GitHub Copilot: Agentic Workflows in Technical Preview
GitHub CopilotGitHub has launched Agentic Workflows in technical preview, enabling developers to define repository automation using plain Markdown files instead of complex YAML configurations. AI agents β including GitHub Copilot, Claude Code, and OpenAI Codex β execute these workflows as standard GitHub Actions with security-first design: read-only by default, sandboxed execution, and network isolation. The feature represents a fundamental rethinking of CI/CD automation, translating natural-language intent into structured, safe agentic action.
Sources & Mentions
4 external resources covering this update
A New Paradigm for Repository Automation
GitHub has introduced Agentic Workflows in technical preview β a significant rethinking of how developers automate repository tasks. Where traditional GitHub Actions require engineers to hand-craft YAML configurations with precise syntax, Agentic Workflows let developers describe what they want automated in plain Markdown, and let an AI agent handle the implementation details.
The concept is straightforward: place a Markdown file in your repository's .github/workflows/ directory, describe your automation goal in natural language, and the GitHub CLI compiles it into standard GitHub Actions YAML. From there, AI agents execute the workflow with access to repository context β issues, pull requests, code, and CI results.
What Agents Can Do
The range of tasks well-suited to Agentic Workflows is broad. GitHub highlights use cases including issue triage, documentation updates, code improvement identification, test coverage monitoring, CI failure investigation, and regular repository health reporting. Any repetitive task that currently requires a human to read context and take action is a candidate for an agentic workflow.
Notably, the system is not locked to a single AI agent. GitHub Copilot, Claude Code, and OpenAI Codex can all execute workflows in this format, giving teams flexibility in their choice of AI model.
Security Architecture
A central design principle of Agentic Workflows is security. Agents operate in isolated containers with restricted network access, and repository write permissions are denied by default. When a workflow does require a write operation β committing a file, closing an issue, merging a PR β it must go through "Safe Outputs," a permissioned, pre-approved subsystem that deterministically applies a limited, auditable set of changes.
This read-only-first model addresses a key concern with autonomous AI agents in production environments: runaway or unauthorized modifications. GitHub has designed the trust boundary explicitly, requiring intentional opt-in for any write capability.
Availability and Open Source
Agentic Workflows are available now in technical preview via the gh aw CLI extension. The project is open source under the MIT license and represents a collaboration between GitHub Next, Microsoft Research, and Azure Core Upstream. Teams interested in trying the feature can install the CLI extension, create a Markdown workflow file, and deploy it as a standard GitHub Action.