Fix artifact naming to comply with upload-artifact@v5 requirements

[Copilot]

GitHub Actions upload-artifact@v5 enforces stricter artifact naming conventions. Artifact names with file extensions (e.g., prompt.txt, agent_output.json) were causing upload failures in workflow runs.

Changes

Artifact name normalization:

• Removed file extensions: prompt.txt → prompt, aw_info.json → aw-info
• Standardized delimiters: safe_output.jsonl → safe-output, agent_output.json → agent-output

Fixed download path resolution:
actions/download-artifact extracts artifacts to {download-path}/{artifact-name}/. Updated environment variable paths to account for this subdirectory structure:

// Before: pointed to non-existent file
artifactPath := fmt.Sprintf("%s%s", config.DownloadPath, config.ArtifactName)
// /tmp/gh-aw/safeoutputs/agent_output.json

// After: points to actual extracted file location  
artifactPath := fmt.Sprintf("%s%s/agent_output.json", config.DownloadPath, config.ArtifactName)
// /tmp/gh-aw/safeoutputs/agent-output/agent_output.json

Updated modules:

• pkg/constants/constants.go - Artifact name constants
• pkg/workflow/artifacts.go - Download path logic
• pkg/workflow/compiler_yaml_artifacts.go - Upload step generation
• pkg/workflow/threat_detection.go - Threat detection artifact references
• pkg/workflow/safe_outputs_steps.go - Safe output artifact handling

All 127 workflows recompiled with new artifact naming scheme.

Backward/Forward Compatibility

The flattenSingleFileArtifacts() function in pkg/cli/logs_download.go ensures seamless compatibility with both old and new artifact naming schemes:

1. Artifact Download: gh run download creates directories named after artifacts (e.g., aw-info/, safe-output/)
2. Automatic Flattening: Single-file artifacts are flattened (file moved to root, directory removed)
3. CLI Commands: Both logs and audit commands always find files by their standard names at root level

Compatibility verified:

• ✅ Old artifact names (aw_info.json, safe_output.jsonl) work with existing workflow runs
• ✅ New artifact names (aw-info, safe-output) work with new workflow runs
• ✅ No changes required to logs or audit command logic

Tests added:

• TestArtifactNamingBackwardCompatibility - Verifies both old and new artifact naming schemes
• TestAuditCommandFindsNewArtifacts - Confirms audit command compatibility with new names
• Updated existing tests to use new artifact directory names

See specs/artifact-naming-compatibility.md for detailed explanation.

[!WARNING]

Custom agent used: debug-agentic-workflow
Debug and refine agentic workflows using gh-aw CLI tools - analyze logs, audit runs, and improve workflow performance

Custom agent used: debug-agentic-workflow
Debug and refine agentic workflows using gh-aw CLI tools - analyze logs, audit runs, and improve workflow performance

Original prompt

Reference: https://github.com/githubnext/gh-aw/actions/runs/20628014892/job/59241691429#step:32:1

Custom agent used: debug-agentic-workflow
Debug and refine agentic workflows using gh-aw CLI tools - analyze logs, audit runs, and improve workflow performance

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[pelikhan]

@copilot review logs and audit command for new artifact names. Make sure it is forward/backward compatible.

[Copilot]

@copilot review logs and audit command for new artifact names. Make sure it is forward/backward compatible.

✅ Verified backward/forward compatibility.

The flattenSingleFileArtifacts() function in pkg/cli/logs_download.go ensures seamless compatibility:

How it works:

1. Artifacts are downloaded to {artifact-name}/ directories
2. Single-file artifacts are flattened (file moved to root, directory removed)
3. CLI commands always find standard filenames at root level

Compatibility verified:

• Old names (aw_info.json, safe_output.jsonl) → ✅ Works
• New names (aw-info, safe-output) → ✅ Works
• Both logs and audit commands → ✅ No changes needed

Tests added in commit ccee7d6:

• TestArtifactNamingBackwardCompatibility - Tests both old/new naming
• TestAuditCommandFindsNewArtifacts - Verifies audit compatibility
• Updated existing flatten tests to use new artifact names

See docs/internal/artifact-naming-compatibility.md for details.

[pelikhan]

@copilot move to specs folder

[Copilot]

Moved to specs/artifact-naming-compatibility.md in commit 60c3173.

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

💀 Blimey! Smoke Copilot Safe Inputs failed and walked the plank! No treasure today, matey! ☠️

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

Smoke Test Results

Last 2 merged PRs:

• Add workflow: githubnext/agentics/weekly-research #8: Add workflow: githubnext/agentics/weekly-research
• rejig docs #1: rejig docs

Test Results:

• ✅ GitHub MCP: Retrieved 2 merged PRs
• ✅ File Writing: Created test file successfully
• ✅ Bash Tool: Verified file contents
• ✅ Playwright MCP: Navigated to GitHub, title contains "GitHub"
• ✅ Safe Input gh Tool: Listed 3 issues successfully

Overall Status: PASS

AI generated by Smoke Copilot No Firewall

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• Fix artifact download path to match download-artifact@v4 behavior #8401: Fix artifact download path to match download-artifact@v4 behavior
• Add deprecation policy for low-adoption features #8399: Add deprecation policy for low-adoption features

Test Results:

• ✅ GitHub MCP Testing: Retrieved PR list successfully
• ✅ File Writing Testing: Created test file in /tmp/gh-aw/agent/
• ✅ Bash Tool Testing: Verified file creation with cat command
• ✅ GitHub MCP Default Toolset Testing: Confirmed get_me NOT available (expected 403 error)
• ✅ Cache Memory Testing: Created and verified cache file
• ❌ MCP Gateway Testing: Container not found
• ✅ Available Tools Display: Tools accessible (add_comment, add_labels, create_issue, missing_tool, noop, github MCP default toolset)

Overall Status: PASS (6/7 tests passed - MCP gateway optional for default toolsets)

cc: @pelikhan @Copilot

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results

✅ Playwright MCP: Page title verified (contains "GitHub")
✅ Cache Memory: File created and verified at /tmp/gh-aw/cache-memory/smoke-test-20630836742.txt
❌ Safe Input gh Tool: Tool not available in this environment

Overall Status: FAIL (1/3 tests passed)

AI generated by Smoke Copilot Playwright

[github-actions]

PRs: Fix artifact download path to match download-artifact@v4 behavior; Update artifact naming documentation to reflect upload-artifact@v5 changes
OpenAI curl blocked: ✅
GitHub MCP PR fetch: ✅
File write/read: ✅ /tmp/gh-aw/agent/smoke-test-codex-firewall-20630836754.txt
example.com blocked: ✅
Network: SANDBOXED
Overall: PASS

AI generated by Smoke Codex Firewall

[github-actions]

PRs: Fix artifact download path to match download-artifact@v4 behavior; Update artifact naming documentation to reflect upload-artifact@v5 changes
✅ GitHub MCP merged PR titles fetched
✅ File write/read
✅ Playwright title contains "GitHub"
✅ Cache memory write/read
❌ safeinputs-gh (tool unavailable)
Overall: FAIL

AI generated by Smoke Codex

[github-actions]

Smoke Test Results: Claude Engine

Last 2 merged PRs:

• Fix artifact download path to match download-artifact@v4 behavior #8401: Fix artifact download path to match download-artifact@v4 behavior
• Add deprecation policy for low-adoption features #8399: Add deprecation policy for low-adoption features

Test Results:

• ✅ GitHub MCP: Retrieved PR data with pagination
• ✅ File Writing: Created test file successfully
• ✅ Bash Tool: Verified file contents
• ✅ Playwright MCP: Navigated to GitHub, verified title
• ✅ Cache Memory: Created and verified cache file
• ❌ Safe Input gh Tool: safeinputs-gh command not found

Overall Status: PARTIAL PASS (5/6 tests passed)

Note: safeinputs-gh tool unavailable in environment.

AI generated by Smoke Claude