chore: pin hard-failure drift review bridge#241
Conversation
Co-Authored-By: Codex <noreply@openai.com>
🤖 Codex PR Review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b92e76ef7e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| with: | ||
| repository: QuantStrategyLab/AIAuditBridge | ||
| ref: cd35a96c4c56ba75034f7bbe3cf803e7dad3c283 | ||
| ref: 66b1107f7cb081ab1409e8b6ebdc6334999fa5dc |
There was a problem hiding this comment.
Pin a bridge build that trusts this workflow SHA
When strategy repos rotate their reusable drift caller to this new QPK revision, the Codex primary review will be rejected by the audit service before any dual review can run: I checked the pinned AIAuditBridge revision 66b1107..., and its service deployment allowlist still only includes QuantPlatformKit/.github/workflows/reusable-drift-check.yml@644cd900... and @d0a081ca..., not this workflow revision. Because run_codex_service_review authenticates with the GitHub OIDC token and the service validates job_workflow_ref, critical-drift runs with CODEX_AUDIT_SERVICE_URL configured will fail with an auth error instead of producing the durable review/issue path this workflow expects.
Useful? React with 👍 / 👎.
Summary
Validation
python3 -m pytest -q tests/test_reusable_drift_workflow.pyactionlint .github/workflows/reusable-drift-check.ymlgit diff --check