GitHub Agentic Workflows: Intent-Driven Repository Automation with Codex
GitHub Agentic Workflows: Intent-Driven Repository Automation with Codex
GitHub shipped GitHub Agentic Workflows in technical preview on February 13, 2026 — an open-source GitHub Next project that fundamentally changes how repository automation is authored. Instead of writing YAML pipelines, you describe what you want in plain Markdown, and a coding agent (Codex, Claude Code, or GitHub Copilot) figures out how to do it.
This is a direct integration point for Codex CLI in enterprise CI/CD pipelines, and deserves close attention.
The Core Shift: From “Code Your Automation” to “Describe Your Automation”
Traditional GitHub Actions require you to know which shell commands to run, which API calls to make, and how to stitch them together. Agentic Workflows invert this: you describe the desired outcome in natural language, and the agent translates it into actions.
A continuous triage workflow might look like:
---
on:
issues:
types: [opened]
permissions:
issues: write
outputs:
- type: issue-comment
- type: issue-label
agent: codex
---
When a new issue is opened:
1. Read the issue title and body carefully.
2. If it describes a bug, label it `bug` and add a comment asking for reproduction steps.
3. If it's a feature request, label it `enhancement` and add a comment thanking the user and asking for more context.
4. If it's unclear, label it `needs-triage` and ask a clarifying question.
That’s the entire workflow definition. The agent handles the rest.
How It Works Technically
Workflow definitions live in .github/workflows/ as .md files. Each file has two sections:
- YAML frontmatter — configuration: triggers, permissions, outputs, agent engine
- Markdown body — natural language task description
Before running, you compile the Markdown to a lock file:
gh aw compile .github/workflows/triage.md
# → produces .github/workflows/triage.lock.yml
Both files go into your repository. The .md is for humans; the .lock.yml is what GitHub Actions executes. Commit both — the pair functions like a package manifest and its lockfile.
Supported Agent Engines
GitHub Agentic Workflows support multiple coding agents as engines:
| Engine | Notes |
|---|---|
copilot |
Included with GitHub Copilot subscription |
codex |
Uses your OpenAI Codex credentials; standard API rates |
claude |
Uses Anthropic credentials; standard API rates |
Switching engines is a one-line frontmatter change. You can mix engines across workflows in the same repository — useful for running a lightweight model on simple triage tasks and a more capable one on code changes.
For Codex users, the config key is:
agent: codex
Use Cases: Continuous AI
GitHub Agentic Workflows introduce a new category called Continuous AI — automation that runs alongside CI/CD but focuses on quality, documentation, and maintenance rather than build/deploy:
Continuous triage: Automatically summarize, label, and route new issues. Eliminate the backlog of unlabeled, unanswered issues that accumulate in active open-source projects.
Continuous documentation: Keep READMEs and API docs aligned with code changes. Trigger on PR merge; agent reads the diff and updates affected documentation automatically.
Continuous code simplification: Repeatedly identify improvement opportunities and open PRs. Agent runs weekly, finds dead code or overly complex functions, and proposes cleanup.
Security Model
This is a GitHub Next project developed with Microsoft Research, with a safety-first design:
- Read-only by default — workflows run with read access unless write operations are explicitly declared in the
outputsfrontmatter - Safe outputs only — write operations require preapproved “safe output” types (issue-comment, issue-label, pull-request, etc.) with sanitized inputs
- Sandboxed execution — network isolation, SHA-pinned dependencies enforced
- Human-in-the-loop — agents cannot self-approve PRs; write operations still go through GitHub’s standard review process
The sandbox constraints are notably tighter than raw GitHub Actions. You cannot run arbitrary shell commands without declaring them explicitly.
Cost Model
GitHub Agentic Workflows run on GitHub Actions infrastructure:
- Actions compute: $0.002/minute (base rate from January 2026)
- LLM tokens: standard API rates for your chosen engine
- Codex: billed to your OpenAI account
- Claude: billed to your Anthropic account
- Copilot CLI: included in Copilot subscription
For simple triage tasks (read issue, add label, post comment), a typical run costs under $0.01 in tokens. Complex code review or documentation tasks may run $0.05–0.20 per run depending on repo size.
Integration with Codex CLI Workflows
For teams already using Codex CLI for local development, Agentic Workflows add the cloud automation layer that closes the loop:
- Developer uses Codex CLI locally for feature development
- PR is opened — Agentic Workflow triggers a Codex-powered review
- Issues are filed by users — Agentic Workflow triages with Codex
- Weekly maintenance job runs Codex to find and propose improvements
This pairs naturally with the codex cloud exec command introduced in v0.117.0 — you can trigger cloud tasks from the CLI and let Agentic Workflows handle the repository-event-driven automation side.
Getting Started
# Install the GitHub Agentic Workflows CLI extension
gh extension install github/gh-aw
# Compile a workflow
gh aw compile .github/workflows/triage.md
# View workflow runs
gh aw list
# View logs for a specific run
gh aw logs <run-id>
Documentation: github.github.io/gh-aw/
Current Status
GitHub Agentic Workflows is in early technical preview (as of March 2026). Breaking changes are expected. The project is developed in the open at github/gh-aw.
Key things to watch:
- PR review workflows — currently experimental; agent can comment but cannot approve
- Cross-repo workflows — scoped to single repo for now
- Enterprise policy controls — organisation-level agent allowlists coming
This is one of the most important integrations to watch for enterprise Codex CLI users in 2026. The combination of Codex’s code quality and GitHub’s repository automation infrastructure creates a genuinely new automation surface.
Sources: GitHub Blog · GitHub Agentic Workflows docs · InfoQ coverage