: Won't replace traditional CI/CD – and still in early development – so use 'at your own risk'
Agentic workflows - where an AI agent runs automatically in GitHub Actions - are now in technical preview, following their introduction at the Universe event in San Francisco last year. The workflow type is being developed by GitHub Next and Microsoft Research, and features sandboxed execution and a feature called secure output, which is intended to protect the agentic workflow from misuse.
The service is part of the continuous AI concept, also presented at Universe. According to principal researcher Eddie Aftandilian, speaking at the event,"we coined the term continuous AI to describe an engineering paradigm that we see as the agentic evolution of continuous integration." An agentic workflow is defined in a markdown file and compiled to GitHub Actions YAML with the GitHub CLI . The workflow is triggered by events, with developers able to choose one or more from events including new issues, new issue comments, pull requests and their comments, and new discussions. The actions to be taken by the agent are determined by prompt instructions, such as asking the agent to analyze issues, add labels, review pull requests, and output a structured report. The agent used can be GitHub Copilot, Claude Code, or OpenAI Codex.to the team, typical use cases for agentic workflows include triaging issues, updating documentation, identifying code improvements, monitoring test coverage and adding new tests, investigating continuous integration failures, and creating regular reports on repository health. GitHub states that agentic workflows make"entirely new categories of repository automation and software engineering possible," that could not be achieved without AI. The new agentic workflows are not intended to replace traditional CI/CD workflows, but to be used alongside. Thenotes that CI/CD needs to be deterministic, whereas agentic workflows are not."If you use agentic workflows, you should use them for tasks that benefit from a coding agent's flexibility, not for core build and release processes that require strict reproducibility," it says.Giving AI agents access to code repositories has obvious risks, particularly in the case of public repositories where malicious prompts may be hidden in new issues, pull requests or comments. In order to address this, there are guardrails which, GitHub claims, makes its agentic workflows safer than simply running AI agent CLIs directly inside an Action. That approach"often grants these agents more permission than is required," the team said.has several layers. Agentic workflows run in an isolated container, and the agent has read-only access to a repository. Access to the wider internet is restricted by a firewall and can be constrained to specified destinations. User content is sanitized before being passed to the agent. In addition there is aOK, so Anthropic's AI built a C compiler. That don't impress me much The cost of an agentic workflow, as is often the case with AI workloads, is somewhat opaque."Costs vary depending on workflow complexity," the FAQ states. The logs contain usage metrics and an audit command shows"detailed token usage and costs," according to the docs.that the product is in early development, may change significantly, and that even with careful supervision"things can still go wrong. Use it with caution, and at your own risk." Nevertheless, security is a large part of this new GitHub feature and is unusually prominent in its presentation. Aftandilian said at Universe that the"agent can only do the things that we want it to do, and nothing else," a bold but welcome claim. ®AWS adds nested virtualization option for handful of EC2 instancesWhy high-performance Java is becoming a business imperativeAIpocolypse
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Michael Jordan reacts to Daytona 500 win: 'It feels like I won a championship'Michael Jordan was right there in Victory Lane to celebrate with his driver after an incredible drive to win the Daytona 500
Read more »
Heritage group disappointed its plans for The Tithebarn won’t be made realityLocal news and community reporting for Preston, Lancashire.
Read more »
ITV Coronation Street death confirmed but fans won't know victim or killer for weeksITV Coronation Street unveiled five potential murder victims in its groundbreaking flashforward episode as Betsy Swain discovers a dead body at her mum Lisa's wedding to Carla Connor on April 23
Read more »
Lorraine Kelly Reveals How She Won Over Husband Steve SmithLorraine Kelly shares the story of how she wooed her husband, Steve Smith, including details about their travel passions and the recent changes to her ITV show.
Read more »
'I was a Reform councillor, no one dares question Nigel but our cuts won't work'Councillor Nick Brown says his former party's money-saving pledges at councils across the country are 'doomed to fail'
Read more »
Why unmanaged AI reflects deeper gaps in lab workflowsA deeper look at unmanaged AI use, also known as 'shadow AI', as a response to workflow friction in laboratories.
Read more »