Migrate detection job artifacts to unified /tmp/gh-aw/artifacts architecture

[Copilot]

Detection Job Artifact Architecture Update ✅

Based on the problem statement, all requirements have been successfully implemented and merged with main branch.

Changes Completed:

• Update artifact download path from /tmp/gh-aw/threat-detection/ to /tmp/gh-aw/artifacts
  • Updated in threat_detection.go for both agent-artifacts and agent-output downloads
• Update prompt.txt path in setup_threat_detection.cjs
  • Changed from /tmp/gh-aw/threat-detection/tmp/gh-aw/aw-prompts/prompt.txt to /tmp/gh-aw/artifacts/tmp/gh-aw/aw-prompts/prompt.txt
• Update aw.patch path in setup_threat_detection.cjs
  • Changed from /tmp/gh-aw/threat-detection/tmp/gh-aw/aw.patch to /tmp/gh-aw/artifacts/tmp/gh-aw/aw.patch
• Update agent_output.json path in both JavaScript files
  • Changed from /tmp/gh-aw/threat-detection/agent_output.json to /tmp/gh-aw/artifacts/agent_output.json
• Add validation in setup_threat_detection.cjs to fail if prompt.txt is not found
  • Uses core.setFailed() and returns early if prompt file is missing
• Add validation in setup_threat_detection.cjs to fail if agent output file is not found
  • Uses core.setFailed() and returns early if agent output is missing
• Add validation in parse_threat_detection_results.cjs to fail if agent output file is not found
  • Uses core.setFailed() and returns early if agent output is missing
• Add logic to fail if aw.patch is not found but was expected (when has_patch is true)
  • Reads HAS_PATCH environment variable and fails if patch should exist but doesn't
  • Added HAS_PATCH environment variable to the setup threat detection step
• Update related test files to match new paths
  • Updated threat_detection_test.go to expect /tmp/gh-aw/artifacts path
• Recompile workflow lock files
  • All workflow lock files successfully recompiled with new paths
• Merge main branch and recompile (multiple times)
  • Successfully merged latest changes from main (commit 97338bd)
  • All workflows recompiled successfully

Merge Details:

• Latest merge: main branch at commit 97338bd
• All 122 workflow files compiled successfully
• Branch is fully up to date with main

Original prompt

Update step generation of the detection job in tbe compiler:

• agent-artifacts must be downloaded in /tmp/gh-aw/artifacts
• location of the prompt.txt and aw.patch must be update accordingly and based on the new unified artifact architecture
• detection should fail if prompt.txt file is not found
• detection should fail if agent output file is not found
• detection should fail if aw.patch is not found but was expected to be found

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Migrate detection job artifacts to unified /tmp/gh-aw/artifacts path; add validations to fail when prompt.txt, agent_output.json, or aw.patch (when expected) are missing.

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[pelikhan]

@copilot merge main and recompile

[Copilot]

@copilot merge main and recompile

Merged main branch and recompiled all workflows in commit b73cd9e. Resolved merge conflicts and all 122 workflow files compiled successfully.

[github-actions]

⚠️ Security scanning failed for Smoke Codex. Review the logs for details.

[github-actions]

⚠️ Security scanning failed for Smoke Copilot Playwright. Review the logs for details.

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

⚠️ Security scanning failed for Changeset Generator. Review the logs for details.

[github-actions]

⚠️ Security scanning failed for Smoke Codex Firewall. Review the logs for details.

[github-actions]

⚠️ Security scanning failed for Smoke Copilot. Review the logs for details.

[github-actions]

⚠️ Security scanning failed for Smoke Claude. Review the logs for details.

[github-actions]

⚠️ Security scanning failed for Smoke Copilot No Firewall. Review the logs for details.

[github-actions]

⚠️ Security scanning failed for Smoke Codex. Review the logs for details.

[pelikhan]

@copilot merge main and recompile

[Copilot]

@copilot merge main and recompile

Merged latest main branch (commit 97338bd) and recompiled all workflows in commit 6ede819. All 122 workflow files compiled successfully.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot Playwright reports failed. Our correspondents are investigating the incident...

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• [WIP] Fix errors in latest campaign run and discover outputs #8879: [WIP] Fix errors in latest campaign run and discover outputs
• [WIP] Adjust file location to xpectations in JavaScript #8878: [WIP] Adjust file location to xpectations in JavaScript

Test Results:

• ✅ GitHub MCP Testing (accessed PR data)
• ✅ File Writing Testing (created agent file)
• ✅ Bash Tool Testing (verified file creation)
• ✅ GitHub MCP Default Toolset (get_me correctly unavailable: 403 error)
• ✅ Cache Memory Testing (created cache file)
• ✅ Web Fetch Testing (fetched valid JSON from GitHub API)
• ✅ Available Tools Display (confirmed git, curl, node, python available)

Status: PASS

cc @pelikhan

AI generated by Smoke Copilot

[github-actions]

Firewall smoke test results:

• Last merged PRs: [WIP] Adjust file location to xpectations in JavaScript; Rename campaign files from project68 to project71
• OpenAI curl blocked: ✅
• GitHub MCP merged PR fetch: ✅
• File write/read /tmp/gh-aw/agent/smoke-test-codex-firewall-20694171106.txt: ✅
• Other domain curl blocked (example.com): ✅
  Network: SANDBOXED
  Overall: PASS

AI generated by Smoke Codex Firewall

[github-actions]

Smoke Test Results - Copilot Engine (No Firewall)

All tests passed ✅

• Last 2 merged PRs reviewed: [WIP] Adjust file location to xpectations in JavaScript #8878, Rename campaign files from project68 to project71 #8877
• Test file created: /tmp/gh-aw/agent/smoke-test-copilot-20694171112.txt
• Playwright GitHub navigation: Page title verified: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
• safeinputs-gh tool: Successfully listed 3 issues: [Bug] safe-outputs.create-issue: assignees config not passed to handler and handler doesn't process it #8881, Smoke Test Results - Copilot Engine - Run 20692713520 #8866, 📊 Workflow Health Dashboard - 2026-01-04 #8825

AI generated by Smoke Copilot No Firewall

[github-actions]

Smoke Test Results - Claude Engine

Last 2 Merged PRs:

• [WIP] Adjust file location to xpectations in JavaScript #8878: [WIP] Adjust file location to xpectations in JavaScript
• [WIP] Fix errors in latest campaign run and discover outputs #8879: [WIP] Fix errors in latest campaign run and discover outputs

Test Results:

• ✅ GitHub MCP: Fetched recent PRs successfully
• ✅ File Writing: Created test file in /tmp/gh-aw/agent/
• ✅ Bash Tool: Verified file creation successfully
• ✅ Playwright MCP: Navigated to github.com, title contains "GitHub"
• ✅ Cache Memory: Created and verified cache file
• ❌ Safe Input gh Tool: Tool not available in current environment

Overall Status: PASS (5/6 tests successful)

AI generated by Smoke Claude

[github-actions]

Recent merged PRs: [WIP] Adjust file location to xpectations in JavaScript; Fix update command treating commit SHAs as branch names
GitHub MCP: ✅
Agent file write/read: ✅
Playwright title check (github.com): ✅
Cache memory write/read: ✅
safeinputs-gh (gh issues list --limit 3): ❌ tool missing / gh unauthenticated
Overall: FAIL

AI generated by Smoke Codex