GitHub Engineering

Why it matters: This demonstrates how to use AI and automation to solve 'tragedy of the commons' issues like accessibility that cross team boundaries. It provides a blueprint for building agentic workflows that enhance human productivity and ensure critical user feedback is never lost in the backlog.

GitHub implemented an event-driven workflow using GitHub Actions and Copilot to centralize and automate accessibility feedback management.
The system uses LLMs via the GitHub Models API to analyze raw feedback, map it to WCAG standards, and assign severity scores automatically.
A human-in-the-loop approach ensures AI-generated summaries and technical details are verified before being routed to specific engineering teams.
By treating feedback as a data pipeline, the system identifies cross-cutting issues that lack clear ownership, improving overall platform inclusion.
The workflow automates repetitive tasks like technical documentation and team routing, allowing engineers to focus on implementing fixes.
The architecture supports continuous improvement by feeding human corrections back into AI prompts to refine future analysis accuracy.

#mlp #frontend #culture

Read original

GitHub EngineeringMar 12, 2026

GitHub availability report: February 2026

Why it matters: This report highlights how complex dependencies—like telemetry, caching, and security policies—can trigger cascading failures. It provides valuable lessons on the importance of robust monitoring, automated rollbacks, and the need for resilient proxy layers in large-scale distributed systems.

GitHub experienced six major incidents in February 2026, impacting Actions, Codespaces, Dependabot, and Git operations.
A significant outage was caused by telemetry loss that triggered incorrect security policies, blocking access to critical VM metadata.
Cache write amplification and simultaneous rewrites led to cascading failures and connection exhaustion in the Git HTTPS proxy.
Database failovers to read-only instances and authorization claim changes in networking dependencies caused service degradations.
Incorrect network configurations in the LFS service resulted in repository archive download errors for objects using Git LFS.
GitHub is implementing improved monitoring, automated rollbacks, and self-throttling mechanisms to increase system resilience.

#sre #dist #security

Read original

GitHub EngineeringMar 11, 2026

Addressing GitHub’s recent availability issues

Why it matters: This post highlights how rapid scaling and architectural coupling can turn localized issues into platform-wide outages. It provides lessons on managing cache TTLs, the risks of latent configuration errors in failover systems, and the necessity of robust load-shedding mechanisms.

Rapid usage growth and architectural coupling caused localized issues to cascade across GitHub's critical services.
A 10x increase in API traffic from client apps combined with a cache TTL reduction overwhelmed core authentication database clusters.
A telemetry gap triggered security policies that blocked VM metadata access, leading to a global GitHub Actions outage.
Latent configuration issues in Redis failover mechanisms left clusters without writable primaries, requiring manual mitigation.
GitHub is redesigning its user cache system and segmenting database clusters to accommodate significantly higher traffic volumes.
Engineering teams are prioritizing the isolation of critical dependencies to prevent shared infrastructure failures from impacting Git and Actions.

#sre #dist

Read original

GitHub EngineeringMar 10, 2026

The era of “AI as text” is over. Execution is the new interface.

Why it matters: This shift transforms AI from a chat interface into programmable infrastructure. By embedding execution engines into apps, developers can build resilient, context-aware systems that handle complex multi-step tasks without brittle, hard-coded logic or custom orchestration layers.

The GitHub Copilot SDK enables developers to embed agentic execution and planning directly into their own applications.
Shift from hard-coded scripts to intent-based delegation where agents plan, modify files, and recover from errors autonomously.
Integration with the Model Context Protocol (MCP) allows agents to access structured runtime data like API schemas and dependency graphs.
AI capabilities are moving beyond the IDE into background services, desktop apps, and event-driven systems.
The SDK provides a production-tested orchestration layer, reducing the need for teams to build homegrown AI stacks from scratch.

#mlp #dist

Read original

GitHub EngineeringMar 9, 2026

Under the hood: Security architecture of GitHub Agentic Workflows

Why it matters: As AI agents integrate into CI/CD, they introduce risks like prompt injection and credential theft. This architecture provides a blueprint for running non-deterministic agents safely within trusted environments by enforcing strict isolation, secret redaction, and governed execution.

GitHub Agentic Workflows implement a layered security model consisting of substrate, configuration, and planning layers to mitigate risks from non-deterministic agent behavior.
The architecture enforces a zero-trust approach for secrets by isolating agents in dedicated containers with restricted egress and no direct access to environment variables or API keys.
A trusted Model Context Protocol (MCP) gateway manages server authentication and communication, preventing agents from leaking credentials via prompt injection or malicious inputs.
Network isolation is achieved through private networking between agents and a firewall, with all LLM calls routed through a secure API proxy to prevent data exfiltration.
The safe outputs subsystem ensures all repository writes are staged and vetted, preventing agents from making unauthorized or malicious commits to the codebase.

#security #mlp

Read original

GitHub EngineeringMar 6, 2026

How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework

Why it matters: This framework enables engineers to leverage LLMs for deep security audits, moving beyond simple pattern matching to find complex logic flaws. By open-sourcing these taskflows, GitHub allows teams to automate high-quality vulnerability research and improve software supply chain security.

GitHub Security Lab's Taskflow Agent is an open-source framework that uses AI to perform deep security audits on codebases.
The framework utilizes YAML-based 'taskflows' to chain multiple LLM prompts, overcoming context window limitations and reducing hallucinations.
It automates repository decomposition by identifying entry points, intended privileges, and component purposes to provide structured context for analysis.
The system has successfully identified over 80 high-impact vulnerabilities, including complex authorization bypasses and PII disclosure issues.
Engineers can run audits via GitHub Codespaces, utilizing models like GPT or Claude to perform iterative, non-deterministic security scans.

#security #mlp

Read original

GitHub EngineeringMar 5, 2026

60 million Copilot code reviews and counting

Why it matters: AI-driven code reviews are reaching massive scale, shifting from pattern matching to agentic reasoning. For engineers, this means faster PR cycles and higher-quality feedback, as tools now prioritize architectural context and actionable signals over generic linting or noise.

GitHub Copilot Code Review (CCR) now accounts for 20% of all reviews on the platform, totaling over 60 million reviews.
The system transitioned to an agentic architecture that uses tool-calling to retrieve repository context and reason across complex logic.
GitHub prioritizes high-signal feedback, with the AI remaining silent in 29% of cases to avoid developer fatigue and noise.
Performance is measured through a continuous evaluation loop focusing on accuracy, signal quality, and developer sentiment.
The team deliberately trades off latency for quality, accepting a 16% increase in review time for a 6% improvement in positive feedback.
The agentic design allows the system to understand repository-specific invariants and architectural logic rather than just syntax.

#mlp #culture

Read original

GitHub EngineeringMar 5, 2026

Scaling AI opportunity across the globe: Learnings from GitHub and Andela

Why it matters: This article highlights how structured AI integration in production workflows bridges the global talent gap. For engineers, it demonstrates practical strategies for using AI to navigate legacy systems, improve test coverage, and accelerate onboarding in high-stakes environments.

GitHub and Andela partnered to train 3,000 global engineers on GitHub Copilot through a structured AI Academy program.
The initiative focuses on 'learning inside real work,' integrating AI tools directly into production IDEs, PR reviews, and refactoring tasks.
Engineers use AI to accelerate orientation in legacy codebases by generating unit tests to establish coverage before modification.
The program addresses regional challenges such as unreliable connectivity, high compute costs, and the need for localized training content.
AI adoption is treated as a workflow integration rather than a standalone certification, ensuring tools are evaluated under real production constraints.
Key benefits reported include faster onboarding to unfamiliar systems and increased confidence when handling ambiguous or high-stakes tasks.

#culture #mlp

Read original

GitHub EngineeringMar 3, 2026

How we rebuilt the search architecture for high availability in GitHub Enterprise Server

Why it matters: This architectural shift eliminates common failure modes in high-availability setups where search indexes could become locked or corrupted during upgrades. By using native Cross Cluster Replication, engineers gain a more resilient, easier-to-maintain search infrastructure.

GitHub Enterprise Server (GHES) transitioned from a single multi-node Elasticsearch cluster to independent single-node clusters per instance.
The previous architecture allowed primary shards to migrate to read-only replica nodes, causing system locks during maintenance and upgrades.
The new architecture utilizes Elasticsearch’s Cross Cluster Replication (CCR) to synchronize data between independent clusters.
CCR ensures data durability by replicating information only after it has been persisted to the underlying Lucene segments.
A custom bootstrap workflow was developed to attach followers to existing indexes and configure auto-follow for future data.
This shift aligns search infrastructure with the standard leader/follower pattern used across the rest of the GHES platform.

#sre #dist #data

Read original

GitHub EngineeringMar 3, 2026

Join or host a GitHub Copilot Dev Days event near you

Why it matters: These events provide engineers with hands-on experience in AI-assisted development, helping them integrate tools like GitHub Copilot into their daily workflows. Staying updated on AI tools is crucial for maintaining productivity and efficiency in a rapidly evolving software landscape.

GitHub is launching Copilot Dev Days, a global series of hands-on, in-person events focused on AI-assisted coding.
Sessions cover practical workflows using GitHub Copilot CLI, Cloud Agent, and integrations with VS Code and Visual Studio.
The events are community-led by experts including GitHub Stars, Microsoft MVPs, and GitHub employees.
Content is tailored for all levels, from beginners learning best practices to advanced users seeking the latest tips.
Participants can engage in live demos, interactive workshops, and networking with local developer communities.

#mlp #culture

Read original

Page 1 of 8

Prev1 2 3...8 Next