diff --git a/.github/workflows/agents-71-codex-belt-dispatcher.yml b/.github/workflows/agents-71-codex-belt-dispatcher.yml index 5da883a3..c4520f0e 100644 --- a/.github/workflows/agents-71-codex-belt-dispatcher.yml +++ b/.github/workflows/agents-71-codex-belt-dispatcher.yml @@ -92,7 +92,7 @@ jobs: - name: Mint GitHub App token (preferred) id: app_token if: ${{ env.WORKFLOWS_APP_ID != '' && env.WORKFLOWS_APP_PRIVATE_KEY != '' }} - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 with: app-id: ${{ env.WORKFLOWS_APP_ID }} private-key: ${{ env.WORKFLOWS_APP_PRIVATE_KEY }} diff --git a/.github/workflows/agents-72-codex-belt-worker.yml b/.github/workflows/agents-72-codex-belt-worker.yml index 190a792b..3e6dc0e9 100644 --- a/.github/workflows/agents-72-codex-belt-worker.yml +++ b/.github/workflows/agents-72-codex-belt-worker.yml @@ -122,7 +122,7 @@ jobs: - name: Mint GitHub App token (preferred) id: app_token if: ${{ env.WORKFLOWS_APP_ID != '' && env.WORKFLOWS_APP_PRIVATE_KEY != '' }} - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 with: app-id: ${{ env.WORKFLOWS_APP_ID }} private-key: ${{ env.WORKFLOWS_APP_PRIVATE_KEY }} diff --git a/.github/workflows/agents-73-codex-belt-conveyor.yml b/.github/workflows/agents-73-codex-belt-conveyor.yml index b2b2e1cd..ab3bbc7a 100644 --- a/.github/workflows/agents-73-codex-belt-conveyor.yml +++ b/.github/workflows/agents-73-codex-belt-conveyor.yml @@ -95,7 +95,7 @@ jobs: - name: Mint GitHub App token (preferred) id: app_token if: ${{ env.WORKFLOWS_APP_ID != '' && env.WORKFLOWS_APP_PRIVATE_KEY != '' }} - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 with: app-id: ${{ env.WORKFLOWS_APP_ID }} private-key: ${{ env.WORKFLOWS_APP_PRIVATE_KEY }} diff --git a/.github/workflows/agents-auto-pilot.yml b/.github/workflows/agents-auto-pilot.yml index 52f3b8ce..c6ca1e31 100644 --- a/.github/workflows/agents-auto-pilot.yml +++ b/.github/workflows/agents-auto-pilot.yml @@ -102,7 +102,7 @@ jobs: # Mint GitHub App token early to use for API calls (avoids rate limits) - name: Mint GitHub App Token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} @@ -150,7 +150,7 @@ jobs: - name: Set up Node if: steps.check_enabled.outputs.enabled == 'true' - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: node-version: '20' @@ -229,7 +229,7 @@ jobs: - name: Cache pip (LLM requirements) if: steps.check_enabled.outputs.enabled == 'true' - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: | ~/.cache/pip diff --git a/.github/workflows/agents-autofix-dispatcher.yml b/.github/workflows/agents-autofix-dispatcher.yml index 4600a0bc..d0f2f573 100644 --- a/.github/workflows/agents-autofix-dispatcher.yml +++ b/.github/workflows/agents-autofix-dispatcher.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Mint GitHub App token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} diff --git a/.github/workflows/agents-autofix-loop.yml b/.github/workflows/agents-autofix-loop.yml index 392a4d05..eba69d22 100644 --- a/.github/workflows/agents-autofix-loop.yml +++ b/.github/workflows/agents-autofix-loop.yml @@ -65,7 +65,7 @@ jobs: # Mint GitHub App token early to use for API calls (avoids rate limits) - name: Mint GitHub App Token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} @@ -648,7 +648,7 @@ jobs: # Mint GitHub App token early to use for API calls (avoids rate limits) - name: Mint GitHub App Token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} @@ -737,7 +737,7 @@ jobs: # Mint GitHub App token early to use for API calls (avoids rate limits) - name: Mint GitHub App Token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} diff --git a/.github/workflows/agents-guard.yml b/.github/workflows/agents-guard.yml index cc87e209..34c7a631 100644 --- a/.github/workflows/agents-guard.yml +++ b/.github/workflows/agents-guard.yml @@ -33,7 +33,7 @@ jobs: # Mint GitHub App token early to use for API calls (avoids rate limits) - name: Mint GitHub App Token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} diff --git a/.github/workflows/agents-issue-optimizer.yml b/.github/workflows/agents-issue-optimizer.yml index e9f368a8..cb3e32a5 100644 --- a/.github/workflows/agents-issue-optimizer.yml +++ b/.github/workflows/agents-issue-optimizer.yml @@ -93,7 +93,7 @@ jobs: id: app_token if: steps.check.outputs.should_run == 'true' continue-on-error: true - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 with: app-id: ${{ secrets.WORKFLOWS_APP_ID }} private-key: ${{ secrets.WORKFLOWS_APP_PRIVATE_KEY }} diff --git a/.github/workflows/agents-keepalive-loop.yml b/.github/workflows/agents-keepalive-loop.yml index 96196977..15ec9593 100644 --- a/.github/workflows/agents-keepalive-loop.yml +++ b/.github/workflows/agents-keepalive-loop.yml @@ -74,7 +74,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: node-version: 20 @@ -492,7 +492,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: node-version: 20 @@ -614,7 +614,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: node-version: 20 @@ -1132,7 +1132,7 @@ jobs: steps.update-summary.outputs.rate_limit_hit == 'true' && env.KEEPALIVE_APP_ID != '' && env.KEEPALIVE_APP_PRIVATE_KEY != '' - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true env: KEEPALIVE_APP_ID: ${{ secrets.KEEPALIVE_APP_ID }} diff --git a/.github/workflows/agents-weekly-metrics.yml b/.github/workflows/agents-weekly-metrics.yml index 5a2a366d..3a0a9e0d 100644 --- a/.github/workflows/agents-weekly-metrics.yml +++ b/.github/workflows/agents-weekly-metrics.yml @@ -19,7 +19,7 @@ jobs: # Mint GitHub App token early to use for API calls (avoids rate limits) - name: Mint GitHub App Token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} diff --git a/.github/workflows/maint-76-claude-code-review.yml b/.github/workflows/maint-76-claude-code-review.yml index 60420cf7..4b63894f 100644 --- a/.github/workflows/maint-76-claude-code-review.yml +++ b/.github/workflows/maint-76-claude-code-review.yml @@ -188,7 +188,7 @@ jobs: - name: Run Claude Code Review id: claude continue-on-error: true - uses: anthropics/claude-code-action@ff9acae5886d41a99ed4ec14b7dc147d55834722 + uses: anthropics/claude-code-action@220272d38887a1caed373da96a9ffdb0919c26cc with: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} allowed_bots: '*' diff --git a/.github/workflows/maint-coverage-guard.yml b/.github/workflows/maint-coverage-guard.yml index 526d3463..04413ce9 100644 --- a/.github/workflows/maint-coverage-guard.yml +++ b/.github/workflows/maint-coverage-guard.yml @@ -26,7 +26,7 @@ jobs: # Mint GitHub App token early to use for API calls (avoids rate limits) - name: Mint GitHub App Token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} @@ -108,7 +108,7 @@ jobs: # Mint GitHub App token early to use for API calls (avoids rate limits) - name: Mint GitHub App Token id: app_token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 continue-on-error: true with: app-id: ${{ secrets.WORKFLOWS_APP_ID || '0' }} @@ -186,7 +186,7 @@ jobs: - name: Download coverage trend artifact if: ${{ steps.discover.outputs.run_id }} - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8 continue-on-error: true with: name: gate-coverage-trend @@ -196,7 +196,7 @@ jobs: - name: Download coverage payload artifact if: ${{ steps.discover.outputs.run_id }} - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8 continue-on-error: true with: name: gate-coverage diff --git a/.github/workflows/reusable-pr-context.yml b/.github/workflows/reusable-pr-context.yml index 6d0a0288..90a5d9be 100644 --- a/.github/workflows/reusable-pr-context.yml +++ b/.github/workflows/reusable-pr-context.yml @@ -145,7 +145,7 @@ jobs: id: app_token # Use continue-on-error to handle missing secrets gracefully continue-on-error: true - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 with: app-id: ${{ secrets.WORKFLOWS_APP_ID }} private-key: ${{ secrets.WORKFLOWS_APP_PRIVATE_KEY }} diff --git a/tools/langchain_client.py b/tools/langchain_client.py index 39e68ad5..c80d31d9 100644 --- a/tools/langchain_client.py +++ b/tools/langchain_client.py @@ -13,7 +13,6 @@ import os from dataclasses import dataclass from pathlib import Path -from typing import Any, cast from tools.llm_provider import DEFAULT_MODEL, GITHUB_MODELS_BASE_URL @@ -34,14 +33,6 @@ DEFAULT_SLOT_CONFIG_PATH = Path(__file__).resolve().parent.parent / "config" / "llm_slots.json" -def _load_chat_anthropic() -> type[Any] | None: - try: - from langchain_anthropic import ChatAnthropic - except ImportError: - return None - return cast(type[Any], ChatAnthropic) - - def _env_int(name: str, default: int) -> int: value = os.environ.get(name) if not value: @@ -225,7 +216,10 @@ def build_chat_client( except ImportError: return None - chat_anthropic = _load_chat_anthropic() + try: + from langchain_anthropic import ChatAnthropic + except ImportError: + ChatAnthropic = None # noqa: N806 github_token = os.environ.get("GITHUB_TOKEN") openai_token = os.environ.get("OPENAI_API_KEY") @@ -272,11 +266,11 @@ def build_chat_client( return None if selected_provider == PROVIDER_ANTHROPIC: - if not anthropic_token or chat_anthropic is None: + if not anthropic_token or not ChatAnthropic: return None try: client = _build_anthropic_client( - chat_anthropic, + ChatAnthropic, model=selected_model, token=anthropic_token, timeout=selected_timeout, @@ -303,10 +297,10 @@ def build_chat_client( ) used_override = True return ClientInfo(client=client, provider=PROVIDER_OPENAI, model=slot_model) - if slot.provider == PROVIDER_ANTHROPIC and anthropic_token and chat_anthropic is not None: + if slot.provider == PROVIDER_ANTHROPIC and anthropic_token and ChatAnthropic: with contextlib.suppress(Exception): client = _build_anthropic_client( - chat_anthropic, + ChatAnthropic, model=slot_model, token=anthropic_token, timeout=selected_timeout, @@ -342,7 +336,10 @@ def build_chat_clients( except ImportError: return [] - chat_anthropic = _load_chat_anthropic() + try: + from langchain_anthropic import ChatAnthropic + except ImportError: + ChatAnthropic = None # noqa: N806 github_token = os.environ.get("GITHUB_TOKEN") openai_token = os.environ.get("OPENAI_API_KEY") @@ -423,16 +420,12 @@ def build_chat_clients( model=second_model, ) ) - elif ( - selected_provider == PROVIDER_ANTHROPIC - and anthropic_token - and chat_anthropic is not None - ): + elif selected_provider == PROVIDER_ANTHROPIC and anthropic_token and ChatAnthropic: with contextlib.suppress(Exception): clients.append( ClientInfo( client=_build_anthropic_client( - chat_anthropic, + ChatAnthropic, model=first_model, token=anthropic_token, timeout=selected_timeout, @@ -447,7 +440,7 @@ def build_chat_clients( clients.append( ClientInfo( client=_build_anthropic_client( - chat_anthropic, + ChatAnthropic, model=second_model, token=anthropic_token, timeout=selected_timeout, @@ -466,9 +459,7 @@ def build_chat_clients( if any( ( slot.provider == PROVIDER_OPENAI and openai_token, - slot.provider == PROVIDER_ANTHROPIC - and anthropic_token - and chat_anthropic is not None, + slot.provider == PROVIDER_ANTHROPIC and anthropic_token and ChatAnthropic, slot.provider == PROVIDER_GITHUB and github_token, ) ): @@ -497,12 +488,12 @@ def build_chat_clients( model=slot_model, ) ) - if slot.provider == PROVIDER_ANTHROPIC and anthropic_token and chat_anthropic is not None: + if slot.provider == PROVIDER_ANTHROPIC and anthropic_token and ChatAnthropic: with contextlib.suppress(Exception): clients.append( ClientInfo( client=_build_anthropic_client( - chat_anthropic, + ChatAnthropic, model=slot_model, token=anthropic_token, timeout=selected_timeout, diff --git a/tools/requirements-llm.txt b/tools/requirements-llm.txt index 2a49e820..466652a5 100644 --- a/tools/requirements-llm.txt +++ b/tools/requirements-llm.txt @@ -5,10 +5,10 @@ # workflow automation can upgrade independently; no consumer dependency # change is required when bumping this file. # - Use strict X.Y.Z pins to keep workflow installs reproducible. -langchain==1.2.13 +langchain==1.2.10 langchain-core==1.2.20 langchain-community==0.4.1 -langchain-openai==1.1.11 -langchain-anthropic==1.4.0 +langchain-openai==1.1.10 +langchain-anthropic==1.3.4 pydantic==2.12.5 requests==2.32.5