From f85130c8308ba09c71d210c4121f0a3b52043ccc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 6 Jan 2026 19:53:39 +0000 Subject: [PATCH 1/4] Initial plan From 78c24f63d93c0b59a721ff49a4bf2349fcc8df1a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 6 Jan 2026 20:00:28 +0000 Subject: [PATCH 2/4] Update Codex CLI version from 0.77.0 to 0.78.0 Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- pkg/constants/constants.go | 2 +- pkg/constants/constants_test.go | 2 +- specs/layout.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 2f0cb5cb41..caf0236a32 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -226,7 +226,7 @@ const ( ) // DefaultCodexVersion is the default version of the OpenAI Codex CLI -const DefaultCodexVersion Version = "0.77.0" +const DefaultCodexVersion Version = "0.78.0" // DefaultGitHubMCPServerVersion is the default version of the GitHub MCP server Docker image const DefaultGitHubMCPServerVersion Version = "v0.27.0" diff --git a/pkg/constants/constants_test.go b/pkg/constants/constants_test.go index 4090bf6d8f..98e351d7ba 100644 --- a/pkg/constants/constants_test.go +++ b/pkg/constants/constants_test.go @@ -268,7 +268,7 @@ func TestVersionConstants(t *testing.T) { }{ {"DefaultClaudeCodeVersion", DefaultClaudeCodeVersion, "2.0.76"}, {"DefaultCopilotVersion", DefaultCopilotVersion, "0.0.374"}, - {"DefaultCodexVersion", DefaultCodexVersion, "0.77.0"}, + {"DefaultCodexVersion", DefaultCodexVersion, "0.78.0"}, {"DefaultGitHubMCPServerVersion", DefaultGitHubMCPServerVersion, "v0.27.0"}, {"DefaultSandboxRuntimeVersion", DefaultSandboxRuntimeVersion, "0.0.23"}, {"DefaultFirewallVersion", DefaultFirewallVersion, "v0.8.1"}, diff --git a/specs/layout.md b/specs/layout.md index 68b5503b7e..a04a86d8eb 100644 --- a/specs/layout.md +++ b/specs/layout.md @@ -265,7 +265,7 @@ All action scripts are copied from `actions/setup/js/*.cjs` and `actions/setup/s |----------|------|-------|-------------| | `DefaultCopilotVersion` | `Version` | `"0.0.374"` | GitHub Copilot CLI version | | `DefaultClaudeCodeVersion` | `Version` | `"2.0.76"` | Claude Code CLI version | -| `DefaultCodexVersion` | `Version` | `"0.77.0"` | OpenAI Codex CLI version | +| `DefaultCodexVersion` | `Version` | `"0.78.0"` | OpenAI Codex CLI version | | `DefaultGitHubMCPServerVersion` | `Version` | `"v0.27.0"` | GitHub MCP server Docker image | | `DefaultFirewallVersion` | `Version` | `"v0.8.1"` | gh-aw-firewall (AWF) binary | | `DefaultPlaywrightMCPVersion` | `Version` | `"0.0.54"` | @playwright/mcp package | From 3395cc65ba03e137de1c1f0beacd2a802eaeb25a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 6 Jan 2026 20:07:00 +0000 Subject: [PATCH 3/4] Recompile workflow lock files with Codex CLI 0.78.0 Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- .github/workflows/changeset.lock.yml | 4 ++-- .github/workflows/daily-fact.lock.yml | 6 +++--- .github/workflows/daily-issues-report.lock.yml | 6 +++--- .github/workflows/daily-performance-summary.lock.yml | 6 +++--- .github/workflows/deep-report.lock.yml | 6 +++--- .github/workflows/duplicate-code-detector.lock.yml | 6 +++--- .github/workflows/issue-arborist.lock.yml | 6 +++--- .github/workflows/smoke-codex-firewall.lock.yml | 6 +++--- .github/workflows/smoke-codex.lock.yml | 6 +++--- 9 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index 7781ec955c..b7cb2b3abb 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -184,7 +184,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -456,7 +456,7 @@ jobs: engine_name: "Codex", model: "gpt-5-mini", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Changeset Generator", experimental: true, supports_tools_allowlist: true, diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index cb2a8a6254..3d8a7001b5 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -130,7 +130,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -329,7 +329,7 @@ jobs: engine_name: "Codex", model: "gpt-5-mini", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Daily Fact About gh-aw", experimental: true, supports_tools_allowlist: true, @@ -882,7 +882,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 16893c5cb1..c892e7e50b 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -197,7 +197,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -498,7 +498,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Daily Issues Report Generator", experimental: true, supports_tools_allowlist: true, @@ -1998,7 +1998,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 05facddf4a..8d0f7d22a0 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -187,7 +187,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -887,7 +887,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Daily Project Performance Summary Generator (Using Safe Inputs)", experimental: true, supports_tools_allowlist: true, @@ -1952,7 +1952,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 0481431463..be29b6cae8 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -198,7 +198,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -445,7 +445,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "DeepReport - Intelligence Gathering Agent", experimental: true, supports_tools_allowlist: true, @@ -1494,7 +1494,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index e1d541194c..3086bed2a7 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -151,7 +151,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -400,7 +400,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Duplicate Code Detector", experimental: true, supports_tools_allowlist: true, @@ -1133,7 +1133,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index effe11104a..b7bfdf6651 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -149,7 +149,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -479,7 +479,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Issue Arborist", experimental: true, supports_tools_allowlist: true, @@ -1202,7 +1202,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/smoke-codex-firewall.lock.yml b/.github/workflows/smoke-codex-firewall.lock.yml index 0dee6df452..d263529fdc 100644 --- a/.github/workflows/smoke-codex-firewall.lock.yml +++ b/.github/workflows/smoke-codex-firewall.lock.yml @@ -165,7 +165,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -504,7 +504,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Smoke Codex Firewall", experimental: true, supports_tools_allowlist: true, @@ -1031,7 +1031,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index e074b0bfb6..349f208a90 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -188,7 +188,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Install awf binary run: | echo "Installing awf via installer script (requested version: v0.8.1)" @@ -558,7 +558,7 @@ jobs: engine_name: "Codex", model: process.env.GH_AW_MODEL_AGENT_CODEX || "", version: "", - agent_version: "0.77.0", + agent_version: "0.78.0", workflow_name: "Smoke Codex", experimental: true, supports_tools_allowlist: true, @@ -1120,7 +1120,7 @@ jobs: node-version: '24' package-manager-cache: false - name: Install Codex - run: npm install -g --silent @openai/codex@0.77.0 + run: npm install -g --silent @openai/codex@0.78.0 - name: Run Codex run: | set -o pipefail From 4348d83df560f3cac6992087e1208cf6bf30a381 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 6 Jan 2026 21:09:46 +0000 Subject: [PATCH 4/4] Add changeset [skip-ci] --- .changeset/patch-bump-codex-cli-to-0-78-0.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .changeset/patch-bump-codex-cli-to-0-78-0.md diff --git a/.changeset/patch-bump-codex-cli-to-0-78-0.md b/.changeset/patch-bump-codex-cli-to-0-78-0.md new file mode 100644 index 0000000000..6fa0915539 --- /dev/null +++ b/.changeset/patch-bump-codex-cli-to-0-78-0.md @@ -0,0 +1,14 @@ +--- +"gh-aw": patch +--- + +Bump Codex CLI default version to 0.78.0. + +This updates the repository to reference `@openai/codex@0.78.0` (used by workflows), +and aligns the `DefaultCodexVersion` constant and related tests/docs with the new +version. Changes include security hardening, reliability fixes, and UX improvements. + +Files affected in the PR: constants, tests, docs, and recompiled workflow lock files. + +Fixes: githubnext/gh-aw#9159 +