GitHub Agentic Workflows' June 1 weekly update looks like a version roundup, but it points to something larger: agent workflow tooling is becoming product infrastructure. The v0.77.4 release clusters around three practical needs: composability, identity security, and cost control.
The first important change is aw.yml manifest support for includes, skills, and agents. That means a workflow no longer has to be treated as a single YAML script. It can be broken into reusable capability units. For larger repositories and multi-team environments, skills and agents can become shared engineering assets rather than copied prompt bundles.
The second change is Anthropic WIF Authentication. Claude-engine workflows can authenticate through Workload Identity Federation instead of keeping long-lived API key secrets in the repository. That matters for agentic workflows because agents usually need more tools, more permissions, and longer execution windows, making credential hygiene a deployment issue rather than an implementation detail.
The third change is a per-workflow 24-hour effective-token guardrail. Agent workflows can fail operationally even when their outputs look fine if token spend, API calls, or runtime quietly grow. GitHub is making token governance a workflow-level control, and the related structured diagnostics suggest that cost visibility is becoming a basic platform requirement.
The update also includes a copilot-sdk engine, search_commits in the GitHub MCP search toolset, gh aw init scaffolding a Copilot custom agent, and new skills such as copilot-review and go-codemod. Taken together, the direction is clear: GitHub is moving agents from one-off automation toward an initialized, composable, reviewable, and governable workflow layer.
