[step-names] Align "Safe Output" step names to use consistent plural form "Safe Outputs"

[github-actions]

Step Name Alignment Issues

Found in: compiled .lock.yml files across the repository (compiler-generated steps).

Summary

Two compiler-generated step names use the singular form "Safe Output" while the majority of related step names use the plural form "Safe Outputs". This inconsistency appears in virtually every workflow that uses safe outputs (~140+ lock files). The project glossary defines this feature as "Safe Outputs" (plural).

---

Issues Identified

1. [High Priority] Inconsistent Plural Form: "Safe Output" → "Safe Outputs"

Affected step names (singular — inconsistent):

• Upload Safe Output Items Manifest — appears in ~140+ lock files
• Setup Safe Output Custom Scripts — appears in smoke-claude.lock.yml

Consistent step names already using plural (Safe Outputs):

• Write Safe Outputs Config
• Write Safe Outputs Tools
• Generate Safe Outputs MCP Server Config
• Start Safe Outputs MCP HTTP Server
• Process Safe Outputs
• Copy Safe Outputs
• Upload Safe Outputs Assets

Issue: The feature is consistently referred to as "Safe Outputs" (plural) in the glossary, documentation, and the majority of compiled step names. Two steps break this pattern by using "Safe Output" (singular), creating jarring inconsistency in workflow run logs and GitHub Actions UI.

Suggested improvements:

• Upload Safe Output Items Manifest → Upload Safe Outputs Items Manifest
• Setup Safe Output Custom Scripts → Setup Safe Outputs Custom Scripts

Glossary reference: See Safe Outputs — defined as "Pre-approved actions the AI can take…"

---

2. [Medium Priority] Missing Type Descriptor: "Install Codex" vs peer install steps

Current step name:

• Install Codex — appears in ~17 lock files (e.g. smoke-codex.lock.yml, daily-issues-report.lock.yml, deep-report.lock.yml)

Peer step names with consistent pattern:

• Install GitHub Copilot CLI
• Install Claude Code CLI
• Install Gemini CLI
• Install AWF binary

Issue: All other AI engine installation steps include a type descriptor ("CLI", "binary"). "Install Codex" omits this, making it ambiguous about what is being installed and breaking the established pattern.

Suggested improvement:

• Install Codex → Install Codex CLI

---

Agentic Task Description

To fix these step names:

1. Locate the compiler templates — these step names are generated by the gh-aw compiler (not written in individual .md workflow files), so changes should be made in the compiler source
2. Search the compiler source for the string "Safe Output Items Manifest" and "Safe Output Custom Scripts" and update to plural form
3. Search for "Install Codex" step name generation and add " CLI" suffix
4. Recompile all affected workflows — run gh aw compile on workflows that use safe outputs and the Codex engine
5. Verify that compiled .lock.yml files reflect the updated names

Related Files

• Source workflows: .github/workflows/*.md (inputs to compiler)
• Compiled workflows: .github/workflows/*.lock.yml (compiler output — do not edit directly)
• Project glossary: docs/src/content/docs/reference/glossary.md

Scope

• Issue 1: ~140+ lock files affected (all workflows using safe outputs)
• Issue 2: ~17 lock files affected (workflows using the Codex engine)

Priority

High Priority — the "Safe Output" vs "Safe Outputs" inconsistency appears in nearly every workflow's run log and GitHub Actions step list, making it highly visible.

---

AI generated by Step Name Alignment for daily maintenance

Generated by Step Name Alignment · ◷

• expires on Mar 21, 2026, 12:30 PM UTC