From f4a010fe4c5b5c098a8b8039120cca074e4e3b68 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 2 Apr 2026 18:45:15 +0000 Subject: [PATCH 1/2] Initial plan From 5b52f93057ee1237059589e4893f4556a4b1ab98 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 2 Apr 2026 19:14:08 +0000 Subject: [PATCH 2/2] fix: add compiled YAML hash to lock file integrity check (#1674) Add a `compiled_hash` field to the lock file metadata that covers all non-comment YAML lines. The runtime integrity check in `check_workflow_timestamp_api.cjs` now verifies this hash in addition to the existing frontmatter hash. This detects tampering with security-critical fields (permissions, env vars, job steps, network policies) in the compiled lock file even when the .md source is unchanged. - Go: add `CompiledHash` to `LockMetadata`, compute it via two-pass generation in `generateYAML` after emitting the YAML body, then inject it into the `gh-aw-metadata` comment - JS: add `extractCompiledHashFromLockFile` and `computeCompiledHashFromLockFile` to `frontmatter_hash_pure.cjs` - JS: verify compiled hash in `check_workflow_timestamp_api.cjs`; fail with a tamper-detection message on mismatch - Old lock files without `compiled_hash` continue to work (backward compatible; only frontmatter hash is checked) - All 179 repo lock files recompiled with the new field Agent-Logs-Url: https://github.com/github/gh-aw/sessions/95b17fcc-94fe-4d93-b174-4789a4505521 Co-authored-by: szabta89 <1330202+szabta89@users.noreply.github.com> --- .github/workflows/ace-editor.lock.yml | 2 +- .../agent-performance-analyzer.lock.yml | 2 +- .../workflows/agent-persona-explorer.lock.yml | 2 +- .../agentic-observability-kit.lock.yml | 2 +- .github/workflows/ai-moderator.lock.yml | 2 +- .github/workflows/archie.lock.yml | 2 +- .github/workflows/artifacts-summary.lock.yml | 2 +- .github/workflows/audit-workflows.lock.yml | 2 +- .github/workflows/auto-triage-issues.lock.yml | 2 +- .github/workflows/blog-auditor.lock.yml | 2 +- .github/workflows/bot-detection.lock.yml | 2 +- .github/workflows/brave.lock.yml | 2 +- .../breaking-change-checker.lock.yml | 2 +- .github/workflows/changeset.lock.yml | 2 +- .github/workflows/ci-coach.lock.yml | 2 +- .github/workflows/ci-doctor.lock.yml | 2 +- .../claude-code-user-docs-review.lock.yml | 2 +- .../cli-consistency-checker.lock.yml | 2 +- .../workflows/cli-version-checker.lock.yml | 2 +- .github/workflows/cloclo.lock.yml | 2 +- .../workflows/code-scanning-fixer.lock.yml | 2 +- .github/workflows/code-simplifier.lock.yml | 2 +- .../codex-github-remote-mcp-test.lock.yml | 2 +- .../commit-changes-analyzer.lock.yml | 2 +- .../constraint-solving-potd.lock.yml | 2 +- .github/workflows/contribution-check.lock.yml | 2 +- .../workflows/copilot-agent-analysis.lock.yml | 2 +- .../copilot-cli-deep-research.lock.yml | 2 +- .../copilot-pr-merged-report.lock.yml | 2 +- .../copilot-pr-nlp-analysis.lock.yml | 2 +- .../copilot-pr-prompt-analysis.lock.yml | 2 +- .../copilot-session-insights.lock.yml | 2 +- .github/workflows/craft.lock.yml | 2 +- .../daily-architecture-diagram.lock.yml | 2 +- .../daily-assign-issue-to-user.lock.yml | 2 +- .github/workflows/daily-choice-test.lock.yml | 2 +- .../workflows/daily-cli-performance.lock.yml | 2 +- .../workflows/daily-cli-tools-tester.lock.yml | 2 +- .github/workflows/daily-code-metrics.lock.yml | 2 +- .../daily-community-attribution.lock.yml | 2 +- .../workflows/daily-compiler-quality.lock.yml | 2 +- .../daily-copilot-token-report.lock.yml | 2 +- .github/workflows/daily-doc-healer.lock.yml | 2 +- .github/workflows/daily-doc-updater.lock.yml | 2 +- .github/workflows/daily-fact.lock.yml | 2 +- .github/workflows/daily-file-diet.lock.yml | 2 +- .../workflows/daily-firewall-report.lock.yml | 2 +- .../workflows/daily-function-namer.lock.yml | 2 +- .../daily-integrity-analysis.lock.yml | 2 +- .../workflows/daily-issues-report.lock.yml | 2 +- .../daily-malicious-code-scan.lock.yml | 2 +- .../daily-mcp-concurrency-analysis.lock.yml | 2 +- .../daily-multi-device-docs-tester.lock.yml | 2 +- .github/workflows/daily-news.lock.yml | 2 +- .../daily-observability-report.lock.yml | 2 +- .../daily-performance-summary.lock.yml | 2 +- .github/workflows/daily-regulatory.lock.yml | 2 +- .../daily-rendering-scripts-verifier.lock.yml | 2 +- .../workflows/daily-repo-chronicle.lock.yml | 2 +- .../daily-safe-output-integrator.lock.yml | 2 +- .../daily-safe-output-optimizer.lock.yml | 2 +- .../daily-safe-outputs-conformance.lock.yml | 2 +- .../workflows/daily-secrets-analysis.lock.yml | 2 +- .../daily-security-red-team.lock.yml | 2 +- .github/workflows/daily-semgrep-scan.lock.yml | 2 +- .../daily-syntax-error-quality.lock.yml | 2 +- .../daily-team-evolution-insights.lock.yml | 2 +- .github/workflows/daily-team-status.lock.yml | 2 +- .../daily-testify-uber-super-expert.lock.yml | 2 +- .../workflows/daily-workflow-updater.lock.yml | 2 +- .github/workflows/dead-code-remover.lock.yml | 2 +- .github/workflows/deep-report.lock.yml | 2 +- .github/workflows/delight.lock.yml | 2 +- .github/workflows/dependabot-burner.lock.yml | 2 +- .../workflows/dependabot-go-checker.lock.yml | 2 +- .github/workflows/dev-hawk.lock.yml | 2 +- .github/workflows/dev.lock.yml | 2 +- .../developer-docs-consolidator.lock.yml | 2 +- .github/workflows/dictation-prompt.lock.yml | 2 +- .../workflows/discussion-task-miner.lock.yml | 2 +- .github/workflows/docs-noob-tester.lock.yml | 2 +- .github/workflows/draft-pr-cleanup.lock.yml | 2 +- .../duplicate-code-detector.lock.yml | 2 +- .../example-permissions-warning.lock.yml | 2 +- .../example-workflow-analyzer.lock.yml | 2 +- .github/workflows/firewall-escape.lock.yml | 2 +- .github/workflows/firewall.lock.yml | 2 +- .../workflows/functional-pragmatist.lock.yml | 2 +- .../github-mcp-structural-analysis.lock.yml | 2 +- .../github-mcp-tools-report.lock.yml | 2 +- .../github-remote-mcp-auth-test.lock.yml | 2 +- .../workflows/glossary-maintainer.lock.yml | 2 +- .github/workflows/go-fan.lock.yml | 2 +- .github/workflows/go-logger.lock.yml | 2 +- .../workflows/go-pattern-detector.lock.yml | 2 +- .github/workflows/gpclean.lock.yml | 2 +- .github/workflows/grumpy-reviewer.lock.yml | 2 +- .github/workflows/hourly-ci-cleaner.lock.yml | 2 +- .../workflows/instructions-janitor.lock.yml | 2 +- .github/workflows/issue-arborist.lock.yml | 2 +- .github/workflows/issue-monster.lock.yml | 2 +- .github/workflows/issue-triage-agent.lock.yml | 2 +- .github/workflows/jsweep.lock.yml | 2 +- .../workflows/layout-spec-maintainer.lock.yml | 2 +- .github/workflows/lockfile-stats.lock.yml | 2 +- .github/workflows/mcp-inspector.lock.yml | 2 +- .github/workflows/mergefest.lock.yml | 2 +- .github/workflows/metrics-collector.lock.yml | 2 +- .../workflows/notion-issue-summary.lock.yml | 2 +- .github/workflows/org-health-report.lock.yml | 2 +- .github/workflows/pdf-summary.lock.yml | 2 +- .github/workflows/plan.lock.yml | 2 +- .github/workflows/poem-bot.lock.yml | 2 +- .github/workflows/portfolio-analyst.lock.yml | 2 +- .../workflows/pr-nitpick-reviewer.lock.yml | 2 +- .github/workflows/pr-triage-agent.lock.yml | 2 +- .../prompt-clustering-analysis.lock.yml | 2 +- .github/workflows/python-data-charts.lock.yml | 2 +- .github/workflows/q.lock.yml | 2 +- .github/workflows/refiner.lock.yml | 2 +- .github/workflows/release.lock.yml | 2 +- .../workflows/repo-audit-analyzer.lock.yml | 2 +- .github/workflows/repo-tree-map.lock.yml | 2 +- .../repository-quality-improver.lock.yml | 2 +- .github/workflows/research.lock.yml | 2 +- .github/workflows/safe-output-health.lock.yml | 2 +- .../schema-consistency-checker.lock.yml | 2 +- .../schema-feature-coverage.lock.yml | 2 +- .github/workflows/scout.lock.yml | 2 +- .../workflows/security-compliance.lock.yml | 2 +- .github/workflows/security-review.lock.yml | 2 +- .../semantic-function-refactor.lock.yml | 2 +- .github/workflows/sergo.lock.yml | 2 +- .../workflows/slide-deck-maintainer.lock.yml | 2 +- .../workflows/smoke-agent-all-merged.lock.yml | 2 +- .../workflows/smoke-agent-all-none.lock.yml | 2 +- .../smoke-agent-public-approved.lock.yml | 2 +- .../smoke-agent-public-none.lock.yml | 2 +- .../smoke-agent-scoped-approved.lock.yml | 2 +- .../workflows/smoke-call-workflow.lock.yml | 2 +- .github/workflows/smoke-claude.lock.yml | 2 +- .github/workflows/smoke-codex.lock.yml | 2 +- .github/workflows/smoke-copilot-arm.lock.yml | 2 +- .github/workflows/smoke-copilot.lock.yml | 2 +- .../smoke-create-cross-repo-pr.lock.yml | 2 +- .github/workflows/smoke-gemini.lock.yml | 2 +- .github/workflows/smoke-multi-pr.lock.yml | 2 +- .github/workflows/smoke-project.lock.yml | 2 +- .../workflows/smoke-service-ports.lock.yml | 2 +- .github/workflows/smoke-temporary-id.lock.yml | 2 +- .github/workflows/smoke-test-tools.lock.yml | 2 +- .../smoke-update-cross-repo-pr.lock.yml | 2 +- .../smoke-workflow-call-with-inputs.lock.yml | 2 +- .../workflows/smoke-workflow-call.lock.yml | 2 +- .../workflows/stale-repo-identifier.lock.yml | 2 +- .../workflows/static-analysis-report.lock.yml | 2 +- .../workflows/step-name-alignment.lock.yml | 2 +- .github/workflows/sub-issue-closer.lock.yml | 2 +- .github/workflows/super-linter.lock.yml | 2 +- .../workflows/technical-doc-writer.lock.yml | 2 +- .github/workflows/terminal-stylist.lock.yml | 2 +- .../test-create-pr-error-handling.lock.yml | 2 +- .github/workflows/test-dispatcher.lock.yml | 2 +- .../test-project-url-default.lock.yml | 2 +- .github/workflows/test-workflow.lock.yml | 2 +- .github/workflows/tidy.lock.yml | 2 +- .github/workflows/typist.lock.yml | 2 +- .../workflows/ubuntu-image-analyzer.lock.yml | 2 +- .github/workflows/unbloat-docs.lock.yml | 2 +- .github/workflows/update-astro.lock.yml | 2 +- .github/workflows/video-analyzer.lock.yml | 2 +- .../weekly-blog-post-writer.lock.yml | 2 +- .../weekly-editors-health-check.lock.yml | 2 +- .../workflows/weekly-issue-summary.lock.yml | 2 +- .../weekly-safe-outputs-spec-review.lock.yml | 2 +- .github/workflows/workflow-generator.lock.yml | 2 +- .../workflow-health-manager.lock.yml | 2 +- .../workflows/workflow-normalizer.lock.yml | 2 +- .../workflow-skill-extractor.lock.yml | 2 +- .../setup/js/check_workflow_timestamp_api.cjs | 55 +++++- .../js/check_workflow_timestamp_api.test.cjs | 170 +++++++++++++++++ actions/setup/js/frontmatter_hash_pure.cjs | 40 ++++ .../setup/js/frontmatter_hash_pure.test.cjs | 110 +++++++++++ pkg/workflow/compiler_yaml.go | 58 ++++++ pkg/workflow/compiler_yaml_test.go | 176 ++++++++++++++++++ pkg/workflow/lock_schema.go | 1 + pkg/workflow/lock_schema_test.go | 35 ++++ 187 files changed, 821 insertions(+), 182 deletions(-) diff --git a/.github/workflows/ace-editor.lock.yml b/.github/workflows/ace-editor.lock.yml index 7c80b8ed1df..2f92dd5c36a 100644 --- a/.github/workflows/ace-editor.lock.yml +++ b/.github/workflows/ace-editor.lock.yml @@ -22,7 +22,7 @@ # # Generates an ACE editor session link when invoked with /ace command on pull request comments # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"27465bad2a2328fd5f4ea18e00881a4996ec1ccb258079f63b922025c714470f","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"27465bad2a2328fd5f4ea18e00881a4996ec1ccb258079f63b922025c714470f","compiled_hash":"11907f5e7eede8a7650205c5cf1aa092ac79cd0a34d49545c0748fd6fd399f19","agent_id":"copilot"} name: "ACE Editor Session" "on": diff --git a/.github/workflows/agent-performance-analyzer.lock.yml b/.github/workflows/agent-performance-analyzer.lock.yml index f52e61cf986..7c4f4887042 100644 --- a/.github/workflows/agent-performance-analyzer.lock.yml +++ b/.github/workflows/agent-performance-analyzer.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"78287fe84a612788fa9e2681f317889ce12753d3ada6d1d39ea39bf0ae5fc47b","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"78287fe84a612788fa9e2681f317889ce12753d3ada6d1d39ea39bf0ae5fc47b","compiled_hash":"064a8fe3c1ca9095f6868ae812bbe2c23cfeac8cdf834d958f5277f355818d34","strict":true,"agent_id":"copilot"} name: "Agent Performance Analyzer - Meta-Orchestrator" "on": diff --git a/.github/workflows/agent-persona-explorer.lock.yml b/.github/workflows/agent-persona-explorer.lock.yml index 009387aacdb..b99a39d0dc7 100644 --- a/.github/workflows/agent-persona-explorer.lock.yml +++ b/.github/workflows/agent-persona-explorer.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"df8ee8e4d6ff58de0774bef7fbf88c90b0aab97064e3fe92662c062977bfdb32","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"df8ee8e4d6ff58de0774bef7fbf88c90b0aab97064e3fe92662c062977bfdb32","compiled_hash":"e2d00b1c148ff82f896529164002c405953b25bbc5e2724a372827504fbdf63f","strict":true,"agent_id":"copilot"} name: "Agent Persona Explorer" "on": diff --git a/.github/workflows/agentic-observability-kit.lock.yml b/.github/workflows/agentic-observability-kit.lock.yml index fe389c4875e..366c233b9d1 100644 --- a/.github/workflows/agentic-observability-kit.lock.yml +++ b/.github/workflows/agentic-observability-kit.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b373a12ddb2d6478ce32c3aec14c02e01381f092cfd176469bd76e948695e52f","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b373a12ddb2d6478ce32c3aec14c02e01381f092cfd176469bd76e948695e52f","compiled_hash":"6c689a0238ba6767741323b43955e0e876798f12ad8e643894e8617a83242479","strict":true,"agent_id":"copilot"} name: "Agentic Observability Kit" "on": diff --git a/.github/workflows/ai-moderator.lock.yml b/.github/workflows/ai-moderator.lock.yml index cead4c5549a..d05ebae4012 100644 --- a/.github/workflows/ai-moderator.lock.yml +++ b/.github/workflows/ai-moderator.lock.yml @@ -21,7 +21,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"24097d612ed4ae81b5abe15c49498e86d1950121b61fe31cf393cfeae9051f88","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"24097d612ed4ae81b5abe15c49498e86d1950121b61fe31cf393cfeae9051f88","compiled_hash":"41cde42a423b183258969dd6fe07aeaa3715a45cb1a7f10cb3641f97d3103ffb","strict":true,"agent_id":"codex"} name: "AI Moderator" "on": diff --git a/.github/workflows/archie.lock.yml b/.github/workflows/archie.lock.yml index d9e6abca5e2..a5439f49159 100644 --- a/.github/workflows/archie.lock.yml +++ b/.github/workflows/archie.lock.yml @@ -27,7 +27,7 @@ # - shared/mcp/serena-go.md # - shared/mcp/serena.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6af46128c4298eac4f6604318a343f01923c8bcbd477f9e3b1e0bb6ea8ade2db","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6af46128c4298eac4f6604318a343f01923c8bcbd477f9e3b1e0bb6ea8ade2db","compiled_hash":"5c9c6278eac57c1ae19a78991a66261dea6d8e2e2ee8c7887a2e3dcf823e639e","strict":true,"agent_id":"copilot"} name: "Archie" "on": diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml index eae96eaca6d..a8b70f50e70 100644 --- a/.github/workflows/artifacts-summary.lock.yml +++ b/.github/workflows/artifacts-summary.lock.yml @@ -27,7 +27,7 @@ # - shared/reporting.md # - shared/safe-output-app.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"eaa1f38cf00c496f273056586fc94c3907390cf6918573d826353d68134ed1d1","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"eaa1f38cf00c496f273056586fc94c3907390cf6918573d826353d68134ed1d1","compiled_hash":"6b611bc30829e8f4bbe45f4b25378e3bac314b15f4aa311ebb30cb2f5a94f5aa","strict":true,"agent_id":"copilot"} name: "Artifacts Summary" "on": diff --git a/.github/workflows/audit-workflows.lock.yml b/.github/workflows/audit-workflows.lock.yml index 3a4094e586e..e619d7655fc 100644 --- a/.github/workflows/audit-workflows.lock.yml +++ b/.github/workflows/audit-workflows.lock.yml @@ -30,7 +30,7 @@ # - shared/reporting.md # - shared/trending-charts-simple.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"184d8fc30bc7b23f8d98932c7f1d4d6469fe64f2ce1872c3dc67d37cce513bd2","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"184d8fc30bc7b23f8d98932c7f1d4d6469fe64f2ce1872c3dc67d37cce513bd2","compiled_hash":"1fb0a344b3530f32a6a256158a5b32d689c2dd45b4fe1a8a89c80395ef87198c","strict":true,"agent_id":"claude"} name: "Agentic Workflow Audit Agent" "on": diff --git a/.github/workflows/auto-triage-issues.lock.yml b/.github/workflows/auto-triage-issues.lock.yml index 8589e4f3ead..6d2a76de6c6 100644 --- a/.github/workflows/auto-triage-issues.lock.yml +++ b/.github/workflows/auto-triage-issues.lock.yml @@ -27,7 +27,7 @@ # - shared/github-guard-policy.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"395091b3248ae0bfdd9169fe4e375b45de1a524b5a1c7ac4189864a829171a9e","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"395091b3248ae0bfdd9169fe4e375b45de1a524b5a1c7ac4189864a829171a9e","compiled_hash":"9600bf2d648d1cc3b32643cb44f0a0557469d84a442fd381d015e1f7d7c17a6d","strict":true,"agent_id":"copilot"} name: "Auto-Triage Issues" "on": diff --git a/.github/workflows/blog-auditor.lock.yml b/.github/workflows/blog-auditor.lock.yml index 81d6ee2f6da..484f4ccae42 100644 --- a/.github/workflows/blog-auditor.lock.yml +++ b/.github/workflows/blog-auditor.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"27951079b449233790f02fda054a0e2b5f85e02ed9b005debc91a0c9529c788e","agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"27951079b449233790f02fda054a0e2b5f85e02ed9b005debc91a0c9529c788e","compiled_hash":"b423f22cd55c9a98a171d2ba7ab04280dfdb5e427a5dd07a3f9a51cd9d80b6bf","agent_id":"claude"} name: "Blog Auditor" "on": diff --git a/.github/workflows/bot-detection.lock.yml b/.github/workflows/bot-detection.lock.yml index 211023a97e3..5050889a745 100644 --- a/.github/workflows/bot-detection.lock.yml +++ b/.github/workflows/bot-detection.lock.yml @@ -22,7 +22,7 @@ # # Investigates suspicious repository activity and maintains a single triage issue # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fd48550f1cc134361d5d1824e474b278a25c7d7713560fdb20546fc3c63eaf58","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fd48550f1cc134361d5d1824e474b278a25c7d7713560fdb20546fc3c63eaf58","compiled_hash":"f636da5bc026d3bcb84ad6a024fb379f63c3bb60ee2fbc605f6eed7941fcc798","strict":true,"agent_id":"copilot"} name: "Bot Detection" "on": diff --git a/.github/workflows/brave.lock.yml b/.github/workflows/brave.lock.yml index 05764cdfa8f..95724ab4121 100644 --- a/.github/workflows/brave.lock.yml +++ b/.github/workflows/brave.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/mcp/brave.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b27bdb18dacbcbd2f7d40d0ca89db8dd0efb0f607bddc789f78e6394f596ca9f","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b27bdb18dacbcbd2f7d40d0ca89db8dd0efb0f607bddc789f78e6394f596ca9f","compiled_hash":"3e3e7271b87ae085bd2fff335831bac440236b42ece56b57dfc1a3ad77b4b3ed","strict":true,"agent_id":"copilot"} name: "Brave Web Search Agent" "on": diff --git a/.github/workflows/breaking-change-checker.lock.yml b/.github/workflows/breaking-change-checker.lock.yml index 80da44ef151..ab01f213323 100644 --- a/.github/workflows/breaking-change-checker.lock.yml +++ b/.github/workflows/breaking-change-checker.lock.yml @@ -27,7 +27,7 @@ # - shared/activation-app.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5c78b7dbacfc2b07ac10f20e72d0c68083854323af4295a77582ccb1e300e579","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5c78b7dbacfc2b07ac10f20e72d0c68083854323af4295a77582ccb1e300e579","compiled_hash":"1f7736ca375886c652f6dfa72163bfdb1b25bddcaa3b26ccd59974cddfb8ff75","strict":true,"agent_id":"copilot"} name: "Breaking Change Checker" "on": diff --git a/.github/workflows/changeset.lock.yml b/.github/workflows/changeset.lock.yml index f8563040825..9f6286218e5 100644 --- a/.github/workflows/changeset.lock.yml +++ b/.github/workflows/changeset.lock.yml @@ -27,7 +27,7 @@ # - shared/changeset-format.md # - shared/jqschema.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8c85795f43a59a771922431c18dad77f4ae4f3283e6341507dd876e3122a992a","strict":true,"agent_id":"codex","agent_model":"gpt-5.1-codex-mini"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8c85795f43a59a771922431c18dad77f4ae4f3283e6341507dd876e3122a992a","compiled_hash":"78778a830ba36a7eb7a212c95f628e7deadb83660ecd70c9e1873c976973018e","strict":true,"agent_id":"codex","agent_model":"gpt-5.1-codex-mini"} name: "Changeset Generator" "on": diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index f4ffdd0af0c..b9de5a34dc2 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -29,7 +29,7 @@ # - shared/ci-data-analysis.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7071037ad5532e6ba79c2369ce479dcf001731620fca16aaa20336c250ce6fc9","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7071037ad5532e6ba79c2369ce479dcf001731620fca16aaa20336c250ce6fc9","compiled_hash":"565073108785d8349e182abb102ef522db906d98254752100e6b882b2d89eeb6","strict":true,"agent_id":"copilot"} name: "CI Optimization Coach" "on": diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml index 685115c221e..926af521a40 100644 --- a/.github/workflows/ci-doctor.lock.yml +++ b/.github/workflows/ci-doctor.lock.yml @@ -24,7 +24,7 @@ # # Source: githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c04ef6b8efbe17ec36dbc44234bb63a6414d6d81cee238faf15a2121a7c91d60","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c04ef6b8efbe17ec36dbc44234bb63a6414d6d81cee238faf15a2121a7c91d60","compiled_hash":"025f1443cec5399b94feb9ce13333080463b2b456a7f198fcd0723a6dad080dc","strict":true,"agent_id":"codex"} name: "CI Failure Doctor" "on": diff --git a/.github/workflows/claude-code-user-docs-review.lock.yml b/.github/workflows/claude-code-user-docs-review.lock.yml index d313592e3b9..0caed0ccbac 100644 --- a/.github/workflows/claude-code-user-docs-review.lock.yml +++ b/.github/workflows/claude-code-user-docs-review.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9c3fb936860c8bb48701759f789c33c501d3cf114cc983841e270c80a60f190d","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9c3fb936860c8bb48701759f789c33c501d3cf114cc983841e270c80a60f190d","compiled_hash":"269cff73f0410b3ffed06389bb11a2990369c3f11e9af3037d3bf1096b054400","strict":true,"agent_id":"claude"} name: "Claude Code User Documentation Review" "on": diff --git a/.github/workflows/cli-consistency-checker.lock.yml b/.github/workflows/cli-consistency-checker.lock.yml index 1131674e808..1047af3b47e 100644 --- a/.github/workflows/cli-consistency-checker.lock.yml +++ b/.github/workflows/cli-consistency-checker.lock.yml @@ -22,7 +22,7 @@ # # Inspects the gh-aw CLI to identify inconsistencies, typos, bugs, or documentation gaps by running commands and analyzing output # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"38cbd0bad1bb4196f0b3b2b2f6512214c6986f1f0615191a9dd4aa8be3f07b52","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"38cbd0bad1bb4196f0b3b2b2f6512214c6986f1f0615191a9dd4aa8be3f07b52","compiled_hash":"699658ea3f88e651125540bce1c84b26153d6533b99f5167746d5ff392d8d3bc","agent_id":"copilot"} name: "CLI Consistency Checker" "on": diff --git a/.github/workflows/cli-version-checker.lock.yml b/.github/workflows/cli-version-checker.lock.yml index 0384b5f81b8..2e97a281afc 100644 --- a/.github/workflows/cli-version-checker.lock.yml +++ b/.github/workflows/cli-version-checker.lock.yml @@ -27,7 +27,7 @@ # - shared/jqschema.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f1edaf6fb88a3f4f73256faa6a1c60181f239cbc5e01436d07f90b282d6bff79","agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f1edaf6fb88a3f4f73256faa6a1c60181f239cbc5e01436d07f90b282d6bff79","compiled_hash":"3a2d36dac042701eb595b578e79aec4a917b30b8bbfb2dbfb6aeb87bad29cdb6","agent_id":"claude"} name: "CLI Version Checker" "on": diff --git a/.github/workflows/cloclo.lock.yml b/.github/workflows/cloclo.lock.yml index 59114a3c0b4..972139d700b 100644 --- a/.github/workflows/cloclo.lock.yml +++ b/.github/workflows/cloclo.lock.yml @@ -27,7 +27,7 @@ # - shared/mcp/serena-go.md # - shared/mcp/serena.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a3cb501aeb4d18b51f0d60dd1aa981b00209979945246d3a177ad46f78dd8f90","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a3cb501aeb4d18b51f0d60dd1aa981b00209979945246d3a177ad46f78dd8f90","compiled_hash":"3a9e75568271cdd933bbb402078e2be65909b18be3cdde4c68886fed561dea4b","strict":true,"agent_id":"claude"} name: "/cloclo" "on": diff --git a/.github/workflows/code-scanning-fixer.lock.yml b/.github/workflows/code-scanning-fixer.lock.yml index 30ffc2acc2e..701443ca8a7 100644 --- a/.github/workflows/code-scanning-fixer.lock.yml +++ b/.github/workflows/code-scanning-fixer.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/activation-app.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7cd994a53cc8354f98bb296436e9f2839d7431c52e5bd254a5b4003c1c61bf85","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7cd994a53cc8354f98bb296436e9f2839d7431c52e5bd254a5b4003c1c61bf85","compiled_hash":"b063164a638a75b6a05262ccf7f2c42fc5700761c4c766c6f9b119db6d2d6669","strict":true,"agent_id":"copilot"} name: "Code Scanning Fixer" "on": diff --git a/.github/workflows/code-simplifier.lock.yml b/.github/workflows/code-simplifier.lock.yml index b6d7915d15e..0f8c2693050 100644 --- a/.github/workflows/code-simplifier.lock.yml +++ b/.github/workflows/code-simplifier.lock.yml @@ -27,7 +27,7 @@ # - shared/activation-app.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"beabc3a4f65883ff74f93fde85a541b24c5e31db2f5390f2c4d69d5460f0c7ae","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"beabc3a4f65883ff74f93fde85a541b24c5e31db2f5390f2c4d69d5460f0c7ae","compiled_hash":"dcf579fc0e8fb1d9dfbbd430b7f1dababa2e1abe684794b59fdc5e7a5458cb34","strict":true,"agent_id":"copilot"} name: "Code Simplifier" "on": diff --git a/.github/workflows/codex-github-remote-mcp-test.lock.yml b/.github/workflows/codex-github-remote-mcp-test.lock.yml index 7c216fc3e45..cc23dc38f2e 100644 --- a/.github/workflows/codex-github-remote-mcp-test.lock.yml +++ b/.github/workflows/codex-github-remote-mcp-test.lock.yml @@ -22,7 +22,7 @@ # # Test Codex engine with GitHub remote MCP server # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5ab6849e01b879f9ef5b024355eb7f903b410418619f128c6a71bbe826a24fd1","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5ab6849e01b879f9ef5b024355eb7f903b410418619f128c6a71bbe826a24fd1","compiled_hash":"8f735023e31e97b209a817a73f57b19609d1c46760312f481f89447c8d047bd0","strict":true,"agent_id":"codex"} name: "Codex GitHub Remote MCP Test" "on": diff --git a/.github/workflows/commit-changes-analyzer.lock.yml b/.github/workflows/commit-changes-analyzer.lock.yml index da7a498ab72..7f2b8e2fd62 100644 --- a/.github/workflows/commit-changes-analyzer.lock.yml +++ b/.github/workflows/commit-changes-analyzer.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4a29095b6ca7c901495d8242d934dc97c34547f19593886381bd2baa41502596","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4a29095b6ca7c901495d8242d934dc97c34547f19593886381bd2baa41502596","compiled_hash":"615131ce85eccd9548b6861bf33bb80022262056a95964cfa5e0c3466812305e","strict":true,"agent_id":"claude"} name: "Commit Changes Analyzer" "on": diff --git a/.github/workflows/constraint-solving-potd.lock.yml b/.github/workflows/constraint-solving-potd.lock.yml index e68cd91c96f..70b750ed132 100644 --- a/.github/workflows/constraint-solving-potd.lock.yml +++ b/.github/workflows/constraint-solving-potd.lock.yml @@ -21,7 +21,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b614d2b177f891f2474ec04ef2dadf47a16142bc2933d8a36a8e165870fae677","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b614d2b177f891f2474ec04ef2dadf47a16142bc2933d8a36a8e165870fae677","compiled_hash":"85c5fd3eaec0ba571d7cd450b81514304fed26c45da313fbedf0c52537131ed7","strict":true,"agent_id":"copilot"} name: "Constraint Solving — Problem of the Day" "on": diff --git a/.github/workflows/contribution-check.lock.yml b/.github/workflows/contribution-check.lock.yml index 25f52254e18..bcf6f152456 100644 --- a/.github/workflows/contribution-check.lock.yml +++ b/.github/workflows/contribution-check.lock.yml @@ -21,7 +21,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c6a3f4c1233714c024d91fc9b1c524d86770132bae2044a11ce34b31aeaaa870","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c6a3f4c1233714c024d91fc9b1c524d86770132bae2044a11ce34b31aeaaa870","compiled_hash":"2be470debcd7efd3c0de1f02751b24de73d3f0b6d6f634ef9163a3c3569b6431","strict":true,"agent_id":"copilot"} name: "Contribution Check" "on": diff --git a/.github/workflows/copilot-agent-analysis.lock.yml b/.github/workflows/copilot-agent-analysis.lock.yml index db9f8393162..dd1a2d8e6fa 100644 --- a/.github/workflows/copilot-agent-analysis.lock.yml +++ b/.github/workflows/copilot-agent-analysis.lock.yml @@ -31,7 +31,7 @@ # - shared/reporting.md # - shared/copilot-pr-analysis-base.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"516b41602c0ef159ef589bb5951483aad785ae3a84262cb7316c0999d87d5ee5","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"516b41602c0ef159ef589bb5951483aad785ae3a84262cb7316c0999d87d5ee5","compiled_hash":"821afbe55b0aca04d084981f26cbdf787c64a667a4aa670117cc92066dbac078","strict":true,"agent_id":"claude"} name: "Copilot Agent PR Analysis" "on": diff --git a/.github/workflows/copilot-cli-deep-research.lock.yml b/.github/workflows/copilot-cli-deep-research.lock.yml index 2530e476678..483a28678d4 100644 --- a/.github/workflows/copilot-cli-deep-research.lock.yml +++ b/.github/workflows/copilot-cli-deep-research.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c81c971ba20815fcbef5154f00f789ca3105d6cc7bdef95f60c13260289abbf2","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c81c971ba20815fcbef5154f00f789ca3105d6cc7bdef95f60c13260289abbf2","compiled_hash":"2cea48dc091aa5926835abf262f383a1abf0a114872a2cd67a94e7010a241d7d","strict":true,"agent_id":"copilot"} name: "Copilot CLI Deep Research Agent" "on": diff --git a/.github/workflows/copilot-pr-merged-report.lock.yml b/.github/workflows/copilot-pr-merged-report.lock.yml index a2d6f79a58c..214e09ebbce 100644 --- a/.github/workflows/copilot-pr-merged-report.lock.yml +++ b/.github/workflows/copilot-pr-merged-report.lock.yml @@ -31,7 +31,7 @@ # - shared/reporting.md # - shared/copilot-pr-analysis-base.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"75f825fd2068d558449e2b05450d7a6410d7f0d74817065330e715e36e0fcbbc","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"75f825fd2068d558449e2b05450d7a6410d7f0d74817065330e715e36e0fcbbc","compiled_hash":"753c785627b7a5ab41274748d063d09c5ea3308b1e933cd5ec63fab455275019","agent_id":"copilot"} name: "Daily Copilot PR Merged Report" "on": diff --git a/.github/workflows/copilot-pr-nlp-analysis.lock.yml b/.github/workflows/copilot-pr-nlp-analysis.lock.yml index 49299e20b97..1a3a2b86207 100644 --- a/.github/workflows/copilot-pr-nlp-analysis.lock.yml +++ b/.github/workflows/copilot-pr-nlp-analysis.lock.yml @@ -33,7 +33,7 @@ # - shared/reporting.md # - shared/copilot-pr-analysis-base.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ab224383b55d511a04b35f261e1bcfe5c738ac0236c5bcebbb8d9183e650a233","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ab224383b55d511a04b35f261e1bcfe5c738ac0236c5bcebbb8d9183e650a233","compiled_hash":"8dc163ea3218360d99c83b84c6cfc040717941c4c557a0b9864dd00a40b37259","strict":true,"agent_id":"copilot"} name: "Copilot PR Conversation NLP Analysis" "on": diff --git a/.github/workflows/copilot-pr-prompt-analysis.lock.yml b/.github/workflows/copilot-pr-prompt-analysis.lock.yml index 10ec470d81a..2c79e7864fe 100644 --- a/.github/workflows/copilot-pr-prompt-analysis.lock.yml +++ b/.github/workflows/copilot-pr-prompt-analysis.lock.yml @@ -31,7 +31,7 @@ # - shared/reporting.md # - shared/copilot-pr-analysis-base.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1dca46511393aed425b6af49cdf2d52922d4a19e5994aa2e2d1eea8c6547b0dd","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1dca46511393aed425b6af49cdf2d52922d4a19e5994aa2e2d1eea8c6547b0dd","compiled_hash":"616244806b8434a26119830c9acbf91832557ff6a8aee284267a5bf49251238e","strict":true,"agent_id":"copilot"} name: "Copilot PR Prompt Pattern Analysis" "on": diff --git a/.github/workflows/copilot-session-insights.lock.yml b/.github/workflows/copilot-session-insights.lock.yml index d1ac18c168a..012476b914b 100644 --- a/.github/workflows/copilot-session-insights.lock.yml +++ b/.github/workflows/copilot-session-insights.lock.yml @@ -33,7 +33,7 @@ # - shared/session-analysis-charts.md # - shared/session-analysis-strategies.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"0666485352daa9af36a20e72735d662cc8c9ae8f7d0ede5ea33fc6df920980bd","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"0666485352daa9af36a20e72735d662cc8c9ae8f7d0ede5ea33fc6df920980bd","compiled_hash":"e68909f1e1d4cf3e30d048b721512de5b299c98d51b06155b7c1f8c9c91f1359","strict":true,"agent_id":"claude"} name: "Copilot Session Insights" "on": diff --git a/.github/workflows/craft.lock.yml b/.github/workflows/craft.lock.yml index 0e21b9bbe7b..6310abe11ec 100644 --- a/.github/workflows/craft.lock.yml +++ b/.github/workflows/craft.lock.yml @@ -22,7 +22,7 @@ # # Generates new agentic workflow markdown files based on user requests when invoked with /craft command # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ec234868e45fe0e4849c2b73f9ef1181d4d0e9072b1f6beaef8b2d7d403860f4","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ec234868e45fe0e4849c2b73f9ef1181d4d0e9072b1f6beaef8b2d7d403860f4","compiled_hash":"f1bcb96eb7ddcbb194cd16e4e40c611b52e2719c9443158f4e9fe4fa88d99239","strict":true,"agent_id":"copilot"} name: "Workflow Craft Agent" "on": diff --git a/.github/workflows/daily-architecture-diagram.lock.yml b/.github/workflows/daily-architecture-diagram.lock.yml index a042155a2cd..0cebc51437d 100644 --- a/.github/workflows/daily-architecture-diagram.lock.yml +++ b/.github/workflows/daily-architecture-diagram.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"db8377f8aaa3807c3407119f90efcf4de03dcbc550843b2d5c91bec1902f0545","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"db8377f8aaa3807c3407119f90efcf4de03dcbc550843b2d5c91bec1902f0545","compiled_hash":"4e574c7529a0bc13f5ff376401cc65040ab7379f9a02425779b30d796c5db329","strict":true,"agent_id":"copilot"} name: "Architecture Diagram Generator" "on": diff --git a/.github/workflows/daily-assign-issue-to-user.lock.yml b/.github/workflows/daily-assign-issue-to-user.lock.yml index 7ec4915aa52..aad680636f1 100644 --- a/.github/workflows/daily-assign-issue-to-user.lock.yml +++ b/.github/workflows/daily-assign-issue-to-user.lock.yml @@ -21,7 +21,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"43fc2ec5935f4044529bec2ad354af59f9e74913f3c5b920c0df10ab206b96c9","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"43fc2ec5935f4044529bec2ad354af59f9e74913f3c5b920c0df10ab206b96c9","compiled_hash":"83d8b840887642420ac2046a0fb9fed04fa02fa4411be53ac09339879fca5e6a","strict":true,"agent_id":"copilot"} name: "Auto-Assign Issue" "on": diff --git a/.github/workflows/daily-choice-test.lock.yml b/.github/workflows/daily-choice-test.lock.yml index 4e35c2c845f..fe593c8ba32 100644 --- a/.github/workflows/daily-choice-test.lock.yml +++ b/.github/workflows/daily-choice-test.lock.yml @@ -22,7 +22,7 @@ # # Daily test workflow using Claude with custom safe-output job containing choice inputs # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7107b3d0b634a0772bdf5228815dcfd34346bce34cc31c7e5076464c5e29070c","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7107b3d0b634a0772bdf5228815dcfd34346bce34cc31c7e5076464c5e29070c","compiled_hash":"6f2d5ab3d755a06dc5df073b3cb23ccc297009d334553d8be785c16cbda3df3f","strict":true,"agent_id":"claude"} name: "Daily Choice Type Test" "on": diff --git a/.github/workflows/daily-cli-performance.lock.yml b/.github/workflows/daily-cli-performance.lock.yml index 02b27921b34..39f109d22b6 100644 --- a/.github/workflows/daily-cli-performance.lock.yml +++ b/.github/workflows/daily-cli-performance.lock.yml @@ -27,7 +27,7 @@ # - shared/go-make.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3feebaa45781ef8c51d8580de0df4919ec85f5cea1fa63fc089455cf1668de3e","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3feebaa45781ef8c51d8580de0df4919ec85f5cea1fa63fc089455cf1668de3e","compiled_hash":"7c27ece50b67a41a50e3d103dff7be566403b946ce9a4fd77f690dde1200ee82","strict":true,"agent_id":"copilot"} name: "Daily CLI Performance Agent" "on": diff --git a/.github/workflows/daily-cli-tools-tester.lock.yml b/.github/workflows/daily-cli-tools-tester.lock.yml index 42621a096cb..fbec77c017f 100644 --- a/.github/workflows/daily-cli-tools-tester.lock.yml +++ b/.github/workflows/daily-cli-tools-tester.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b9a8666bdce8efad76dc16f0410edce4380322e346d19a697bcb9a2695b93e26","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b9a8666bdce8efad76dc16f0410edce4380322e346d19a697bcb9a2695b93e26","compiled_hash":"6e46ec16a8114d48b627acadb397a190cffe314a876e161160e472ada83e44dc","strict":true,"agent_id":"copilot"} name: "Daily CLI Tools Exploratory Tester" "on": diff --git a/.github/workflows/daily-code-metrics.lock.yml b/.github/workflows/daily-code-metrics.lock.yml index bd5c76487dd..8fb46f3d0ca 100644 --- a/.github/workflows/daily-code-metrics.lock.yml +++ b/.github/workflows/daily-code-metrics.lock.yml @@ -29,7 +29,7 @@ # - shared/reporting.md # - shared/trends.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"384636c532c28dc936a721a7008bae578186429dc1e0db8e123a1be0d560e64f","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"384636c532c28dc936a721a7008bae578186429dc1e0db8e123a1be0d560e64f","compiled_hash":"8355025a5e762af5d42f655020b3e2896e233779aacea1bd40c1939313c993cd","strict":true,"agent_id":"claude"} name: "Daily Code Metrics and Trend Tracking Agent" "on": diff --git a/.github/workflows/daily-community-attribution.lock.yml b/.github/workflows/daily-community-attribution.lock.yml index 25b5b04dfe0..5a95aa94d29 100644 --- a/.github/workflows/daily-community-attribution.lock.yml +++ b/.github/workflows/daily-community-attribution.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/community-attribution.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2e37f734fc14d80c9ec89e70f43f99924d7475aaedc34b4b35478b9b2e25dce9","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2e37f734fc14d80c9ec89e70f43f99924d7475aaedc34b4b35478b9b2e25dce9","compiled_hash":"bced797c92e6250a8b4e89610daebe40527d07b8a9256aefadb2aa76619ec08a","strict":true,"agent_id":"copilot"} name: "Daily Community Attribution Updater" "on": diff --git a/.github/workflows/daily-compiler-quality.lock.yml b/.github/workflows/daily-compiler-quality.lock.yml index c90e9ad7687..3d9257e11ff 100644 --- a/.github/workflows/daily-compiler-quality.lock.yml +++ b/.github/workflows/daily-compiler-quality.lock.yml @@ -30,7 +30,7 @@ # - shared/reporting.md # - shared/go-source-analysis.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f1013f9cd39ab9898ff4026d0550b9c3ee5fb9c3135f7deeeb9b14a412579e8a","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f1013f9cd39ab9898ff4026d0550b9c3ee5fb9c3135f7deeeb9b14a412579e8a","compiled_hash":"75a81bf01ce58e4d122b1199488030fe13324c1bd13f81b11cc0f1d2e0bd5096","strict":true,"agent_id":"copilot"} name: "Daily Compiler Quality Check" "on": diff --git a/.github/workflows/daily-copilot-token-report.lock.yml b/.github/workflows/daily-copilot-token-report.lock.yml index 7cd3e73268a..79660cd9ac1 100644 --- a/.github/workflows/daily-copilot-token-report.lock.yml +++ b/.github/workflows/daily-copilot-token-report.lock.yml @@ -30,7 +30,7 @@ # - shared/repo-memory-standard.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"672d54e290b52292a8ef6f4aaa48d273d4e8b8f64d1605917e803d7a7f77eca0","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"672d54e290b52292a8ef6f4aaa48d273d4e8b8f64d1605917e803d7a7f77eca0","compiled_hash":"a0bd805763e1fc39faa08f3233dd0833700fdce82912a93678f6ad7cd63301fb","strict":true,"agent_id":"copilot"} name: "Daily Copilot Token Consumption Report" "on": diff --git a/.github/workflows/daily-doc-healer.lock.yml b/.github/workflows/daily-doc-healer.lock.yml index 502ecc82b69..5a8a53ea849 100644 --- a/.github/workflows/daily-doc-healer.lock.yml +++ b/.github/workflows/daily-doc-healer.lock.yml @@ -27,7 +27,7 @@ # - shared/qmd.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"21c1d84ca395bb35e23c479bfddfd547a485a544aeac3e0360a35f232fc0558c","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"21c1d84ca395bb35e23c479bfddfd547a485a544aeac3e0360a35f232fc0558c","compiled_hash":"e93e96952c6e93e5763d71a47166b1720b02d1fa6cc287e3aec767569c36cbe7","strict":true,"agent_id":"claude"} name: "Daily Documentation Healer" "on": diff --git a/.github/workflows/daily-doc-updater.lock.yml b/.github/workflows/daily-doc-updater.lock.yml index b0b6ae45b35..92d098cef43 100644 --- a/.github/workflows/daily-doc-updater.lock.yml +++ b/.github/workflows/daily-doc-updater.lock.yml @@ -27,7 +27,7 @@ # - shared/github-guard-policy.md # - shared/qmd.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a1465d78a4e7a8e46cce85e9bd2a709b7ef2b3284fcc4d8053b65930f3ce53ba","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a1465d78a4e7a8e46cce85e9bd2a709b7ef2b3284fcc4d8053b65930f3ce53ba","compiled_hash":"fe5bdd887e5672956d202d9093be0543355484b8132b8da05c4a2393344be110","strict":true,"agent_id":"claude"} name: "Daily Documentation Updater" "on": diff --git a/.github/workflows/daily-fact.lock.yml b/.github/workflows/daily-fact.lock.yml index ae8efe8ed72..9c39412b941 100644 --- a/.github/workflows/daily-fact.lock.yml +++ b/.github/workflows/daily-fact.lock.yml @@ -24,7 +24,7 @@ # # inlined-imports: true # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3d4e62475092c82ef350ccf894064b12180a0e173ee1fa7bacb97edb5f269477","strict":true,"agent_id":"codex","agent_model":"gpt-5.1-codex-mini"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3d4e62475092c82ef350ccf894064b12180a0e173ee1fa7bacb97edb5f269477","compiled_hash":"9a736732484875ac8c8c2e1c04414323a59935b86795d6e826d54de5c4f33587","strict":true,"agent_id":"codex","agent_model":"gpt-5.1-codex-mini"} name: "Daily Fact About gh-aw" "on": diff --git a/.github/workflows/daily-file-diet.lock.yml b/.github/workflows/daily-file-diet.lock.yml index 0a7dd0a52b8..e276623762d 100644 --- a/.github/workflows/daily-file-diet.lock.yml +++ b/.github/workflows/daily-file-diet.lock.yml @@ -31,7 +31,7 @@ # - shared/go-source-analysis.md # - shared/safe-output-app.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4b1029f0d52420428bfbf594363bf7f5dfc74f064f37b716c6df07a88fe9d2a8","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4b1029f0d52420428bfbf594363bf7f5dfc74f064f37b716c6df07a88fe9d2a8","compiled_hash":"be69b0125b8c5a274909c80f62a0e07a5c5883cdbe3a195c71163596ddb8c1b6","strict":true,"agent_id":"copilot"} name: "Daily File Diet" "on": diff --git a/.github/workflows/daily-firewall-report.lock.yml b/.github/workflows/daily-firewall-report.lock.yml index 9ccffe10d61..be7dd96e078 100644 --- a/.github/workflows/daily-firewall-report.lock.yml +++ b/.github/workflows/daily-firewall-report.lock.yml @@ -28,7 +28,7 @@ # - shared/reporting.md # - shared/trending-charts-simple.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fbf8811b0003d92828ee4d707868f5709839c7d3b6a7bdb1013586afde9a23a0","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fbf8811b0003d92828ee4d707868f5709839c7d3b6a7bdb1013586afde9a23a0","compiled_hash":"8c80d5b74660941a43b87334a781f27ca9acac7a7496141d0504c7cece6d8ca9","strict":true,"agent_id":"copilot"} name: "Daily Firewall Logs Collector and Reporter" "on": diff --git a/.github/workflows/daily-function-namer.lock.yml b/.github/workflows/daily-function-namer.lock.yml index 2910ca05d47..9da6d5e0fc9 100644 --- a/.github/workflows/daily-function-namer.lock.yml +++ b/.github/workflows/daily-function-namer.lock.yml @@ -28,7 +28,7 @@ # - shared/mcp/serena.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c2f9e23d46f1dfde09d59a77b02f81f89fdb07589210ae0f4944539ad2998f3b","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c2f9e23d46f1dfde09d59a77b02f81f89fdb07589210ae0f4944539ad2998f3b","compiled_hash":"0069ebaea7999d19aa9bb9ad23e43cf6de9174ad3f0018cab1b407692d04ecf7","strict":true,"agent_id":"claude"} name: "Daily Go Function Namer" "on": diff --git a/.github/workflows/daily-integrity-analysis.lock.yml b/.github/workflows/daily-integrity-analysis.lock.yml index b4b094ffbe9..19651776c20 100644 --- a/.github/workflows/daily-integrity-analysis.lock.yml +++ b/.github/workflows/daily-integrity-analysis.lock.yml @@ -28,7 +28,7 @@ # - shared/python-dataviz.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b5c6add452b389f977d423ae899ddebffc8cd45906a51ef9f5053fe4583a6c37","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b5c6add452b389f977d423ae899ddebffc8cd45906a51ef9f5053fe4583a6c37","compiled_hash":"a3a1c258c17c4372c6b8ef6f51d85594816071f996b81e091647600233a6f86d","strict":true,"agent_id":"copilot"} name: "Daily DIFC Integrity-Filtered Events Analyzer" "on": diff --git a/.github/workflows/daily-issues-report.lock.yml b/.github/workflows/daily-issues-report.lock.yml index 25c7cc4abf4..2d1bbba273c 100644 --- a/.github/workflows/daily-issues-report.lock.yml +++ b/.github/workflows/daily-issues-report.lock.yml @@ -33,7 +33,7 @@ # - shared/reporting.md # - shared/trends.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b6b3608f03cb4a4699aaa9f4b357d9429b712addd4d8a75e8e78721654be5f0a","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b6b3608f03cb4a4699aaa9f4b357d9429b712addd4d8a75e8e78721654be5f0a","compiled_hash":"f1e5b944a71678824abe88765eeac17a63728ef6e03df889fbadaa9e108a5b58","strict":true,"agent_id":"codex"} name: "Daily Issues Report Generator" "on": diff --git a/.github/workflows/daily-malicious-code-scan.lock.yml b/.github/workflows/daily-malicious-code-scan.lock.yml index 39cb55ad0e4..b9e6cd233cf 100644 --- a/.github/workflows/daily-malicious-code-scan.lock.yml +++ b/.github/workflows/daily-malicious-code-scan.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"56700867131a6ee6860f7cbb916c96782b4c656bfe5342b4be473da1c3eb0c82","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"56700867131a6ee6860f7cbb916c96782b4c656bfe5342b4be473da1c3eb0c82","compiled_hash":"f710b4f62ff6dd1d0cd42d1a1511ef2e6f103ee2b210b59a966c1a6529f659ca","strict":true,"agent_id":"copilot"} name: "Daily Malicious Code Scan Agent" "on": diff --git a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml index 4ebe522055f..560c642230a 100644 --- a/.github/workflows/daily-mcp-concurrency-analysis.lock.yml +++ b/.github/workflows/daily-mcp-concurrency-analysis.lock.yml @@ -28,7 +28,7 @@ # - shared/reporting.md # - shared/safe-output-app.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d51b8d96d9850921797379025c171ffa822c629cf8ba79ce11a02b7f334b5706","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d51b8d96d9850921797379025c171ffa822c629cf8ba79ce11a02b7f334b5706","compiled_hash":"a6df1d7eef978451c1cec09d8f034f84759983deaedb1da04bd3490cd66098dd","strict":true,"agent_id":"copilot"} name: "Daily MCP Tool Concurrency Analysis" "on": diff --git a/.github/workflows/daily-multi-device-docs-tester.lock.yml b/.github/workflows/daily-multi-device-docs-tester.lock.yml index 87940353b32..3eb47ed0d8f 100644 --- a/.github/workflows/daily-multi-device-docs-tester.lock.yml +++ b/.github/workflows/daily-multi-device-docs-tester.lock.yml @@ -27,7 +27,7 @@ # - shared/docs-server-lifecycle.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"781c6a76f8e391ab449b872481a401a030ffa0beceb30f1d12587bf1eddda910","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"781c6a76f8e391ab449b872481a401a030ffa0beceb30f1d12587bf1eddda910","compiled_hash":"30425390d0f2664ef8700e23f335435215ff63e92c57d712d18cd764e9b31750","strict":true,"agent_id":"claude"} name: "Multi-Device Docs Tester" "on": diff --git a/.github/workflows/daily-news.lock.yml b/.github/workflows/daily-news.lock.yml index 1ded02d3c20..c572703c607 100644 --- a/.github/workflows/daily-news.lock.yml +++ b/.github/workflows/daily-news.lock.yml @@ -31,7 +31,7 @@ # - shared/reporting.md # - shared/trends.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"96c47b5ecdaf6a037582ec45e436b45fc1325a4cfb897d7f5179f94703782a0a","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"96c47b5ecdaf6a037582ec45e436b45fc1325a4cfb897d7f5179f94703782a0a","compiled_hash":"4f329c4bffb270953fbcb8e4ba5ca0fa0956fac8e6bdb08f831db5ed7b2b9f9d","strict":true,"agent_id":"copilot"} name: "Daily News" "on": diff --git a/.github/workflows/daily-observability-report.lock.yml b/.github/workflows/daily-observability-report.lock.yml index 1caa224e50a..3ee33ec4dce 100644 --- a/.github/workflows/daily-observability-report.lock.yml +++ b/.github/workflows/daily-observability-report.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ea41afa4b696c3c5cc10c82b34fc5f00eb694954b3a13f0c7d9faba77d06a8b9","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ea41afa4b696c3c5cc10c82b34fc5f00eb694954b3a13f0c7d9faba77d06a8b9","compiled_hash":"7221e484bf9b152adc785f503e9e837c3a58b26b6309410d3adc97b190c96232","strict":true,"agent_id":"codex"} name: "Daily Observability Report for AWF Firewall and MCP Gateway" "on": diff --git a/.github/workflows/daily-performance-summary.lock.yml b/.github/workflows/daily-performance-summary.lock.yml index a4198fba7f5..285bf1a99e4 100644 --- a/.github/workflows/daily-performance-summary.lock.yml +++ b/.github/workflows/daily-performance-summary.lock.yml @@ -29,7 +29,7 @@ # - shared/reporting.md # - shared/trending-charts-simple.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a621794eec4ea444a2232ea160e2f62f02cddd353c45e083ca83a7d2aa62d4ed","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a621794eec4ea444a2232ea160e2f62f02cddd353c45e083ca83a7d2aa62d4ed","compiled_hash":"1d272bb1a17838e191e3254682f8612a945cb2e919fca15fe8da2d645c3bf3fc","strict":true,"agent_id":"copilot"} name: "Daily Project Performance Summary Generator (Using MCP Scripts)" "on": diff --git a/.github/workflows/daily-regulatory.lock.yml b/.github/workflows/daily-regulatory.lock.yml index a1f218f4648..95f97d19f37 100644 --- a/.github/workflows/daily-regulatory.lock.yml +++ b/.github/workflows/daily-regulatory.lock.yml @@ -28,7 +28,7 @@ # - shared/github-queries-mcp-script.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"91ca236109ec8ec97462f8dfe7c174b40a308597b624242a73ba33dac2920336","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"91ca236109ec8ec97462f8dfe7c174b40a308597b624242a73ba33dac2920336","compiled_hash":"6300b705739ebafe120a43d51668520b848b174fb9638ce8dcdfb20f51986fbf","strict":true,"agent_id":"copilot"} name: "Daily Regulatory Report Generator" "on": diff --git a/.github/workflows/daily-rendering-scripts-verifier.lock.yml b/.github/workflows/daily-rendering-scripts-verifier.lock.yml index f2d69feec90..55c705f69fb 100644 --- a/.github/workflows/daily-rendering-scripts-verifier.lock.yml +++ b/.github/workflows/daily-rendering-scripts-verifier.lock.yml @@ -27,7 +27,7 @@ # - shared/activation-app.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e83213cb560f5219f2e59efc98dffe9b3dbee56b617882e1948b04ba4a2f5690","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e83213cb560f5219f2e59efc98dffe9b3dbee56b617882e1948b04ba4a2f5690","compiled_hash":"58adbd650df59a1855f5e702319e5a02fb511b2e36a6e624974f0dc740311359","strict":true,"agent_id":"claude"} name: "Daily Rendering Scripts Verifier" "on": diff --git a/.github/workflows/daily-repo-chronicle.lock.yml b/.github/workflows/daily-repo-chronicle.lock.yml index 1a7efcffbb5..caea0dbdac6 100644 --- a/.github/workflows/daily-repo-chronicle.lock.yml +++ b/.github/workflows/daily-repo-chronicle.lock.yml @@ -28,7 +28,7 @@ # - shared/reporting.md # - shared/trends.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7a4cb9e21443c71747cd86a5fb431f6b20a9cb3196faabd9512daaff8691e9c7","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7a4cb9e21443c71747cd86a5fb431f6b20a9cb3196faabd9512daaff8691e9c7","compiled_hash":"9494867b9a7b8ec86f139b86e5987b99b1710fb950ba102fafd5e2fb1e231b10","strict":true,"agent_id":"copilot"} name: "The Daily Repository Chronicle" "on": diff --git a/.github/workflows/daily-safe-output-integrator.lock.yml b/.github/workflows/daily-safe-output-integrator.lock.yml index 96a996412ba..7388276e9ef 100644 --- a/.github/workflows/daily-safe-output-integrator.lock.yml +++ b/.github/workflows/daily-safe-output-integrator.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e660fcd7bf3e697c17a0b2bf6e56096e9a2f2d931146e9e0291031fba72bf841","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e660fcd7bf3e697c17a0b2bf6e56096e9a2f2d931146e9e0291031fba72bf841","compiled_hash":"8d5d4dd614e3bc1bc13f02db32f7dda1eade3bc4a3e9d6f3a9763442ec5e5d79","strict":true,"agent_id":"copilot"} name: "Daily Safe Output Integrator" "on": diff --git a/.github/workflows/daily-safe-output-optimizer.lock.yml b/.github/workflows/daily-safe-output-optimizer.lock.yml index e46cde170b1..da4c656627e 100644 --- a/.github/workflows/daily-safe-output-optimizer.lock.yml +++ b/.github/workflows/daily-safe-output-optimizer.lock.yml @@ -29,7 +29,7 @@ # - shared/jqschema.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"bc15e125f7a0917d9dfbff47345821409216d8fe1f9c1bd55a3a19c2b285ca69","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"bc15e125f7a0917d9dfbff47345821409216d8fe1f9c1bd55a3a19c2b285ca69","compiled_hash":"0ebbb7f90a8e77cc2f97e968ba9139f7c4e0353c52778419a406a4630a07d77d","strict":true,"agent_id":"claude"} name: "Daily Safe Output Tool Optimizer" "on": diff --git a/.github/workflows/daily-safe-outputs-conformance.lock.yml b/.github/workflows/daily-safe-outputs-conformance.lock.yml index 7d36bb5a9f0..aee9c7ccd85 100644 --- a/.github/workflows/daily-safe-outputs-conformance.lock.yml +++ b/.github/workflows/daily-safe-outputs-conformance.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"21aed5a790b18a69e43b11e8b77c34a541af72fe195f21731240765cc3554c83","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"21aed5a790b18a69e43b11e8b77c34a541af72fe195f21731240765cc3554c83","compiled_hash":"98487eb7c4a3af0125e8efa9c9d2ee3e6244b4a2c64ca22eb2f2dea4eb05e60b","strict":true,"agent_id":"claude"} name: "Daily Safe Outputs Conformance Checker" "on": diff --git a/.github/workflows/daily-secrets-analysis.lock.yml b/.github/workflows/daily-secrets-analysis.lock.yml index 8379fb87601..128f9010155 100644 --- a/.github/workflows/daily-secrets-analysis.lock.yml +++ b/.github/workflows/daily-secrets-analysis.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7aebadaac11daf98f64b879188cde14055833b2307475117db148aad38bf4bd3","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7aebadaac11daf98f64b879188cde14055833b2307475117db148aad38bf4bd3","compiled_hash":"c81a694086794dd02d2d4f5657f9981a28069bbd6672a704e8f62d2307ed2c01","strict":true,"agent_id":"copilot"} name: "Daily Secrets Analysis Agent" "on": diff --git a/.github/workflows/daily-security-red-team.lock.yml b/.github/workflows/daily-security-red-team.lock.yml index 828849c1f4e..931f35c7863 100644 --- a/.github/workflows/daily-security-red-team.lock.yml +++ b/.github/workflows/daily-security-red-team.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"faae0c6b8934d1bddba33b3806bb7a6af5f34053fc5d210772b64dbf26c2baa0","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"faae0c6b8934d1bddba33b3806bb7a6af5f34053fc5d210772b64dbf26c2baa0","compiled_hash":"78b84c59ed9d497e60db86abeee0bc62df285388a4f474c34228255631fcf401","strict":true,"agent_id":"claude"} name: "Daily Security Red Team Agent" "on": diff --git a/.github/workflows/daily-semgrep-scan.lock.yml b/.github/workflows/daily-semgrep-scan.lock.yml index cfe6c453371..2961f91f19b 100644 --- a/.github/workflows/daily-semgrep-scan.lock.yml +++ b/.github/workflows/daily-semgrep-scan.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/mcp/semgrep.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7a5a221735702a7991fbde05fac553787d4cfc4450c09c4962ab14031c99a869","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"7a5a221735702a7991fbde05fac553787d4cfc4450c09c4962ab14031c99a869","compiled_hash":"7ce87bc691a479a340fb64ae199ede4efb159d56a55f451565b61a04d279bab2","strict":true,"agent_id":"copilot"} name: "Daily Semgrep Scan" "on": diff --git a/.github/workflows/daily-syntax-error-quality.lock.yml b/.github/workflows/daily-syntax-error-quality.lock.yml index f799a487e31..e0dede63a1a 100644 --- a/.github/workflows/daily-syntax-error-quality.lock.yml +++ b/.github/workflows/daily-syntax-error-quality.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d46ca0b67a726081853ef7d2b9e15038063a2772aca1472e1284609871a6b705","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d46ca0b67a726081853ef7d2b9e15038063a2772aca1472e1284609871a6b705","compiled_hash":"246b4f7d75dd94242a0c1760863220ad934ea44e024dc6386806895d32b4095f","strict":true,"agent_id":"copilot"} name: "Daily Syntax Error Quality Check" "on": diff --git a/.github/workflows/daily-team-evolution-insights.lock.yml b/.github/workflows/daily-team-evolution-insights.lock.yml index e8f9d7386a4..2eaa874dbf1 100644 --- a/.github/workflows/daily-team-evolution-insights.lock.yml +++ b/.github/workflows/daily-team-evolution-insights.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"734b6d85297a01c4f98081febc8ebe6d367376d1aa3bb81fd77abe9992693e7c","agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"734b6d85297a01c4f98081febc8ebe6d367376d1aa3bb81fd77abe9992693e7c","compiled_hash":"b491420371d3f34664b223b26e3e7bd151e8eff5c95e8942a70dfeff57b6a6fa","agent_id":"claude"} name: "Daily Team Evolution Insights" "on": diff --git a/.github/workflows/daily-team-status.lock.yml b/.github/workflows/daily-team-status.lock.yml index a4e15c7612d..ccd981b7961 100644 --- a/.github/workflows/daily-team-status.lock.yml +++ b/.github/workflows/daily-team-status.lock.yml @@ -32,7 +32,7 @@ # Imports: # - githubnext/agentics/workflows/shared/reporting.md@d3422bf940923ef1d43db5559652b8e1e71869f3 # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5afa47f119a84ede8ca7bdd2ee1ad40e6e38520a56ae93dd6756366bc5bdcc47","stop_time":"2026-02-09 04:24:39","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5afa47f119a84ede8ca7bdd2ee1ad40e6e38520a56ae93dd6756366bc5bdcc47","compiled_hash":"039350a9fc65b9afa502172070f6122980cb916bab98a9eafd767bde1b3b93a7","stop_time":"2026-02-09 04:24:39","strict":true,"agent_id":"copilot"} # # Effective stop-time: 2026-02-09 04:24:39 diff --git a/.github/workflows/daily-testify-uber-super-expert.lock.yml b/.github/workflows/daily-testify-uber-super-expert.lock.yml index c7f9a843a8e..aeacf4f7e03 100644 --- a/.github/workflows/daily-testify-uber-super-expert.lock.yml +++ b/.github/workflows/daily-testify-uber-super-expert.lock.yml @@ -31,7 +31,7 @@ # - shared/go-source-analysis.md # - shared/safe-output-app.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b0077a1af615ea44f936a06eeb0d4bf4a42b9202eddeed2d44bc9e90470f7317","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b0077a1af615ea44f936a06eeb0d4bf4a42b9202eddeed2d44bc9e90470f7317","compiled_hash":"5a53a72651677b2b0c5f1ca04643bcffd1e986320069e84837c3f7e84f92de93","strict":true,"agent_id":"copilot"} name: "Daily Testify Uber Super Expert" "on": diff --git a/.github/workflows/daily-workflow-updater.lock.yml b/.github/workflows/daily-workflow-updater.lock.yml index b596489c7dd..746a3d4036b 100644 --- a/.github/workflows/daily-workflow-updater.lock.yml +++ b/.github/workflows/daily-workflow-updater.lock.yml @@ -22,7 +22,7 @@ # # Automatically updates GitHub Actions versions and creates a PR if changes are detected # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"26f8e046e4f296368ce5e51b93ce99a0de7757fa1aa378fe826430c2f1951ba9","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"26f8e046e4f296368ce5e51b93ce99a0de7757fa1aa378fe826430c2f1951ba9","compiled_hash":"c414fa19f3705537d104e8d0db0f77b85dba0c4bddf0a244b85938064b7a482d","strict":true,"agent_id":"copilot"} name: "Daily Workflow Updater" "on": diff --git a/.github/workflows/dead-code-remover.lock.yml b/.github/workflows/dead-code-remover.lock.yml index 5c075465431..919fd5dc953 100644 --- a/.github/workflows/dead-code-remover.lock.yml +++ b/.github/workflows/dead-code-remover.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/activation-app.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c23eb716e8315a583cf67898540e0a8a6a7b1006dbdd9c3dd0b8c3ba3933422e","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c23eb716e8315a583cf67898540e0a8a6a7b1006dbdd9c3dd0b8c3ba3933422e","compiled_hash":"8df24cd127d459695d7ad5c17c84b680efa7c9712571676f2be7fe58e8ab4e8d","strict":true,"agent_id":"copilot"} name: "Dead Code Removal Agent" "on": diff --git a/.github/workflows/deep-report.lock.yml b/.github/workflows/deep-report.lock.yml index 96219876539..a1da0e6da79 100644 --- a/.github/workflows/deep-report.lock.yml +++ b/.github/workflows/deep-report.lock.yml @@ -29,7 +29,7 @@ # - shared/reporting.md # - shared/weekly-issues-data-fetch.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"06938b2b98eeca7914a0d456d79dde2c13be6ee4af46d9d73f87b37612d338c8","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"06938b2b98eeca7914a0d456d79dde2c13be6ee4af46d9d73f87b37612d338c8","compiled_hash":"ce8d9a5a706804f9e40d9e2c28de6a39b73ad20e9a2217555ec85c3aaa8f9f21","strict":true,"agent_id":"claude"} name: "DeepReport - Intelligence Gathering Agent" "on": diff --git a/.github/workflows/delight.lock.yml b/.github/workflows/delight.lock.yml index 3c5f0bdb0f6..20735e71832 100644 --- a/.github/workflows/delight.lock.yml +++ b/.github/workflows/delight.lock.yml @@ -29,7 +29,7 @@ # - shared/repo-memory-standard.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"bbbc63edf6c0be801dac5706aabf12206efa01b3f5cd87821b2218fd3389a683","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"bbbc63edf6c0be801dac5706aabf12206efa01b3f5cd87821b2218fd3389a683","compiled_hash":"e4cb380f12c5ecef77e23313458f598e89a5856d89eb188b2848caf4bf6efd63","strict":true,"agent_id":"copilot"} name: "Delight" "on": diff --git a/.github/workflows/dependabot-burner.lock.yml b/.github/workflows/dependabot-burner.lock.yml index 18abe645c6f..1b9a76fe4cb 100644 --- a/.github/workflows/dependabot-burner.lock.yml +++ b/.github/workflows/dependabot-burner.lock.yml @@ -25,7 +25,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3385b9d23f6b393c771300b0c3cfd146abde6b5bf351064a62425da228008c44","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3385b9d23f6b393c771300b0c3cfd146abde6b5bf351064a62425da228008c44","compiled_hash":"bc16af70b143cd8d288c8a076c012759ccdcd5e75e9ddf8cdbf892ca8ee6b824","strict":true,"agent_id":"copilot"} name: "Dependabot Burner" "on": diff --git a/.github/workflows/dependabot-go-checker.lock.yml b/.github/workflows/dependabot-go-checker.lock.yml index 9a0cca6bcc6..5b88ac2a7f8 100644 --- a/.github/workflows/dependabot-go-checker.lock.yml +++ b/.github/workflows/dependabot-go-checker.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"da7735b48a97c5178e8f38755311eec65f45cfdf460f785c25e03f652be66464","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"da7735b48a97c5178e8f38755311eec65f45cfdf460f785c25e03f652be66464","compiled_hash":"7d008c3fec95be29d2cc630d8e1b9993ec5f95dcd7ebe6e91db527ab8f5c977a","strict":true,"agent_id":"copilot"} name: "Dependabot Dependency Checker" "on": diff --git a/.github/workflows/dev-hawk.lock.yml b/.github/workflows/dev-hawk.lock.yml index d21fd50de6b..e491b0fd937 100644 --- a/.github/workflows/dev-hawk.lock.yml +++ b/.github/workflows/dev-hawk.lock.yml @@ -22,7 +22,7 @@ # # Monitors development workflow activities and provides real-time alerts and insights on pull requests and CI status # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"aa448b3fcead039b6003089c1039cb3d15ce90ec940704c2e34f745bc25cc03f","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"aa448b3fcead039b6003089c1039cb3d15ce90ec940704c2e34f745bc25cc03f","compiled_hash":"99c2d7317cad92b2c14ef4281ea7416e4663a5053fe5850b8a6353073b1fb9b6","strict":true,"agent_id":"copilot"} name: "Dev Hawk" "on": diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index 06cd5885f85..f2af189fc93 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/qmd.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"043db8a7615b37166f67297c69ee077636351bf493b0a01aa8196391b5ee4807","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"043db8a7615b37166f67297c69ee077636351bf493b0a01aa8196391b5ee4807","compiled_hash":"d43929ec223451c9c0f5030ea4c377392d04b1dd981b8b778396a5ec72152ce0","agent_id":"copilot"} name: "Dev" "on": diff --git a/.github/workflows/developer-docs-consolidator.lock.yml b/.github/workflows/developer-docs-consolidator.lock.yml index a3c545f3641..561b900a902 100644 --- a/.github/workflows/developer-docs-consolidator.lock.yml +++ b/.github/workflows/developer-docs-consolidator.lock.yml @@ -30,7 +30,7 @@ # - shared/qmd.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d6349807505c81b3c35895880351968f2267a8e7e106d052a17a821b8fa4e1eb","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d6349807505c81b3c35895880351968f2267a8e7e106d052a17a821b8fa4e1eb","compiled_hash":"a368201d16d94fa010a992e15ff8e794ae59d2efba2c87e8b0c53a19fe305cbf","strict":true,"agent_id":"claude"} name: "Developer Documentation Consolidator" "on": diff --git a/.github/workflows/dictation-prompt.lock.yml b/.github/workflows/dictation-prompt.lock.yml index 4ade7f99424..72bbbdeb8eb 100644 --- a/.github/workflows/dictation-prompt.lock.yml +++ b/.github/workflows/dictation-prompt.lock.yml @@ -27,7 +27,7 @@ # - shared/qmd.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"21c6c078f3b5b342ef074303f8c5cdd0b250607a1ca75c6205fc02087dd76f23","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"21c6c078f3b5b342ef074303f8c5cdd0b250607a1ca75c6205fc02087dd76f23","compiled_hash":"0a34e7b8ceb90a15e2886bbef26bcf9cc711bdabc10182c3f854479fc48851b5","strict":true,"agent_id":"copilot"} name: "Dictation Prompt Generator" "on": diff --git a/.github/workflows/discussion-task-miner.lock.yml b/.github/workflows/discussion-task-miner.lock.yml index 5c8e344bf1e..f6536354457 100644 --- a/.github/workflows/discussion-task-miner.lock.yml +++ b/.github/workflows/discussion-task-miner.lock.yml @@ -29,7 +29,7 @@ # - shared/repo-memory-standard.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"da5ebd0fcc145d0547a61913f1a5c48c00279fc878bd841dee63a375cd54b95b","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"da5ebd0fcc145d0547a61913f1a5c48c00279fc878bd841dee63a375cd54b95b","compiled_hash":"9a9ecb54ed81a9b694a636ac811f58f795191b7a01eb525aa532da2665821c79","strict":true,"agent_id":"copilot"} name: "Discussion Task Miner - Code Quality Improvement Agent" "on": diff --git a/.github/workflows/docs-noob-tester.lock.yml b/.github/workflows/docs-noob-tester.lock.yml index 591cba540e5..1ad94c0a843 100644 --- a/.github/workflows/docs-noob-tester.lock.yml +++ b/.github/workflows/docs-noob-tester.lock.yml @@ -29,7 +29,7 @@ # - shared/keep-it-short.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"099f1b955ddb5f6aa943db1153bec1b95c8b6a8d3088f71b21a1c94450fb690b","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"099f1b955ddb5f6aa943db1153bec1b95c8b6a8d3088f71b21a1c94450fb690b","compiled_hash":"07aaab8fddaaa1fa4c3b0c85fe5bc9cb34fbaae16ae1ec024756213b759c083e","strict":true,"agent_id":"copilot"} name: "Documentation Noob Tester" "on": diff --git a/.github/workflows/draft-pr-cleanup.lock.yml b/.github/workflows/draft-pr-cleanup.lock.yml index 42d3b44ee06..26113baad71 100644 --- a/.github/workflows/draft-pr-cleanup.lock.yml +++ b/.github/workflows/draft-pr-cleanup.lock.yml @@ -22,7 +22,7 @@ # # Automated cleanup policy for stale draft pull requests to reduce clutter and improve triage efficiency # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c6eb2caa9620b443d909c6fdf3be709069b7b91df9578cbf98351a04923d8a25","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c6eb2caa9620b443d909c6fdf3be709069b7b91df9578cbf98351a04923d8a25","compiled_hash":"badde76d7cd9638fd2832c230dca8e81c128d065357791c8df950f5b77ac038f","strict":true,"agent_id":"copilot"} name: "Draft PR Cleanup" "on": diff --git a/.github/workflows/duplicate-code-detector.lock.yml b/.github/workflows/duplicate-code-detector.lock.yml index d0d4ff2b707..6a2af7f02a1 100644 --- a/.github/workflows/duplicate-code-detector.lock.yml +++ b/.github/workflows/duplicate-code-detector.lock.yml @@ -29,7 +29,7 @@ # - shared/reporting.md # - shared/go-source-analysis.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4c03da6f43eb324285434eacdb515ebb471da4aa442266383eebc7ed682cd946","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4c03da6f43eb324285434eacdb515ebb471da4aa442266383eebc7ed682cd946","compiled_hash":"c056a3719b135eac91b5f3c47dc25b50a77b85141270a420ee822b67a6e6ce64","strict":true,"agent_id":"codex"} name: "Duplicate Code Detector" "on": diff --git a/.github/workflows/example-permissions-warning.lock.yml b/.github/workflows/example-permissions-warning.lock.yml index d06a056baf5..70ec3c381aa 100644 --- a/.github/workflows/example-permissions-warning.lock.yml +++ b/.github/workflows/example-permissions-warning.lock.yml @@ -22,7 +22,7 @@ # # Example workflow demonstrating proper permission provisioning and security best practices # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cbc025e1319832edb0b85151db2c36cdde748e467faf1d0d20c646d33e8a0542","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cbc025e1319832edb0b85151db2c36cdde748e467faf1d0d20c646d33e8a0542","compiled_hash":"92678a7b8f6705dd3483b2ff5fe85fad5932959b85127f844637be9621229513","agent_id":"copilot"} name: "Example: Properly Provisioned Permissions" "on": diff --git a/.github/workflows/example-workflow-analyzer.lock.yml b/.github/workflows/example-workflow-analyzer.lock.yml index 7b9a5235d0f..576001a7c24 100644 --- a/.github/workflows/example-workflow-analyzer.lock.yml +++ b/.github/workflows/example-workflow-analyzer.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9df414db30809d112be19a218a775672182db5ae35c0279a4baa8509d8dc447f","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9df414db30809d112be19a218a775672182db5ae35c0279a4baa8509d8dc447f","compiled_hash":"859c3b1aa30474a4814024a54f688cd2de6db428a1cf888fc3c54a3f2d4f9957","strict":true,"agent_id":"claude"} name: "Weekly Workflow Analysis" "on": diff --git a/.github/workflows/firewall-escape.lock.yml b/.github/workflows/firewall-escape.lock.yml index fc792281b42..55a7e0b3058 100644 --- a/.github/workflows/firewall-escape.lock.yml +++ b/.github/workflows/firewall-escape.lock.yml @@ -22,7 +22,7 @@ # # Security testing to find escape paths in the AWF (Agent Workflow Firewall) # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"74e501e0d13e7e5a3b2d21418bc8460f5c0023998ac599caa303fec99234b69e","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"74e501e0d13e7e5a3b2d21418bc8460f5c0023998ac599caa303fec99234b69e","compiled_hash":"0b4f20a10bf09363dc866822deb1ea3b726808bc10987d26dbb4fb18db73d3f5","strict":true,"agent_id":"copilot"} name: "The Great Escapi" "on": diff --git a/.github/workflows/firewall.lock.yml b/.github/workflows/firewall.lock.yml index 2055a03bfd4..0bf27978271 100644 --- a/.github/workflows/firewall.lock.yml +++ b/.github/workflows/firewall.lock.yml @@ -22,7 +22,7 @@ # # Tests network firewall functionality and validates security rules for workflow network access # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2a0e834ee3cd0e91a2b612df54c1ffa488ab6e446f79ede1851d9af4a6365de0","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2a0e834ee3cd0e91a2b612df54c1ffa488ab6e446f79ede1851d9af4a6365de0","compiled_hash":"a30d82ab1a1383ffcc3257ea40d734f56230eee70d2da88ce74f160c60f32cca","strict":true,"agent_id":"copilot"} name: "Firewall Test Agent" "on": diff --git a/.github/workflows/functional-pragmatist.lock.yml b/.github/workflows/functional-pragmatist.lock.yml index 81164bbb579..2d2ba87f418 100644 --- a/.github/workflows/functional-pragmatist.lock.yml +++ b/.github/workflows/functional-pragmatist.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3f482fd4077daa43f3de442e51373010b992262926cb396dfadad062cd60126d","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3f482fd4077daa43f3de442e51373010b992262926cb396dfadad062cd60126d","compiled_hash":"2072b9ed4f9cb6feab50b8153a097a9865416cec0fb143dbb4fdfccff60b6dd7","strict":true,"agent_id":"copilot"} name: "Functional Pragmatist" "on": diff --git a/.github/workflows/github-mcp-structural-analysis.lock.yml b/.github/workflows/github-mcp-structural-analysis.lock.yml index 07ff7200a6e..12c147422bf 100644 --- a/.github/workflows/github-mcp-structural-analysis.lock.yml +++ b/.github/workflows/github-mcp-structural-analysis.lock.yml @@ -28,7 +28,7 @@ # - shared/python-dataviz.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8a7f256c121670968e01f0f188be5056f363ca82163386e009e2cc71076669ae","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8a7f256c121670968e01f0f188be5056f363ca82163386e009e2cc71076669ae","compiled_hash":"1dea2902738ce290a12c2c2a01c4c90f626240c50fedfb7ce199650b96b4dcdd","strict":true,"agent_id":"claude"} name: "GitHub MCP Structural Analysis" "on": diff --git a/.github/workflows/github-mcp-tools-report.lock.yml b/.github/workflows/github-mcp-tools-report.lock.yml index 564f0665807..a1b8c911cdd 100644 --- a/.github/workflows/github-mcp-tools-report.lock.yml +++ b/.github/workflows/github-mcp-tools-report.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"27e4ecbd62023446ef3354213c3c778ca3839cc72f94b7e7c212cebf46c7f1f6","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"27e4ecbd62023446ef3354213c3c778ca3839cc72f94b7e7c212cebf46c7f1f6","compiled_hash":"7ea4f6dfdc22835f1b8c9a514cb5990ac7ff09280bd3cb119c4fd8f33d880e82","strict":true,"agent_id":"claude"} name: "GitHub MCP Remote Server Tools Report Generator" "on": diff --git a/.github/workflows/github-remote-mcp-auth-test.lock.yml b/.github/workflows/github-remote-mcp-auth-test.lock.yml index 614bf07f8f2..ae5d121a23e 100644 --- a/.github/workflows/github-remote-mcp-auth-test.lock.yml +++ b/.github/workflows/github-remote-mcp-auth-test.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/daily-audit-discussion.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"99a56d17334046f65691c5899578182fd48a441a38e0498586ad54f4c211f837","strict":true,"agent_id":"copilot","agent_model":"gpt-5.1-codex-mini"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"99a56d17334046f65691c5899578182fd48a441a38e0498586ad54f4c211f837","compiled_hash":"a7cebacfc81bbca6e82cc9165491eda8c2e751455b6916e3c1bb7331f987acec","strict":true,"agent_id":"copilot","agent_model":"gpt-5.1-codex-mini"} name: "GitHub Remote MCP Authentication Test" "on": diff --git a/.github/workflows/glossary-maintainer.lock.yml b/.github/workflows/glossary-maintainer.lock.yml index bd96b8b9d8e..9e8dd6ca252 100644 --- a/.github/workflows/glossary-maintainer.lock.yml +++ b/.github/workflows/glossary-maintainer.lock.yml @@ -30,7 +30,7 @@ # - shared/mcp/serena.md # - shared/qmd.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9389787b244a5634d091106cdc3dcc203892411ff6b388a97f85b0dea7c622bc","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9389787b244a5634d091106cdc3dcc203892411ff6b388a97f85b0dea7c622bc","compiled_hash":"1f8453fb62de34730e8cce63747368b63a7e65358420a37aee3839f08a6dbbb9","strict":true,"agent_id":"copilot"} name: "Glossary Maintainer" "on": diff --git a/.github/workflows/go-fan.lock.yml b/.github/workflows/go-fan.lock.yml index fe57daa5eba..ae6bf62c2b6 100644 --- a/.github/workflows/go-fan.lock.yml +++ b/.github/workflows/go-fan.lock.yml @@ -30,7 +30,7 @@ # - shared/reporting.md # - shared/go-source-analysis.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9b2dfe08c0d213fee0d2ccab1b71e7b30f8a3f30f72eea47ba07256820a507dc","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9b2dfe08c0d213fee0d2ccab1b71e7b30f8a3f30f72eea47ba07256820a507dc","compiled_hash":"88a2c12c104fe3814c2cf171cf63592671e2f4c1d4d55a0e06207c58877a2b0b","strict":true,"agent_id":"claude"} name: "Go Fan" "on": diff --git a/.github/workflows/go-logger.lock.yml b/.github/workflows/go-logger.lock.yml index e7b2b3a1074..cabe8b174e3 100644 --- a/.github/workflows/go-logger.lock.yml +++ b/.github/workflows/go-logger.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/go-make.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4701538e32cbe3a56742cfc4d67a420e9c704076476b5ad9b212c6e46b0b645a","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4701538e32cbe3a56742cfc4d67a420e9c704076476b5ad9b212c6e46b0b645a","compiled_hash":"946a983ce6f950d95fc0b742c2a1dbe24059931f229f78fe0845cfac73f7109e","strict":true,"agent_id":"claude"} name: "Go Logger Enhancement" "on": diff --git a/.github/workflows/go-pattern-detector.lock.yml b/.github/workflows/go-pattern-detector.lock.yml index 2ef4a2c8aba..9d6ea68a9cf 100644 --- a/.github/workflows/go-pattern-detector.lock.yml +++ b/.github/workflows/go-pattern-detector.lock.yml @@ -27,7 +27,7 @@ # - shared/mcp/ast-grep.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"dc2cde38b55169485659d1f07e137cfa8bbf50807971eea3ceabf6c331ab4ba8","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"dc2cde38b55169485659d1f07e137cfa8bbf50807971eea3ceabf6c331ab4ba8","compiled_hash":"6d93c301c63517e7e9457957c6ec57d578650c0f1e075049aa2ea65de0970aa9","strict":true,"agent_id":"claude"} name: "Go Pattern Detector" "on": diff --git a/.github/workflows/gpclean.lock.yml b/.github/workflows/gpclean.lock.yml index 4ce0753b2b8..389af193f2d 100644 --- a/.github/workflows/gpclean.lock.yml +++ b/.github/workflows/gpclean.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"75c8d2f1431e88d0a8ec9cb4e69c2c84a84749fe96a0c409bd63f28509e6a3bc","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"75c8d2f1431e88d0a8ec9cb4e69c2c84a84749fe96a0c409bd63f28509e6a3bc","compiled_hash":"26f45817d9401afa16a826cf99783fa550b34f8f74ad2c96a95f97b809fdd8ad","agent_id":"copilot"} name: "GPL Dependency Cleaner (gpclean)" "on": diff --git a/.github/workflows/grumpy-reviewer.lock.yml b/.github/workflows/grumpy-reviewer.lock.yml index a803db085b8..2eb1be75177 100644 --- a/.github/workflows/grumpy-reviewer.lock.yml +++ b/.github/workflows/grumpy-reviewer.lock.yml @@ -27,7 +27,7 @@ # - shared/github-guard-policy.md # - shared/pr-code-review-config.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cdb51c70b04d0eba9bb1c102add031164396e35a4fd6c2aec6b44501a2035896","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cdb51c70b04d0eba9bb1c102add031164396e35a4fd6c2aec6b44501a2035896","compiled_hash":"400663594763c4f70d8f9fa86189473e6f302c61e666b543f54674b8fbb6315c","strict":true,"agent_id":"codex"} name: "Grumpy Code Reviewer 🔥" "on": diff --git a/.github/workflows/hourly-ci-cleaner.lock.yml b/.github/workflows/hourly-ci-cleaner.lock.yml index 65e64e00741..055b6b88f4c 100644 --- a/.github/workflows/hourly-ci-cleaner.lock.yml +++ b/.github/workflows/hourly-ci-cleaner.lock.yml @@ -26,7 +26,7 @@ # Imports: # - ../agents/ci-cleaner.agent.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"657fe7f816559aaf92a9c53c84bcdc7261ec44037b2da0a08bc878b39045d90b","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"657fe7f816559aaf92a9c53c84bcdc7261ec44037b2da0a08bc878b39045d90b","compiled_hash":"312048af692208913fe7e61f9f65abf1f659b1a9c1d93a552456a4f6bfb68613","strict":true,"agent_id":"copilot"} name: "CI Cleaner" "on": diff --git a/.github/workflows/instructions-janitor.lock.yml b/.github/workflows/instructions-janitor.lock.yml index 60993a6dc7e..98e739c6f56 100644 --- a/.github/workflows/instructions-janitor.lock.yml +++ b/.github/workflows/instructions-janitor.lock.yml @@ -22,7 +22,7 @@ # # Reviews and cleans up instruction files to ensure clarity, consistency, and adherence to best practices # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"294c9591637dd8ed73b97015a73573a11428987e6b5d9bbdf69fb46c9bb9f07b","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"294c9591637dd8ed73b97015a73573a11428987e6b5d9bbdf69fb46c9bb9f07b","compiled_hash":"ffd6f367a63de62800b096abbcd839ebec3dd71f2387497963bcf74630ab0607","strict":true,"agent_id":"claude"} name: "Instructions Janitor" "on": diff --git a/.github/workflows/issue-arborist.lock.yml b/.github/workflows/issue-arborist.lock.yml index f1c3924255b..b56ab20eefa 100644 --- a/.github/workflows/issue-arborist.lock.yml +++ b/.github/workflows/issue-arborist.lock.yml @@ -28,7 +28,7 @@ # - shared/jqschema.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cfd27d0b112875eb02b9e480c92921c5082580ec0c39cf08054dbf6fbe79d172","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cfd27d0b112875eb02b9e480c92921c5082580ec0c39cf08054dbf6fbe79d172","compiled_hash":"25dafdc15be99ff8c4e1c26083de9b2573630ff47f6d412dfa16d8c1ae92ed8a","strict":true,"agent_id":"codex"} name: "Issue Arborist" "on": diff --git a/.github/workflows/issue-monster.lock.yml b/.github/workflows/issue-monster.lock.yml index e25fe144ab3..c44f1643b67 100644 --- a/.github/workflows/issue-monster.lock.yml +++ b/.github/workflows/issue-monster.lock.yml @@ -27,7 +27,7 @@ # - shared/activation-app.md # - shared/github-guard-policy.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e4adbd06bead73a338976eea281c282628c5fa9a3117665649bc3f81a85f155e","strict":true,"agent_id":"copilot","agent_model":"gpt-5.1-codex-mini"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e4adbd06bead73a338976eea281c282628c5fa9a3117665649bc3f81a85f155e","compiled_hash":"488d7f8b324bcba1646bf72f29da4257f80577335d92d55088a1c8d3e0eaef13","strict":true,"agent_id":"copilot","agent_model":"gpt-5.1-codex-mini"} name: "Issue Monster" "on": diff --git a/.github/workflows/issue-triage-agent.lock.yml b/.github/workflows/issue-triage-agent.lock.yml index f8594c0da84..9e4c9231e2b 100644 --- a/.github/workflows/issue-triage-agent.lock.yml +++ b/.github/workflows/issue-triage-agent.lock.yml @@ -26,7 +26,7 @@ # - shared/github-guard-policy.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f4e1d4caf31a9ba3331998df97d2a875fb04f78033d9c3925e5f0a813a6c342b","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f4e1d4caf31a9ba3331998df97d2a875fb04f78033d9c3925e5f0a813a6c342b","compiled_hash":"931bd438d476cd21db7368c4ce0236b1f9ed080dfcfb8550b9e2463b9576dcaa","strict":true,"agent_id":"copilot"} name: "Issue Triage Agent" "on": diff --git a/.github/workflows/jsweep.lock.yml b/.github/workflows/jsweep.lock.yml index 7c572a1c2fd..52011da25fc 100644 --- a/.github/workflows/jsweep.lock.yml +++ b/.github/workflows/jsweep.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/mcp/serena.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"dd86446c86ebaaeba36e9e964665af7108fbb2b5fad335f400c2378bbf43fc68","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"dd86446c86ebaaeba36e9e964665af7108fbb2b5fad335f400c2378bbf43fc68","compiled_hash":"f7b458b4ba95e04d290267a290bf4c0701c158bfcc659648a3dac0a5d99bebf9","strict":true,"agent_id":"copilot"} name: "jsweep - JavaScript Unbloater" "on": diff --git a/.github/workflows/layout-spec-maintainer.lock.yml b/.github/workflows/layout-spec-maintainer.lock.yml index 3a6ddc01779..43b760712d3 100644 --- a/.github/workflows/layout-spec-maintainer.lock.yml +++ b/.github/workflows/layout-spec-maintainer.lock.yml @@ -22,7 +22,7 @@ # # Maintains scratchpad/layout.md with patterns of file paths, folder names, and artifact names used in lock.yml files # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"32cec4338cb562bfaaf4c4d96115c5d041fc6a0c0d2cf1ba313a88caa11c7fa8","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"32cec4338cb562bfaaf4c4d96115c5d041fc6a0c0d2cf1ba313a88caa11c7fa8","compiled_hash":"51c6e94a1a6e36b701472891833b10d645ccb304c0c0e9675de65b1ae66ee89a","strict":true,"agent_id":"copilot"} name: "Layout Specification Maintainer" "on": diff --git a/.github/workflows/lockfile-stats.lock.yml b/.github/workflows/lockfile-stats.lock.yml index 26f3a807517..ef7c75fd106 100644 --- a/.github/workflows/lockfile-stats.lock.yml +++ b/.github/workflows/lockfile-stats.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fdfe5ff3afe18bc175832a76b3fe5bc90dff82ee63a1eb7768c6bd8a9108cf15","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fdfe5ff3afe18bc175832a76b3fe5bc90dff82ee63a1eb7768c6bd8a9108cf15","compiled_hash":"d221c0711ad020b2e29038949eb9b9f58909cf3cbb5ad7c958f5ab6b9976c750","strict":true,"agent_id":"claude"} name: "Lockfile Statistics Analysis Agent" "on": diff --git a/.github/workflows/mcp-inspector.lock.yml b/.github/workflows/mcp-inspector.lock.yml index 7e54c4ec1d5..90bb7b0d246 100644 --- a/.github/workflows/mcp-inspector.lock.yml +++ b/.github/workflows/mcp-inspector.lock.yml @@ -43,7 +43,7 @@ # - shared/mcp/tavily.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c8a47c3aeff6acd01d5c5e432ecbc8b4ed86e51c2cf4e210a98e85e3f580fe3b","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c8a47c3aeff6acd01d5c5e432ecbc8b4ed86e51c2cf4e210a98e85e3f580fe3b","compiled_hash":"6e51c6bafca5f0599a41753c5efa93fa6afe15ec869fbd8e9ab1e0414ac2d042","agent_id":"copilot"} name: "MCP Inspector Agent" "on": diff --git a/.github/workflows/mergefest.lock.yml b/.github/workflows/mergefest.lock.yml index 08862b9b35d..1deeeb921bf 100644 --- a/.github/workflows/mergefest.lock.yml +++ b/.github/workflows/mergefest.lock.yml @@ -22,7 +22,7 @@ # # Automatically merges the main branch into pull request branches when invoked with /mergefest command # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c981d37f11bc2c11773de35070124859129139ba95aff08624c563605165439f","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c981d37f11bc2c11773de35070124859129139ba95aff08624c563605165439f","compiled_hash":"aed5e06af3c7b7a55d440a872426f4cfaba8e06ee08d42812fbe7e80557e4e6a","strict":true,"agent_id":"copilot"} name: "Mergefest" "on": diff --git a/.github/workflows/metrics-collector.lock.yml b/.github/workflows/metrics-collector.lock.yml index 33b6549be44..8ba1ab542ff 100644 --- a/.github/workflows/metrics-collector.lock.yml +++ b/.github/workflows/metrics-collector.lock.yml @@ -22,7 +22,7 @@ # # Collects daily performance metrics for the agent ecosystem and stores them in repo-memory # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b5f384f27d5b48e0c6e4600f71718bafab6244d85c1bf0e04afeadeef6c76147","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b5f384f27d5b48e0c6e4600f71718bafab6244d85c1bf0e04afeadeef6c76147","compiled_hash":"cfdb133bd4fbd2242bc77fff1c5c778130125b592173f667d5323afc2d65b441","strict":true,"agent_id":"copilot"} name: "Metrics Collector - Infrastructure Agent" "on": diff --git a/.github/workflows/notion-issue-summary.lock.yml b/.github/workflows/notion-issue-summary.lock.yml index a85935a915c..6e7db01fd64 100644 --- a/.github/workflows/notion-issue-summary.lock.yml +++ b/.github/workflows/notion-issue-summary.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/mcp/notion.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"92dea2779599cc352b88f4ecc85cd97c218fdb3693e7d906216308624b4aab66","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"92dea2779599cc352b88f4ecc85cd97c218fdb3693e7d906216308624b4aab66","compiled_hash":"67f417ec9c1336eb8e1c1b7c6cf7566891ccae570d9a5ff8b03eee8b84b95c99","strict":true,"agent_id":"copilot"} name: "Issue Summary to Notion" "on": diff --git a/.github/workflows/org-health-report.lock.yml b/.github/workflows/org-health-report.lock.yml index 5b85ae0787d..704b5ae3878 100644 --- a/.github/workflows/org-health-report.lock.yml +++ b/.github/workflows/org-health-report.lock.yml @@ -29,7 +29,7 @@ # - shared/python-dataviz.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"854516e8df913fa62f2b8288d45ac30f2b2711b98c3d9b8dc25e7e1ff91a977f","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"854516e8df913fa62f2b8288d45ac30f2b2711b98c3d9b8dc25e7e1ff91a977f","compiled_hash":"d4809ce74b78818c3cf170e75a5256d6363486861d9b13387c3b8f0aa466813d","strict":true,"agent_id":"copilot"} name: "Organization Health Report" "on": diff --git a/.github/workflows/pdf-summary.lock.yml b/.github/workflows/pdf-summary.lock.yml index 9664ef75f22..4f22692efef 100644 --- a/.github/workflows/pdf-summary.lock.yml +++ b/.github/workflows/pdf-summary.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/mcp/markitdown.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6d3174d6f6e18cf0e99b8c93c294401c6d7ddb699196eaa13776f0b49f5909ed","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6d3174d6f6e18cf0e99b8c93c294401c6d7ddb699196eaa13776f0b49f5909ed","compiled_hash":"9d264433d2795144fa423860c0db8199e2641a097b4f46fae301b3e499fbc6d2","strict":true,"agent_id":"copilot"} name: "Resource Summarizer Agent" "on": diff --git a/.github/workflows/plan.lock.yml b/.github/workflows/plan.lock.yml index d95a42c8af8..8267b85cfbd 100644 --- a/.github/workflows/plan.lock.yml +++ b/.github/workflows/plan.lock.yml @@ -22,7 +22,7 @@ # # Generates project plans and task breakdowns when invoked with /plan command in issues or PRs # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2ef6d836d569a09b7c2504cf554ca69cee43f7433fc3aa8ebc52dd31170815bd","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2ef6d836d569a09b7c2504cf554ca69cee43f7433fc3aa8ebc52dd31170815bd","compiled_hash":"fd8d3b25caa8ee7119851f9cab77fc621df2a96155270681961602379d8b80dd","strict":true,"agent_id":"copilot"} name: "Plan Command" "on": diff --git a/.github/workflows/poem-bot.lock.yml b/.github/workflows/poem-bot.lock.yml index 5349cb6bb28..5a4882ab666 100644 --- a/.github/workflows/poem-bot.lock.yml +++ b/.github/workflows/poem-bot.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e24bfae6e6ba9dc7f6a26fe8161c93e8774e99aa4873bb6744f0c887c91a4483","strict":true,"agent_id":"copilot","agent_model":"gpt-5"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"e24bfae6e6ba9dc7f6a26fe8161c93e8774e99aa4873bb6744f0c887c91a4483","compiled_hash":"5c76c1263df78efb96efdf8ff07c1b07b2dc7885a8ec74d8aebe549744670bc2","strict":true,"agent_id":"copilot","agent_model":"gpt-5"} name: "Poem Bot - A Creative Agentic Workflow" "on": diff --git a/.github/workflows/portfolio-analyst.lock.yml b/.github/workflows/portfolio-analyst.lock.yml index 3ae0eb4c463..086b5bb2f52 100644 --- a/.github/workflows/portfolio-analyst.lock.yml +++ b/.github/workflows/portfolio-analyst.lock.yml @@ -29,7 +29,7 @@ # - shared/reporting.md # - shared/trending-charts-simple.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9f1e7fa8b83dd91aefa585f492548276a6a14a828a71b90d6480f5d716a8858e","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9f1e7fa8b83dd91aefa585f492548276a6a14a828a71b90d6480f5d716a8858e","compiled_hash":"786e203aefb51f4faff2c2db37b80a46d2125a62384660b0e420a67ee83dc0d8","strict":true,"agent_id":"copilot"} name: "Automated Portfolio Analyst" "on": diff --git a/.github/workflows/pr-nitpick-reviewer.lock.yml b/.github/workflows/pr-nitpick-reviewer.lock.yml index 1cb78361bfc..161bcd97db8 100644 --- a/.github/workflows/pr-nitpick-reviewer.lock.yml +++ b/.github/workflows/pr-nitpick-reviewer.lock.yml @@ -27,7 +27,7 @@ # - shared/pr-code-review-config.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1c5afbcc15ccde9b0714225f3bbbfb1579751480ac6e9b3e0c46a2e34cbfec5c","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1c5afbcc15ccde9b0714225f3bbbfb1579751480ac6e9b3e0c46a2e34cbfec5c","compiled_hash":"9691bd712dff597641d7843a67d54a93e06dd1a3cbdb7f78401873f92b5d8ead","strict":true,"agent_id":"copilot"} name: "PR Nitpick Reviewer 🔍" "on": diff --git a/.github/workflows/pr-triage-agent.lock.yml b/.github/workflows/pr-triage-agent.lock.yml index 7b7023c8a6d..c99c1c7f0da 100644 --- a/.github/workflows/pr-triage-agent.lock.yml +++ b/.github/workflows/pr-triage-agent.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/github-guard-policy.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"192e43dac8430c63fcaef36dc9ecaf928511a154644626ed4650db14473292ed","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"192e43dac8430c63fcaef36dc9ecaf928511a154644626ed4650db14473292ed","compiled_hash":"c307b2001ade26ccaed043201a2a7e0251619dc286ed080cbcff5b19bce49158","strict":true,"agent_id":"copilot"} name: "PR Triage Agent" "on": diff --git a/.github/workflows/prompt-clustering-analysis.lock.yml b/.github/workflows/prompt-clustering-analysis.lock.yml index fedd232bf63..19b6e125703 100644 --- a/.github/workflows/prompt-clustering-analysis.lock.yml +++ b/.github/workflows/prompt-clustering-analysis.lock.yml @@ -31,7 +31,7 @@ # - shared/reporting.md # - shared/trending-charts-simple.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"faf8c5791431939d907180ff957c037ce53ecd1641d0022121eda2de46fc1a3f","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"faf8c5791431939d907180ff957c037ce53ecd1641d0022121eda2de46fc1a3f","compiled_hash":"b0a0f0087eb103d9a5fa483f5ca387d4a804f52bcbc4096ebc2be22d8c5efbdb","strict":true,"agent_id":"claude"} name: "Copilot Agent Prompt Clustering Analysis" "on": diff --git a/.github/workflows/python-data-charts.lock.yml b/.github/workflows/python-data-charts.lock.yml index dfec5f12a2f..1c9a83fba69 100644 --- a/.github/workflows/python-data-charts.lock.yml +++ b/.github/workflows/python-data-charts.lock.yml @@ -28,7 +28,7 @@ # - shared/trends.md # - shared/charts-with-trending.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fea56ce855d62d8ab45a91075e76e3d0e962187e06f6b07d7ca24ecf50d2f4c0","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fea56ce855d62d8ab45a91075e76e3d0e962187e06f6b07d7ca24ecf50d2f4c0","compiled_hash":"e5a498c9d1afc892220192c2fb60b965366c5deab1b5a58988919c6518bb09ed","strict":true,"agent_id":"copilot"} name: "Python Data Visualization Generator" "on": diff --git a/.github/workflows/q.lock.yml b/.github/workflows/q.lock.yml index 256979cf10c..40e5144ffbe 100644 --- a/.github/workflows/q.lock.yml +++ b/.github/workflows/q.lock.yml @@ -27,7 +27,7 @@ # - shared/mcp/serena-go.md # - shared/mcp/serena.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"704596354fec846cb7314ed6649228461f0e913a502d163b78c663edc275a83b","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"704596354fec846cb7314ed6649228461f0e913a502d163b78c663edc275a83b","compiled_hash":"de4f2d81c586daba6e7e73c3cbe1c721fc38f4e321fb8568367f90c83b1a0057","strict":true,"agent_id":"copilot"} name: "Q" "on": diff --git a/.github/workflows/refiner.lock.yml b/.github/workflows/refiner.lock.yml index 6ba3cea0ec4..c5fa3eae64e 100644 --- a/.github/workflows/refiner.lock.yml +++ b/.github/workflows/refiner.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/github-guard-policy.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a24e20b4cb3c287f7e685d1fc703a775a706bc6183adee885c1ab8c440b22fa4","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a24e20b4cb3c287f7e685d1fc703a775a706bc6183adee885c1ab8c440b22fa4","compiled_hash":"d27ed3a65b8b0731fbd275db4c889820319ee220397932e1cd4d907b4dc0b3dd","strict":true,"agent_id":"copilot"} name: "Code Refiner" "on": diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index 879c6ed524c..80b8e86d2b0 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/community-attribution.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"128dc3cf2dcc46fc99c649a218664042fa068fc3aaf79bde247c915caa21d4dd","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"128dc3cf2dcc46fc99c649a218664042fa068fc3aaf79bde247c915caa21d4dd","compiled_hash":"034e538166f846585886f6d3d7fc2be0f05683d7d9f21f1909321b480be284be","strict":true,"agent_id":"copilot"} name: "Release" "on": diff --git a/.github/workflows/repo-audit-analyzer.lock.yml b/.github/workflows/repo-audit-analyzer.lock.yml index 39db7917313..3df52b249e9 100644 --- a/.github/workflows/repo-audit-analyzer.lock.yml +++ b/.github/workflows/repo-audit-analyzer.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"0b4bada9496a836ee6efdd29850596f977273575fd68151a8e99678edf7d635c","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"0b4bada9496a836ee6efdd29850596f977273575fd68151a8e99678edf7d635c","compiled_hash":"7a03101dbf678b25831877690b089d7035e84315401de2760fd81532f60ed89e","strict":true,"agent_id":"copilot"} name: "Repository Audit & Agentic Workflow Opportunity Analyzer" "on": diff --git a/.github/workflows/repo-tree-map.lock.yml b/.github/workflows/repo-tree-map.lock.yml index f98838e10f4..1d932665375 100644 --- a/.github/workflows/repo-tree-map.lock.yml +++ b/.github/workflows/repo-tree-map.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3353c3598b8b70f6c9ad4b1b6d40b6ce12bc6a526a3d0323c46b8b7f71c9b16c","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3353c3598b8b70f6c9ad4b1b6d40b6ce12bc6a526a3d0323c46b8b7f71c9b16c","compiled_hash":"49d3208c064c03e5048fb90dafd42b8b89c8631b8fb54bcbd853ebf0fc451500","strict":true,"agent_id":"copilot"} name: "Repository Tree Map Generator" "on": diff --git a/.github/workflows/repository-quality-improver.lock.yml b/.github/workflows/repository-quality-improver.lock.yml index 2027116e047..6918d1ce5c6 100644 --- a/.github/workflows/repository-quality-improver.lock.yml +++ b/.github/workflows/repository-quality-improver.lock.yml @@ -29,7 +29,7 @@ # - shared/mcp/serena.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c4b901163feff6fa274650fbe23a1ad7741d333f9428684a0845c1baf2cec7c4","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c4b901163feff6fa274650fbe23a1ad7741d333f9428684a0845c1baf2cec7c4","compiled_hash":"9fbf4384a36c602a1f7dd293bda67f33e932406feb250e72e420ff460d5a8787","strict":true,"agent_id":"copilot"} name: "Repository Quality Improvement Agent" "on": diff --git a/.github/workflows/research.lock.yml b/.github/workflows/research.lock.yml index e735404d156..804067e0fc6 100644 --- a/.github/workflows/research.lock.yml +++ b/.github/workflows/research.lock.yml @@ -27,7 +27,7 @@ # - shared/mcp/tavily.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d0a1dc5317a1a485182e80d6b6942132e16b2af637d6e359401d4cb31928f55e","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d0a1dc5317a1a485182e80d6b6942132e16b2af637d6e359401d4cb31928f55e","compiled_hash":"aab9813004f1793c0f2a9eb4a00a99060c735cee62628a97245f3ad20c294de1","strict":true,"agent_id":"copilot"} name: "Basic Research Agent" "on": diff --git a/.github/workflows/safe-output-health.lock.yml b/.github/workflows/safe-output-health.lock.yml index 008cb704e78..64460c2ab7d 100644 --- a/.github/workflows/safe-output-health.lock.yml +++ b/.github/workflows/safe-output-health.lock.yml @@ -29,7 +29,7 @@ # - shared/jqschema.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f65ef56b469719c2d7f6f9a4107804e6b7a7dac6357fc3babf2bc73e52451d34","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f65ef56b469719c2d7f6f9a4107804e6b7a7dac6357fc3babf2bc73e52451d34","compiled_hash":"d528f3d6758e5b8170f0b6b12c416ecb6ab7718a66db3f2f1824e2170fc3fb50","strict":true,"agent_id":"claude"} name: "Safe Output Health Monitor" "on": diff --git a/.github/workflows/schema-consistency-checker.lock.yml b/.github/workflows/schema-consistency-checker.lock.yml index 77905407d0e..610743ccb72 100644 --- a/.github/workflows/schema-consistency-checker.lock.yml +++ b/.github/workflows/schema-consistency-checker.lock.yml @@ -27,7 +27,7 @@ # - shared/daily-audit-discussion.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cea73f8de22ee6d0fc084dcadfd32158202533bd89cefeb391b56a0a130f01e1","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cea73f8de22ee6d0fc084dcadfd32158202533bd89cefeb391b56a0a130f01e1","compiled_hash":"ecfc9e00357c91e130398e7fc90a4f10accfac132e2b1b28508fb034b9aa24de","strict":true,"agent_id":"claude"} name: "Schema Consistency Checker" "on": diff --git a/.github/workflows/schema-feature-coverage.lock.yml b/.github/workflows/schema-feature-coverage.lock.yml index a524d5fb817..58a34252b71 100644 --- a/.github/workflows/schema-feature-coverage.lock.yml +++ b/.github/workflows/schema-feature-coverage.lock.yml @@ -22,7 +22,7 @@ # # Ensures 100% schema feature coverage across existing agentic workflows by creating PRs for any uncovered fields # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f4ac99aa1c881611e85255d79b537284e03dd6d57121b04e265099dbf74f4721","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f4ac99aa1c881611e85255d79b537284e03dd6d57121b04e265099dbf74f4721","compiled_hash":"c45db550da8303915516068f51d0c32655273ae4bdf6e49bf030a3dc0d105de3","strict":true,"agent_id":"codex"} name: "Schema Feature Coverage Checker" "on": diff --git a/.github/workflows/scout.lock.yml b/.github/workflows/scout.lock.yml index faa7b34505a..6bff7b27884 100644 --- a/.github/workflows/scout.lock.yml +++ b/.github/workflows/scout.lock.yml @@ -32,7 +32,7 @@ # - shared/mcp/tavily.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d7458e2989c491a13fe05cbc974ba27fdbe84ba4c087d2f27c84ce54abb9771e","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"d7458e2989c491a13fe05cbc974ba27fdbe84ba4c087d2f27c84ce54abb9771e","compiled_hash":"e4b886df0f548652729f4db6070f33b661b1e5ccb882f09b8949c81a7de94026","strict":true,"agent_id":"claude"} name: "Scout" "on": diff --git a/.github/workflows/security-compliance.lock.yml b/.github/workflows/security-compliance.lock.yml index d82766a9941..f47e9219c5a 100644 --- a/.github/workflows/security-compliance.lock.yml +++ b/.github/workflows/security-compliance.lock.yml @@ -22,7 +22,7 @@ # # Fix critical vulnerabilities before audit deadline with full tracking and reporting # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"01738ba16ae7253d0909165ffb3f971ef84f616ce8f131598481ca66c9c0827f","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"01738ba16ae7253d0909165ffb3f971ef84f616ce8f131598481ca66c9c0827f","compiled_hash":"0a06afcb51e2d21e50a59e4b0b9b444cca0ac0d9d0aeb7dfa0d3f93b917d2684","strict":true,"agent_id":"copilot"} name: "Security Compliance Campaign" "on": diff --git a/.github/workflows/security-review.lock.yml b/.github/workflows/security-review.lock.yml index 6da7e07bf57..f18585d4b10 100644 --- a/.github/workflows/security-review.lock.yml +++ b/.github/workflows/security-review.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/pr-code-review-config.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6ae73a1972b16e068d3bf5d532df795942fdfaa62d38c4b824caefa098c81b60","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6ae73a1972b16e068d3bf5d532df795942fdfaa62d38c4b824caefa098c81b60","compiled_hash":"3913b2fbbe4af9cd7f8b98224231b4e74232ec6bfbeaf6ef4c3db70c5358ae1c","strict":true,"agent_id":"copilot"} name: "Security Review Agent 🔒" "on": diff --git a/.github/workflows/semantic-function-refactor.lock.yml b/.github/workflows/semantic-function-refactor.lock.yml index 6982862bc1e..abf51d96514 100644 --- a/.github/workflows/semantic-function-refactor.lock.yml +++ b/.github/workflows/semantic-function-refactor.lock.yml @@ -29,7 +29,7 @@ # - shared/reporting.md # - shared/go-source-analysis.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"61198277500b7cca0b2607a7663b884d3b5dcaedb767286e1449d0b4fe0fc785","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"61198277500b7cca0b2607a7663b884d3b5dcaedb767286e1449d0b4fe0fc785","compiled_hash":"98b78ddf7012091340cd830f6fc6df769478fb2f2257ba1769dd66b849c48d40","strict":true,"agent_id":"claude"} name: "Semantic Function Refactoring" "on": diff --git a/.github/workflows/sergo.lock.yml b/.github/workflows/sergo.lock.yml index 342ac62c470..13c0775790d 100644 --- a/.github/workflows/sergo.lock.yml +++ b/.github/workflows/sergo.lock.yml @@ -29,7 +29,7 @@ # - shared/mcp/serena.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"af533ebfcee6ef0562c1a099c964f0b1cbe1df627ceccd31c0b1ec1e0273906a","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"af533ebfcee6ef0562c1a099c964f0b1cbe1df627ceccd31c0b1ec1e0273906a","compiled_hash":"8a5b1fac3351a6cc2b2b51e4391b99e0528286a67d312d0d20dfe322b71f1255","strict":true,"agent_id":"claude"} name: "Sergo - Serena Go Expert" "on": diff --git a/.github/workflows/slide-deck-maintainer.lock.yml b/.github/workflows/slide-deck-maintainer.lock.yml index ef16b63a171..d16ef86476c 100644 --- a/.github/workflows/slide-deck-maintainer.lock.yml +++ b/.github/workflows/slide-deck-maintainer.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/activation-app.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5fd4d0e409380c23608e3e688e4085262945b249421a29cb45ec8f93e01a6bfc","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5fd4d0e409380c23608e3e688e4085262945b249421a29cb45ec8f93e01a6bfc","compiled_hash":"402bd16838af3cf589ace7fd88f57b5b3c7d0a128dbf5dd477ec6f0af15007f0","strict":true,"agent_id":"copilot"} name: "Slide Deck Maintainer" "on": diff --git a/.github/workflows/smoke-agent-all-merged.lock.yml b/.github/workflows/smoke-agent-all-merged.lock.yml index ddefa9772b3..1c3c43dafba 100644 --- a/.github/workflows/smoke-agent-all-merged.lock.yml +++ b/.github/workflows/smoke-agent-all-merged.lock.yml @@ -22,7 +22,7 @@ # # Guard policy smoke test: repos=all, min-integrity=merged (most restrictive) # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"bbd91d7cb3316403403189cfafb70b4578c3f66fcdd53247a3eeb1798d0f9da5","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"bbd91d7cb3316403403189cfafb70b4578c3f66fcdd53247a3eeb1798d0f9da5","compiled_hash":"72e1dac7ce90d364670206b662b47d8476ff15f7828d5e83e26cb6e2d318f457","strict":true,"agent_id":"codex"} name: "Smoke Agent: all/merged" "on": diff --git a/.github/workflows/smoke-agent-all-none.lock.yml b/.github/workflows/smoke-agent-all-none.lock.yml index b96b4126c0b..ab5a8fde657 100644 --- a/.github/workflows/smoke-agent-all-none.lock.yml +++ b/.github/workflows/smoke-agent-all-none.lock.yml @@ -22,7 +22,7 @@ # # Guard policy smoke test: repos=all, min-integrity=none (most permissive) # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3f9db3848c2cb24db426b7476702b3fa72282f69fbf94e1d4aa1bce7f415d7b6","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"3f9db3848c2cb24db426b7476702b3fa72282f69fbf94e1d4aa1bce7f415d7b6","compiled_hash":"6c306e4f6b4bd8d1eab77ca89478af5021c75819431e47b6e15547d0b640e7b3","strict":true,"agent_id":"codex"} name: "Smoke Agent: all/none" "on": diff --git a/.github/workflows/smoke-agent-public-approved.lock.yml b/.github/workflows/smoke-agent-public-approved.lock.yml index 159baf1617e..e4415bf0f76 100644 --- a/.github/workflows/smoke-agent-public-approved.lock.yml +++ b/.github/workflows/smoke-agent-public-approved.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/github-guard-policy.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"10d8624a668e228fad34496250ffda3a946d3771db24052940e518cf989e9011","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"10d8624a668e228fad34496250ffda3a946d3771db24052940e518cf989e9011","compiled_hash":"b870dff70278cb8b75597bb99a27c532e46008d03087c149cd8e374c5206c5ba","strict":true,"agent_id":"codex"} name: "Smoke Agent: public/approved" "on": diff --git a/.github/workflows/smoke-agent-public-none.lock.yml b/.github/workflows/smoke-agent-public-none.lock.yml index 190442d063a..eb20da720ad 100644 --- a/.github/workflows/smoke-agent-public-none.lock.yml +++ b/.github/workflows/smoke-agent-public-none.lock.yml @@ -22,7 +22,7 @@ # # Guard policy smoke test: repos=public, min-integrity=none # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f3c995f72a3cf4a61b6b081604a1fee2aff6acd11db9ef49dd1bfa29f853f732","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f3c995f72a3cf4a61b6b081604a1fee2aff6acd11db9ef49dd1bfa29f853f732","compiled_hash":"6a6adb57d3f923fdfddfce5d0641c5293e7cbec884f6eb9a0c8eac942c675617","strict":true,"agent_id":"codex"} name: "Smoke Agent: public/none" "on": diff --git a/.github/workflows/smoke-agent-scoped-approved.lock.yml b/.github/workflows/smoke-agent-scoped-approved.lock.yml index 1da54faf938..e655e92e6fe 100644 --- a/.github/workflows/smoke-agent-scoped-approved.lock.yml +++ b/.github/workflows/smoke-agent-scoped-approved.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/github-guard-policy.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"300632a0a433248c05338ed59f453141c36973dcf842fc749a7e76e3b5a8f839","strict":true,"agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"300632a0a433248c05338ed59f453141c36973dcf842fc749a7e76e3b5a8f839","compiled_hash":"a95d9f009069084cdcd8d4993619277127e977921c62f3da7c44201d4d33ff02","strict":true,"agent_id":"codex"} name: "Smoke Agent: scoped/approved" "on": diff --git a/.github/workflows/smoke-call-workflow.lock.yml b/.github/workflows/smoke-call-workflow.lock.yml index 645719d96ea..f67caa6fb28 100644 --- a/.github/workflows/smoke-call-workflow.lock.yml +++ b/.github/workflows/smoke-call-workflow.lock.yml @@ -22,7 +22,7 @@ # # Smoke test for the call-workflow safe output - orchestrator that calls a worker via workflow_call at compile-time fan-out # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"61544e9548c9d83d99c2874329b16fde38e5eed99331c8de79e5eac9093ce3fa","strict":true,"agent_id":"codex","agent_model":"gpt-5.1-codex-mini"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"61544e9548c9d83d99c2874329b16fde38e5eed99331c8de79e5eac9093ce3fa","compiled_hash":"867d94f3434f85672b5b26c375acdc66c8433c9cf53dad689470ad3c6ca72bb6","strict":true,"agent_id":"codex","agent_model":"gpt-5.1-codex-mini"} name: "Smoke Call Workflow" "on": diff --git a/.github/workflows/smoke-claude.lock.yml b/.github/workflows/smoke-claude.lock.yml index cda44927bc4..60d4b8c0ee0 100644 --- a/.github/workflows/smoke-claude.lock.yml +++ b/.github/workflows/smoke-claude.lock.yml @@ -37,7 +37,7 @@ # # inlined-imports: true # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8b4570801394464240788e4c538a220f7ae35f8abc29b9def1b603989de7841e","agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8b4570801394464240788e4c538a220f7ae35f8abc29b9def1b603989de7841e","compiled_hash":"cb94966cbed65b902843b4ee3b14639109fceda85e2950593a3eef8dbb33deee","agent_id":"claude"} name: "Smoke Claude" "on": diff --git a/.github/workflows/smoke-codex.lock.yml b/.github/workflows/smoke-codex.lock.yml index 18dbb569569..2706abccf5e 100644 --- a/.github/workflows/smoke-codex.lock.yml +++ b/.github/workflows/smoke-codex.lock.yml @@ -30,7 +30,7 @@ # - shared/qmd.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"08622eff96fd523aed1828fcef487dcfa21db6e47e34f44f587a6ce0a027cbe3","agent_id":"codex"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"08622eff96fd523aed1828fcef487dcfa21db6e47e34f44f587a6ce0a027cbe3","compiled_hash":"52a91cb621827afdc735049d7c53a5d56c5233aba7257dc2e19285efad216b93","agent_id":"codex"} name: "Smoke Codex" "on": diff --git a/.github/workflows/smoke-copilot-arm.lock.yml b/.github/workflows/smoke-copilot-arm.lock.yml index a4768763885..8768fb4aba4 100644 --- a/.github/workflows/smoke-copilot-arm.lock.yml +++ b/.github/workflows/smoke-copilot-arm.lock.yml @@ -30,7 +30,7 @@ # - shared/mcp/serena.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b922b54ad668c7e5d79e80973efae5108439b02e6d1ff89d534cf06bdf16d0ed","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b922b54ad668c7e5d79e80973efae5108439b02e6d1ff89d534cf06bdf16d0ed","compiled_hash":"7cc5fa9c76bec14a75070e5cf0ccfac5ed1e6bf2affd4a02065b0977626a29b5","agent_id":"copilot"} name: "Smoke Copilot ARM64" "on": diff --git a/.github/workflows/smoke-copilot.lock.yml b/.github/workflows/smoke-copilot.lock.yml index 32bffd0ad69..a4fd3621077 100644 --- a/.github/workflows/smoke-copilot.lock.yml +++ b/.github/workflows/smoke-copilot.lock.yml @@ -31,7 +31,7 @@ # - shared/mcp/serena.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a8d01acc6fc00511bf712d729839b8d2812a7fc654612f83b539b870c8d10c28","agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a8d01acc6fc00511bf712d729839b8d2812a7fc654612f83b539b870c8d10c28","compiled_hash":"81092cd81fc3d988d1aab1f7cbf416bf11e303a167d7ffa66112929f6805ca3e","agent_id":"copilot"} name: "Smoke Copilot" "on": diff --git a/.github/workflows/smoke-create-cross-repo-pr.lock.yml b/.github/workflows/smoke-create-cross-repo-pr.lock.yml index f08d28ec325..975aed4ee87 100644 --- a/.github/workflows/smoke-create-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-create-cross-repo-pr.lock.yml @@ -22,7 +22,7 @@ # # Smoke test validating cross-repo pull request creation in githubnext/gh-aw-side-repo # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"23144cc5cfaff8c43f78aeac9193fc954d2391a4d6fc0207772ebb4127c0ad56","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"23144cc5cfaff8c43f78aeac9193fc954d2391a4d6fc0207772ebb4127c0ad56","compiled_hash":"d8b78b1c92e189ec50495c89fb75cbb02f33644edda5f268282879efef5e7d97","strict":true,"agent_id":"copilot"} name: "Smoke Create Cross-Repo PR" "on": diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index b14a3f05727..d2295c8c101 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -27,7 +27,7 @@ # - shared/gh.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"bc947fc0f68789a8c2116df1b0ed091773cc6c20103a7b93a9bd3b23e65e8f61","strict":true,"agent_id":"gemini"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"bc947fc0f68789a8c2116df1b0ed091773cc6c20103a7b93a9bd3b23e65e8f61","compiled_hash":"b79b12bdba0d7f94abbd3a080e0b9be3b8399569bedd9f995371419b17644eb7","strict":true,"agent_id":"gemini"} name: "Smoke Gemini" "on": diff --git a/.github/workflows/smoke-multi-pr.lock.yml b/.github/workflows/smoke-multi-pr.lock.yml index 6eb7e3e17f6..1faa2b3ff10 100644 --- a/.github/workflows/smoke-multi-pr.lock.yml +++ b/.github/workflows/smoke-multi-pr.lock.yml @@ -22,7 +22,7 @@ # # Test creating multiple pull requests in a single workflow run # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ee31e52ea131e5257cdee9983e2401eca1666057c51720c5e667f48b6a4de359","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ee31e52ea131e5257cdee9983e2401eca1666057c51720c5e667f48b6a4de359","compiled_hash":"6f13bb4197274c12865c6a717da8fe2b4d9348edfaf17e4d1ce53e3e5be238c8","strict":true,"agent_id":"copilot"} name: "Smoke Multi PR" "on": diff --git a/.github/workflows/smoke-project.lock.yml b/.github/workflows/smoke-project.lock.yml index aec2770b4c9..7d4c5adbebf 100644 --- a/.github/workflows/smoke-project.lock.yml +++ b/.github/workflows/smoke-project.lock.yml @@ -22,7 +22,7 @@ # # Smoke Project - Test project operations # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"710ec62380b7f4046fc0e531419bf0be666859f6668744e95e249cc359b3d6c8","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"710ec62380b7f4046fc0e531419bf0be666859f6668744e95e249cc359b3d6c8","compiled_hash":"b5724309e2cce754cf3073e8b527566eb181ce29817f95152ff6ce0ddee31f75","strict":true,"agent_id":"copilot"} name: "Smoke Project" "on": diff --git a/.github/workflows/smoke-service-ports.lock.yml b/.github/workflows/smoke-service-ports.lock.yml index 8fd61420cf2..9a49546501a 100644 --- a/.github/workflows/smoke-service-ports.lock.yml +++ b/.github/workflows/smoke-service-ports.lock.yml @@ -22,7 +22,7 @@ # # Smoke test to validate --allow-host-service-ports with Redis service container # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f87ff09b47856fe5762f2eb7eddf0eee24e2dd583dd1b53a14f1ed9fef367457","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"f87ff09b47856fe5762f2eb7eddf0eee24e2dd583dd1b53a14f1ed9fef367457","compiled_hash":"933a6d0d7de323f748349ce060eb241909aac57b04b979480c65ace8e0791aa0","strict":true,"agent_id":"copilot"} name: "Smoke Service Ports" "on": diff --git a/.github/workflows/smoke-temporary-id.lock.yml b/.github/workflows/smoke-temporary-id.lock.yml index 5e6f48c1c01..f9b21f7f03b 100644 --- a/.github/workflows/smoke-temporary-id.lock.yml +++ b/.github/workflows/smoke-temporary-id.lock.yml @@ -22,7 +22,7 @@ # # Test temporary ID functionality for issue chaining and cross-references # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"12576301d22af2259a94778128a412fb13a9fa458278f35ffd57e10d58921542","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"12576301d22af2259a94778128a412fb13a9fa458278f35ffd57e10d58921542","compiled_hash":"85666909816e7e19eb421c228724c5ccf6b4be26d9dd8603e495b1c7d4e55d05","strict":true,"agent_id":"copilot"} name: "Smoke Temporary ID" "on": diff --git a/.github/workflows/smoke-test-tools.lock.yml b/.github/workflows/smoke-test-tools.lock.yml index 712d7d11a10..56082fc164e 100644 --- a/.github/workflows/smoke-test-tools.lock.yml +++ b/.github/workflows/smoke-test-tools.lock.yml @@ -22,7 +22,7 @@ # # Smoke test to validate common development tools are available in the agent container # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5f0e65a120ba50edaf8801625d4f570c66f3428d29b3a6a82a32610833d8d1a5","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5f0e65a120ba50edaf8801625d4f570c66f3428d29b3a6a82a32610833d8d1a5","compiled_hash":"ca5f64d350f8d51500c206282ef5998d2479931a1c96cb685293eb386485a567","strict":true,"agent_id":"copilot"} name: "Agent Container Smoke Test" "on": diff --git a/.github/workflows/smoke-update-cross-repo-pr.lock.yml b/.github/workflows/smoke-update-cross-repo-pr.lock.yml index e9579a07466..8a7321d97fd 100644 --- a/.github/workflows/smoke-update-cross-repo-pr.lock.yml +++ b/.github/workflows/smoke-update-cross-repo-pr.lock.yml @@ -22,7 +22,7 @@ # # Smoke test validating cross-repo pull request updates in githubnext/gh-aw-side-repo by adding lines from Homer's Odyssey to the README # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1b83093f25431da3943130e4dc7707a88b79a2f8454e38a5773f5f5031b6b1d2","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1b83093f25431da3943130e4dc7707a88b79a2f8454e38a5773f5f5031b6b1d2","compiled_hash":"639e24b07292aa5622fad8eff177ccacf8ec5b9af2a62f027470827831adf453","strict":true,"agent_id":"copilot"} name: "Smoke Update Cross-Repo PR" "on": diff --git a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml index bd38b5d7c0b..30f742721eb 100644 --- a/.github/workflows/smoke-workflow-call-with-inputs.lock.yml +++ b/.github/workflows/smoke-workflow-call-with-inputs.lock.yml @@ -22,7 +22,7 @@ # # Reusable workflow with inputs - used to test that multiple callers don't clash on artifact names # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"70659d13c51a9ae641724fcb962c32d078d6734c237660a62fdc5ccc0e7c999d","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"70659d13c51a9ae641724fcb962c32d078d6734c237660a62fdc5ccc0e7c999d","compiled_hash":"693e90cf45b401cf0c87d7231ae36cc3ac7ea93d9c8aaf8a44c61e9351e08fdc","strict":true,"agent_id":"copilot"} name: "Smoke Workflow Call with Inputs" "on": diff --git a/.github/workflows/smoke-workflow-call.lock.yml b/.github/workflows/smoke-workflow-call.lock.yml index 9a8a13ca4b8..d429a7cf54d 100644 --- a/.github/workflows/smoke-workflow-call.lock.yml +++ b/.github/workflows/smoke-workflow-call.lock.yml @@ -22,7 +22,7 @@ # # Reusable workflow to validate checkout from fork works correctly in workflow_call context # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ec8e06e54f77696dc841d99cf0dbe8391ab81ac495ec1ebb806afab7287c77f1","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"ec8e06e54f77696dc841d99cf0dbe8391ab81ac495ec1ebb806afab7287c77f1","compiled_hash":"97b319335dc0562359464edb4715144548f14533d4250f22b22798e1c1265f29","strict":true,"agent_id":"copilot"} name: "Smoke Workflow Call" "on": diff --git a/.github/workflows/stale-repo-identifier.lock.yml b/.github/workflows/stale-repo-identifier.lock.yml index 998fa9af7c0..c47d29d4107 100644 --- a/.github/workflows/stale-repo-identifier.lock.yml +++ b/.github/workflows/stale-repo-identifier.lock.yml @@ -30,7 +30,7 @@ # - shared/reporting.md # - shared/trending-charts-simple.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9119cb20b4b2e96e61078e9422f421df63ac1a57b2ba3e0dfcc4a7b1aa352504","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"9119cb20b4b2e96e61078e9422f421df63ac1a57b2ba3e0dfcc4a7b1aa352504","compiled_hash":"c170b8901c2b5af0539f31769d85d8a3f454e60c23b7d1a3cf1ab126e1698870","strict":true,"agent_id":"copilot"} name: "Stale Repository Identifier" "on": diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 2a844fdc2e5..65f05ba5d4b 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6e704ad580181ed88b36b117249a9b0079ae21982ff1e28edffa187b14b3262c","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6e704ad580181ed88b36b117249a9b0079ae21982ff1e28edffa187b14b3262c","compiled_hash":"f3f59d3590a044c21e3aa6a56afb5de7278ddeb66710cffe0cf01f94cf576672","strict":true,"agent_id":"claude"} name: "Static Analysis Report" "on": diff --git a/.github/workflows/step-name-alignment.lock.yml b/.github/workflows/step-name-alignment.lock.yml index dfd86913b7f..706ce289507 100644 --- a/.github/workflows/step-name-alignment.lock.yml +++ b/.github/workflows/step-name-alignment.lock.yml @@ -22,7 +22,7 @@ # # Scans step names in .lock.yml files and aligns them with step intent and project glossary # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"013931389b5fee5fd1bfa5c8050369f2de9c3c778fe7d5a829c305f02300098c","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"013931389b5fee5fd1bfa5c8050369f2de9c3c778fe7d5a829c305f02300098c","compiled_hash":"be2c4b0ce42a0e622635e07d606b17964be49f29ce22891268e6b38ecec61d6e","strict":true,"agent_id":"claude"} name: "Step Name Alignment" "on": diff --git a/.github/workflows/sub-issue-closer.lock.yml b/.github/workflows/sub-issue-closer.lock.yml index 7d566af08f3..e1d7a257581 100644 --- a/.github/workflows/sub-issue-closer.lock.yml +++ b/.github/workflows/sub-issue-closer.lock.yml @@ -22,7 +22,7 @@ # # Scheduled workflow that recursively closes parent issues when all sub-issues are 100% complete # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a264c4ba93f8e06faac6ccf53833c472a92e3eb4fd9930e9910a4719562e3337","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"a264c4ba93f8e06faac6ccf53833c472a92e3eb4fd9930e9910a4719562e3337","compiled_hash":"e07823f40f316c8ddc00838f2ec83a0d053fb5b989e26af7b00a6ab17ac6392e","strict":true,"agent_id":"copilot"} name: "Sub-Issue Closer" "on": diff --git a/.github/workflows/super-linter.lock.yml b/.github/workflows/super-linter.lock.yml index ab05d37e5e8..83ecd4e3683 100644 --- a/.github/workflows/super-linter.lock.yml +++ b/.github/workflows/super-linter.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5b9cd290de19c2efeff8252adba4ccf92c1ed04fd02a082e0ec221ec5ef8de02","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5b9cd290de19c2efeff8252adba4ccf92c1ed04fd02a082e0ec221ec5ef8de02","compiled_hash":"1ecd35b2d43d8e4639e971245060fb9a0f24cbc1833100db354b23982d456ba9","strict":true,"agent_id":"copilot"} name: "Super Linter Report" "on": diff --git a/.github/workflows/technical-doc-writer.lock.yml b/.github/workflows/technical-doc-writer.lock.yml index 06b517647e1..fbb95be11fd 100644 --- a/.github/workflows/technical-doc-writer.lock.yml +++ b/.github/workflows/technical-doc-writer.lock.yml @@ -28,7 +28,7 @@ # - ../skills/documentation/SKILL.md # - shared/qmd.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b34da9436d339882200efe7fdeb011781db57b32e4f262420101b111bdfdbfe4","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"b34da9436d339882200efe7fdeb011781db57b32e4f262420101b111bdfdbfe4","compiled_hash":"ebd43cb5241798833bc317ff30c5d0f3cd086714502ba8afdc2faf6082a21537","strict":true,"agent_id":"copilot"} name: "Rebuild the documentation after making changes" "on": diff --git a/.github/workflows/terminal-stylist.lock.yml b/.github/workflows/terminal-stylist.lock.yml index 790f2042840..373a540e10d 100644 --- a/.github/workflows/terminal-stylist.lock.yml +++ b/.github/workflows/terminal-stylist.lock.yml @@ -29,7 +29,7 @@ # - shared/mcp/serena.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8a97b8b917c11d921e962ff02d53e457aa84fd4e83b672aa42f05c820bc87599","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"8a97b8b917c11d921e962ff02d53e457aa84fd4e83b672aa42f05c820bc87599","compiled_hash":"d50d1fb7c712b01636626ba9596fb015f0a16a671215b7cab709e4ca6f91040e","strict":true,"agent_id":"copilot"} name: "Terminal Stylist" "on": diff --git a/.github/workflows/test-create-pr-error-handling.lock.yml b/.github/workflows/test-create-pr-error-handling.lock.yml index 052c789eda6..e0fe9a7be4e 100644 --- a/.github/workflows/test-create-pr-error-handling.lock.yml +++ b/.github/workflows/test-create-pr-error-handling.lock.yml @@ -22,7 +22,7 @@ # # Test workflow to verify create_pull_request error handling # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"56ed383223178c83cf59d59dc38aa7e14a9cf53f0a4bc96927b48cfdf328eb16","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"56ed383223178c83cf59d59dc38aa7e14a9cf53f0a4bc96927b48cfdf328eb16","compiled_hash":"c626b91ee413c6283594b9fd9ae6da9df56ab9690a529b96ee886800bf9403dd","strict":true,"agent_id":"claude"} name: "Test Create PR Error Handling" "on": diff --git a/.github/workflows/test-dispatcher.lock.yml b/.github/workflows/test-dispatcher.lock.yml index db100fdb87f..8f350e49add 100644 --- a/.github/workflows/test-dispatcher.lock.yml +++ b/.github/workflows/test-dispatcher.lock.yml @@ -21,7 +21,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4bd8c07c60ebeaf4e44c563129d014bb1e8565000ce66a6a74cea2bc733a6c70","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4bd8c07c60ebeaf4e44c563129d014bb1e8565000ce66a6a74cea2bc733a6c70","compiled_hash":"08e08bc27d6f695442d0d40c6da6cfb93a1a4e16939d62ce8923461956f5f91f","strict":true,"agent_id":"copilot"} name: "Test Dispatcher Workflow" "on": diff --git a/.github/workflows/test-project-url-default.lock.yml b/.github/workflows/test-project-url-default.lock.yml index 9bb476c03ff..e62c27f2a59 100644 --- a/.github/workflows/test-project-url-default.lock.yml +++ b/.github/workflows/test-project-url-default.lock.yml @@ -21,7 +21,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"919aa9db316c03def96f98fa19bea30f29ce46d039263de87340d928180c4ab8","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"919aa9db316c03def96f98fa19bea30f29ce46d039263de87340d928180c4ab8","compiled_hash":"634aad11b8f425eee176eba4469078782a62f2aad7bc9819564b083e9b636c59","strict":true,"agent_id":"copilot"} name: "Test Project URL Explicit Requirement" "on": diff --git a/.github/workflows/test-workflow.lock.yml b/.github/workflows/test-workflow.lock.yml index 2ff32279953..a73aed60e22 100644 --- a/.github/workflows/test-workflow.lock.yml +++ b/.github/workflows/test-workflow.lock.yml @@ -21,7 +21,7 @@ # For more information: https://github.github.com/gh-aw/introduction/overview/ # # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c1289924ef5c241c6bf7aede9e9822e6fe5e48cd5d6242834bb75725a19e6fd8","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c1289924ef5c241c6bf7aede9e9822e6fe5e48cd5d6242834bb75725a19e6fd8","compiled_hash":"8a71c0acefc95f54830a769ea628b0c2bb3d30557e728bd795ab15abbe7f6a2c","strict":true,"agent_id":"copilot"} name: "Test Workflow" "on": diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml index b1295ae6b18..78847efcb37 100644 --- a/.github/workflows/tidy.lock.yml +++ b/.github/workflows/tidy.lock.yml @@ -22,7 +22,7 @@ # # Automatically formats and tidies code files (Go, JS, TypeScript) when code changes are pushed or on command # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"40b3ed11d8ead35f3b00d50ddab1b4ca82117eb81cdd2fd11133a8618b770177","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"40b3ed11d8ead35f3b00d50ddab1b4ca82117eb81cdd2fd11133a8618b770177","compiled_hash":"4c763d235c197fdbca9bca82b73c756c7613900035d6c49f5f2d02d2ec4227c5","strict":true,"agent_id":"copilot"} name: "Tidy" "on": diff --git a/.github/workflows/typist.lock.yml b/.github/workflows/typist.lock.yml index e728099cf9a..2ddd3a55855 100644 --- a/.github/workflows/typist.lock.yml +++ b/.github/workflows/typist.lock.yml @@ -29,7 +29,7 @@ # - shared/mcp/serena.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1fe020449c197612d61cfc4de732359c56421e4e1d07d9798844bf6398acf1cb","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"1fe020449c197612d61cfc4de732359c56421e4e1d07d9798844bf6398acf1cb","compiled_hash":"8b81e437845b003c780bce58e2fd1fe00fc36d3707085d154ff59d52040f4bad","strict":true,"agent_id":"claude"} name: "Typist - Go Type Analysis" "on": diff --git a/.github/workflows/ubuntu-image-analyzer.lock.yml b/.github/workflows/ubuntu-image-analyzer.lock.yml index 3712b4fb1c5..96c24744245 100644 --- a/.github/workflows/ubuntu-image-analyzer.lock.yml +++ b/.github/workflows/ubuntu-image-analyzer.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/activation-app.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"17771797667713ac9be02e8d82488e686144d32e516fadd663650ae21c06f701","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"17771797667713ac9be02e8d82488e686144d32e516fadd663650ae21c06f701","compiled_hash":"dc2b5460f5234ec9d893ce8040f1b90e4aad1c9963f95bd41eab9634753efb62","strict":true,"agent_id":"copilot"} name: "Ubuntu Actions Image Analyzer" "on": diff --git a/.github/workflows/unbloat-docs.lock.yml b/.github/workflows/unbloat-docs.lock.yml index 6ed4517145a..7ea096984c0 100644 --- a/.github/workflows/unbloat-docs.lock.yml +++ b/.github/workflows/unbloat-docs.lock.yml @@ -28,7 +28,7 @@ # - shared/qmd.md # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5cb1a238898220d72c422f335a9e11bf399825c79859fe9f982ec22cb15ac37e","strict":true,"agent_id":"claude"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"5cb1a238898220d72c422f335a9e11bf399825c79859fe9f982ec22cb15ac37e","compiled_hash":"4bc1ff17c1072d15b8f4d2c6c8420f5b5a4e302e0ba576c829ee21d1ffcf650e","strict":true,"agent_id":"claude"} name: "Documentation Unbloat" "on": diff --git a/.github/workflows/update-astro.lock.yml b/.github/workflows/update-astro.lock.yml index 2c7850ea7c2..e4fef98ed2a 100644 --- a/.github/workflows/update-astro.lock.yml +++ b/.github/workflows/update-astro.lock.yml @@ -22,7 +22,7 @@ # # Daily workflow to update Astro and related npm packages in the docs folder, review migration guides, ensure the docs build, and create a pull request with changes # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6b6e4fc6351d48419353b1289bbc19a82a2c8c0845cc3309d046a41f2187bf94","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"6b6e4fc6351d48419353b1289bbc19a82a2c8c0845cc3309d046a41f2187bf94","compiled_hash":"67c29ecd800232fe7a26310b64a465de8671017ec30a3f1949d29eee4f025e4c","strict":true,"agent_id":"copilot"} name: "Update Astro" "on": diff --git a/.github/workflows/video-analyzer.lock.yml b/.github/workflows/video-analyzer.lock.yml index ea16e5642e5..247be908678 100644 --- a/.github/workflows/video-analyzer.lock.yml +++ b/.github/workflows/video-analyzer.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/ffmpeg.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"94cc0589aede07110b1d6cf1389de05ec934688bb94f1c2d067d22c1b6b31915","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"94cc0589aede07110b1d6cf1389de05ec934688bb94f1c2d067d22c1b6b31915","compiled_hash":"44a5778a9df6c9c38df459763839fa69441f92409c83517d7e404f5c63ba50a2","strict":true,"agent_id":"copilot"} name: "Video Analysis Agent" "on": diff --git a/.github/workflows/weekly-blog-post-writer.lock.yml b/.github/workflows/weekly-blog-post-writer.lock.yml index 1ba49b1dc1c..ac16de299a7 100644 --- a/.github/workflows/weekly-blog-post-writer.lock.yml +++ b/.github/workflows/weekly-blog-post-writer.lock.yml @@ -27,7 +27,7 @@ # - shared/github-guard-policy.md # - shared/qmd.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"19dfc3b8453b786be720da3f1fedc8d3f16b90a95ab002b0c747923af68c037c","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"19dfc3b8453b786be720da3f1fedc8d3f16b90a95ab002b0c747923af68c037c","compiled_hash":"42da5e854c75f40d890146c87789f80a22b1e738707be7f62779abc4ddc1da3d","strict":true,"agent_id":"copilot"} name: "Weekly Blog Post Writer" "on": diff --git a/.github/workflows/weekly-editors-health-check.lock.yml b/.github/workflows/weekly-editors-health-check.lock.yml index 6198addee6d..f4da2d1a857 100644 --- a/.github/workflows/weekly-editors-health-check.lock.yml +++ b/.github/workflows/weekly-editors-health-check.lock.yml @@ -22,7 +22,7 @@ # # Checks that the workflow editors listed in the documentation are still valid, takes Playwright screenshots, and opens a PR to update the docs with preview images # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"14d8bdeb32a4dc257f4ddd7b84ee9f5339b6369fc2521f4b8640cc1fa9ca22a7","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"14d8bdeb32a4dc257f4ddd7b84ee9f5339b6369fc2521f4b8640cc1fa9ca22a7","compiled_hash":"7c55fa1c0022a5f27a03f0022c8bd0445b5e4623c7f929b26182e7ccd8e3b296","strict":true,"agent_id":"copilot"} name: "Weekly Editors Health Check" "on": diff --git a/.github/workflows/weekly-issue-summary.lock.yml b/.github/workflows/weekly-issue-summary.lock.yml index 928623755f8..5e84d3dfe53 100644 --- a/.github/workflows/weekly-issue-summary.lock.yml +++ b/.github/workflows/weekly-issue-summary.lock.yml @@ -30,7 +30,7 @@ # - shared/reporting.md # - shared/trends.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"864fb943fd3eb42fddcfbcdcf35799a93dd0938a7ec74d797bd422064ba97b6e","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"864fb943fd3eb42fddcfbcdcf35799a93dd0938a7ec74d797bd422064ba97b6e","compiled_hash":"9c318ba4700e117acdc081e49cb5a20b548384726fdfdc6a4b3e915596c66898","strict":true,"agent_id":"copilot"} name: "Weekly Issue Summary" "on": diff --git a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml index 1fa841db9d2..22d239fbbd6 100644 --- a/.github/workflows/weekly-safe-outputs-spec-review.lock.yml +++ b/.github/workflows/weekly-safe-outputs-spec-review.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/github-guard-policy.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2eef978d34fc24da55686e78a0f9e8c21bfb52914f27173715d007bd8e30d4c0","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"2eef978d34fc24da55686e78a0f9e8c21bfb52914f27173715d007bd8e30d4c0","compiled_hash":"c6299ba090ffc1df4532e6f745afa5d2dd4678c197bd165a75fdbb60611c05c1","strict":true,"agent_id":"copilot"} name: "Weekly Safe Outputs Specification Review" "on": diff --git a/.github/workflows/workflow-generator.lock.yml b/.github/workflows/workflow-generator.lock.yml index 8d221e72bae..bd4a57be25b 100644 --- a/.github/workflows/workflow-generator.lock.yml +++ b/.github/workflows/workflow-generator.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/github-guard-policy.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cfd7f6135eab81d11cbd703b3436241bc379da2ede370ecb3285f2186bde6d06","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"cfd7f6135eab81d11cbd703b3436241bc379da2ede370ecb3285f2186bde6d06","compiled_hash":"64e7fed99824b98ebbfc4897527af08b801246cfd7d8d645ee40e1b5fb1b1446","strict":true,"agent_id":"copilot"} name: "Workflow Generator" "on": diff --git a/.github/workflows/workflow-health-manager.lock.yml b/.github/workflows/workflow-health-manager.lock.yml index 9899b5c1291..4713f06208e 100644 --- a/.github/workflows/workflow-health-manager.lock.yml +++ b/.github/workflows/workflow-health-manager.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4227776f06975052b956f8bbf91a7aba77854cf8557dccef3f6b99b4125d7c69","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"4227776f06975052b956f8bbf91a7aba77854cf8557dccef3f6b99b4125d7c69","compiled_hash":"fee5608085b1d7a7fbcfdf7c589cc67b00596247113bea2bcdb77d4057d2dc78","strict":true,"agent_id":"copilot"} name: "Workflow Health Manager - Meta-Orchestrator" "on": diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml index 6fa5a8cd8f9..4ff0b1a3008 100644 --- a/.github/workflows/workflow-normalizer.lock.yml +++ b/.github/workflows/workflow-normalizer.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c4d3ae709d0b09bf46341c2e6f1f18e49a86247b10f23da62fe5336d26267505","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"c4d3ae709d0b09bf46341c2e6f1f18e49a86247b10f23da62fe5336d26267505","compiled_hash":"ea3a8063d539e75836105c7540cea69a970a864713802e44e7ef666b86b00094","strict":true,"agent_id":"copilot"} name: "Workflow Normalizer" "on": diff --git a/.github/workflows/workflow-skill-extractor.lock.yml b/.github/workflows/workflow-skill-extractor.lock.yml index b3d9c859655..e275acfe596 100644 --- a/.github/workflows/workflow-skill-extractor.lock.yml +++ b/.github/workflows/workflow-skill-extractor.lock.yml @@ -26,7 +26,7 @@ # Imports: # - shared/reporting.md # -# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fa23a957b1efd0ee21238a12543a2571f315073a9c05439e5155136ca2a6650d","strict":true,"agent_id":"copilot"} +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"fa23a957b1efd0ee21238a12543a2571f315073a9c05439e5155136ca2a6650d","compiled_hash":"819454c27359a1e4b457ffec201cdd55e388140969f4a7c0061f3d7a985c3166","strict":true,"agent_id":"copilot"} name: "Workflow Skill Extractor" "on": diff --git a/actions/setup/js/check_workflow_timestamp_api.cjs b/actions/setup/js/check_workflow_timestamp_api.cjs index cdc538a6faa..1eb6d10fd36 100644 --- a/actions/setup/js/check_workflow_timestamp_api.cjs +++ b/actions/setup/js/check_workflow_timestamp_api.cjs @@ -16,7 +16,7 @@ const fs = require("fs"); const path = require("path"); const { getErrorMessage } = require("./error_helpers.cjs"); -const { extractHashFromLockFile, computeFrontmatterHash, createGitHubFileReader } = require("./frontmatter_hash_pure.cjs"); +const { extractHashFromLockFile, computeFrontmatterHash, createGitHubFileReader, extractCompiledHashFromLockFile, computeCompiledHashFromLockFile } = require("./frontmatter_hash_pure.cjs"); const { getFileContent } = require("./github_api_helpers.cjs"); const { ERR_CONFIG } = require("./error_codes.cjs"); @@ -141,7 +141,22 @@ async function main() { core.info(` Recomputed hash: ${recomputedHash}`); core.info(` Status: ${match ? "✅ Hashes match" : "⚠️ Hashes differ"}`); - return { match, storedHash, recomputedHash }; + // Verify compiled hash if present: recompute from non-comment lines and compare. + const storedCompiledHash = extractCompiledHashFromLockFile(localLockContent); + let compiledMatch = true; + let actualCompiledHash = ""; + if (storedCompiledHash) { + actualCompiledHash = computeCompiledHashFromLockFile(localLockContent); + compiledMatch = storedCompiledHash === actualCompiledHash; + core.info(`Compiled hash comparison (local filesystem fallback):`); + core.info(` Stored hash: ${storedCompiledHash}`); + core.info(` Recomputed hash: ${actualCompiledHash}`); + core.info(` Status: ${compiledMatch ? "✅ Hashes match" : "⚠️ Hashes differ"}`); + } else { + core.info("No compiled hash in lock file (pre-v4 lock file); skipping compiled hash check"); + } + + return { match, storedHash, recomputedHash, compiledMatch, storedCompiledHash, actualCompiledHash }; } catch (error) { core.info(`Could not compute frontmatter hash from local files: ${getErrorMessage(error)}`); return null; @@ -178,7 +193,25 @@ async function main() { core.info(` Recomputed hash: ${recomputedHash}`); core.info(` Status: ${match ? "✅ Hashes match" : "⚠️ Hashes differ"}`); - return { match, storedHash, recomputedHash }; + // Verify compiled hash if present: recompute from non-comment lines of the + // fetched lock file and compare to the stored compiled_hash. This detects + // tampering with security-critical YAML fields (permissions, env vars, steps) + // even when the .md frontmatter is unchanged. + const storedCompiledHash = extractCompiledHashFromLockFile(lockFileContent); + let compiledMatch = true; + let actualCompiledHash = ""; + if (storedCompiledHash) { + actualCompiledHash = computeCompiledHashFromLockFile(lockFileContent); + compiledMatch = storedCompiledHash === actualCompiledHash; + core.info(`Compiled hash comparison:`); + core.info(` Stored hash: ${storedCompiledHash}`); + core.info(` Recomputed hash: ${actualCompiledHash}`); + core.info(` Status: ${compiledMatch ? "✅ Hashes match" : "⚠️ Hashes differ"}`); + } else { + core.info("No compiled hash in lock file (pre-v4 lock file); skipping compiled hash check"); + } + + return { match, storedHash, recomputedHash, compiledMatch, storedCompiledHash, actualCompiledHash }; } catch (error) { const errorMessage = getErrorMessage(error); core.info(`Could not compute frontmatter hash via API: ${errorMessage}`); @@ -205,6 +238,22 @@ async function main() { await summary.write(); + core.setFailed(`${ERR_CONFIG}: ${warningMessage}`); + } else if (!hashComparison.compiledMatch) { + // Compiled YAML body has been tampered with + const warningMessage = `Lock file '${lockFilePath}' integrity check failed! The compiled YAML body of '${lockFilePath}' has been modified. Run 'gh aw compile' to regenerate the lock file.`; + + let summary = core.summary + .addRaw("### 🚨 Workflow Lock File Tamper Detected\n\n") + .addRaw("**SECURITY WARNING**: Compiled YAML body has been modified after compilation (compiled hash mismatch).\n\n") + .addRaw("**Files:**\n") + .addRaw(`- Lock: \`${lockFilePath}\`\n`) + .addRaw(` - Stored compiled hash: \`${hashComparison.storedCompiledHash.substring(0, 12)}...\`\n`) + .addRaw(` - Actual compiled hash: \`${hashComparison.actualCompiledHash.substring(0, 12)}...\`\n\n`) + .addRaw("**Action Required:** Review the lock file for unauthorized changes and run `gh aw compile` to regenerate it.\n\n"); + + await summary.write(); + core.setFailed(`${ERR_CONFIG}: ${warningMessage}`); } else if (hashComparison.match) { // Hashes match - lock file is up to date diff --git a/actions/setup/js/check_workflow_timestamp_api.test.cjs b/actions/setup/js/check_workflow_timestamp_api.test.cjs index 7a4d227e0a4..36ba12714ab 100644 --- a/actions/setup/js/check_workflow_timestamp_api.test.cjs +++ b/actions/setup/js/check_workflow_timestamp_api.test.cjs @@ -787,4 +787,174 @@ engine: copilot expect(mockCore.setFailed).toHaveBeenCalledWith(expect.stringContaining("integrity check failed")); }); }); + + describe("compiled hash verification", () => { + // compiled hash for the YAML body used in tests below: + // name: Test Workflow\non: push\njobs:\n test:\n runs-on: ubuntu-latest\n steps:\n - run: echo "test" + const validCompiledHash = "2d9f0be96f61f0e42ed7902788d309194b3535923ff312052a33a54b51e4aa61"; + const validFrontmatterHash = "c2a79263dc72f28c76177afda9bf0935481b26da094407a50155a6e0244084e3"; + + beforeEach(() => { + process.env.GH_AW_WORKFLOW_FILE = "test.lock.yml"; + }); + + it("should pass when compiled hash matches the YAML body", async () => { + const lockFileContent = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"${validFrontmatterHash}","compiled_hash":"${validCompiledHash}"} +name: Test Workflow +on: push +jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "test"`; + + const mdFileContent = `--- +engine: copilot +--- +# Test Workflow`; + + mockGithub.rest.repos.getContent + .mockResolvedValueOnce({ + data: { + type: "file", + encoding: "base64", + content: Buffer.from(lockFileContent).toString("base64"), + }, + }) + .mockResolvedValueOnce({ + data: { + type: "file", + encoding: "base64", + content: Buffer.from(mdFileContent).toString("base64"), + }, + }); + + await main(); + + expect(mockCore.info).toHaveBeenCalledWith(expect.stringContaining("✅ Lock file is up to date (hashes match)")); + expect(mockCore.setFailed).not.toHaveBeenCalled(); + }); + + it("should fail when compiled hash does not match the YAML body (tampered lock file)", async () => { + // Lock file with valid frontmatter hash and compiled hash that no longer matches + // (simulating a tampered YAML body where permissions were escalated) + const lockFileContent = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"${validFrontmatterHash}","compiled_hash":"${validCompiledHash}"} +name: Test Workflow +on: push +jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "test" +permissions: + contents: write`; + + const mdFileContent = `--- +engine: copilot +--- +# Test Workflow`; + + mockGithub.rest.repos.getContent + .mockResolvedValueOnce({ + data: { + type: "file", + encoding: "base64", + content: Buffer.from(lockFileContent).toString("base64"), + }, + }) + .mockResolvedValueOnce({ + data: { + type: "file", + encoding: "base64", + content: Buffer.from(mdFileContent).toString("base64"), + }, + }); + + await main(); + + expect(mockCore.setFailed).toHaveBeenCalledWith(expect.stringContaining("compiled YAML body")); + expect(mockCore.setFailed).toHaveBeenCalledWith(expect.stringContaining("integrity check failed")); + expect(mockCore.summary.addRaw).toHaveBeenCalledWith(expect.stringContaining("Tamper Detected")); + expect(mockCore.summary.write).toHaveBeenCalled(); + }); + + it("should pass (backward compat) when compiled hash is absent from old lock files", async () => { + // Legacy lock file without compiled_hash - only frontmatter hash check applies + const lockFileContent = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"${validFrontmatterHash}"} +name: Test Workflow +on: push +jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "test"`; + + const mdFileContent = `--- +engine: copilot +--- +# Test Workflow`; + + mockGithub.rest.repos.getContent + .mockResolvedValueOnce({ + data: { + type: "file", + encoding: "base64", + content: Buffer.from(lockFileContent).toString("base64"), + }, + }) + .mockResolvedValueOnce({ + data: { + type: "file", + encoding: "base64", + content: Buffer.from(mdFileContent).toString("base64"), + }, + }); + + await main(); + + expect(mockCore.info).toHaveBeenCalledWith(expect.stringContaining("No compiled hash in lock file")); + expect(mockCore.info).toHaveBeenCalledWith(expect.stringContaining("✅ Lock file is up to date (hashes match)")); + expect(mockCore.setFailed).not.toHaveBeenCalled(); + }); + + it("should detect compiled hash mismatch even when frontmatter hash is valid", async () => { + // This is the key security test: .md is unchanged, but YAML body was tampered + const tamperedCompiledHash = "0000000000000000000000000000000000000000000000000000000000000000"; + const lockFileContent = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"${validFrontmatterHash}","compiled_hash":"${tamperedCompiledHash}"} +name: Test Workflow +on: push +jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "test"`; + + const mdFileContent = `--- +engine: copilot +--- +# Test Workflow`; + + mockGithub.rest.repos.getContent + .mockResolvedValueOnce({ + data: { + type: "file", + encoding: "base64", + content: Buffer.from(lockFileContent).toString("base64"), + }, + }) + .mockResolvedValueOnce({ + data: { + type: "file", + encoding: "base64", + content: Buffer.from(mdFileContent).toString("base64"), + }, + }); + + await main(); + + // Frontmatter hash would match, but compiled hash mismatch is caught first + expect(mockCore.setFailed).toHaveBeenCalledWith(expect.stringContaining("compiled YAML body")); + expect(mockCore.setFailed).toHaveBeenCalledWith(expect.stringContaining("integrity check failed")); + }); + }); }); diff --git a/actions/setup/js/frontmatter_hash_pure.cjs b/actions/setup/js/frontmatter_hash_pure.cjs index b955f500846..8c084ee9941 100644 --- a/actions/setup/js/frontmatter_hash_pure.cjs +++ b/actions/setup/js/frontmatter_hash_pure.cjs @@ -345,6 +345,44 @@ function extractHashFromLockFile(lockFileContent) { return ""; } +/** + * Extract compiled hash from lock file content. + * The compiled_hash covers all non-comment YAML lines and protects against + * tampering with security-critical fields (permissions, env vars, job steps). + * @param {string} lockFileContent - Content of the .lock.yml file + * @returns {string} The extracted compiled_hash or empty string if not found + */ +function extractCompiledHashFromLockFile(lockFileContent) { + const lines = lockFileContent.split("\n"); + for (const line of lines) { + const metadataMatch = line.match(/^#\s*gh-aw-metadata:\s*(\{.+\})/); + if (metadataMatch) { + try { + const metadata = JSON.parse(metadataMatch[1]); + if (metadata.compiled_hash) { + return metadata.compiled_hash; + } + } catch (err) { + // Invalid JSON + } + } + } + return ""; +} + +/** + * Compute the compiled hash of a lock file by hashing all non-comment lines. + * This matches the hash computed by the Go compiler in computeCompiledHash(). + * @param {string} lockFileContent - Content of the .lock.yml file + * @returns {string} SHA-256 hex hash of all non-comment lines + */ +function computeCompiledHashFromLockFile(lockFileContent) { + const lines = lockFileContent.split("\n"); + const nonCommentLines = lines.filter(line => !line.trimStart().startsWith("#")); + const content = nonCommentLines.join("\n"); + return crypto.createHash("sha256").update(content, "utf8").digest("hex"); +} + /** * Creates a file reader that uses GitHub's getFileContent API * @param {Object} github - GitHub API client (@actions/github) @@ -384,6 +422,8 @@ module.exports = { marshalCanonicalJSON, marshalSorted, extractHashFromLockFile, + extractCompiledHashFromLockFile, + computeCompiledHashFromLockFile, normalizeFrontmatterText, parseBoolFromFrontmatter, processImportsTextBased, diff --git a/actions/setup/js/frontmatter_hash_pure.test.cjs b/actions/setup/js/frontmatter_hash_pure.test.cjs index 373954a5a0b..248ce4efc1a 100644 --- a/actions/setup/js/frontmatter_hash_pure.test.cjs +++ b/actions/setup/js/frontmatter_hash_pure.test.cjs @@ -10,6 +10,8 @@ const { marshalCanonicalJSON, marshalSorted, extractHashFromLockFile, + extractCompiledHashFromLockFile, + computeCompiledHashFromLockFile, normalizeFrontmatterText, parseBoolFromFrontmatter, defaultFileReader, @@ -438,4 +440,112 @@ name: "Test Workflow"`; } }); }); + + describe("extractCompiledHashFromLockFile", () => { + it("should extract compiled_hash from JSON metadata", () => { + const content = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc123","compiled_hash":"xyz789"} + +name: "Test Workflow" +on: + push:`; + + const result = extractCompiledHashFromLockFile(content); + expect(result).toBe("xyz789"); + }); + + it("should return empty string when compiled_hash is absent", () => { + const content = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc123"} + +name: "Test Workflow"`; + + const result = extractCompiledHashFromLockFile(content); + expect(result).toBe(""); + }); + + it("should return empty string when no metadata comment is present", () => { + const content = `name: "Test Workflow" +on: + push:`; + + const result = extractCompiledHashFromLockFile(content); + expect(result).toBe(""); + }); + + it("should return empty string when metadata JSON is invalid", () => { + const content = `# gh-aw-metadata: {invalid json} + +name: "Test Workflow"`; + + const result = extractCompiledHashFromLockFile(content); + expect(result).toBe(""); + }); + }); + + describe("computeCompiledHashFromLockFile", () => { + it("should produce a 64-character hex SHA-256 hash", () => { + const content = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc"} + +name: "Test" +on: + push: +permissions: {}`; + + const result = computeCompiledHashFromLockFile(content); + expect(result).toMatch(/^[0-9a-f]{64}$/); + }); + + it("should exclude comment lines from the hash", () => { + const body = `name: "Test"\non:\n push:\npermissions: {}`; + const contentWithComments = `# banner line\n# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc"}\n${body}`; + const contentNoComments = body; + + const hashWithComments = computeCompiledHashFromLockFile(contentWithComments); + const hashNoComments = computeCompiledHashFromLockFile(contentNoComments); + expect(hashWithComments).toBe(hashNoComments); + }); + + it("should detect changes to non-comment YAML content", () => { + const base = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc"} + +name: "Test" +permissions: {}`; + const tampered = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc"} + +name: "Test" +permissions: + contents: write`; + + const hashBase = computeCompiledHashFromLockFile(base); + const hashTampered = computeCompiledHashFromLockFile(tampered); + expect(hashBase).not.toBe(hashTampered); + }); + + it("should produce the same hash regardless of comment content", () => { + const body = `\nname: "Test"\npermissions: {}`; + const content1 = `# original comment${body}`; + const content2 = `# modified comment${body}`; + + expect(computeCompiledHashFromLockFile(content1)).toBe(computeCompiledHashFromLockFile(content2)); + }); + + it("should be consistent: same input always produces same output", () => { + const content = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc","compiled_hash":"xyz"} + +name: "Test" +on: + push:`; + + const hash1 = computeCompiledHashFromLockFile(content); + const hash2 = computeCompiledHashFromLockFile(content); + expect(hash1).toBe(hash2); + }); + + it("should not be affected by changes to the compiled_hash field itself (it's a comment)", () => { + const body = `\nname: "Test"\npermissions: {}`; + const content1 = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc","compiled_hash":"hash1"}${body}`; + const content2 = `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc","compiled_hash":"hash2"}${body}`; + + expect(computeCompiledHashFromLockFile(content1)).toBe(computeCompiledHashFromLockFile(content2)); + }); + }); }); diff --git a/pkg/workflow/compiler_yaml.go b/pkg/workflow/compiler_yaml.go index 51232690f9d..7ba492bd99e 100644 --- a/pkg/workflow/compiler_yaml.go +++ b/pkg/workflow/compiler_yaml.go @@ -1,10 +1,13 @@ package workflow import ( + "crypto/sha256" + "encoding/hex" "encoding/json" "fmt" "os" "path/filepath" + "regexp" "sort" "strings" @@ -16,6 +19,51 @@ import ( var compilerYamlLog = logger.New("workflow:compiler_yaml") +// metadataLinePattern matches the gh-aw-metadata comment line in a lock file. +var metadataLinePattern = regexp.MustCompile(`(?m)^(#\s*gh-aw-metadata:\s*)(\{.+\})$`) + +// computeCompiledHash computes a SHA-256 hash of all non-comment lines in the YAML content. +// This covers the compiled YAML body (permissions, env vars, jobs, etc.) so that any +// tampering with security-critical fields is detected at runtime. +func computeCompiledHash(yamlContent string) string { + var nonCommentLines []string + for line := range strings.SplitSeq(yamlContent, "\n") { + trimmed := strings.TrimSpace(line) + if !strings.HasPrefix(trimmed, "#") { + nonCommentLines = append(nonCommentLines, line) + } + } + content := strings.Join(nonCommentLines, "\n") + sum := sha256.Sum256([]byte(content)) + return hex.EncodeToString(sum[:]) +} + +// injectCompiledHashIntoMetadata replaces the gh-aw-metadata comment line in the YAML +// with a version that includes the compiled_hash field. +// Returns the modified YAML unchanged if the metadata line is not found or cannot be parsed. +func injectCompiledHashIntoMetadata(yamlContent string, compiledHash string) string { + return metadataLinePattern.ReplaceAllStringFunc(yamlContent, func(match string) string { + submatches := metadataLinePattern.FindStringSubmatch(match) + if len(submatches) < 3 { + return match + } + prefix := submatches[1] + jsonStr := submatches[2] + + var metadata LockMetadata + if err := json.Unmarshal([]byte(jsonStr), &metadata); err != nil { + return match + } + metadata.CompiledHash = compiledHash + + newJSON, err := metadata.ToJSON() + if err != nil { + return match + } + return prefix + newJSON + }) +} + // effectiveStrictMode computes the effective strict mode for a workflow. // Priority: CLI flag (c.strictMode) > frontmatter strict field > default (true). // This should be used when emitting metadata/env vars to correctly reflect the @@ -278,6 +326,16 @@ func (c *Compiler) generateYAML(data *WorkflowData, markdownPath string) (string yamlContent = c.replaceIssueNumberReferences(yamlContent) } + // Compute compiled hash from non-comment YAML content and inject it into the + // metadata comment. This allows the runtime integrity check to detect tampering + // with security-critical fields (permissions, env vars, job steps, etc.) even + // when the frontmatter of the source .md file is unchanged. + if frontmatterHash != "" { + compiledHash := computeCompiledHash(yamlContent) + compilerYamlLog.Printf("Computed compiled hash: %s", compiledHash) + yamlContent = injectCompiledHashIntoMetadata(yamlContent, compiledHash) + } + compilerYamlLog.Printf("Successfully generated YAML for workflow: %s (%d bytes)", data.Name, len(yamlContent)) return yamlContent, nil } diff --git a/pkg/workflow/compiler_yaml_test.go b/pkg/workflow/compiler_yaml_test.go index 69ac7c31885..b2c85d4176f 100644 --- a/pkg/workflow/compiler_yaml_test.go +++ b/pkg/workflow/compiler_yaml_test.go @@ -1438,3 +1438,179 @@ Test prompt. }) } } + +func TestComputeCompiledHash(t *testing.T) { + tests := []struct { + name string + yamlInput string + wantSame string // if non-empty, input that should produce the same hash + wantChange string // if non-empty, input that should produce a different hash + }{ + { + name: "produces 64-char hex hash", + yamlInput: `# comment +name: "Test" +permissions: {}`, + }, + { + name: "excludes comment lines", + yamlInput: `# banner +# gh-aw-metadata: {"frontmatter_hash":"abc","compiled_hash":"placeholder"} +name: "Test" +permissions: {}`, + wantSame: `# different banner +# gh-aw-metadata: {"frontmatter_hash":"xyz"} +name: "Test" +permissions: {}`, + }, + { + name: "detects non-comment changes", + yamlInput: `# comment +name: "Test" +permissions: {}`, + wantChange: `# comment +name: "Test" +permissions: + contents: write`, + }, + { + name: "deterministic", + yamlInput: `# comment +name: "Test" +on: + push:`, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + hash := computeCompiledHash(tt.yamlInput) + + // Should always produce a 64-char hex hash + if len(hash) != 64 { + t.Errorf("expected 64-char hash, got %d chars: %s", len(hash), hash) + } + for _, c := range hash { + if (c < '0' || c > '9') && (c < 'a' || c > 'f') { + t.Errorf("hash contains non-hex char %q: %s", c, hash) + } + } + + // Should be deterministic + if hash2 := computeCompiledHash(tt.yamlInput); hash != hash2 { + t.Errorf("non-deterministic: got %s then %s", hash, hash2) + } + + // Should match a content-equivalent input + if tt.wantSame != "" { + sameHash := computeCompiledHash(tt.wantSame) + if hash != sameHash { + t.Errorf("expected same hash for comment-only change: got %s and %s", hash, sameHash) + } + } + + // Should differ from a content-different input + if tt.wantChange != "" { + diffHash := computeCompiledHash(tt.wantChange) + if hash == diffHash { + t.Errorf("expected different hash for content change, both produced %s", hash) + } + } + }) + } +} + +func TestInjectCompiledHashIntoMetadata(t *testing.T) { + t.Run("injects compiled_hash into JSON metadata", func(t *testing.T) { + input := `# banner +# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc123"} +name: "Test" +` + result := injectCompiledHashIntoMetadata(input, "deadbeef") + if !strings.Contains(result, `"compiled_hash":"deadbeef"`) { + t.Errorf("expected compiled_hash in metadata, got:\n%s", result) + } + if !strings.Contains(result, `"frontmatter_hash":"abc123"`) { + t.Errorf("frontmatter_hash should be preserved, got:\n%s", result) + } + }) + + t.Run("returns unchanged YAML when no metadata line present", func(t *testing.T) { + input := `# no metadata comment +name: "Test" +` + result := injectCompiledHashIntoMetadata(input, "deadbeef") + if result != input { + t.Errorf("expected input unchanged, got:\n%s", result) + } + }) + + t.Run("returns unchanged YAML when metadata JSON is invalid", func(t *testing.T) { + input := `# gh-aw-metadata: {invalid json} +name: "Test" +` + result := injectCompiledHashIntoMetadata(input, "deadbeef") + if result != input { + t.Errorf("expected input unchanged on invalid JSON, got:\n%s", result) + } + }) +} + +func TestCompiledHashInLockFile(t *testing.T) { + tmpDir := testutil.TempDir(t, "compiled-hash-test") + + workflowContent := `--- +engine: copilot +on: issues +permissions: + contents: read +--- + +# Test Workflow + +This workflow processes issues. +` + workflowPath := filepath.Join(tmpDir, "test-workflow.md") + if err := os.WriteFile(workflowPath, []byte(workflowContent), 0644); err != nil { + t.Fatal(err) + } + + compiler := NewCompiler() + compiler.SetQuiet(true) + if err := compiler.CompileWorkflow(workflowPath); err != nil { + t.Fatalf("CompileWorkflow() failed: %v", err) + } + + lockFile := filepath.Join(tmpDir, "test-workflow.lock.yml") + content, err := os.ReadFile(lockFile) + if err != nil { + t.Fatalf("Failed to read lock file: %v", err) + } + yamlStr := string(content) + + // The lock file should contain a compiled_hash in the metadata + if !strings.Contains(yamlStr, `"compiled_hash":`) { + t.Errorf("expected compiled_hash in lock file metadata, got:\n%s", yamlStr) + } + + // Extract and verify the compiled_hash is a valid 64-char hex string + metadata, _, err := ExtractMetadataFromLockFile(yamlStr) + if err != nil { + t.Fatalf("ExtractMetadataFromLockFile() failed: %v", err) + } + if metadata == nil { + t.Fatal("expected metadata to be present") + } + if len(metadata.CompiledHash) != 64 { + t.Errorf("expected 64-char compiled_hash, got %d chars: %q", len(metadata.CompiledHash), metadata.CompiledHash) + } + + // Verify the compiled_hash matches what we'd compute independently + recomputed := computeCompiledHash(yamlStr) + // The stored hash was computed from the YAML *before* injecting compiled_hash, + // which is identical to the YAML *after* injecting (since that's a comment line). + // So the recomputed hash from the final file should equal the stored hash. + if metadata.CompiledHash != recomputed { + t.Errorf("compiled_hash in metadata (%s) does not match recomputed hash (%s)", metadata.CompiledHash, recomputed) + } +} diff --git a/pkg/workflow/lock_schema.go b/pkg/workflow/lock_schema.go index 2898929cc28..5e5d9c9be87 100644 --- a/pkg/workflow/lock_schema.go +++ b/pkg/workflow/lock_schema.go @@ -33,6 +33,7 @@ const ( type LockMetadata struct { SchemaVersion LockSchemaVersion `json:"schema_version"` FrontmatterHash string `json:"frontmatter_hash,omitempty"` + CompiledHash string `json:"compiled_hash,omitempty"` StopTime string `json:"stop_time,omitempty"` CompilerVersion string `json:"compiler_version,omitempty"` Strict bool `json:"strict,omitempty"` diff --git a/pkg/workflow/lock_schema_test.go b/pkg/workflow/lock_schema_test.go index 0af355ae2db..8159cdbf5b2 100644 --- a/pkg/workflow/lock_schema_test.go +++ b/pkg/workflow/lock_schema_test.go @@ -675,3 +675,38 @@ name: test assert.Equal(t, "copilot", metadata.DetectionAgentID, "Should extract detection agent ID") assert.Equal(t, "gpt-5.1-codex-mini", metadata.DetectionAgentModel, "Should extract detection agent model") } + +func TestExtractMetadataWithCompiledHash(t *testing.T) { + content := `# gh-aw-metadata: {"schema_version":"v3","frontmatter_hash":"abc123","compiled_hash":"deadbeef1234567890abcdef1234567890abcdef1234567890abcdef1234abcd"} +name: test +` + metadata, isLegacy, err := ExtractMetadataFromLockFile(content) + require.NoError(t, err, "Should parse metadata with compiled_hash") + assert.False(t, isLegacy, "Should not be legacy") + require.NotNil(t, metadata) + assert.Equal(t, LockSchemaV3, metadata.SchemaVersion) + assert.Equal(t, "abc123", metadata.FrontmatterHash) + assert.Equal(t, "deadbeef1234567890abcdef1234567890abcdef1234567890abcdef1234abcd", metadata.CompiledHash, "Should extract compiled_hash") +} + +func TestLockMetadataCompiledHashSerialization(t *testing.T) { + metadata := &LockMetadata{ + SchemaVersion: LockSchemaV3, + FrontmatterHash: "frontmatter123", + CompiledHash: "compiled456", + } + json, err := metadata.ToJSON() + require.NoError(t, err) + assert.Contains(t, json, `"compiled_hash":"compiled456"`, "compiled_hash should be included in JSON") + assert.Contains(t, json, `"frontmatter_hash":"frontmatter123"`) +} + +func TestLockMetadataCompiledHashOmittedWhenEmpty(t *testing.T) { + metadata := &LockMetadata{ + SchemaVersion: LockSchemaV3, + FrontmatterHash: "frontmatter123", + } + json, err := metadata.ToJSON() + require.NoError(t, err) + assert.NotContains(t, json, `"compiled_hash"`, "compiled_hash should be omitted when empty") +}