Blazity
diff --git a/‎.claude/learnings.md‎
Lines changed: 10 additions & 0 deletions b/‎.claude/learnings.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.env.e2e.example‎
Lines changed: 7 additions & 0 deletions b/‎.env.e2e.example‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.env.example‎
Lines changed: 17 additions & 0 deletions b/‎.env.example‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 24 additions & 3 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 24 additions & 3 deletions
diff --git a/‎.github/workflows/e2e.yml‎
Lines changed: 32 additions & 3 deletions b/‎.github/workflows/e2e.yml‎
Lines changed: 32 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 25 additions & 1 deletion b/‎README.md‎
Lines changed: 25 additions & 1 deletion
@@ -8,6 +8,16 @@
 - `@vercel/sandbox` git clones can be shallow by default, causing "no history in common with main" on PR creation when force-pushing from the sandbox. Always unshallow before pushing (`git fetch --unshallow origin`).
 - `GitHubAdapter.createBranch` must force-reset existing branches to the base SHA on 422, not silently return. Stale branches from previous failed runs can retain orphan history.
 
+## Jira adapter
+- Jira REST v3 comments require ADF, and **ADF text nodes cannot contain `\n`**. Multi-line content must be modeled as multiple paragraph nodes (or use `hardBreak` inline nodes between text nodes). Stuffing newline-joined text into a single text node returns 400 Bad Request on `/rest/api/3/issue/{id}/comment`. Adapter helper `toAdfParagraphs` splits on `\n` and emits one paragraph per line.
+
+## Codex agent in Vercel Sandbox
+- The `using-git-worktrees` superpowers skill is the dominant root cause of empty-PR / `.gitignore`-only commits, NOT `.codex/` pollution. The skill's contract: "If the worktree directory is not in .gitignore, add it and commit before proceeding." The `executing-plans` skill REQUIRES `using-git-worktrees`, so any prompt that tells the agent to use `executing-plans` chains into "modify .gitignore + commit" before any real implementation work. Confirmed on AWT-641 / AWT-642. Mitigation: prompts (research + implement) explicitly forbid invoking `using-git-worktrees`/`executing-plans` and forbid any `git worktree` command or `.gitignore` change. The block is in the prompt body and must override conflicting skill text.
+- Codex CLI also creates `.codex/` in cwd at runtime (per-session state). Without intervention, the agent sees it as untracked pollution in `git status`, "fixes" it by adding `.codex/` to `.gitignore`, commits only that. Mitigation: `CodexAgentAdapter.configure` writes `.codex/` to `.git/info/exclude` so it's hidden from the agent's git status. The post-phase cleanup `rm -rf .codex/` exists for the same reason but only runs after the agent exits.
+- `extractUsage` cannot derive duration from Codex NDJSON event timestamps (the events do not carry `timestamp`/`ts`/`time` keys). The wrapper script appends a synthetic `{"type":"phase.duration","duration_ms":N}` line to stdout as a fallback so Slack reports show real wall-clock minutes instead of `0m`.
+- Codex Stop-hook protocol accepts BOTH `{"decision":"block","reason":"..."}` (legacy) and `{"continue":true,"stopReason":"..."}` (new) on stdout with exit 0 to force the agent to take another turn — confirmed against developers.openai.com/codex/hooks. Either format works; the codebase uses the legacy one for parity with the Claude commit-guard.
+- `fixAndRetryPush` must dispatch the configured agent's CLI, not hardcode `claude`. When AGENT_KIND=codex the claude binary isn't installed and `|| true` swallows the failure, leaving the same broken HEAD to be force-pushed.
+
 ## E2E in GitHub Actions
 - `@vercel/sandbox` reads credentials from `process.env` — a GH secret is not enough; it must be mapped via the job's `env:` block (e.g. `VERCEL_OIDC_TOKEN: ${{ secrets.VERCEL_OIDC_TOKEN }}`). Prefer long-lived `VERCEL_TOKEN` + `VERCEL_TEAM_ID` + `VERCEL_PROJECT_ID` over OIDC — OIDC tokens expire in ~12h and the SDK's refresh path requires `.vercel/project.json`, which CI doesn't have.
 - Reconcile (`src/lib/reconcile.ts`) has a 30s `ORPHAN_GRACE_MS` window that skips entries younger than 30s. Any e2e test seeding a registry entry via `setEntry` and expecting reconcile to cancel it on the next cron tick must backdate the timestamp past the grace window (`setEntry(key, runId, { ageMs: 60_000 })`). Without backdating the test is racy — it only passes if Vercel's 1-min scheduled cron happens to fire at T>30s during the test's wait window.
@@ -25,3 +25,10 @@ AI_WORKFLOW_KV_REST_API_TOKEN=
 
 # Vercel Deployment Protection bypass (optional, needed for preview URLs)
 # VERCEL_AUTOMATION_BYPASS_SECRET=
+
+# Vercel Sandbox credentials for the e2e runner (Sandbox.list / Sandbox.create
+# in e2e/helpers/sandbox.ts and us02). Set all three to use a long-lived PAT
+# instead of re-pasting a rotating OIDC token from `vercel env pull`.
+# VERCEL_TOKEN=
+# VERCEL_TEAM_ID=
+# VERCEL_PROJECT_ID=
@@ -36,6 +36,23 @@ CLAUDE_MODEL=claude-opus-4-6
 COMMIT_AUTHOR=ai-workflow-blazity
 COMMIT_EMAIL=ai-workflow@blazity.com
 
+# Agent — choose runtime (claude | codex). Defaults to claude.
+AGENT_KIND=claude
+
+# Codex (only when AGENT_KIND=codex)
+# CODEX_API_KEY=
+# CODEX_CHATGPT_OAUTH_TOKEN=    # alternative to CODEX_API_KEY
+# CODEX_MODEL=gpt-5-codex
+# CODEX_PRICING_URL=https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json
+# CODEX_PRICING_TTL_MS=3600000
+
+# Arthur AI Engine (optional — tracing + hosted prompts)
+# Set both API_KEY and TRACE_ENDPOINT to install the tracer into every sandbox.
+# Set PROMPT_TASK_ID after running `npx tsx scripts/setup-arthur-prompts.ts`.
+# GENAI_ENGINE_API_KEY=
+# GENAI_ENGINE_TRACE_ENDPOINT=https://your-arthur-host/api/v1/traces
+# GENAI_ENGINE_PROMPT_TASK_ID=
+
 # Sandbox
 MAX_CONCURRENT_AGENTS=3
 JOB_TIMEOUT_MS=1800000
 
@@ -47,7 +47,9 @@ jobs:
       AI_WORKFLOW_KV_REST_API_URL: ${{ secrets.AI_WORKFLOW_KV_REST_API_URL }}
       AI_WORKFLOW_KV_REST_API_TOKEN: ${{ secrets.AI_WORKFLOW_KV_REST_API_TOKEN }}
       VERCEL_AUTOMATION_BYPASS_SECRET: ${{ secrets.VERCEL_AUTOMATION_BYPASS_SECRET }}
-      VERCEL_OIDC_TOKEN: ${{ secrets.VERCEL_OIDC_TOKEN }}
+      VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+      VERCEL_TEAM_ID: ${{ secrets.VERCEL_TEAM_ID }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
       MAX_CONCURRENT_AGENTS: ${{ secrets.MAX_CONCURRENT_AGENTS }}
     steps:
       - uses: actions/checkout@v4
@@ -59,6 +61,11 @@ jobs:
           node-version: "20.12"
           cache: pnpm
       - run: pnpm install --frozen-lockfile
+      - name: Verify Vercel Sandbox credentials present
+        run: |
+          : "${VERCEL_TOKEN:?VERCEL_TOKEN missing in e2e environment}"
+          : "${VERCEL_TEAM_ID:?VERCEL_TEAM_ID missing in e2e environment}"
+          : "${VERCEL_PROJECT_ID:?VERCEL_PROJECT_ID missing in e2e environment}"
       - run: pnpm run test:e2e:orchestration
       - if: failure()
         uses: actions/upload-artifact@v4
@@ -90,7 +97,9 @@ jobs:
       AI_WORKFLOW_KV_REST_API_URL: ${{ secrets.AI_WORKFLOW_KV_REST_API_URL }}
       AI_WORKFLOW_KV_REST_API_TOKEN: ${{ secrets.AI_WORKFLOW_KV_REST_API_TOKEN }}
       VERCEL_AUTOMATION_BYPASS_SECRET: ${{ secrets.VERCEL_AUTOMATION_BYPASS_SECRET }}
-      VERCEL_OIDC_TOKEN: ${{ secrets.VERCEL_OIDC_TOKEN }}
+      VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+      VERCEL_TEAM_ID: ${{ secrets.VERCEL_TEAM_ID }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
       MAX_CONCURRENT_AGENTS: ${{ secrets.MAX_CONCURRENT_AGENTS }}
     steps:
       - uses: actions/checkout@v4
@@ -102,6 +111,11 @@ jobs:
           node-version: "20.12"
           cache: pnpm
       - run: pnpm install --frozen-lockfile
+      - name: Verify Vercel Sandbox credentials present
+        run: |
+          : "${VERCEL_TOKEN:?VERCEL_TOKEN missing in e2e environment}"
+          : "${VERCEL_TEAM_ID:?VERCEL_TEAM_ID missing in e2e environment}"
+          : "${VERCEL_PROJECT_ID:?VERCEL_PROJECT_ID missing in e2e environment}"
       - run: pnpm run test:e2e:capacity
       - if: failure()
         uses: actions/upload-artifact@v4
@@ -133,7 +147,9 @@ jobs:
       AI_WORKFLOW_KV_REST_API_URL: ${{ secrets.AI_WORKFLOW_KV_REST_API_URL }}
       AI_WORKFLOW_KV_REST_API_TOKEN: ${{ secrets.AI_WORKFLOW_KV_REST_API_TOKEN }}
       VERCEL_AUTOMATION_BYPASS_SECRET: ${{ secrets.VERCEL_AUTOMATION_BYPASS_SECRET }}
-      VERCEL_OIDC_TOKEN: ${{ secrets.VERCEL_OIDC_TOKEN }}
+      VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+      VERCEL_TEAM_ID: ${{ secrets.VERCEL_TEAM_ID }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
       MAX_CONCURRENT_AGENTS: ${{ secrets.MAX_CONCURRENT_AGENTS }}
     steps:
       - uses: actions/checkout@v4
@@ -145,6 +161,11 @@ jobs:
           node-version: "20.12"
           cache: pnpm
       - run: pnpm install --frozen-lockfile
+      - name: Verify Vercel Sandbox credentials present
+        run: |
+          : "${VERCEL_TOKEN:?VERCEL_TOKEN missing in e2e environment}"
+          : "${VERCEL_TEAM_ID:?VERCEL_TEAM_ID missing in e2e environment}"
+          : "${VERCEL_PROJECT_ID:?VERCEL_PROJECT_ID missing in e2e environment}"
       - run: pnpm run test:e2e:agent
       - if: failure()
         uses: actions/upload-artifact@v4
 
@@ -12,6 +12,13 @@ on:
           - agent
           - all
         default: all
+      agent:
+        description: "Which agent the agent-tier should run under (per-ticket label override)"
+        type: choice
+        options:
+          - claude
+          - codex
+        default: claude
 
 jobs:
   e2e-orchestration:
@@ -36,7 +43,9 @@ jobs:
       AI_WORKFLOW_KV_REST_API_URL: ${{ secrets.AI_WORKFLOW_KV_REST_API_URL }}
       AI_WORKFLOW_KV_REST_API_TOKEN: ${{ secrets.AI_WORKFLOW_KV_REST_API_TOKEN }}
       VERCEL_AUTOMATION_BYPASS_SECRET: ${{ secrets.VERCEL_AUTOMATION_BYPASS_SECRET }}
-      VERCEL_OIDC_TOKEN: ${{ secrets.VERCEL_OIDC_TOKEN }}
+      VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+      VERCEL_TEAM_ID: ${{ secrets.VERCEL_TEAM_ID }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
       MAX_CONCURRENT_AGENTS: ${{ secrets.MAX_CONCURRENT_AGENTS }}
     steps:
       - uses: actions/checkout@v4
@@ -48,6 +57,11 @@ jobs:
           node-version: "20.12"
           cache: pnpm
       - run: pnpm install --frozen-lockfile
+      - name: Verify Vercel Sandbox credentials present
+        run: |
+          : "${VERCEL_TOKEN:?VERCEL_TOKEN missing in e2e environment}"
+          : "${VERCEL_TEAM_ID:?VERCEL_TEAM_ID missing in e2e environment}"
+          : "${VERCEL_PROJECT_ID:?VERCEL_PROJECT_ID missing in e2e environment}"
       - run: pnpm run test:e2e:orchestration
       - if: failure()
         uses: actions/upload-artifact@v4
@@ -83,7 +97,9 @@ jobs:
       AI_WORKFLOW_KV_REST_API_URL: ${{ secrets.AI_WORKFLOW_KV_REST_API_URL }}
       AI_WORKFLOW_KV_REST_API_TOKEN: ${{ secrets.AI_WORKFLOW_KV_REST_API_TOKEN }}
       VERCEL_AUTOMATION_BYPASS_SECRET: ${{ secrets.VERCEL_AUTOMATION_BYPASS_SECRET }}
-      VERCEL_OIDC_TOKEN: ${{ secrets.VERCEL_OIDC_TOKEN }}
+      VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+      VERCEL_TEAM_ID: ${{ secrets.VERCEL_TEAM_ID }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
       MAX_CONCURRENT_AGENTS: ${{ secrets.MAX_CONCURRENT_AGENTS }}
     steps:
       - uses: actions/checkout@v4
@@ -95,6 +111,11 @@ jobs:
           node-version: "20.12"
           cache: pnpm
       - run: pnpm install --frozen-lockfile
+      - name: Verify Vercel Sandbox credentials present
+        run: |
+          : "${VERCEL_TOKEN:?VERCEL_TOKEN missing in e2e environment}"
+          : "${VERCEL_TEAM_ID:?VERCEL_TEAM_ID missing in e2e environment}"
+          : "${VERCEL_PROJECT_ID:?VERCEL_PROJECT_ID missing in e2e environment}"
       - run: pnpm run test:e2e:capacity
       - if: failure()
         uses: actions/upload-artifact@v4
@@ -130,8 +151,11 @@ jobs:
       AI_WORKFLOW_KV_REST_API_URL: ${{ secrets.AI_WORKFLOW_KV_REST_API_URL }}
       AI_WORKFLOW_KV_REST_API_TOKEN: ${{ secrets.AI_WORKFLOW_KV_REST_API_TOKEN }}
       VERCEL_AUTOMATION_BYPASS_SECRET: ${{ secrets.VERCEL_AUTOMATION_BYPASS_SECRET }}
-      VERCEL_OIDC_TOKEN: ${{ secrets.VERCEL_OIDC_TOKEN }}
+      VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+      VERCEL_TEAM_ID: ${{ secrets.VERCEL_TEAM_ID }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
       MAX_CONCURRENT_AGENTS: ${{ secrets.MAX_CONCURRENT_AGENTS }}
+      E2E_AGENT_KIND: ${{ inputs.agent }}
     steps:
       - uses: actions/checkout@v4
       - uses: pnpm/action-setup@v4
@@ -142,6 +166,11 @@ jobs:
           node-version: "20.12"
           cache: pnpm
       - run: pnpm install --frozen-lockfile
+      - name: Verify Vercel Sandbox credentials present
+        run: |
+          : "${VERCEL_TOKEN:?VERCEL_TOKEN missing in e2e environment}"
+          : "${VERCEL_TEAM_ID:?VERCEL_TEAM_ID missing in e2e environment}"
+          : "${VERCEL_PROJECT_ID:?VERCEL_PROJECT_ID missing in e2e environment}"
       - run: pnpm run test:e2e:agent
       - if: failure()
         uses: actions/upload-artifact@v4
 
@@ -142,6 +142,23 @@ COMMIT_AUTHOR=ai-workflow-blazity      # Git commit author name
 COMMIT_EMAIL=ai-workflow@blazity.com   # Git commit author email
 ```
 
+**Switching agents** — Blazebot supports two CLI runtimes. Set `AGENT_KIND` once per deployment:
+
+```bash
+AGENT_KIND=claude    # default — Anthropic Claude Code
+# or
+AGENT_KIND=codex     # OpenAI Codex CLI
+```
+
+When `AGENT_KIND=codex`:
+
+```bash
+CODEX_API_KEY=sk-codex-xxxxxxxxxxxx   # or CODEX_CHATGPT_OAUTH_TOKEN
+CODEX_MODEL=gpt-5-codex                # default
+```
+
+Pricing is fetched from [LiteLLM's community-maintained JSON](https://github.com/BerriAI/litellm/blob/main/model_prices_and_context_window.json) on each cold start (1h TTL by default). Override `CODEX_PRICING_URL` in air-gapped environments. When pricing is unavailable, Slack reports show tokens-only with `cost unknown`.
+
 **Sandbox** — Concurrency and timeout limits:
 ```bash
 MAX_CONCURRENT_AGENTS=3   # Max parallel sandboxes (default: 3)
@@ -222,8 +239,15 @@ curl -H "Authorization: Bearer $CRON_SECRET" http://localhost:3000/cron/poll
 | `CHAT_SDK_CHANNEL_ID` | Yes | — | Notification channel ID |
 | `CHAT_SDK_BOT_NAME` | No | `blazebot` | Bot display name |
 | **Agent** | | | |
-| `ANTHROPIC_API_KEY` | Yes | — | Anthropic API key |
+| `AGENT_KIND` | No | `claude` | Runtime: `claude` or `codex` |
+| `ANTHROPIC_API_KEY` | Yes* | — | Anthropic API key (required when `AGENT_KIND=claude`) |
+| `CLAUDE_CODE_OAUTH_TOKEN` | No | — | Alternative to `ANTHROPIC_API_KEY` |
 | `CLAUDE_MODEL` | No | `claude-opus-4-6` | Claude model ID |
+| `CODEX_API_KEY` | Yes* | — | OpenAI Codex API key (required when `AGENT_KIND=codex`) |
+| `CODEX_CHATGPT_OAUTH_TOKEN` | No | — | Alternative to `CODEX_API_KEY` |
+| `CODEX_MODEL` | No | `gpt-5-codex` | Codex model ID |
+| `CODEX_PRICING_URL` | No | LiteLLM JSON | Pricing source for Codex cost reporting |
+| `CODEX_PRICING_TTL_MS` | No | `3600000` | Pricing cache TTL (ms) |
 | `COMMIT_AUTHOR` | No | `ai-workflow-blazity` | Git author name |
 | `COMMIT_EMAIL` | No | `ai-workflow@blazity.com` | Git author email |
 | **Sandbox** | | | |