GitHub Agentic Workflows | Blog

Agent of the Day – May 15, 2026

Fri, 15 May 2026 00:00:00 GMT

Every open-source repo has the same invisible tax: someone has to watch the door. Label the PR. Check if the commenter is a member or an outsider. Hide the policy violation before it spreads. Flag the ambiguous case for a human. It’s repetitive, important, and easy to miss at 2 AM when CI is green and you’re trying to ship.

That’s the gap the AI Moderator workflow fills — automatically, on every event, before a human even opens their notifications.

Agent of the Day: AI Moderator

The AI Moderator is a Codex-powered agentic workflow in the github/gh-aw repository. It fires on pull requests, new issues, and comments — running a structured investigation each time to determine who’s knocking, what they brought, and what action to take. Label it. Hide it. Escalate it. Or stand down.

It’s not a simple rule-based bot. It reasons.

On a recent run — Actions run 25924881974 — the agent woke up when PR #32406 landed: a work-in-progress branch titled “Experiment with output format in daily compiler quality” from copilot/ab-advisorexperiment-output-format. Sixteen turns later, it had done its job.

What it actually did

The agent didn’t guess. It looked things up.

It started by orienting itself — calling github___get_me to confirm its own identity, then github-search_repositories to verify the repo context it was operating in. From there it fanned out: github-list_branches, github-list_tags, github-list_releases, github-get_teams, github-get_team_members. It was building a picture of who belongs here and what the repo looks like right now.

Then it turned to the PR itself. It pulled the PR details with github___pull_request_read, searched related issues with github___search_issues and github___search_pull_requests, reviewed the commit history via github___list_commits, and read any linked issue context through github-issue_read. That’s a broad sweep — the kind a human reviewer would do informally, but inconsistently. The agent did it every time, in the same order, with a logged record of each step.

The conclusion: action_required. The agent applied labels through safeoutputs-add_labels, hid at least one comment using safeoutputs___hide_comment, and raised a flag with safeoutputs-report_incomplete to signal that follow-up was needed. Where checks passed cleanly, it called safeoutputs-noop — explicit confirmation that nothing warranted action, not just silence.

Sixteen turns, and that’s notable

The audit system tracks behavioral baselines. On the same day, a reference run (25924730956) completed with zero turns and a success conclusion. This run took 16. The delta was flagged automatically as a turns_increase requiring review.

That flag matters. It means the system caught a meaningful deviation in how the agent behaved — not a failure, but a signal worth inspecting. Did the PR have unusual characteristics? Was the team membership lookup more complex than usual? The audit trail is there. The observation is already logged.

This is what makes agentic workflows different from scripts: the behavior changes with the input, and the monitoring has to account for that.

Why it’s worth watching

Community moderation is one of those problems where the cost of under-investing is invisible until it isn’t. A missed label means a misrouted PR. A comment that should have been hidden lingers. An external contributor gets treated the same as a maintainer when they shouldn’t.

The AI Moderator closes that gap without requiring a human to be on-call for it. It checks team membership — not just assumed from a username, but verified against github-get_team_members. It applies structured outputs through the safeoutputs interface, which means every action is auditable. And when it can’t confidently resolve a case, it says so explicitly via report_incomplete, rather than silently doing nothing.

Fast, too. This run completed in seconds.

Try it

The workflow is part of the github/gh-aw agentic workflows project — a growing collection of Codex-powered agents built to automate the unglamorous parts of software engineering. If your team maintains a repository and you’re tired of playing gatekeeper manually, this is a good place to start.

Head to github.com/github/gh-aw to see the workflows, read the specs, and explore what’s already running in production.

Agent of the Day is a recurring look at agentic workflows built and run inside the GitHub engineering org.

Weekly Update – May 11, 2026

Mon, 11 May 2026 00:00:00 GMT

It was a busy week in github/gh-aw! Four releases landed between May 4 and May 7, paired with a wave of pull requests that delivered new commands, security hardening, and developer-experience polish. Here’s everything that shipped.

Releases This Week

v0.72.1 — May 7

The headline feature is a new gh aw lint command that runs actionlint directly against your existing .lock.yml files — no recompile required. It’s a lightweight CI gate you can drop into any pipeline to catch syntax errors early. Pass --shellcheck or --pyflakes for deeper script analysis, or point it at specific files with --dir.

Other highlights:

Shared workflow engine.mcp.tool-timeout inheritance (#30634): Shared workflows that wrap slow MCP servers can now declare timeout values once and have consumers inherit them automatically — no more duplicating engine.mcp.tool-timeout in every downstream workflow.
First-party coding-agent skill (#27259): Copilot, Claude, and other coding agents now get structured guidance on creating, debugging, and updating agentic workflows via a router skill shipped with gh aw.
&& preserved in compiled expressions (#30695): A sneaky Go HTML-escaping bug was silently turning && into \u0026\u0026 inside .lock.yml files, corrupting ${{ ... && ... }} expressions. Fixed.

v0.72.0 — May 6

Inline sub-agents are now default-on — the features.inline-agents: true flag is deprecated. Run gh aw fix --write to auto-remove it from existing workflows via the new features-inline-agents-removal codemod.

This release also fixed a community-reported push_to_pull_request_branch rerun failure: when an agent reran and its patch reintroduced a file already on the branch, git am --3way produced an unresolvable add/add conflict. The fix detects add/add-only conflicts and resolves them by taking the patch side automatically.

v0.71.6 and v0.71.5 — May 5–6

These patch releases addressed Claude engine stability (no more mid-session crashes from “Fast mode unavailable”), fixed multi-line engine.env block-scalar values that compiled to broken YAML, added gateway RPC message rendering in step summaries, and switched inline sub-agent blocks to the small model alias by default to reduce cost and latency.

Notable Pull Requests

Beyond the releases, several PRs merged this week are worth highlighting:

gh aw forecast command (experimental) — A new command for projecting workflow effective token usage before you run it. Useful for budgeting and capacity planning.
Grant Claude default /tmp read/write in sandboxed workflows — Claude-engine workflows can now read and write to /tmp by default in sandboxed environments, eliminating a common pain point when agents need temporary scratch space.
Rename rate-limit → user-rate-limit and max-runs → max-runs-per-window — Clearer naming for rate-limiting configuration fields.
OTel gen_ai.response.finish_reasons — Agent spans now emit finish reasons (e.g., stop, length, tool_calls) as an OpenTelemetry attribute, improving observability dashboards.
Synthetic OTel exception events for silent failures — When a workflow fails but the agent produces no readable output, a synthetic exception event is now emitted so traces still surface the failure.

Agent of the Week: auto-triage-issues

The unsung inbox manager of the repository — reads every new issue the moment it’s opened and figures out where it belongs.

This week auto-triage-issues ran three times in quick succession (May 9–10), successfully triaging two issues and stumbling on a third that triggered a failure — a small battle scar it wore with dignity. In its successful runs it stayed impressively lean: nine API requests, ~270 K input tokens pulled from cache, and a turnaround of under 40 seconds per issue. It never wastes a compute cycle it doesn’t have to.

The run summary noted with mild concern that auto-triage-issues is so reliable and narrow in its tool usage that it might be “overkill for agentic” — meaning deterministic automation could theoretically do its job. The workflow appears to have taken this note personally and immediately triaged the next issue without comment.

Usage tip: Pair auto-triage-issues with a notify or discussion workflow on high-priority labels so the right people are paged the moment a critical bug or security issue lands.

→ View the workflow on GitHub

Try It Out

Update to v0.72.1 today — gh extension upgrade gh-aw — and try the new gh aw lint and experimental gh aw forecast commands. As always, feedback and contributions are welcome in github/gh-aw.

Weekly Update – May 4, 2026

Mon, 04 May 2026 00:00:00 GMT

Happy May the Fourth! Here’s a look at what shipped in github/gh-aw this week — a busy one packed with experiment infrastructure, compiler fixes, and engine improvements.

Release: v0.71.3

v0.71.3 landed on April 30th, capping off a week of rapid iteration. This release delivers major improvements to safe-outputs reusability, more resilient Copilot driver behavior, and solid self-hosted runner support.

What’s New

Parameterized safe-outputs for reusable workflows (#29171): workflow_call inputs can now control safe-outputs.threat-detection, boolean flags, PR policy fields, and list constraints. Build reusable workflows that callers can configure without forking.
Configurable MCP gateway session timeout: Set engine.mcp.session-timeout in your workflow frontmatter to keep long-running MCP sessions alive. No more premature timeouts on deep analysis workflows.
Auto-inject create_issue safe output: Workflows without explicit safe-output configuration now automatically get a create_issue safe output, slashing boilerplate for common workflows.
Repo Mind Light shared workflow: A shared repo-mind-light.md workflow is now available for reuse across daily issue/PR agentic workflows (#29063).
Team reviewers on add_reviewer: The add_reviewer MCP tool now supports setting team_reviewers on pull requests (#29228).
Self-hosted runner support for non-default home directories: Workflows now work correctly on self-hosted runners where the service account home is not /home/runner (#27260).

Notable Pull Requests

Several impactful PRs landed this week beyond the release:

Compiler detects single-quoted bash commands that crash Copilot CLI: The compiler now catches and sanitizes single-quoted bash tool commands before they reach the Copilot CLI, preventing cryptic runtime crashes. A small fix with a big quality-of-life impact.
Default Codex harness with retry logic: The Codex engine now ships a default codex_harness.cjs with built-in retry logic, making Codex-powered workflows more resilient out of the box.
A/B experiments framework: A hidden experiments CLI command lets you read experiment state from storage repo branches, enabling controlled A/B testing of workflow behavior across runs.
Statistical analysis for experiments: The experiments analyze command now computes statistical significance, so you can tell whether a prompt change actually improved things — or just got lucky.
Multiple OTLP endpoints: The endpoint field in OTLP configuration is now polymorphic — send telemetry to multiple backends simultaneously.
Fix: round-robin random start on cache miss: Round-robin workflows now randomly select their starting item when the cache is cold, preventing all instances from piling onto the first item at startup.

Agent of the Week: ab-testing-advisor

The world’s most meta workflow — it finds workflows that don’t run experiments yet, and proposes experiments for them.

This week ab-testing-advisor ran three times, each time scanning the entire workflow catalog for experiment-free candidates, picking one, and writing a detailed GitHub issue with a full A/B experiment campaign. On May 2nd alone it created two issues: one proposing a prompt_style A/B test for the daily-news workflow (which it diagnosed as “highly prescriptive” and worth loosening up), and another (#29661) calling for improvements to the experiment infrastructure itself — the advisor advising on how to improve the advisor. Very on-brand.

It spent roughly 500k tokens per run carefully reading workflow files, thinking through experiment dimensions, and writing crisp implementation specs. For a workflow that runs daily and quietly, it’s doing serious intellectual heavy lifting behind the scenes.

Usage tip: Use ab-testing-advisor as inspiration for your own repos — it’s a great example of a meta-workflow that uses AI to drive continuous improvement of other AI workflows.

→ View the workflow on GitHub

Try It Out

Update to v0.71.3 today to get parameterized safe-outputs, the new experiment infrastructure, and all the reliability fixes. As always, feedback and contributions are welcome in github/gh-aw.

Weekly Update – April 27, 2026

Mon, 27 Apr 2026 00:00:00 GMT

Another productive week in github/gh-aw! Two releases dropped — v0.71.0 and v0.71.1 — bringing reliability fixes across the board, from threat-detection improvements to the Claude engine to a loop that was quietly consuming millions of tokens. Here’s what shipped.

Release: v0.71.1

Released April 24th, this patch release is all about correctness:

protected-files object form now compiles correctly (#28341): Workflows using the documented {policy, exclude} object syntax were being rejected at compile time. That’s fixed — the schema now accepts both the string shorthand and the full object form.
Pre-agent skills no longer overwritten on pull_request triggers (#28290): Skills installed by pre-agent-steps were silently clobbered because the “Restore agent config folders” step ran after them. Step ordering is now correct.
Incremental diff for push_to_pull_request_branch patch size (#28198): The max patch size check now measures only the incremental change since the last push, not the full diff from the default branch. No more spurious size-limit rejections on long-running branches.
jsweep infinite loop fixed (#28353): A workflow was calling create_pull_request in a loop, racking up 4.64M tokens per run. It now exits after creating a PR.

Release: v0.71.0

Released April 23rd, focused on runtime reliability and new capabilities:

Node.js setup added to threat-detection jobs (#28160): The node: command not found error in Copilot threat-detection workflows is gone — Node.js setup is now emitted before copilot_driver.cjs.
OTLP tracing for cancelled runs (#28172): Manually cancelled runs now emit a proper OpenTelemetry span, so you get full duration visibility even when a run is cut short.
Claude engine: bypassPermissions → acceptEdits (#28047): Migrates away from the deprecated flag and fixes missing MCP server entries in --allowed-tools, keeping Claude-powered workflows fully functional.

Notable Merged PRs

Beyond the releases, this week also saw some useful quality-of-life improvements merged directly to main:

Add gh aw run guidance and CLI commands reference: Better docs for running workflows locally — a common source of confusion.
Accessibility fix: skip link anchor: Renamed #_top → #main-content to meet WCAG 2.4.1 requirements.
Fix daily-cache-strategy-analyzer false alarm: The workflow was raising spurious alerts at startup when the cache was simply empty. Now it checks properly before sounding the alarm.

Agent of the Week: auto-triage-issues

The tireless sentinel of the issue tracker — reads every open issue and classifies it so the right people see it.

This week, auto-triage-issues ran three times in a single day (April 27th alone), faithfully scanning for untriaged issues each time on a scheduled basis. Across its runs, it averaged just 4–6 turns per execution, keeping things lean while still making 6 GitHub API calls per run. The workflow even improved its own efficiency mid-day — dropping from 6 turns in the morning run down to 4 turns by afternoon, apparently learning to get to the point faster. The observability metrics politely noted it might be “partially reducible to deterministic automation,” but honestly, where’s the fun in that?

One of its runs earned an honorable mention from the agentic assessment system: “This Triage run looks stable enough that deterministic automation may be a simpler fit.” The workflow responded by running again an hour later, exactly the same as before. Iconic.

Usage tip: Pair auto-triage-issues with a label-based notification workflow so the right team members get pinged the moment a new issue is categorized.

→ View the workflow on GitHub

Try It Out

Update to v0.71.1 today and check out all the fixes. Feedback and contributions are always welcome over at github/gh-aw.

Weekly Update – April 20, 2026

Mon, 20 Apr 2026 00:00:00 GMT

What a week for github/gh-aw! Five releases dropped between April 13 and April 17, delivering a new AI engine, key security improvements, and a wave of reliability fixes. Here’s what you need to know.

Release Highlights

v0.68.7 — April 17

A targeted fix-and-polish release with one standout new addition:

on.roles single-string support (#26789): You can now write roles: write instead of roles: [write]. Previously this produced a confusing compiler error — now it just works.
Codex chroot fix (#26787): Codex workflows on restricted filesystems were failing silently. Runtime state now lives in /tmp where it can actually be written.
Cross-repo compatibility checks (#26802): A new daily Claude workflow automatically discovers repositories using gh-aw and runs compile checks against the latest build. Compatibility regressions now get caught before they reach users.

v0.68.6 — April 17

The headline release of the week, with a brand-new engine and important security improvements:

OpenCode engine — Set engine: opencode to use OpenCode as your agentic engine, joining Copilot, Claude, and Codex as first-class options.
engine.bare mode — Set engine.bare: true to skip loading AGENTS.md. Perfect for triage, reporting, and ops workflows where repository code context just adds noise.
Pre-agent steps — The new pre-agent-steps frontmatter field lets you run custom GitHub Actions steps before the AI agent starts — great for authentication, environment setup, or any prerequisite work.
cache-memory working-tree sanitization — Before each agent run, the working tree is now scanned and cleaned of planted executables and disallowed files from cached memory. This closes a real supply-chain attack vector.

v0.68.5 — April 16

Quality-of-life improvements and more security hardening:

MCP config at .github/mcp.json (#26665): The MCP configuration file has moved from .mcp.json (repo root) to .github/mcp.json, aligning with standard GitHub configuration conventions. The init flow creates the new path automatically.
shared/reporting-otlp.md import bundle (#26655): One import now replaces two for telemetry-enabled reporting workflows.
Environment-level secrets fixed (#26650): The environment: frontmatter field now correctly propagates to the activation job.

v0.68.4 — April 16

A substantial patch resolving 21 community-reported issues:

BYOK Copilot mode (#26544): New byok-copilot feature flag wires offline Copilot support.
SideRepoOps maintenance workflow (#26382): The compiler now auto-generates agentics-maintenance.yml for target repositories in SideRepoOps patterns.
MCP servers as local CLIs (#25928): MCP servers can now be mounted as local CLI commands after the gateway starts, enabling richer tool integrations.

v0.68.3 — April 14

Observability and reliability improvements:

Model-not-supported detection (#26229): When a model is unavailable for your plan, the workflow now stops retrying and surfaces a clear error instead of spinning indefinitely.
Time Between Turns (TBT) metric (#26321): gh aw audit and gh aw logs now report TBT — a key indicator of whether LLM prompt caching is working for your workflows.
env and checkout fields in shared imports (#26113, #26292): Shared importable workflows now support both env: and checkout: fields, eliminating common workarounds.

Agent of the Week: auto-triage-issues

The unsung hero of issue hygiene — reads every unlabeled issue and applies the right labels so the right people see it, automatically, on a schedule.

This week auto-triage-issues kept its usual steady pace, triaging issues as they came in. In one run, it spotted issue #27290 — a question about ecosystem groups in the frontmatter/compilation pipeline — and correctly labeled it compiler within 24 seconds flat. In another run, it encountered an issue that the integrity policy had filtered before the agent could even read the title, so it did the responsible thing: skipped labeling, created a summary discussion, and politely told the maintainers to take a look themselves.

Even when it can’t act, it doesn’t just silently fail — it leaves a breadcrumb so nothing falls through the cracks.

Usage tip: Pair auto-triage-issues with a notify workflow on high-priority labels (like security or breaking-change) so your team gets paged for the things that actually matter.

→ View the workflow on GitHub

Try It Out

With v0.68.7 now available, it’s a great time to update and explore the new OpenCode engine, engine.bare mode, or pre-agent steps. As always, feedback and contributions are very welcome in github/gh-aw.

Weekly Update – April 13, 2026

Mon, 13 Apr 2026 00:00:00 GMT

It was a busy week in github/gh-aw — five releases shipped between April 6 and April 10, addressing everything from a critical Copilot CLI reliability crisis to shiny new workflow composition features. Here’s the full rundown.

Release Highlights

v0.68.1 — April 10

The headline of this patch is a critical Copilot CLI reliability hotfix. Workflows using the Copilot engine were hanging indefinitely or producing zero-byte output due to an incompatibility introduced in v1.0.22 of the Copilot CLI. v0.68.1 pins the CLI back to v1.0.21 — the last confirmed-working version — and gets everyone’s workflows running again (#25689).

Beyond the hotfix, this release also ships:

engine.bare frontmatter field (#25661): Set bare: true to suppress automatic context loading — AGENTS.md and user instructions for Copilot, CLAUDE.md memory files for Claude. Great when you want the AI to start from a clean slate.
Improved stale lock file diagnostics (#25571): When the activation job detects a stale hash, it now emits step-by-step [hash-debug] log lines and opens an actionable issue guiding you to fix it.
actions/github-script upgraded to v9 (#25553): Scripts now get getOctokit as a built-in context parameter, removing the need for manual @actions/github imports in safe-output handlers.
Squash-merge fallback in gh aw add (#25609): If a repo disallows merge commits, the setup PR now automatically falls back to squash merge instead of failing.
Security: agent-stdio.log permissions hardened — Log files are now pre-created with 0600 permissions before tee writes, preventing world-readable exposure of MCP gateway bearer tokens.

v0.68.0 — April 10

This release brings distributed tracing improvements and a cleaner comment API:

OpenTelemetry cross-job trace hierarchy (#25540): Parent span IDs now propagate through aw_context across jobs, giving you end-to-end distributed trace visibility for multi-job workflows in backends like Tempo, Honeycomb, and Datadog.
Simplified discussion comment API (#25532): The deprecated add-comment.discussion boolean has been removed in favor of the clearer discussions: true/false syntax. Run gh aw fix --write to migrate existing workflows.
Security: heredoc content validation (#25510): ValidateHeredocContent checks now cover five user-controlled heredoc insertion sites, closing a class of potential injection vectors.

v0.67.4 — April 9

This one led with five new agentic workflow templates: approach-validator, test-quality-sentinel, refactoring-cadence, architecture-guardian, and design-decision-gate. These expand the built-in library for code quality, ADR enforcement, and architectural governance. The release also included Copilot driver retry logic and a --runner-guard compilation flag.

v0.67.3 — April 8

The star of this release is the new pre-steps frontmatter field — inject steps that run before checkout and the agent inside the same job. This is the recommended pattern for token-minting actions (e.g., actions/create-github-app-token, octo-sts) that need to check out external repos. Because the minted token stays in the same job, it never gets masked when crossing a job boundary. Also shipped: ${{ github.aw.import-inputs.* }} expression support in the imports: section, and assignees support on create-pull-request fallback issues.

v0.67.2 — April 6

Reliability-focused: cross-repo workflow hash checks, checkout tokens no longer silently dropped on newer runners, curl/wget flag-bearing invocations now allowed in network.allowed workflows, and a timeout-minutes schema cap at 360.

Notable Merged Pull Requests

Beyond the releases, the past week also delivered:

#25923: Image artifacts can now be uploaded without zip archiving using skip-archive: true, and the resulting artifact URLs are surfaced as outputs — enabling workflows to embed images directly in Markdown comments.
#25908: A new scheduled cleanup-cache-memory job was added to the agentics maintenance workflow to prune outdated cache-memory entries automatically (and can be triggered on demand).
#25914 + #25972: OTel exception span events now emit exception.type alongside exception.message and individual error attributes are queryable — no more digging through pipe-delimited strings in Grafana.
#25960: Fixed a sneaky bug where push_repo_memory would run on every bot-triggered no-op because always() bypassed skip propagation.
#25971: Raw subprocess output from gh aw compile --validate is now sanitized before being embedded into issue bodies, closing a Markdown injection vector.

Agent of the Week: auto-triage-issues

The quiet backbone of issue hygiene — reads every new issue and applies the right labels so the right people see it.

This week auto-triage-issues proved it’s doing its job almost too well. In the scheduled run on April 13, it scanned all open issues and found exactly zero unlabeled issues — reporting a 100% label coverage rate with zero action required. It had already handled the labeling in near-real-time as issues arrived, including one run on April 12 where it correctly tagged a freshly opened issue with enhancement, mcp, compiler, and security in a single pass. Four labels, zero hesitation.

That “security” label is doing a lot of work — the workflow spotted MCP and compiler concerns that genuinely deserved the tag, not just keyword-matched on it. We’ll take it.

Usage tip: Pair auto-triage-issues with label-based notification rules so your team gets automatically paged for security or critical issues without anyone having to babysit the issue tracker.

→ View the workflow on GitHub

Try It Out

Update to v0.68.1 today to get the Copilot CLI hotfix and the new engine.bare control. As always, contributions and feedback are welcome in github/gh-aw.

Weekly Update – April 6, 2026

Mon, 06 Apr 2026 00:00:00 GMT

Ten releases landed in github/gh-aw between March 31 and April 6 — a relentless pace that delivered production-ready distributed tracing, new safe output signals, and a sweeping security cleanup. Here’s what shipped.

Release Highlights

v0.67.1 — OpenTelemetry Overhaul & Security Hardening (April 6)

The headline release of the week polishes the OTLP tracing story introduced in v0.67.0 and adds a wave of security fixes.

Accurate span names and real job durations (#24823): Job lifecycle spans now use the actual job name (e.g. gh-aw.agent.conclusion) and record real execution time — previously spans always reported 2–5 ms due to a missing startMs.
OTLP payload sanitization: Sensitive values (token, secret, key, auth, etc.) in span attributes are automatically redacted before sending to any OTLP collector.
OTLP headers masking (#24805): OTEL_EXPORTER_OTLP_HEADERS is masked with ::add-mask:: in every job, preventing auth tokens from leaking into GitHub Actions debug logs.
MCP Gateway OpenTelemetry (#24697): The MCP Gateway now receives OpenTelemetry config derived from observability.otlp frontmatter and the actions/setup trace IDs, correlating all MCP tool-call traces under the workflow root trace.
report_incomplete safe output (#24796): A new first-class signal lets agents surface infrastructure or tool failures without being misclassified as successful runs. When an agent emits report_incomplete, the safe-outputs handler activates failure handling regardless of agent exit code.
checks as a first-class MCP tool (#24818): The checks tool is now registered in the gh-aw MCP server, returning a normalized CI verdict (success, failed, pending, no_checks, policy_blocked).
Token/secret injection prevention: 422 instances of ${{ secrets.* }} interpolated directly into run: blocks were moved to env: mappings across lock files.
Claude Code 1.0.0 compatibility (#24807): Removed the --disable-slash-commands flag that was dropped in Claude Code 1.0.0.

v0.67.0 — OTLP Trace Export & GitHub API Rate Limit Analytics (April 5)

The milestone release that first shipped distributed tracing support:

observability.otlp frontmatter: Workflows can now export structured OpenTelemetry spans to any OTLP-compatible backend (Honeycomb, Grafana Tempo, Sentry) with a single frontmatter block. Every job emits setup and conclusion spans; cross-job trace correlation is wired automatically with a single trace ID from the activation job.
GitHub API rate limit analytics: gh aw audit, gh aw logs, and gh aw audit diff now show GitHub API quota consumed per run, per resource.
Environment Variable Reference: A new comprehensive reference section covers all CLI configuration variables.

v0.66.1 — Richer `gh aw logs` & Breaking Change (April 4)

! Breaking change: gh aw audit report has been removed. Cross-run security reports are now generated directly by gh aw logs --format. The new --last flag aliases --count to ease migration.

Flat run classification in gh aw logs --json: Each run now carries a top-level classification string ("risky", "normal", "baseline", or "unclassified"), eliminating null-guard gymnastics.
Per-tool-call metrics in logs: Granular token usage, failure counts, and latency per tool — perfect for identifying which tools consume the most resources.

v0.66.0 — Token Usage Artifacts & Threat Detection Extensibility (April 3)

Token Usage Artifact (#24315): Agent token usage is now uploaded as a workflow artifact, making it easy to track spend over time.
Workflow reliability and threat detection extensibility improvements shipped alongside.

Earlier in the week

v0.65.7 through v0.65.2 (March 31–April 3) focused on cross-repo workflow reliability, MCP gateway keepalive configuration, safe-outputs improvements, and token optimization tooling.

Agent of the Week: agentic-observability-kit

The tireless watchdog that monitors your entire fleet of agentic workflows and escalates when things go sideways.

Every day, agentic-observability-kit pulls logs from all running workflows, classifies their behavior, and posts a structured observability report as a GitHub Discussion — then files issues when patterns of waste or failure cross defined thresholds. This past week it had a particularly eventful run: on April 6 it spotted that smoke-copilot and smoke-claude had each burned through 675K–1.7M tokens across multiple runs (flagged as resource_heavy_for_domain with high severity), and it filed an issue titled “Smoke Copilot and Smoke Claude repeatedly resource-heavy” before anyone on the team had noticed. It also caught that the GitHub Remote MCP Authentication Test workflow had a 100% failure rate across two runs — one of which completed at zero tokens, suggesting a config or auth problem rather than an agent misbehaving.

In a delightfully meta moment, the observability kit itself hit token-limit errors while trying to ingest its own log data — it made four attempts with progressively smaller count and max_tokens parameters before it could fit the output into context. It got there in the end.

Usage tip: Pair agentic-observability-kit with Slack or email notifications so escalation issues trigger an alert — otherwise the issues it files can sit unread while the token bill quietly grows.

→ View the workflow on GitHub

Try It Out

Update to v0.67.1 and start exporting traces from your workflows today — all it takes is an observability.otlp block in your frontmatter. Feedback and contributions are always welcome in github/gh-aw.

Weekly Update – March 30, 2026

Mon, 30 Mar 2026 00:00:00 GMT

Six releases shipped in github/gh-aw between March 24 and March 30 — that’s almost one a day. From expanded audit tooling to integrity-isolated cache storage and a wave of security fixes, this was a dense week. Here’s the rundown.

Releases This Week

v0.64.4 — March 30

The freshest release ships with quality-of-life wins for workflow authors:

runs-on-slim for compile-stable jobs (#23490): Override the runner for compile-stable framework jobs with a new runs-on-slim key, giving you fine-grained control over which machine handles compilation.
Sibling nested imports fixed (#23475): ./file.md imports now resolve relative to the importing file’s directory, not the working directory. Modular workflows that import sibling files were silently broken before — now they’re not.
Custom tools in <safe-output-tools> prompt (#23487): Custom jobs, scripts, and actions are now listed in the agent’s <safe-output-tools> prompt block so the AI actually knows they exist.
Compile-time validation of safe-output job ordering (#23486): Misconfigured needs: ordering on custom safe-output jobs is now caught at compile time.
MCP Gateway v0.2.9 (#23513) and firewall v0.25.4 (#23514) bumped for all compiled workflows.

v0.64.3 — March 29

A security-heavy release with one major architectural upgrade:

Integrity-aware cache-memory is the headline. Cache storage now uses dedicated git branches — merged, approved, unapproved, and none — to enforce integrity isolation at the storage level. A run operating at unapproved integrity can no longer read data written by a merged-integrity run, and any change to your allow-only guard policy automatically invalidates stale cache entries. If you upgrade and see a cache miss on your first run, that’s intentional — legacy data has no integrity provenance and must be regenerated.

patch-format: bundle (#23338) is the other highlight: code-push flows now support git bundle as an alternative to git am, preserving merge commits, authorship, and per-commit messages that were previously dropped.

Security fixes:

Secret env var exclusion (#23360): AWF now strips all secret-bearing env vars (tokens, API keys, MCP secrets) from the agent container’s visible environment, closing a potential prompt-injection exfiltration path in pull_request_target workflows.
Argument injection fix (#23374): Package and image names in gh aw compile --validate-packages are validated before being passed to npm view, pip index versions, uv pip show, and docker.

v0.64.2 — March 26

The gh aw logs command gained cross-run report generation via the new --format flag:

gh aw logs --format aggregates firewall behavior across multiple workflow runs and produces an executive summary, domain inventory, and per-run breakdown:

gh aw logs agent-task --format markdown --count 10    # Markdown
gh aw logs --format markdown --json                   # JSON for dashboards
gh aw logs --format pretty                            # Console output

This release also includes a YAML env injection security fix (#23055): all env: emission sites in the compiler now use %q-escaped YAML scalars, preventing newlines or quote characters in frontmatter values from injecting sibling env variables into .lock.yml files.

v0.64.1 — March 26

gh aw audit diff (#22996) lets you compare two workflow runs side-by-side — firewall behavior, MCP tool invocations, token usage, and duration — to spot regressions and behavioral drift before they become incidents:

gh aw audit diff <run1> <run2> --format markdown

Five new sections also landed in the standard gh aw audit report: Engine Configuration, Prompt Analysis, Session & Agent Performance, Safe Output Summary, and MCP Server Health. One report now gives you the full picture.

v0.64.0 — March 25

Bot-actor concurrency isolation: Workflows combining safe-outputs.github-app with issue_comment-capable triggers now automatically get bot-isolated concurrency keys, preventing the workflow from cancelling itself mid-run when the bot posts a comment that re-triggers the same workflow.

v0.63.1 — March 24

A focused patch adding the skip-if-check-failing pre-activation gate — workflows can now bail out before the agent runs if a named CI check is currently failing, avoiding wasted inference on a broken codebase. Also ships an improved fuzzy schedule algorithm with weighted preferred windows and peak avoidance to reduce queue contention on shared runners.

Agent of the Week: auto-triage-issues

The self-appointed gatekeeper of the issue tracker — reads every new issue and assigns labels so the right people see it.

This week, auto-triage-issues handled three runs. Two of them were textbook efficiency: triggered the moment a new issue landed, ran the pre-activation check, decided there was nothing worth labeling, and wrapped up in under 42 seconds flat. No fuss, no drama. Then came the Monday scheduled sweep. That run went a different direction: 18 turns, 817,000 tokens, and after all that contemplation… a failure. Somewhere between turn one and turn eighteen, the triage workflow decided this batch of issues deserved its most thoughtful analysis yet, burned through a frontier model’s patience, and still couldn’t quite close the loop.

It’s the classic overachiever problem — sometimes the issues that look the simplest turn out to be the ones that take all day.

Usage tip: If your auto-triage-issues scheduled runs are consistently expensive, the new agentic_fraction metric in gh aw audit can help you identify which turns are pure data-gathering and could be moved to deterministic shell steps.

→ View the workflow on GitHub

Try It Out

Update to v0.64.4 today with gh extension upgrade aw. The integrity-aware cache-memory migration will trigger a one-time cache miss on first run — expected and safe. As always, questions and contributions are welcome in github/gh-aw.

Weekly Update – March 23, 2026

Mon, 23 Mar 2026 00:00:00 GMT

Another week, another flurry of releases in github/gh-aw. Eight versions shipped between March 18 and March 21, pushing security hardening, extensibility, and performance improvements across the board. Here’s what you need to know.

Releases This Week

v0.62.5 — March 21

The latest release leads with two important security fixes:

Supply chain protection: The Trivy vulnerability scanner action was removed after a supply chain compromise was discovered (#22007, #22065). Scanning has been replaced with a safer alternative.
Public repo integrity hardening (#21969): GitHub App authentication no longer exempts public repositories from the minimum-integrity guard policy, closing a gap where untrusted content could bypass integrity checks.

On the feature side:

Timezone support for on.schedule (#22018): Cron entries now accept an optional timezone field — finally, no more mental UTC arithmetic when you want your workflow to run “at 9 AM Pacific”.
Boolean expression optimizer (#22025): Condition trees are optimized at compile time, generating cleaner if: expressions in compiled workflows.
Wildcard target-repo in safe-output handlers (#21877): Use target-repo: "*" to write a single handler definition that works across any repository.

v0.62.3 — March 20

This one is a standout for extensibility and speed:

Custom Actions as Safe Output Tools (#21752): You can now expose any GitHub Action as an MCP tool via the new safe-outputs.actions block. The compiler resolves action.yml at compile time to derive the tool schema and inject it into the agent — no custom wiring needed. This opens the door to a whole ecosystem of reusable safe-output handlers built from standard Actions.
~20 seconds faster per workflow run (#21873): A bump to DefaultFirewallVersion v0.24.5 eliminates a 10-second shutdown delay for both the agent container and the threat detection container. That’s 20 free seconds on every single run.
trustedBots support in MCP Gateway (#21865): Pass an allowlist of additional GitHub bot identities to the MCP Gateway, enabling safe cross-bot collaboration in guarded environments.
gh-aw-metadata v3 (#21899): Lock files now embed the configured agent ID/model in the gh-aw-metadata comment, making audits much easier.

v0.62.2 — March 19

! Breaking change alert: lockdown: true is gone. It has been replaced by the more expressive min-integrity field. If you have lockdown: false in your frontmatter, remove it — it’s no longer recognized. The new integrity-level system gives you finer control over what content can trigger your workflows.

This release also introduces integrity filtering for log analysis — the gh aw logs command can now filter to only runs where DIFC integrity events were triggered, making security investigations much faster.

v0.62.0 — March 19

The GitHub MCP guard policy graduates to general availability. The policy automatically configures appropriate access controls on the GitHub MCP server at runtime — no manual lockdown configuration required. Also new: inline custom safe-output scripts, letting you define JavaScript handlers directly in your workflow frontmatter without a separate file.

v0.61.x — March 18

Three patch releases covered:

Signed-commit support for protected branches (v0.61.1)
Broader ecosystem domain coverage for language package registries (v0.61.2)
Critical workflow_dispatch expression evaluation fix (v0.61.2)

Notable Pull Requests

Several important fixes landed today (March 23):

Propagate assign_copilot failures to agent failure comment (#22371): When assign_copilot_to_created_issues fails (e.g., bad credentials), the failure context is now surfaced in the agent failure issue so you can actually diagnose it.
Post failure comment when agent assignment fails (#22347): A follow-up to the above — the failure now also posts a comment directly on the target issue or PR for immediate visibility.
Hot-path regexp and YAML parse elimination (#22359): Redundant regexp compilations and YAML re-parses on the hot path have been eliminated, improving throughput for high-volume workflow execution.
blocked-users and approval-labels in guard policy (#22360): The tools.github guard policy now supports blocked-users and approval-labels fields, giving you more granular control over who can trigger guarded workflows.
Pull merged workflow files after GitHub confirms readiness (#22335): A race condition where merged workflow files were pulled before GitHub reported the workflow as ready has been fixed.

Agent of the Week: contribution-check

Your tireless four-hourly guardian of PR quality — reads every open pull request and evaluates it against CONTRIBUTING.md for compliance and completeness.

contribution-check ran five times this week (once every four hours, as scheduled) and processed a steady stream of incoming PRs, creating issues for contributors who needed guidance, adding labels, and leaving review comments. Four of five runs completed in under 5 minutes with 6–9 turns. The fifth run, however, apparently found the task of reviewing PRs during a particularly active Sunday evening so intellectually stimulating that it worked through 50 turns and consumed 1.55 million tokens — roughly 5× its usual appetite — before the safe_outputs step politely called it a night. It still managed to file issues, label PRs, and post comments on the way out. Overachiever.

One earlier run also hit a minor hiccup: the pre-agent filter step forgot to write its output file, leaving the agent with nothing to evaluate. Rather than fabricating a list of PRs to review, it dutifully reported “missing data” and moved on. Sometimes the bravest thing is knowing when there’s nothing to do.

Usage tip: The contribution-check pattern works best when your CONTRIBUTING.md is explicit and opinionated — the more specific your guidelines, the more actionable its feedback will be for contributors.

→ View the workflow on GitHub

Try It Out

Update to v0.62.5 to pick up the security fixes and timezone support. If you’ve been holding off on migrating from lockdown: true, now’s the time — check the v0.62.2 release notes for the migration path. As always, contributions and feedback are welcome in github/gh-aw.

Weekly Update – March 18, 2026

Wed, 18 Mar 2026 00:00:00 GMT

It’s been a busy week in github/gh-aw — seven releases shipped between March 13 and March 17, covering everything from a security model overhaul to a new label-based trigger and a long-overdue terminal resize fix. Let’s dig in.

Releases This Week

v0.61.0 — March 17

The freshest release focuses on reliability and developer experience:

Automatic debug logging (#21406): Set ACTIONS_RUNNER_DEBUG=true on your runner and full debug logging activates automatically — no more manually adding DEBUG=* to every troubleshooting run.
Cross-repo project item updates (#21404): update_project now accepts a target_repo parameter, so org-level project boards can update fields on items from any repository.
GHE Cloud data residency support (#21408): Compiled workflows now auto-inject a GH_HOST step, fixing gh CLI failures on *.ghe.com instances.
CI build artifacts (#21440): The build CI job now uploads the compiled gh-aw binary as a downloadable artifact — handy for testing PRs without a local build.

v0.60.0 — March 17

This release rewires the security model. Breaking change: automatic lockdown=true is gone. Instead, the runtime now auto-configures guard policies on the GitHub MCP server — min_integrity=approved for public repos, min_integrity=none for private/internal. Remove any explicit lockdown: false from your frontmatter; it’s no longer needed.

Other highlights:

GHES domain auto-allowlisting (#21301): When engine.api-target points to a GHES instance, the compiler automatically adds GHES API hostnames to the firewall. No more silent blocks after every recompile.
github-app: auth in APM dependencies (#21286): APM dependencies: can now use github-app: auth for cross-org private package access.

v0.59.0 — March 16

A feature-packed release with two breaking changes (field renames in safe-outputs.allowed-domains) and several new capabilities:

Label Command Trigger (#21118): Activate a workflow by adding a label to an issue, PR, or discussion. The label is automatically removed so it can be reapplied to re-trigger.
gh aw domains command (#21086): Inspect the effective network domain configuration for all your workflows, with per-domain ecosystem annotations.
Pre-activation step injection — New on.steps and on.permissions frontmatter fields let you inject custom steps and permissions into the activation job for advanced scenarios.

Earlier in the Week

v0.58.3 (March 15): MCP write-sink guard policy for non-GitHub MCP servers, Copilot pre-flight diagnostic for GHES, and a richer run details step summary.
v0.58.2 (March 14): GHES auto-detection in audit and add-wizard, excluded-files support for create-pull-request, and clearer run command errors.
v0.58.1 / v0.58.0 (March 13): call-workflow safe output for chaining workflows, checkout: false for agent jobs, custom OpenAI/Anthropic API endpoints, and 92 merged PRs in v0.58.0 alone.

Notable Pull Requests

Top-level github-app fallback (#21510): Define your GitHub App config once at the top level and let it propagate to safe-outputs, checkout, MCP, APM, and activation — instead of repeating it in every section.
GitHub App-only permission scopes (#21511): 31 new PermissionScope constants cover repository, org, and user-level GitHub App permissions (e.g., administration, members, environments).
Custom Huh theme (#21557): All 11 interactive CLI forms now use a Dracula-inspired theme consistent with the rest of the CLI’s visual identity.
Weekly blog post writer workflow (#21575): Yes, the workflow that wrote this post was itself merged this week. Meta!
CI job timeout limits (#21601): All 25 CI jobs that relied on GitHub’s 6-hour default now have explicit timeouts, preventing a stuck test from silently burning runner compute.

Agent of the Week: auto-triage-issues

The first-ever Agent of the Week goes to the workflow that handles the unglamorous but essential job of keeping the issue tracker from becoming a swamp.

auto-triage-issues runs on a schedule and fires on every new issue, reading each one and deciding how to categorize it. This week it ran five times — three successful runs and two that were triggered by push events to a feature branch (which apparently fire the workflow but don’t give it much to work with). On its scheduled run this morning, it found zero open issues in the repository, so it created a tidy summary discussion to announce the clean state, as instructed. On an earlier issues-triggered run, it attempted to triage issue #21572 but hit empty results from GitHub MCP tools on all three read attempts — so it gracefully called missing_data and moved on rather than hallucinating a label.

Across its recent runs it made 131 search_repositories calls. We’re not sure why it finds repository searches so compelling, but clearly it’s very thorough about knowing its neighborhood before making any decisions.

Usage tip: Pair auto-triage-issues with a notify workflow on specific labels (e.g., security or needs-repro) so the right people get pinged automatically without anyone having to watch the inbox.

→ View the workflow on GitHub

Try It Out

Update to v0.61.0 to get all the improvements from this packed week. If you run workflows on GHES or in GHE Cloud, the new auto-detection and GH_HOST injection features are especially worth trying. As always, contributions and feedback are welcome in github/gh-aw.

Meet the Workflows: Project Coordination

Tue, 13 Jan 2026 16:00:00 GMT

My dear friends, we’ve arrived at the grand finale - the most spectacular room of all in Peli’s Agent Factory!

We’ve journeyed through 18 categories of workflows - from triage bots to code quality improvers, from security guards to creative poets, culminating in advanced analytics that use machine learning to understand agent behavior patterns. Each workflow handles its individual task admirably.

But here’s the ultimate challenge: how do you coordinate multiple agents working toward a shared goal? How do you break down a large initiative like “migrate all workflows to a new engine” into trackable sub-tasks that different agents can tackle? How do you monitor progress, alert on delays, and ensure the whole is greater than the sum of its parts? This final post explores planning, task-decomposition and project coordination workflows - the orchestration layer that proves AI agents can handle not just individual tasks, but entire structured projects requiring careful coordination and progress tracking.

Planning & Project Coordination Workflows

These agents coordinate multi-agent plans and projects:

Plan Command - Breaks down issues into actionable sub-tasks via /plan command - 514 merged PRs out of 761 proposed (67% merge rate)
Discussion Task Miner - Extracts actionable tasks from discussion threads - 60 merged PRs out of 105 proposed (57% merge rate)

Plan Command has contributed 514 merged PRs out of 761 proposed (67% merge rate), providing on-demand task decomposition that breaks complex issues into actionable sub-tasks. This is the highest-volume workflow by attribution in the entire factory. Developers can comment /plan on any issue to get an AI-generated breakdown into actionable sub-issues that agents can work on. A verified example causal chain: Discussion #7631 → Issue #8058 → PR #8110.

Discussion Task Miner has contributed 60 merged PRs out of 105 proposed (57% merge rate), continuously scanning discussions to extract actionable tasks that might otherwise be lost. The workflow demonstrates perfect causal chain attribution: when it creates an issue from a discussion, and Copilot Coding Assistant later fixes that issue, the resulting PR is correctly attributed to Discussion Task Miner. A verified example: Discussion #13934 → Issue #14084 → PR #14129. Recent merged examples include fixing firewall SSL-bump field extraction and adding security rationale to permissions documentation.

We learned that individual agents are great at focused tasks, but orchestrating multiple agents toward a shared goal requires careful architecture. Project coordination isn’t just about breaking down work - it’s about discovering work (Task Miner), planning work (Plan Command), and tracking work (Workflow Health Manager).

These workflows implement patterns like epic issues, progress tracking, and deadline management. They prove that AI agents can handle not just individual tasks, but entire projects when given proper coordination infrastructure.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

Plan Command:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/plan.md

Discussion Task Miner:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/discussion-task-miner.md

Then edit and remix the workflow specifications to meet your needs, regenerate the lock file using gh aw compile, and push to your repository. See our Quick Start for further installation and setup instructions.

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

What We’ve Learned

Throughout this 19-part journey, we’ve explored workflows spanning from simple triage bots to sophisticated multi-phase improvers, from security guards to creative poets, from individual task automation to organization-wide orchestration.

The key insight? AI agents are most powerful when they’re specialized, well-coordinated, and designed for their specific context. No single agent does everything - instead, we have an ecosystem where each agent excels at its particular job, and they work together through careful orchestration.

We’ve learned that observability is essential, that incremental progress beats heroic efforts, that security needs careful boundaries, and that even “fun” workflows can drive meaningful engagement. We’ve discovered that AI agents can maintain documentation, manage campaigns, analyze their own behavior, and continuously improve codebases - when given the right architecture and guardrails.

As you build your own agentic workflows, remember: start small, measure everything, iterate based on real usage, and don’t be afraid to experiment. The workflows we’ve shown you evolved through experimentation and real-world use. Yours will too.

This is part 19 (final) of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Advanced Analytics & ML

Tue, 13 Jan 2026 15:00:00 GMT

Ooh! Time to plunge into the data wonderland at Peli’s Agent Factory! Where numbers dance and patterns sing!

In our previous post, we explored organization and cross-repo workflows that operate at enterprise scale - analyzing dozens of repositories together to find patterns and outliers that single-repo analysis would miss. We learned that perspective matters: what looks normal in isolation might signal drift at scale.

Beyond tracking basic metrics (run time, cost, success rate), we wanted deeper insights into how our agents actually behave and how developers interact with them. What patterns emerge from thousands of agent prompts? What makes some PR conversations more effective than others? How do usage patterns reveal improvement opportunities? This is where we brought out the big guns: machine learning, natural language processing, sentiment analysis, and clustering algorithms. Advanced analytics workflows don’t just count things - they understand them, finding patterns and insights that direct observation would never reveal.

Advanced Analytics & ML Workflows

These agents use sophisticated analysis techniques to extract insights:

Copilot Session Insights - Analyzes Copilot coding agent usage patterns and metrics - 32 analysis discussions
Copilot PR NLP Analysis - Natural language processing on PR conversations
Prompt Clustering Analysis - Clusters and categorizes agent prompts using ML - 27 analysis discussions
Copilot Agent Analysis - Deep analysis of agent behavior patterns - 48 daily analysis discussions

Prompt Clustering Analysis has created 27 analysis discussions using ML to categorize thousands of agent prompts - for example, #6918 clustering agent prompts to identify patterns and optimization opportunities. It revealed patterns we never noticed (“oh, 40% of our prompts are about error handling”).

Copilot PR NLP Analysis applies natural language processing to PR conversations, performing sentiment analysis and identifying linguistic patterns across agent interactions. It found that PRs with questions in the title get faster review.

Copilot Session Insights has created 32 analysis discussions examining Copilot coding agent usage patterns and metrics across the workflow ecosystem. It identifies common patterns and failure modes.

Copilot Coding Agent Analysis has created 48 daily analysis discussions providing deep analysis of agent behavior patterns - for example, #6913 with the daily Copilot coding agent analysis.

What we learned: meta-analysis is powerful - using AI to analyze AI systems reveals insights that direct observation misses. These workflows helped us understand not just what our agents do, but how they behave and how users interact with them.

Using These Workflows

You can add these workflows to your own repository and remix it as follows:

Copilot Session Insights:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/copilot-agent-analysis.md

Copilot PR NLP Analysis:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/copilot-pr-nlp-analysis

Prompt Clustering Analysis:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/prompt-clustering-analysis.md

Copilot Agent Analysis:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/copilot-agent-analysis.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

Next Up: Project Coordination Workflows

We’ve reached the final stop: coordinating multiple agents toward shared, complex goals across extended timelines.

Continue reading: Project Coordination Workflows →

This is part 18 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Organization & Cross-Repo

Tue, 13 Jan 2026 14:00:00 GMT

Let’s zoom out at Peli’s Agent Factory!

In our previous post, we explored multi-phase improver workflows - our most ambitious agents that tackle big projects over multiple days, maintaining state and making incremental progress. These workflows proved that AI agents can handle complex, long-running initiatives when given the right architecture.

But all that sophisticated functionality has focused on a single repository. What happens when you zoom out to organization scale? What insights emerge when you analyze dozens or hundreds of repositories together? What looks perfectly normal in one repo might be a red flag across an organization. Organization and cross-repo workflows operate at enterprise scale, requiring careful permission management, thoughtful rate limiting, and different analytical lenses. Let’s explore workflows that see the forest, not just the trees.

Organization & Cross-Repo Workflows

These agents work at organization scale, across multiple repositories:

Org Health Report - Organization-wide repository health metrics - 4 organization health discussions created
Stale Repo Identifier - Identifies inactive repositories - 2 issues flagging truly stale repos
Ubuntu Image Analyzer - Documents GitHub Actions runner environments - 4 merged PRs out of 8 proposed (50% merge rate)

Scaling agents across an entire organization changes the game. Org Health Report has created 4 organization health discussions analyzing dozens of repositories at scale - for example, #6777 with the December 2025 organization health report. It identifies patterns and outliers (“these three repos have no tests, these five haven’t been updated in months”).

Stale Repo Identifier has created 2 issues flagging truly stale repositories for organizational hygiene - for example, #5384 identifying Skills-Based-Volunteering-Public as truly stale. It helps find abandoned projects that should be archived or transferred.

We learned that cross-repo insights are different - what looks fine in one repository might be an outlier across the organization. These workflows require careful permission management (reading across repos needs organization-level tokens) and thoughtful rate limiting (you can hit API limits fast when analyzing 50+ repos).

Ubuntu Image Analyzer has contributed 4 merged PRs out of 8 proposed (50% merge rate), documenting GitHub Actions runner environments to keep the team informed about available tools and versions. It’s wonderfully meta - it documents the very environment that runs our agents.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

Org Health Report:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/org-health-report.md

Stale Repo Identifier:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/stale-repo-identifier.md

Ubuntu Image Analyzer:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/ubuntu-image-analyzer.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

Next Up: Advanced Analytics & ML Workflows

Cross-repo insights reveal patterns, but we wanted to go even deeper - using machine learning to understand agent behavior.

Continue reading: Advanced Analytics & ML Workflows →

This is part 17 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Multi-Phase Improvers

Tue, 13 Jan 2026 13:00:00 GMT

Let’s continue our journey through Peli’s Agent Factory!

In our previous post, we explored infrastructure workflows - the meta-monitoring layer that validates MCP servers, checks tool configurations, and ensures the platform itself stays healthy. These workflows watch the watchers, providing visibility into the invisible plumbing.

Most workflows we’ve seen so far run once and complete: analyze this PR, triage that issue, test this deployment. They’re ephemeral - they execute, produce results, and disappear. But what about projects that are too big to tackle in a single run? What about initiatives that require research, setup, and incremental implementation? Traditional CI/CD is built for stateless execution, but we discovered something powerful: workflows that maintain state across days, working a little bit each day like a persistent team member who never takes breaks. Welcome to our most ambitious experiment - multi-phase improvers that prove AI agents can handle complex, long-running projects.

Multi-Phase Improver Workflows

These are some of our most ambitious agents - they tackle big projects over multiple days:

Daily Backlog Burner - Systematically works through issues and PRs, one day at a time
Daily Perf Improver - Three-phase performance optimization (research, setup, implement)
Daily QA - Continuous quality assurance that never sleeps
Daily Accessibility Review - WCAG compliance checking with Playwright
PR Fix - On-demand slash command to fix failing CI checks (super handy!)

This is where we got experimental with agent persistence and multi-day workflows. Traditional CI runs are ephemeral, but these workflows maintain state across days using repo-memory. The Daily Perf Improver runs in three phases - research (find bottlenecks), setup (create profiling infrastructure), implement (optimize). It’s like having a performance engineer who works a little bit each day. The Daily Backlog Burner systematically tackles our issue backlog - one issue per day, methodically working through technical debt. We learned that incremental progress beats heroic sprints - these agents never get tired, never get distracted, and never need coffee breaks. The PR Fix workflow is our emergency responder - when CI fails, invoke /pr-fix and it investigates and attempts repairs.

These workflows prove that AI agents can handle complex, long-running projects when given the right architecture.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

Daily Backlog Burner:

gh aw add-wizard githubnext/agentics/workflows/daily-backlog-burner.md

Daily Perf Improver:

gh aw add-wizard githubnext/agentics/workflows/daily-perf-improver.md

Daily QA:

gh aw add-wizard githubnext/agentics/workflows/daily-qa.md

Daily Accessibility Review:

gh aw add-wizard githubnext/agentics/workflows/daily-accessibility-review.md

PR Fix:

gh aw add-wizard githubnext/agentics/workflows/pr-fix.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

Next Up: Organization & Cross-Repo Workflows

Single-repository workflows are powerful, but what happens when you scale to an entire organization with dozens of repositories?

Continue reading: Organization & Cross-Repo Workflows →

This is part 16 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Tool & Infrastructure

Tue, 13 Jan 2026 12:00:00 GMT

Delighted to have you back on our journey through Peli’s Agent Factory! Now, prepare yourself for something quite peculiar - the room where we watch the watchers!

In our previous post, we explored testing and validation workflows that continuously verify our systems function correctly - running smoke tests, checking documentation across devices, and catching regressions before users notice them. We learned that trust must be verified.

But here’s a question that kept us up at night: what if the infrastructure itself fails? What if MCP servers are misconfigured, tools become unavailable, or agents can’t access the capabilities they need? Testing the application is one thing; monitoring the platform that runs AI agents is another beast entirely. Tool and infrastructure workflows provide meta-monitoring - they watch the watchers, validate configurations, and ensure the invisible plumbing stays functional. Welcome to the layer where we monitor agents monitoring agents monitoring code. Yes, it gets very meta.

Tool & Infrastructure Workflows

These agents monitor and analyze the agentic infrastructure itself:

MCP Inspector - Validates Model Context Protocol configurations - ensures agents can access tools
GitHub MCP Tools Report - Analyzes available MCP tools - 5 merged PRs out of 6 proposed (83% merge rate)
Agent Performance Analyzer - Meta-orchestrator for agent quality - 29 issues created, 14 leading to PRs (8 merged)

Infrastructure for AI agents is different from traditional infrastructure - you need to validate that tools are available, properly configured, and actually working. The MCP Inspector continuously validates Model Context Protocol server configurations because a misconfigured MCP server means an agent can’t access the tools it needs.

GitHub MCP Tools Report Generator has contributed 5 merged PRs out of 6 proposed (83% merge rate), analyzing MCP tool availability and keeping tool configurations up to date. For example, PR #13169 updates MCP server tool configurations.

Agent Performance Analyzer has created 29 issues identifying performance problems across the agent ecosystem, and 14 of those issues led to PRs (8 merged) by downstream agents - for example, it detected that draft PRs accounted for 9.6% of open PRs, created issue #12168, which led to #12174 implementing automated draft cleanup.

We learned that layered observability is crucial: you need monitoring at the infrastructure level (are servers up?), the tool level (can agents access what they need?), and the agent level (are they performing well?).

These workflows provide visibility into the invisible.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

MCP Inspector:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/mcp-inspector.md

GitHub MCP Tools Report:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/github-mcp-tools-report.md

Agent Performance Analyzer:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/agent-performance-analyzer.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

Next Up: Multi-Phase Improver Workflows

Most workflows we’ve seen are stateless - they run, complete, and disappear. But what if agents could maintain memory across days?

Continue reading: Multi-Phase Improver Workflows →

This is part 15 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Testing & Validation

Tue, 13 Jan 2026 11:00:00 GMT

Right this way! Let’s continue our grand tour of Peli’s Agent Factory! Into the verification chamber where nothing escapes scrutiny!

In our previous post, we explored ChatOps workflows - agents that respond to slash commands and GitHub reactions, providing on-demand assistance with full context.

But making code better is only half the battle. We also need to ensure it keeps working. As we refactor, optimize, and evolve our codebase, how do we know we haven’t broken something? How do we catch regressions before users do? That’s where testing and validation workflows come in - the skeptical guardians that continuously verify our systems still function as expected. We learned that AI infrastructure needs constant health checks, because what worked yesterday might silently fail today. These workflows embody trust but verify.

Testing & Validation Workflows

These agents keep everything running smoothly through continuous testing:

Code Quality & Test Validation

Daily Testify Uber Super Expert - Analyzes test files daily and suggests testify-based improvements - 19 issues created, 13 led to merged PRs (100% causal chain merge rate)
Daily Test Improver - Identifies coverage gaps and implements new tests incrementally
Daily Compiler Quality Check - Analyzes compiler code to ensure it meets quality standards

User Experience & Integration Testing

Daily Multi-Device Docs Tester - Tests documentation across devices with Playwright - 2 merged PRs out of 2 proposed (100% merge rate)
CLI Consistency Checker - Inspects the CLI for inconsistencies, typos, and documentation gaps - 80 merged PRs out of 102 proposed (78% merge rate)

CI/CD Optimization

CI Coach - Analyzes CI pipelines and suggests optimizations - 9 merged PRs out of 9 proposed (100% merge rate)
Workflow Health Manager - Meta-orchestrator monitoring health of all agentic workflows - 40 issues created, 5 direct PRs + 14 causal chain PRs merged

The Daily Testify Expert has created 19 issues analyzing test quality, and 13 of those issues led to merged PRs by downstream agents - a perfect 100% causal chain merge rate. For example, issue #13701 led to #13722 modernizing console render tests with testify assertions. The Daily Test Improver works alongside it to identify coverage gaps and implement new tests.

The Multi-Device Docs Tester uses Playwright to test our documentation on different screen sizes - it has created 2 PRs (both merged), including adding —network host to Playwright Docker containers. It found mobile rendering issues we never would have caught manually. The CLI Consistency Checker has contributed 80 merged PRs out of 102 proposed (78% merge rate), maintaining consistency in CLI interface and documentation. Recent examples include removing undocumented CLI commands and fixing upgrade command documentation.

CI Optimization Coach has contributed 9 merged PRs out of 9 proposed (100% merge rate), optimizing CI pipelines for speed and efficiency with perfect execution. Examples include removing unnecessary test dependencies and fixing duplicate test execution.

The Workflow Health Manager has created 40 issues monitoring the health of all other workflows, with 25 of those issues leading to 34 PRs (14 merged) by downstream agents - plus 5 direct PRs merged. For example, issue #14105 about a missing runtime file led to #14127 fixing the workflow configuration.

These workflows embody the principle: trust but verify. Just because it worked yesterday doesn’t mean it works today.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

Daily Testify Uber Super Expert:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-testify-uber-super-expert.md

Daily Test Improver:

gh aw add-wizard githubnext/agentics/daily-test-improver

Daily Compiler Quality Check:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-compiler-quality.md

Daily Multi-Device Docs Tester:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-multi-device-docs-tester.md

CLI Consistency Checker:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/cli-consistency-checker.md

CI Coach:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/ci-coach.md

Workflow Health Manager:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/workflow-health-manager.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

Next Up: Monitoring the Monitors

But what about the infrastructure itself? Who watches the watchers? Time to go meta.

Continue reading: Tool & Infrastructure Workflows →

This is part 14 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Interactive & ChatOps

Tue, 13 Jan 2026 10:00:00 GMT

Onwards, onwards! Let’s keep exploring the wonders of Peli’s Agent Factory! To the command center where instant magic happens!

In our previous post, we explored creative and culture workflows - agents that bring joy, build team culture, and create moments of delight. We discovered that AI agents don’t have to be all business; they can have personality while making work more enjoyable.

But sometimes you need help right now, at the exact moment you’re stuck on a problem. You don’t want to wait for a scheduled run - you want to summon an expert agent with a command. That’s where interactive workflows and ChatOps come in. These agents respond to slash commands and GitHub reactions, providing on-demand assistance with full context of the current situation.

We learned that the right agent at the right moment with the right information is a valuable addition to an agent portfolio.

Interactive & ChatOps Workflows

These agents respond to commands, providing on-demand assistance whenever you need it:

Q - Workflow optimizer that investigates performance and creates PRs - 69 merged PRs out of 88 proposed (78% merge rate)
Grumpy Reviewer - Performs critical code reviews with personality - creates issues for downstream agents
Workflow Generator - Creates new workflows from issue requests - scaffolds workflow files

Interactive workflows changed how we think about agent invocation. Instead of everything running on a schedule, these respond to slash commands and reactions - /q summons the workflow optimizer, a reaction triggers analysis. Q (yes, named after the James Bond quartermaster) became our go-to troubleshooter - it has contributed 69 merged PRs out of 88 proposed (78% merge rate), responding to commands and investigating workflow issues on demand. Recent examples include fixing the daily-fact workflow action-tag and configuring PR triage reports with 1-day expiration.

The Grumpy Reviewer performs opinionated code reviews, creating issues that flag security risks and code quality concerns (e.g., #13990 about risky event triggers) for downstream agents to fix. It gave us surprisingly valuable feedback with a side of sass (“This function is so nested it has its own ZIP code”).

Workflow Generator creates new agentic workflows from issue requests, scaffolding the markdown workflow files that other agents then refine (e.g., #13379 requesting AWF mode changes).

We learned that context is king - these agents work because they’re invoked at the right moment with the right context, not because they run on a schedule.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/q.md

Grumpy Reviewer:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/grumpy-reviewer.md

Workflow Generator:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/workflow-generator.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

Next Up: Testing & Validation Workflows

While ChatOps agents respond to commands, we also need workflows that continuously verify our systems still function as expected.

Continue reading: Testing & Validation Workflows →

This is part 13 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Teamwork & Culture

Tue, 13 Jan 2026 09:00:00 GMT

Oh, my dear friends! Let’s explore the playful workshop - the most fun corner of Peli’s Agent Factory!

In our previous post, we explored security and compliance workflows - the essential guardrails that manage vulnerability campaigns, validate network security, and prevent credential exposure. These workflows let us sleep soundly knowing our agents operate within safe boundaries.

But here’s the thing: work doesn’t have to be all business. While we’ve built serious, production-critical workflows for quality, releases, and security, we also discovered something unexpected - AI agents can bring joy, build team culture, and create moments of delight. Not every workflow needs to solve a critical problem; some can simply make your day better. Let’s explore the playful side of our agent factory, where we learned that personality and fun drive engagement just as powerfully as utility.

Teamwork & Culture Workflows

These agents facilitate team communication and remind us that work can be fun:

Daily Team Status - Shares team mood and status updates - 22 issues, 17 discussions (plus 2 causal chain PRs!)
Daily News - Curates relevant news for the team - 45 news digest discussions
Poem Bot - Responds to /poem-bot commands with creative verses (yes, really)
Weekly Issue Summary - Creates digestible summaries complete with charts and trends - 5 weekly analysis discussions
Daily Repo Chronicle - Narrates the day’s activity like a storyteller - 6 chronicle discussions

The Poem Bot started as a whimsy in our Copilot for PRs project in 2022. Someone said “wouldn’t it be funny if we had an agent that writes poems about our code?” and then we built it. Poem Bot responds to /poem-bot commands with creative verses about code, adding a touch of whimsy to the development workflow. We learned that AI agents don’t have to be all business - they can build culture and create moments of joy.

Daily News has created 45 news digest discussions curating relevant developments for the team - for example, #6932 with the daily status roundup. It shares links, adds commentary and connects them to our work.

Daily Team Status has created 22 issues and 17 discussions sharing daily team status updates - for example, #6930 with the daily team status report. Two of its issues even led to merged PRs by downstream agents, showing that even “soft” workflows can drive concrete improvements.

Weekly Issue Summary has created 5 weekly analysis discussions with digestible summaries, charts, and trends - for example, #5844 analyzing the week of December 1-8, 2025.

Daily Repo Chronicle has created 6 chronicle discussions narrating the repository’s activity like a storyteller - for example, #6750 chronicling a development surge with 42 active PRs.

A theme here is the reduction of cognitive load. Having agents summarize and narrate daily activity means we don’t have to mentally parse long lists of issues or PRs. Instead, we get digestible stories that highlight what’s important. This frees up mental bandwidth for actual work.

Another theme is that tone can help make things more enjoyable. The Daily Repo Chronicle started writing summaries in a narrative, almost journalistic style. The outputs from AI agents don’t have to be robotic - they can have personality while still being informative.

These communication workflows help build team cohesion and remind us that work can be delightful.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

Daily Team Status:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-team-status.md

Daily News:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-news.md

Poem Bot:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/poem-bot.md

Weekly Issue Summary:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/weekly-issue-summary.md

Daily Repo Chronicle:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-repo-chronicle.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

Next Up: Summon an Agent on Demand

Scheduled workflows are great, but sometimes you need help right now. Enter ChatOps and interactive workflows.

Continue reading: Interactive & ChatOps Workflows →

This is part 12 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Security-related

Tue, 13 Jan 2026 08:00:00 GMT

Splendid! How great to have you back at Peli’s Agent Factory! Now, let me show you the guardian chamber - where the watchful protectors stand vigil!

In our previous post, we explored operations and release workflows that handle the critical process of shipping software - building, testing, generating release notes, and publishing. These workflows need to be rock-solid reliable because they represent the moment when our work reaches users.

But reliability alone isn’t enough - we also need security. When AI agents can access APIs, modify code, and interact with external services, security becomes paramount. How do we ensure agents only access authorized resources? How do we track vulnerabilities and enforce compliance deadlines? How do we prevent credential exposure? That’s where security and compliance workflows become our essential guardrails - the watchful guardians that let us sleep soundly at night.

These agents are our security guards, keeping watch and enforcing the rules:

Security Compliance - Runs vulnerability campaigns with deadline tracking
Firewall - Tests network security and validates rules - 59 daily firewall report discussions, 5 smoke test issues
Daily Secrets Analysis - Scans for exposed credentials (yes, it happens)
Daily Malicious Code Scan - Reviews recent code changes for suspicious patterns
Static Analysis Report - Daily security scans using zizmor, poutine, and actionlint - 57 analysis discussions plus 12 Zizmor security reports

Security Compliance manages vulnerability remediation campaigns with deadline tracking, ensuring security issues are addressed within defined SLAs - perfect for those “audit in 3 weeks” panic moments.

The Firewall workflow has created 59 daily firewall report discussions and 5 smoke test issues, validating that our agents can’t access unauthorized resources - for example, #6943 with the daily firewall analysis. It’s the bouncer that enforces network rules.

Daily Secrets Analysis scans for exposed credentials in commits and discussions, providing an automated security net against accidental secret exposure - catching those “oops, I committed my API key” moments before they become incidents.

Daily Malicious Code Scan reviews recent code changes for suspicious patterns, adding an automated defense layer against supply chain attacks.

Static Analysis Report has created 57 analysis discussions plus 12 Zizmor security reports, running comprehensive daily security audits using industry-standard tools - for example, #6973 with the latest static analysis findings and #3033 with a Zizmor security analysis. This shows how traditional security tools can be integrated into an AI agent workflow.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

Security Compliance:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/security-compliance.md

Firewall:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/firewall.md

Daily Secrets Analysis:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-secrets-analysis.md

Daily Malicious Code Scan:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-malicious-code-scan.md

Static Analysis Report:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/static-analysis-report.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

Next Up: Teamwork & Culture Workflows

After all this serious talk, let’s explore the fun side: agents that bring joy and build team culture.

Continue reading: Teamwork & Culture Workflows →

This is part 11 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Meet the Workflows: Operations & Release

Tue, 13 Jan 2026 07:00:00 GMT

Ah! Right this way to our next chamber in Peli’s Agent Factory! The chamber where our AI agents enhance the magical moment of shipping software.

In our previous post, we explored metrics and analytics workflows - the agents that monitor other agents, turning raw activity data into actionable insights.

Operations & Release Workflows

The agents that help us actually ship software:

Changeset - Manages version bumps and changelog entries for releases - 22 merged PRs out of 28 proposed (78% merge rate)
Daily Workflow Updater - Keeps GitHub Actions and dependencies current

Shipping software is stressful enough without worrying about whether you formatted your release notes correctly.

Changeset Generator has contributed 22 merged PRs out of 28 proposed (78% merge rate), automating version bumps and changelog generation for every release. It analyzes commits since the last release, determines the appropriate version bump (major, minor, patch), and updates the changelog accordingly.

Daily Workflow Updater keeps GitHub Actions and dependencies current, ensuring workflows don’t fall behind on security patches or new features.

Using These Workflows

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

Changeset:

gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/changeset.md

You can also create your own workflows.

Learn More

GitHub Agentic Workflows - The technology behind the workflows
Quick Start - How to write and compile workflows

After all this focus on shipping, we need to talk about the guardrails: how do we ensure these powerful agents operate safely?

Continue reading: Security-related Workflows →

This is part 10 of a 19-part series exploring the workflows in Peli’s Agent Factory.

GitHub Agentic Workflows | Blog

Agent of the Day – May 15, 2026

Agent of the Day: AI Moderator

What it actually did

Sixteen turns, and that’s notable

Why it’s worth watching

Try it

Weekly Update – May 11, 2026

Releases This Week

v0.72.1 — May 7

v0.72.0 — May 6

v0.71.6 and v0.71.5 — May 5–6

Notable Pull Requests

Agent of the Week: auto-triage-issues

Try It Out

Weekly Update – May 4, 2026

Release: v0.71.3

What’s New

Notable Pull Requests

Agent of the Week: ab-testing-advisor

Try It Out

Weekly Update – April 27, 2026

Release: v0.71.1

Release: v0.71.0

Notable Merged PRs

Agent of the Week: auto-triage-issues

Try It Out

Weekly Update – April 20, 2026

Release Highlights

v0.68.7 — April 17

v0.68.6 — April 17

v0.68.5 — April 16

v0.68.4 — April 16

v0.68.3 — April 14

Agent of the Week: auto-triage-issues

Try It Out

Weekly Update – April 13, 2026

Release Highlights

v0.68.1 — April 10

v0.68.0 — April 10

v0.67.4 — April 9

v0.67.3 — April 8

v0.67.2 — April 6

Notable Merged Pull Requests

Agent of the Week: auto-triage-issues

Try It Out

Weekly Update – April 6, 2026

Release Highlights

v0.67.1 — OpenTelemetry Overhaul & Security Hardening (April 6)

v0.67.0 — OTLP Trace Export & GitHub API Rate Limit Analytics (April 5)

v0.66.1 — Richer gh aw logs & Breaking Change (April 4)

v0.66.0 — Token Usage Artifacts & Threat Detection Extensibility (April 3)

Earlier in the week

Agent of the Week: agentic-observability-kit

Try It Out

Weekly Update – March 30, 2026

Releases This Week

v0.64.4 — March 30

v0.64.3 — March 29

v0.64.2 — March 26

v0.64.1 — March 26

v0.64.0 — March 25

v0.63.1 — March 24

Agent of the Week: auto-triage-issues

Try It Out

Weekly Update – March 23, 2026

Releases This Week

v0.62.5 — March 21

v0.62.3 — March 20

v0.62.2 — March 19

v0.62.0 — March 19

v0.61.x — March 18

Notable Pull Requests

Agent of the Week: contribution-check

Try It Out

Weekly Update – March 18, 2026

Releases This Week

v0.61.0 — March 17

v0.60.0 — March 17

v0.59.0 — March 16

v0.66.1 — Richer `gh aw logs` & Breaking Change (April 4)