diff --git a/.changeset/patch-bump-codex-sandbox-runtime.md b/.changeset/patch-bump-codex-sandbox-runtime.md new file mode 100644 index 0000000000..b47c7b28bb --- /dev/null +++ b/.changeset/patch-bump-codex-sandbox-runtime.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Bump the default Codex CLI to 0.94.0 and the sandbox runtime to 0.0.34 so the workflows and agents install the latest releases consistently. diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 3612c7fd94..915442052d 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -189,7 +189,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -555,7 +555,7 @@ jobs: engine_name: "Codex", model: "gpt-5.1-codex-mini", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Changeset Generator", experimental: false, supports_tools_allowlist: true, diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index f93703d7d1..8af1fdbf27 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -130,7 +130,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -216,7 +216,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Codex GitHub Remote MCP Test", experimental: false, supports_tools_allowlist: true, diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index f3ece35fa7..f3e15fccce 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -135,7 +135,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -427,7 +427,7 @@ jobs: engine_name: "Codex", model: "gpt-5.1-codex-mini", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Daily Fact About gh-aw", experimental: false, supports_tools_allowlist: true, @@ -880,7 +880,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index ca95f22eda..4a0a89e902 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -199,7 +199,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -594,7 +594,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Daily Issues Report Generator", experimental: false, supports_tools_allowlist: true, @@ -1751,7 +1751,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index c950eba2d6..17791c775a 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -154,7 +154,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -561,7 +561,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Daily Observability Report for AWF Firewall and MCP Gateway", experimental: false, supports_tools_allowlist: true, @@ -1100,7 +1100,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 36a047b448..ec132098ef 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -189,7 +189,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -1055,7 +1055,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Daily Project Performance Summary Generator (Using Safe Inputs)", experimental: false, supports_tools_allowlist: true, @@ -1673,7 +1673,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index a1fce3359e..12f05bf4a9 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -199,7 +199,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -617,7 +617,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "DeepReport - Intelligence Gathering Agent", experimental: false, supports_tools_allowlist: true, @@ -1403,7 +1403,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index cef476e0a5..c00e984349 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -146,7 +146,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -508,7 +508,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Duplicate Code Detector", experimental: false, supports_tools_allowlist: true, @@ -968,7 +968,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 73dc090a67..dd41505544 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -157,7 +157,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -581,7 +581,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Issue Arborist", experimental: false, supports_tools_allowlist: true, @@ -1132,7 +1132,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 296b25b230..b63b0f4e3d 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -193,7 +193,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -1233,7 +1233,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Smoke Codex", experimental: false, supports_tools_allowlist: true, @@ -1812,7 +1812,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index 6ddeeac2fe..94b27fc19d 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -149,7 +149,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Install awf binary run: bash /opt/gh-aw/actions/install_awf_binary.sh v0.13.1 - name: Determine automatic lockdown mode for GitHub MCP server @@ -780,7 +780,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.93.0", + agent_version: "0.94.0", workflow_name: "Smoke Project", experimental: false, supports_tools_allowlist: true, @@ -1343,7 +1343,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.93.0 + run: npm install -g --silent @openai/codex@0.94.0 - name: Run Codex run: | set -o pipefail diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 9cb6a138d7..625464d147 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -283,7 +283,7 @@ const ( ) // DefaultCodexVersion is the default version of the OpenAI Codex CLI -const DefaultCodexVersion Version = "0.93.0" +const DefaultCodexVersion Version = "0.94.0" // DefaultGitHubMCPServerVersion is the default version of the GitHub MCP server Docker image const DefaultGitHubMCPServerVersion Version = "v0.30.2" @@ -322,7 +322,7 @@ var SerenaLanguageSupport = map[string][]string{ } // DefaultSandboxRuntimeVersion is the default version of the @anthropic-ai/sandbox-runtime package (SRT) -const DefaultSandboxRuntimeVersion Version = "0.0.32" +const DefaultSandboxRuntimeVersion Version = "0.0.34" // DefaultPlaywrightMCPVersion is the default version of the @playwright/mcp package const DefaultPlaywrightMCPVersion Version = "0.0.62" diff --git a/pkg/constants/constants_test.go b/pkg/constants/constants_test.go index 47b1d7b699..019eef117e 100644 --- a/pkg/constants/constants_test.go +++ b/pkg/constants/constants_test.go @@ -284,10 +284,10 @@ func TestVersionConstants(t *testing.T) { }{ {"DefaultClaudeCodeVersion", DefaultClaudeCodeVersion, "2.1.29"}, {"DefaultCopilotVersion", DefaultCopilotVersion, "0.0.400"}, - {"DefaultCodexVersion", DefaultCodexVersion, "0.93.0"}, + {"DefaultCodexVersion", DefaultCodexVersion, "0.94.0"}, {"DefaultGitHubMCPServerVersion", DefaultGitHubMCPServerVersion, "v0.30.2"}, {"DefaultMCPGatewayVersion", DefaultMCPGatewayVersion, "v0.0.94"}, - {"DefaultSandboxRuntimeVersion", DefaultSandboxRuntimeVersion, "0.0.32"}, + {"DefaultSandboxRuntimeVersion", DefaultSandboxRuntimeVersion, "0.0.34"}, {"DefaultFirewallVersion", DefaultFirewallVersion, "v0.13.1"}, {"DefaultPlaywrightMCPVersion", DefaultPlaywrightMCPVersion, "0.0.62"}, {"DefaultPlaywrightBrowserVersion", DefaultPlaywrightBrowserVersion, "v1.58.1"},