fix: resolve 8 issues found in Codex run log audit#1480
Merged
Conversation
Essential fixes: - Reporter sparse-checkout: add .github/actions to checkout so setup-api-client action is available (was failing 100% on Workflows repo) - Belt Worker: re-install API client after branch checkout wipes node_modules (was causing @octokit/rest import failures and degraded token rotation) High-value fixes: - LLM analysis outputs: use print(..., end='') to strip trailing newlines from python extraction (confidence values had '\n' suffix e.g. '0.63\n') - Repo variables fetch: downgrade from core.info to core.debug since the token permission limitation is known and the fallback to defaults works correctly Medium fixes: - Health 75 API Rate Diagnostic: pass secrets to 4 setup-api-client calls that were missing the input, causing 'No tokens were exported' warnings - datetime.utcnow(): replace deprecated calls with timezone-aware alternative in both Belt Worker ledger functions Low-salience fixes: - error_classifier: gate entry log behind RUNNER_DEBUG to reduce log noise - Non-artifact commit warning: downgrade from warning to notice since it is expected behavior when Codex produces only workflow artifacts
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
Contributor
Automated Status SummaryHead SHA: 941cfde
Coverage Overview
Coverage Trend
Top Coverage Hotspots (lowest coverage)
Updated automatically; will refresh on subsequent CI/Docker completions. Keepalive checklistScope
Tasks
Acceptance criteria
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b8121fffd3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Contributor
🤖 Keepalive Loop StatusPR #1480 | Agent: Codex | Iteration 0/5 Current State
🔍 Failure Classification| Error type | infrastructure | |
Contributor
There was a problem hiding this comment.
Pull request overview
Addresses multiple reliability and log-noise issues found during a Codex run log audit, primarily by ensuring required local actions/dependencies are available after checkouts and by tightening signal-to-noise in keepalive/Codex workflows.
Changes:
- Fix missing local action availability and dependency loss across checkouts (Reporter sparse-checkout; Belt Worker re-install of API client).
- Improve downstream data correctness and monitoring reliability (LLM analysis output formatting; Health 75 secrets passed to setup action; Python UTC deprecation fix).
- Reduce expected/benign log noise (repo variables fetch message level; error classifier debug gating; warning→notice for “artifact-only” changes).
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/agents-keepalive-loop-reporter.yml |
Adds .github/actions to sparse-checkout so setup-api-client can be found. |
.github/workflows/agents-72-codex-belt-worker.yml |
Re-installs API client after branch checkout; replaces utcnow() usage in embedded Python ledger logic. |
.github/workflows/reusable-codex-run.yml |
Removes trailing newlines from extracted LLM analysis fields; downgrades “no non-artifact changes” to notice. |
.github/workflows/health-75-api-rate-diagnostic.yml |
Passes secrets + github_token inputs into setup-api-client in multiple jobs/locations. |
.github/scripts/keepalive_loop.js |
Downgrades repo variables fetch failure logging to core.debug. |
.github/scripts/error_classifier.js |
Gates classifier console logging behind RUNNER_DEBUG. |
templates/consumer-repo/.github/workflows/agents-72-codex-belt-worker.yml |
Mirrors Belt Worker reinstall + UTC fix for consumer template. |
templates/consumer-repo/.github/scripts/keepalive_loop.js |
Mirrors repo variables fetch logging downgrade for consumer template. |
templates/consumer-repo/.github/scripts/error_classifier.js |
Mirrors RUNNER_DEBUG gating for consumer template. |
Comment on lines
+594
to
+599
| - name: Re-install API client after branch checkout | ||
| if: ${{ steps.parallel.outputs.allowed == 'true' && (inputs.keepalive != true || steps.keepalive_gate.outputs.action != 'skip') }} | ||
| uses: ./.github/actions/setup-api-client | ||
| with: | ||
| secrets: ${{ toJSON(secrets) }} | ||
| github_token: ${{ github.token }} |
There was a problem hiding this comment.
setup-api-client sets GITHUB_TOKEN/GH_TOKEN based on the github_token input. Passing ${{ github.token }} here can override the earlier belt token selection (GH_BELT_TOKEN from the App/PAT) and reduce the effectiveness of the token load balancer. Consider passing ${{ env.GH_BELT_TOKEN || github.token }} to keep the exported default token aligned with the belt token.
templates/consumer-repo/.github/workflows/agents-72-codex-belt-worker.yml
Show resolved
Hide resolved
1. Use .belt-tools action path instead of ./ for setup-api-client after branch checkout, so the action runs from trusted Workflows code rather than the untrusted issue branch (security fix). 2. Pass GH_BELT_TOKEN || github.token as github_token input to preserve the belt token selection instead of overriding GITHUB_TOKEN/GH_TOKEN with the default workflow token.
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
…eshold Two independent fixes for broken automation flows: 1. capability_check.py: The bare \bsecrets?\b regex matched negative mentions like 'no secrets' in issue constraint text, causing _requires_admin_access() to return true and the fallback classifier to BLOCK tasks that merely *describe* a no-secrets constraint. Replace with specific verb+secrets patterns (manage/configure/set/ create/update/delete/add/modify/rotate secrets). Root cause of PAEM #1403 false-positive BLOCKED. 2. verdict_policy.py: CONCERNS_NEEDS_HUMAN_THRESHOLD lowered from 0.85 to 0.50. The old threshold meant any split verdict (PASS + CONCERNS) with <85% confidence on the concerns side triggered needs_human, blocking automatic follow-up issue creation. A 72% confidence concerns verdict (TMP #4894) is well above chance and should produce a follow-up rather than require manual triage. Both template and main copies updated; new regression tests added.
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
stranske
temporarily deployed
to
agent-high-privilege
GitHub Actions
Inactive
stranske
temporarily deployed
to
agent-standard
GitHub Actions
Inactive
stranske
temporarily deployed
to
agent-standard
GitHub Actions
Inactive
github-actions
bot
added
the
autofix
agents-workflows-bot
bot
temporarily deployed
to
agent-high-privilege
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated Status Summary
Scope
scripts/validate_fast.shcontains 12 TODO Phase 4 markers referencing Trend_Model_Project-specific features (SRC_FILES detection, autofix tests, coverage requirements) that are not applicable to this workflow repository. These dead code paths and stale references cause confusion and add maintenance burden.Tasks
src/directory patterns not present in this repo.scripts/and.github/instead ofsrc/ tests/.Acceptance criteria
grep -c "TODO Phase" scripts/validate_fast.shreturns 0.bash scripts/validate_fast.sh --helpworks.src/directory or Trend_Model_Project-specific patterns remain.Head SHA: 8499bfa
Latest Runs: ✅ success — Gate
Required: gate: ✅ success