Conversation
Enables repository_dispatch events so the Octi Pulpo brain can dispatch tasks to Cata agents via GitHub Actions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| jobs: | ||
| cata-agent: | ||
| runs-on: ubuntu-latest |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 days ago
In general, this problem is fixed by adding an explicit permissions block either at the top level of the workflow (applies to all jobs) or under the specific job, granting only the scopes and access levels required. For workflows that only need to read repository contents and releases, contents: read is typically sufficient.
For this specific workflow, the only visible operations that rely on GitHub API access are: actions/checkout@v4, which needs read access to repository contents, and gh release download using GITHUB_TOKEN, which also requires read access to releases (covered by contents: read). There is no evidence this job needs to write to the repository or to issues/PRs. Therefore, the best minimal change is to add permissions: contents: read at the workflow root, just under the name: (or under on:) so that it applies to the cata-agent job without altering its behavior.
Concretely, edit .github/workflows/cata-dispatch.yml and insert:
permissions:
contents: readnear the top-level keys. No additional imports or tooling changes are required.
| @@ -2,6 +2,8 @@ | ||
| on: | ||
| repository_dispatch: | ||
| types: [octi-pulpo-dispatch] | ||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| cata-agent: |
There was a problem hiding this comment.
Pull request overview
Adds a new GitHub Actions workflow that listens for repository_dispatch events and runs a Cata agent job in response, enabling Octi Pulpo to remotely dispatch work into this repo via Actions.
Changes:
- Introduces
.github/workflows/cata-dispatch.ymlto trigger onrepository_dispatchtypeocti-pulpo-dispatch. - Downloads a
cataLinux binary fromAgentGuardHQ/catareleases and executes it with task metadata fromclient_payload. - Emits a simple completion/status message at the end of the run.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| jobs: | ||
| cata-agent: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
Consider explicitly setting permissions for this workflow/job (least privilege). Without it, the GITHUB_TOKEN permissions depend on repo defaults and may be broader than needed for a dispatch-triggered, prompt-driven job. For example, .github/workflows/release.yml explicitly sets permissions: contents: write; this workflow should similarly declare only what Cata needs (often contents: read plus narrowly scoped write permissions if it must open PRs/push).
| runs-on: ubuntu-latest | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read |
| on: | ||
| repository_dispatch: | ||
| types: [octi-pulpo-dispatch] |
There was a problem hiding this comment.
repository_dispatch will run this workflow for any actor/token that can send that event to the repo. Since the payload includes an arbitrary prompt that drives automation, add a verification gate (e.g., require a shared secret/HMAC in client_payload that matches a repo secret, and/or restrict github.event.sender.login/actor allowlist) to prevent unauthorized dispatches from executing tasks with repo credentials.
| gh release download --repo AgentGuardHQ/cata \ | ||
| --pattern "cata-linux-amd64" \ | ||
| --output cata \ | ||
| --clobber || echo "WARN: cata release not yet published" | ||
| chmod +x cata 2>/dev/null || true |
There was a problem hiding this comment.
The workflow downloads and executes a prebuilt binary from another repo release without integrity verification. To reduce supply-chain risk, pin to a specific release version and verify a published checksum/signature before chmod/execution (or build from source within the workflow).
| "${TASK_PROMPT}" \ | ||
| || echo "WARN: cata exited non-zero for task ${TASK_ID}" |
There was a problem hiding this comment.
./cata run ... || echo ... masks non-zero exit codes (including missing execute permission, runtime errors, or failed tasks), so the job can report success even when the agent fails. If downstream systems rely on workflow status, let this step fail (or capture the exit code and explicitly exit $code after logging) so job.status reflects the real outcome.
| "${TASK_PROMPT}" \ | |
| || echo "WARN: cata exited non-zero for task ${TASK_ID}" | |
| "${TASK_PROMPT}" | |
| cata_exit_code=$? | |
| if [ "$cata_exit_code" -ne 0 ]; then | |
| echo "WARN: cata exited non-zero for task ${TASK_ID}" | |
| exit "$cata_exit_code" | |
| fi |
|
|
||
| jobs: | ||
| cata-agent: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
This job can run for a long time (--max-turns 100) and can be dispatched repeatedly; consider adding timeout-minutes and a concurrency group (e.g., per TASK_ID or a single global group) to prevent runaway runs and reduce the chance of overlapping agents contending for the repo workspace/credentials.
| runs-on: ubuntu-latest | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| concurrency: | |
| group: cata-agent-${{ github.event.client_payload.task_id }} | |
| cancel-in-progress: true |
Summary
cata-dispatch.ymlGitHub Actions workflow to enablerepository_dispatcheventsTest plan
repository_dispatchevent from Octi Pulpo brain targeting this repo🤖 Generated with Claude Code