AuditOrchestrator is the GitHub Actions control plane for monthly AI audit workflows.
It keeps the source of truth in GitHub:
- scheduled workflows publish monthly audit issues
- repository variables define the target repositories and policy knobs
- downstream automation reads those issues and hands off work to a Codex runner on a VPS
- no local JSON config is required for the orchestration layer
- creates a monthly audit issue in this repository
- records which repositories are in scope for the current month
- keeps merge policy and routing policy in GitHub Actions / repository variables
- leaves code changes to the downstream Codex execution runner
- writes a machine-readable payload into the monthly issue body and workflow summary
- supports dry-run validation through
workflow_dispatch
- it does not store private local config files
- it does not hardcode internal repository names in the public docs
- it does not auto-merge everything by default
This repository is intended to be operated from GitHub Actions:
- schedule runs from GitHub
- manual runs are available through
workflow_dispatch - repository variables provide the current target list and policy settings
- the monthly issue is the contract consumed by downstream automation
The recommended variables are:
AUDIT_TARGET_REPOSAUDIT_MONTHLY_LABELAUDIT_AUTO_MERGE_LABELAUDIT_REVIEW_TITLE_PREFIX
- GitHub Actions creates or refreshes the monthly audit issue.
- The monthly issue contains the current repository targets and policy metadata.
- The Codex runner on the VPS reads that issue, performs code changes, and opens pull requests.
- Merge policy stays in GitHub and is enforced by labels plus CI status.
See docs/runner-contract.md for the issue format
and downstream expectations.
MIT. See LICENSE.
AuditOrchestrator 是一个用 GitHub Actions 驱动的月度 AI 审计控制面。
它把控制面留在 GitHub:
- 定时 workflow 负责发布月度审计 issue
- 仓库变量负责保存目标仓库和策略参数
- 下游自动化读取这些 issue,并把工作交给 VPS 上的 Codex runner
- 控制面不需要本机 JSON 配置
- 在本仓库创建或刷新月度审计 issue
- 记录本月纳入范围的仓库列表
- 把合并策略和路由策略保留在 GitHub Actions / 仓库变量里
- 把代码修改工作留给下游 Codex 执行器
- 在 issue 内容和 workflow summary 里写入机器可读 payload
- 支持通过
workflow_dispatch做 dry-run 校验
- 不存放本地私密配置文件
- 不在公开文档里硬编码内部仓库名
- 不默认自动合并所有改动
这个仓库的操作方式以 GitHub Actions 为主:
- 通过 GitHub 的 schedule 触发
- 通过
workflow_dispatch手工运行 - 通过仓库变量提供目标列表和策略参数
- 月度 issue 是下游自动化消费的契约
推荐变量:
AUDIT_TARGET_REPOSAUDIT_MONTHLY_LABELAUDIT_AUTO_MERGE_LABELAUDIT_REVIEW_TITLE_PREFIX
- GitHub Actions 创建或刷新月度审计 issue。
- 月度 issue 里包含当前仓库目标和策略元数据。
- VPS 上的 Codex runner 读取这个 issue,完成代码修改并创建 PR。
- 合并策略仍留在 GitHub,由 label 和 CI 状态共同约束。
MIT,见 LICENSE。