Imagine visiting your repository in the morning and feeling calm because you see:

• Issues triaged and labelled
• CI failures investigated with proposed fixes
• Documentation has been updated to reflect recent code changes.
• Two new pull requests that improve testing await your review.

All of it visible, inspectable, and operating within the boundaries you’ve defined.

That’s the future powered by GitHub Agentic Workflows: automated, intent-driven repository workflows that run in GitHub Actions, authored in plain Markdown and executed with coding agents. They’re designed for people working in GitHub, from individuals automating a single repo to teams operating at enterprise or open-source scale.

At GitHub Next, we began GitHub Agentic Workflows as an investigation into a simple question: what does repository automation with strong guardrails look like in the era of AI coding agents? A natural place to start was GitHub Actions, the heart of scalable repository automation on GitHub. By bringing automated coding agents into actions, we can enable their use across millions of repositories, while keeping decisions about when and where to use them in your hands.

GitHub Agentic Workflows are now available in technical preview. In this post, we’ll explain what they are and how they work. We invite you to put them to the test, to explore where repository-level AI automation delivers the most value.

AI repository automation: A revolution through simplicity 

The concept behind GitHub Agentic Workflows is straightforward: you describe the outcomes you want in plain Markdown, add this as an automated workflow to your repository, and it executes using a coding agent in GitHub Actions.

This brings the power of coding agents into the heart of repository automation. Agentic workflows run as standard GitHub Actions workflows, with added guardrails for sandboxing, permissions, control, and review. When they execute, they can use different coding agent engines—such as Copilot CLI, Claude Code, or OpenAI Codex—depending on your configuration.

The use of GitHub Agentic Workflows makes entirely new categories of repository automation and software engineering possible, in a way that fits naturally with how developer teams already work on GitHub. All of them would be difficult or impossible to accomplish traditional YAML workflows alone:

1. Continuous triage: automatically summarize, label, and route new issues.
2. Continuous documentation: keep READMEs and documentation aligned with code changes.
3. Continuous code simplification: repeatedly identify code improvements and open pull requests for them.
4. Continuous test improvement: assess test coverage and add high-value tests.
5. Continuous quality hygiene: proactively investigate CI failures and propose targeted fixes.
6. Continuous reporting: create regular reports on repository health, activity, and trends.

These are just a few examples of repository automations that showcase the power of GitHub Agentic Workflows. We call this Continuous AI: the integration of AI into the SDLC, enhancing automation and collaboration similar to continuous integration and continuous deployment (CI/CD) practices.

GitHub Agentic Workflows and Continuous AI are designed to augment existing CI/CD rather than replace it. They do not replace build, test, or release pipelines, and their use cases largely do not overlap with deterministic CI/CD workflows. Agentic workflows run on GitHub Actions because that is where GitHub provides the necessary infrastructure for permissions, logging, auditing, sandboxed execution, and rich repository context.

In our own usage at GitHub Next, we’re finding new uses for agentic workflows nearly every day. Throughout GitHub, teams have been using agentic workflows to create custom tools for themselves in minutes, replacing chores with intelligence or paving the way for humans to get work done by assembling the right information, in the right place, at the right time. A new world of possibilities is opening for teams and enterprises to keep their repositories healthy, navigable, and high-quality.

Let’s talk guardrails and control 

Designing for safety and control is non-negotiable. GitHub Agentic Workflows implements a defense-in-depth security architecture that protects against unintended behaviors and prompt-injection attacks.

Workflows run with read-only permissions by default. Write operations require explicit approval through safe outputs, which map to pre-approved, reviewable GitHub operations such as creating a pull request or adding a comment to an issue. Sandboxed execution, tool allowlisting, and network isolation help ensure that coding agents operate within controlled boundaries.

Guardrails like these make it practical to run agents continuously, not just as one-off experiments. See our security architecture for more details.

One alternative approach to agentic repository automation is to run coding agent CLIs, such as Copilot or Claude, directly inside a standard GitHub Actions YAML workflow. This approach often grants these agents more permission than is required for a specific task. In contrast, GitHub Agentic Workflows run coding agents with read-only access by default and rely on safe outputs for GitHub operations, providing tighter constraints, clearer review points, and stronger overall control.

A simple example: A daily repo report  

Let’s look at an agentic workflow which creates a daily status report for repository maintainers.

In practice, you will usually use AI assistance to create your workflows. The easiest way to do this is with an interactive coding agent. For example, with your favorite coding agent, you can enter this prompt:

Generate a workflow that creates a daily repo status report for a maintainer. Use the instructions at https://github.com/github/gh-aw/blob/main/create.md

The coding agent will interact with you to confirm your specific needs and intent, write the Markdown file, and check its validity. You can then review, refine, and validate the workflow before adding it to your repository.

This will create two files in .github/workflows: 

• daily-repo-status.md (the agentic workflow)  
• daily-repo-status.lock.yml (the corresponding agentic workflow lock file, which is executed by GitHub Actions) 

The file daily-repo-status.md will look like this: 

--- 
on: 
  schedule: daily 
 
permissions: 
  contents: read 
  issues: read 
  pull-requests: read 
 
safe-outputs: 
  create-issue: 
    title-prefix: "[repo status] " 
    labels: [report] 
 
tools: 
  github: 
---  
 
# Daily Repo Status Report 
 
Create a daily status report for maintainers. 
 
Include 
- Recent repository activity (issues, PRs, discussions, releases, code changes) 
- Progress tracking, goal reminders and highlights 
- Project status and recommendations 
- Actionable next steps for maintainers 
 
Keep it concise and link to the relevant issues/PRs.

This file has two parts: 

1. Frontmatter (YAML between --- markers) for configuration 
2. Markdown instructions that describe the job in natural language in natural language

The Markdown is the intent, but the trigger, permissions, tools, and allowed outputs are spelled out up front.

If you prefer, you can add the workflow to your repository manually: 

1. Create the workflow: Add  daily-repo-status.md with the frontmatter and instructions.
2. Create the lock file:  
   • gh extension install github/gh-aw  
   • gh aw compile
3. Commit and push: Commit and push files to your repository.
4. Add any required secrets: For example, add a token or API key for your coding agent.

Once you add this workflow to your repository, it will run automatically or you can trigger it manually using GitHub Actions. When the workflow runs, it creates a status report issue like this:

What you can build with GitHub Agentic Workflows 

If you’re looking for further inspiration Peli’s Agent Factory is a guided tour through a wide range of workflows, with practical patterns you can adapt, remix, and standardize across repos.

A useful mental model: if repetitive work in a repository can be described in words, it might be a good fit for an agentic workflow.

If you’re looking for design patterns, check out ChatOps, DailyOps, DataOps, IssueOps, ProjectOps, MultiRepoOps, and Orchestration.

Uses for agent-assisted repository automation often depend on particular repos and development priorities. Your team’s approach to software development will differ from those of other teams. It pays to be imaginative about how you can use agentic automation to augment your team for your repositories for your goals.

Practical guidance for teams 

Agentic workflows bring a shift in thinking. They work best when you focus on goals and desired outputs rather than perfect prompts. You provide clarity on what success looks like, and allow the workflow to explore how to achieve it. Some boundaries are built into agentic workflows by default, and others are ones you explicitly define. This means the agent can explore and reason, but its conclusions always stay within safe, intentional limits.

You will find that your workflows can range from very general (“Improve the software”) to very specific (“Check that all technical documentation and error messages for this educational software are written in a style suitable for an audience of age 10 or above”). You can choose the level of specificity that’s appropriate for your team.

GitHub Agentic Workflows use coding agents at runtime, which incur billing costs. When using Copilot with default settings, each workflow run typically incurs two premium requests: one for the agentic work and one for a guardrail check through safe outputs. The models used can be configured to help manage these costs. Today, automated uses of Copilot are associated with a user account. For other coding agents, refer to our documentation for details. Here are a few more tips to help teams get value quickly:

• Start with low-risk outputs such as comments, drafts, or reports before enabling pull request creation.
• For coding, start with goal-oriented improvements such as routine refactoring, test coverage, or code simplification rather than feature work.
• For reports, use instructions that are specific about what “good” looks like, including format, tone, links, and when to stop.
• Agentic workflows create an agent-only, sub-loop that’s able to be autonomous because agents are acting under defined terms. But it’s important that humans stay in the broader loop of forward progress in the repository, through reports, issues, and pull requests. With GitHub Agentic Workflows, pull requests are never merged automatically, and humans must always review and approve.
• Treat the workflow Markdown as code. Review changes, keep it small, and evolve it intentionally.

Continuous AI works best if you use it in conjunction with CI/CD. Don’t use agentic workflows as a replacement for GitHub Actions YAML workflows for CI/CD. This approach extends continuous automation to more subjective, repetitive tasks that traditional CI/CD struggle to express.

Build the future of automation with us   

GitHub Agentic Workflows are available now in technical preview and are a collaboration between GitHub, Microsoft Research, and Azure Core Upstream. We invite you to try them out and help us shape the future of repository automation.

• Documentation 
• How they work 
• Quick start guide 
• Workflow gallery 

We’d love for you to be involved! Share your thoughts in the Community discussion, or join us (and tons of other awesome makers) in the #agentic-workflows channel of the GitHub Next Discord. We look forward to seeing what you build with GitHub Agentic Workflows. Happy automating!

The post Automate repository tasks with GitHub Agentic Workflows   appeared first on The GitHub Blog.

Over 100 million Russians woke up Wednesday to find their digital lifelines severed. WhatsApp, the encrypted messaging service that's become as essential as morning coffee for many, simply stopped working. No warnings, no grace period—just a blank screen where conversations used to flow.

Russia's internet regulator, Roskomnadzor, removed WhatsApp from the country's DNS registry (essentially the internet's phonebook that tells your device where to find websites and apps). Without this technical infrastructure, accessing the Meta-owned service became nearly impossible for ordinary users, even though VPN workarounds remain technically available.

WhatsApp Statement on Block

"Today the Russian government attempted to fully block WhatsApp in an effort to drive people to a state-owned surveillance app," WhatsApp declared on X (formerly Twitter), pulling no punches. "Trying to isolate over 100 million users from private and secure communication is a backwards step and can only lead to less safety for people in Russia."

This isn't Russia's first rodeo with messaging app restrictions. Since August 2024, authorities had been systematically degrading WhatsApp's functionality—first blocking voice and video calls, then throttling the service by 70-80% by December. But Wednesday's move represents a complete escalation: full removal from Russia's internet infrastructure.

Telegram, the other messaging heavyweight with roughly 90 million Russian users, faced similar throttling this week. The app's Russian-born billionaire founder, Pavel Durov, fired back on social media with characteristic defiance.

Durov- Telegram CEO Statement

"Russia is restricting access to Telegram to force its citizens onto a state-controlled app built for surveillance and political censorship," Durov posted on X. "This authoritarian move won't change our course. Telegram stands for freedom and privacy, no matter the pressure."

Durov drew parallels to Iran's failed 2018 attempt to ban Telegram, suggesting Moscow's strategy would meet the same fate. He noted that Iranians still widely use the app despite official restrictions.

Meet MAX: Russia's Answer to WeChat

So what's the alternative the Kremlin wants Russians to embrace? Enter MAX, a state-backed "super-app" modelled after China's WeChat. Developed by VKontakte (VK)—ironically, the social network Durov co-founded before fleeing Russia in 2014—MAX combines messaging, payment services, document storage, and access to government platforms.

Here's the kicker: MAX lacks the end-to-end encryption that makes WhatsApp and Telegram appealing to privacy-conscious users. Instead, it openly states it will share user data with authorities upon request. Think of it as a one-stop shop for both your daily communications and potential government surveillance.

Since last year, all new devices sold in Russia must come with MAX pre-installed. State employees, teachers, and students have been mandated to use the platform. Property management companies can now only communicate with residents through the service. The message from the Kremlin is clear: adapt or be left behind.

The restrictions haven't gone down smoothly, even among Kremlin supporters. Russian military bloggers—typically pro-war voices—have openly criticised the Telegram throttling, warning it disrupts communications for soldiers on the Ukrainian frontlines.

"I am concerned that slowing Telegram could affect the flow of information, if the situation deteriorates," wrote Vyacheslav Gladkov, governor of Belgorod region bordering Ukraine, on his Telegram channel. The irony of posting this concern on the very platform being restricted wasn't lost on observers.

One military correspondent channel, Two Majors, lamented that restricting Telegram would mean "people's positions will now mostly be conveyed to the outside world not by people, but by our masters of the foreign ministry." Another pro-war blogger bluntly stated that Roskomnadzor was helping "the enemy" and forcing Russian troops to rely on "carrier pigeons."

According to Kremlin spokesman Dmitry Peskov, the WhatsApp block stems from Meta's "unwillingness to comply with the norms and letter of Russian law." These laws require foreign tech companies to store Russian users' personal data on servers located within Russia and implement measures to prevent what Moscow labels "criminal and terrorist" activity.

Roskomnadzor justified the restrictions by claiming WhatsApp is used to "organise and carry out terrorist activities" and represents a primary tool for fraud and extortion. Meta has not publicly responded to these specific allegations.

The technical implementation involves removing DNS records—the digital addresses that connect domain names to IP addresses. Without these records in Russia's national system, apps like WhatsApp become unreachable without technical workarounds like VPNs. Russia has already blocked Facebook, Instagram, X (formerly Twitter), LinkedIn, Discord, Snapchat, Signal, and Viber using similar methods.

What Users Can Do Now

For Russians determined to maintain access to encrypted messaging:

VPN Usage: Virtual Private Networks remain legal in Russia and can circumvent the blocks, though the government has restricted access to 439 VPN services and banned VPN advertising since September. AmneziaVPN, a censorship-resistant provider, reports a "huge wave of new users" for its free service.

Proxy Servers: Telegram offers built-in proxy support, though setting these up manually requires technical knowledge most users lack.

Multiple Solutions: Since protocol effectiveness can fluctuate daily based on government countermeasures, downloading several VPN apps allows users to switch between them when disruptions occur.

The reality, however, is that most everyday users won't jump through these hoops. That's exactly what the Kremlin is counting on—friction that slowly pushes the population toward state-controlled alternatives.

Russia's messaging app crackdown fits into a broader digital sovereignty strategy that's been accelerating since the February 2022 invasion of Ukraine. The government has studied China's Great Firewall extensively and even purchased surveillance technology from Chinese firms.

The playbook is becoming predictable: accuse foreign platforms of failing to comply with vaguely defined "security requirements," gradually degrade service quality, then offer a domestic alternative with conveniently fewer privacy protections. Critics see it as transparent censorship; Moscow frames it as protecting national security and citizen data.

WhatsApp and Telegram represent the latest casualties in this digital transformation, but they're unlikely to be the last. YouTube has already experienced visible degradation, though it hasn't been completely removed from DNS records—yet.

For over 100 million Russians who relied on WhatsApp for everything from family chats to business communications, the block represents more than technical inconvenience. It's another barrier between them and the outside world, another tightening of the information space they inhabit.

What specific kind of bugs is AI more likely to generate? Do some categories of bugs show up more often? How severe are they? How is this impacting production environments?

Learn how to protect MCP servers from unauthorized access and how authentication of MCP clients to MCP servers works.