From 86b657a5a518aebcaae9f29c86b77f373016aad5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 May 2026 05:24:17 +0000
Subject: [PATCH 1/2] ci(deps): bump the github-actions group with 2 updates

Bumps the github-actions group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).

Updates `github/codeql-action` from 4.35.4 to 4.35.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba)

Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.5
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...a16621b09c6db4281f81a93cb393b05dcd7b7165)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 .github/workflows/zizmor.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 4fa6d54f..ad2f838f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -52,7 +52,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
+        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +70,7 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
+        uses: github/codeql-action/autobuild@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +83,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
+        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index 8e90c5e4..0be66323 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run zizmor
-        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+        uses: zizmorcore/zizmor-action@a16621b09c6db4281f81a93cb393b05dcd7b7165 # v0.5.5
         with:
           advanced-security: ${{ github.event_name == 'push' && 'true' || 'false' }}
           min-severity: low

From 961daa640eefffed191a4b02f05a4283eb9b9fd9 Mon Sep 17 00:00:00 2001
From: Tobias Wochinger <tobias.wochinger@clickhouse.com>
Date: Fri, 22 May 2026 13:22:28 +0200
Subject: [PATCH 2/2] fix(test): route autoevals through OpenAI in vitest

Set OPENAI_BASE_URL by default for local and CI test runs so AutoEvals uses the OpenAI API instead of the Braintrust proxy.
---
 .env.example    | 3 +++
 vitest.setup.ts | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/.env.example b/.env.example
index 2bdf8d3f..ba9ba152 100644
--- a/.env.example
+++ b/.env.example
@@ -5,6 +5,9 @@ LANGFUSE_SECRET_KEY="sk-lf-1234567890"
 
 # OpenAI API key for e2e tests
 OPENAI_API_KEY=
+# AutoEvals defaults to Braintrust's proxy unless this is set.
+# See https://github.com/braintrustdata/autoevals#using-other-ai-providers
+OPENAI_BASE_URL="https://api.openai.com/v1"
 
 # Min log level
 LANGFUSE_LOG_LEVEL=INFO
diff --git a/vitest.setup.ts b/vitest.setup.ts
index a2996ef4..05645405 100644
--- a/vitest.setup.ts
+++ b/vitest.setup.ts
@@ -2,3 +2,7 @@ import { config } from "dotenv";
 import { resolve } from "path";
 
 config({ path: resolve(process.cwd(), ".env"), quiet: true });
+
+// AutoEvals defaults to Braintrust's proxy unless this is set.
+// See https://github.com/braintrustdata/autoevals#using-other-ai-providers
+process.env.OPENAI_BASE_URL ??= "https://api.openai.com/v1";