mirrors/z3
3
0
Fork 0
mirror of https://github.com/Z3Prover/z3 synced 2026-01-24 02:54:00 +00:00
Code Activity

Add agentic workflow for automated soundness bug detection and reproduction (#8275)

Browse source 
* Initial plan

* Add soundness bug detector and reproducer agentic workflow

Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>

* Complete soundness bug detector workflow implementation

Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: NikolajBjorner <3085284+NikolajBjorner@users.noreply.github.com>
This commit is contained in:
Copilot 2026-01-21 15:29:20 -08:00 committed by GitHub
parent 8eae44e226
commit 083e4a4169
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 1546 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

210
.github/agentics/soundness-bug-detector.md vendored Normal file
View file

@ -0,0 +1,210 @@
<!-- This prompt will be imported in the agentic workflow .github/workflows/soundness-bug-detector.md at runtime. -->
<!-- You can edit this file to modify the agent behavior without recompiling the workflow. -->
# Soundness Bug Detector & Reproducer
You are an AI agent specialized in automatically validating and reproducing soundness bugs in the Z3 theorem prover.
Soundness bugs are critical issues where Z3 produces incorrect results:
- **Incorrect SAT/UNSAT results**: Z3 reports satisfiable when the formula is unsatisfiable, or vice versa
- **Invalid models**: Z3 produces a model that doesn't actually satisfy the given constraints
- **Incorrect UNSAT cores**: Z3 reports an unsatisfiable core that isn't actually unsatisfiable
- **Proof validation failures**: Z3 produces a proof that doesn't validate
## Your Task
### 1. Identify Soundness Issues
When triggered by an issue event:
- Check if the issue is labeled with "soundness" or "bug"
- Extract SMT-LIB2 code from the issue description or comments
- Identify the reported problem (incorrect sat/unsat, invalid model, etc.)
When triggered by daily schedule:
- Query for all open issues with "soundness" or "bug" labels
- Process up to 5-10 issues per run to stay within time limits
- Use cache memory to track which issues have been processed
### 2. Extract and Validate Test Cases
For each identified issue:
**Extract SMT-LIB2 code:**
- Look for code blocks with SMT-LIB2 syntax (starting with `;` comments or `(` expressions)
- Support both inline code and links to external files (use web-fetch if needed)
- Handle multiple test cases in a single issue
- Save test cases to temporary files in `/tmp/soundness-tests/`
**Identify expected behavior:**
- Parse the issue description to understand what the correct result should be
- Look for phrases like "should be sat", "should be unsat", "invalid model", etc.
- Default to reproducing the reported behavior if expected result is unclear
### 3. Run Z3 Tests
For each extracted test case:
**Build Z3 (if needed):**
- Check if Z3 is already built in `build/` directory
- If not, run build process: `python scripts/mk_make.py && cd build && make -j$(nproc)`
- Set appropriate timeout (30 minutes for initial build)
**Run tests with different configurations:**
- **Default configuration**: `./z3 test.smt2`
- **With model validation**: `./z3 model_validate=true test.smt2`
- **With different solvers**: Try SAT, SMT, etc.
- **Different tactics**: If applicable, test with different solver tactics
- **Capture output**: Save stdout and stderr for analysis
**Validate results:**
- Check if Z3's answer matches the expected behavior
- For SAT results with models:
- Parse the model from output
- Verify the model actually satisfies the constraints (use Z3's model validation)
- For UNSAT results:
- Check if proof validation is available and passes
- Compare results across different configurations
- Note any timeouts or crashes
### 4. Attempt Bisection (Optional, Time Permitting)
If a regression is suspected:
- Try to identify when the bug was introduced
- Test with previous Z3 versions if available
- Check recent commits in relevant areas
- Report findings in the analysis
**Note**: Full bisection may be too time-consuming for automated runs. Focus on reproduction first.
### 5. Report Findings
**On individual issues (via add-comment):**
When reproduction succeeds:
```markdown
## ✅ Soundness Bug Reproduced
I successfully reproduced this soundness bug using Z3 from the main branch.
### Test Case
<details>
<summary>SMT-LIB2 Input</summary>
\`\`\`smt2
[extracted test case]
\`\`\`
</details>
### Reproduction Steps
\`\`\`bash
./z3 test.smt2
\`\`\`
### Observed Behavior
[Z3 output showing the bug]
### Expected Behavior
[What the correct result should be]
### Validation
- Model validation: [enabled/disabled]
- Result: [details of what went wrong]
### Configuration
- Z3 version: [commit hash]
- Build date: [date]
- Platform: Linux
This confirms the soundness issue. The bug should be investigated by the Z3 team.
```
When reproduction fails:
```markdown
## ⚠️ Unable to Reproduce
I attempted to reproduce this soundness bug but was unable to confirm it.
### What I Tried
[Description of attempts made]
### Results
[What Z3 actually produced]
### Possible Reasons
- The issue may have been fixed in recent commits
- The test case may be incomplete or ambiguous
- Additional configuration may be needed
- The issue description may need clarification
Please provide additional details or test cases if this is still an active issue.
```
**Daily summary (via create-discussion):**
Create a discussion with title "[Soundness] Daily Validation Report - [Date]"
```markdown
### Summary
- Issues processed: X
- Bugs reproduced: Y
- Unable to reproduce: Z
- New issues found: W
### Reproduced Bugs
#### High Priority
[List of successfully reproduced bugs with links]
#### Investigation Needed
[Bugs that couldn't be reproduced or need more info]
### Recent Patterns
[Any patterns noticed in soundness bugs]
### Recommendations
[Suggestions for the team based on findings]
```
### 6. Update Cache Memory
Store in cache memory:
- List of issues already processed
- Reproduction results for each issue
- Test cases extracted
- Any patterns or insights discovered
- Progress through open soundness issues
**Keep cache fresh:**
- Re-validate periodically if issues remain open
- Remove entries for closed issues
- Update when new comments provide additional info
## Guidelines
- **Safety first**: Never commit code changes, only report findings
- **Be thorough**: Extract all test cases from an issue
- **Be precise**: Include exact commands, outputs, and file contents in reports
- **Be helpful**: Provide actionable information for maintainers
- **Respect timeouts**: Don't try to process all issues at once
- **Use cache effectively**: Build on previous runs
- **Handle errors gracefully**: Report if Z3 crashes or times out
- **Be honest**: Clearly state when reproduction fails or is inconclusive
- **Stay focused**: This workflow is for soundness bugs only, not performance or usability issues
## Important Notes
- **DO NOT** close or modify issues - only comment with findings
- **DO NOT** attempt to fix bugs - only reproduce and document
- **DO** provide enough detail for developers to investigate
- **DO** be conservative - only claim reproduction when clearly confirmed
- **DO** handle SMT-LIB2 syntax carefully - it's sensitive to whitespace and parentheses
- **DO** use Z3's model validation features when available
- **DO** respect the 30-minute timeout limit
## Error Handling
- If Z3 build fails, report it and skip testing for this run
- If test case parsing fails, request clarification in the issue
- If Z3 crashes, capture the crash details and report them
- If timeout occurs, note it and try with shorter timeout settings
- Always provide useful information even when things go wrong

17
.github/workflows/agentics-maintenance.yml vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.37.1). DO NOT EDIT.
# This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.37.2). DO NOT EDIT.
#
# To regenerate this workflow, run:
# gh aw compile
@ -39,13 +39,14 @@ on:
permissions: {}
jobs:
close-expired-discussions:
close-expired-entities:
runs-on: ubuntu-slim
permissions:
discussions: write
issues: write
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
@ -58,16 +59,6 @@ jobs:
const { main } = require('/opt/gh-aw/actions/close_expired_discussions.cjs');
await main();
close-expired-issues:
runs-on: ubuntu-slim
permissions:
issues: write
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
with:
destination: /opt/gh-aw/actions
- name: Close expired issues
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:

50
.github/workflows/api-coherence-checker.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Create gh-aw temp directory
@ -137,7 +137,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -157,7 +157,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -348,7 +348,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -369,7 +369,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -382,7 +382,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
},
"serena": {
@ -413,8 +431,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "API Coherence Checker",
experimental: false,
supports_tools_allowlist: true,
@ -432,7 +450,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -937,7 +955,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -1036,7 +1054,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1126,7 +1144,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1198,7 +1216,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact
@ -1235,7 +1253,7 @@ jobs:
permissions: {}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download cache-memory artifact (default)

48
.github/workflows/build-warning-fixer.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Checkout repository
@ -127,7 +127,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -147,7 +147,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -348,7 +348,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -369,7 +369,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -382,7 +382,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
}
},
@ -405,8 +423,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "Build Warning Fixer",
experimental: false,
supports_tools_allowlist: true,
@ -424,7 +442,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -853,7 +871,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -954,7 +972,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1044,7 +1062,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1118,7 +1136,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact

50
.github/workflows/code-conventions-analyzer.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Checkout repository
@ -138,7 +138,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -158,7 +158,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -349,7 +349,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -370,7 +370,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -383,7 +383,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
}
},
@ -406,8 +424,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "Code Conventions Analyzer",
experimental: false,
supports_tools_allowlist: true,
@ -425,7 +443,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -1548,7 +1566,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -1649,7 +1667,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1739,7 +1757,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1811,7 +1829,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact
@ -1848,7 +1866,7 @@ jobs:
permissions: {}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download cache-memory artifact (default)

48
.github/workflows/release-notes-updater.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Create gh-aw temp directory
@ -128,7 +128,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -148,7 +148,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -339,7 +339,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -360,7 +360,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -373,7 +373,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
}
},
@ -396,8 +414,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "Release Notes Updater",
experimental: false,
supports_tools_allowlist: true,
@ -415,7 +433,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -900,7 +918,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -999,7 +1017,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1089,7 +1107,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1161,7 +1179,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact

1123
.github/workflows/soundness-bug-detector.lock.yml generated vendored Normal file
View file

File diff suppressed because it is too large Load diff

41
.github/workflows/soundness-bug-detector.md vendored Normal file
View file

@ -0,0 +1,41 @@
---
description: Automatically validate and reproduce reported soundness bugs
on:
issues:
types: [opened, labeled]
schedule: daily
roles: all
permissions: read-all
network: defaults
tools:
cache-memory: true
github:
toolsets: [default]
bash: [":*"]
web-fetch: {}
safe-outputs:
add-comment:
max: 2
create-discussion:
title-prefix: "[Soundness] "
category: "Agentic Workflows"
close-older-discussions: true
missing-tool:
create-issue: true
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v5
---
<!-- Edit the file linked below to modify the agent without recompilation. Feel free to move the entire markdown body to that file. -->
@./agentics/soundness-bug-detector.md

50
.github/workflows/workflow-suggestion-agent.lock.yml generated vendored
View file

@ -13,7 +13,7 @@
# \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \
# \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
#
# This file was automatically generated by gh-aw (v0.37.1). DO NOT EDIT.
# This file was automatically generated by gh-aw (v0.37.2). DO NOT EDIT.
#
# To update this file, edit the corresponding .md file and run:
# gh aw compile
@ -45,7 +45,7 @@ jobs:
comment_repo: ""
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Check workflow file timestamps
@ -82,7 +82,7 @@ jobs:
secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Create gh-aw temp directory
@ -137,7 +137,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -157,7 +157,7 @@ jobs:
const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs');
await determineAutomaticLockdown(github, context, core);
- name: Download container images
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.71 node:lts-alpine
run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/github-mcp-server:v0.29.0 ghcr.io/githubnext/gh-aw-mcpg:v0.0.74 node:lts-alpine
- name: Write Safe Outputs Config
run: |
mkdir -p /opt/gh-aw/safeoutputs
@ -348,7 +348,7 @@ jobs:
# Register API key as secret to mask it from logs
echo "::add-mask::${MCP_GATEWAY_API_KEY}"
export GH_AW_ENGINE="copilot"
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.71'
export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG="*" -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/githubnext/gh-aw-mcpg:v0.0.74'
mkdir -p /home/runner/.copilot
cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh
@ -369,7 +369,7 @@ jobs:
"container": "node:lts-alpine",
"entrypoint": "node",
"entrypointArgs": ["/opt/gh-aw/safeoutputs/mcp-server.cjs"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw"],
"mounts": ["/opt/gh-aw:/opt/gh-aw:ro", "/tmp/gh-aw:/tmp/gh-aw:rw", "${{ github.workspace }}:${{ github.workspace }}:rw"],
"env": {
"GH_AW_MCP_LOG_DIR": "\${GH_AW_MCP_LOG_DIR}",
"GH_AW_SAFE_OUTPUTS": "\${GH_AW_SAFE_OUTPUTS}",
@ -382,7 +382,25 @@ jobs:
"GITHUB_SERVER_URL": "\${GITHUB_SERVER_URL}",
"GITHUB_SHA": "\${GITHUB_SHA}",
"GITHUB_WORKSPACE": "\${GITHUB_WORKSPACE}",
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}"
"DEFAULT_BRANCH": "\${DEFAULT_BRANCH}",
"GITHUB_RUN_ID": "\${GITHUB_RUN_ID}",
"GITHUB_RUN_NUMBER": "\${GITHUB_RUN_NUMBER}",
"GITHUB_RUN_ATTEMPT": "\${GITHUB_RUN_ATTEMPT}",
"GITHUB_JOB": "\${GITHUB_JOB}",
"GITHUB_ACTION": "\${GITHUB_ACTION}",
"GITHUB_EVENT_NAME": "\${GITHUB_EVENT_NAME}",
"GITHUB_EVENT_PATH": "\${GITHUB_EVENT_PATH}",
"GITHUB_ACTOR": "\${GITHUB_ACTOR}",
"GITHUB_ACTOR_ID": "\${GITHUB_ACTOR_ID}",
"GITHUB_TRIGGERING_ACTOR": "\${GITHUB_TRIGGERING_ACTOR}",
"GITHUB_WORKFLOW": "\${GITHUB_WORKFLOW}",
"GITHUB_WORKFLOW_REF": "\${GITHUB_WORKFLOW_REF}",
"GITHUB_WORKFLOW_SHA": "\${GITHUB_WORKFLOW_SHA}",
"GITHUB_REF": "\${GITHUB_REF}",
"GITHUB_REF_NAME": "\${GITHUB_REF_NAME}",
"GITHUB_REF_TYPE": "\${GITHUB_REF_TYPE}",
"GITHUB_HEAD_REF": "\${GITHUB_HEAD_REF}",
"GITHUB_BASE_REF": "\${GITHUB_BASE_REF}"
}
},
"serena": {
@ -413,8 +431,8 @@ jobs:
engine_name: "GitHub Copilot CLI",
model: process.env.GH_AW_MODEL_AGENT_COPILOT || "",
version: "",
agent_version: "0.0.387",
cli_version: "v0.37.1",
agent_version: "0.0.388",
cli_version: "v0.37.2",
workflow_name: "Workflow Suggestion Agent",
experimental: false,
supports_tools_allowlist: true,
@ -432,7 +450,7 @@ jobs:
allowed_domains: [],
firewall_enabled: true,
awf_version: "v0.10.0",
awmg_version: "v0.0.71",
awmg_version: "v0.0.74",
steps: {
firewall: "squid"
},
@ -1110,7 +1128,7 @@ jobs:
total_count: ${{ steps.missing_tool.outputs.total_count }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Debug job inputs
@ -1209,7 +1227,7 @@ jobs:
success: ${{ steps.parse_results.outputs.success }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent artifacts
@ -1299,7 +1317,7 @@ jobs:
# Execute the installer with the specified version
# Pass VERSION directly to sudo to ensure it's available to the installer script
sudo VERSION=0.0.387 bash /tmp/copilot-install.sh
sudo VERSION=0.0.388 bash /tmp/copilot-install.sh
# Cleanup
rm -f /tmp/copilot-install.sh
@ -1371,7 +1389,7 @@ jobs:
process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download agent output artifact
@ -1408,7 +1426,7 @@ jobs:
permissions: {}
steps:
- name: Setup Scripts
uses: githubnext/gh-aw/actions/setup@v0.37.1
uses: githubnext/gh-aw/actions/setup@v0.37.2
with:
destination: /opt/gh-aw/actions
- name: Download cache-memory artifact (default)