Move "Generate agentic run info" to activation job; merge workflow overview into it; rename activation artifact

[Copilot]

aw_info.json was generated in the agent job, too late for it to be bundled with the prompt and available at activation time. This moves generate_aw_info into the activation job and merges the workflow overview summary directly into that step, consolidating all activation files into a single activation artifact.

Compiler changes

• compiler_activation_jobs.go: Runs generate_aw_info as the first step after setup in the activation job (before validate-secret, validate-context-variables, and all other steps); exposes model as an activation job output; renames the uploaded artifact from prompt to activation and includes both aw_info.json and prompt.txt
• compiler_yaml.go: Adds a step-level env: section to generate_aw_info so the model env var resolves from vars.* in the activation job context; merges the workflow overview summary call (generateWorkflowOverview) into the end of the generate_aw_info inline script — there is now a single combined step; removes the standalone generateWorkflowOverviewStep function
• compiler_yaml_main_job.go: Removes the generate_aw_info step; removes the generate_workflow_overview step; downloads the activation artifact (instead of prompt) to /tmp/gh-aw to restore both files; removes aw_info.json from agent-artifacts paths; updates model output to ${{ needs.activation.outputs.model }}

Activation job step order (new)

1. Checkout actions folder
2. Setup Scripts — sets up /opt/gh-aw/actions
3. Generate agentic run info — first step after setup; writes /tmp/gh-aw/aw_info.json, sets model output, and writes the step summary via generateWorkflowOverview
4. Validate secret
5. Validate context variables
6. Checkout .github and .agents folders
7. Check workflow file timestamps
8. … (other activation steps)
9. Create prompt
10. Upload activation artifact — uploads aw_info.json + prompt.txt

Activation artifact structure (new)

- name: Upload activation artifact
  uses: actions/upload-artifact@...
  with:
    name: activation
    path: |
      /tmp/gh-aw/aw_info.json
      /tmp/gh-aw/aw-prompts/prompt.txt

CLI logs/audit

• logs_download.go: Adds flattenActivationArtifact to handle the multi-file activation/ artifact downloaded by gh run download, moving aw_info.json and aw-prompts/prompt.txt to the expected root-level paths. Old single-file prompt artifacts remain handled by flattenSingleFileArtifacts for backward compatibility.
• logs_download_test.go: Adds TestFlattenActivationArtifact to verify that after flattening, aw_info.json lands at the root output directory (required by the audit command for engine detection) and aw-prompts/prompt.txt lands at its expected path.

All 162 workflow lock files recompiled; golden tests updated.

Original prompt

Update the go compiler to Move the step "generate agent info" into the activation job, before prompt generation.

Rename the artifact upload in the activation job to "activation"

Add the generated aw_info.json file in the activation artifact

Update the go logs download and audit command to handle new artifact name and the new location of aw_info.json

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

---

Changeset

• Type: patch
• Description: Move the generated run info/workflow overview steps into the activation job and upload them together in the new activation artifact so the prompt generator and logs/audit can read aw_info.json earlier.

Generated by Changeset Generator for issue #18843

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• github.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "github.com"

See Network Configuration for more information.

---

---

✨ PR Review Safe Output Test - Run 22524436360

💥 [THE END] — Illustrated by Smoke Claude

---

Changeset

• Type: patch
• Description: Move the generated run info/workflow overview into the activation job and upload aw_info.json along with the prompt in the new activation artifact so activation-time flows and logs read the data sooner.

Generated by Changeset Generator for issue #18843

Warning

⚠️ Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

• codeload.github.com
• github.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "codeload.github.com"
    - "github.com"

See Network Configuration for more information.

---

---

✨ PR Review Safe Output Test - Run 22524720389

💥 [THE END] — Illustrated by Smoke Claude

[Copilot]

Copilot wasn't able to review this pull request because it exceeds the maximum number of lines (20,000). Try reducing the number of changed lines and requesting a review from Copilot again.

[pelikhan]

@copilot review uses of aw_info.json in agent job and ensure it is using needs.activation.outputs...
Fix tests in https://github.com/github/gh-aw/actions/runs/22522518007/job/65249463007?pr=18843

[Copilot]

@copilot review uses of aw_info.json in agent job and ensure it is using needs.activation.outputs...
Fix tests in https://github.com/github/gh-aw/actions/runs/22522518007/job/652494...

Fixed in fae505a. The failing TestStepSummaryIncludesWorkflowOverview test was still looking for "Download prompt artifact" — updated to "Download activation artifact" to match the renamed step. Also updated the comment in aw_info_before_validate_secret_test.go to reflect that both validate-secret and generate_aw_info now live in the activation job (not agent job).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh auth status x_amd64/vet --no�� .lock.yml .cfg x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh auth status x_amd64/vet --no�� --noprofile .cfg x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --property=CPUQu--check --property=Memor/tmp/validate-js-2094170599.cjs 64/pkg/tool/linux_amd64/vet -20 bin/WALinuxAgent-2.15.1.3-py3.12.egg .cfg 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha --get-regexp --global x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha get --local x_amd64/vet http.https://gitgit (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build1247562346/b091/vet.cfg 7562346/b273/vet.cfg (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha se 1537160/b229/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha se 1537160/b220/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6.0.2
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6.0.2 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6.0.2 --jq .object.sha se 1537160/b071/vet.cfg .cfg (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6.0.2 --jq .object.sha /var/log (http block)
• https://api.github.com/repos/actions/complex/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/complex/git/ref/tags/v1 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/complex/git/ref/tags/v1 --jq .object.sha kflow.test 1537160/b231/vet.cfg ortcfg.link st.go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha se 1537160/b230/vet.cfg ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --get-regexp --global x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --noprofile .cfg 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha -unreachable=false /tmp/go-build1247562346/b088/vet.cfg rgo/bin/bash (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6.2.0
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6.2.0 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6.2.0 --jq .object.sha /var/log (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6.2.0 --jq .object.sha g_.a (http block)
• https://api.github.com/repos/actions/setup-python/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-python/git/ref/tags/v5 --jq .object.sha --noprofile .cfg 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-python/git/ref/tags/v5 --jq .object.sha -test.paniconexit0 -test.timeout=10m0s ache/node/24.13.1/x64/bin/node -test.run=TestAwnode (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /tmp/go-build2134116965/b001/workflow.test /tmp/go-build2134116965/b001/workflow.test -test.testlogfile=/tmp/go-build2134116965/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.run=Test (http block)
  • Triggering command: /tmp/go-build888460830/b001/workflow.test /tmp/go-build888460830/b001/workflow.test -test.testlogfile=/tmp/go-build888460830/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha --abbrev-ref .cfg x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha copilot/update-activation-job-lo-errorsas (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha -unreachable=false /tmp/go-build1247562346/b115/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/githubnext/this-repo-definitely-does-not-exist-12345
  • Triggering command: /tmp/go-build2134116965/b001/workflow.test /tmp/go-build2134116965/b001/workflow.test -test.testlogfile=/tmp/go-build2134116965/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -test.run=Test (http block)
  • Triggering command: /tmp/go-build888460830/b001/workflow.test /tmp/go-build888460830/b001/workflow.test -test.testlogfile=/tmp/go-build888460830/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges...

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[pelikhan]

@copilot move generate workflow overview to the activation job

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[Copilot]

@copilot move generate workflow overview to the activation job

Done in f8f1217. The "Generate workflow overview" step is now in the activation job, placed after generate_aw_info (so aw_info.json is available) and before the artifact upload. It was removed from the agent job. All 162 lock files recompiled.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh gh auth status x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=invalid -f name=format/too/many/slashes (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6.0.2
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6.0.2 --jq .object.sha (http block)
• https://api.github.com/repos/actions/complex/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/complex/git/ref/tags/v1 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v5 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6.2.0
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6.2.0 --jq .object.sha (http block)
• https://api.github.com/repos/actions/setup-python/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-python/git/ref/tags/v5 --jq .object.sha (http block)
• https://api.github.com/repos/different-owner/different-repo/commits/main
  • Triggering command: /usr/bin/gh /usr/bin/gh api /repos/different-owner/different-repo/commits/main --jq .sha ./../pkg/workflow/js/**/*.json' --ignore-path (http block)
• https://api.github.com/repos/different-owner/different-repo/contents/workflows/workflow.md
  • Triggering command: /tmp/go-build41972715/b356/cli.test /tmp/go-build41972715/b356/cli.test -test.testlogfile=/tmp/go-build41972715/b356/testlog.txt -test.paniconexit0 -test.timeout=10m0s ules�� f/tags/v4 -test.timeout=10owner=github r: $owner, name:-f -test.run=TestStinfocmp (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /tmp/go-build34087904/b001/workflow.test /tmp/go-build34087904/b001/workflow.test -test.testlogfile=/tmp/go-build34087904/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha se 6838467/b248/vet.prettierignore 1/x64/bin/node (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha git status --porcelain --ignore-submodules | head -n 10 (http block)
• https://api.github.com/repos/githubnext/this-repo-definitely-does-not-exist-12345
  • Triggering command: /tmp/go-build34087904/b001/workflow.test /tmp/go-build34087904/b001/workflow.test -test.testlogfile=/tmp/go-build34087904/b001/testlog.txt -test.paniconexit0 -test.timeout=10m0s (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[pelikhan]

@copilot make sure audit command can find aw_info.json and prompt.txt in https://github.com/github/gh-aw/actions/runs/22524436360/job/65254212703

[github-actions]

Agent Container Tool Check

Tool	Status	Version
bash	✅	5.2.21
sh	✅	available
git	✅	2.53.0
jq	✅	1.7
yq	✅	v4.52.4
curl	✅	8.5.0
gh	✅	2.87.3
node	✅	v20.20.0
python3	✅	3.12.3
go	✅	1.24.13
java	✅	10.0.102
dotnet	✅	10.0.102

Result: 12/12 tools available ✅

Overall Status: PASS

🔧 Tool validation by Agent Container Smoke Test

[github-actions]

🤖 Smoke Test Report — §22524720391

Test
GitHub MCP	✅
Safe Inputs GH CLI	✅
Serena MCP	❌ (unavailable)
Playwright	✅
Web Fetch	✅
File Writing	✅
Bash Tool	✅
Discussion Interaction	✅
Build gh-aw	✅
Discussion Creation	✅
Workflow Dispatch	✅
PR Review	✅

Overall: ⚠️ PARTIAL PASS (Serena MCP unavailable)

@pelikhan @Copilot

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Smoke test review of PR #18843 — clean refactor moving generate_aw_info to the activation job. The consolidation of aw_info.json + prompt.txt into a single activation artifact is a nice improvement. One minor nit on a misleading verbose log message in flattenActivationArtifact; otherwise the implementation looks solid. The backward compatibility path for old prompt artifacts is a thoughtful touch.

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

Minor nit: the verbose message logs relPath → relPath (same value for both source and destination), which makes the flattening output misleading. Consider logging the actual source and destination paths:

fmt.Fprintln(os.Stderr, console.FormatVerboseMessage(fmt.Sprintf("Flattened: activation/%s → %s", relPath, relPath)))

[github-actions]

✅ Clean approach exposing model as an activation job output — this makes the model value available earlier in the pipeline and avoids duplication across 162+ lock files. The $\{\{ needs.activation.outputs.model }} reference in the agent job is much cleaner than the old $\{\{ steps.generate_aw_info.outputs.model }} pattern.

[github-actions]

Commit pushed: c18b274

Generated by Changeset Generator

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[Copilot]

@copilot make sure audit command can find aw_info.json and prompt.txt in https://github.com/github/gh-aw/actions/runs/22524436360/job/65254212703

Added TestFlattenActivationArtifact in 14eb5f9 that verifies flattenActivationArtifact correctly places both files where the audit command expects them:

• aw_info.json → root output directory (required by audit for engine detection)
• aw-prompts/prompt.txt → aw-prompts/prompt.txt under root (matches the activation artifact structure)

The activation/ directory is also verified to be removed after flattening. The logic was already correct — this test adds explicit coverage to confirm it.

[github-actions]

Commit pushed: e25862d

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Smoke Test Results - Run 22524720389

#	Test
1	GitHub MCP	✅
2	safeinputs-gh CLI	✅
3	Serena find_symbol	❌
4	Make build	✅
5	Playwright	✅
6	Tavily search	✅
7	File writing	✅
8	Bash verify	✅
9	Discussion comment	✅
10	Agentic Workflows MCP	✅
11	Update PR	✅
12	PR review comments	✅
13	Submit PR review	✅
14	Resolve review thread	⚠️ skipped
15	Add reviewer	✅
16	Push to PR branch	✅
17	Close PR	⚠️ skipped

Overall: PARTIAL — Serena find_symbol failed (EOF), 2 tests skipped by design.

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

💥 Automated smoke test review - all systems nominal! The activation job refactoring looks solid — moving generate_aw_info earlier ensures the model context is available during prompt generation, which is the right architectural decision.

💥 [THE END] — Illustrated by Smoke Claude

[pelikhan]

@copilot update compiler: "generate agent info" step should be the first step in activation, after setup of action

[Copilot]

@copilot update compiler: "generate agent info" step should be the first step in activation, after setup of action

Done in b34d8e0. generate_aw_info is now the first step after Setup Scripts in the activation job (before validate-secret, validate-context-variables, etc.). Updated TestValidateSecretBeforeAwInfo to assert the reversed ordering, updated WASM golden files, and recompiled all 162 lock files.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw -pack /home/REDACTED/work/gh-aw/gh-aw/cmd/gh-aw/main.go (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/a70c5eada06553e3510ac27f2c3bda9d3705bccb --jq .object.sha (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/# --jq .object.sha (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)