From d1d51d4ee53be956bd39fcd929518d89238acde1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Apr 2026 15:08:13 +0000 Subject: [PATCH] feat: pin agentic engine CLIs to fixed versions for supply chain security - Pin DefaultCopilotVersion=1.0.20, DefaultClaudeCodeVersion=2.1.92, DefaultCodexVersion=0.118.0, DefaultGeminiVersion=0.36.0 - Add validateEngineVersion() warning when engine.version: latest is set - Always use --ignore-scripts for engine CLI npm installs - Update golden test data and all compiled lock files Agent-Logs-Url: https://github.com/github/gh-aw/sessions/6febda3c-ad27-41a8-9d4f-553aa6b045fa Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/ace-editor.lock.yml | 6 +- .../agent-performance-analyzer.lock.yml | 8 +- .../workflows/agent-persona-explorer.lock.yml | 8 +- .../agentic-observability-kit.lock.yml | 8 +- .github/workflows/ai-moderator.lock.yml | 6 +- .../workflows/api-consumption-report.lock.yml | 8 +- .github/workflows/archie.lock.yml | 8 +- .github/workflows/artifacts-summary.lock.yml | 8 +- .github/workflows/audit-workflows.lock.yml | 8 +- .github/workflows/auto-triage-issues.lock.yml | 8 +- .github/workflows/blog-auditor.lock.yml | 8 +- .github/workflows/bot-detection.lock.yml | 6 +- .github/workflows/brave.lock.yml | 8 +- .../breaking-change-checker.lock.yml | 8 +- .github/workflows/changeset.lock.yml | 6 +- .github/workflows/ci-coach.lock.yml | 8 +- .github/workflows/ci-doctor.lock.yml | 8 +- .../claude-code-user-docs-review.lock.yml | 8 +- .../cli-consistency-checker.lock.yml | 8 +- .../workflows/cli-version-checker.lock.yml | 8 +- .github/workflows/cloclo.lock.yml | 8 +- .../workflows/code-scanning-fixer.lock.yml | 8 +- .github/workflows/code-simplifier.lock.yml | 8 +- .../codex-github-remote-mcp-test.lock.yml | 6 +- .../commit-changes-analyzer.lock.yml | 8 +- .../constraint-solving-potd.lock.yml | 8 +- .github/workflows/contribution-check.lock.yml | 8 +- .../workflows/copilot-agent-analysis.lock.yml | 8 +- .../copilot-cli-deep-research.lock.yml | 8 +- .../copilot-pr-merged-report.lock.yml | 8 +- .../copilot-pr-nlp-analysis.lock.yml | 8 +- .../copilot-pr-prompt-analysis.lock.yml | 8 +- .../copilot-session-insights.lock.yml | 8 +- .../workflows/copilot-token-audit.lock.yml | 8 +- .../copilot-token-optimizer.lock.yml | 8 +- .github/workflows/craft.lock.yml | 8 +- .../daily-architecture-diagram.lock.yml | 8 +- .../daily-assign-issue-to-user.lock.yml | 8 +- .github/workflows/daily-choice-test.lock.yml | 8 +- .../workflows/daily-cli-performance.lock.yml | 8 +- .../workflows/daily-cli-tools-tester.lock.yml | 8 +- .github/workflows/daily-code-metrics.lock.yml | 8 +- .../daily-community-attribution.lock.yml | 8 +- .../workflows/daily-compiler-quality.lock.yml | 8 +- .github/workflows/daily-doc-healer.lock.yml | 8 +- .github/workflows/daily-doc-updater.lock.yml | 8 +- .github/workflows/daily-fact.lock.yml | 8 +- .github/workflows/daily-file-diet.lock.yml | 8 +- .../workflows/daily-firewall-report.lock.yml | 8 +- .../workflows/daily-function-namer.lock.yml | 8 +- .../daily-integrity-analysis.lock.yml | 8 +- .../workflows/daily-issues-report.lock.yml | 8 +- .../daily-malicious-code-scan.lock.yml | 6 +- .../daily-mcp-concurrency-analysis.lock.yml | 8 +- .../daily-multi-device-docs-tester.lock.yml | 8 +- .github/workflows/daily-news.lock.yml | 8 +- .../daily-observability-report.lock.yml | 8 +- ...aily-otel-instrumentation-advisor.lock.yml | 8 +- .../daily-performance-summary.lock.yml | 8 +- .github/workflows/daily-regulatory.lock.yml | 8 +- .../daily-rendering-scripts-verifier.lock.yml | 8 +- .../workflows/daily-repo-chronicle.lock.yml | 8 +- .../daily-safe-output-integrator.lock.yml | 8 +- .../daily-safe-output-optimizer.lock.yml | 8 +- .../daily-safe-outputs-conformance.lock.yml | 8 +- .../workflows/daily-secrets-analysis.lock.yml | 8 +- .../daily-security-red-team.lock.yml | 8 +- .github/workflows/daily-semgrep-scan.lock.yml | 8 +- .../daily-syntax-error-quality.lock.yml | 8 +- .../daily-team-evolution-insights.lock.yml | 8 +- .github/workflows/daily-team-status.lock.yml | 8 +- .../daily-testify-uber-super-expert.lock.yml | 8 +- .../workflows/daily-workflow-updater.lock.yml | 8 +- .github/workflows/dead-code-remover.lock.yml | 8 +- .github/workflows/deep-report.lock.yml | 8 +- .github/workflows/delight.lock.yml | 8 +- .github/workflows/dependabot-burner.lock.yml | 8 +- .../workflows/dependabot-go-checker.lock.yml | 8 +- .github/workflows/dev-hawk.lock.yml | 8 +- .github/workflows/dev.lock.yml | 8 +- .../developer-docs-consolidator.lock.yml | 8 +- .github/workflows/dictation-prompt.lock.yml | 8 +- .../workflows/discussion-task-miner.lock.yml | 8 +- .github/workflows/docs-noob-tester.lock.yml | 8 +- .github/workflows/draft-pr-cleanup.lock.yml | 8 +- .../duplicate-code-detector.lock.yml | 8 +- .../example-permissions-warning.lock.yml | 6 +- .../example-workflow-analyzer.lock.yml | 8 +- .github/workflows/firewall-escape.lock.yml | 8 +- .github/workflows/firewall.lock.yml | 6 +- .../workflows/functional-pragmatist.lock.yml | 8 +- .../github-mcp-structural-analysis.lock.yml | 8 +- .../github-mcp-tools-report.lock.yml | 8 +- .../github-remote-mcp-auth-test.lock.yml | 8 +- .../workflows/glossary-maintainer.lock.yml | 8 +- .github/workflows/go-fan.lock.yml | 8 +- .github/workflows/go-logger.lock.yml | 8 +- .../workflows/go-pattern-detector.lock.yml | 8 +- .github/workflows/gpclean.lock.yml | 8 +- .github/workflows/grumpy-reviewer.lock.yml | 8 +- .github/workflows/hourly-ci-cleaner.lock.yml | 8 +- .../workflows/instructions-janitor.lock.yml | 8 +- .github/workflows/issue-arborist.lock.yml | 8 +- .github/workflows/issue-monster.lock.yml | 8 +- .github/workflows/issue-triage-agent.lock.yml | 8 +- .github/workflows/jsweep.lock.yml | 8 +- .../workflows/layout-spec-maintainer.lock.yml | 8 +- .github/workflows/lockfile-stats.lock.yml | 8 +- .github/workflows/mcp-inspector.lock.yml | 8 +- .github/workflows/mergefest.lock.yml | 8 +- .github/workflows/metrics-collector.lock.yml | 6 +- .../workflows/notion-issue-summary.lock.yml | 8 +- .github/workflows/org-health-report.lock.yml | 8 +- .github/workflows/pdf-summary.lock.yml | 8 +- .github/workflows/plan.lock.yml | 8 +- .github/workflows/poem-bot.lock.yml | 8 +- .github/workflows/portfolio-analyst.lock.yml | 8 +- .../workflows/pr-nitpick-reviewer.lock.yml | 8 +- .github/workflows/pr-triage-agent.lock.yml | 8 +- .../prompt-clustering-analysis.lock.yml | 8 +- .github/workflows/python-data-charts.lock.yml | 8 +- .github/workflows/q.lock.yml | 8 +- .github/workflows/refiner.lock.yml | 8 +- .github/workflows/release.lock.yml | 8 +- .../workflows/repo-audit-analyzer.lock.yml | 8 +- .github/workflows/repo-tree-map.lock.yml | 8 +- .../repository-quality-improver.lock.yml | 8 +- .github/workflows/research.lock.yml | 8 +- .github/workflows/safe-output-health.lock.yml | 8 +- .../schema-consistency-checker.lock.yml | 8 +- .../schema-feature-coverage.lock.yml | 8 +- .github/workflows/scout.lock.yml | 8 +- .../workflows/security-compliance.lock.yml | 8 +- .github/workflows/security-review.lock.yml | 8 +- .../semantic-function-refactor.lock.yml | 8 +- .github/workflows/sergo.lock.yml | 8 +- .../workflows/slide-deck-maintainer.lock.yml | 8 +- .../workflows/smoke-agent-all-merged.lock.yml | 8 +- .../workflows/smoke-agent-all-none.lock.yml | 8 +- .../smoke-agent-public-approved.lock.yml | 8 +- .../smoke-agent-public-none.lock.yml | 8 +- .../smoke-agent-scoped-approved.lock.yml | 8 +- .../workflows/smoke-call-workflow.lock.yml | 8 +- .github/workflows/smoke-claude.lock.yml | 8 +- .github/workflows/smoke-codex.lock.yml | 8 +- .github/workflows/smoke-copilot-arm.lock.yml | 8 +- .github/workflows/smoke-copilot.lock.yml | 8 +- .../smoke-create-cross-repo-pr.lock.yml | 8 +- .github/workflows/smoke-gemini.lock.yml | 4 +- .github/workflows/smoke-multi-pr.lock.yml | 8 +- .github/workflows/smoke-project.lock.yml | 8 +- .../workflows/smoke-service-ports.lock.yml | 8 +- .github/workflows/smoke-temporary-id.lock.yml | 8 +- .github/workflows/smoke-test-tools.lock.yml | 8 +- .../smoke-update-cross-repo-pr.lock.yml | 8 +- .../smoke-workflow-call-with-inputs.lock.yml | 8 +- .../workflows/smoke-workflow-call.lock.yml | 8 +- .../workflows/stale-repo-identifier.lock.yml | 8 +- .../workflows/static-analysis-report.lock.yml | 8 +- .../workflows/step-name-alignment.lock.yml | 8 +- .github/workflows/sub-issue-closer.lock.yml | 8 +- .github/workflows/super-linter.lock.yml | 8 +- .../workflows/technical-doc-writer.lock.yml | 8 +- .github/workflows/terminal-stylist.lock.yml | 8 +- .../test-create-pr-error-handling.lock.yml | 8 +- .github/workflows/test-dispatcher.lock.yml | 8 +- .../test-project-url-default.lock.yml | 8 +- .github/workflows/test-workflow.lock.yml | 6 +- .github/workflows/tidy.lock.yml | 8 +- .github/workflows/typist.lock.yml | 8 +- .../workflows/ubuntu-image-analyzer.lock.yml | 8 +- .github/workflows/unbloat-docs.lock.yml | 8 +- .github/workflows/update-astro.lock.yml | 8 +- .github/workflows/video-analyzer.lock.yml | 8 +- .../weekly-blog-post-writer.lock.yml | 8 +- .../weekly-editors-health-check.lock.yml | 8 +- .../workflows/weekly-issue-summary.lock.yml | 8 +- .../weekly-safe-outputs-spec-review.lock.yml | 8 +- .github/workflows/workflow-generator.lock.yml | 8 +- .../workflow-health-manager.lock.yml | 8 +- .../workflows/workflow-normalizer.lock.yml | 8 +- .../workflow-skill-extractor.lock.yml | 8 +- .../example-blocked-domains.lock.yml | 125 ++++++++++++------ pkg/constants/version_constants.go | 8 +- .../compiler_orchestrator_workflow.go | 5 + pkg/workflow/copilot_installer.go | 3 +- pkg/workflow/engine_helpers.go | 7 +- pkg/workflow/engine_validation.go | 31 +++++ pkg/workflow/engine_validation_test.go | 76 +++++++++++ pkg/workflow/test-yaml-import.lock.yml | 2 +- .../basic-copilot.golden | 6 +- .../smoke-copilot.golden | 6 +- .../with-imports.golden | 6 +- .../WasmBinary/basic-copilot.golden | 6 +- .../WasmBinary/with-imports.golden | 6 +- 195 files changed, 938 insertions(+), 781 deletions(-) diff --git a/.github/workflows/ace-editor.lock.yml b/.github/workflows/ace-editor.lock.yml index fd667b85c2c..3910d7655c9 100644 --- a/.github/workflows/ace-editor.lock.yml +++ b/.github/workflows/ace-editor.lock.yml @@ -94,8 +94,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "ACE Editor Session" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -354,7 +354,7 @@ jobs: git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 2dd42e4e9d6..19d547cdf65 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Agent Performance Analyzer - Meta-Orchestrator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -409,7 +409,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1193,7 +1193,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index bbce25fb943..3f2d88a5684 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -101,8 +101,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Agent Persona Explorer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -415,7 +415,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1143,7 +1143,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/agentic-observability-kit.lock.yml b/.github/workflows/agentic-observability-kit.lock.yml index 6dd9cea1186..d2a3834e353 100644 --- a/.github/workflows/agentic-observability-kit.lock.yml +++ b/.github/workflows/agentic-observability-kit.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Agentic Observability Kit" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -387,7 +387,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1142,7 +1142,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index dc4311e85df..840c593904f 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -115,8 +115,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CODEX || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "AI Moderator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -405,7 +405,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/api-consumption-report.lock.yml b/.github/workflows/api-consumption-report.lock.yml index c234a0bcf03..429f4ad0b91 100644 --- a/.github/workflows/api-consumption-report.lock.yml +++ b/.github/workflows/api-consumption-report.lock.yml @@ -103,8 +103,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "GitHub API Consumption Report Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -458,7 +458,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1276,7 +1276,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index bf961291e03..46195b2204e 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -107,8 +107,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Archie" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -446,7 +446,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1159,7 +1159,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 96d4f6b2e68..658ac297849 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -92,8 +92,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Artifacts Summary" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -346,7 +346,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1018,7 +1018,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index bdc8e1e4a16..de67e1b444f 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -104,8 +104,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Agentic Workflow Audit Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -477,7 +477,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1309,7 +1309,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index 63ae07123b2..1f0dd033042 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -102,8 +102,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Auto-Triage Issues" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -364,7 +364,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1074,7 +1074,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 46ed3aeb61f..8dc0efcc1aa 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Blog Auditor" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -365,7 +365,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1162,7 +1162,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/bot-detection.lock.yml b/.github/workflows/bot-detection.lock.yml index c35bed803b3..a4c0823c3fb 100644 --- a/.github/workflows/bot-detection.lock.yml +++ b/.github/workflows/bot-detection.lock.yml @@ -91,8 +91,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Bot Detection" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -368,7 +368,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 475aff1c9fb..654e1a5b60f 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Brave Web Search Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -403,7 +403,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1106,7 +1106,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index eeefabd58bf..0fc17c06358 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Breaking Change Checker" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -355,7 +355,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1058,7 +1058,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 1e0f93edc7f..651edbe3b0d 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -114,8 +114,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: "gpt-5.1-codex-mini" - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Changeset Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -415,7 +415,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index fccdcb81bb4..6dc9baf798b 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "CI Optimization Coach" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -425,7 +425,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1123,7 +1123,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index fd4ff41e58e..e6da468339c 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -108,8 +108,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "CI Failure Doctor" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -482,7 +482,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1336,7 +1336,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index 452f95fc280..3fdf9e9a465 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Claude Code User Documentation Review" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -387,7 +387,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1136,7 +1136,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 50d1712cad2..28aabc72fcb 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -87,8 +87,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "CLI Consistency Checker" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -342,7 +342,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1018,7 +1018,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 51dddcc4536..db7d2597fbf 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "CLI Version Checker" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -388,7 +388,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1137,7 +1137,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 6fae199e597..c5dff5a3500 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -133,8 +133,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "/cloclo" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -570,7 +570,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1503,7 +1503,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index 1399ad3f249..c4f697671e0 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Code Scanning Fixer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -388,7 +388,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1116,7 +1116,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index 0e105fbc374..03e6ea0f737 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Code Simplifier" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -364,7 +364,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1050,7 +1050,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index a3e8132c19a..d6e9c81b39f 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -88,8 +88,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CODEX || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Codex GitHub Remote MCP Test" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -328,7 +328,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index d3a29fc5257..888a70e1a78 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Commit Changes Analyzer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -362,7 +362,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1091,7 +1091,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml index 77a7aeaf9c9..47648add7a9 100644 --- a/.github/workflows/constraint-solving-potd.lock.yml +++ b/.github/workflows/constraint-solving-potd.lock.yml @@ -90,8 +90,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Constraint Solving — Problem of the Day" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -352,7 +352,7 @@ jobs: git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1036,7 +1036,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index e3ca2d46f41..77ce96a2b80 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -91,8 +91,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Contribution Check" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -352,7 +352,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1069,7 +1069,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index 6c1077c7104..796a1c1b256 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -101,8 +101,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Copilot Agent PR Analysis" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -426,7 +426,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1184,7 +1184,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 6ae9079a21f..c951de6b687 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -91,8 +91,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Copilot CLI Deep Research Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -373,7 +373,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1081,7 +1081,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 2ab6f05bab5..45323c5b569 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Copilot PR Merged Report" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -391,7 +391,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1206,7 +1206,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index a1af8ad9d46..f2162b5ea82 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -101,8 +101,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Copilot PR Conversation NLP Analysis" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -454,7 +454,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1178,7 +1178,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 4488d6b7bdb..48e2714a1ca 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Copilot PR Prompt Pattern Analysis" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -414,7 +414,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1112,7 +1112,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index ccfad3762d4..55133294353 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -104,8 +104,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Copilot Session Insights" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -464,7 +464,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1248,7 +1248,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/copilot-token-audit.lock.yml b/.github/workflows/copilot-token-audit.lock.yml index 200a9154dc2..b420464b023 100644 --- a/.github/workflows/copilot-token-audit.lock.yml +++ b/.github/workflows/copilot-token-audit.lock.yml @@ -102,8 +102,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Copilot Token Usage Audit" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -472,7 +472,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1220,7 +1220,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/copilot-token-optimizer.lock.yml b/.github/workflows/copilot-token-optimizer.lock.yml index 5bea9873655..aab7ea220a8 100644 --- a/.github/workflows/copilot-token-optimizer.lock.yml +++ b/.github/workflows/copilot-token-optimizer.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Copilot Token Usage Optimizer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -415,7 +415,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1109,7 +1109,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index f0a5834d81d..6bdbd988d8f 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -94,8 +94,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Workflow Craft Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -406,7 +406,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1112,7 +1112,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index 640231205bf..9cd8431dc95 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -104,8 +104,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Architecture Diagram Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -385,7 +385,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1134,7 +1134,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index d2f6a0d2329..2d750211e79 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Auto-Assign Issue" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -354,7 +354,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1060,7 +1060,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 380a240c372..6fc08a95e91 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -103,8 +103,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Choice Type Test" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -368,7 +368,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1122,7 +1122,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index caa9463846b..8ad84c851d8 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -130,8 +130,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily CLI Performance Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -419,7 +419,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1306,7 +1306,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index cf7deb540ac..32f04d90586 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -106,8 +106,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily CLI Tools Exploratory Tester" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -400,7 +400,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1141,7 +1141,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index e83809a3d84..01b3eff0a06 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -110,8 +110,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Code Metrics and Trend Tracking Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -453,7 +453,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1262,7 +1262,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-community-attribution.lock.yml b/.github/workflows/daily-community-attribution.lock.yml index 5eb12dc8f7e..4efa69247ed 100644 --- a/.github/workflows/daily-community-attribution.lock.yml +++ b/.github/workflows/daily-community-attribution.lock.yml @@ -104,8 +104,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Community Attribution Updater" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -401,7 +401,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1149,7 +1149,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 2cfb386f6fe..a04d8ccd5b6 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -107,8 +107,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Compiler Quality Check" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -420,7 +420,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1187,7 +1187,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index ce4cbceca79..b75e4f4c88e 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -108,8 +108,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Documentation Healer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -400,7 +400,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1240,7 +1240,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 7749d8453ff..c63273f0e3a 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -107,8 +107,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Documentation Updater" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -399,7 +399,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Parse integrity filter lists id: parse-guard-vars env: @@ -1205,7 +1205,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 9dcc49e60a2..d89a1c5253a 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -106,8 +106,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: "gpt-5.1-codex-mini" - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Daily Fact About gh-aw" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -445,7 +445,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server @@ -1149,7 +1149,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Execute Codex CLI diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 8d8bb1227f2..dbaa5fd986f 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -110,8 +110,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily File Diet" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -405,7 +405,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1160,7 +1160,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index 1b69f90e87a..06d41e8ee3c 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -111,8 +111,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Firewall Logs Collector and Reporter" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -455,7 +455,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1234,7 +1234,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index dad81928b65..3db594721d5 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -108,8 +108,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Go Function Namer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -431,7 +431,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1230,7 +1230,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-integrity-analysis.lock.yml b/.github/workflows/daily-integrity-analysis.lock.yml index b46dfa0a4db..03564f90191 100644 --- a/.github/workflows/daily-integrity-analysis.lock.yml +++ b/.github/workflows/daily-integrity-analysis.lock.yml @@ -111,8 +111,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily DIFC Integrity-Filtered Events Analyzer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -472,7 +472,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1251,7 +1251,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 6574a35ca60..44e6dc10cc0 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -117,8 +117,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Issues Report Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -468,7 +468,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1208,7 +1208,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 29cb4d62015..ad9411084d5 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -102,8 +102,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Malicious Code Scan Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -359,7 +359,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 622c961049d..32c8015e27c 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -106,8 +106,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily MCP Tool Concurrency Analysis" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -418,7 +418,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1201,7 +1201,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index a99aec49188..d344947b9d8 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -109,8 +109,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Multi-Device Docs Tester" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -392,7 +392,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1244,7 +1244,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index ac84b867694..924a424e419 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -111,8 +111,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily News" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -524,7 +524,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1296,7 +1296,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index db15d4bb411..52297b2ee6b 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -112,8 +112,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CODEX || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Daily Observability Report for AWF Firewall and MCP Gateway" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -414,7 +414,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server @@ -1179,7 +1179,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Execute Codex CLI diff --git a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml index be1c50c5b1a..569eaf257e5 100644 --- a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml +++ b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml @@ -104,8 +104,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily OTel Instrumentation Advisor" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -376,7 +376,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1152,7 +1152,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 441ce566c45..7c0386da42b 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -109,8 +109,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Project Performance Summary Generator (Using MCP Scripts)" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -424,7 +424,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1643,7 +1643,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index 62b96eb6da6..f17e3e53d68 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -105,8 +105,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Regulatory Report Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -370,7 +370,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1551,7 +1551,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index 135a8621400..29fbd3f3f26 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -115,8 +115,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Rendering Scripts Verifier" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -443,7 +443,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1295,7 +1295,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 523ba24a899..505060dc348 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -106,8 +106,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "The Daily Repository Chronicle" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -417,7 +417,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1152,7 +1152,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-safe-output-integrator.lock.yml b/.github/workflows/daily-safe-output-integrator.lock.yml index 4d2d84ea5eb..6322fc1d04a 100644 --- a/.github/workflows/daily-safe-output-integrator.lock.yml +++ b/.github/workflows/daily-safe-output-integrator.lock.yml @@ -102,8 +102,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Safe Output Integrator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -363,7 +363,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1104,7 +1104,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 216ffdec491..91901923cb7 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -116,8 +116,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Safe Output Tool Optimizer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -449,7 +449,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1276,7 +1276,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index ecdb7828d91..ff9ab2a5294 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -104,8 +104,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Safe Outputs Conformance Checker" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -371,7 +371,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1128,7 +1128,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 3ba6a98276d..db2d7763ceb 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -102,8 +102,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Secrets Analysis Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -361,7 +361,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1058,7 +1058,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index 690e0236297..031dffeb482 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -104,8 +104,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Security Red Team Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -375,7 +375,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1132,7 +1132,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index e792d7f4572..d2e2cde7327 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -104,8 +104,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Semgrep Scan" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -365,7 +365,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1089,7 +1089,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 6a7b869408c..86f868ebcf9 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -101,8 +101,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Syntax Error Quality Check" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -370,7 +370,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1094,7 +1094,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index 5cc5fec9abe..cb0dedc2811 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -105,8 +105,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Daily Team Evolution Insights" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -375,7 +375,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1128,7 +1128,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index 943fd0da978..3576fbca0c1 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -113,8 +113,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Team Status" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -375,7 +375,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1084,7 +1084,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index c6c17ba02fa..24935c238bf 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -110,8 +110,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Testify Uber Super Expert" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -429,7 +429,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1202,7 +1202,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 5eefee0f318..8f7e12881c5 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -101,8 +101,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Daily Workflow Updater" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -359,7 +359,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1066,7 +1066,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/dead-code-remover.lock.yml b/.github/workflows/dead-code-remover.lock.yml index facefda154e..083f0a50090 100644 --- a/.github/workflows/dead-code-remover.lock.yml +++ b/.github/workflows/dead-code-remover.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Dead Code Removal Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -395,7 +395,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1089,7 +1089,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index c1bd47615ac..4398faa41d0 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -102,8 +102,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "DeepReport - Intelligence Gathering Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -471,7 +471,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1336,7 +1336,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 6b15c692697..d5582e1163c 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -94,8 +94,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Delight" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -378,7 +378,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1126,7 +1126,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index bf3bdd7101e..9a945757ec2 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Dependabot Burner" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -354,7 +354,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1030,7 +1030,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 161739ab30b..3ea8e974afe 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -92,8 +92,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Dependabot Dependency Checker" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -352,7 +352,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1047,7 +1047,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 40e0e009efc..c5680ac0673 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Dev Hawk" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -405,7 +405,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1129,7 +1129,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index be18d12e5b4..f09b58ae8fe 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -111,8 +111,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Dev" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -399,7 +399,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1093,7 +1093,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 266912d8263..2d849b12dae 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -100,8 +100,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Developer Documentation Consolidator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -446,7 +446,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1295,7 +1295,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index 4a0be528db7..df6a14383cd 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -92,8 +92,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Dictation Prompt Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -348,7 +348,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1030,7 +1030,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index 60b0c7def73..691073564eb 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -94,8 +94,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Discussion Task Miner - Code Quality Improvement Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -377,7 +377,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1115,7 +1115,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 6499eb30fd3..ec703de12cf 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Documentation Noob Tester" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -360,7 +360,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1074,7 +1074,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index 12b6057faf1..087e7bdd40e 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -87,8 +87,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Draft PR Cleanup" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -340,7 +340,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1059,7 +1059,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 3d730f9c6ce..db4a6338625 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CODEX || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Duplicate Code Detector" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -401,7 +401,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server @@ -1135,7 +1135,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Execute Codex CLI diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index ff228c66d3c..dc559c6bba8 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -86,8 +86,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Example: Properly Provisioned Permissions" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -321,7 +321,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 739332550b4..565ed1faa14 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Weekly Workflow Analysis" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -393,7 +393,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1164,7 +1164,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 31fc08c7646..d49534f4e5d 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -103,8 +103,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "The Great Escapi" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -413,7 +413,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1116,7 +1116,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index 5af385a3daa..cb999bcf514 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -86,8 +86,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Firewall Test Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -323,7 +323,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index fbbdb52df26..00d7852ff95 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -93,8 +93,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Functional Pragmatist" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -355,7 +355,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1041,7 +1041,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 384b74d5864..65d9b1973c6 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "GitHub MCP Structural Analysis" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -419,7 +419,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1189,7 +1189,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index ae3df344cd2..555c45ac052 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "GitHub MCP Remote Server Tools Report Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -390,7 +390,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1174,7 +1174,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index b0aa0dd3a68..4816902a8be 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -93,8 +93,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: "gpt-5.1-codex-mini" - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "GitHub Remote MCP Authentication Test" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -355,7 +355,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1036,7 +1036,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index 1dba1bb52a4..9394f0b4394 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Glossary Maintainer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -450,7 +450,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1187,7 +1187,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index bc1964a8b47..30d12500283 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -100,8 +100,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Go Fan" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -422,7 +422,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1222,7 +1222,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index da48031e513..3021732982f 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Go Logger Enhancement" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -402,7 +402,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1335,7 +1335,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index c3e804a1357..73327e91011 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Go Pattern Detector" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -368,7 +368,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1159,7 +1159,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index b2fa1faf58c..d1a55205b1d 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "GPL Dependency Cleaner (gpclean)" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -381,7 +381,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1069,7 +1069,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index 0f879a56149..a8a2bee408b 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -110,8 +110,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CODEX || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Grumpy Code Reviewer 🔥" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -443,7 +443,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Parse integrity filter lists @@ -1191,7 +1191,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Execute Codex CLI diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index 872941a8c67..af2efa3d414 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "CI Cleaner" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -413,7 +413,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1218,7 +1218,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 9aa0017fb52..7ce94e11f19 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -93,8 +93,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Instructions Janitor" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -380,7 +380,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1156,7 +1156,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 91a87fc0140..b241c71889b 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CODEX || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Issue Arborist" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -380,7 +380,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Parse integrity filter lists @@ -1125,7 +1125,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Execute Codex CLI diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 732cc090887..814e98bbdae 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -460,8 +460,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: "gpt-5.1-codex-mini" - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Issue Monster" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -731,7 +731,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1424,7 +1424,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index a33abbdef68..ada9ed38fe7 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -93,8 +93,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Issue Triage Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -336,7 +336,7 @@ jobs: git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1019,7 +1019,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index ca06fb86d9b..2832c379ea4 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "jsweep - JavaScript Unbloater" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -422,7 +422,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1149,7 +1149,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index 9db727ba560..d6740a97293 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -93,8 +93,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Layout Specification Maintainer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -359,7 +359,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1074,7 +1074,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index d4f1ab10285..dea1ad39a0a 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Lockfile Statistics Analysis Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -383,7 +383,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1127,7 +1127,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 7464f9ad1f9..4317f234f4d 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -131,8 +131,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "MCP Inspector Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -500,7 +500,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1593,7 +1593,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index dbcf08f6e30..9e2869773e1 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Mergefest" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -405,7 +405,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1126,7 +1126,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index d4db86264f3..0fceca9c096 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Metrics Collector - Infrastructure Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -392,7 +392,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index b8c45bdcb28..d72aa8a1d5c 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -95,8 +95,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Issue Summary to Notion" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -354,7 +354,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1034,7 +1034,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 1c70c004261..a943b47dd35 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Organization Health Report" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -414,7 +414,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1125,7 +1125,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index b0b22da7e7e..beb4d876273 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -122,8 +122,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Resource Summarizer Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -464,7 +464,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1203,7 +1203,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index 57a4495421b..a9bcdc31c71 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Plan Command" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -404,7 +404,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1128,7 +1128,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 36c75a225ea..3c0e3f0d17d 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -116,8 +116,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: "gpt-5" - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Poem Bot - A Creative Agentic Workflow" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -457,7 +457,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1491,7 +1491,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index f79264d6358..e6783e328cc 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -102,8 +102,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Automated Portfolio Analyst" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -461,7 +461,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1219,7 +1219,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index b4d7d304e67..88d867e29ab 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -105,8 +105,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "PR Nitpick Reviewer 🔍" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -435,7 +435,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1198,7 +1198,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index 726163b653e..619a1eaa44e 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -93,8 +93,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "PR Triage Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -376,7 +376,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1109,7 +1109,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index d36e513139b..79265294b99 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -108,8 +108,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Copilot Agent Prompt Clustering Analysis" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -484,7 +484,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1271,7 +1271,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index 978d29c6ab1..cbd8914e93d 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Python Data Visualization Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -440,7 +440,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1194,7 +1194,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 5a2f4a683c6..cc77d7cc201 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -131,8 +131,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Q" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -534,7 +534,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1362,7 +1362,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index 272ebf358e9..2277f146862 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -110,8 +110,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Code Refiner" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -386,7 +386,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1090,7 +1090,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index e85c615e7ef..eb5bda31738 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -111,8 +111,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Release" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -385,7 +385,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1192,7 +1192,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index c91231cda99..f17b2162e5f 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Repository Audit & Agentic Workflow Opportunity Analyzer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -381,7 +381,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1067,7 +1067,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index 7b37d8c03be..769a2588e3b 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -93,8 +93,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Repository Tree Map Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -350,7 +350,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1022,7 +1022,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 798e0e6e1fd..c9dfa5e6765 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Repository Quality Improvement Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -413,7 +413,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1126,7 +1126,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index 09e4246cd32..78232b775b2 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -96,8 +96,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Basic Research Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -358,7 +358,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1053,7 +1053,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 166719d2642..1a6aa8d8e90 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -102,8 +102,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Safe Output Health Monitor" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -429,7 +429,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1231,7 +1231,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 2a0a4b6407c..7aed8132b5c 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Schema Consistency Checker" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -383,7 +383,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1127,7 +1127,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/schema-feature-coverage.lock.yml b/.github/workflows/schema-feature-coverage.lock.yml index 2805c0c7482..c7124affdb0 100644 --- a/.github/workflows/schema-feature-coverage.lock.yml +++ b/.github/workflows/schema-feature-coverage.lock.yml @@ -92,8 +92,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CODEX || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Schema Feature Coverage Checker" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -364,7 +364,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server @@ -1060,7 +1060,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Execute Codex CLI diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index c0b1ca50f59..1039f0d2089 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -152,8 +152,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Scout" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -507,7 +507,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Parse integrity filter lists id: parse-guard-vars env: @@ -1388,7 +1388,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index b090f7ceaca..0ddc9c4eec9 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Security Compliance Campaign" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -387,7 +387,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1077,7 +1077,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 05ac4da42fd..f2a64f5dd23 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -107,8 +107,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Security Review Agent 🔒" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -469,7 +469,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1245,7 +1245,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index 4790589a1e8..31425436165 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Semantic Function Refactoring" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -395,7 +395,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1191,7 +1191,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 31cbc290a33..a23c52c5766 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Sergo - Serena Go Expert" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -420,7 +420,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1211,7 +1211,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index 87854f7f49e..1253246016b 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -105,8 +105,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Slide Deck Maintainer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -412,7 +412,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1165,7 +1165,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index c39dc22a962..f2acee187d5 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -118,8 +118,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Smoke Agent: all/merged" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -406,7 +406,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Parse integrity filter lists id: parse-guard-vars env: @@ -1166,7 +1166,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index 2441fc9731d..61b01c086ae 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -118,8 +118,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Smoke Agent: all/none" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -406,7 +406,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Parse integrity filter lists id: parse-guard-vars env: @@ -1166,7 +1166,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index 772f314a227..3dfe02ce305 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -120,8 +120,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Smoke Agent: public/approved" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -409,7 +409,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Parse integrity filter lists id: parse-guard-vars env: @@ -1199,7 +1199,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 1047a31d70e..5e802b6a7e7 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -118,8 +118,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Smoke Agent: public/none" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -406,7 +406,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Parse integrity filter lists id: parse-guard-vars env: @@ -1166,7 +1166,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index 2fae1528796..ba33dae5910 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -119,8 +119,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Smoke Agent: scoped/approved" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -408,7 +408,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Parse integrity filter lists id: parse-guard-vars env: @@ -1173,7 +1173,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 52bb30b9f32..34f92d9fbdb 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -115,8 +115,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: "gpt-5.1-codex-mini" - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Smoke Call Workflow" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -387,7 +387,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server @@ -1099,7 +1099,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Execute Codex CLI diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 1b8fc245904..d4811478939 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -141,8 +141,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Smoke Claude" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -909,7 +909,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -2740,7 +2740,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 112f3d2677a..02a43f483f1 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -129,8 +129,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "codex" GH_AW_INFO_ENGINE_NAME: "Codex" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CODEX || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "0.118.0" + GH_AW_INFO_AGENT_VERSION: "0.118.0" GH_AW_INFO_WORKFLOW_NAME: "Smoke Codex" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -504,7 +504,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server @@ -1606,7 +1606,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex CLI - run: npm install --ignore-scripts -g @openai/codex@latest + run: npm install --ignore-scripts -g @openai/codex@0.118.0 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Execute Codex CLI diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index f28eb5f7a53..94aab3aa9ec 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -127,8 +127,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Copilot ARM64" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -526,7 +526,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -2061,7 +2061,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 4f7971a6356..a6844b8b235 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -130,8 +130,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Copilot" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -535,7 +535,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -2113,7 +2113,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml index 960d3d5aeee..938ea37a1b2 100644 --- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml @@ -119,8 +119,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Create Cross-Repo PR" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -414,7 +414,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1203,7 +1203,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index 4c3394b9d2e..fbb257b24c4 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -454,7 +454,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Gemini CLI - run: npm install --ignore-scripts -g @google/gemini-cli@latest + run: npm install --ignore-scripts -g @google/gemini-cli@0.36.0 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1352,7 +1352,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Gemini CLI - run: npm install --ignore-scripts -g @google/gemini-cli@latest + run: npm install --ignore-scripts -g @google/gemini-cli@0.36.0 - name: Write Gemini Settings if: always() && steps.detection_guard.outputs.run_detection == 'true' run: | diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index 3ff77015653..359b950b856 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -120,8 +120,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Multi PR" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -417,7 +417,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1185,7 +1185,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index fc6e7c91d90..71d3eb909d9 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -119,8 +119,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Project" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -417,7 +417,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1321,7 +1321,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-service-ports.lock.yml b/.github/workflows/smoke-service-ports.lock.yml index 6f8d7aee14e..1cf6d572c5c 100644 --- a/.github/workflows/smoke-service-ports.lock.yml +++ b/.github/workflows/smoke-service-ports.lock.yml @@ -108,8 +108,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Service Ports" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -388,7 +388,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1092,7 +1092,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index d01ca86882c..70301e6b0d6 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -117,8 +117,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Temporary ID" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -411,7 +411,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1168,7 +1168,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 4d6f32c3629..4652aaa28d7 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -124,8 +124,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Agent Container Smoke Test" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -430,7 +430,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1134,7 +1134,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index 3f0b85029ac..32ffd963fb4 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -121,8 +121,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Update Cross-Repo PR" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -445,7 +445,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1229,7 +1229,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml index d1d737ed822..eaf096f88ac 100644 --- a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml +++ b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml @@ -126,8 +126,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Workflow Call with Inputs" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -399,7 +399,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1091,7 +1091,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/smoke-workflow-call.lock.yml b/.github/workflows/smoke-workflow-call.lock.yml index c741c028352..cb3c31e6abd 100644 --- a/.github/workflows/smoke-workflow-call.lock.yml +++ b/.github/workflows/smoke-workflow-call.lock.yml @@ -129,8 +129,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Workflow Call" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -398,7 +398,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1082,7 +1082,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index fd836a01beb..9bc19c62ff5 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -108,8 +108,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Stale Repository Identifier" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -473,7 +473,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1193,7 +1193,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index e494d4447f2..930b40054bd 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Static Analysis Report" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -446,7 +446,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1269,7 +1269,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index bf28c2d95e2..e459fe1ea61 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -92,8 +92,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Step Name Alignment" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -376,7 +376,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1141,7 +1141,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index f5469625e8e..0727a5a435f 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -89,8 +89,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Sub-Issue Closer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -345,7 +345,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1063,7 +1063,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 71d646586fa..6331ea0f88b 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -96,8 +96,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Super Linter Report" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -391,7 +391,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1080,7 +1080,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 806457ce2fd..3a2eb7a0e72 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -99,8 +99,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Rebuild the documentation after making changes" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -437,7 +437,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1192,7 +1192,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 1d04cf4719b..421186eb0cd 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -96,8 +96,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Terminal Stylist" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -385,7 +385,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1086,7 +1086,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index cb3bdf23455..4d19cf400b4 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -90,8 +90,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Test Create PR Error Handling" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -375,7 +375,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1129,7 +1129,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index 13532a73088..cff0972c690 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -85,8 +85,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Test Dispatcher Workflow" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -338,7 +338,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1002,7 +1002,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index 7c96835b4ad..cbf973cc75f 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -86,8 +86,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Test Project URL Explicit Requirement" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -338,7 +338,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1063,7 +1063,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index 21233421496..dd02d27e7ca 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -89,8 +89,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Test Workflow" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -322,7 +322,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index ca6649dd633..78f2343303b 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -115,8 +115,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Tidy" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -434,7 +434,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1181,7 +1181,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index 17944094144..3f380a9cc04 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Typist - Go Type Analysis" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -394,7 +394,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1167,7 +1167,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index 3b4a2792a5c..23a32947244 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Ubuntu Actions Image Analyzer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -362,7 +362,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1074,7 +1074,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 248c6a95626..8b904f519bb 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -112,8 +112,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "claude" GH_AW_INFO_ENGINE_NAME: "Claude Code" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_CLAUDE || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "2.1.92" + GH_AW_INFO_AGENT_VERSION: "2.1.92" GH_AW_INFO_WORKFLOW_NAME: "Documentation Unbloat" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -460,7 +460,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -1367,7 +1367,7 @@ jobs: - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Install Claude Code CLI - run: npm install --ignore-scripts -g @anthropic-ai/claude-code@latest + run: npm install --ignore-scripts -g @anthropic-ai/claude-code@2.1.92 - name: Execute Claude Code CLI if: always() && steps.detection_guard.outputs.run_detection == 'true' id: detection_agentic_execution diff --git a/.github/workflows/update-astro.lock.yml b/.github/workflows/update-astro.lock.yml index 3cc08fd2a1b..26b57c1d4ba 100644 --- a/.github/workflows/update-astro.lock.yml +++ b/.github/workflows/update-astro.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Update Astro" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -370,7 +370,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1100,7 +1100,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 897c3c7491e..99b47b0f0aa 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -94,8 +94,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Video Analysis Agent" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -363,7 +363,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1056,7 +1056,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/weekly-blog-post-writer.lock.yml b/.github/workflows/weekly-blog-post-writer.lock.yml index 147a494386a..02716da2e9b 100644 --- a/.github/workflows/weekly-blog-post-writer.lock.yml +++ b/.github/workflows/weekly-blog-post-writer.lock.yml @@ -97,8 +97,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Weekly Blog Post Writer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -417,7 +417,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1164,7 +1164,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index 98789dfeddb..78a6d57a1d3 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -90,8 +90,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Weekly Editors Health Check" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -353,7 +353,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1106,7 +1106,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 714f321c47d..8f7fca510fa 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -100,8 +100,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Weekly Issue Summary" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -396,7 +396,7 @@ jobs: git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1110,7 +1110,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml index c10e6db0a3e..96179f481ab 100644 --- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml +++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml @@ -94,8 +94,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Weekly Safe Outputs Specification Review" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -353,7 +353,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1040,7 +1040,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 2d0c797049d..fc8081ef3b4 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -98,8 +98,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Workflow Generator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -387,7 +387,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1114,7 +1114,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index c705e9dcd1c..02e3567faff 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -96,8 +96,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Workflow Health Manager - Meta-Orchestrator" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -380,7 +380,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1146,7 +1146,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 2d27d24efff..e30934d03c9 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -96,8 +96,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Workflow Normalizer" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -386,7 +386,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1110,7 +1110,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index 5130053d783..9d43820e9f3 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -93,8 +93,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Workflow Skill Extractor" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -351,7 +351,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary @@ -1077,7 +1077,7 @@ jobs: mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/pkg/cli/workflows/example-blocked-domains.lock.yml b/pkg/cli/workflows/example-blocked-domains.lock.yml index de6663f003e..bdea50c2c39 100644 --- a/pkg/cli/workflows/example-blocked-domains.lock.yml +++ b/pkg/cli/workflows/example-blocked-domains.lock.yml @@ -1,3 +1,5 @@ +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"80100e1eccadf076c6f02412860f8dfb229e60d1753790630cb4589468eee780","strict":true,"agent_id":"copilot"} +# gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"ed597411d8f924073f98dfc5c65a23a2325f34cd","version":"v8"},{"repo":"actions/upload-artifact","sha":"bbbca2ddaa5d8feaa63e36b76fdaad77386f024f","version":"v7"}]} # ___ _ _ # / _ \ | | (_) # | |_| | __ _ ___ _ __ | |_ _ ___ @@ -21,11 +23,27 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"80100e1eccadf076c6f02412860f8dfb229e60d1753790630cb4589468eee780","strict":true} +# Secrets used: +# - COPILOT_GITHUB_TOKEN +# - GH_AW_GITHUB_MCP_SERVER_TOKEN +# - GH_AW_GITHUB_TOKEN +# - GITHUB_TOKEN +# +# Custom actions used: +# - actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 +# - actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 +# - actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 +# - actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 name: "Example: Blocked Domains" "on": workflow_dispatch: + inputs: + aw_context: + default: "" + description: Agent caller context (used internally by Agentic Workflows). + required: false + type: string permissions: {} @@ -38,6 +56,7 @@ jobs: activation: runs-on: ubuntu-slim permissions: + actions: read contents: read outputs: comment_id: "" @@ -45,6 +64,7 @@ jobs: lockdown_check_failed: ${{ steps.generate_aw_info.outputs.lockdown_check_failed == 'true' }} model: ${{ steps.generate_aw_info.outputs.model }} secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} + setup-trace-id: ${{ steps.setup.outputs.trace-id }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -54,24 +74,26 @@ jobs: actions persist-credentials: false - name: Setup Scripts + id: setup uses: ./actions/setup with: destination: ${{ runner.temp }}/gh-aw/actions + job-name: ${{ github.job }} - name: Generate agentic run info id: generate_aw_info env: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" - GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} - GH_AW_INFO_VERSION: "" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Example: Blocked Domains" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" GH_AW_INFO_STAGED: "false" GH_AW_INFO_ALLOWED_DOMAINS: '["defaults","github","node"]' GH_AW_INFO_FIREWALL_ENABLED: "true" - GH_AW_INFO_AWF_VERSION: "v0.24.5" + GH_AW_INFO_AWF_VERSION: "v0.25.14" GH_AW_INFO_AWMG_VERSION: "" GH_AW_INFO_FIREWALL_TYPE: "squid" GH_AW_COMPILED_STRICT: "true" @@ -94,12 +116,14 @@ jobs: sparse-checkout: | .github .agents + actions/setup sparse-checkout-cone-mode: true fetch-depth: 1 - name: Check workflow lock file uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_AW_WORKFLOW_FILE: "example-blocked-domains.lock.yml" + GH_AW_CONTEXT_WORKFLOW_REF: "${{ github.workflow_ref }}" with: script: | const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); @@ -117,16 +141,17 @@ jobs: GH_AW_GITHUB_REPOSITORY: ${{ github.repository }} GH_AW_GITHUB_RUN_ID: ${{ github.run_id }} GH_AW_GITHUB_WORKSPACE: ${{ github.workspace }} + # poutine:ignore untrusted_checkout_exec run: | bash ${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh { - cat << 'GH_AW_PROMPT_EOF' + cat << 'GH_AW_PROMPT_77a1437a5522d781_EOF' - GH_AW_PROMPT_EOF + GH_AW_PROMPT_77a1437a5522d781_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" - cat << 'GH_AW_PROMPT_EOF' + cat << 'GH_AW_PROMPT_77a1437a5522d781_EOF' The following GitHub context information is available for this workflow: {{#if __GH_AW_GITHUB_ACTOR__ }} @@ -155,14 +180,12 @@ jobs: {{/if}} - GH_AW_PROMPT_EOF + GH_AW_PROMPT_77a1437a5522d781_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/github_mcp_tools_prompt.md" - cat << 'GH_AW_PROMPT_EOF' + cat << 'GH_AW_PROMPT_77a1437a5522d781_EOF' - GH_AW_PROMPT_EOF - cat << 'GH_AW_PROMPT_EOF' {{#runtime-import example-blocked-domains.md}} - GH_AW_PROMPT_EOF + GH_AW_PROMPT_77a1437a5522d781_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -210,19 +233,23 @@ jobs: - name: Validate prompt placeholders env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + # poutine:ignore untrusted_checkout_exec run: bash ${RUNNER_TEMP}/gh-aw/actions/validate_prompt_placeholders.sh - name: Print prompt env: GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt + # poutine:ignore untrusted_checkout_exec run: bash ${RUNNER_TEMP}/gh-aw/actions/print_prompt_summary.sh - name: Upload activation artifact if: success() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: activation path: | /tmp/gh-aw/aw_info.json /tmp/gh-aw/aw-prompts/prompt.txt + /tmp/gh-aw/github_rate_limits.jsonl + if-no-files-found: ignore retention-days: 1 agent: @@ -234,8 +261,10 @@ jobs: GH_AW_WORKFLOW_ID_SANITIZED: exampleblockeddomains outputs: checkout_pr_success: ${{ steps.checkout-pr.outputs.checkout_pr_success || 'true' }} + effective_tokens: ${{ steps.parse-mcp-gateway.outputs.effective_tokens }} inference_access_error: ${{ steps.detect-inference-error.outputs.inference_access_error || 'false' }} model: ${{ needs.activation.outputs.model }} + setup-trace-id: ${{ steps.setup.outputs.trace-id }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -245,9 +274,12 @@ jobs: actions persist-credentials: false - name: Setup Scripts + id: setup uses: ./actions/setup with: destination: ${{ runner.temp }}/gh-aw/actions + job-name: ${{ github.job }} + trace-id: ${{ needs.activation.outputs.setup-trace-id }} - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: @@ -262,18 +294,19 @@ jobs: env: REPO_NAME: ${{ github.repository }} SERVER_URL: ${{ github.server_url }} + GITHUB_TOKEN: ${{ github.token }} run: | git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" git config --global am.keepcr true # Re-authenticate git with GitHub token SERVER_URL_STRIPPED="${SERVER_URL#https://}" - git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Checkout PR branch id: checkout-pr if: | - (github.event.pull_request) || (github.event.issue.pull_request) + github.event.pull_request || github.event.issue.pull_request uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: GH_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -285,11 +318,11 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary - run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.24.5 + run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.14 - name: Determine automatic lockdown mode for GitHub MCP Server id: determine-automatic-lockdown uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 @@ -301,7 +334,7 @@ jobs: const determineAutomaticLockdown = require('${{ runner.temp }}/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash ${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.24.5 ghcr.io/github/gh-aw-firewall/api-proxy:0.24.5 ghcr.io/github/gh-aw-firewall/squid:0.24.5 ghcr.io/github/gh-aw-mcpg:v0.1.19 ghcr.io/github/github-mcp-server:v0.32.0 + run: bash ${RUNNER_TEMP}/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-firewall/agent:0.25.14 ghcr.io/github/gh-aw-firewall/api-proxy:0.25.14 ghcr.io/github/gh-aw-firewall/squid:0.25.14 ghcr.io/github/gh-aw-mcpg:v0.2.15 ghcr.io/github/github-mcp-server:v0.32.0 - name: Start MCP Gateway id: start-mcp-gateway env: @@ -324,10 +357,10 @@ jobs: export DEBUG="*" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.1.19' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.2.15' mkdir -p /home/runner/.copilot - cat << GH_AW_MCP_CONFIG_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh + cat << GH_AW_MCP_CONFIG_a5a8e3decda294f8_EOF | bash ${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.sh { "mcpServers": { "github": { @@ -354,7 +387,7 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_EOF + GH_AW_MCP_CONFIG_a5a8e3decda294f8_EOF - name: Download activation artifact uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: @@ -371,8 +404,8 @@ jobs: set -o pipefail touch /tmp/gh-aw/agent-step-summary.md # shellcheck disable=SC1003 - sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --allow-domains "*.githubusercontent.com,*.jsr.io,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,cdn.jsdelivr.net,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,docs.github.com,esm.sh,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.blog,github.com,github.githubassets.com,googleapis.deno.dev,googlechromelabs.github.io,host.docker.internal,json-schema.org,json.schemastore.org,jsr.io,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,storage.googleapis.com,telemetry.enterprise.githubcopilot.com,telemetry.vercel.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com,www.npmjs.com,www.npmjs.org,yarnpkg.com" --block-domains "analytics.example.com,tracker.example.com" --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.24.5 --skip-pull --enable-api-proxy \ - -- /bin/bash -c '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --allow-all-paths --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log + sudo -E awf --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --allow-domains '*.githubusercontent.com,api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.npms.io,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,bun.sh,cdn.jsdelivr.net,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,deb.nodesource.com,deno.land,docs.github.com,esm.sh,get.pnpm.io,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.blog,github.com,github.githubassets.com,googleapis.deno.dev,googlechromelabs.github.io,host.docker.internal,json-schema.org,json.schemastore.org,jsr.io,keyserver.ubuntu.com,lfs.github.com,nodejs.org,npm.pkg.github.com,npmjs.com,npmjs.org,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.bower.io,registry.npmjs.com,registry.npmjs.org,registry.yarnpkg.com,repo.yarnpkg.com,s.symcb.com,s.symcd.com,security.ubuntu.com,skimdb.npmjs.com,storage.googleapis.com,telemetry.enterprise.githubcopilot.com,telemetry.vercel.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com,www.npmjs.com,www.npmjs.org,yarnpkg.com' --block-domains analytics.example.com,tracker.example.com --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --enable-host-access --image-tag 0.25.14 --skip-pull --enable-api-proxy \ + -- /bin/bash -c '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --allow-all-tools --allow-all-paths --add-dir "${GITHUB_WORKSPACE}" --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: COPILOT_AGENT_RUNNER_TYPE: STANDALONE COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} @@ -403,31 +436,19 @@ jobs: env: REPO_NAME: ${{ github.repository }} SERVER_URL: ${{ github.server_url }} + GITHUB_TOKEN: ${{ github.token }} run: | git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" git config --global am.keepcr true # Re-authenticate git with GitHub token SERVER_URL_STRIPPED="${SERVER_URL#https://}" - git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always() continue-on-error: true - run: | - # Copy Copilot session state files to logs folder for artifact collection - # This ensures they are in /tmp/gh-aw/ where secret redaction can scan them - SESSION_STATE_DIR="$HOME/.copilot/session-state" - LOGS_DIR="/tmp/gh-aw/sandbox/agent/logs" - - if [ -d "$SESSION_STATE_DIR" ]; then - echo "Copying Copilot session state files from $SESSION_STATE_DIR to $LOGS_DIR" - mkdir -p "$LOGS_DIR" - cp -v "$SESSION_STATE_DIR"/*.jsonl "$LOGS_DIR/" 2>/dev/null || true - echo "Session state files copied successfully" - else - echo "No session-state directory found at $SESSION_STATE_DIR" - fi + run: bash ${RUNNER_TEMP}/gh-aw/actions/copy_copilot_session_state.sh - name: Stop MCP Gateway if: always() continue-on-error: true @@ -468,6 +489,7 @@ jobs: await main(); - name: Parse MCP Gateway logs for step summary if: always() + id: parse-mcp-gateway uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | @@ -490,10 +512,20 @@ jobs: else echo 'AWF binary not installed, skipping firewall log summary' fi + - name: Parse token usage for step summary + if: always() + continue-on-error: true + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + with: + script: | + const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs'); + setupGlobals(core, github, context, exec, io); + const { main } = require('${{ runner.temp }}/gh-aw/actions/parse_token_usage.cjs'); + await main(); - name: Upload agent artifacts if: always() continue-on-error: true - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: agent path: | @@ -501,8 +533,19 @@ jobs: /tmp/gh-aw/sandbox/agent/logs/ /tmp/gh-aw/redacted-urls.log /tmp/gh-aw/mcp-logs/ - /tmp/gh-aw/sandbox/firewall/logs/ + /tmp/gh-aw/agent_usage.json /tmp/gh-aw/agent-stdio.log /tmp/gh-aw/agent/ + /tmp/gh-aw/github_rate_limits.jsonl + if-no-files-found: ignore + - name: Upload firewall audit logs + if: always() + continue-on-error: true + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 + with: + name: firewall-audit-logs + path: | + /tmp/gh-aw/sandbox/firewall/logs/ + /tmp/gh-aw/sandbox/firewall/audit/ if-no-files-found: ignore diff --git a/pkg/constants/version_constants.go b/pkg/constants/version_constants.go index 821d3516790..fb80e43d15f 100644 --- a/pkg/constants/version_constants.go +++ b/pkg/constants/version_constants.go @@ -32,16 +32,16 @@ func (v Version) IsValid() bool { type ModelName string // DefaultClaudeCodeVersion is the default version of the Claude Code CLI. -const DefaultClaudeCodeVersion Version = "latest" +const DefaultClaudeCodeVersion Version = "2.1.92" // DefaultCopilotVersion is the default version of the GitHub Copilot CLI. -const DefaultCopilotVersion Version = "latest" +const DefaultCopilotVersion Version = "1.0.20" // DefaultCodexVersion is the default version of the OpenAI Codex CLI -const DefaultCodexVersion Version = "latest" +const DefaultCodexVersion Version = "0.118.0" // DefaultGeminiVersion is the default version of the Google Gemini CLI -const DefaultGeminiVersion Version = "latest" +const DefaultGeminiVersion Version = "0.36.0" // DefaultGitHubMCPServerVersion is the default version of the GitHub MCP server Docker image const DefaultGitHubMCPServerVersion Version = "v0.32.0" diff --git a/pkg/workflow/compiler_orchestrator_workflow.go b/pkg/workflow/compiler_orchestrator_workflow.go index 32fa4427f9c..6e43cc1f94a 100644 --- a/pkg/workflow/compiler_orchestrator_workflow.go +++ b/pkg/workflow/compiler_orchestrator_workflow.go @@ -74,6 +74,11 @@ func (c *Compiler) ParseWorkflowFile(markdownPath string) (*WorkflowData, error) return nil, fmt.Errorf("%s: %w", cleanPath, err) } + // Validate engine version: warn when engine.version is explicitly set to "latest" + if err := c.validateEngineVersion(workflowData); err != nil { + return nil, fmt.Errorf("%s: %w", cleanPath, err) + } + // Validate that inlined-imports is not used with agent file imports. // Agent files require runtime access and cannot be resolved without sources. if workflowData.InlinedImports && engineSetup.importsResult.AgentFile != "" { diff --git a/pkg/workflow/copilot_installer.go b/pkg/workflow/copilot_installer.go index 87e1734781e..690c9d6107e 100644 --- a/pkg/workflow/copilot_installer.go +++ b/pkg/workflow/copilot_installer.go @@ -9,8 +9,7 @@ var copilotInstallerLog = logger.New("workflow:copilot_installer") // GenerateCopilotInstallerSteps creates GitHub Actions steps to install the Copilot CLI using the official installer. func GenerateCopilotInstallerSteps(version, stepName string) []GitHubActionStep { - // If no version is specified, use the default version from constants. - // "latest" means the installer will use the latest available release. + // If no version is specified, use the pinned default version from constants. if version == "" { version = string(constants.DefaultCopilotVersion) copilotInstallerLog.Printf("No version specified, using default: %s", version) diff --git a/pkg/workflow/engine_helpers.go b/pkg/workflow/engine_helpers.go index 3a2162af356..dd6cb5fbf71 100644 --- a/pkg/workflow/engine_helpers.go +++ b/pkg/workflow/engine_helpers.go @@ -172,13 +172,16 @@ func BuildStandardNpmEngineInstallSteps( } // Add npm package installation steps (includes Node.js setup) + // Always pass false for runInstallScripts: engine CLI installs must never run + // pre/post install scripts regardless of the workflow's run-install-scripts setting. + // This is a supply chain security requirement for the engine binary itself. return GenerateNpmInstallSteps( packageName, version, stepName, cacheKeyPrefix, - true, // Include Node.js setup - workflowData.RunInstallScripts, + true, // Include Node.js setup + false, // Always disable scripts for engine CLI installs ) } diff --git a/pkg/workflow/engine_validation.go b/pkg/workflow/engine_validation.go index c36ed0831c1..9926ed8e041 100644 --- a/pkg/workflow/engine_validation.go +++ b/pkg/workflow/engine_validation.go @@ -36,14 +36,45 @@ package workflow import ( "encoding/json" "fmt" + "os" "strings" + "github.com/github/gh-aw/pkg/console" "github.com/github/gh-aw/pkg/constants" "github.com/github/gh-aw/pkg/parser" ) var engineValidationLog = newValidationLogger("engine") +// validateEngineVersion warns (non-strict) or errors (strict) when the workflow +// explicitly pins the engine CLI to "latest". Unpinned "latest" versions change +// unpredictably and undermine supply chain security guarantees. +func (c *Compiler) validateEngineVersion(workflowData *WorkflowData) error { + if workflowData.EngineConfig == nil || workflowData.EngineConfig.Version == "" { + // No explicit version set; the compiler uses its own pinned default. + return nil + } + + if !strings.EqualFold(workflowData.EngineConfig.Version, "latest") { + return nil + } + + engineValidationLog.Print("engine.version: latest detected") + + warningMsg := "engine.version: latest is set – the engine CLI will be installed without a pinned version. " + + "This is a supply chain security risk: unpinned 'latest' versions can change unexpectedly " + + "and may introduce vulnerabilities or breaking changes. " + + "Pin the engine version to a specific version for reproducibility and security." + + if c.strictMode { + return fmt.Errorf("strict mode: %s", warningMsg) + } + + fmt.Fprintln(os.Stderr, console.FormatWarningMessage(warningMsg)) + c.IncrementWarningCount() + return nil +} + // validateEngineInlineDefinition validates an inline engine definition parsed from // engine.runtime + optional engine.provider in the workflow frontmatter. // Returns an error if: diff --git a/pkg/workflow/engine_validation_test.go b/pkg/workflow/engine_validation_test.go index d12366424f5..6d19677f9cc 100644 --- a/pkg/workflow/engine_validation_test.go +++ b/pkg/workflow/engine_validation_test.go @@ -212,3 +212,79 @@ func TestValidateSingleEngineSpecificationErrorMessageQuality(t *testing.T) { } }) } + +// TestValidateEngineVersion tests the validateEngineVersion function +func TestValidateEngineVersion(t *testing.T) { + tests := []struct { + name string + engineCfg *EngineConfig + strictMode bool + expectWarn bool + expectError bool + }{ + { + name: "no engine config", + engineCfg: nil, + expectWarn: false, + expectError: false, + }, + { + name: "empty version", + engineCfg: &EngineConfig{Version: ""}, + expectWarn: false, + expectError: false, + }, + { + name: "pinned version", + engineCfg: &EngineConfig{Version: "2.1.92"}, + expectWarn: false, + expectError: false, + }, + { + name: "latest version non-strict", + engineCfg: &EngineConfig{Version: "latest"}, + strictMode: false, + expectWarn: true, + expectError: false, + }, + { + name: "LATEST uppercase non-strict", + engineCfg: &EngineConfig{Version: "LATEST"}, + strictMode: false, + expectWarn: true, + expectError: false, + }, + { + name: "latest version strict mode", + engineCfg: &EngineConfig{Version: "latest"}, + strictMode: true, + expectWarn: false, + expectError: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + compiler := NewCompiler() + compiler.strictMode = tt.strictMode + + workflowData := &WorkflowData{ + EngineConfig: tt.engineCfg, + } + + err := compiler.validateEngineVersion(workflowData) + + if tt.expectError { + if err == nil { + t.Error("Expected error but got none") + } else if !strings.Contains(err.Error(), "strict mode") { + t.Errorf("Expected strict mode error, got: %s", err.Error()) + } + } else { + if err != nil { + t.Errorf("Expected no error but got: %v", err) + } + } + }) + } +} diff --git a/pkg/workflow/test-yaml-import.lock.yml b/pkg/workflow/test-yaml-import.lock.yml index 3fbdae4e075..25c0008e707 100644 --- a/pkg/workflow/test-yaml-import.lock.yml +++ b/pkg/workflow/test-yaml-import.lock.yml @@ -127,7 +127,7 @@ jobs: env: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI - run: ${{ runner.temp }}/gh-aw/actions/install_copilot_cli.sh 0.0.402 + run: ${{ runner.temp }}/gh-aw/actions/install_copilot_cli.sh 1.0.20 - name: Install AWF binary run: bash ${{ runner.temp }}/gh-aw/actions/install_awf_binary.sh v0.13.4 - name: Determine automatic lockdown mode for GitHub MCP server diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden index 4dd4dde77ec..0cbc8b341ba 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/basic-copilot.golden @@ -51,8 +51,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "basic-copilot-test" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -289,7 +289,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden index f0cb9f1897e..a4af896acd3 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/smoke-copilot.golden @@ -60,8 +60,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "Smoke Copilot" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -403,7 +403,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 - name: Install AWF binary run: bash ${RUNNER_TEMP}/gh-aw/actions/install_awf_binary.sh v0.25.3 - name: Determine automatic lockdown mode for GitHub MCP Server diff --git a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden index 3521657c781..bd401eb6f02 100644 --- a/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden +++ b/pkg/workflow/testdata/TestWasmGolden_CompileFixtures/with-imports.golden @@ -51,8 +51,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "with-imports-test" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -290,7 +290,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/pkg/workflow/testdata/wasm_golden/WasmBinary/basic-copilot.golden b/pkg/workflow/testdata/wasm_golden/WasmBinary/basic-copilot.golden index 5c328161546..f3525a45f46 100644 --- a/pkg/workflow/testdata/wasm_golden/WasmBinary/basic-copilot.golden +++ b/pkg/workflow/testdata/wasm_golden/WasmBinary/basic-copilot.golden @@ -46,8 +46,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "basic-copilot-test" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -278,7 +278,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary diff --git a/pkg/workflow/testdata/wasm_golden/WasmBinary/with-imports.golden b/pkg/workflow/testdata/wasm_golden/WasmBinary/with-imports.golden index b99f9828e11..8a1989ace49 100644 --- a/pkg/workflow/testdata/wasm_golden/WasmBinary/with-imports.golden +++ b/pkg/workflow/testdata/wasm_golden/WasmBinary/with-imports.golden @@ -46,8 +46,8 @@ jobs: GH_AW_INFO_ENGINE_ID: "copilot" GH_AW_INFO_ENGINE_NAME: "GitHub Copilot CLI" GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || 'auto' }} - GH_AW_INFO_VERSION: "latest" - GH_AW_INFO_AGENT_VERSION: "latest" + GH_AW_INFO_VERSION: "1.0.20" + GH_AW_INFO_AGENT_VERSION: "1.0.20" GH_AW_INFO_WORKFLOW_NAME: "with-imports-test" GH_AW_INFO_EXPERIMENTAL: "false" GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: "true" @@ -281,7 +281,7 @@ jobs: const { main } = require('${{ runner.temp }}/gh-aw/actions/checkout_pr_branch.cjs'); await main(); - name: Install GitHub Copilot CLI - run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh latest + run: ${RUNNER_TEMP}/gh-aw/actions/install_copilot_cli.sh 1.0.20 env: GH_HOST: github.com - name: Install AWF binary