fix(cli): tighten run failure and GitHub Actions detection#24
Conversation
Abdulmuiz44
commented
Jun 2, 2026
Abdulmuiz44
commented
- Emits codra.run.failed for JSONL argument validation failures.
- Tightens GitHub Actions detection to prefer GITHUB_ACTIONS=true.
- Preserves local fixture parsing without mislabeling it as real Actions mode.
- Adds tests for invalid task JSONL failures and Actions detection.
- Does not add AI provider calls or GitHub Action behavior.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5c6a1a1193
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| pub fn emit_argument_validation_failed(task: &str, error: &str) -> Result<(), String> { | ||
| let run_id = new_run_id(); | ||
| let safe = crate::utils::safe_error::redact_secrets(error); | ||
| let emitter = EventEmitter::new(run_id, task.to_string(), true); |
There was a problem hiding this comment.
When --jsonl is set and the invalid --task value itself contains a secret-like token (for example from a copy/paste mistake), the error string is redacted but the raw task label is still placed in the event's top-level task field via EventEmitter::new, while the payload declares secretsExposed: false. This leaks the value into CI logs/event consumers despite the new validation-failure redaction path; redact the task label or use a neutral value for invalid tasks.
Useful? React with 👍 / 👎.
1 participant
