# github/gh-aw

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/github-gh-aw).**

3,280 stars · 231 forks · Go · mit

## Links

- GitHub: https://github.com/github/gh-aw
- Homepage: https://gh.io/gh-aw
- awesome-repositories: https://awesome-repositories.com/repository/github-gh-aw.md

## Topics

`actions` `cai` `ci` `claude-code` `codex` `copilot` `gh-extension` `github-actions`

## Description

gh-aw is a GitHub automation platform and orchestration framework that uses an agentic workflow engine to automate repository management and code reviews. It translates natural language markdown and configuration files into secure, automated task sequences driven by large language models.

The system integrates a Model Context Protocol gateway to route calls between AI agents and external tools. It distinguishes itself through a comprehensive security guardrail system that provides sandboxed execution for protocol servers, network egress controls via domain allowlists, and human-in-the-loop approval gates for state-changing operations.

The platform covers automated repository maintenance, including issue triaging and quality checks, and provides security features such as sensitive secret redaction, content integrity filtering, and artifact-based execution auditing. It also includes a command-line interface for deploying and triggering workflow sequences.

## Tags

### Artificial Intelligence & ML

- [Agentic Workflow Engines](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-workflow-engines.md) — Provides an execution environment that translates natural language and configuration into automated AI task sequences.
- [Agentic LLM Frameworks](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-llm-frameworks.md) — Offers a framework for defining and executing agentic workflows using LLMs for repository automation.
- [Agentic Workflow Automation](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-workflow-automation.md) — Processes natural language instructions through a large language model to run repository tasks. ([source](https://cdn.jsdelivr.net/gh/github/gh-aw@main/README.md))
- [AI Agent Workflow Definition](https://awesome-repositories.com/f/artificial-intelligence-ml/ai-agent-workflow-definition.md) — Describes automation tasks and triggers using a combination of natural language markdown and configuration files. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/how-they-work.mdx))
- [Autonomous Repository Maintenance](https://awesome-repositories.com/f/artificial-intelligence-ml/autonomous-repository-maintenance.md) — Runs recurring AI-driven tasks like issue triaging and code reviews to maintain repository quality automatically. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/how-they-work.mdx))
- [External Tool Integrations](https://awesome-repositories.com/f/artificial-intelligence-ml/external-service-integrations/external-knowledge-integrators/external-tool-integrations.md) — Connects AI agents to external APIs, file systems, and version control systems using a standardized context protocol. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/how-they-work.mdx))
- [MCP Protocol Integrations](https://awesome-repositories.com/f/artificial-intelligence-ml/external-tool-integrations/mcp-protocol-integrations.md) — Connects AI agents to external APIs and filesystems using a standardized Model Context Protocol for tool discovery.
- [Network Restrictions](https://awesome-repositories.com/f/artificial-intelligence-ml/language-model-orchestration/mcp-server-configurations/network-restrictions.md) — Routes agent traffic through a proxy and enforces a domain allowlist to prevent data exfiltration. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/architecture.mdx))
- [Large Language Model Integration](https://awesome-repositories.com/f/artificial-intelligence-ml/large-language-models/large-language-model-integration.md) — Connects multiple large language model providers to interpret natural language instructions and execute tasks. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/how-they-work.mdx))
- [Server Sandboxing](https://awesome-repositories.com/f/artificial-intelligence-ml/mcp-servers/server-sandboxing.md) — Runs protocol servers in isolated containers with tool-level filtering to limit the potential system attack surface.
- [Human-in-the-Loop Approvals](https://awesome-repositories.com/f/artificial-intelligence-ml/step-based-schedulers/step-execution-engines/execution-step-controllers/human-in-the-loop-approvals.md) — Interrupts automated agent workflows to require manual verification before executing state-changing operations on a repository.
- [AI Security Orchestrators](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/ai-security-orchestrators.md) — Orchestrates autonomous agents with isolated connections and security boundaries to prevent unauthorized actions.
- [Model Context Protocol](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/model-integration-serving/model-integration-interfaces/model-context-protocol.md) — Implements a centralized HTTP gateway for routing calls between AI agents and external tools via MCP.
- [Execution Audits](https://awesome-repositories.com/f/artificial-intelligence-ml/artifact-logging/execution-audits.md) — Preserves logs of token usage and agent decisions as immutable artifacts for security analysis and debugging.
- [Workflow Compilation](https://awesome-repositories.com/f/artificial-intelligence-ml/workflow-definitions/workflow-compilation.md) — Translates natural language markdown and configuration blocks into executable files for system execution. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/setup/quick-start.mdx))

### Development Tools & Productivity

- [Automated Repository Maintenance](https://awesome-repositories.com/f/development-tools-productivity/automated-repository-maintenance.md) — Automates recurring repository tasks such as issue triaging and quality checks using AI.
- [AI Workflow Definitions](https://awesome-repositories.com/f/development-tools-productivity/markdown-tools/ai-workflow-definitions.md) — Translates natural language markdown and configuration files into executable logic for AI agents to follow.
- [Workflow Deployments](https://awesome-repositories.com/f/development-tools-productivity/workflow-deployments.md) — Installs predefined workflows from remote references and configures the necessary engine and security credentials. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/setup/quick-start.mdx))

### Networking & Communication

- [Model Context](https://awesome-repositories.com/f/networking-communication/protocol-gateways/model-context.md) — Provides a centralized HTTP gateway for routing calls between AI agents and external tools using the Model Context Protocol. ([source](https://cdn.jsdelivr.net/gh/github/gh-aw@main/README.md))

### Security & Cryptography

- [Domain Allowlists](https://awesome-repositories.com/f/security-cryptography/domain-allowlists.md) — Routes all agent network traffic through a proxy that enforces a strict domain allowlist to prevent data exfiltration.
- [Network Access Control](https://awesome-repositories.com/f/security-cryptography/network-access-control.md) — Manages agent connectivity using domain-based access controls to block unauthorized external communication. ([source](https://cdn.jsdelivr.net/gh/github/gh-aw@main/README.md))
- [AI Guardrails](https://awesome-repositories.com/f/security-cryptography/safety-and-validation-layers/ai-guardrails.md) — Implements validation layers that inspect AI inputs and outputs to prevent data exfiltration and credential leaks.
- [Configuration Compilation](https://awesome-repositories.com/f/security-cryptography/configuration-hardening/configuration-compilation.md) — Transforms flexible source definitions into locked, validated configuration files to ensure secure and predictable execution.
- [Agent Action Guardrails](https://awesome-repositories.com/f/security-cryptography/security-guardrails/agent-action-guardrails.md) — Restricts AI agent actions via sandboxed execution and human approval gates to prevent unauthorized repository changes. ([source](https://cdn.jsdelivr.net/gh/github/gh-aw@main/README.md))
- [Threat Detection](https://awesome-repositories.com/f/security-cryptography/threat-detection.md) — Analyzes agent-generated outputs and patches using security scanners to block malicious code and credential leaks. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/architecture.mdx))
- [Execution Privilege Isolation](https://awesome-repositories.com/f/security-cryptography/write-permission-controls/execution-privilege-isolation.md) — Moves state-changing operations to scoped jobs that execute only after read-only sessions are validated. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/architecture.mdx))

### Part of an Awesome List

- [GitHub Automation Tools](https://awesome-repositories.com/f/awesome-lists/devtools/github-automation-tools.md) — Automates GitHub repository management, including issue triaging and codebase maintenance via AI agents.

### DevOps & Infrastructure

- [Schema Validation Utilities](https://awesome-repositories.com/f/devops-infrastructure/configuration-management/configuration-validation/schema-validation-utilities.md) — Enforces security constraints via schema validation and action pinning to prevent system misconfigurations. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/architecture.mdx))
- [Secure Configuration Compilation](https://awesome-repositories.com/f/devops-infrastructure/workflow-security/secure-configuration-compilation.md) — Transforms markdown source files into locked configuration files to ensure secure execution within delivery pipelines. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/introduction/how-they-work.mdx))

### Software Engineering & Architecture

- [Behavioral Customization Schemas](https://awesome-repositories.com/f/software-engineering-architecture/configuration-driven-schemas/behavioral-customization-schemas.md) — Adjusts analysis scope and behavioral logic of the agent by modifying markdown configuration files. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/setup/quick-start.mdx))
- [Workflow Triggers](https://awesome-repositories.com/f/software-engineering-architecture/workflow-triggers.md) — Starts a defined automation sequence and monitors its progress via a command line or browser interface. ([source](https://github.com/github/gh-aw/blob/main/docs/src/content/docs/setup/quick-start.mdx))

### Testing & Quality Assurance

- [Action Pinning](https://awesome-repositories.com/f/testing-quality-assurance/validation-verification/input-validation/agent-input-and-output-validators/schema-based-action-validators/action-pinning.md) — Enforces security constraints by validating tool calls against a strict schema and locking specific action versions.