Stop Writing YAML: Automating Your Repo with Plain Natural Language

If you maintain a busy codebase, you already know the daily grind: triaging issues, writing status reports, updating documentation, and chasing down failed CI builds. What if your repository could handle that routine maintenance for you, using natural language instead of complex, fragile scripts?

You can even write in languages other than English!

In this week’s Rubber Duck Thursdays live stream, Cassidy Williams and I took a deep dive into GitHub Agentic Workflows. We explored how to move past deterministic if-then scripts and embrace "Continuous AI", a world where your repository actually has the agency to understand context and safely execute tasks for you.

If you missed the stream, here is a breakdown of what we built, how the security model actually works, how you can get started quickly, and a look at some of the Java-specific tooling I’ve been building to take this even further.

What are GitHub Agentic Workflows?

At its core, GitHub Agentic Workflows represent a shift toward natural language programming. Instead of writing intricate YAML configurations to handle repository operations, you describe the desired behavior in a plain English Markdown file.

The workflow is then processed by the gh aw CLI, which compiles your instructions into a hardened GitHub Actions .lock.yml file, which then refers back to the prompt of your workflow. When triggered, an AI coding agent (like Copilot, Claude, or Codex) initializes in a containerized environment, reads your repository's context, and takes action based on your instructions.

Security first: why this isn't just "giving AI the keys"

During the stream, one of the most important things we discussed was the concept of Safe Outputs and built-in guardrails.

A common fear with AI agents is prompt injection: what if a malicious user opens an issue that tricks the agent into deleting the repository or exfiltrating secrets? Agentic Workflows are designed with a "defense-in-depth" architecture. By default, the agent runs with read-only permissions. If it needs to perform a write operation (like creating an issue or a pull request), it must do so through explicitly defined "Safe Outputs".

For example, I noticed during my testing that a URL generated by the agent in an issue was redacted. The engineering team explained that this prevents an agent from being tricked into generating malicious URLs that could send secrets to an external server. The agent cannot modify code, push commits, or run arbitrary commands unless you explicitly authorize those exact tools in the workflow's frontmatter sandbox.

Live stream demos: what we built

In the stream, we built and triggered several workflows live in the terminal:

1. The Daily Repo Status Report (on the javaevolved repo) I applied this to a project I maintain called Java Evolved, a static site that compares legacy Java patterns to modern replacements. We set up a workflow to run on a schedule, analyze the repository's recent pull requests and issues, and create an upbeat daily status report as a new GitHub issue. We specifically told the agent to "use emojis moderately" so it wouldn't go overboard!

2. IssueOps with Slash Commands We demonstrated how you can trigger agents simply by commenting on an issue. We created a /new ideas command. Whenever someone drops that command in an issue comment, the agent reads the surrounding context and automatically generates actionable enhancements or architectural ideas right there in the thread.

3. DataOps: A Curated Hacker News Digest We also built a workflow that fetches the top 30 stories from Hacker News, filters them against a specific "professional developer" persona, and generates a curated digest of only the articles relevant to that persona. It’s a perfect example of using deterministic extraction (calling an API) combined with probabilistic AI reasoning (summarizing and filtering).

The quick start experience

Ready to try it yourself? The quick start process is incredibly frictionless.

• Ensure you have the GitHub CLI and the Copilot CLI installed.
• In your terminal, navigate to your repository and run gh aw init. This initializes the necessary agent files.
• Write your Markdown workflow (defining your triggers, permissions, and natural language instructions).
• Run gh aw compile to validate your configuration and generate the secure .lock.yml GitHub Actions file.

Once committed, your agentic workflow is live and running securely via GitHub Actions.

Taking it further: porting upstream changes agentically back to a downstream project

As a Java developer, I wanted to bring agentic power directly into the Java ecosystem. For that, I've been working on the Copilot SDK for Java. This community-driven SDK tracks the official GitHub Copilot SDK and allows you to programmatically control the Copilot agent runtime right from your Java code.

TheJava SDK is maintained primarily through an Agentic Workflow that checks out the official SDK and then evaluate recent commits to understand whether there are recent changes worth porting back to the Java SDK.

Checkout the workflow!

Watch the replay!

If you're tired of manual repository toil, I highly recommend checking out the live stream to see these workflows in action. Natural language is becoming the new baseline for repository automation, and the guardrails built into GitHub Agentic Workflows make it safe enough for prime time.

• AI

Bruno Borges

Author