diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index 843f8cd86f4..e11ae1cb286 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -55,7 +55,7 @@ name: "Agent Performance Analyzer - Meta-Orchestrator" "on": schedule: - - cron: "21 7 * * *" + - cron: "36 12 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index fc0930a9181..25e84743949 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -57,7 +57,7 @@ name: "Agent Persona Explorer" "on": schedule: - - cron: "40 20 * * *" + - cron: "25 15 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/api-consumption-report.lock.yml b/.github/workflows/api-consumption-report.lock.yml index 36d1c3b7d81..fd4a4d893e6 100644 --- a/.github/workflows/api-consumption-report.lock.yml +++ b/.github/workflows/api-consumption-report.lock.yml @@ -66,7 +66,7 @@ name: "GitHub API Consumption Report Agent" "on": schedule: - - cron: "39 18 * * *" + - cron: "41 10 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 354133042c9..35777d6a315 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -67,7 +67,7 @@ name: "Agentic Workflow Audit Agent" "on": schedule: - - cron: "54 13 * * *" + - cron: "6 21 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index b535df48dc8..156079d2ebf 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -60,7 +60,7 @@ name: "Claude Code User Documentation Review" "on": schedule: - - cron: "51 16 * * *" + - cron: "19 12 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index fe0fe399b68..baf80248941 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -55,7 +55,7 @@ name: "CLI Version Checker" "on": schedule: - - cron: "17 8 * * *" + - cron: "23 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index b7fbdcbc643..f30f874b1c5 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -55,7 +55,7 @@ name: "Code Simplifier" "on": schedule: - - cron: "18 23 * * *" + - cron: "11 3 * * *" # Friendly format: daily (scattered) # skip-if-match: is:pr is:open in:title "[code-simplifier]" # Skip-if-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml index 2b0e6413fd5..83d40aef819 100644 --- a/.github/workflows/constraint-solving-potd.lock.yml +++ b/.github/workflows/constraint-solving-potd.lock.yml @@ -49,7 +49,7 @@ name: "Constraint Solving — Problem of the Day" "on": schedule: - - cron: "26 7 * * *" + - cron: "23 11 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index c52e14453c7..a903543fbae 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -63,7 +63,7 @@ name: "Copilot Agent PR Analysis" "on": schedule: - - cron: "23 15 * * *" + - cron: "7 18 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 202df0b8fc7..8f4ad43c268 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -52,7 +52,7 @@ name: "Copilot CLI Deep Research Agent" "on": schedule: - - cron: "48 11 * * *" + - cron: "38 3 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/copilot-opt.lock.yml b/.github/workflows/copilot-opt.lock.yml index 8fc0af9b6b5..d5e2deda895 100644 --- a/.github/workflows/copilot-opt.lock.yml +++ b/.github/workflows/copilot-opt.lock.yml @@ -58,7 +58,7 @@ name: "Copilot Opt" "on": schedule: - - cron: "24 20 * * 1" + - cron: "40 17 * * 1" # Friendly format: weekly on monday (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 8d08d0de2bd..a15ef6fd95a 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -62,7 +62,7 @@ name: "Copilot PR Prompt Pattern Analysis" "on": schedule: - - cron: "25 21 * * *" + - cron: "35 20 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index 18f02879b36..3a644e8ead7 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -67,7 +67,7 @@ name: "Copilot Session Insights" "on": schedule: - - cron: "31 17 * * *" + - cron: "36 6 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index dcc96654357..84be6c79fb8 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -53,7 +53,7 @@ name: "Auto-Assign Issue" "on": schedule: - - cron: "13 16 * * *" + - cron: "49 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml b/.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml index 2e46dad43ef..e189915e523 100644 --- a/.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml +++ b/.github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml @@ -56,7 +56,7 @@ name: "Daily AstroStyleLite Markdown Spellcheck" "on": schedule: - - cron: "23 8 * * *" + - cron: "9 3 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-aw-cross-repo-compile-check.lock.yml b/.github/workflows/daily-aw-cross-repo-compile-check.lock.yml index 41b5959613c..55807cd2f98 100644 --- a/.github/workflows/daily-aw-cross-repo-compile-check.lock.yml +++ b/.github/workflows/daily-aw-cross-repo-compile-check.lock.yml @@ -59,7 +59,7 @@ name: "Daily AW Cross-Repo Compile Check" "on": schedule: - - cron: "37 6 * * 1-5" + - cron: "38 8 * * 1-5" # Friendly format: daily on weekdays (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-cache-strategy-analyzer.lock.yml b/.github/workflows/daily-cache-strategy-analyzer.lock.yml index e5b6d7ff0a4..79ca265b1e0 100644 --- a/.github/workflows/daily-cache-strategy-analyzer.lock.yml +++ b/.github/workflows/daily-cache-strategy-analyzer.lock.yml @@ -64,7 +64,7 @@ name: "Daily Cache Strategy Analyzer" "on": schedule: - - cron: "7 4 * * *" + - cron: "20 18 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: @@ -1386,18 +1386,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.3' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_d909b97382fe376a_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_9195d05efddf6213_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_d909b97382fe376a_EOF + GH_AW_MCP_CONFIG_9195d05efddf6213_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_b66efea38e1e6c83_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_cde31877677cbb43_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1408,11 +1408,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_b66efea38e1e6c83_EOF + GH_AW_MCP_CONFIG_cde31877677cbb43_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_a2114c82eda890f5_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_0bf72fe92fdefdf5_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1422,7 +1422,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_a2114c82eda890f5_EOF + GH_AW_CODEX_SHELL_POLICY_0bf72fe92fdefdf5_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } diff --git a/.github/workflows/daily-caveman-optimizer.lock.yml b/.github/workflows/daily-caveman-optimizer.lock.yml index a8de0f469ea..ca4ba34a329 100644 --- a/.github/workflows/daily-caveman-optimizer.lock.yml +++ b/.github/workflows/daily-caveman-optimizer.lock.yml @@ -59,7 +59,7 @@ name: "Daily Caveman Optimizer" "on": schedule: - - cron: "45 8 * * *" + - cron: "39 20 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 40eab683de7..280b4b1503e 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -60,7 +60,7 @@ name: "Daily CLI Performance Agent" # permissions: # Permissions applied to pre-activation job # contents: read schedule: - - cron: "15 23 * * *" + - cron: "49 14 * * *" # Friendly format: daily (scattered) # steps: # Steps injected into pre-activation job # - id: changes diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index af625bc1000..d98dc58e4a6 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -60,7 +60,7 @@ name: "Daily CLI Tools Exploratory Tester" "on": schedule: - - cron: "54 19 * * *" + - cron: "8 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index a2031997bec..21890482399 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -62,7 +62,7 @@ name: "Daily Code Metrics and Trend Tracking Agent" "on": schedule: - - cron: "39 19 * * *" + - cron: "21 18 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-community-attribution.lock.yml b/.github/workflows/daily-community-attribution.lock.yml index f23d23c6140..32bfd9e75b0 100644 --- a/.github/workflows/daily-community-attribution.lock.yml +++ b/.github/workflows/daily-community-attribution.lock.yml @@ -57,7 +57,7 @@ name: "Daily Community Attribution Updater" "on": schedule: - - cron: "5 10 * * *" + - cron: "20 2 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index 5b7a756cc9c..9a375625a93 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -63,7 +63,7 @@ name: "Daily Compiler Quality Check" "on": schedule: - - cron: "15 13 * * *" + - cron: "25 2 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index a49bfa24eb2..c2ced5a7716 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -62,7 +62,7 @@ name: "Daily Documentation Healer" "on": schedule: - - cron: "26 19 * * *" + - cron: "39 23 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index 9337ef71f3b..e0176d5fda1 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -1,4 +1,4 @@ -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9b70ebf565edbfdab8c4383a410438a62b0682712b9c8384f6a7e4a5151ce773","strict":true,"agent_id":"codex","agent_model":"gpt-5.4-mini"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8f32bb64db41f17a4afc61218164172ce0cb16f27120774267b41dd2e84d67b1","strict":true,"agent_id":"codex","agent_model":"gpt-5.4-mini"} # gh-aw-manifest: {"version":1,"secrets":["CODEX_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_ENDPOINT","GH_AW_OTEL_HEADERS","GITHUB_TOKEN","OPENAI_API_KEY"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"de0fac2e4500dabe0009e67214ff5f5447ce83dd","version":"v6.0.2"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"373c709c69115d41ff229c7e5df9f8788daa9553","version":"v9"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/setup-python","sha":"a309ff8b426b58ec0e2a45f0f869d46889d02405","version":"v6.2.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.25.29","digest":"sha256:e68f37e36962dcb3f3d1de680a49bc2302cefd001b941a7dc377155ec7ce42f4","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.25.29@sha256:e68f37e36962dcb3f3d1de680a49bc2302cefd001b941a7dc377155ec7ce42f4"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.29","digest":"sha256:d1219e4110684402aabbeb5a43858f26790c9d0be210581cf3f7a521bd2c87b6","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.25.29@sha256:d1219e4110684402aabbeb5a43858f26790c9d0be210581cf3f7a521bd2c87b6"},{"image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.29","digest":"sha256:29917488eb90a01ff9544ffeeb5cc26434a8ea16d69ae8972f5f6be0e567e276","pinned_image":"ghcr.io/github/gh-aw-firewall/cli-proxy:0.25.29@sha256:29917488eb90a01ff9544ffeeb5cc26434a8ea16d69ae8972f5f6be0e567e276"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.25.29","digest":"sha256:8a71ad9e40454051672312917e51567abfb8251d7c294d086c48f63d84e4cb53","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.25.29@sha256:8a71ad9e40454051672312917e51567abfb8251d7c294d086c48f63d84e4cb53"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.3"},{"image":"ghcr.io/github/github-mcp-server:v1.0.3","digest":"sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959","pinned_image":"ghcr.io/github/github-mcp-server:v1.0.3@sha256:2ac27ef03461ef2b877031b838a7d1fd7f12b12d4ace7796d8cad91446d55959"},{"image":"node:lts-alpine","digest":"sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f","pinned_image":"node:lts-alpine@sha256:d1b3b4da11eefd5941e7f0b9cf17783fc99d9c6fc34884a665f40a06dbdfc94f"}]} # ___ _ _ # / _ \ | | (_) @@ -62,8 +62,8 @@ name: "Daily Fact About gh-aw" "on": schedule: - - cron: "6 11 * * 1-5" - # Friendly format: daily around 11:00 on weekdays (scattered) + - cron: "6 14 * * 1-5" + # Friendly format: daily around 14:00 on weekdays (scattered) workflow_dispatch: inputs: aw_context: @@ -195,21 +195,21 @@ jobs: run: | bash "${RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh" { - cat << 'GH_AW_PROMPT_7fa046b93cc136b2_EOF' + cat << 'GH_AW_PROMPT_213e63a3e34031ec_EOF' - GH_AW_PROMPT_7fa046b93cc136b2_EOF + GH_AW_PROMPT_213e63a3e34031ec_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/xpia.md" cat "${RUNNER_TEMP}/gh-aw/prompts/temp_folder_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/markdown.md" cat "${RUNNER_TEMP}/gh-aw/prompts/cache_memory_prompt.md" cat "${RUNNER_TEMP}/gh-aw/prompts/safe_outputs_prompt.md" - cat << 'GH_AW_PROMPT_7fa046b93cc136b2_EOF' + cat << 'GH_AW_PROMPT_213e63a3e34031ec_EOF' Tools: add_comment, missing_tool, missing_data, noop - GH_AW_PROMPT_7fa046b93cc136b2_EOF + GH_AW_PROMPT_213e63a3e34031ec_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/mcp_cli_tools_prompt.md" - cat << 'GH_AW_PROMPT_7fa046b93cc136b2_EOF' + cat << 'GH_AW_PROMPT_213e63a3e34031ec_EOF' The following GitHub context information is available for this workflow: {{#if __GH_AW_GITHUB_ACTOR__ }} @@ -238,9 +238,9 @@ jobs: {{/if}} - GH_AW_PROMPT_7fa046b93cc136b2_EOF + GH_AW_PROMPT_213e63a3e34031ec_EOF cat "${RUNNER_TEMP}/gh-aw/prompts/cli_proxy_with_safeoutputs_prompt.md" - cat << 'GH_AW_PROMPT_7fa046b93cc136b2_EOF' + cat << 'GH_AW_PROMPT_213e63a3e34031ec_EOF' @@ -339,7 +339,7 @@ jobs: {{#runtime-import shared/noop-reminder.md}} - GH_AW_PROMPT_7fa046b93cc136b2_EOF + GH_AW_PROMPT_213e63a3e34031ec_EOF } > "$GH_AW_PROMPT" - name: Interpolate variables and render templates uses: actions/github-script@373c709c69115d41ff229c7e5df9f8788daa9553 # v9 @@ -571,9 +571,9 @@ jobs: mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs" mkdir -p /tmp/gh-aw/safeoutputs mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs - cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_c51d12fb09fbf47b_EOF' + cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_0cd5fb2f8f1b7588_EOF' {"add_comment":{"max":1,"target":"4750"},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}} - GH_AW_SAFE_OUTPUTS_CONFIG_c51d12fb09fbf47b_EOF + GH_AW_SAFE_OUTPUTS_CONFIG_0cd5fb2f8f1b7588_EOF - name: Write Safe Outputs Tools env: GH_AW_TOOLS_META_JSON: | @@ -759,7 +759,7 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e GITHUB_AW_OTEL_TRACE_ID -e GITHUB_AW_OTEL_PARENT_SPAN_ID -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.3' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_34a310423ceced33_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_6886c41654776722_EOF [history] persistence = "none" @@ -786,11 +786,11 @@ jobs: [mcp_servers.safeoutputs."guard-policies".write-sink] accept = ["*"] - GH_AW_MCP_CONFIG_34a310423ceced33_EOF + GH_AW_MCP_CONFIG_6886c41654776722_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_34a310423ceced33_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_6886c41654776722_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { "mempalace": { @@ -853,11 +853,11 @@ jobs: } } } - GH_AW_MCP_CONFIG_34a310423ceced33_EOF + GH_AW_MCP_CONFIG_6886c41654776722_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_38868e5be4cd93e7_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_5e630c0afa0028dd_EOF model_provider = "openai-proxy" @@ -869,7 +869,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "GH_AW_ASSETS_ALLOWED_EXTS", "GH_AW_ASSETS_BRANCH", "GH_AW_ASSETS_MAX_SIZE_KB", "GH_AW_SAFE_OUTPUTS", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_38868e5be4cd93e7_EOF + GH_AW_CODEX_SHELL_POLICY_5e630c0afa0028dd_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } @@ -1398,18 +1398,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.3' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_852f81389cc042d7_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_fe83e48e11860926_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_852f81389cc042d7_EOF + GH_AW_MCP_CONFIG_fe83e48e11860926_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_530e4eb6e34a1ce5_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_1048d3e8f2d4fcf4_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1420,11 +1420,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_530e4eb6e34a1ce5_EOF + GH_AW_MCP_CONFIG_1048d3e8f2d4fcf4_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_6ab32df239b5786e_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_74a0986fa7996d59_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1434,7 +1434,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_6ab32df239b5786e_EOF + GH_AW_CODEX_SHELL_POLICY_74a0986fa7996d59_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } diff --git a/.github/workflows/daily-fact.md b/.github/workflows/daily-fact.md index fc912388865..6b695a97190 100644 --- a/.github/workflows/daily-fact.md +++ b/.github/workflows/daily-fact.md @@ -2,7 +2,7 @@ description: Posts a daily poetic verse about the gh-aw project to a discussion thread on: schedule: - - cron: "daily around 11:00 on weekdays" # ~11 AM UTC, weekdays only + - cron: "daily around 14:00 on weekdays" # ~2 PM UTC, weekdays only workflow_dispatch: permissions: contents: read diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index 89f3f094478..efc8b5b7818 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -65,7 +65,7 @@ name: "Daily Firewall Logs Collector and Reporter" "on": schedule: - - cron: "43 21 * * *" + - cron: "7 2 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index 94d1b89d554..15f2a0931d4 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -63,7 +63,7 @@ name: "Daily Go Function Namer" "on": schedule: - - cron: "18 14 * * *" + - cron: "36 11 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 5f488234e54..509625aaea1 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -67,7 +67,7 @@ name: "Daily Issues Report Generator" "on": schedule: - - cron: "51 11 * * *" + - cron: "24 14 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 4348ffce8f7..dde0f923166 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -57,7 +57,7 @@ name: "Daily Malicious Code Scan Agent" "on": schedule: - - cron: "40 19 * * *" + - cron: "22 13 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 2fa43814048..a93e214aad2 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -59,7 +59,7 @@ name: "Multi-Device Docs Tester" "on": schedule: - - cron: "38 16 * * *" + - cron: "26 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 97f5c100a33..98b94224c3a 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -62,7 +62,7 @@ name: "Daily Observability Report for AWF Firewall and MCP Gateway" "on": schedule: - - cron: "14 22 * * *" + - cron: "40 23 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: @@ -1309,18 +1309,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.3' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_e4a89c86dc0ea8d9_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_b0dfc115c1089474_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_e4a89c86dc0ea8d9_EOF + GH_AW_MCP_CONFIG_b0dfc115c1089474_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_32658a6364839bca_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_2fe2e8be725e8e60_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1331,11 +1331,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_32658a6364839bca_EOF + GH_AW_MCP_CONFIG_2fe2e8be725e8e60_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_e75fe7f089973ae2_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_b74d59a8c5cfe4e6_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1345,7 +1345,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_e75fe7f089973ae2_EOF + GH_AW_CODEX_SHELL_POLICY_b74d59a8c5cfe4e6_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } diff --git a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml index dfe07af4a37..4587bf68478 100644 --- a/.github/workflows/daily-otel-instrumentation-advisor.lock.yml +++ b/.github/workflows/daily-otel-instrumentation-advisor.lock.yml @@ -59,7 +59,7 @@ name: "Daily OTel Instrumentation Advisor" "on": schedule: - - cron: "8 18 * * *" + - cron: "5 9 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index 882a0633f15..93c70b75922 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -64,7 +64,7 @@ name: "Daily Project Performance Summary Generator (Using MCP Scripts)" "on": schedule: - - cron: "53 19 * * *" + - cron: "40 20 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index af2567d3e3c..cf2e1d11cdd 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -58,7 +58,7 @@ name: "Daily Regulatory Report Generator" "on": schedule: - - cron: "10 14 * * *" + - cron: "9 21 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index 85a66271c95..28fcd8f610d 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -66,7 +66,7 @@ name: "Daily Rendering Scripts Verifier" "on": schedule: - - cron: "12 15 * * *" + - cron: "36 7 * * *" # Friendly format: daily (scattered) # skip-if-match: is:pr is:open in:title "[rendering-scripts]" # Skip-if-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/daily-safe-output-integrator.lock.yml b/.github/workflows/daily-safe-output-integrator.lock.yml index 981a840d160..77bbd39b667 100644 --- a/.github/workflows/daily-safe-output-integrator.lock.yml +++ b/.github/workflows/daily-safe-output-integrator.lock.yml @@ -58,7 +58,7 @@ name: "Daily Safe Output Integrator" "on": schedule: - - cron: "51 19 * * *" + - cron: "37 18 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index 1cdca1453dc..08c813b855e 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -65,7 +65,7 @@ name: "Daily Safe Output Tool Optimizer" "on": schedule: - - cron: "43 18 * * *" + - cron: "50 20 * * *" # Friendly format: daily (scattered) # skip-if-match: is:issue is:open in:title "[safeoutputs]" # Skip-if-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index 5b65e258b77..d13081ba20b 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -58,7 +58,7 @@ name: "Daily Safe Outputs Conformance Checker" "on": schedule: - - cron: "30 14 * * *" + - cron: "37 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 533c4f4a3ec..524dc9c79be 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -57,7 +57,7 @@ name: "Daily Secrets Analysis Agent" "on": schedule: - - cron: "30 20 * * *" + - cron: "35 17 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-security-observability.lock.yml b/.github/workflows/daily-security-observability.lock.yml index 42831b027ee..619fa88b23f 100644 --- a/.github/workflows/daily-security-observability.lock.yml +++ b/.github/workflows/daily-security-observability.lock.yml @@ -67,7 +67,7 @@ name: "Daily Security Observability Report" "on": schedule: - - cron: "54 10 * * *" + - cron: "49 15 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index a5544dc9b4d..462b4a236eb 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -59,7 +59,7 @@ name: "Daily Security Red Team Agent" "on": schedule: - - cron: "36 17 * * *" + - cron: "25 23 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index 121af573d3d..424f515898b 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -57,7 +57,7 @@ name: "Daily Semgrep Scan" "on": schedule: - - cron: "17 9 * * *" + - cron: "20 4 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-sentrux-report.lock.yml b/.github/workflows/daily-sentrux-report.lock.yml index 856b3e324c1..06fb208370a 100644 --- a/.github/workflows/daily-sentrux-report.lock.yml +++ b/.github/workflows/daily-sentrux-report.lock.yml @@ -58,7 +58,7 @@ name: "Daily Sentrux Report" "on": schedule: - - cron: "36 11 * * *" + - cron: "52 23 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-skill-optimizer.lock.yml b/.github/workflows/daily-skill-optimizer.lock.yml index 83fec102ff2..afec3bf6bbd 100644 --- a/.github/workflows/daily-skill-optimizer.lock.yml +++ b/.github/workflows/daily-skill-optimizer.lock.yml @@ -56,7 +56,7 @@ name: "Daily Skill Optimizer Improvements" "on": schedule: - - cron: "33 11 * * *" + - cron: "35 2 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index 6c4e2d8af13..a474b4245d9 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -56,7 +56,7 @@ name: "Daily Syntax Error Quality Check" "on": schedule: - - cron: "14 17 * * *" + - cron: "26 7 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index 270a5d2d42d..d6daae175e5 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -57,7 +57,7 @@ name: "Daily Team Evolution Insights" "on": schedule: - - cron: "15 17 * * *" + - cron: "6 20 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index 17617c79296..20ead3bcffe 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -62,7 +62,7 @@ name: "Daily Testify Uber Super Expert" "on": schedule: - - cron: "28 9 * * *" + - cron: "54 17 * * *" # Friendly format: daily (scattered) # skip-if-match: is:issue is:open in:title "[testify-expert]" # Skip-if-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/daily-token-consumption-report.lock.yml b/.github/workflows/daily-token-consumption-report.lock.yml index 2a7400a0f8c..b637ec9a5ed 100644 --- a/.github/workflows/daily-token-consumption-report.lock.yml +++ b/.github/workflows/daily-token-consumption-report.lock.yml @@ -60,7 +60,7 @@ name: "Daily Token Consumption Report (Sentry OTel)" "on": schedule: - - cron: "20 16 * * 1-5" + - cron: "51 11 * * 1-5" # Friendly format: daily on weekdays (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index aeb891ff539..30586360cbf 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -55,7 +55,7 @@ name: "Daily Workflow Updater" "on": schedule: - - cron: "39 7 * * *" + - cron: "54 6 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/dead-code-remover.lock.yml b/.github/workflows/dead-code-remover.lock.yml index 0f0cf8bb589..33ea4e19464 100644 --- a/.github/workflows/dead-code-remover.lock.yml +++ b/.github/workflows/dead-code-remover.lock.yml @@ -58,7 +58,7 @@ name: "Dead Code Removal Agent" "on": schedule: - - cron: "23 22 * * *" + - cron: "6 14 * * *" # Friendly format: daily (scattered) # skip-if-match: is:pr is:open in:title "[dead-code] " # Skip-if-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 0a8a280db40..d114704c724 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -58,7 +58,7 @@ name: "Delight" "on": schedule: - - cron: "25 12 * * *" + - cron: "40 14 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index be33cb6dc19..27466246709 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -51,7 +51,7 @@ name: "Dependabot Burner" "on": schedule: - - cron: "43 5 * * 5" + - cron: "8 6 * * 5" # Friendly format: weekly (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index 2708918b4e1..eee89105436 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -64,7 +64,7 @@ name: "Developer Documentation Consolidator" "on": schedule: - - cron: "12 15 * * *" + - cron: "19 13 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 068c2ba05a1..41ca5e32f35 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -59,7 +59,7 @@ name: "Documentation Noob Tester" "on": schedule: - - cron: "40 18 * * *" + - cron: "40 3 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index b1494e4d0e5..82c846a82a7 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -48,7 +48,7 @@ name: "Draft PR Cleanup" "on": schedule: - - cron: "53 2 * * *" + - cron: "50 10 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index 7f85492ba2e..b77266de787 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -58,7 +58,7 @@ name: "Duplicate Code Detector" "on": schedule: - - cron: "8 9 * * *" + - cron: "10 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: @@ -1281,18 +1281,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.3' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_f3e7a5701dac7605_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_e48eff9053253db0_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_f3e7a5701dac7605_EOF + GH_AW_MCP_CONFIG_e48eff9053253db0_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_71edfe1d212c37b9_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_36d5d72aa2d039ad_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1303,11 +1303,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_71edfe1d212c37b9_EOF + GH_AW_MCP_CONFIG_36d5d72aa2d039ad_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_ceb861235c8d2f76_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_e881aa7105a071de_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1317,7 +1317,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_ceb861235c8d2f76_EOF + GH_AW_CODEX_SHELL_POLICY_e881aa7105a071de_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index 09e4e1221e7..945822aae28 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -55,7 +55,7 @@ name: "The Great Escapi" types: - labeled schedule: - - cron: "7 5 * * *" + - cron: "41 4 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index 5ece35c15a3..f6ea6c3d25c 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -56,7 +56,7 @@ name: "GitHub Remote MCP Authentication Test" "on": schedule: - - cron: "23 17 * * *" + - cron: "21 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index a1c082d45bc..8169872f6bf 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -57,7 +57,7 @@ name: "Go Logger Enhancement" "on": schedule: - - cron: "9 12 * * *" + - cron: "9 3 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index 77797596a3b..58a03c18821 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -54,7 +54,7 @@ name: "GPL Dependency Cleaner (gpclean)" "on": schedule: - - cron: "50 7 * * *" + - cron: "7 3 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 81997aaacbf..1606e26dde1 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -52,7 +52,7 @@ name: "Instructions Janitor" "on": schedule: - - cron: "47 7 * * *" + - cron: "25 8 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index 5da05b8ff02..67f2c5ef1c4 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -56,7 +56,7 @@ name: "Issue Arborist" "on": schedule: - - cron: "54 13 * * *" + - cron: "7 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: @@ -1305,18 +1305,18 @@ jobs: DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo '0') export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host --add-host host.docker.internal:127.0.0.1 --user '"${MCP_GATEWAY_UID}"':'"${MCP_GATEWAY_GID}"' --group-add '"${DOCKER_SOCK_GID}"' -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e MCP_GATEWAY_PAYLOAD_DIR -e MCP_GATEWAY_PAYLOAD_SIZE_THRESHOLD -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_GUARD_MIN_INTEGRITY -e GITHUB_MCP_GUARD_REPOS -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e CODEX_HOME -v /tmp/gh-aw/mcp-payloads:/tmp/gh-aw/mcp-payloads:rw -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.3.3' - cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_ec5ba97eb62a75fc_EOF + cat > "${RUNNER_TEMP}/gh-aw/mcp-config/config.toml" << GH_AW_MCP_CONFIG_4ee8e8ad7d995ec3_EOF [history] persistence = "none" [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_MCP_CONFIG_ec5ba97eb62a75fc_EOF + GH_AW_MCP_CONFIG_4ee8e8ad7d995ec3_EOF # Generate JSON config for MCP gateway GH_AW_NODE=$(which node 2>/dev/null || command -v node 2>/dev/null || echo node) - cat << GH_AW_MCP_CONFIG_000e9c6c8b0a7ac4_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" + cat << GH_AW_MCP_CONFIG_616da4505ab92079_EOF | "$GH_AW_NODE" "${RUNNER_TEMP}/gh-aw/actions/start_mcp_gateway.cjs" { "mcpServers": { }, @@ -1327,11 +1327,11 @@ jobs: "payloadDir": "${MCP_GATEWAY_PAYLOAD_DIR}" } } - GH_AW_MCP_CONFIG_000e9c6c8b0a7ac4_EOF + GH_AW_MCP_CONFIG_616da4505ab92079_EOF # Sync converter output to writable CODEX_HOME for Codex mkdir -p /tmp/gh-aw/mcp-config - cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_9eee5d7358cfa897_EOF + cat > "/tmp/gh-aw/mcp-config/config.toml" << GH_AW_CODEX_SHELL_POLICY_b184841e50b59900_EOF model_provider = "openai-proxy" [model_providers.openai-proxy] name = "OpenAI AWF proxy" @@ -1341,7 +1341,7 @@ jobs: [shell_environment_policy] inherit = "core" include_only = ["CODEX_API_KEY", "HOME", "OPENAI_API_KEY", "PATH"] - GH_AW_CODEX_SHELL_POLICY_9eee5d7358cfa897_EOF + GH_AW_CODEX_SHELL_POLICY_b184841e50b59900_EOF awk ' BEGIN { skip_openai_proxy = 0 } /^[[:space:]]*model_provider[[:space:]]*=/ { next } diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 79c1d716e38..806b2add67c 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -57,7 +57,7 @@ name: "jsweep - JavaScript Unbloater" "on": schedule: - - cron: "53 2 * * *" + - cron: "38 3 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index c0cb6a53ac4..3c63b311f6e 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -59,7 +59,7 @@ name: "Lockfile Statistics Analysis Agent" "on": schedule: - - cron: "5 7 * * *" + - cron: "9 20 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 85f0ef66a7f..246b9212af5 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -51,7 +51,7 @@ name: "Metrics Collector - Infrastructure Agent" "on": schedule: - - cron: "25 15 * * *" + - cron: "23 2 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index 91318a0d1fa..07c13f544a2 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -70,7 +70,7 @@ name: "Copilot Agent Prompt Clustering Analysis" "on": schedule: - - cron: "42 7 * * *" + - cron: "39 9 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/refactoring-cadence.lock.yml b/.github/workflows/refactoring-cadence.lock.yml index d90062d2d7a..849f7484e92 100644 --- a/.github/workflows/refactoring-cadence.lock.yml +++ b/.github/workflows/refactoring-cadence.lock.yml @@ -56,7 +56,7 @@ name: "Refactoring Cadence" "on": schedule: - - cron: "10 21 * * 1-5" + - cron: "21 3 * * 1-5" # Friendly format: daily on weekdays (scattered) # skip-if-match: is:issue is:open in:title "[refactoring-cadence]" # Skip-if-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index e01cf70d3c7..90974318dfd 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -64,7 +64,7 @@ name: "Safe Output Health Monitor" "on": schedule: - - cron: "22 10 * * *" + - cron: "6 4 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 1bf6999de8f..0d5710ab4e3 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -58,7 +58,7 @@ name: "Schema Consistency Checker" "on": schedule: - - cron: "54 13 * * *" + - cron: "19 5 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index be7b17820ba..f043faab8e9 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -57,7 +57,7 @@ name: "Semantic Function Refactoring" "on": schedule: - - cron: "26 13 * * *" + - cron: "39 23 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 1f530c7dc7e..876cb7b8f6e 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -63,7 +63,7 @@ name: "Sergo - Serena Go Expert" "on": schedule: - - cron: "50 15 * * *" + - cron: "40 3 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/smoke-ci.lock.yml b/.github/workflows/smoke-ci.lock.yml index 796905ad887..b378329295e 100644 --- a/.github/workflows/smoke-ci.lock.yml +++ b/.github/workflows/smoke-ci.lock.yml @@ -62,7 +62,7 @@ name: "Smoke CI" - go.mod - actions/setup/js/** schedule: - - cron: "22 7 * * *" + - cron: "52 7 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/spec-enforcer.lock.yml b/.github/workflows/spec-enforcer.lock.yml index 6c69b07e3fb..76da8e38c39 100644 --- a/.github/workflows/spec-enforcer.lock.yml +++ b/.github/workflows/spec-enforcer.lock.yml @@ -56,7 +56,7 @@ name: "Package Specification Enforcer" "on": schedule: - - cron: "18 20 * * *" + - cron: "23 11 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/spec-extractor.lock.yml b/.github/workflows/spec-extractor.lock.yml index dcdaaef777f..9aacee14d7e 100644 --- a/.github/workflows/spec-extractor.lock.yml +++ b/.github/workflows/spec-extractor.lock.yml @@ -59,7 +59,7 @@ name: "Package Specification Extractor" "on": schedule: - - cron: "20 9 * * *" + - cron: "24 9 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/spec-librarian.lock.yml b/.github/workflows/spec-librarian.lock.yml index b0fb924df6c..840a8328b24 100644 --- a/.github/workflows/spec-librarian.lock.yml +++ b/.github/workflows/spec-librarian.lock.yml @@ -59,7 +59,7 @@ name: "Package Specification Librarian" "on": schedule: - - cron: "36 15 * * *" + - cron: "8 13 * * *" # Friendly format: daily (scattered) # skip-if-match: is:issue is:open in:title "[spec-librarian]" # Skip-if-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 78df2dc07cc..ed8989a2cbb 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -58,7 +58,7 @@ name: "Static Analysis Report" "on": schedule: - - cron: "48 6 * * *" + - cron: "37 4 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index 4ea31424670..0bcf7e7116b 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -51,7 +51,7 @@ name: "Step Name Alignment" "on": schedule: - - cron: "48 11 * * *" + - cron: "51 3 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 66d1a1f2385..d96097192c1 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -49,7 +49,7 @@ name: "Sub-Issue Closer" "on": schedule: - - cron: "35 15 * * *" + - cron: "11 6 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index da8d4334a00..0b523ba2acb 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -61,7 +61,7 @@ name: "Terminal Stylist" "on": schedule: - - cron: "7 4 * * *" + - cron: "35 8 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index 11109041dc2..6aa91026fa1 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -56,7 +56,7 @@ name: "Ubuntu Actions Image Analyzer" "on": schedule: - - cron: "10 15 * * 4" + - cron: "26 3 * * 4" # Friendly format: weekly (scattered) # skip-if-match: is:pr is:open in:title "[ubuntu-image]" # Skip-if-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 81e8b582a2c..81d9843bff8 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -64,7 +64,7 @@ name: "Documentation Unbloat" - created - edited schedule: - - cron: "41 8 * * *" + - cron: "24 16 * * *" # skip-if-match: is:pr is:open is:draft label:doc-unbloat # Skip-if-match processed as search check in pre-activation job workflow_dispatch: inputs: diff --git a/.github/workflows/update-astro.lock.yml b/.github/workflows/update-astro.lock.yml index 517e2411e50..56ddea2c00f 100644 --- a/.github/workflows/update-astro.lock.yml +++ b/.github/workflows/update-astro.lock.yml @@ -49,7 +49,7 @@ name: "Update Astro" "on": schedule: - - cron: "7 2 * * *" + - cron: "51 2 * * *" # Friendly format: daily (scattered) # skip-if-no-match: is:pr is:open author:app/dependabot label:dependencies # Skip-if-no-match processed as search check in pre-activation job workflow_dispatch: diff --git a/.github/workflows/weekly-blog-post-writer.lock.yml b/.github/workflows/weekly-blog-post-writer.lock.yml index 072f0c09fa7..e4fc1d63e3f 100644 --- a/.github/workflows/weekly-blog-post-writer.lock.yml +++ b/.github/workflows/weekly-blog-post-writer.lock.yml @@ -57,7 +57,7 @@ name: "Weekly Blog Post Writer" "on": schedule: - - cron: "5 12 * * 1" + - cron: "38 2 * * 1" # Friendly format: weekly on monday (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index ab3fc213f00..0a9e70dfbb3 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -50,7 +50,7 @@ name: "Weekly Editors Health Check" "on": schedule: - - cron: "6 9 * * 6" + - cron: "36 7 * * 6" # Friendly format: weekly (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml index 9205ebd2b0e..6d46774522a 100644 --- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml +++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml @@ -54,7 +54,7 @@ name: "Weekly Safe Outputs Specification Review" "on": schedule: - - cron: "39 8 * * 1" + - cron: "19 4 * * 1" # Friendly format: weekly on monday (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index ee23fb417a2..5906db67be6 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -53,7 +53,7 @@ name: "Workflow Health Manager - Meta-Orchestrator" "on": schedule: - - cron: "14 23 * * *" + - cron: "26 4 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 7cc5cabd016..937cf2dcf20 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -55,7 +55,7 @@ name: "Workflow Normalizer" "on": schedule: - - cron: "23 4 * * *" + - cron: "40 12 * * *" # Friendly format: daily (scattered) workflow_dispatch: inputs: diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index cf62ef64bf2..5d0c10c5bbe 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -52,7 +52,7 @@ name: "Workflow Skill Extractor" "on": schedule: - - cron: "24 22 * * 4" + - cron: "35 3 * * 4" # Friendly format: weekly (scattered) workflow_dispatch: inputs: diff --git a/pkg/parser/schedule_fuzzy_scatter.go b/pkg/parser/schedule_fuzzy_scatter.go index 1dfee67acd6..f77ab90d8cf 100644 --- a/pkg/parser/schedule_fuzzy_scatter.go +++ b/pkg/parser/schedule_fuzzy_scatter.go @@ -14,68 +14,111 @@ var scheduleFuzzyScatterLog = logger.New("parser:schedule_fuzzy_scatter") // This file contains fuzzy schedule scattering logic that deterministically // distributes workflow execution times based on workflow identifiers. -// timeSlot represents a specific (hour, minute) pair used in the weighted daily pool. -type timeSlot struct { - hour int - minute int -} - -// bestDailyMinutes are the "odd" minutes preferred during the BEST tier (02:00–05:59 UTC). -// These low-traffic minutes reduce scheduling collisions with other cron jobs. -var bestDailyMinutes = []int{7, 13, 23, 37, 43, 53} - -// buildWeightedDailyPool constructs the weighted pool of (hour, minute) time slots -// used for full-day scatter patterns. The pool reflects the following distribution: -// -// - BEST (weight 3): 02:00–05:59 UTC at odd minutes (07,13,23,37,43,53) -// - BROAD (weight 1): 06:00–23:59 UTC, minutes [5,54] -// -// Pool size: 4×6×3 (BEST) + 18×50×1 (BROAD) = 72 + 900 = 972 slots. -// BEST represents 72/972 ≈ 7% and BROAD represents 900/972 ≈ 93% of slots. -// Within BROAD, each hour claims 50/972 ≈ 5% of the pool. +// buildWeightedHourPool constructs the weighted pool of hours used for full-day scatter +// patterns. The pool reflects the following distribution: // -// The BROAD tier spans the full daytime and evening window to prevent thundering-herd -// API rate-limit bursts. The former design used a GOOD tier (10:00–12:59 UTC, weight 2) -// that concentrated ~300/622 ≈ 48% of pool slots in a 3-hour window—equivalent to -// ~16% of workflows per hour in that band. With BROAD, no single hour claims more -// than ~5% of workflows, so 20 concurrent daily workflows spread across roughly -// one per hour instead of 7–10 clustering in the same 3-hour window. +// - BEST (weight 3): 02:00–05:59 UTC — low-traffic hours, preferred for maintenance +// - BROAD (weight 1): 06:00–23:59 UTC — full daytime/evening window // -// Using weights means each BEST slot appears 3× in the pool while each BROAD slot -// appears once, making any individual BEST slot 3× more likely to be chosen than -// any individual BROAD slot. However, because BROAD has 900 vs 72 BEST slots, a -// randomly selected workflow still has only ~7% chance of landing in BEST. -func buildWeightedDailyPool() []timeSlot { - var pool []timeSlot - - // BEST: hours 02–05 at specified odd minutes, weight 3 (appear 3 times each) +// Pool size: 4×3 (BEST) + 18×1 (BROAD) = 12 + 18 = 30 slots. +// BEST represents 12/30 = 40% and BROAD represents 18/30 = 60% of the hour pool. +func buildWeightedHourPool() []int { + var pool []int + + // BEST: hours 02–05, weight 3 (appear 3 times each) for h := 2; h <= 5; h++ { - for _, m := range bestDailyMinutes { - pool = append(pool, timeSlot{h, m}, timeSlot{h, m}, timeSlot{h, m}) - } + pool = append(pool, h, h, h) } - // BROAD: hours 06–23, all valid minutes [5,54], weight 1 - // This replaces the old GOOD (10–12, weight 2) + OK (19–23, weight 1) split that - // caused ~48% of daily workflows to cluster in the 10:00–12:59 UTC window. + // BROAD: hours 06–23, weight 1 for h := 6; h <= 23; h++ { - for m := 5; m <= 54; m++ { - pool = append(pool, timeSlot{h, m}) - } + pool = append(pool, h) } return pool } -// weightedDailyPool is the pre-computed weighted pool of daily time slots. -var weightedDailyPool = buildWeightedDailyPool() +// buildAvailableMinutes constructs the valid minute values used for the independent +// minute selection in daily scatter patterns. The pool pre-excludes: +// +// - Hour-boundary windows [0–4] and [55–59] — high-traffic around each hour boundary +// - EU morning peak [27–33] — ±3 minutes around :30 in hours 06–09 +// - US business-hours peaks [12–18] and [42–48] — ±3 minutes around :15 and :45 +// +// Pre-excluding these ranges means avoidPeakMinutes does not need to remap pool +// values, which previously caused clustering: several raw minutes all collapsing to +// the same post-remap value (e.g. 27–33 → 34) and creating artificial collisions. +// +// Remaining valid minutes: [5–11, 19–26, 34–41, 49–54] = 29 values. +func buildAvailableMinutes() []int { + var pool []int + for m := 5; m <= 54; m++ { + // Exclude EU morning peak zone (±3 of :30, affecting hours 06–09) + if m >= 27 && m <= 33 { + continue + } + // Exclude US business-hours peak zones (±3 of :15 and :45, hours 14–18) + if m >= 12 && m <= 18 { + continue + } + if m >= 42 && m <= 48 { + continue + } + pool = append(pool, m) + } + return pool +} + +// weightedHourPool is the pre-computed weighted pool of hours (BEST + BROAD tiers). +var weightedHourPool = buildWeightedHourPool() -// weightedDailyTimeSlot returns a deterministic (hour, minute) pair sampled from the -// weighted daily time slot pool for the given workflow identifier. -// All returned slots are already within the preferred windows and have valid minutes. +// availableMinutes is the pre-computed curated set of valid minutes for scatter +// selection: 29 values spanning [5–11, 19–26, 34–41, 49–54] with hour-boundary +// and peak-traffic ranges pre-excluded (see buildAvailableMinutes). +var availableMinutes = buildAvailableMinutes() + +// weightedDailyTimeSlot returns a deterministic (hour, minute) pair for the given +// workflow identifier using two hash operations — one for hour selection and one for +// minute selection — where the minute hash incorporates the hour-pool index as a +// disambiguation component. +// +// The original single-hash approach (972-slot flat pool) produced exact cron-time +// collisions for ~5 workflow pairs per 99 workflows (birthday paradox). Three-way +// collisions caused concurrent token-API bursts that exhausted the 60 req/min quota, +// silently losing safe-output writes. +// +// This implementation reduces collision probability by requiring two independent +// conditions to hold simultaneously for a full (hour, minute) collision: +// +// 1. Both workflows must resolve to the same hour value (not necessarily the same +// pool index — different indices can yield the same hour via BEST-tier weight-3 +// duplication, e.g. indices 0 and 1 both resolve to hour 2). +// 2. The minute hash of a composite seed (identifier + ":" + hHash index string) +// must produce the same minute value for both workflows. +// +// The composite seed in condition 2 means that even when two workflows share the same +// resolved hour, they typically receive different minute seeds as long as their hHash +// values differ. Only when both the resolved hour AND the composite-seed minute hash +// collide does a duplicate cron expression occur. func weightedDailyTimeSlot(identifier string) (int, int) { - slot := weightedDailyPool[stableHash(identifier, len(weightedDailyPool))] - return slot.hour, slot.minute + // Hash 1: select hour from the weighted hour pool (preserves BEST/BROAD preference). + hHash := stableHash(identifier, len(weightedHourPool)) + hour := weightedHourPool[hHash] + + // Hash 2: select minute using a composite seed that encodes the hour-pool index. + // Incorporating hHash into the seed ensures two workflows that share the same + // hour via different pool indices (a common outcome of the BEST-tier weight-3 + // duplication) still get different minute hashes as long as their hHash values + // differ. When hHash also coincides, the full identifier strings diverge, making + // collisions on this second hash unlikely for distinct real-world workflow names. + // avoidPeakMinutes is intentionally NOT called here because availableMinutes + // already pre-excludes all peak ranges; calling it on pool values would remap + // multiple distinct raw minutes to the same output, artificially increasing + // collision counts. + minuteSeed := fmt.Sprintf("%s:%d", identifier, hHash) + minute := availableMinutes[stableHash(minuteSeed, len(availableMinutes))] + + return hour, minute } // avoidHourBoundary remaps a minute value to avoid the 5-minute window before diff --git a/pkg/parser/schedule_parser_stability_test.go b/pkg/parser/schedule_parser_stability_test.go index c36abee62f2..2e65b36f75a 100644 --- a/pkg/parser/schedule_parser_stability_test.go +++ b/pkg/parser/schedule_parser_stability_test.go @@ -57,13 +57,13 @@ func TestScatterScheduleCrossPlatformConsistency(t *testing.T) { name: "daily - workflow-a.md", fuzzyCron: "FUZZY:DAILY * * *", workflowIdentifier: "workflow-a.md", - expectedCron: "38 6 * * *", + expectedCron: "22 15 * * *", }, { name: "daily - workflow-b.md", fuzzyCron: "FUZZY:DAILY * * *", workflowIdentifier: "workflow-b.md", - expectedCron: "49 7 * * *", + expectedCron: "34 16 * * *", }, { name: "hourly/1 - workflow-a.md", @@ -81,13 +81,13 @@ func TestScatterScheduleCrossPlatformConsistency(t *testing.T) { name: "weekly - workflow-a.md", fuzzyCron: "FUZZY:WEEKLY * * *", workflowIdentifier: "workflow-a.md", - expectedCron: "38 6 * * 6", + expectedCron: "22 15 * * 6", }, { name: "weekly:1 - workflow-a.md", fuzzyCron: "FUZZY:WEEKLY:1 * * *", workflowIdentifier: "workflow-a.md", - expectedCron: "38 6 * * 1", + expectedCron: "22 15 * * 1", }, { name: "daily around 14:00 - workflow-a.md",