gh-aw
GitHub Agentic Workflows
Audit GitHub Actions workflow runs for security compliance and tool usage with gh aw audit. Inspect logs artifacts and permissions to identify risks and ensure MCP tool adherence.
How Token Counting Estimates AI Usage and Costs in gh-awDiscover how gh-aw uses token counting to estimate AI usage and costs. Learn about the 4-characters-per-token heuristic and precise JSON metadata parsing for accurate financial tracking.
How the Detection Job Determines When to Activate Workflow Runs in gh-awDiscover how the detection job activates workflow runs in github gh-aw based on safe output types or code patches. Learn the logic behind timely workflow activation to streamline your security processes.
How to Migrate Legacy Workflow Configurations to the Current Schema Format in gh-awLearn to migrate legacy workflow configurations to the current schema format in github/gh-aw. Replace front-matter maps with strongly-typed FrontmatterConfig for efficient transitions.
How to Pass Environment Variables and Configure Secrets in gh-aw WorkflowsLearn to pass environment variables and configure secrets in GitHub Actions workflows with gh-aw. Securely manage secrets using the ${{ secrets.NAME }} syntax.
Security Best Practices for Agentic Workflow Execution: A Defense-in-Depth GuideSecure agentic workflow execution with least-privilege isolation using strict mode safe outputs and network allowlists for GitHub Actions.
How the MCP Gateway Routes Model Context Protocol Server Calls in GitHub Actions WorkflowsDiscover how the MCP Gateway routes Model Context Protocol server calls in GitHub Actions. Learn about its unified HTTP interface and dynamic request routing based on JSON configuration.
How to Use Slash Commands to Trigger Workflows from Issue Comments in GitHub Agentic WorkflowsLearn to trigger GitHub Actions workflows from issue comments using slash commands. Define triggers in front matter to automate tasks effortlessly.
How to Configure Cross-Repository Safe Output Handlers Securely in gh-awSecurely configure cross-repository safe output handlers using target-repo and allowed-repos lists. Enforce runtime validation to block unauthorized requests with error E004.
How to Set Up Playwright Browser Automation with Domain Allow‑Listing in gh‑awSet up Playwright browser automation with domain allow-listing in gh-aw by declaring an allowed_domains array in your workflow. Ensure secure outbound traffic with MCP server enforcement.
Workflow Concurrency Control in gh-aw: How It Prevents Duplicate RunsLearn how gh-aw prevents duplicate workflow runs using unique concurrency group keys and GitHub Actions concurrency stanza. Ensure only one instance runs at a time.
How to Configure Runtime Versions for Node, Python, Go, Ruby, and Java in gh-awLearn to configure Node, Python, Go, Ruby, and Java runtime versions in gh-aw workflows. Add a runtimes block to your YAML frontmatter for easy version management.
Have a question about this repo?
These articles cover the highlights, but your codebase questions are specific. Give your agent direct access to the source. Share this with your agent to get started:
curl -s "https://instagit.com/install.md" Maintain an open-source project? Get it listed too →