Fix 4 codex-identified bugs #26
Conversation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Previously exited with SUCCESS (0) even when secrets found, causing Claude to ignore the deny decision. Per hooks.md: 'Claude Code does not see stdout if the exit code is 0'. Fixes codex review comment on PR #4. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Previously only checked HEAD~1, missing changes in earlier commits when multiple commits pushed together. Now uses github.event.before to capture full push range. Fixes codex review comment on PR #25. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Previously tagged HEAD after git pull, which could include commits that landed after the version bump. Now explicitly tags the commit_sha from the workflow dispatch payload. Fixes codex review comment on PR #25. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Creates agent definitions referenced in implement.md Wave 1b: - plan-implementation: Script structure and dependencies - plan-testing: Bats test strategy and edge cases - plan-security: Input validation and secret handling - plan-devops: Portability and CI/CD considerations Fixes codex review comment on PR #20. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cb316f056d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # Get changed files since push started (handles multi-commit pushes) | ||
| if [ "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]; then | ||
| CHANGED_FILES=$(git diff --name-only "${{ github.event.before }}" HEAD) | ||
| else |
There was a problem hiding this comment.
For workflow_dispatch runs, github.event.before is not set, so this branch executes git diff --name-only "" HEAD. Git treats an empty revision as invalid (see git diff usage: git diff [<options>] [<commit>] ...), which exits non‑zero; with the default bash -e this aborts the job before any manual bump can run. This change therefore breaks manual executions of the workflow unless before is present; consider checking for a non-empty SHA before using it and falling back to the existing HEAD~1 logic.
Useful? React with 👍 / 👎.
1 participant
Summary
Test plan
test_maintests)/implementcommand🤖 Generated with Claude Code