item at startup.

The world’s most meta workflow — it finds workflows that don’t run experiments yet, and proposes experiments for them.

This week ab-testing-advisor ran three times, each time scanning the entire workflow catalog for experiment-free candidates, picking one, and writing a detailed GitHub issue with a full A/B experiment campaign. On May 2nd alone it created two issues: one proposing a prompt_style A/B test for the daily-news workflow (which it diagnosed as “highly prescriptive” and worth loosening up), and another (#29661) calling for improvements to the experiment infrastructure itself — the advisor advising on how to improve the advisor. Very on-brand.

It spent roughly 500k tokens per run carefully reading workflow files, thinking through experiment dimensions, and writing crisp implementation specs. For a workflow that runs daily and quietly, it’s doing serious intellectual heavy lifting behind the scenes.

Usage tip: Use ab-testing-advisor as inspiration for your own repos — it’s a great example of a meta-workflow that uses AI to drive continuous improvement of other AI workflows.

View the workflow on GitHub

Update to v0.71.3 today to get parameterized safe-outputs, the new experiment infrastructure, and all the reliability fixes. As always, feedback and contributions are welcome in github/gh-aw.

Weekly Update – April 27, 2026

Another productive week in github/gh-aw! Two releases dropped — v0.71.0 and v0.71.1 — bringing reliability fixes across the board, from threat-detection improvements to the Claude engine to a loop that was quietly consuming millions of tokens. Here’s what shipped.

Released April 24th, this patch release is all about correctness:

  • protected-files object form now compiles correctly (#28341): Workflows using the documented {policy, exclude} object syntax were being rejected at compile time. That’s fixed — the schema now accepts both the string shorthand and the full object form.
  • Pre-agent skills no longer overwritten on pull_request triggers (#28290): Skills installed by pre-agent-steps were silently clobbered because the “Restore agent config folders” step ran after them. Step ordering is now correct.
  • Incremental diff for push_to_pull_request_branch patch size (#28198): The max patch size check now measures only the incremental change since the last push, not the full diff from the default branch. No more spurious size-limit rejections on long-running branches.
  • jsweep infinite loop fixed (#28353): A workflow was calling create_pull_request in a loop, racking up 4.64M tokens per run. It now exits after creating a PR.

Released April 23rd, focused on runtime reliability and new capabilities:

  • Node.js setup added to threat-detection jobs (#28160): The node: command not found error in Copilot threat-detection workflows is gone — Node.js setup is now emitted before copilot_driver.cjs.
  • OTLP tracing for cancelled runs (#28172): Manually cancelled runs now emit a proper OpenTelemetry span, so you get full duration visibility even when a run is cut short.
  • Claude engine: bypassPermissionsacceptEdits (#28047): Migrates away from the deprecated flag and fixes missing MCP server entries in --allowed-tools, keeping Claude-powered workflows fully functional.

Beyond the releases, this week also saw some useful quality-of-life improvements merged directly to main:

The tireless sentinel of the issue tracker — reads every open issue and classifies it so the right people see it.

This week, auto-triage-issues ran three times in a single day (April 27th alone), faithfully scanning for untriaged issues each time on a scheduled basis. Across its runs, it averaged just 4–6 turns per execution, keeping things lean while still making 6 GitHub API calls per run. The workflow even improved its own efficiency mid-day — dropping from 6 turns in the morning run down to 4 turns by afternoon, apparently learning to get to the point faster. The observability metrics politely noted it might be “partially reducible to deterministic automation,” but honestly, where’s the fun in that?

One of its runs earned an honorable mention from the agentic assessment system: “This Triage run looks stable enough that deterministic automation may be a simpler fit.” The workflow responded by running again an hour later, exactly the same as before. Iconic.

Usage tip: Pair auto-triage-issues with a label-based notification workflow so the right team members get pinged the moment a new issue is categorized.

View the workflow on GitHub

Update to v0.71.1 today and check out all the fixes. Feedback and contributions are always welcome over at github/gh-aw.

Weekly Update – April 20, 2026

What a week for github/gh-aw! Five releases dropped between April 13 and April 17, delivering a new AI engine, key security improvements, and a wave of reliability fixes. Here’s what you need to know.

A targeted fix-and-polish release with one standout new addition:

  • on.roles single-string support (#26789): You can now write roles: write instead of roles: [write]. Previously this produced a confusing compiler error — now it just works.
  • Codex chroot fix (#26787): Codex workflows on restricted filesystems were failing silently. Runtime state now lives in /tmp where it can actually be written.
  • Cross-repo compatibility checks (#26802): A new daily Claude workflow automatically discovers repositories using gh-aw and runs compile checks against the latest build. Compatibility regressions now get caught before they reach users.

The headline release of the week, with a brand-new engine and important security improvements:

  • OpenCode engine — Set engine: opencode to use OpenCode as your agentic engine, joining Copilot, Claude, and Codex as first-class options.
  • engine.bare mode — Set engine.bare: true to skip loading AGENTS.md. Perfect for triage, reporting, and ops workflows where repository code context just adds noise.
  • Pre-agent steps — The new pre-agent-steps frontmatter field lets you run custom GitHub Actions steps before the AI agent starts — great for authentication, environment setup, or any prerequisite work.
  • cache-memory working-tree sanitization — Before each agent run, the working tree is now scanned and cleaned of planted executables and disallowed files from cached memory. This closes a real supply-chain attack vector.

Quality-of-life improvements and more security hardening:

  • MCP config at .github/mcp.json (#26665): The MCP configuration file has moved from .mcp.json (repo root) to .github/mcp.json, aligning with standard GitHub configuration conventions. The init flow creates the new path automatically.
  • shared/reporting-otlp.md import bundle (#26655): One import now replaces two for telemetry-enabled reporting workflows.
  • Environment-level secrets fixed (#26650): The environment: frontmatter field now correctly propagates to the activation job.

A substantial patch resolving 21 community-reported issues:

  • BYOK Copilot mode (#26544): New byok-copilot feature flag wires offline Copilot support.
  • Side repo maintenance workflow (#26382): The compiler now auto-generates agentics-maintenance.yml for target repositories in side repository patterns.
  • MCP servers as local CLIs (#25928): MCP servers can now be mounted as local CLI commands after the gateway starts, enabling richer tool integrations.

Observability and reliability improvements:

  • Model-not-supported detection (#26229): When a model is unavailable for your plan, the workflow now stops retrying and surfaces a clear error instead of spinning indefinitely.
  • Time Between Turns (TBT) metric (#26321): gh aw audit and gh aw logs now report TBT — a key indicator of whether LLM prompt caching is working for your workflows.
  • env and checkout fields in shared imports (#26113, #26292): Shared importable workflows now support both env: and checkout: fields, eliminating common workarounds.

The unsung hero of issue hygiene — reads every unlabeled issue and applies the right labels so the right people see it, automatically, on a schedule.

This week auto-triage-issues kept its usual steady pace, triaging issues as they came in. In one run, it spotted issue #27290 — a question about ecosystem groups in the frontmatter/compilation pipeline — and correctly labeled it compiler within 24 seconds flat. In another run, it encountered an issue that the integrity policy had filtered before the agent could even read the title, so it did the responsible thing: skipped labeling, created a summary discussion, and politely told the maintainers to take a look themselves.

Even when it can’t act, it doesn’t just silently fail — it leaves a breadcrumb so nothing falls through the cracks.

Usage tip: Pair auto-triage-issues with a notify workflow on high-priority labels (like security or breaking-change) so your team gets paged for the things that actually matter.

View the workflow on GitHub

With v0.68.7 now available, it’s a great time to update and explore the new OpenCode engine, engine.bare mode, or pre-agent steps. As always, feedback and contributions are very welcome in github/gh-aw.

Weekly Update – April 13, 2026

It was a busy week in github/gh-aw — five releases shipped between April 6 and April 10, addressing everything from a critical Copilot CLI reliability crisis to shiny new workflow composition features. Here’s the full rundown.

The headline of this patch is a critical Copilot CLI reliability hotfix. Workflows using the Copilot engine were hanging indefinitely or producing zero-byte output due to an incompatibility introduced in v1.0.22 of the Copilot CLI. v0.68.1 pins the CLI back to v1.0.21 — the last confirmed-working version — and gets everyone’s workflows running again (#25689).

Beyond the hotfix, this release also ships:

  • engine.bare frontmatter field (#25661): Set bare: true to suppress automatic context loading — AGENTS.md and user instructions for Copilot, CLAUDE.md memory files for Claude. Great when you want the AI to start from a clean slate.
  • Improved stale lock file diagnostics (#25571): When the activation job detects a stale hash, it now emits step-by-step [hash-debug] log lines and opens an actionable issue guiding you to fix it.
  • actions/github-script upgraded to v9 (#25553): Scripts now get getOctokit as a built-in context parameter, removing the need for manual @actions/github imports in safe-output handlers.
  • Squash-merge fallback in gh aw add (#25609): If a repo disallows merge commits, the setup PR now automatically falls back to squash merge instead of failing.
  • Security: agent-stdio.log permissions hardened — Log files are now pre-created with 0600 permissions before tee writes, preventing world-readable exposure of MCP gateway bearer tokens.

This release brings distributed tracing improvements and a cleaner comment API:

  • OpenTelemetry cross-job trace hierarchy (#25540): Parent span IDs now propagate through aw_context across jobs, giving you end-to-end distributed trace visibility for multi-job workflows in backends like Tempo, Honeycomb, and Datadog.
  • Simplified discussion comment API (#25532): The deprecated add-comment.discussion boolean has been removed in favor of the clearer discussions: true/false syntax. Run gh aw fix --write to migrate existing workflows.
  • Security: heredoc content validation (#25510): ValidateHeredocContent checks now cover five user-controlled heredoc insertion sites, closing a class of potential injection vectors.

This one led with five new agentic workflow templates: approach-validator, test-quality-sentinel, refactoring-cadence, architecture-guardian, and design-decision-gate. These expand the built-in library for code quality, ADR enforcement, and architectural governance. The release also included Copilot driver retry logic and a --runner-guard compilation flag.

The star of this release is the new pre-steps frontmatter field — inject steps that run before checkout and the agent inside the same job. This is the recommended pattern for token-minting actions (e.g., actions/create-github-app-token, octo-sts) that need to check out external repos. Because the minted token stays in the same job, it never gets masked when crossing a job boundary. Also shipped: ${{ github.aw.import-inputs.* }} expression support in the imports: section, and assignees support on create-pull-request fallback issues.

Reliability-focused: cross-repo workflow hash checks, checkout tokens no longer silently dropped on newer runners, curl/wget flag-bearing invocations now allowed in network.allowed workflows, and a timeout-minutes schema cap at 360.

Beyond the releases, the past week also delivered:

  • #25923: Image artifacts can now be uploaded without zip archiving using skip-archive: true, and the resulting artifact URLs are surfaced as outputs — enabling workflows to embed images directly in Markdown comments.
  • #25908: A new scheduled cleanup-cache-memory job was added to the agentics maintenance workflow to prune outdated cache-memory entries automatically (and can be triggered on demand).
  • #25914 + #25972: OTel exception span events now emit exception.type alongside exception.message and individual error attributes are queryable — no more digging through pipe-delimited strings in Grafana.
  • #25960: Fixed a sneaky bug where push_repo_memory would run on every bot-triggered no-op because always() bypassed skip propagation.
  • #25971: Raw subprocess output from gh aw compile --validate is now sanitized before being embedded into issue bodies, closing a Markdown injection vector.

The quiet backbone of issue hygiene — reads every new issue and applies the right labels so the right people see it.

This week auto-triage-issues proved it’s doing its job almost too well. In the scheduled run on April 13, it scanned all open issues and found exactly zero unlabeled issues — reporting a 100% label coverage rate with zero action required. It had already handled the labeling in near-real-time as issues arrived, including one run on April 12 where it correctly tagged a freshly opened issue with enhancement, mcp, compiler, and security in a single pass. Four labels, zero hesitation.

That “security” label is doing a lot of work — the workflow spotted MCP and compiler concerns that genuinely deserved the tag, not just keyword-matched on it. We’ll take it.

Usage tip: Pair auto-triage-issues with label-based notification rules so your team gets automatically paged for security or critical issues without anyone having to babysit the issue tracker.

View the workflow on GitHub

Update to v0.68.1 today to get the Copilot CLI hotfix and the new engine.bare control. As always, contributions and feedback are welcome in github/gh-aw.

Weekly Update – April 6, 2026

Ten releases landed in github/gh-aw between March 31 and April 6 — a relentless pace that delivered production-ready distributed tracing, new safe output signals, and a sweeping security cleanup. Here’s what shipped.

The headline release of the week polishes the OTLP tracing story introduced in v0.67.0 and adds a wave of security fixes.

  • Accurate span names and real job durations (#24823): Job lifecycle spans now use the actual job name (e.g. gh-aw.agent.conclusion) and record real execution time — previously spans always reported 2–5 ms due to a missing startMs.
  • OTLP payload sanitization: Sensitive values (token, secret, key, auth, etc.) in span attributes are automatically redacted before sending to any OTLP collector.
  • OTLP headers masking (#24805): OTEL_EXPORTER_OTLP_HEADERS is masked with ::add-mask:: in every job, preventing auth tokens from leaking into GitHub Actions debug logs.
  • MCP Gateway OpenTelemetry (#24697): The MCP Gateway now receives OpenTelemetry config derived from observability.otlp frontmatter and the actions/setup trace IDs, correlating all MCP tool-call traces under the workflow root trace.
  • report_incomplete safe output (#24796): A new first-class signal lets agents surface infrastructure or tool failures without being misclassified as successful runs. When an agent emits report_incomplete, the safe-outputs handler activates failure handling regardless of agent exit code.
  • checks as a first-class MCP tool (#24818): The checks tool is now registered in the gh-aw MCP server, returning a normalized CI verdict (success, failed, pending, no_checks, policy_blocked).
  • Token/secret injection prevention: 422 instances of ${{ secrets.* }} interpolated directly into run: blocks were moved to env: mappings across lock files.
  • Claude Code 1.0.0 compatibility (#24807): Removed the --disable-slash-commands flag that was dropped in Claude Code 1.0.0.

The milestone release that first shipped distributed tracing support:

  • observability.otlp frontmatter: Workflows can now export structured OpenTelemetry spans to any OTLP-compatible backend (Honeycomb, Grafana Tempo, Sentry) with a single frontmatter block. Every job emits setup and conclusion spans; cross-job trace correlation is wired automatically with a single trace ID from the activation job.
  • GitHub API rate limit analytics: gh aw audit, gh aw logs, and gh aw audit diff now show GitHub API quota consumed per run, per resource.
  • Environment Variable Reference: A new comprehensive reference section covers all CLI configuration variables.

! Breaking change: gh aw audit report has been removed. Cross-run security reports are now generated directly by gh aw logs --format. The new --last flag aliases --count to ease migration.

  • Flat run classification in gh aw logs --json: Each run now carries a top-level classification string ("risky", "normal", "baseline", or "unclassified"), eliminating null-guard gymnastics.
  • Per-tool-call metrics in logs: Granular token usage, failure counts, and latency per tool — perfect for identifying which tools consume the most resources.
  • Token Usage Artifact (#24315): Agent token usage is now uploaded as a workflow artifact, making it easy to track spend over time.
  • Workflow reliability and threat detection extensibility improvements shipped alongside.

v0.65.7 through v0.65.2 (March 31–April 3) focused on cross-repo workflow reliability, MCP gateway keepalive configuration, safe-outputs improvements, and token optimization tooling.


Agent of the Week: agentic-observability-kit

Section titled “ Agent of the Week: agentic-observability-kit”

The tireless watchdog that monitors your entire fleet of agentic workflows and escalates when things go sideways.

Every day, agentic-observability-kit pulls logs from all running workflows, classifies their behavior, and posts a structured observability report as a GitHub Discussion — then files issues when patterns of waste or failure cross defined thresholds. This past week it had a particularly eventful run: on April 6 it spotted that smoke-copilot and smoke-claude had each burned through 675K–1.7M tokens across multiple runs (flagged as resource_heavy_for_domain with high severity), and it filed an issue titled “Smoke Copilot and Smoke Claude repeatedly resource-heavy” before anyone on the team had noticed. It also caught that the GitHub Remote MCP Authentication Test workflow had a 100% failure rate across two runs — one of which completed at zero tokens, suggesting a config or auth problem rather than an agent misbehaving.

In a delightfully meta moment, the observability kit itself hit token-limit errors while trying to ingest its own log data — it made four attempts with progressively smaller count and max_tokens parameters before it could fit the output into context. It got there in the end.

Usage tip: Pair agentic-observability-kit with Slack or email notifications so escalation issues trigger an alert — otherwise the issues it files can sit unread while the token bill quietly grows.

View the workflow on GitHub


Update to v0.67.1 and start exporting traces from your workflows today — all it takes is an observability.otlp block in your frontmatter. Feedback and contributions are always welcome in github/gh-aw.