From 1a32ddb16131f6da6842aca1107c6eb5c2f2b7aa Mon Sep 17 00:00:00 2001
From: Brent G <deliberatekids@gmail.com>
Date: Tue, 16 Jun 2026 21:48:40 +0000
Subject: [PATCH 1/5] ci: rename CODEX_OPENAI_BASE_URL secret to
 OPENAI_BASE_URL; gitignore stray waveform png
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- codex-review now reads the provider endpoint from secrets.OPENAI_BASE_URL
  (renamed from CODEX_OPENAI_BASE_URL; secret recreated with the same value).
- gitignore audio_pcm_waveform.png (test artifact), alongside dots-break.png.

🤖 Built with SMT <smt@agora.build>
---
 .github/workflows/codex-code-review.yml | 2 +-
 .gitignore                              | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codex-code-review.yml b/.github/workflows/codex-code-review.yml
index 6ed5426..a1f3b08 100644
--- a/.github/workflows/codex-code-review.yml
+++ b/.github/workflows/codex-code-review.yml
@@ -32,7 +32,7 @@ jobs:
         uses: openai/codex-action@v1
         with:
           openai-api-key: ${{ secrets.OPENAI_API_KEY }}
-          responses-api-endpoint: ${{ secrets.CODEX_OPENAI_BASE_URL }}v1/responses
+          responses-api-endpoint: ${{ secrets.OPENAI_BASE_URL }}v1/responses
           model: gpt-5.5
           sandbox: read-only
           prompt: |
diff --git a/.gitignore b/.gitignore
index 9e226eb..418bab1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,6 +22,7 @@ test-results/
 .chisel/
 docs/superpowers/
 dots-break.png
+audio_pcm_waveform.png
 
 # Local turn_taking reference YAMLs (paste into the console UI; not tracked)
 vox_eval_agentd/eval-sets/

From 9d6909d7ab1d07cdd28482d18a5e242d3f930387 Mon Sep 17 00:00:00 2001
From: Brent G <deliberatekids@gmail.com>
Date: Tue, 16 Jun 2026 21:57:28 +0000
Subject: [PATCH 2/5] ci: make codex endpoint robust to a missing trailing
 slash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolve the responses endpoint in a shell step that strips any trailing slash
before appending /v1/responses, so OPENAI_BASE_URL works with or without one
(was: direct concat, which produced ...hostv1/responses on a missing slash).

🤖 Built with SMT <smt@agora.build>
---
 .github/workflows/codex-code-review.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codex-code-review.yml b/.github/workflows/codex-code-review.yml
index a1f3b08..2748901 100644
--- a/.github/workflows/codex-code-review.yml
+++ b/.github/workflows/codex-code-review.yml
@@ -27,12 +27,20 @@ jobs:
           echo "$DIFF" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
 
+      - name: Resolve Codex responses endpoint
+        id: endpoint
+        env:
+          OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
+        run: |
+          # Tolerate OPENAI_BASE_URL with or without a trailing slash.
+          echo "url=${OPENAI_BASE_URL%/}/v1/responses" >> "$GITHUB_OUTPUT"
+
       - name: Run Codex Code Review
         id: run_codex
         uses: openai/codex-action@v1
         with:
           openai-api-key: ${{ secrets.OPENAI_API_KEY }}
-          responses-api-endpoint: ${{ secrets.OPENAI_BASE_URL }}v1/responses
+          responses-api-endpoint: ${{ steps.endpoint.outputs.url }}
           model: gpt-5.5
           sandbox: read-only
           prompt: |

From 74f59725b5ecaed857bb8f9440a96c4dc3fa8a34 Mon Sep 17 00:00:00 2001
From: Brent G <deliberatekids@gmail.com>
Date: Tue, 16 Jun 2026 22:00:57 +0000
Subject: [PATCH 3/5] ci: simplify codex endpoint to direct concat (secret
 carries trailing slash)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Drop the slash-normalizing step; OPENAI_BASE_URL is set with a trailing slash,
so ${{ secrets.OPENAI_BASE_URL }}v1/responses is correct. Note added to keep
the trailing-slash requirement explicit.

🤖 Built with SMT <smt@agora.build>
---
 .github/workflows/codex-code-review.yml | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/codex-code-review.yml b/.github/workflows/codex-code-review.yml
index 2748901..e9cb08c 100644
--- a/.github/workflows/codex-code-review.yml
+++ b/.github/workflows/codex-code-review.yml
@@ -27,20 +27,13 @@ jobs:
           echo "$DIFF" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
 
-      - name: Resolve Codex responses endpoint
-        id: endpoint
-        env:
-          OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
-        run: |
-          # Tolerate OPENAI_BASE_URL with or without a trailing slash.
-          echo "url=${OPENAI_BASE_URL%/}/v1/responses" >> "$GITHUB_OUTPUT"
-
       - name: Run Codex Code Review
         id: run_codex
         uses: openai/codex-action@v1
         with:
           openai-api-key: ${{ secrets.OPENAI_API_KEY }}
-          responses-api-endpoint: ${{ steps.endpoint.outputs.url }}
+          # OPENAI_BASE_URL secret must end with a trailing slash.
+          responses-api-endpoint: ${{ secrets.OPENAI_BASE_URL }}v1/responses
           model: gpt-5.5
           sandbox: read-only
           prompt: |

From 19ac865b0466e600744d295315d3d25b61a24d49 Mon Sep 17 00:00:00 2001
From: Brent G <deliberatekids@gmail.com>
Date: Tue, 16 Jun 2026 22:03:01 +0000
Subject: [PATCH 4/5] ci: base-url secret without trailing slash, leading-slash
 path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use ${{ secrets.OPENAI_BASE_URL }}/v1/responses (conventional base URL with
no trailing slash + leading-slash path). Secret updated to drop the trailing
slash accordingly.

🤖 Built with SMT <smt@agora.build>
---
 .github/workflows/codex-code-review.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codex-code-review.yml b/.github/workflows/codex-code-review.yml
index e9cb08c..25c4d99 100644
--- a/.github/workflows/codex-code-review.yml
+++ b/.github/workflows/codex-code-review.yml
@@ -32,8 +32,8 @@ jobs:
         uses: openai/codex-action@v1
         with:
           openai-api-key: ${{ secrets.OPENAI_API_KEY }}
-          # OPENAI_BASE_URL secret must end with a trailing slash.
-          responses-api-endpoint: ${{ secrets.OPENAI_BASE_URL }}v1/responses
+          # OPENAI_BASE_URL secret has no trailing slash, e.g. https://host/openai
+          responses-api-endpoint: ${{ secrets.OPENAI_BASE_URL }}/v1/responses
           model: gpt-5.5
           sandbox: read-only
           prompt: |

From 1359e2c2fa2baf3d4a9bc38b75d3cfb5451be2a3 Mon Sep 17 00:00:00 2001
From: Brent G <deliberatekids@gmail.com>
Date: Tue, 16 Jun 2026 22:56:57 +0000
Subject: [PATCH 5/5] ci: gate codex-review to trusted authors (match
 claude-review)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Same secret-exfil hardening: OPENAI_API_KEY is in env and codex output is posted
verbatim, so restrict triggering to OWNER/MEMBER/COLLABORATOR authors. Fork and
untrusted PRs no longer run the secret-bearing review.

🤖 Built with SMT <smt@agora.build>
---
 .github/workflows/codex-code-review.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/codex-code-review.yml b/.github/workflows/codex-code-review.yml
index 25c4d99..d5d4354 100644
--- a/.github/workflows/codex-code-review.yml
+++ b/.github/workflows/codex-code-review.yml
@@ -6,6 +6,15 @@ on:
 
 jobs:
   codex-review:
+    # Trusted-author gate: the model gets OPENAI_API_KEY in env and its output is
+    # posted verbatim, so untrusted PR text could try to exfiltrate secrets via
+    # the review comment. Restrict to authors with push access — they already
+    # have repo-secret access, so this adds no exposure; fork/untrusted PRs don't
+    # run. (Mirrors claude-code-review.yml.)
+    if: >-
+      github.event.pull_request.author_association == 'OWNER' ||
+      github.event.pull_request.author_association == 'MEMBER' ||
+      github.event.pull_request.author_association == 'COLLABORATOR'
     runs-on: ubuntu-latest
     permissions:
       contents: read