From 9475ff01ffb5e7bc76e7247cd10a604463b2087d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 20 Mar 2026 13:54:51 +0000 Subject: [PATCH 1/2] Initial plan From 297164bab10a65bd1d0be52ac728433fca093ddb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 20 Mar 2026 14:12:11 +0000 Subject: [PATCH 2/2] fix: rename Execute Codex to Execute Codex CLI for consistent engine naming Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/gh-aw/sessions/d753a2a1-9bbd-4a36-8e3b-f49f5d87c35c --- .github/workflows/ai-moderator.lock.yml | 2 +- .github/workflows/changeset.lock.yml | 2 +- .../codex-github-remote-mcp-test.lock.yml | 2 +- .github/workflows/daily-fact.lock.yml | 4 ++-- .../workflows/daily-issues-report.lock.yml | 4 ++-- .../daily-observability-report.lock.yml | 4 ++-- .github/workflows/deep-report.lock.yml | 4 ++-- .../duplicate-code-detector.lock.yml | 4 ++-- .github/workflows/issue-arborist.lock.yml | 4 ++-- .../schema-feature-coverage.lock.yml | 4 ++-- .../workflows/smoke-agent-all-merged.lock.yml | 4 ++-- .../workflows/smoke-agent-all-none.lock.yml | 4 ++-- .../smoke-agent-public-approved.lock.yml | 4 ++-- .../smoke-agent-public-none.lock.yml | 4 ++-- .../smoke-agent-scoped-approved.lock.yml | 4 ++-- .../workflows/smoke-call-workflow.lock.yml | 4 ++-- .github/workflows/smoke-codex.lock.yml | 20 ++++++------------- pkg/workflow/agentic_output_test.go | 4 ++-- pkg/workflow/codex_engine.go | 2 +- pkg/workflow/codex_engine_test.go | 4 ++-- pkg/workflow/engine_args_test.go | 4 ++-- 21 files changed, 42 insertions(+), 50 deletions(-) diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 74a9ac5e56d..da529b0e144 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -648,7 +648,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 1c92776c8ec..c345e99d260 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -677,7 +677,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index a131216a318..5932900e7e8 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -384,7 +384,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 05922bb5e09..0097b751899 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -624,7 +624,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -810,7 +810,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 9584a84ce94..d3e0a3dc375 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -699,7 +699,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -903,7 +903,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 43491faac68..0e7fa5df2bc 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -711,7 +711,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -897,7 +897,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index f6b54aee2f4..88cedada014 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -794,7 +794,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -1007,7 +1007,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 544b0cb44bf..d5dc250775d 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -653,7 +653,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -839,7 +839,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 196db3fd86f..34a3efd9dbc 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -644,7 +644,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -830,7 +830,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/schema-feature-coverage.lock.yml b/.github/workflows/schema-feature-coverage.lock.yml index cf2953adc75..c3aaedbfa63 100644 --- a/.github/workflows/schema-feature-coverage.lock.yml +++ b/.github/workflows/schema-feature-coverage.lock.yml @@ -604,7 +604,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -791,7 +791,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index 1fcbd1fcc31..e9f5822a5d9 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -601,7 +601,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -787,7 +787,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index 5d0c6d3a691..296f49179f6 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -601,7 +601,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -787,7 +787,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index 689913a9657..4b2465923e5 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -627,7 +627,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -813,7 +813,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 48adaa67a2e..19b4d03a515 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -601,7 +601,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -787,7 +787,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index 7919cc18401..03e394e6797 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -605,7 +605,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -791,7 +791,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 35a462c19c9..fe5f5f83067 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -595,7 +595,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -781,7 +781,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index a3c38f8c672..f17df553b34 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -450,20 +450,13 @@ jobs: { "description": "Add the 'smoked' label to the current pull request (can only be called once)", "inputSchema": { - "additionalProperties": false, + "additionalProperties": true, "properties": { - "labels": { - "description": "The labels' name to be added. Must be separated with line breaks if there're multiple labels.", - "type": "string" - }, - "number": { - "description": "The number of the issue or pull request.", + "payload": { + "description": "JSON-encoded payload to pass to the action", "type": "string" } }, - "required": [ - "labels" - ], "type": "object" }, "name": "add_smoked_label" @@ -1050,7 +1043,7 @@ jobs: - name: Clean git credentials continue-on-error: true run: bash ${RUNNER_TEMP}/gh-aw/actions/clean_git_credentials.sh - - name: Execute Codex + - name: Execute Codex CLI run: | set -o pipefail mkdir -p "$CODEX_HOME/logs" && touch /tmp/gh-aw/agent-step-summary.md @@ -1254,7 +1247,7 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Execute Codex + - name: Execute Codex CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | set -o pipefail @@ -1568,8 +1561,7 @@ jobs: env: GITHUB_TOKEN: ${{ github.token }} with: - labels: ${{ fromJSON(steps.process_safe_outputs.outputs.action_add_smoked_label_payload).labels }} - number: ${{ fromJSON(steps.process_safe_outputs.outputs.action_add_smoked_label_payload).number }} + payload: ${{ steps.process_safe_outputs.outputs.action_add_smoked_label_payload }} - name: Upload safe output items if: always() uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 diff --git a/pkg/workflow/agentic_output_test.go b/pkg/workflow/agentic_output_test.go index bcfaf51b2e3..78247a91012 100644 --- a/pkg/workflow/agentic_output_test.go +++ b/pkg/workflow/agentic_output_test.go @@ -234,8 +234,8 @@ This workflow tests that Codex engine gets GH_AW_SAFE_OUTPUTS but not engine out } // Verify that the Codex execution step is still present - if !strings.Contains(lockContent, "- name: Execute Codex") { - t.Error("Expected 'Execute Codex' step to be in generated workflow") + if !strings.Contains(lockContent, "- name: Execute Codex CLI") { + t.Error("Expected 'Execute Codex CLI' step to be in generated workflow") } t.Log("Codex workflow correctly uses unified agent artifact for safe outputs and engine output files") diff --git a/pkg/workflow/codex_engine.go b/pkg/workflow/codex_engine.go index 9acc2168666..3e0a70494d1 100644 --- a/pkg/workflow/codex_engine.go +++ b/pkg/workflow/codex_engine.go @@ -365,7 +365,7 @@ mkdir -p "$CODEX_HOME/logs" } // Generate the step for Codex execution - stepName := "Execute Codex" + stepName := "Execute Codex CLI" var stepLines []string stepLines = append(stepLines, " - name: "+stepName) diff --git a/pkg/workflow/codex_engine_test.go b/pkg/workflow/codex_engine_test.go index bd2d6a5d1ab..2ae41f2efc0 100644 --- a/pkg/workflow/codex_engine_test.go +++ b/pkg/workflow/codex_engine_test.go @@ -64,8 +64,8 @@ func TestCodexEngine(t *testing.T) { // Check the execution step stepContent := strings.Join([]string(execSteps[0]), "\n") - if !strings.Contains(stepContent, "name: Execute Codex") { - t.Errorf("Expected step name 'Execute Codex' in step content:\n%s", stepContent) + if !strings.Contains(stepContent, "name: Execute Codex CLI") { + t.Errorf("Expected step name 'Execute Codex CLI' in step content:\n%s", stepContent) } if strings.Contains(stepContent, "uses:") { diff --git a/pkg/workflow/engine_args_test.go b/pkg/workflow/engine_args_test.go index 01e486aa165..39f4d862409 100644 --- a/pkg/workflow/engine_args_test.go +++ b/pkg/workflow/engine_args_test.go @@ -338,7 +338,7 @@ func TestCodexEngineArgsInjection(t *testing.T) { var executionStep GitHubActionStep for _, step := range steps { stepStr := strings.Join(step, "\n") - if strings.Contains(stepStr, "Execute Codex") { + if strings.Contains(stepStr, "Execute Codex CLI") { executionStep = step break } @@ -384,7 +384,7 @@ func TestCodexEngineArgsInjection(t *testing.T) { var executionStep GitHubActionStep for _, step := range steps { stepStr := strings.Join(step, "\n") - if strings.Contains(stepStr, "Execute Codex") { + if strings.Contains(stepStr, "Execute Codex CLI") { executionStep = step break }