You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recent agent-driven Launchplane closeout comments were authored as cbusillo even though the work was performed by Every Code/automation. Example evidence:
cbusillo/launchplane#929 comment 4579538475 was authored by cbusillo, type: User, with performed_via_github_app: null.
The local codex-skills GitHub helper resolves CODEX_GITHUB_TOKEN as shiny-code-bot, so helper-backed writes should not normally author as cbusillo.
Launchplane also has raw gh shell-out paths, including public-ingress issue notification code, which can inherit whichever GitHub identity is active in the runtime environment.
This makes it hard to distinguish human comments from agent/automation comments and can make local agent work appear as direct human GitHub activity.
Finish Line
Launchplane GitHub issue/PR/comment writes use a managed automation identity such as shiny-code-bot, or fail/warn explicitly before posting as a human account.
Scope
Inventory Launchplane GitHub write paths, including API-token paths and raw gh shell-outs.
Identify which paths can currently use a personal cbusillo token or active local gh auth.
Route automated writes through the intended bot/managed token for local worker, service, workflow, and monitor paths.
Add visible diagnostics for the resolved GitHub actor before write operations where practical.
Fail closed or require explicit override when an automated path would post as a human identity.
Keep true human actions separate from agent/automation closeout writes.
Context
Recent agent-driven Launchplane closeout comments were authored as
cbusilloeven though the work was performed by Every Code/automation. Example evidence:cbusillo/launchplane#929comment4579538475was authored bycbusillo,type: User, withperformed_via_github_app: null.codex-skillsGitHub helper resolvesCODEX_GITHUB_TOKENasshiny-code-bot, so helper-backed writes should not normally author ascbusillo.ghshell-out paths, including public-ingress issue notification code, which can inherit whichever GitHub identity is active in the runtime environment.This makes it hard to distinguish human comments from agent/automation comments and can make local agent work appear as direct human GitHub activity.
Finish Line
Launchplane GitHub issue/PR/comment writes use a managed automation identity such as
shiny-code-bot, or fail/warn explicitly before posting as a human account.Scope
ghshell-outs.cbusillotoken or active localghauth.Known Evidence
4579845986cbusillo; some Every Code PRs/issues in the same window were authored asshiny-code-bot, so attribution is mixed.control_plane/workflows/public_ingress_monitor.pyincludes rawgh issuesubprocess paths for GitHub issue create/comment/close behavior.Acceptance Criteria
ghshell-outs are replaced, wrapped, or configured so they do not silently use active human auth.ghauth.