Repository automation, powered by the coding agents you know β with guardrails
GitHub Agentic Workflows (gh-aw) lets you write repository automation in
plain markdown. A gh aw CLI extension compiles that markdown into a hardened
GitHub Actions workflow that runs an AI coding agent β GitHub Copilot CLI, Claude Code, OpenAI Codex, or
Google Gemini β inside a sandboxed container, on a schedule or in response to repository events.
Developed by GitHub and Microsoft, it augments deterministic CI/CD with Continuous AI.
The big idea
Instead of writing hundreds of lines of Actions YAML and glue scripts, you describe what you want in markdown:
--- on: schedule: [{ cron: "0 9 * * 1-5" }] safe-outputs: create-issue: title-prefix: "[team-status] " labels: [report, daily-status] --- # Daily Team Status Create an upbeat daily status report for the team as a GitHub issue. Include: - Recent repository activity (issues, PRs, discussions, releases, code changes) - Progress tracking, goal reminders and highlights - Project status and recommendations - Actionable next steps for maintainers
Run gh aw compile and this becomes a full GitHub Actions workflow (.lock.yml)
that spins up a containerized coding agent every weekday morning. The agent reads your repository,
analyzes activity, and requests issue creation through a safe output β
a separate, permission-scoped job actually creates the issue. The agent itself never holds write permissions.
Why it matters
π§ Continuous AI
Wake up to ready-to-review improvements: automated triage, CI insights, docs updates, and test enhancements β recurring, event-driven, and hands-off.
π Security-first
Layered defense: read-only tokens, no secrets in the agent, AWF sandbox with a network firewall, a safe-outputs gate, and threat-detection scanning before any write lands.
π° Cost control
gh aw logs and gh aw audit surface token/AI-credit spend per run; max-ai-credits gives each run a hard budget; OpenTelemetry exports traces for dashboards.
π Markdown, not YAML
Frontmatter for config, natural language for behavior. Anyone on the team can read β and meaningfully review β the automation.
π Engine-agnostic
Change engine: copilot to engine: claude and recompile. Same workflow, different agent, same guardrails.
πΈοΈ Multi-agent
Orchestrator workflows fan out to worker workflows via dispatch-workflow and call-workflow safe outputs β agents calling agents, safely.
Vocabulary cheat-sheet
| Term | Meaning |
|---|---|
gh aw | The GitHub CLI extension (gh extension install github/gh-aw) that creates, compiles, runs, and audits agentic workflows. |
| Agentic workflow | A markdown file in .github/workflows/ with YAML frontmatter (config) + markdown body (the agent's prompt). |
.lock.yml | The compiled, hardened GitHub Actions workflow generated by gh aw compile. Committed alongside the .md file. |
| Engine | The coding agent that interprets the markdown: Copilot CLI (default), Claude Code, Codex, or Gemini. |
| AWF | Agent Workflow Firewall β the default sandbox that isolates the agent in a container with domain-based network egress control. |
| Safe outputs | Validated GitHub write operations (create issue, comment, PRβ¦). The agent emits structured requests; separate scoped jobs execute them. |
| MCP | Model Context Protocol β how tools (GitHub API, Playwright, custom servers) are exposed to the agent, routed via an MCP gateway. |
| Frontmatter | The YAML block between --- markers: triggers, permissions, engine, network, tools, safe-outputs, timeouts. |
Official docs: github.github.com/gh-aw · Samples: githubnext/agentics
π° What's New in the gh-aw world
Recent releases and notable changes in GitHub Agentic Workflows. Entries added in the last 14 days carry a NEW badge. This section is maintained by an agentic workflow: site-updater.md checks the gh-aw project weekly and opens a PR updating the JSON data below β the lab demoing itself. ππ¦΄
date to today at load time β anything β€ 14 days old is tagged NEW, and the sidebar link gets a count. The updater agent only edits the JSON; the rendering logic stays untouched, which keeps the agent's diff small, reviewable, and safe.Sources watched: gh-aw releases · official docs · agentics samples
How It Works β from markdown to merged
Click each stage in the pipeline to explore what happens there. This is the full journey of an agentic workflow, from authoring to a gated write on GitHub.
The security flow at a glance
Repository + Prompt Input β Read-only Token # agent job gets read-only GITHUB_TOKEN β No Secrets in Agent # secrets never enter the agent container β Sandbox + Network Firewall (AWF) β Safe Outputs Gate # structured JSON requests, validated β Threat Detection Scan # scans agent output for injection/exfil β Scoped Write Job # separate job with exactly the needed permission
This layered model is why an agent manipulated by prompt injection still can't push code, leak secrets, or spam issues beyond configured limits.
Anatomy of an Agentic Workflow
A realistic issue-triage workflow, line by line. Click any highlighted line to see what it does. The frontmatter configures the machinery; the markdown body is the agent's actual prompt.
π Click a line
Select any line of the workflow to see an explanation of that field, its defaults, and related options.
gh aw compile to regenerate the .lock.yml. GitHub Actions executes the lock file, not the markdown.AI Engines β pick your coding agent
The engine: frontmatter field selects which coding agent interprets your markdown. Switching agents is a one-line change plus the matching secret. Copilot is the default and supports the broadest gh-aw feature set.
π£ GitHub Copilot CLI default
Broadest feature support: custom agent files, autopilot continuations (max-continuations), SDK mode, BYOK provider routing.
- Auth:
COPILOT_GITHUB_TOKENPAT (Copilot Requests: Read) or org billing viapermissions.copilot-requests: writeβ no PAT needed - Custom agents:
engine.agent: my-agentβ.github/agents/my-agent.agent.md - BYOK: route to OpenAI/Anthropic/Azure/Ollama via
COPILOT_PROVIDER_BASE_URL
π Claude Code (Anthropic)
Strong control over long reasoning sessions with turn limits.
- Auth:
ANTHROPIC_API_KEYsecret max-turnscaps agent iterations (default 500)engine.permission-mode:auto,acceptEdits(default),plan,bypassPermissions- Per-tool timeout default: 60s
π’ OpenAI Codex
Fits when OpenAI models are already part of your tooling/budget.
- Auth:
OPENAI_API_KEY(orCODEX_API_KEY, which takes precedence) web-searchis opt-in: declaretools: web-search:explicitly- Per-tool timeout default: 120s
π΅ Google Gemini
Use Gemini models with the same workflow definition and guardrails.
- Auth:
GEMINI_API_KEYsecret - Relies on
timeout-minutes+tools.timeoutfor limits - Web search via third-party MCP server
Extended engine configuration
engine: id: copilot version: latest # pin e.g. "0.5.1" for reproducible builds model: gpt-5 # override the engine's default model agent: technical-doc-writer # .github/agents/technical-doc-writer.agent.md args: ["--add-dir", "/workspace"] env: CUSTOM_API_ENDPOINT: https://api.example.com api-target: api.acme.ghe.com # GHEC/GHES custom API endpoint (hostname only) bare: false # true = skip AGENTS.md / memory / auto-context
Feature support notes
| Capability | Copilot | Claude | Codex | Gemini |
|---|---|---|---|---|
Custom agent files (engine.agent) | β | β | β | β |
Autopilot continuations (max-continuations) | β | β | β | β |
Iteration cap (max-turns) | β * | β strongest | β * | β * |
Built-in web-search | MCP | MCP | opt-in native | MCP |
| Harness retries (default 3, exp. backoff) | β | β | β | β |
*max-turns (default 500) and max-ai-credits (default 1000) are top-level fields supported across engines; behavior nuances vary. See the engines reference for the authoritative matrix.
Custom agent personas β a library of specialists
With the Copilot engine, workflows can invoke different specialized agents defined as markdown files in .github/agents/. Each agent file sets its own instructions, tone, tools, and expertise. Other engines (Claude, Codex) can still use them β the body is injected as a prompt via imports:.
Pick a persona, then click any highlighted line of its agent file to see what it does.
π Click a line
Select any line of the agent file to see an explanation.
Calling this persona from a workflow
| Rule | Detail |
|---|---|
| Location | Must live in a .github/agents/ directory β local, or in a remote repo imported as owner/repo/.github/agents/name.md@ref |
| Format | Markdown with YAML frontmatter: name, description, optional tools and mcp-servers |
| One per workflow | Only one agent file can be imported per workflow β orchestrate multiple personas via worker workflows |
| Caching | Remote agent files are cached by commit SHA in .github/aw/imports/ |
| Org libraries | Organizations can publish shared agent libraries (e.g. acme-org/ai-agents) and version them with tags |
Combine this with orchestration (next section) and one orchestrator can route work to a triage agent, a docs agent, and a security agent β each in its own workflow with its own scoped permissions. Agents can also be defined inline in the workflow markdown (see the Inline Sub-Agents reference).
Safe Outputs β writes without write permissions
The signature security idea of gh-aw. The agent runs read-only and emits structured JSON describing what it wants to do. After validation and threat scanning, a separate job β holding exactly one write permission β executes the request. Least privilege, prompt-injection defense, auditability, and hard per-operation limits, all by construction.
What the agent emits
{
"type": "create_issue",
"title": "Triage: flaky parser test",
"body": "Intermittent failure detected in CI...",
"labels": ["bug", "flaky-test"]
}Requests are made through MCP tools (e.g. safeoutputs.create_issue). The agent never touches the GitHub write API.
What actually happens
- Output is validated against the safe-output schema (e.g. issue body must be 20β65,000 chars)
- Threat detection scans for injection / exfiltration patterns
- Config limits enforced:
max:counts, allowed labels, title prefixes, target repos - A generated job with e.g.
issues: writeβ and only that β performs the create - Created items get a hidden
<!-- gh-aw-workflow-id -->marker for auditing/search
safe-outputs: section is present, create-issue is auto-enabled with conservative defaults (max: 1, labels + title-prefix set to the workflow ID). Declare an explicit section to opt out or expand.Explore the safe output handlers
Select a handler on the left to see its purpose and a realistic configuration.
Power features worth demoing
β³ expires
Auto-close issues after 7d, 2w, 1m⦠gh-aw generates an agentics-maintenance.yml workflow that sweeps at the right frequency.
π§Ή close-older-issues
For recurring reports: after creating the new issue, close up to 10 previous ones from the same workflow as "not planned", with a link comment.
πͺ deduplicate-by-title
true = exact match, integer = Levenshtein edit distance. Checked at the MCP tool boundary (agent gets instant duplicate_dropped feedback) and again at apply time.
π¨βπ©βπ§ group (sub-issues)
Organize batches as sub-issues under a parent (up to 64 children) β perfect for plans broken into tasks.
π group-by-day
Frequent schedules post as comments on today's issue instead of creating a new one per run.
π target-repo
Cross-repository operation with allowed-repos allowlists and optional custom github-token.
Multi-Agent Orchestration β agents calling agents
One workflow (the orchestrator) decides what to do and fans work out to
worker workflows, each with its own scoped permissions, tools, and even a different engine
or custom agent. Two safe outputs make this possible: dispatch-workflow and call-workflow.
Option 1 β dispatch-workflow (async fan-out)
The orchestrator dispatches named workflows via GitHub's workflow_dispatch API. Workers run asynchronously as independent workflow runs and can outlive the parent.
# orchestrator.md --- on: schedule: [{ cron: "0 6 * * 1" }] safe-outputs: dispatch-workflow: workflows: [repo-triage-worker, dependency-audit-worker] max: 5 --- # Weekly Ops Orchestrator Review open issues and dependency alerts. Split the work into units and dispatch the right worker for each: use `repo-triage-worker` for unlabeled issues, `dependency-audit-worker` for outdated dependencies. Pass a `tracker_id` input so workers can report back to the same Project board.
The compiler validates at compile time that each target workflow exists and supports workflow_dispatch. Workers receive a JSON payload.
Option 2 β call-workflow (compile-time fan-out)
Workers are reusable workflows (workflow_call). The compiler generates a typed MCP tool per worker from its declared inputs and emits a conditional uses: job β no API call at runtime. The worker runs inside the same workflow run, preserving github.actor and billing attribution.
safe-outputs: call-workflow: workflows: [spring-boot-bugfix, frontend-dep-upgrade]
Which one should I use?
| dispatch-workflow | call-workflow | |
|---|---|---|
| Execution | Async, independent runs | Same run, synchronous jobs |
| Actor / billing attribution | github-actions bot | Preserves github.actor |
| Workers outlive parent? | β yes | β finish before parent concludes |
| Runtime API overhead | One API call per dispatch | Zero β compile-time wiring |
| Best for | Long-running fan-out, multi-repo rollouts | Attribution-sensitive, must-complete phases |
When to reach for OrchestratorOps
- Work spans multiple repositories or needs different tools/permissions per step
- Units of work benefit from parallel execution
- You want intermediate human review between phases
- Examples: multi-repo rollouts, phased dependency upgrades, initiative-level automation across many issues/PRs
tracker_id string) as an explicit worker input and have workers write it into a Project custom field β both orchestrator and workers can then update one board for visibility.tracker_id. Trigger with gh aw run weekly-ops-orchestrator and watch the fan-out in the Actions tab.Three ways "different agents" show up in gh-aw
1. Different engines
Orchestrator on Copilot, a deep-reasoning worker on Claude, a budget worker on Gemini. One engine: line each.
2. Custom agent personas
Copilot engine + engine.agent pointing at .github/agents/*.agent.md files: triage-bot, security-reviewer, doc-writerβ¦
3. Worker workflows
Full workflows dispatched/called as tools β each is an independent agent with its own sandbox, prompts, and safe outputs.
Security & the AWF Sandbox
AI agents can be manipulated by prompt injection, malicious repository content, or compromised tools. gh-aw assumes this will happen and contains each run with layered controls. AWF β the Agent Workflow Firewall β is the default sandbox for the coding agent.
The six layers
1οΈβ£ Read-only token
The agent job's GITHUB_TOKEN carries read permissions only. Writes are structurally impossible from inside the agent.
2οΈβ£ No secrets in agent
Repository secrets never enter the agent container. Strict mode enforces codemods like steps-run-secrets-to-env.
3οΈβ£ AWF sandbox + firewall
Containerized execution with domain-based network egress control via the top-level network: allowlist.
4οΈβ£ Safe outputs gate
Only schema-validated, limit-checked structured requests can become GitHub actions.
5οΈβ£ Threat detection scan
Agent output is scanned before any write job runs; suspicious content stops the pipeline.
6οΈβ£ Scoped write job
Each safe output executes in a separate job with exactly one permission (e.g. issues: write).
Network permissions
AWF enforces a network allowlist. You compose it from ecosystem identifiers and custom domains:
network: allowed: - defaults # basic infrastructure (GitHub, package proxiesβ¦) - python # Python/PyPI ecosystem domains - node # npm ecosystem - "api.example.com" # custom domain
Anything not on the list is blocked at egress β even if the agent is tricked into trying.
Sandbox configuration
sandbox: agent: awf # default β Agent Workflow Firewall mcp-gateway: # route all MCP calls via unified HTTP gateway api-key: "${{ secrets.MCP_GATEWAY_API_KEY }}" # Disabling requires an audited, literal justification β₯ 20 chars: sandbox: agent: false features: dangerously-disable-sandbox-agent: "controlled environment with no internet access"
- AWF makes host binaries visible in the container β
gh, language runtimes, anything from setup actions orapt-get - Host
PATHis captured asAWF_HOST_PATHand restored inside, soactions/setup-go/setup-pythonjust work - Boolean
truejustifications and${{ }}expressions are rejected by the compiler β disabling the sandbox is deliberately noisy
Trigger-level guardrails
| Field | What it protects |
|---|---|
roles: | Restrict which repo roles can trigger (default: [admin, maintainer, write]) |
skip-bots: / bots: | Ignore or explicitly allow bot actors β stops agent-triggers-agent loops |
manual-approval: | Require environment protection rule approval before the agent runs |
stop-after: | Auto-disable triggers after a deadline (great for trials) |
forks: | Fork filtering for pull_request triggers |
max-ai-credits / max-daily-ai-credits | Hard per-run budget (default 1000) and 24-hour aggregate cap |
gh aw compile --strict --zizmor to show the security scanner failing the build on findings β a great "guardrails are real" moment.Tools & MCP β what the agent is allowed to touch
The tools: frontmatter declares which GitHub API operations, shell commands, browser automation, and MCP servers the agent may use. Everything is allowlist-based.
Built-in tools
tools: github: toolsets: [default] # GitHub API operations (read scopes) edit: # file editing in the workspace bash: ["gh label list", "git status", "grep:*"] web-fetch: # fetch web content web-search: # engine-dependent playwright: version: "1.56.1" # browser automation cache-memory: # persistent memory across runs timeout: 300 # seconds per tool call
| Tool | Notes |
|---|---|
bash | Defaults to safe commands (echo, ls, cat, grep, headβ¦). Wildcards: git:* for a family, :* for everything (careful!), [] to disable. |
github | Toolset-based GitHub API access; read permissions declared under permissions:. |
playwright | Full browser automation for UI checks, screenshots, accessibility audits. |
cache-memory / repo-memory | Persistent memory across runs β trends, historical data, repo context. |
qmd | Local vector search index over docs, exposed as an MCP search tool. |
agentic-workflows | gh-aw introspection: workflow logs and audit analysis as MCP tools (needs actions: read). |
Custom MCP servers
mcp-servers: slack: command: npx args: ["-y", "@slack/mcp-server"] env: SLACK_BOT_TOKEN: "${{ secrets.SLACK_BOT_TOKEN }}" allowed: ["send_message", "get_channel_history"] # gateway-enforced
- Server types:
command+args(process),container(Docker image),url+headers(HTTP) - Always set
allowed:β the MCP gateway filter is a real enforcement boundary, not a hint tools.cli-proxy: truemounts MCP servers as CLI commands onPATH(e.g.safeoutputs add_comment --item_number 42 --body "...") β saves tokens on big schemas
Composition: imports & skills
imports: - shared/tools.md # reuse tools/steps/prompts across workflows skills: # install Copilot skills (SHA-pinned!) pre-run - mattpocock/skills/tdd@801dca688564c529fa84f247f64472520d9ebe28
Imports merge tools, MCP servers, steps and prompt fragments from other files. Skills entries must be pinned to a 40-char commit SHA β supply-chain hygiene by design.
Authentication β org billing, PATs, Apps & WIF
Two distinct auth concerns in gh-aw: engine inference (paying for the AI) and GitHub operations (tokens for tools and safe outputs). Most workflows need just one engine credential β and with Copilot, the newest option needs no secret at all.
Copilot inference: two ways
β¨ Org billing via copilot-requests: write recommended Β· new
Grant one permission in frontmatter and gh-aw uses the built-in GitHub Actions token (${{ github.token }}) for Copilot inference. No PAT, no secret.
permissions: contents: read copilot-requests: write # β that's it
- No PAT lifecycle β tokens minted per-run, auto-revoked
- Billing flows through the org's Copilot plan, not an individual's quota
- Works in forks and org workflows without sharing a personal token
- When set, any
COPILOT_GITHUB_TOKENis ignored for inference - Requires an org Copilot subscription with centralized billing β a
403here means it isn't available; fall back to the PAT
π Personal Access Token: COPILOT_GITHUB_TOKEN
For personal repos or when org billing isn't available. A fine-grained PAT billed against your own Copilot quota.
# 1. Create fine-grained PAT (resource owner = YOUR user account) # Permissions β Account β Copilot Requests: Read # 2. Store it: gh aw secrets set COPILOT_GITHUB_TOKEN --value "<your-pat>"
- Must be a fine-grained PAT β GitHub Apps / OAuth tokens are not supported for this secret
- Resource owner must be your user account, not an org
- Token owner needs an active Copilot license
403 "Resource not accessible"β missing Copilot Requests permission
All engine credentials
| Engine | Primary | Alternatives / notes |
|---|---|---|
| Copilot | permissions: copilot-requests: write (no secret) | COPILOT_GITHUB_TOKEN fine-grained PAT; custom endpoints via GITHUB_COPILOT_BASE_URL; BYOK via COPILOT_PROVIDER_BASE_URL |
| Claude | ANTHROPIC_API_KEY | Workload Identity Federation (WIF) β keyless via GitHub OIDC (below). CLAUDE_CODE_OAUTH_TOKEN is not supported. Custom endpoint: ANTHROPIC_BASE_URL |
| Codex | OPENAI_API_KEY | CODEX_API_KEY takes precedence if both set; Azure OpenAI / routers via OPENAI_BASE_URL in engine.env (+ host in network.allowed) |
| Gemini | GEMINI_API_KEY | Key from Google AI Studio; no alternative |
# Fastest path: analyze workflows, detect engines, prompt for missing secrets gh aw secrets bootstrap # Or set individual secrets gh aw secrets set ANTHROPIC_API_KEY --value "sk-ant-..." gh aw secrets list
Beyond inference: GitHub operations
Tools and safe outputs use the workflow's GITHUB_TOKEN by default. You need additional auth for: reading multiple repos, reading Projects, GitHub tools remote mode, cross-repo safe outputs, or outputs that must trigger CI on created PRs.
πͺ GH_AW_GITHUB_TOKEN
Optional "magic" fallback secret for GitHub operations outside inference. Fallback chain:
custom github-token
β secrets.GH_AW_GITHUB_TOKEN
β secrets.GITHUB_TOKENScope it to the minimum repos + permissions (e.g. Issues: write only). Does not replace COPILOT_GITHUB_TOKEN.
π€ GitHub App short-lived tokens
One App can cover all non-inference GitHub auth. Tokens are minted per-run:
github-app: client-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} owner: "my-org" repositories: [repo1, repo2]
Preferred over long-lived PATs for org setups.
π Anthropic WIF keyless
Claude without a stored API key β short-lived GitHub OIDC tokens exchanged via a federation rule:
permissions: id-token: write engine: id: claude auth: federation-rule-id: fdrl_xxx organization-id: org_xxx service-account-id: svac_xxx workspace-id: ws_xxx
Configure the rule in the Anthropic Console. Available since v0.79.6.
Troubleshooting quick hits
| Symptom | Likely cause & fix |
|---|---|
403 with copilot-requests: write | Org lacks Copilot centralized billing β confirm subscription, or fall back to COPILOT_GITHUB_TOKEN |
403 Resource not accessible by PAT | PAT missing Copilot Requests: Read or owned by an org instead of your user account |
| Copilot fails at inference despite valid token | PAT owner has no active Copilot license |
401/403 (Claude) | Key missing/expired β or you set CLAUDE_CODE_OAUTH_TOKEN, which is ignored; use ANTHROPIC_API_KEY |
401/403 (Codex) with custom endpoint | Check OPENAI_BASE_URL is reachable and its host is listed in network.allowed |
engine-env-secrets-to-engine-config codemod keeps it that way.CLI Reference β the gh aw lifecycle
Commands organized by lifecycle: create β build β test β monitor β manage. Filter by phase below.
gh extension install github/gh-aw β gh aw new my-triage β edit markdown β gh aw compile --strict β show the generated .lock.yml β gh aw run my-triage β gh aw logs β gh aw audit.Workflow Builder β compose your own
Pick options on the left; the generated agentic workflow markdown updates live on the right. Copy it into .github/workflows/my-workflow.md and run gh aw compile.
Then: gh aw compile β commit both the .md and generated .lock.yml β gh aw run.
Run Simulator β watch a run travel the guardrails
A simulated end-to-end run of an issue-triage agentic workflow. Press play and narrate each stage during your demo β including the moment the safe-outputs gate blocks an over-limit request.
Run log
Examples Gallery β real-world patterns
Complete, copy-ready workflows for common scenarios. Many of these mirror the public githubnext/agentics sample collection (installable via gh aw add githubnext/agentics/<name>).
Quick Start β first run in ~10 minutes
Install a pre-baked workflow (the Daily Repo Status Report) into a repo you maintain and watch it file its first issue.
Prerequisites
- AI account β GitHub Copilot (easiest, no extra account), Anthropic, OpenAI, or Google Gemini
- A GitHub repository with write access and Actions enabled
- GitHub CLI v2.0.0+, logged in:
gh auth login --scopes repo,workflow - Linux, macOS, or Windows with WSL
Steps
# 1. Install the extension gh extension install github/gh-aw # 2. Add a sample workflow with the interactive wizard gh aw add-wizard githubnext/agentics/daily-repo-status # β checks prerequisites, lets you pick an engine, # sets up the secret, adds .md + .lock.yml, offers a first run # 3. Watch it gh aw status gh run watch # 4. Customize: edit .github/workflows/daily-repo-status.md, then gh aw compile gh aw run daily-repo-status
Engine secret cheat-sheet
| Engine | Secret | Where to get it |
|---|---|---|
| Copilot | COPILOT_GITHUB_TOKEN | Fine-grained PAT with Copilot Requests: Read β or use org billing via permissions.copilot-requests: write (no PAT) |
| Claude | ANTHROPIC_API_KEY | console.anthropic.com β Settings β Keys |
| Codex | OPENAI_API_KEY (or CODEX_API_KEY) | platform.openai.com β API keys |
| Gemini | GEMINI_API_KEY | aistudio.google.com β API keys |
Set with: gh secret set COPILOT_GITHUB_TOKEN < token.txt or gh aw secrets bootstrap (analyzes workflows and prompts for what's missing).
Where to go next
π Official docs
github.github.com/gh-aw β reference, guides, patterns, FAQ.
π Agent Factory blog
A 19-part tour of real-world agentic workflows by the gh-aw maintainers β triage, releases, quality checks, and more.
π§ͺ The Agentics
githubnext/agentics β installable sample workflows: ci-doctor, daily-repo-status, and friends.