ci: add optional CortexTrace Free execution review#269
ci: add optional CortexTrace Free execution review#269Maurice Witten (blocksifrdev) wants to merge 2 commits into
Conversation
Signed-off-by: blocksifrdev <maurice@blocksifr.com>
Maurice Witten (blocksifrdev)
requested review from
Nelson Spence (Fieldnote-Echo),
Navi Bot (project-navi-bot) and
Todd Baur (toadkicker)
as code owners
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4ed4459421
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "Codex (@codex) review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "Codex (@codex) address that feedback".
| - name: Run CortexTrace Free | ||
| run: | | ||
| mkdir -p .cortextrace/reports | ||
| npx -y @blocksifr/cortextrace@latest doctor || true |
There was a problem hiding this comment.
Because this job checks out the repo without persist-credentials: false, the checkout token remains available to later steps; I checked npx --help, which says it runs commands from a local or remote npm package, and @latest is a mutable remote version. On every push to main and PR run, a compromised or hijacked CortexTrace npm release can run arbitrary code and exfiltrate the repo token and source before the command is ignored by || true. Pin the CLI version/digest and disable persisted checkout credentials, or run the tool in a context without a token.
Useful? React with 👍 / 👎.
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 |
There was a problem hiding this comment.
This new workflow uses moving tag refs for third-party actions, while the repo's existing workflows pin actions by SHA and .github/workflows/zizmor.yml audits .github/workflows/ specifically to catch unpinned actions. These @v4 refs can change underneath CI and should also cause the workflow-security audit to fail for PRs that include this file; pin checkout, setup-node, and upload-artifact to commit SHAs like the rest of the repository.
Useful? React with 👍 / 👎.
| node-version: "20" | ||
|
|
||
| - name: Run CortexTrace Free | ||
| run: | |
There was a problem hiding this comment.
The CortexTrace commands run as plain shell commands, but this step never exposes secrets.GITHUB_TOKEN as an environment variable; the package docs advertise GITHUB_TOKEN for GitHub usage, and the workflow grants PR/actions read scopes that the process cannot use unless the token is passed. On PR or push runs where the tool needs GitHub PR/action metadata, doctor, run, and report can fail unauthenticated and still leave a green job because every command is followed by || true and missing artifacts are ignored.
Useful? React with 👍 / 👎.
| with: | ||
| name: cortextrace-free-report | ||
| path: | | ||
| .cortextrace/reports/** |
There was a problem hiding this comment.
The reports configured in .cortextrace/config.json are written under .cortextrace/reports, but actions/upload-artifact v4.4+ ignores hidden files and files inside dot-prefixed folders by default unless include-hidden-files: true is set. In the normal report path, this upload step will silently omit the CortexTrace reports while if-no-files-found: ignore still leaves the workflow green, so reviewers will have no artifact to inspect.
Useful? React with 👍 / 👎.
Signed-off-by: blocksifrdev <maurice@blocksifr.com>
|
Thanks, these are good catches.
I updated the workflow to keep the CortexTrace run intentionally local-first and credential-minimized:
* pinned GitHub Actions to immutable commit SHAs
* set persist-credentials: false on checkout
* pinned the CortexTrace CLI to a fixed npm version instead of @latest
* removed unused pull-requests: read and actions: read permissions
* did not pass GITHUB_TOKEN into the CLI step
* added include-hidden-files: true for .cortextrace/reports
* changed missing artifacts from ignore to warn
* added a step summary so advisory failures are visible without blocking merges
I intentionally did not pass GITHUB_TOKEN to the CLI. For this repo, I think the safer initial posture is artifact-only local evidence with no credential-bearing third-party execution. If maintainers later want PR/action metadata enrichment, that can be added explicitly with a separate review.
________________________________
From: chatgpt-codex-connector[bot] ***@***.***>
Sent: Saturday, June 20, 2026 8:39 AM
To: Project-Navi/ordvec ***@***.***>
Cc: Maurice Witten ***@***.***>; Author ***@***.***>
Subject: Re: [Project-Navi/ordvec] ci: add optional CortexTrace Free execution review (PR #269)
@chatgpt-codex-connector[bot] commented on this pull request.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4ed4459
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo<https://chatgpt.com/codex/cloud/settings/general>. Reviews are triggered when you
* Open a pull request for review
* Mark a draft as ready
* Comment "Codex ***@***.***)<https://github.com/codex> review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "Codex ***@***.***)<https://github.com/codex> address that feedback".
________________________________
In .github/workflows/cortextrace-free.yml<#269 (comment)>:
+ runs-on: ubuntu-latest
+ timeout-minutes: 10
+
+ steps:
+ - name: Checkout
+ uses: ***@***.***
+
+ - name: Setup Node for CortexTrace CLI
+ uses: ***@***.***
+ with:
+ node-version: "20"
+
+ - name: Run CortexTrace Free
+ run: |
+ mkdir -p .cortextrace/reports
+ npx -y @***@***.*** doctor || true
[P1 Badge]<https://camo.githubusercontent.com/c595229c0ecb6ee85b9c7804144d495f131a495ec87091fea2b262d954c9a92d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f50312d6f72616e67653f7374796c653d666c6174> Don't execute a mutable npm package with checkout credentials
Because this job checks out the repo without persist-credentials: false, the checkout token remains available to later steps; I checked npx --help, which says it runs commands from a local or remote npm package, and @latest is a mutable remote version. On every push to main and PR run, a compromised or hijacked CortexTrace npm release can run arbitrary code and exfiltrate the repo token and source before the command is ignored by || true. Pin the CLI version/digest and disable persisted checkout credentials, or run the tool in a context without a token.
Useful? React with 👍 / 👎.
________________________________
In .github/workflows/cortextrace-free.yml<#269 (comment)>:
+ workflow_dispatch:
+
+permissions:
+ contents: read
+ pull-requests: read
+ actions: read
+
+jobs:
+ cortextrace:
+ name: Execution consequence review
+ runs-on: ubuntu-latest
+ timeout-minutes: 10
+
+ steps:
+ - name: Checkout
+ uses: ***@***.***
[P2 Badge]<https://camo.githubusercontent.com/f2c1aacb361ddd3a0e9f9cacdb84fab050de434017f6747bb916e31e29bdf03d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f50322d79656c6c6f773f7374796c653d666c6174> Pin the workflow actions to immutable SHAs
This new workflow uses moving tag refs for third-party actions, while the repo's existing workflows pin actions by SHA and .github/workflows/zizmor.yml audits .github/workflows/ specifically to catch unpinned actions. These @v4 refs can change underneath CI and should also cause the workflow-security audit to fail for PRs that include this file; pin checkout, setup-node, and upload-artifact to commit SHAs like the rest of the repository.
Useful? React with 👍 / 👎.
________________________________
In .github/workflows/cortextrace-free.yml<#269 (comment)>:
+ cortextrace:
+ name: Execution consequence review
+ runs-on: ubuntu-latest
+ timeout-minutes: 10
+
+ steps:
+ - name: Checkout
+ uses: ***@***.***
+
+ - name: Setup Node for CortexTrace CLI
+ uses: ***@***.***
+ with:
+ node-version: "20"
+
+ - name: Run CortexTrace Free
+ run: |
[P2 Badge]<https://camo.githubusercontent.com/f2c1aacb361ddd3a0e9f9cacdb84fab050de434017f6747bb916e31e29bdf03d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f50322d79656c6c6f773f7374796c653d666c6174> Pass the GitHub token to the CLI step
The CortexTrace commands run as plain shell commands, but this step never exposes secrets.GITHUB_TOKEN as an environment variable; the package docs advertise GITHUB_TOKEN for GitHub usage, and the workflow grants PR/actions read scopes that the process cannot use unless the token is passed. On PR or push runs where the tool needs GitHub PR/action metadata, doctor, run, and report can fail unauthenticated and still leave a green job because every command is followed by || true and missing artifacts are ignored.
Useful? React with 👍 / 👎.
________________________________
In .github/workflows/cortextrace-free.yml<#269 (comment)>:
+ node-version: "20"
+
+ - name: Run CortexTrace Free
+ run: |
+ mkdir -p .cortextrace/reports
+ npx -y @***@***.*** doctor || true
+ npx -y @***@***.*** run || true
+ npx -y @***@***.*** report || true
+
+ - name: Upload CortexTrace reports
+ uses: ***@***.***
+ if: always()
+ with:
+ name: cortextrace-free-report
+ path: |
+ .cortextrace/reports/**
[P2 Badge]<https://camo.githubusercontent.com/f2c1aacb361ddd3a0e9f9cacdb84fab050de434017f6747bb916e31e29bdf03d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f50322d79656c6c6f773f7374796c653d666c6174> Include hidden report directories in the artifact
The reports configured in .cortextrace/config.json are written under .cortextrace/reports, but actions/upload-artifact v4.4+ ignores hidden files and files inside dot-prefixed folders by default unless include-hidden-files: true is set. In the normal report path, this upload step will silently omit the CortexTrace reports while if-no-files-found: ignore still leaves the workflow green, so reviewers will have no artifact to inspect.
Useful? React with 👍 / 👎.
—
Reply to this email directly, view it on GitHub<#269?email_source=notifications&email_token=B2HS6GSUJZDLVA3XOWTH3235A2AZPA5CNFSNUABKM5UWIORPF5TWS5BNNB2WEL2QOVWGYUTFOF2WK43UKJSXM2LFO4XTINJTG42DSNZQHE32M4TFMFZW63VGMF2XI2DPOKSWK5TFNZ2KYZTPN52GK4S7MNWGSY3L#pullrequestreview-4537497097>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/B2HS6GVBDQGGRD6ZSHTJKSD5A2AZPAVCNFSNUABGKJSXA33TNF2G64TZHMYTENBXGA2TCNRTGY5US43TOVSTWNBXGA3DKNRTGI4DBILWAI>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
You have reached your Codex usage limits. You can see your limits in the Codex usage dashboard. |
1 participant
Summary
Checklist
cargo fmt --all --checkpassescargo clippy --all-targets --all-features -- -D warningsis cleancargo test,cargo test --features experimental, andcargo test --no-default-featurespasssuite under Intel SDE; locally, run on an AVX-512 host or via SDE)
docs/compatibility-policy.mdif this touches public Rust, Python, C ABI, Go, Manifest,
persisted-format, examples/docs, feature, or MSRV surfaces
CHANGELOG.mdupdated underUnreleasedif user-facingcargo deny checkpasses (licenses / advisories / bans / sources)ordvec-python/changed:cargo clippy -p ordvec-python --all-targets -- -D warnings, thenmaturin develop+pytest ordvec-python/testspassNotes