From 89d55570f3d110b28f5a19acd477c6063f91784c Mon Sep 17 00:00:00 2001
From: Copilot <copilot@github.com>
Date: Mon, 23 Feb 2026 07:35:21 +0000
Subject: [PATCH] docs: update layout specification for 2026-02-23

- Update lock file count: 154 to 158
- Remove actions/ai-inference (no longer found in lock files)
- Update super-linter/super-linter SHA to 61abc07
- Update github/stale-repos SHA to a21e55
- Update github/gh-aw/actions/setup SHA to a70c5ea
- Add new artifacts: safe-output-items, prompt
- Add /opt/gh-aw/gh-aw, /opt/gh-aw/prompts/, /opt/gh-aw/safeoutputs/ paths
- Update version constants: Copilot 0.0.414, Claude 2.1.50, Codex 0.104.0
- Add DefaultGeminiVersion 0.29.0
- Update DefaultFirewallVersion v0.20.2, DefaultMCPGatewayVersion v0.1.5
- Add GeminiLLMGatewayPort 10003

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 scratchpad/layout.md | 39 ++++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/scratchpad/layout.md b/scratchpad/layout.md
index 91e11b5ec5e..80d19e4be2b 100644
--- a/scratchpad/layout.md
+++ b/scratchpad/layout.md
@@ -1,18 +1,18 @@
 # GitHub Actions Workflow Layout Specification
 
 > Auto-generated specification documenting patterns used in compiled `.lock.yml` files.
-> Last updated: 2026-02-16
+> Last updated: 2026-02-23
 
 ## Overview
 
 This document catalogs all file paths, folder names, artifact names, and other patterns used across our compiled GitHub Actions workflows (`.lock.yml` files). It serves as a comprehensive reference for developers working with the gh-aw codebase.
 
 **Statistics:**
-- **Lock files analyzed**: 154
-- **Unique GitHub Actions**: 28
-- **Artifact patterns**: 17
+- **Lock files analyzed**: 158
+- **Unique GitHub Actions**: 26
+- **Artifact patterns**: 19
 - **Job name patterns**: 22
-- **File path references**: 35
+- **File path references**: 36
 
 ## GitHub Actions
 
@@ -32,17 +32,16 @@ Common GitHub Actions used across compiled workflows:
 | `actions/cache` | `0057852...` | Caches dependencies | Used for caching npm, pip, go modules |
 | `actions/cache/restore` | `0057852...` | Restores cached dependencies | Explicit cache restore action |
 | `actions/cache/save` | `0057852...` | Saves dependencies to cache | Explicit cache save action |
-| `actions/ai-inference` | `a380166...` | AI inference action | Used for AI model invocation |
 | `docker/setup-buildx-action` | `8d2750c...` | Sets up Docker Buildx | Used for multi-platform Docker builds |
 | `docker/build-push-action` | `10e90e3...` | Builds and pushes Docker images | Used in release workflows |
 | `docker/login-action` | `c94ce9f...` | Logs in to Docker registry | Used before pushing Docker images |
 | `docker/metadata-action` | `c299e40...` | Extracts Docker metadata | Used for tagging Docker images |
 | `astral-sh/setup-uv` | `d4b2f3b...` | Sets up uv package manager | Used for Python package management |
 | `anchore/sbom-action` | `28d7154...` | Generates SBOM | Used for security and compliance |
-| `super-linter/super-linter` | `2bdd90e...` | Runs super-linter | Used for code quality checks |
-| `github/stale-repos` | `3477b64...` | Manages stale repositories | Used for repository maintenance |
+| `super-linter/super-linter` | `61abc07...` | Runs super-linter | Used for code quality checks |
+| `github/stale-repos` | `a21e55...` | Manages stale repositories | Used for repository maintenance |
 | `./actions/setup` | N/A (local) | Custom setup action | Copies JavaScript and shell scripts to `/tmp/gh-aw/actions` |
-| `github/gh-aw/actions/setup` | `c4e0918...` | Remote setup action | Same as local `./actions/setup` but referenced remotely |
+| `github/gh-aw/actions/setup` | `a70c5ea...` | Remote setup action | Same as local `./actions/setup` but referenced remotely |
 
 ## Artifact Names
 
@@ -54,12 +53,14 @@ Artifacts uploaded/downloaded between workflow jobs:
 | `agent-artifacts` | Agent job | Detection job, conclusion job | Additional artifacts from agent execution |
 | `agent_outputs` | Agent job | Safe-output jobs | Alternative name for agent outputs |
 | `safe-output` | Safe-output jobs | Conclusion job | Safe output results (PR creation, commenting, etc.) |
+| `safe-output-items` | Safe-output jobs | Conclusion job | Individual safe output item payloads (JSONL format) |
 | `safe-outputs-assets` | Safe-output jobs | Conclusion job | Assets generated by safe-output tools |
 | `cache-memory` | Agent job, update_cache_memory job | Next workflow run | Persistent data across workflow runs |
 | `cache-memory-focus-areas` | Agent job | Next workflow run | Focused cache data for specific areas |
 | `cache-memory-repo-audits` | Agent job | Next workflow run | Repository audit cache data |
 | `repo-memory-default` | Agent job | Next workflow run | Default repository memory data |
 | `repo-memory-campaigns` | Agent job | Next workflow run | Campaign-specific repository memory |
+| `prompt` | Activation job | Agent job | Rendered prompt file used for agent invocation |
 | `python-source-and-data` | Agent job | Upload assets job | Python scripts and data files |
 | `trending-source-and-data` | Agent job | Upload assets job | Trending analysis source and data |
 | `trending-charts` | Agent job | Upload assets job | Charts generated from trending data |
@@ -135,6 +136,9 @@ Common file paths referenced in workflow files:
 | `/tmp/gh-aw/python/data/*` | Files | Python data files | Data files used by Python scripts |
 | `/opt/gh-aw/actions` | Directory | Setup action scripts | Destination for copied JavaScript and shell scripts |
 | `/opt/gh-aw/safe-jobs/` | Directory | Safe job definitions | Safe output job definitions and handlers |
+| `/opt/gh-aw/gh-aw` | File | gh-aw binary | The gh-aw CLI binary copied for use in safe-output jobs |
+| `/opt/gh-aw/prompts/` | Directory | Built-in prompts | System prompt files included in agent context |
+| `/opt/gh-aw/safeoutputs/` | Directory | Safe outputs runtime | Safe outputs MCP server, config, and output files |
 | `${{ env.GH_AW_AGENT_OUTPUT }}` | Environment var | Agent output path | Dynamic path to agent output file |
 | `${{ env.GH_AW_SAFE_OUTPUTS }}` | Environment var | Safe outputs path | Dynamic path to safe outputs directory |
 
@@ -191,15 +195,15 @@ const SafeOutputsMCPServerID = "safeoutputs"
 const SafeInputsMCPServerID = "safeinputs"
 const AgenticWorkflowsMCPServerID = "agenticworkflows"
 ````
-
 ### Default Versions
 ````go
-const DefaultCopilotVersion Version = "0.0.410"
-const DefaultClaudeCodeVersion Version = "2.1.42"
-const DefaultCodexVersion Version = "0.101.0"
+const DefaultCopilotVersion Version = "0.0.414"
+const DefaultClaudeCodeVersion Version = "2.1.50"
+const DefaultCodexVersion Version = "0.104.0"
+const DefaultGeminiVersion Version = "0.29.0"
 const DefaultGitHubMCPServerVersion Version = "v0.31.0"
-const DefaultFirewallVersion Version = "v0.18.0"
-const DefaultMCPGatewayVersion Version = "v0.1.4"
+const DefaultFirewallVersion Version = "v0.20.2"
+const DefaultMCPGatewayVersion Version = "v0.1.5"
 const DefaultPlaywrightMCPVersion Version = "0.0.68"
 const DefaultMCPSDKVersion Version = "1.24.0"
 const DefaultBunVersion Version = "1.1"
@@ -236,6 +240,7 @@ const DefaultMCPInspectorPort = 3001
 const ClaudeLLMGatewayPort = 10000
 const CodexLLMGatewayPort = 10001
 const CopilotLLMGatewayPort = 10002
+const GeminiLLMGatewayPort = 10003
 ````
 
 ### URLs
@@ -354,8 +359,8 @@ This specification is automatically maintained by the **Layout Specification Mai
 4. Updates this document with findings
 5. Creates a PR with the changes
 
-**Last extraction run**: 2026-02-16
-**Lock files analyzed**: 154
+**Last extraction run**: 2026-02-23
+**Lock files analyzed**: 158
 **Patterns documented**: 200+
 
 ---