From 7e95a0860ac19a03cf9f55f8ebbea6dbb19cb770 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 01:24:23 +0000 Subject: [PATCH 01/10] Initial plan From 828bb97163988fff722696dbf2d3f2ff0cf5e6d6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 01:37:38 +0000 Subject: [PATCH 02/10] chore: initial plan for copilot-requests feature Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/agent-performance-analyzer.lock.yml | 1 + .github/workflows/agent-persona-explorer.lock.yml | 1 + .github/workflows/ai-moderator.lock.yml | 1 + .github/workflows/archie.lock.yml | 1 + .github/workflows/artifacts-summary.lock.yml | 1 + .github/workflows/audit-workflows.lock.yml | 1 + .github/workflows/auto-triage-issues.lock.yml | 1 + .github/workflows/blog-auditor.lock.yml | 1 + .github/workflows/bot-detection.lock.yml | 1 + .github/workflows/brave.lock.yml | 1 + .github/workflows/breaking-change-checker.lock.yml | 1 + .github/workflows/changeset.lock.yml | 1 + .github/workflows/ci-coach.lock.yml | 1 + .github/workflows/ci-doctor.lock.yml | 1 + .github/workflows/claude-code-user-docs-review.lock.yml | 1 + .github/workflows/cli-consistency-checker.lock.yml | 1 + .github/workflows/cli-version-checker.lock.yml | 1 + .github/workflows/cloclo.lock.yml | 1 + .github/workflows/code-scanning-fixer.lock.yml | 1 + .github/workflows/code-simplifier.lock.yml | 1 + .github/workflows/commit-changes-analyzer.lock.yml | 1 + .github/workflows/contribution-check.lock.yml | 1 + .github/workflows/copilot-agent-analysis.lock.yml | 1 + .github/workflows/copilot-cli-deep-research.lock.yml | 1 + .github/workflows/copilot-pr-merged-report.lock.yml | 1 + .github/workflows/copilot-pr-nlp-analysis.lock.yml | 1 + .github/workflows/copilot-pr-prompt-analysis.lock.yml | 1 + .github/workflows/copilot-session-insights.lock.yml | 1 + .github/workflows/craft.lock.yml | 1 + .github/workflows/daily-assign-issue-to-user.lock.yml | 1 + .github/workflows/daily-choice-test.lock.yml | 1 + .github/workflows/daily-cli-performance.lock.yml | 1 + .github/workflows/daily-cli-tools-tester.lock.yml | 1 + .github/workflows/daily-code-metrics.lock.yml | 1 + .github/workflows/daily-compiler-quality.lock.yml | 1 + .github/workflows/daily-copilot-token-report.lock.yml | 1 + .github/workflows/daily-doc-updater.lock.yml | 1 + .github/workflows/daily-fact.lock.yml | 1 + .github/workflows/daily-file-diet.lock.yml | 1 + .github/workflows/daily-firewall-report.lock.yml | 1 + .github/workflows/daily-issues-report.lock.yml | 1 + .github/workflows/daily-malicious-code-scan.lock.yml | 1 + .github/workflows/daily-mcp-concurrency-analysis.lock.yml | 1 + .github/workflows/daily-multi-device-docs-tester.lock.yml | 1 + .github/workflows/daily-news.lock.yml | 1 + .github/workflows/daily-observability-report.lock.yml | 1 + .github/workflows/daily-performance-summary.lock.yml | 1 + .github/workflows/daily-regulatory.lock.yml | 1 + .github/workflows/daily-rendering-scripts-verifier.lock.yml | 1 + .github/workflows/daily-repo-chronicle.lock.yml | 1 + .github/workflows/daily-safe-output-optimizer.lock.yml | 1 + .github/workflows/daily-safe-outputs-conformance.lock.yml | 1 + .github/workflows/daily-secrets-analysis.lock.yml | 1 + .github/workflows/daily-security-red-team.lock.yml | 1 + .github/workflows/daily-semgrep-scan.lock.yml | 1 + .github/workflows/daily-syntax-error-quality.lock.yml | 1 + .github/workflows/daily-team-evolution-insights.lock.yml | 1 + .github/workflows/daily-team-status.lock.yml | 1 + .github/workflows/daily-testify-uber-super-expert.lock.yml | 1 + .github/workflows/daily-workflow-updater.lock.yml | 1 + .github/workflows/deep-report.lock.yml | 1 + .github/workflows/delight.lock.yml | 1 + .github/workflows/dependabot-burner.lock.yml | 1 + .github/workflows/dependabot-go-checker.lock.yml | 1 + .github/workflows/dev-hawk.lock.yml | 1 + .github/workflows/dev.lock.yml | 1 + .github/workflows/developer-docs-consolidator.lock.yml | 1 + .github/workflows/dictation-prompt.lock.yml | 1 + .github/workflows/discussion-task-miner.lock.yml | 1 + .github/workflows/docs-noob-tester.lock.yml | 1 + .github/workflows/draft-pr-cleanup.lock.yml | 1 + .github/workflows/duplicate-code-detector.lock.yml | 1 + .github/workflows/example-workflow-analyzer.lock.yml | 1 + .github/workflows/firewall-escape.lock.yml | 1 + .github/workflows/functional-pragmatist.lock.yml | 1 + .github/workflows/github-mcp-structural-analysis.lock.yml | 1 + .github/workflows/github-mcp-tools-report.lock.yml | 1 + .github/workflows/github-remote-mcp-auth-test.lock.yml | 1 + .github/workflows/glossary-maintainer.lock.yml | 1 + .github/workflows/go-fan.lock.yml | 1 + .github/workflows/go-logger.lock.yml | 1 + .github/workflows/go-pattern-detector.lock.yml | 1 + .github/workflows/gpclean.lock.yml | 1 + .github/workflows/grumpy-reviewer.lock.yml | 1 + .github/workflows/hourly-ci-cleaner.lock.yml | 1 + .github/workflows/instructions-janitor.lock.yml | 1 + .github/workflows/issue-arborist.lock.yml | 1 + .github/workflows/issue-monster.lock.yml | 1 + .github/workflows/issue-triage-agent.lock.yml | 1 + .github/workflows/jsweep.lock.yml | 1 + .github/workflows/layout-spec-maintainer.lock.yml | 1 + .github/workflows/lockfile-stats.lock.yml | 1 + .github/workflows/mcp-inspector.lock.yml | 1 + .github/workflows/mergefest.lock.yml | 1 + .github/workflows/notion-issue-summary.lock.yml | 1 + .github/workflows/org-health-report.lock.yml | 1 + .github/workflows/pdf-summary.lock.yml | 1 + .github/workflows/plan.lock.yml | 1 + .github/workflows/poem-bot.lock.yml | 1 + .github/workflows/portfolio-analyst.lock.yml | 1 + .github/workflows/pr-nitpick-reviewer.lock.yml | 1 + .github/workflows/pr-triage-agent.lock.yml | 1 + .github/workflows/prompt-clustering-analysis.lock.yml | 1 + .github/workflows/python-data-charts.lock.yml | 1 + .github/workflows/q.lock.yml | 1 + .github/workflows/refiner.lock.yml | 1 + .github/workflows/release.lock.yml | 1 + .github/workflows/repo-audit-analyzer.lock.yml | 1 + .github/workflows/repo-tree-map.lock.yml | 1 + .github/workflows/repository-quality-improver.lock.yml | 1 + .github/workflows/research.lock.yml | 1 + .github/workflows/safe-output-health.lock.yml | 1 + .github/workflows/schema-consistency-checker.lock.yml | 1 + .github/workflows/scout.lock.yml | 1 + .github/workflows/security-compliance.lock.yml | 1 + .github/workflows/security-review.lock.yml | 1 + .github/workflows/semantic-function-refactor.lock.yml | 1 + .github/workflows/sergo.lock.yml | 1 + .github/workflows/slide-deck-maintainer.lock.yml | 1 + .github/workflows/smoke-agent.lock.yml | 1 + .github/workflows/smoke-claude.lock.yml | 1 + .github/workflows/smoke-codex.lock.yml | 1 + .github/workflows/smoke-copilot-arm.lock.yml | 1 + .github/workflows/smoke-copilot.lock.yml | 1 + .github/workflows/smoke-gemini.lock.yml | 1 + .github/workflows/smoke-multi-pr.lock.yml | 1 + .github/workflows/smoke-project.lock.yml | 1 + .github/workflows/smoke-temporary-id.lock.yml | 1 + .github/workflows/smoke-test-tools.lock.yml | 1 + .github/workflows/stale-repo-identifier.lock.yml | 1 + .github/workflows/static-analysis-report.lock.yml | 1 + .github/workflows/step-name-alignment.lock.yml | 1 + .github/workflows/sub-issue-closer.lock.yml | 1 + .github/workflows/super-linter.lock.yml | 1 + .github/workflows/technical-doc-writer.lock.yml | 1 + .github/workflows/terminal-stylist.lock.yml | 1 + .github/workflows/test-create-pr-error-handling.lock.yml | 1 + .github/workflows/test-dispatcher.lock.yml | 1 + .github/workflows/test-project-url-default.lock.yml | 1 + .github/workflows/tidy.lock.yml | 1 + .github/workflows/typist.lock.yml | 1 + .github/workflows/ubuntu-image-analyzer.lock.yml | 1 + .github/workflows/unbloat-docs.lock.yml | 1 + .github/workflows/video-analyzer.lock.yml | 1 + .github/workflows/weekly-editors-health-check.lock.yml | 1 + .github/workflows/weekly-issue-summary.lock.yml | 1 + .github/workflows/weekly-safe-outputs-spec-review.lock.yml | 1 + .github/workflows/workflow-generator.lock.yml | 1 + .github/workflows/workflow-health-manager.lock.yml | 1 + .github/workflows/workflow-normalizer.lock.yml | 1 + .github/workflows/workflow-skill-extractor.lock.yml | 1 + 151 files changed, 151 insertions(+) diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 6b60bde99a..58bd8b6614 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -1351,6 +1351,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "agent-performance-analyzer" GH_AW_WORKFLOW_NAME: "Agent Performance Analyzer - Meta-Orchestrator" diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 8b5e9aa558..9e9426c58a 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -1156,6 +1156,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "agent-persona-explorer" GH_AW_WORKFLOW_NAME: "Agent Persona Explorer" diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index 0e07f755f4..420fdb9646 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -1071,6 +1071,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_WORKFLOW_ID: "ai-moderator" GH_AW_WORKFLOW_NAME: "AI Moderator" diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index 092a41118c..4b230a58b3 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -1139,6 +1139,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ“Š *Diagram rendered by [{workflow_name}]({run_url})*\",\"footerWorkflowRecompile\":\"\\u003e ๐Ÿ”ง *Workflow sync report by [{workflow_name}]({run_url}) for {repository}*\",\"footerWorkflowRecompileComment\":\"\\u003e ๐Ÿ”„ *Update from [{workflow_name}]({run_url}) for {repository}*\",\"runStarted\":\"๐Ÿ“ [{workflow_name}]({run_url}) is analyzing the architecture for this {event_type}...\",\"runSuccess\":\"๐ŸŽจ [{workflow_name}]({run_url}) has completed the architecture visualization. โœ…\",\"runFailure\":\"๐Ÿ“ [{workflow_name}]({run_url}) encountered an issue and could not complete the architecture diagram. Check the [run logs]({run_url}) for details.\"}" GH_AW_WORKFLOW_ID: "archie" diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index 87e04ac455..c7708164ce 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -1032,6 +1032,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "artifacts-summary" GH_AW_WORKFLOW_NAME: "Artifacts Summary" diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 7b07e1ea80..472cd2b84e 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -1371,6 +1371,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "audit-workflows-daily" GH_AW_WORKFLOW_ID: "audit-workflows" diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index 909daf9069..25e91cba5e 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -1148,6 +1148,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "auto-triage-issues" GH_AW_WORKFLOW_NAME: "Auto-Triage Issues" diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 8efdeee8f3..4a0c010a58 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -1155,6 +1155,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "blog-auditor-weekly" GH_AW_WORKFLOW_ID: "blog-auditor" diff --git a/.github/workflows/bot-detection.lock.yml b/.github/workflows/bot-detection.lock.yml index 90a2e54275..8786093698 100644 --- a/.github/workflows/bot-detection.lock.yml +++ b/.github/workflows/bot-detection.lock.yml @@ -1866,6 +1866,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "bot-detection" GH_AW_WORKFLOW_NAME: "Bot Detection" diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 6b30c73629..d0df9cb665 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -1124,6 +1124,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿฆ *Search results brought to you by [{workflow_name}]({run_url})*\",\"footerWorkflowRecompile\":\"\\u003e ๐Ÿ”„ *Maintenance report by [{workflow_name}]({run_url}) for {repository}*\",\"runStarted\":\"๐Ÿ” Brave Search activated! [{workflow_name}]({run_url}) is venturing into the web on this {event_type}...\",\"runSuccess\":\"๐Ÿฆ Mission accomplished! [{workflow_name}]({run_url}) has returned with the findings. Knowledge acquired! ๐Ÿ†\",\"runFailure\":\"๐Ÿ” Search interrupted! [{workflow_name}]({run_url}) {status}. The web remains unexplored...\"}" GH_AW_WORKFLOW_ID: "brave" diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 3406b5a4ac..0f60a04006 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -1121,6 +1121,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e โš ๏ธ *Compatibility report by [{workflow_name}]({run_url})*\",\"footerWorkflowRecompile\":\"\\u003e ๐Ÿ› ๏ธ *Workflow maintenance by [{workflow_name}]({run_url}) for {repository}*\",\"runStarted\":\"๐Ÿ”ฌ Breaking Change Checker online! [{workflow_name}]({run_url}) is analyzing API compatibility on this {event_type}...\",\"runSuccess\":\"โœ… Analysis complete! [{workflow_name}]({run_url}) has reviewed all changes. Compatibility verdict delivered! ๐Ÿ“‹\",\"runFailure\":\"๐Ÿ”ฌ Analysis interrupted! [{workflow_name}]({run_url}) {status}. Compatibility status unknown...\"}" GH_AW_TRACKER_ID: "breaking-change-checker" diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index bf56befc79..3a37f43b6a 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -1167,6 +1167,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_ENGINE_MODEL: "gpt-5.1-codex-mini" GH_AW_WORKFLOW_ID: "changeset" diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 34b57a60b5..cd9dd687a7 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -1153,6 +1153,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "ci-coach-daily" GH_AW_WORKFLOW_ID: "ci-coach" diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 97c9b48aea..fd753137bc 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -1324,6 +1324,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_ENGINE_MODEL: "gpt-5.1-codex-mini" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿฉบ *Diagnosis provided by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿฅ CI Doctor reporting for duty! [{workflow_name}]({run_url}) is examining the patient on this {event_type}...\",\"runSuccess\":\"๐Ÿฉบ Examination complete! [{workflow_name}]({run_url}) has delivered the diagnosis. Prescription issued! ๐Ÿ’Š\",\"runFailure\":\"๐Ÿฅ Medical emergency! [{workflow_name}]({run_url}) {status}. Doctor needs assistance...\"}" diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index 2e2b5520d4..d91be3dcbe 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -1116,6 +1116,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "claude-code-user-docs-review" GH_AW_WORKFLOW_ID: "claude-code-user-docs-review" diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index e3d36d5f9c..5312a74362 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -1041,6 +1041,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "cli-consistency-checker" GH_AW_WORKFLOW_NAME: "CLI Consistency Checker" diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 181dafb461..3d9d9310da 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -1143,6 +1143,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "cli-version-checker" GH_AW_WORKFLOW_NAME: "CLI Version Checker" diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 24e7a25645..7854adf527 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -1512,6 +1512,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐ŸŽค *Magnifique! Performance by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐ŸŽต Comme d'habitude! [{workflow_name}]({run_url}) takes the stage on this {event_type}...\",\"runSuccess\":\"๐ŸŽค Bravo! [{workflow_name}]({run_url}) has delivered a stunning performance! Standing ovation! ๐ŸŒŸ\",\"runFailure\":\"๐ŸŽต Intermission... [{workflow_name}]({run_url}) {status}. The show must go on... eventually!\"}" GH_AW_WORKFLOW_ID: "cloclo" diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index 06c466a035..0d1e6d901e 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -1267,6 +1267,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "code-scanning-fixer" GH_AW_WORKFLOW_NAME: "Code Scanning Fixer" diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index ab3b4dc29a..01e32072ad 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -1124,6 +1124,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "code-simplifier" GH_AW_WORKFLOW_ID: "code-simplifier" diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index e77e7dec5d..29f5842674 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -1096,6 +1096,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "commit-changes-analyzer" GH_AW_WORKFLOW_NAME: "Commit Changes Analyzer" diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index 02f9db1a00..98cc23b364 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -1117,6 +1117,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "contribution-check" GH_AW_WORKFLOW_NAME: "Contribution Check" diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index 9a0a4e5e0f..65a25abb34 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -1243,6 +1243,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "copilot-agent-analysis" GH_AW_WORKFLOW_NAME: "Copilot Agent PR Analysis" diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 797bd9bb89..1c21cc68c4 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -1161,6 +1161,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "copilot-cli-deep-research" GH_AW_WORKFLOW_NAME: "Copilot CLI Deep Research Agent" diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index 2bd196cd9f..a12eee4585 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -1202,6 +1202,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "copilot-pr-merged-report" GH_AW_WORKFLOW_NAME: "Daily Copilot PR Merged Report" diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index f677e8e16e..12170c819d 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -1257,6 +1257,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "copilot-pr-nlp-analysis" GH_AW_WORKFLOW_NAME: "Copilot PR Conversation NLP Analysis" diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index b02f6ce795..638b9caace 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -1181,6 +1181,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "copilot-pr-prompt-analysis" GH_AW_WORKFLOW_NAME: "Copilot PR Prompt Pattern Analysis" diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 0f6f613945..94224e9d4c 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -1322,6 +1322,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "copilot-session-insights" GH_AW_WORKFLOW_NAME: "Copilot Session Insights" diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index ab401e2657..979d65e369 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -1163,6 +1163,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e โš’๏ธ *Crafted with care by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ› ๏ธ Master Crafter at work! [{workflow_name}]({run_url}) is forging a new workflow on this {event_type}...\",\"runSuccess\":\"โš’๏ธ Masterpiece complete! [{workflow_name}]({run_url}) has crafted your workflow. May it serve you well! ๐ŸŽ–๏ธ\",\"runFailure\":\"๐Ÿ› ๏ธ Forge cooling down! [{workflow_name}]({run_url}) {status}. The anvil awaits another attempt...\"}" GH_AW_WORKFLOW_ID: "craft" diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index 61d4a858f4..813d50eef9 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -1058,6 +1058,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "daily-assign-issue-to-user" GH_AW_WORKFLOW_NAME: "Auto-Assign Issue" diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 1e15d90232..c5a35146db 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -1054,6 +1054,7 @@ jobs: runs-on: ubuntu-slim timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_SAFE_OUTPUTS_STAGED: "true" GH_AW_TRACKER_ID: "daily-choice-test" diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 6b04296258..41c731fdad 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -1351,6 +1351,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-cli-performance" GH_AW_WORKFLOW_ID: "daily-cli-performance" diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index 4ed472d3b9..5c2c29ea67 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -1109,6 +1109,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "daily-cli-tools-tester" GH_AW_WORKFLOW_NAME: "Daily CLI Tools Exploratory Tester" diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index b3d631d23e..af4f58b81a 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -1300,6 +1300,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "daily-code-metrics" GH_AW_WORKFLOW_ID: "daily-code-metrics" diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 3ad3b061f0..4c91df9b1c 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -1090,6 +1090,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-compiler-quality" GH_AW_WORKFLOW_ID: "daily-compiler-quality" diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index 3fdf273929..215f95ad00 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -1268,6 +1268,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-copilot-token-report" GH_AW_WORKFLOW_ID: "daily-copilot-token-report" diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index 8d8f9dd494..ea5407ec61 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -1178,6 +1178,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "daily-doc-updater" GH_AW_WORKFLOW_ID: "daily-doc-updater" diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 49e43c7aca..b468733a41 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -980,6 +980,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_ENGINE_MODEL: "gpt-5.1-codex-mini" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿชถ *Penned with care by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ“œ Hark! The muse awakens โ€” [{workflow_name}]({run_url}) begins its verse upon this {event_type}...\",\"runSuccess\":\"โœจ Lo! [{workflow_name}]({run_url}) hath woven its tale to completion, like a sonnet finding its final rhyme. ๐ŸŒŸ\",\"runFailure\":\"๐ŸŒง๏ธ Alas! [{workflow_name}]({run_url}) {status}, its quill fallen mid-verse. The poem remains unfinished...\"}" diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 314c9bdb87..a4a0918734 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -1137,6 +1137,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-file-diet" GH_AW_WORKFLOW_ID: "daily-file-diet" diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index bea723f005..198a663688 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -1197,6 +1197,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-firewall-report" GH_AW_WORKFLOW_ID: "daily-firewall-report" diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 7a7674e74b..4e56a1301f 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -1246,6 +1246,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_TRACKER_ID: "daily-issues-report" GH_AW_WORKFLOW_ID: "daily-issues-report" diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 11a5d29924..5ef4efd324 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -959,6 +959,7 @@ jobs: security-events: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "malicious-code-scan" GH_AW_WORKFLOW_ID: "daily-malicious-code-scan" diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 5e3b4fc521..7077f66773 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -1140,6 +1140,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "mcp-concurrency-analysis" GH_AW_WORKFLOW_ID: "daily-mcp-concurrency-analysis" diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index e483a2d098..6dfa9db0b3 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -1231,6 +1231,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "daily-multi-device-docs-tester" GH_AW_WORKFLOW_ID: "daily-multi-device-docs-tester" diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 52c1067270..1080b0fda6 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -1330,6 +1330,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-news-weekday" GH_AW_WORKFLOW_ID: "daily-news" diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index b054d9f585..6fbff7a40b 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -1203,6 +1203,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_TRACKER_ID: "daily-observability-report" GH_AW_WORKFLOW_ID: "daily-observability-report" diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 9e81507527..82079fab74 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -1678,6 +1678,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_TRACKER_ID: "daily-performance-summary" GH_AW_WORKFLOW_ID: "daily-performance-summary" diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index 9e846470af..bf30687225 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -1578,6 +1578,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-regulatory" GH_AW_WORKFLOW_ID: "daily-regulatory" diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index dc3afa5a57..a08ba701e0 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -1308,6 +1308,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "daily-rendering-scripts-verifier" GH_AW_WORKFLOW_ID: "daily-rendering-scripts-verifier" diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index eed552b7b3..3424716848 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -1132,6 +1132,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-repo-chronicle" GH_AW_WORKFLOW_ID: "daily-repo-chronicle" diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index beff45446f..25abd7a800 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -1276,6 +1276,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "daily-safe-output-optimizer" GH_AW_WORKFLOW_NAME: "Daily Safe Output Tool Optimizer" diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index 86485c36d5..7815267fde 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -1110,6 +1110,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "safe-outputs-conformance" GH_AW_WORKFLOW_ID: "daily-safe-outputs-conformance" diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 81c35b24d0..2003b39f7c 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -1096,6 +1096,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-secrets-analysis" GH_AW_WORKFLOW_ID: "daily-secrets-analysis" diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index f6a0e4609f..2924a81467 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -1114,6 +1114,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "security-red-team" GH_AW_WORKFLOW_ID: "daily-security-red-team" diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 86e246d585..647ee4c6c1 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -1079,6 +1079,7 @@ jobs: security-events: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "daily-semgrep-scan" GH_AW_WORKFLOW_NAME: "Daily Semgrep Scan" diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index cb4d289aba..d5813290d0 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -1074,6 +1074,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-syntax-error-quality" GH_AW_WORKFLOW_ID: "daily-syntax-error-quality" diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index dffba2df65..ac0ba3310c 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -1095,6 +1095,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "daily-team-evolution-insights" GH_AW_WORKFLOW_ID: "daily-team-evolution-insights" diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index b16d7ed6a8..c02122b532 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -1100,6 +1100,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-team-status" GH_AW_WORKFLOW_ID: "daily-team-status" diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index b0adb64bbc..11ebe77442 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -1243,6 +1243,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-testify-uber-super-expert" GH_AW_WORKFLOW_ID: "daily-testify-uber-super-expert" diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index 19903bd8b0..1830df81ab 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -1066,6 +1066,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "daily-workflow-updater" GH_AW_WORKFLOW_ID: "daily-workflow-updater" diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 9415fcea20..3470c93f7e 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -1369,6 +1369,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_TRACKER_ID: "deep-report-intel-agent" GH_AW_WORKFLOW_ID: "deep-report" diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 23ef1a3d1e..2a7010c359 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -1246,6 +1246,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ“Š *User experience analysis by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ“Š Delight Agent starting! [{workflow_name}]({run_url}) is analyzing user-facing aspects for improvement opportunities...\",\"runSuccess\":\"โœ… Analysis complete! [{workflow_name}]({run_url}) has identified targeted improvements for user experience.\",\"runFailure\":\"โš ๏ธ Analysis interrupted! [{workflow_name}]({run_url}) {status}. Please review the logs...\"}" GH_AW_TRACKER_ID: "delight-daily" diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index e7eb50b43f..66a8a4e49d 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -1073,6 +1073,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "dependabot-burner" GH_AW_WORKFLOW_NAME: "Dependabot Burner" diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index e3de227867..fc48367801 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -1083,6 +1083,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "dependabot-go-checker" GH_AW_WORKFLOW_NAME: "Dependabot Dependency Checker" diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index 4cf96de250..6ed0b66605 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -1159,6 +1159,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿฆ… *Observed from above by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿฆ… Dev Hawk circles the sky! [{workflow_name}]({run_url}) is monitoring this {event_type} from above...\",\"runSuccess\":\"๐Ÿฆ… Hawk eyes report! [{workflow_name}]({run_url}) has completed reconnaissance. Intel delivered! ๐ŸŽฏ\",\"runFailure\":\"๐Ÿฆ… Hawk down! [{workflow_name}]({run_url}) {status}. The skies grow quiet...\"}" GH_AW_WORKFLOW_ID: "dev-hawk" diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index b601e2942b..f844ff1578 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -1038,6 +1038,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "dev" GH_AW_WORKFLOW_NAME: "Dev" diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 3a279438c5..73f7354f0d 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -1259,6 +1259,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "developer-docs-consolidator" GH_AW_WORKFLOW_NAME: "Developer Documentation Consolidator" diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index bb66be51d8..4a8b401b71 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -1067,6 +1067,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "dictation-prompt" GH_AW_WORKFLOW_NAME: "Dictation Prompt Generator" diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index f1f5947d83..8558b975eb 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -1227,6 +1227,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ” *Task mining by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ” Discussion Task Miner starting! [{workflow_name}]({run_url}) is scanning discussions for code quality improvements...\",\"runSuccess\":\"โœ… Task mining complete! [{workflow_name}]({run_url}) has identified actionable code quality tasks. ๐Ÿ“Š\",\"runFailure\":\"โš ๏ธ Task mining interrupted! [{workflow_name}]({run_url}) {status}. Please review the logs...\"}" GH_AW_TRACKER_ID: "discussion-task-miner" diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 55dd3494ac..128c02bc4d 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -1082,6 +1082,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "docs-noob-tester" GH_AW_WORKFLOW_NAME: "Documentation Noob Tester" diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index a7c5914eeb..3b809b4373 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -1090,6 +1090,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"runStarted\":\"๐Ÿงน Starting draft PR cleanup... [{workflow_name}]({run_url}) is reviewing draft PRs for staleness\",\"runSuccess\":\"โœ… Draft PR cleanup complete! [{workflow_name}]({run_url}) has reviewed and processed stale drafts.\",\"runFailure\":\"โŒ Draft PR cleanup failed! [{workflow_name}]({run_url}) {status}. Some draft PRs may not be processed.\"}" GH_AW_WORKFLOW_ID: "draft-pr-cleanup" diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index d760d03ce0..01cea25e05 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -1085,6 +1085,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_WORKFLOW_ID: "duplicate-code-detector" GH_AW_WORKFLOW_NAME: "Duplicate Code Detector" diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index fa5e4a53ff..662641099b 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -1154,6 +1154,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "example-workflow-analyzer" GH_AW_WORKFLOW_NAME: "Weekly Workflow Analysis" diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 3ff52bd8ff..2f9fefc470 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -1239,6 +1239,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "firewall-escape" GH_AW_WORKFLOW_ID: "firewall-escape" diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index 55d04e81a1..f38840cb6b 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -1074,6 +1074,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "functional-pragmatist" GH_AW_WORKFLOW_ID: "functional-pragmatist" diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 50fc308b9c..917b88ec75 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -1190,6 +1190,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "github-mcp-structural-analysis" GH_AW_WORKFLOW_NAME: "GitHub MCP Structural Analysis" diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index f3e680bea0..c477da3fae 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -1216,6 +1216,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "github-mcp-tools-report" GH_AW_WORKFLOW_NAME: "GitHub MCP Remote Server Tools Report Generator" diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index 42716c2487..c39febcda2 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -1036,6 +1036,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_ENGINE_MODEL: "gpt-5.1-codex-mini" GH_AW_WORKFLOW_ID: "github-remote-mcp-auth-test" diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index b94ef238a3..89ded920e3 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -1147,6 +1147,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "glossary-maintainer" GH_AW_WORKFLOW_NAME: "Glossary Maintainer" diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index 6457728b45..057832f115 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -1160,6 +1160,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "go-fan-daily" GH_AW_WORKFLOW_ID: "go-fan" diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index 6f369d4cde..ddab7cca97 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -1343,6 +1343,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "go-logger" GH_AW_WORKFLOW_NAME: "Go Logger Enhancement" diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index 79d8472590..e09b301985 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -1152,6 +1152,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "go-pattern-detector" GH_AW_WORKFLOW_NAME: "Go Pattern Detector" diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index 7e343def11..e00acb7284 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -1070,6 +1070,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "gpclean" GH_AW_WORKFLOW_NAME: "GPL Dependency Cleaner (gpclean)" diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index c96fd80842..b8508f0f72 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -1209,6 +1209,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ˜ค *Reluctantly reviewed by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ˜ค *sigh* [{workflow_name}]({run_url}) is begrudgingly looking at this {event_type}... This better be worth my time.\",\"runSuccess\":\"๐Ÿ˜ค Fine. [{workflow_name}]({run_url}) finished the review. It wasn't completely terrible. I guess. ๐Ÿ™„\",\"runFailure\":\"๐Ÿ˜ค Great. [{workflow_name}]({run_url}) {status}. As if my day couldn't get any worse...\"}" GH_AW_WORKFLOW_ID: "grumpy-reviewer" diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index a5d1aa587a..ccaa7b64be 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -1173,6 +1173,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "hourly-ci-cleaner" GH_AW_WORKFLOW_ID: "hourly-ci-cleaner" diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 913eed7b95..1a702c769a 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -1171,6 +1171,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "instructions-janitor" GH_AW_WORKFLOW_NAME: "Instructions Janitor" diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 9aebfb36e9..6d0b05dd6a 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -1156,6 +1156,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_WORKFLOW_ID: "issue-arborist" GH_AW_WORKFLOW_NAME: "Issue Arborist" diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index 7422eac001..01adda71cc 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -1148,6 +1148,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_ENGINE_MODEL: "gpt-5.1-codex-mini" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿช *Om nom nom by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿช ISSUE! ISSUE! [{workflow_name}]({run_url}) hungry for issues on this {event_type}! Om nom nom...\",\"runSuccess\":\"๐Ÿช YUMMY! [{workflow_name}]({run_url}) ate the issues! That was DELICIOUS! Me want MORE! ๐Ÿ˜‹\",\"runFailure\":\"๐Ÿช Aww... [{workflow_name}]({run_url}) {status}. No cookie for monster today... ๐Ÿ˜ข\"}" diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index 61877f91ef..5a6fdd142f 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -1029,6 +1029,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "issue-triage-agent" GH_AW_WORKFLOW_NAME: "Issue Triage Agent" diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 0f118dbf7d..5c17f4be0a 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -1110,6 +1110,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "jsweep-daily" GH_AW_WORKFLOW_ID: "jsweep" diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index bd50055535..481c790973 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -1103,6 +1103,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "layout-spec-maintainer" GH_AW_WORKFLOW_ID: "layout-spec-maintainer" diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index cd94860773..12b47d06e6 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -1116,6 +1116,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "lockfile-stats" GH_AW_WORKFLOW_NAME: "Lockfile Statistics Analysis Agent" diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index eee7dc265e..d200195550 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -1716,6 +1716,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "mcp-inspector" GH_AW_WORKFLOW_NAME: "MCP Inspector Agent" diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 380a74e600..a1b7c0c1ab 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -1153,6 +1153,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "mergefest" GH_AW_WORKFLOW_NAME: "Mergefest" diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index 0a8b89e45a..019fb35d38 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -1135,6 +1135,7 @@ jobs: runs-on: ubuntu-slim timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "notion-issue-summary" GH_AW_WORKFLOW_NAME: "Issue Summary to Notion" diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 43d59d4d8a..4d5ec5e653 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -1131,6 +1131,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "org-health-report" GH_AW_WORKFLOW_NAME: "Organization Health Report" diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index d38bc6e6aa..3aacfc1f69 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -1228,6 +1228,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ“„ *Summary compiled by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ“– Page by page! [{workflow_name}]({run_url}) is reading through this {event_type}...\",\"runSuccess\":\"๐Ÿ“š TL;DR ready! [{workflow_name}]({run_url}) has distilled the essence. Knowledge condensed! โœจ\",\"runFailure\":\"๐Ÿ“– Reading interrupted! [{workflow_name}]({run_url}) {status}. The document remains unsummarized...\"}" GH_AW_WORKFLOW_ID: "pdf-summary" diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index d653268b19..e83f86d320 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -1192,6 +1192,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "plan" GH_AW_WORKFLOW_NAME: "Plan Command" diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 68544e9609..9e74cb6eb8 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -1831,6 +1831,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_ENGINE_MODEL: "gpt-5" GH_AW_SAFE_OUTPUTS_STAGED: "true" diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index 00575ebc0c..ae79eaf5d0 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -1208,6 +1208,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "portfolio-analyst-weekly" GH_AW_WORKFLOW_ID: "portfolio-analyst" diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 3cb0218469..da8ecde4af 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -1306,6 +1306,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ” *Meticulously inspected by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ”ฌ Adjusting monocle... [{workflow_name}]({run_url}) is scrutinizing every pixel of this {event_type}...\",\"runSuccess\":\"๐Ÿ” Nitpicks catalogued! [{workflow_name}]({run_url}) has documented all the tiny details. Perfection awaits! โœ…\",\"runFailure\":\"๐Ÿ”ฌ Lens cracked! [{workflow_name}]({run_url}) {status}. Some nitpicks remain undetected...\"}" GH_AW_WORKFLOW_ID: "pr-nitpick-reviewer" diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index a1d281e9db..8663623184 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -1230,6 +1230,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"runStarted\":\"๐Ÿ” Starting PR triage analysis... [{workflow_name}]({run_url}) is categorizing and prioritizing agent-created PRs\",\"runSuccess\":\"โœ… PR triage complete! [{workflow_name}]({run_url}) has analyzed and categorized PRs. Check the issue for detailed report.\",\"runFailure\":\"โŒ PR triage failed! [{workflow_name}]({run_url}) {status}. Some PRs may not be triaged.\"}" GH_AW_WORKFLOW_ID: "pr-triage-agent" diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index 2c48f7411f..fe7e9e6f5a 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -1247,6 +1247,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "prompt-clustering-analysis" GH_AW_WORKFLOW_NAME: "Copilot Agent Prompt Clustering Analysis" diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index d7c80468a1..d5defb1158 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -1194,6 +1194,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "python-data-charts" GH_AW_WORKFLOW_NAME: "Python Data Visualization Generator" diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 20900388ae..d04092aa78 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -1362,6 +1362,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐ŸŽฉ *Equipped by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ”ง Pay attention, 007! [{workflow_name}]({run_url}) is preparing your gadgets for this {event_type}...\",\"runSuccess\":\"๐ŸŽฉ Mission equipment ready! [{workflow_name}]({run_url}) has optimized your workflow. Use wisely, 007! ๐Ÿ”ซ\",\"runFailure\":\"๐Ÿ”ง Technical difficulties! [{workflow_name}]({run_url}) {status}. Even Q Branch has bad days...\"}" GH_AW_WORKFLOW_ID: "q" diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index 5c4c3952a1..97b3f31636 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -1166,6 +1166,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"runStarted\":\"๐Ÿ” Starting code refinement... [{workflow_name}]({run_url}) is analyzing PR #${{ github.event.pull_request.number }} for style alignment and security issues\",\"runSuccess\":\"โœ… Refinement complete! [{workflow_name}]({run_url}) has created a PR with improvements for PR #${{ github.event.pull_request.number }}\",\"runFailure\":\"โŒ Refinement failed! [{workflow_name}]({run_url}) {status} while processing PR #${{ github.event.pull_request.number }}\"}" GH_AW_WORKFLOW_ID: "refiner" diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 00ed0c78f3..17b8b790ad 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -1332,6 +1332,7 @@ jobs: contents: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "release" GH_AW_WORKFLOW_NAME: "Release" diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index bd293dd7e8..6f9053b668 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -1071,6 +1071,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "repo-audit-analyzer" GH_AW_WORKFLOW_NAME: "Repository Audit & Agentic Workflow Opportunity Analyzer" diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index b0ce520057..88446fd9a2 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -1028,6 +1028,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "repo-tree-map" GH_AW_WORKFLOW_NAME: "Repository Tree Map Generator" diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 941cd6cf91..42131c4c51 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -1073,6 +1073,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "repository-quality-improver" GH_AW_WORKFLOW_NAME: "Repository Quality Improvement Agent" diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index 1f797889a6..1cfd5eaa8b 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -1056,6 +1056,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "research" GH_AW_WORKFLOW_NAME: "Basic Research Agent" diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 4a9a4b2828..e2c1f8ba9b 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -1209,6 +1209,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "safe-output-health" GH_AW_WORKFLOW_NAME: "Safe Output Health Monitor" diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 008758bc27..c1c9783b04 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -1117,6 +1117,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "schema-consistency-checker" GH_AW_WORKFLOW_NAME: "Schema Consistency Checker" diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index cbccebf720..c801e9dcfd 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -1332,6 +1332,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ”ญ *Intelligence gathered by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ•๏ธ Scout on patrol! [{workflow_name}]({run_url}) is blazing trails through this {event_type}...\",\"runSuccess\":\"๐Ÿ”ญ Recon complete! [{workflow_name}]({run_url}) has charted the territory. Map ready! ๐Ÿ—บ๏ธ\",\"runFailure\":\"๐Ÿ•๏ธ Lost in the wilderness! [{workflow_name}]({run_url}) {status}. Sending search party...\"}" GH_AW_WORKFLOW_ID: "scout" diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index ab14c1a9a7..a4fc25284a 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -1174,6 +1174,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "security-compliance" GH_AW_WORKFLOW_NAME: "Security Compliance Campaign" diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index fd5358a5b0..791e527a6f 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -1280,6 +1280,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ”’ *Security review by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ” [{workflow_name}]({run_url}) is analyzing this {event_type} for security implications...\",\"runSuccess\":\"๐Ÿ”’ [{workflow_name}]({run_url}) completed the security review.\",\"runFailure\":\"โš ๏ธ [{workflow_name}]({run_url}) {status} during security review.\"}" GH_AW_WORKFLOW_ID: "security-review" diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index b1b86538ba..5892e70310 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -1188,6 +1188,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "semantic-function-refactor" GH_AW_WORKFLOW_NAME: "Semantic Function Refactoring" diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 825e29f1df..50d813fd12 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -1159,6 +1159,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_TRACKER_ID: "sergo-daily" GH_AW_WORKFLOW_ID: "sergo" diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index e98e5d77fb..9a8fcdef96 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -1213,6 +1213,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "slide-deck-maintainer" GH_AW_WORKFLOW_ID: "slide-deck-maintainer" diff --git a/.github/workflows/smoke-agent.lock.yml b/.github/workflows/smoke-agent.lock.yml index eb54028530..2bad50784c 100644 --- a/.github/workflows/smoke-agent.lock.yml +++ b/.github/workflows/smoke-agent.lock.yml @@ -1151,6 +1151,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿค– *Smoke test by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿค– [{workflow_name}]({run_url}) is looking for a Smoke issue to assign...\",\"runSuccess\":\"โœ… [{workflow_name}]({run_url}) completed. Issue assigned to the agentic-workflows agent.\",\"runFailure\":\"โŒ [{workflow_name}]({run_url}) {status}. Check the logs for details.\"}" GH_AW_WORKFLOW_ID: "smoke-agent" diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index 9c9be178be..b15e10f48b 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -2723,6 +2723,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ’ฅ *[THE END] โ€” Illustrated by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ’ฅ **WHOOSH!** [{workflow_name}]({run_url}) springs into action on this {event_type}! *[Panel 1 begins...]*\",\"runSuccess\":\"๐ŸŽฌ **THE END** โ€” [{workflow_name}]({run_url}) **MISSION: ACCOMPLISHED!** The hero saves the day! โœจ\",\"runFailure\":\"๐Ÿ’ซ **TO BE CONTINUED...** [{workflow_name}]({run_url}) {status}! Our hero faces unexpected challenges...\"}" GH_AW_WORKFLOW_ID: "smoke-claude" diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 0e5f7f0dda..9f6285c848 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -1623,6 +1623,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "codex" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ”ฎ *The oracle has spoken through [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ”ฎ The ancient spirits stir... [{workflow_name}]({run_url}) awakens to divine this {event_type}...\",\"runSuccess\":\"โœจ The prophecy is fulfilled... [{workflow_name}]({run_url}) has completed its mystical journey. The stars align. ๐ŸŒŸ\",\"runFailure\":\"๐ŸŒ‘ The shadows whisper... [{workflow_name}]({run_url}) {status}. The oracle requires further meditation...\"}" GH_AW_WORKFLOW_ID: "smoke-codex" diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index d872e96259..05d34ac5f7 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -2144,6 +2144,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ“ฐ *BREAKING: Report filed by [{workflow_name}]({run_url})*\",\"appendOnlyComments\":true,\"runStarted\":\"๐Ÿ“ฐ BREAKING: [{workflow_name}]({run_url}) is now investigating this {event_type}. Sources say the story is developing...\",\"runSuccess\":\"๐Ÿ“ฐ VERDICT: [{workflow_name}]({run_url}) has concluded. All systems operational. This is a developing story. ๐ŸŽค\",\"runFailure\":\"๐Ÿ“ฐ DEVELOPING STORY: [{workflow_name}]({run_url}) reports {status}. Our correspondents are investigating the incident...\"}" GH_AW_WORKFLOW_ID: "smoke-copilot-arm" diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 2765c48e22..f74a53eb61 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -2146,6 +2146,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ“ฐ *BREAKING: Report filed by [{workflow_name}]({run_url})*\",\"appendOnlyComments\":true,\"runStarted\":\"๐Ÿ“ฐ BREAKING: [{workflow_name}]({run_url}) is now investigating this {event_type}. Sources say the story is developing...\",\"runSuccess\":\"๐Ÿ“ฐ VERDICT: [{workflow_name}]({run_url}) has concluded. All systems operational. This is a developing story. ๐ŸŽค\",\"runFailure\":\"๐Ÿ“ฐ DEVELOPING STORY: [{workflow_name}]({run_url}) reports {status}. Our correspondents are investigating the incident...\"}" GH_AW_WORKFLOW_ID: "smoke-copilot" diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index fbc22a4cfe..7aab744820 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -1364,6 +1364,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "gemini" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e โœจ *[{workflow_name}]({run_url}) โ€” Powered by Gemini*\",\"runStarted\":\"โœจ Gemini awakens... [{workflow_name}]({run_url}) begins its journey on this {event_type}...\",\"runSuccess\":\"๐Ÿš€ [{workflow_name}]({run_url}) **MISSION COMPLETE!** Gemini has spoken. โœจ\",\"runFailure\":\"โš ๏ธ [{workflow_name}]({run_url}) {status}. Gemini encountered unexpected challenges...\"}" GH_AW_WORKFLOW_ID: "smoke-gemini" diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index 0f679a3cce..3a7b5530e7 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -1232,6 +1232,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿงช *Multi PR smoke test by [{workflow_name}]({run_url})*\",\"appendOnlyComments\":true,\"runStarted\":\"๐Ÿงช [{workflow_name}]({run_url}) is now testing multiple PR creation...\",\"runSuccess\":\"โœ… [{workflow_name}]({run_url}) successfully created multiple PRs.\",\"runFailure\":\"โŒ [{workflow_name}]({run_url}) failed to create multiple PRs. Check the logs.\"}" GH_AW_WORKFLOW_ID: "smoke-multi-pr" diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index eddb4b68e1..4d56f4e294 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -1626,6 +1626,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿงช *Project smoke test report by [{workflow_name}]({run_url})*\",\"appendOnlyComments\":true,\"runStarted\":\"๐Ÿงช [{workflow_name}]({run_url}) is now testing project operations...\",\"runSuccess\":\"โœ… [{workflow_name}]({run_url}) completed successfully. All project operations validated.\",\"runFailure\":\"โŒ [{workflow_name}]({run_url}) encountered failures. Check the logs for details.\"}" GH_AW_WORKFLOW_ID: "smoke-project" diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index 6928cf6584..740040534e 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -1230,6 +1230,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿงช *Temporary ID smoke test by [{workflow_name}]({run_url})*\",\"appendOnlyComments\":true,\"runStarted\":\"๐Ÿงช [{workflow_name}]({run_url}) is now testing temporary ID functionality...\",\"runSuccess\":\"โœ… [{workflow_name}]({run_url}) completed successfully. Temporary ID validation passed.\",\"runFailure\":\"โŒ [{workflow_name}]({run_url}) encountered failures. Check the logs for details.\"}" GH_AW_WORKFLOW_ID: "smoke-temporary-id" diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 8e24bca735..2fe936c2cf 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -1117,6 +1117,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ”ง *Tool validation by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ”ง Starting tool validation... [{workflow_name}]({run_url}) is checking the agent container tools...\",\"runSuccess\":\"โœ… All tools validated successfully! [{workflow_name}]({run_url}) confirms agent container is ready.\",\"runFailure\":\"โŒ Tool validation failed! [{workflow_name}]({run_url}) detected missing tools: {status}\"}" GH_AW_WORKFLOW_ID: "smoke-test-tools" diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 5d4c4393b8..081346e91b 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -1197,6 +1197,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ” *Analysis by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ” Stale Repository Identifier starting! [{workflow_name}]({run_url}) is analyzing repository activity...\",\"runSuccess\":\"โœ… Analysis complete! [{workflow_name}]({run_url}) has finished analyzing stale repositories.\",\"runFailure\":\"โš ๏ธ Analysis interrupted! [{workflow_name}]({run_url}) {status}.\"}" GH_AW_WORKFLOW_ID: "stale-repo-identifier" diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index da12f59fe2..27b2a1819f 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -1191,6 +1191,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "static-analysis-report" GH_AW_WORKFLOW_NAME: "Static Analysis Report" diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index 26ae6d43ad..af9b64f2a1 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -1142,6 +1142,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "step-name-alignment" GH_AW_WORKFLOW_NAME: "Step Name Alignment" diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 4a891cba8c..78bfc6a634 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -1124,6 +1124,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "sub-issue-closer" GH_AW_WORKFLOW_NAME: "Sub-Issue Closer" diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index 48e19a468a..f3e5f5d8df 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -1085,6 +1085,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "super-linter" GH_AW_WORKFLOW_NAME: "Super Linter Report" diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 686a2133d0..7cf529320d 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -1216,6 +1216,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ“ *Documentation by [{workflow_name}]({run_url})*\",\"runStarted\":\"โœ๏ธ The Technical Writer begins! [{workflow_name}]({run_url}) is documenting this {event_type}...\",\"runSuccess\":\"๐Ÿ“ Documentation complete! [{workflow_name}]({run_url}) has written the docs. Clear as crystal! โœจ\",\"runFailure\":\"โœ๏ธ Writer's block! [{workflow_name}]({run_url}) {status}. The page remains blank...\"}" GH_AW_WORKFLOW_ID: "technical-doc-writer" diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 78892b7fd7..f58f2fd5f5 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -1036,6 +1036,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "terminal-stylist" GH_AW_WORKFLOW_NAME: "Terminal Stylist" diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index f410f9c07c..3349845769 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -1145,6 +1145,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "test-create-pr-error-handling" GH_AW_WORKFLOW_NAME: "Test Create PR Error Handling" diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index cdd97a6f10..991548c884 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -976,6 +976,7 @@ jobs: actions: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "test-dispatcher" GH_AW_WORKFLOW_NAME: "Test Dispatcher Workflow" diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index c9a4fbdccc..f039a671cf 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -1219,6 +1219,7 @@ jobs: contents: read timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "test-project-url-default" GH_AW_WORKFLOW_NAME: "Test Project URL Explicit Requirement" diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index 4994c0c2d3..22345f45e5 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -1252,6 +1252,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "tidy" GH_AW_WORKFLOW_NAME: "Tidy" diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index 130117c67f..9694ffad49 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -1127,6 +1127,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_WORKFLOW_ID: "typist" GH_AW_WORKFLOW_NAME: "Typist - Go Type Analysis" diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index a13045ce17..76ac14566d 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -1143,6 +1143,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "ubuntu-image-analyzer" GH_AW_WORKFLOW_ID: "ubuntu-image-analyzer" diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index ad1f76e605..8f1db3202f 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -1429,6 +1429,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "claude" GH_AW_SAFE_OUTPUT_MESSAGES: "{\"footer\":\"\\u003e ๐Ÿ—œ๏ธ *Compressed by [{workflow_name}]({run_url})*\",\"runStarted\":\"๐Ÿ“ฆ Time to slim down! [{workflow_name}]({run_url}) is trimming the excess from this {event_type}...\",\"runSuccess\":\"๐Ÿ—œ๏ธ Docs on a diet! [{workflow_name}]({run_url}) has removed the bloat. Lean and mean! ๐Ÿ’ช\",\"runFailure\":\"๐Ÿ“ฆ Unbloating paused! [{workflow_name}]({run_url}) {status}. The docs remain... fluffy.\"}" GH_AW_WORKFLOW_ID: "unbloat-docs" diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index 20ac245581..f1e542cc48 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -1079,6 +1079,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "video-analyzer" GH_AW_WORKFLOW_NAME: "Video Analysis Agent" diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index 2bd4f2e9fd..6ec5d27096 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -1145,6 +1145,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "weekly-editors-health-check" GH_AW_WORKFLOW_ID: "weekly-editors-health-check" diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 1646222d20..196b2d3bdf 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -1106,6 +1106,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "weekly-issue-summary" GH_AW_WORKFLOW_ID: "weekly-issue-summary" diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml index 9c8da0a6f0..3bd1ef6e90 100644 --- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml +++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml @@ -1065,6 +1065,7 @@ jobs: pull-requests: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "weekly-safe-outputs-spec-review" GH_AW_WORKFLOW_ID: "weekly-safe-outputs-spec-review" diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 5cc3e0362b..73193c8464 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -1235,6 +1235,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "workflow-generator" GH_AW_WORKFLOW_NAME: "Workflow Generator" diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index a5740ac7e7..7efb881bb8 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -1347,6 +1347,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "workflow-health-manager" GH_AW_WORKFLOW_NAME: "Workflow Health Manager - Meta-Orchestrator" diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 1fc06fd0cb..b137b391c1 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -1119,6 +1119,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_TRACKER_ID: "workflow-normalizer" GH_AW_WORKFLOW_ID: "workflow-normalizer" diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index 8dc26aa52e..6a89e10361 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -1123,6 +1123,7 @@ jobs: issues: write timeout-minutes: 15 env: + GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }} GH_AW_ENGINE_ID: "copilot" GH_AW_WORKFLOW_ID: "workflow-skill-extractor" GH_AW_WORKFLOW_NAME: "Workflow Skill Extractor" From a812386857bbe929999fad894b49c88e67a0e862 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 01:55:10 +0000 Subject: [PATCH 03/10] feat: add copilot-requests feature flag support When features.copilot-requests: true is set: - Skip the secret validation step (no COPILOT_GITHUB_TOKEN required) - Add copilot-requests: write to workflow permissions - Use ${{ github.token }} as the COPILOT_GITHUB_TOKEN value Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/constants/constants.go | 4 ++++ pkg/workflow/copilot_engine_execution.go | 17 ++++++++++++----- pkg/workflow/copilot_engine_installation.go | 20 +++++++++++++------- pkg/workflow/permissions.go | 5 +++++ pkg/workflow/tools.go | 18 ++++++++++++++++++ 5 files changed, 52 insertions(+), 12 deletions(-) diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 5525bc4013..17c40dcdaf 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -686,6 +686,10 @@ const ( DangerousPermissionsWriteFeatureFlag FeatureFlag = "dangerous-permissions-write" // DisableXPIAPromptFeatureFlag is the feature flag name for disabling XPIA prompt DisableXPIAPromptFeatureFlag FeatureFlag = "disable-xpia-prompt" + // CopilotRequestsFeatureFlag is the feature flag name for enabling copilot-requests mode. + // When enabled: no secret validation step is generated, copilot-requests: write permission is added, + // and the GitHub Actions token is used as the agentic engine secret. + CopilotRequestsFeatureFlag FeatureFlag = "copilot-requests" ) // Step IDs for pre-activation job diff --git a/pkg/workflow/copilot_engine_execution.go b/pkg/workflow/copilot_engine_execution.go index 5028ecaa95..f565904efd 100644 --- a/pkg/workflow/copilot_engine_execution.go +++ b/pkg/workflow/copilot_engine_execution.go @@ -225,11 +225,18 @@ COPILOT_CLI_INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" %s%s 2>&1 | tee %s`, mkdirCommands.String(), copilotCommand, logFile) } - // Use COPILOT_GITHUB_TOKEN - // #nosec G101 -- This is NOT a hardcoded credential. It's a GitHub Actions expression template - // that GitHub Actions runtime replaces with the actual secret value. The string "${{ secrets.COPILOT_GITHUB_TOKEN }}" - // is a placeholder, not an actual credential. - copilotGitHubToken := "${{ secrets.COPILOT_GITHUB_TOKEN }}" + // Use COPILOT_GITHUB_TOKEN: when the copilot-requests feature is enabled, use the GitHub + // Actions token directly (${{ github.token }}). Otherwise use the COPILOT_GITHUB_TOKEN secret. + // #nosec G101 -- These are NOT hardcoded credentials. They are GitHub Actions expression templates + // that the runtime replaces with actual values. The strings "${{ secrets.COPILOT_GITHUB_TOKEN }}" + // and "${{ github.token }}" are placeholders, not actual credentials. + var copilotGitHubToken string + if isFeatureEnabled(constants.CopilotRequestsFeatureFlag, workflowData) { + copilotGitHubToken = "${{ github.token }}" + copilotExecLog.Print("Using GitHub Actions token as COPILOT_GITHUB_TOKEN (copilot-requests feature enabled)") + } else { + copilotGitHubToken = "${{ secrets.COPILOT_GITHUB_TOKEN }}" + } env := map[string]string{ "XDG_CONFIG_HOME": "/home/runner", diff --git a/pkg/workflow/copilot_engine_installation.go b/pkg/workflow/copilot_engine_installation.go index c15fcaad7b..258b0621f6 100644 --- a/pkg/workflow/copilot_engine_installation.go +++ b/pkg/workflow/copilot_engine_installation.go @@ -55,13 +55,19 @@ func (e *CopilotEngine) GetInstallationSteps(workflowData *WorkflowData) []GitHu InstallStepName: "Install GitHub Copilot CLI", } - // Add secret validation step - secretValidation := GenerateMultiSecretValidationStep( - config.Secrets, - config.Name, - config.DocsURL, - ) - steps = append(steps, secretValidation) + // Add secret validation step unless copilot-requests feature is enabled. + // When copilot-requests is enabled, the GitHub Actions token is used directly + // (no COPILOT_GITHUB_TOKEN secret required). + if !isFeatureEnabled(constants.CopilotRequestsFeatureFlag, workflowData) { + secretValidation := GenerateMultiSecretValidationStep( + config.Secrets, + config.Name, + config.DocsURL, + ) + steps = append(steps, secretValidation) + } else { + copilotInstallLog.Print("Skipping secret validation step: copilot-requests feature enabled, using GitHub Actions token") + } // Determine Copilot version copilotVersion := config.Version diff --git a/pkg/workflow/permissions.go b/pkg/workflow/permissions.go index 1ad619987c..78dc40674f 100644 --- a/pkg/workflow/permissions.go +++ b/pkg/workflow/permissions.go @@ -43,6 +43,8 @@ func convertStringToPermissionScope(key string) PermissionScope { return PermissionSecurityEvents case "statuses": return PermissionStatuses + case "copilot-requests": + return PermissionCopilotRequests case "all": // "all" is a meta-key handled at the parser level; it is not a real scope return "" @@ -82,6 +84,9 @@ const ( PermissionOrganizationProj PermissionScope = "organization-projects" PermissionSecurityEvents PermissionScope = "security-events" PermissionStatuses PermissionScope = "statuses" + // PermissionCopilotRequests is a GitHub Actions permission scope used with the copilot-requests feature. + // It enables use of the GitHub Actions token as the Copilot authentication token. + PermissionCopilotRequests PermissionScope = "copilot-requests" ) // GetAllPermissionScopes returns all available permission scopes diff --git a/pkg/workflow/tools.go b/pkg/workflow/tools.go index 06021b1c0d..b256c35c17 100644 --- a/pkg/workflow/tools.go +++ b/pkg/workflow/tools.go @@ -181,6 +181,24 @@ func (c *Compiler) applyDefaults(data *WorkflowData, markdownPath string) error } data.Permissions = strings.Join(lines, "\n") } + + // When the copilot-requests feature is enabled, inject copilot-requests: write permission. + // This is required so that the GitHub Actions token has the necessary scope + // to authenticate with the Copilot API. + if isFeatureEnabled(constants.CopilotRequestsFeatureFlag, data) { + perms := NewPermissionsParser(data.Permissions).ToPermissions() + perms.Set(PermissionCopilotRequests, PermissionWrite) + yaml := perms.RenderToYAML() + // Adjust from job-level indentation (6 spaces) to workflow-level (2 spaces) + lines := strings.Split(yaml, "\n") + for i := 1; i < len(lines); i++ { + if strings.HasPrefix(lines[i], " ") { + lines[i] = " " + lines[i][6:] + } + } + data.Permissions = strings.Join(lines, "\n") + } + return nil } From 14473f0085e0b6198bab7d7716977fb040de348f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 02:33:34 +0000 Subject: [PATCH 04/10] feat: enable copilot-requests feature on smoke-copilot workflow - Add features.copilot-requests: true to smoke-copilot.md - Pass data.Features to threatDetectionData in threat_detection.go so the feature flag applies to the detection job as well - Recompile smoke-copilot.lock.yml Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/smoke-copilot.lock.yml | 22 +++++----------------- .github/workflows/smoke-copilot.md | 2 ++ pkg/workflow/threat_detection.go | 3 +++ 3 files changed, 10 insertions(+), 17 deletions(-) diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index f74a53eb61..7cbd743373 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -29,7 +29,7 @@ # - shared/github-queries-safe-input.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"f84cb897ab3a37514906baf0de987adbf90160780c7d3fa2dff0b66603e93e23"} +# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"d8f85237def24565e6e04a7afcf460aab687ec2e8da39e945f8ccd8bdefaf5ed"} name: "Smoke Copilot" "on": @@ -281,6 +281,7 @@ jobs: permissions: actions: read contents: read + copilot-requests: write discussions: read issues: read pull-requests: read @@ -300,7 +301,6 @@ jobs: model: ${{ steps.generate_aw_info.outputs.model }} output: ${{ steps.collect_output.outputs.output }} output_types: ${{ steps.collect_output.outputs.output_types }} - secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }} steps: - name: Checkout actions folder uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -432,11 +432,6 @@ jobs: // Set model as output for reuse in other steps/jobs core.setOutput('model', awInfo.model); - - name: Validate COPILOT_GITHUB_TOKEN secret - id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.com/gh-aw/reference/engines/#github-copilot-default - env: - COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.414 - name: Install awf binary @@ -1679,7 +1674,7 @@ jobs: -- /bin/bash -c '/usr/local/bin/copilot --add-dir /tmp/gh-aw/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --add-dir "${GITHUB_WORKSPACE}" --disable-builtin-mcps --allow-all-tools --add-dir /tmp/gh-aw/cache-memory/ --allow-all-paths --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"${GH_AW_MODEL_AGENT_COPILOT:+ --model "$GH_AW_MODEL_AGENT_COPILOT"}' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: COPILOT_AGENT_RUNNER_TYPE: STANDALONE - COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + COPILOT_GITHUB_TOKEN: ${{ github.token }} GH_AW_GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_AW_MCP_CONFIG: /home/runner/.copilot/mcp-config.json GH_AW_MODEL_AGENT_COPILOT: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} @@ -1740,8 +1735,7 @@ jobs: const { main } = require('/opt/gh-aw/actions/redact_secrets.cjs'); await main(); env: - GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN' - SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + GH_AW_SECRET_NAMES: 'GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN' SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} SECRET_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -1926,7 +1920,6 @@ jobs: GH_AW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GH_AW_AGENT_CONCLUSION: ${{ needs.agent.result }} GH_AW_WORKFLOW_ID: "smoke-copilot" - GH_AW_SECRET_VERIFICATION_RESULT: ${{ needs.agent.outputs.secret_verification_result }} GH_AW_CHECKOUT_PR_SUCCESS: ${{ needs.agent.outputs.checkout_pr_success }} GH_AW_CREATE_DISCUSSION_ERRORS: ${{ needs.safe_outputs.outputs.create_discussion_errors }} GH_AW_CREATE_DISCUSSION_ERROR_COUNT: ${{ needs.safe_outputs.outputs.create_discussion_error_count }} @@ -2029,11 +2022,6 @@ jobs: run: | mkdir -p /tmp/gh-aw/threat-detection touch /tmp/gh-aw/threat-detection/detection.log - - name: Validate COPILOT_GITHUB_TOKEN secret - id: validate-secret - run: /opt/gh-aw/actions/validate_multi_secret.sh COPILOT_GITHUB_TOKEN 'GitHub Copilot CLI' https://github.github.com/gh-aw/reference/engines/#github-copilot-default - env: - COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} - name: Install GitHub Copilot CLI run: /opt/gh-aw/actions/install_copilot_cli.sh 0.0.414 - name: Execute GitHub Copilot CLI @@ -2057,7 +2045,7 @@ jobs: copilot --add-dir /tmp/ --add-dir /tmp/gh-aw/ --add-dir /tmp/gh-aw/agent/ --log-level all --log-dir /tmp/gh-aw/sandbox/agent/logs/ --disable-builtin-mcps --allow-tool 'shell(cat)' --allow-tool 'shell(grep)' --allow-tool 'shell(head)' --allow-tool 'shell(jq)' --allow-tool 'shell(ls)' --allow-tool 'shell(tail)' --allow-tool 'shell(wc)' --prompt "$COPILOT_CLI_INSTRUCTION"${GH_AW_MODEL_DETECTION_COPILOT:+ --model "$GH_AW_MODEL_DETECTION_COPILOT"} 2>&1 | tee /tmp/gh-aw/threat-detection/detection.log env: COPILOT_AGENT_RUNNER_TYPE: STANDALONE - COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} + COPILOT_GITHUB_TOKEN: ${{ github.token }} GH_AW_MODEL_DETECTION_COPILOT: ${{ vars.GH_AW_MODEL_DETECTION_COPILOT || '' }} GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GITHUB_HEAD_REF: ${{ github.head_ref }} diff --git a/.github/workflows/smoke-copilot.md b/.github/workflows/smoke-copilot.md index ce3ce7f9cc..49425cb046 100644 --- a/.github/workflows/smoke-copilot.md +++ b/.github/workflows/smoke-copilot.md @@ -108,6 +108,8 @@ safe-outputs: run-failure: "๐Ÿ“ฐ DEVELOPING STORY: [{workflow_name}]({run_url}) reports {status}. Our correspondents are investigating the incident..." timeout-minutes: 15 strict: true +features: + copilot-requests: true --- # Smoke Test: Copilot Engine Validation diff --git a/pkg/workflow/threat_detection.go b/pkg/workflow/threat_detection.go index ecdafff0d1..975d23a52c 100644 --- a/pkg/workflow/threat_detection.go +++ b/pkg/workflow/threat_detection.go @@ -357,6 +357,8 @@ func (c *Compiler) buildEngineSteps(data *WorkflowData) []string { // Create minimal WorkflowData for threat detection // Configure bash read tools for accessing the agent output file + // Features are inherited from the main workflow data so feature flags + // (e.g. copilot-requests) apply consistently to both agent and detection jobs. threatDetectionData := &WorkflowData{ Tools: map[string]any{ "bash": []any{"cat", "head", "tail", "wc", "grep", "ls", "jq"}, @@ -365,6 +367,7 @@ func (c *Compiler) buildEngineSteps(data *WorkflowData) []string { Network: "", EngineConfig: detectionEngineConfig, AI: engineSetting, + Features: data.Features, } var steps []string From 2fb0818c0727bb11ba151bed632aad8f4bfcf700 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 02:44:47 +0000 Subject: [PATCH 05/10] Merge branch 'main' into copilot/add-copilot-requests-feature-another-one Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/agentic_engine.go | 17 ++- pkg/workflow/claude_engine.go | 1 + pkg/workflow/claude_engine_test.go | 52 ++++++++ pkg/workflow/codex_engine_test.go | 52 ++++++++ pkg/workflow/copilot_engine_installation.go | 1 + pkg/workflow/copilot_engine_test.go | 52 ++++++++ pkg/workflow/engine_helpers.go | 11 ++ pkg/workflow/gemini_engine.go | 16 +++ pkg/workflow/gemini_engine_test.go | 38 ++++++ pkg/workflow/secret_validation_test.go | 134 +++++++++++++++++++- 10 files changed, 370 insertions(+), 4 deletions(-) diff --git a/pkg/workflow/agentic_engine.go b/pkg/workflow/agentic_engine.go index 5e983cff59..9028b57508 100644 --- a/pkg/workflow/agentic_engine.go +++ b/pkg/workflow/agentic_engine.go @@ -439,7 +439,10 @@ func GenerateSecretValidationStep(secretName, engineName, docsURL string) GitHub // secretNames: slice of secret names to validate (e.g., []string{"CODEX_API_KEY", "OPENAI_API_KEY"}) // engineName: the display name of the engine (e.g., "Codex") // docsURL: URL to the documentation page for setting up the secret -func GenerateMultiSecretValidationStep(secretNames []string, engineName, docsURL string) GitHubActionStep { +// envOverrides: optional map of env var key to expression override (from engine.env); when set, +// the overridden expression is used instead of the default "${{ secrets.KEY }}" so the +// validation step checks the user-provided secret reference rather than the default one. +func GenerateMultiSecretValidationStep(secretNames []string, engineName, docsURL string, envOverrides map[string]string) GitHubActionStep { if len(secretNames) == 0 { // This is a programming error - engine configurations should always provide secrets // Log the error and return empty step to avoid breaking compilation @@ -463,9 +466,17 @@ func GenerateMultiSecretValidationStep(secretNames []string, engineName, docsURL " env:", } - // Add env section with all secrets + // Add env section with all secrets. When engine.env provides an override for a key, + // use that expression (e.g. "${{ secrets.MY_ORG_TOKEN }}") so the validation step + // validates the user-supplied secret instead of the default one. for _, secretName := range secretNames { - stepLines = append(stepLines, fmt.Sprintf(" %s: ${{ secrets.%s }}", secretName, secretName)) + expr := fmt.Sprintf("${{ secrets.%s }}", secretName) + if envOverrides != nil { + if override, ok := envOverrides[secretName]; ok { + expr = override + } + } + stepLines = append(stepLines, fmt.Sprintf(" %s: %s", secretName, expr)) } return GitHubActionStep(stepLines) diff --git a/pkg/workflow/claude_engine.go b/pkg/workflow/claude_engine.go index d9df8b4173..1f7b54b6fd 100644 --- a/pkg/workflow/claude_engine.go +++ b/pkg/workflow/claude_engine.go @@ -94,6 +94,7 @@ func (e *ClaudeEngine) GetInstallationSteps(workflowData *WorkflowData) []GitHub config.Secrets, config.Name, config.DocsURL, + getEngineEnvOverrides(workflowData), ) steps = append(steps, secretValidation) diff --git a/pkg/workflow/claude_engine_test.go b/pkg/workflow/claude_engine_test.go index 5ed7476a11..51b546b3af 100644 --- a/pkg/workflow/claude_engine_test.go +++ b/pkg/workflow/claude_engine_test.go @@ -523,3 +523,55 @@ func TestClaudeEngineSkipInstallationWithCommand(t *testing.T) { t.Errorf("Expected 0 installation steps when command is specified, got %d", len(steps)) } } + +func TestClaudeEngineEnvOverridesTokenExpression(t *testing.T) { + engine := NewClaudeEngine() + + t.Run("engine env overrides default token expression", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + "ANTHROPIC_API_KEY": "${{ secrets.MY_ORG_ANTHROPIC_KEY }}", + }, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + if len(steps) != 1 { + t.Fatalf("Expected 1 step, got %d", len(steps)) + } + + stepContent := strings.Join([]string(steps[0]), "\n") + + // engine.env override should replace the default token expression + if !strings.Contains(stepContent, "ANTHROPIC_API_KEY: ${{ secrets.MY_ORG_ANTHROPIC_KEY }}") { + t.Errorf("Expected engine.env to override ANTHROPIC_API_KEY, got:\n%s", stepContent) + } + if strings.Contains(stepContent, "ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}") { + t.Errorf("Default ANTHROPIC_API_KEY expression should be replaced by engine.env override, got:\n%s", stepContent) + } + }) + + t.Run("engine env adds extra environment variables", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + "CUSTOM_VAR": "custom-value", + }, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + if len(steps) != 1 { + t.Fatalf("Expected 1 step, got %d", len(steps)) + } + + stepContent := strings.Join([]string(steps[0]), "\n") + + if !strings.Contains(stepContent, "CUSTOM_VAR: custom-value") { + t.Errorf("Expected engine.env to add CUSTOM_VAR, got:\n%s", stepContent) + } + }) +} diff --git a/pkg/workflow/codex_engine_test.go b/pkg/workflow/codex_engine_test.go index d185d4f7d4..cb53b4e925 100644 --- a/pkg/workflow/codex_engine_test.go +++ b/pkg/workflow/codex_engine_test.go @@ -770,3 +770,55 @@ func TestCodexEngineSkipInstallationWithCommand(t *testing.T) { t.Errorf("Expected 0 installation steps when command is specified, got %d", len(steps)) } } + +func TestCodexEngineEnvOverridesTokenExpression(t *testing.T) { + engine := NewCodexEngine() + + t.Run("engine env overrides default token expression", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + "CODEX_API_KEY": "${{ secrets.MY_ORG_CODEX_KEY }}", + }, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + if len(steps) != 1 { + t.Fatalf("Expected 1 step, got %d", len(steps)) + } + + stepContent := strings.Join([]string(steps[0]), "\n") + + // engine.env override should replace the default token expression + if !strings.Contains(stepContent, "CODEX_API_KEY: ${{ secrets.MY_ORG_CODEX_KEY }}") { + t.Errorf("Expected engine.env to override CODEX_API_KEY, got:\n%s", stepContent) + } + if strings.Contains(stepContent, "CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }}") { + t.Errorf("Default CODEX_API_KEY expression should be replaced by engine.env override, got:\n%s", stepContent) + } + }) + + t.Run("engine env adds extra environment variables", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + "CUSTOM_VAR": "custom-value", + }, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + if len(steps) != 1 { + t.Fatalf("Expected 1 step, got %d", len(steps)) + } + + stepContent := strings.Join([]string(steps[0]), "\n") + + if !strings.Contains(stepContent, "CUSTOM_VAR: custom-value") { + t.Errorf("Expected engine.env to add CUSTOM_VAR, got:\n%s", stepContent) + } + }) +} diff --git a/pkg/workflow/copilot_engine_installation.go b/pkg/workflow/copilot_engine_installation.go index 258b0621f6..2b8c6e0d52 100644 --- a/pkg/workflow/copilot_engine_installation.go +++ b/pkg/workflow/copilot_engine_installation.go @@ -63,6 +63,7 @@ func (e *CopilotEngine) GetInstallationSteps(workflowData *WorkflowData) []GitHu config.Secrets, config.Name, config.DocsURL, + getEngineEnvOverrides(workflowData), ) steps = append(steps, secretValidation) } else { diff --git a/pkg/workflow/copilot_engine_test.go b/pkg/workflow/copilot_engine_test.go index 553851931f..57ef5762d4 100644 --- a/pkg/workflow/copilot_engine_test.go +++ b/pkg/workflow/copilot_engine_test.go @@ -1505,3 +1505,55 @@ func TestGenerateCopilotSessionFileCopyStep(t *testing.T) { t.Error("Step should be marked continue-on-error") } } + +func TestCopilotEngineEnvOverridesTokenExpression(t *testing.T) { + engine := NewCopilotEngine() + + t.Run("engine env overrides default token expression", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + "COPILOT_GITHUB_TOKEN": "${{ secrets.MY_ORG_COPILOT_TOKEN }}", + }, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + if len(steps) != 1 { + t.Fatalf("Expected 1 step, got %d", len(steps)) + } + + stepContent := strings.Join([]string(steps[0]), "\n") + + // engine.env override should replace the default token expression + if !strings.Contains(stepContent, "COPILOT_GITHUB_TOKEN: ${{ secrets.MY_ORG_COPILOT_TOKEN }}") { + t.Errorf("Expected engine.env to override COPILOT_GITHUB_TOKEN, got:\n%s", stepContent) + } + if strings.Contains(stepContent, "COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}") { + t.Errorf("Default COPILOT_GITHUB_TOKEN expression should be replaced by engine.env override, got:\n%s", stepContent) + } + }) + + t.Run("engine env adds extra environment variables", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + "CUSTOM_VAR": "custom-value", + }, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/gh-aw/test.log") + if len(steps) != 1 { + t.Fatalf("Expected 1 step, got %d", len(steps)) + } + + stepContent := strings.Join([]string(steps[0]), "\n") + + if !strings.Contains(stepContent, "CUSTOM_VAR: custom-value") { + t.Errorf("Expected engine.env to add CUSTOM_VAR, got:\n%s", stepContent) + } + }) +} diff --git a/pkg/workflow/engine_helpers.go b/pkg/workflow/engine_helpers.go index eaa58ff181..255b096dfd 100644 --- a/pkg/workflow/engine_helpers.go +++ b/pkg/workflow/engine_helpers.go @@ -61,6 +61,16 @@ type EngineInstallConfig struct { InstallStepName string } +// getEngineEnvOverrides returns the engine.env map from workflowData, or nil if not set. +// This is used to pass user-provided env overrides to steps such as secret validation, +// so that overridden token expressions are used instead of the default "${{ secrets.KEY }}". +func getEngineEnvOverrides(workflowData *WorkflowData) map[string]string { + if workflowData == nil || workflowData.EngineConfig == nil { + return nil + } + return workflowData.EngineConfig.Env +} + // GetBaseInstallationSteps returns the common installation steps for an engine. // This includes secret validation and npm package installation steps that are // shared across all engines. @@ -81,6 +91,7 @@ func GetBaseInstallationSteps(config EngineInstallConfig, workflowData *Workflow config.Secrets, config.Name, config.DocsURL, + getEngineEnvOverrides(workflowData), ) steps = append(steps, secretValidation) diff --git a/pkg/workflow/gemini_engine.go b/pkg/workflow/gemini_engine.go index ed9a052461..232ad15c55 100644 --- a/pkg/workflow/gemini_engine.go +++ b/pkg/workflow/gemini_engine.go @@ -2,6 +2,7 @@ package workflow import ( "fmt" + "maps" "github.com/github/gh-aw/pkg/constants" "github.com/github/gh-aw/pkg/logger" @@ -111,6 +112,7 @@ func (e *GeminiEngine) GetInstallationSteps(workflowData *WorkflowData) []GitHub config.Secrets, config.Name, config.DocsURL, + getEngineEnvOverrides(workflowData), ) steps = append(steps, secretValidation) @@ -278,6 +280,20 @@ func (e *GeminiEngine) GetExecutionSteps(workflowData *WorkflowData, logFile str env[constants.GeminiCLIModelEnvVar] = workflowData.EngineConfig.Model } + // Add custom environment variables from engine config. + // This allows users to override the default engine token expression (e.g. + // GEMINI_API_KEY: ${{ secrets.MY_ORG_GEMINI_KEY }}) via engine.env. + if workflowData.EngineConfig != nil && len(workflowData.EngineConfig.Env) > 0 { + maps.Copy(env, workflowData.EngineConfig.Env) + } + + // Add custom environment variables from agent config + agentConfig := getAgentConfig(workflowData) + if agentConfig != nil && len(agentConfig.Env) > 0 { + maps.Copy(env, agentConfig.Env) + geminiLog.Printf("Added %d custom env vars from agent config", len(agentConfig.Env)) + } + // Generate the execution step stepLines := []string{ " - name: Execute Gemini CLI", diff --git a/pkg/workflow/gemini_engine_test.go b/pkg/workflow/gemini_engine_test.go index 4c74e1e360..9a33dd24d2 100644 --- a/pkg/workflow/gemini_engine_test.go +++ b/pkg/workflow/gemini_engine_test.go @@ -259,6 +259,44 @@ func TestGeminiEngineExecution(t *testing.T) { assert.Contains(t, stepContent, "GEMINI_MODEL: gemini-2.0-flash", "Should set GEMINI_MODEL when model is explicitly configured") }) + t.Run("engine env overrides default token expression", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + "GEMINI_API_KEY": "${{ secrets.MY_ORG_GEMINI_KEY }}", + }, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/test.log") + require.Len(t, steps, 2, "Should generate settings step and execution step") + + stepContent := strings.Join(steps[1], "\n") + + // The user-provided value should override the default token expression + assert.Contains(t, stepContent, "GEMINI_API_KEY: ${{ secrets.MY_ORG_GEMINI_KEY }}", "engine.env should override the default GEMINI_API_KEY expression") + assert.NotContains(t, stepContent, "GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}", "Default GEMINI_API_KEY expression should be replaced by engine.env") + }) + + t.Run("engine env adds custom non-secret env vars", func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + "CUSTOM_VAR": "custom-value", + }, + }, + } + + steps := engine.GetExecutionSteps(workflowData, "/tmp/test.log") + require.Len(t, steps, 2, "Should generate settings step and execution step") + + stepContent := strings.Join(steps[1], "\n") + + assert.Contains(t, stepContent, "CUSTOM_VAR: custom-value", "engine.env non-secret vars should be included") + }) + t.Run("settings step is first", func(t *testing.T) { workflowData := &WorkflowData{ Name: "test-workflow", diff --git a/pkg/workflow/secret_validation_test.go b/pkg/workflow/secret_validation_test.go index 7811cf071e..c8124b53fd 100644 --- a/pkg/workflow/secret_validation_test.go +++ b/pkg/workflow/secret_validation_test.go @@ -111,7 +111,7 @@ func TestGenerateMultiSecretValidationStep(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - step := GenerateMultiSecretValidationStep(tt.secretNames, tt.engineName, tt.docsURL) + step := GenerateMultiSecretValidationStep(tt.secretNames, tt.engineName, tt.docsURL, nil) stepContent := strings.Join(step, "\n") for _, want := range tt.wantStrings { @@ -215,3 +215,135 @@ func TestCodexEngineHasSecretValidation(t *testing.T) { t.Error("Should pass both CODEX_API_KEY and OPENAI_API_KEY to the script") } } + +func TestGenerateMultiSecretValidationStepWithEnvOverrides(t *testing.T) { + t.Run("override replaces default secret expression", func(t *testing.T) { + overrides := map[string]string{ + "COPILOT_GITHUB_TOKEN": "${{ secrets.MY_ORG_COPILOT_TOKEN }}", + } + step := GenerateMultiSecretValidationStep( + []string{"COPILOT_GITHUB_TOKEN"}, + "GitHub Copilot CLI", + "https://docs.example.com", + overrides, + ) + stepContent := strings.Join(step, "\n") + + if !strings.Contains(stepContent, "COPILOT_GITHUB_TOKEN: ${{ secrets.MY_ORG_COPILOT_TOKEN }}") { + t.Errorf("Expected overridden expression in validation step env, got:\n%s", stepContent) + } + if strings.Contains(stepContent, "COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}") { + t.Errorf("Default expression should be replaced by override, got:\n%s", stepContent) + } + }) + + t.Run("nil overrides uses default secret expressions", func(t *testing.T) { + step := GenerateMultiSecretValidationStep( + []string{"COPILOT_GITHUB_TOKEN"}, + "GitHub Copilot CLI", + "https://docs.example.com", + nil, + ) + stepContent := strings.Join(step, "\n") + + if !strings.Contains(stepContent, "COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}") { + t.Errorf("Expected default expression when overrides is nil, got:\n%s", stepContent) + } + }) + + t.Run("partial override only replaces matching keys", func(t *testing.T) { + overrides := map[string]string{ + "CODEX_API_KEY": "${{ secrets.MY_ORG_CODEX_KEY }}", + } + step := GenerateMultiSecretValidationStep( + []string{"CODEX_API_KEY", "OPENAI_API_KEY"}, + "Codex", + "https://docs.example.com", + overrides, + ) + stepContent := strings.Join(step, "\n") + + if !strings.Contains(stepContent, "CODEX_API_KEY: ${{ secrets.MY_ORG_CODEX_KEY }}") { + t.Errorf("Expected overridden CODEX_API_KEY expression, got:\n%s", stepContent) + } + if !strings.Contains(stepContent, "OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}") { + t.Errorf("Expected default OPENAI_API_KEY expression (not overridden), got:\n%s", stepContent) + } + }) +} + +func TestValidationStepUsesEngineEnvOverride(t *testing.T) { + tests := []struct { + name string + engine CodingAgentEngine + tokenKey string + overrideSecret string + }{ + { + name: "Copilot engine validation uses engine.env override", + engine: NewCopilotEngine(), + tokenKey: "COPILOT_GITHUB_TOKEN", + overrideSecret: "MY_ORG_COPILOT_TOKEN", + }, + { + name: "Claude engine validation uses engine.env override", + engine: NewClaudeEngine(), + tokenKey: "ANTHROPIC_API_KEY", + overrideSecret: "MY_ORG_ANTHROPIC_KEY", + }, + { + name: "Codex engine validation uses engine.env override", + engine: NewCodexEngine(), + tokenKey: "CODEX_API_KEY", + overrideSecret: "MY_ORG_CODEX_KEY", + }, + { + name: "Gemini engine validation uses engine.env override", + engine: NewGeminiEngine(), + tokenKey: "GEMINI_API_KEY", + overrideSecret: "MY_ORG_GEMINI_KEY", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + workflowData := &WorkflowData{ + Name: "test-workflow", + EngineConfig: &EngineConfig{ + Env: map[string]string{ + tt.tokenKey: fmt.Sprintf("${{ secrets.%s }}", tt.overrideSecret), + }, + }, + } + + steps := tt.engine.GetInstallationSteps(workflowData) + if len(steps) < 1 { + t.Fatal("Expected at least one installation step") + } + + // Find the validate-secret step + var validationStep string + for _, step := range steps { + content := strings.Join(step, "\n") + if strings.Contains(content, "id: validate-secret") { + validationStep = content + break + } + } + if validationStep == "" { + t.Fatal("Expected to find a validate-secret step") + } + + // The validation step should use the overridden secret expression + expectedExpr := fmt.Sprintf("%s: ${{ secrets.%s }}", tt.tokenKey, tt.overrideSecret) + if !strings.Contains(validationStep, expectedExpr) { + t.Errorf("Validation step should use overridden secret expression %q, got:\n%s", expectedExpr, validationStep) + } + // The default expression should NOT be present + defaultExpr := fmt.Sprintf("%s: ${{ secrets.%s }}", tt.tokenKey, tt.tokenKey) + if strings.Contains(validationStep, defaultExpr) { + t.Errorf("Validation step should NOT use default expression %q when engine.env overrides it, got:\n%s", defaultExpr, validationStep) + } + }) + } +} From abc6e86ff2fcd49b3fe9b42889bd446982c897d8 Mon Sep 17 00:00:00 2001 From: Codex Date: Tue, 24 Feb 2026 03:00:29 +0000 Subject: [PATCH 06/10] Add changeset [skip-ci] --- .changeset/patch-add-copilot-requests-feature.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/patch-add-copilot-requests-feature.md diff --git a/.changeset/patch-add-copilot-requests-feature.md b/.changeset/patch-add-copilot-requests-feature.md new file mode 100644 index 0000000000..c49a82f446 --- /dev/null +++ b/.changeset/patch-add-copilot-requests-feature.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Added the `features.copilot-requests` feature flag so GitHub Actions token authentication and threat detection jobs honor the new Copilot requests flow. From 096459aa2a22680365170acd19fae8e9ec95e9a5 Mon Sep 17 00:00:00 2001 From: Smoke Test Agent Date: Tue, 24 Feb 2026 03:05:26 +0000 Subject: [PATCH 07/10] test: Add smoke test file for Run 22334678781 --- .github/smoke-tests/claude-22334678781.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/smoke-tests/claude-22334678781.txt diff --git a/.github/smoke-tests/claude-22334678781.txt b/.github/smoke-tests/claude-22334678781.txt new file mode 100644 index 0000000000..4747a7af26 --- /dev/null +++ b/.github/smoke-tests/claude-22334678781.txt @@ -0,0 +1 @@ +Smoke test push verification - Run 22334678781 From 80e2356158f59c00dd5084f041691c26084b0500 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 03:14:03 +0000 Subject: [PATCH 08/10] fix: inject copilot-requests: write permission into threat detection job Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/smoke-copilot.lock.yml | 1 + pkg/workflow/threat_detection.go | 9 +++++++++ pkg/workflow/tools.go | 6 ++++-- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 7cbd743373..c76ada36a0 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1975,6 +1975,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + copilot-requests: write timeout-minutes: 10 outputs: success: ${{ steps.parse_results.outputs.success }} diff --git a/pkg/workflow/threat_detection.go b/pkg/workflow/threat_detection.go index 975d23a52c..1cd00f80e4 100644 --- a/pkg/workflow/threat_detection.go +++ b/pkg/workflow/threat_detection.go @@ -129,6 +129,15 @@ func (c *Compiler) buildThreatDetectionJob(data *WorkflowData, mainJobName strin permissions = NewPermissionsEmpty().RenderToYAML() } + // When the copilot-requests feature is enabled, inject copilot-requests: write permission. + // This is required so the GitHub Actions token has the necessary scope to authenticate + // with the Copilot API in the detection job (mirrors the agent job logic in tools.go). + if isFeatureEnabled(constants.CopilotRequestsFeatureFlag, data) { + perms := NewPermissionsParser(permissions).ToPermissions() + perms.Set(PermissionCopilotRequests, PermissionWrite) + permissions = perms.RenderToYAML() + } + // Generate agent concurrency configuration (same as main agent job) agentConcurrency := GenerateJobConcurrencyConfig(data) diff --git a/pkg/workflow/tools.go b/pkg/workflow/tools.go index b256c35c17..5495757b65 100644 --- a/pkg/workflow/tools.go +++ b/pkg/workflow/tools.go @@ -154,8 +154,10 @@ func (c *Compiler) applyDefaults(data *WorkflowData, markdownPath string) error data.ParsedTools = NewTools(data.Tools) // Check if permissions is explicitly empty ({}) - this means user wants no permissions - // In this case, we should NOT apply default read-all - if data.Permissions == "permissions: {}" { + // In this case, we should NOT apply default read-all. + // Exception: if copilot-requests feature is enabled, we still need to fall through + // so the injection block below can add copilot-requests: write. + if data.Permissions == "permissions: {}" && !isFeatureEnabled(constants.CopilotRequestsFeatureFlag, data) { // Explicitly empty permissions - preserve the empty state // The agent job in dev mode will add contents: read if needed for local actions return nil From 98e189907ab579c0a38843544b426737700ec0a2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Feb 2026 04:28:43 +0000 Subject: [PATCH 09/10] fix: add S2STOKENS=true env var to Copilot execution when copilot-requests feature is enabled Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/smoke-copilot.lock.yml | 2 ++ pkg/workflow/copilot_engine_execution.go | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index ab5e479b94..eb2cc7ea5b 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -1688,6 +1688,7 @@ jobs: GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} + S2STOKENS: true XDG_CONFIG_HOME: /home/runner - name: Configure Git credentials env: @@ -2055,6 +2056,7 @@ jobs: GITHUB_REF_NAME: ${{ github.ref_name }} GITHUB_STEP_SUMMARY: ${{ env.GITHUB_STEP_SUMMARY }} GITHUB_WORKSPACE: ${{ github.workspace }} + S2STOKENS: true XDG_CONFIG_HOME: /home/runner - name: Parse threat detection results id: parse_results diff --git a/pkg/workflow/copilot_engine_execution.go b/pkg/workflow/copilot_engine_execution.go index f565904efd..73539ac2b9 100644 --- a/pkg/workflow/copilot_engine_execution.go +++ b/pkg/workflow/copilot_engine_execution.go @@ -231,7 +231,8 @@ COPILOT_CLI_INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" // that the runtime replaces with actual values. The strings "${{ secrets.COPILOT_GITHUB_TOKEN }}" // and "${{ github.token }}" are placeholders, not actual credentials. var copilotGitHubToken string - if isFeatureEnabled(constants.CopilotRequestsFeatureFlag, workflowData) { + useCopilotRequests := isFeatureEnabled(constants.CopilotRequestsFeatureFlag, workflowData) + if useCopilotRequests { copilotGitHubToken = "${{ github.token }}" copilotExecLog.Print("Using GitHub Actions token as COPILOT_GITHUB_TOKEN (copilot-requests feature enabled)") } else { @@ -248,6 +249,12 @@ COPILOT_CLI_INSTRUCTION="$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" "GITHUB_WORKSPACE": "${{ github.workspace }}", } + // When copilot-requests feature is enabled, set S2STOKENS=true to allow the Copilot CLI + // to accept GitHub App installation tokens (ghs_*) such as ${{ github.token }}. + if useCopilotRequests { + env["S2STOKENS"] = "true" + } + // Always add GH_AW_PROMPT for agentic workflows env["GH_AW_PROMPT"] = "/tmp/gh-aw/aw-prompts/prompt.txt" From 9185866daa52c34b81103ca9bfc4da1965f908a3 Mon Sep 17 00:00:00 2001 From: Codex Date: Tue, 24 Feb 2026 04:58:33 +0000 Subject: [PATCH 10/10] Add changeset [skip-ci] --- .changeset/patch-add-copilot-requests-feature.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/patch-add-copilot-requests-feature.md b/.changeset/patch-add-copilot-requests-feature.md index c49a82f446..d8999ee06e 100644 --- a/.changeset/patch-add-copilot-requests-feature.md +++ b/.changeset/patch-add-copilot-requests-feature.md @@ -2,4 +2,4 @@ "gh-aw": patch --- -Added the `features.copilot-requests` feature flag so GitHub Actions token authentication and threat detection jobs honor the new Copilot requests flow. +Documented the `features.copilot-requests` feature flag so GitHub Actions token authentication, threat detection permissions, and the Copilot CLI execution environment honor the Copilot requests flow (injecting `copilot-requests: write` permissions and enabling `S2STOKENS=true`).