A template Python repository with stranske/Workflows CI integration and CLI Codex agent automation.
- π Python 3.11+ - Modern Python with type hints
- π§ Ruff - Fast Python linting and formatting
- π MyPy - Strict type checking
- π§ͺ Pytest - Testing with 80% coverage requirement
- π€ CLI Codex Automation - Gate-triggered keepalive for automated development
- π Dual Checkout Pattern - Consumer repo + centralized Workflows scripts
# Clone the repository
git clone https://github.com/stranske/Template.git
cd Template
# Install in development mode
pip install -e ".[dev]"
# Run tests
pytest
# Run linting
ruff check src/ tests/
# Run type checking
mypy src/ tests/Template/
βββ .github/
β βββ codex/
β β βββ AGENT_INSTRUCTIONS.md # Codex agent guidelines
β β βββ prompts/ # Task execution templates
β βββ scripts/ # Agent automation scripts (dual checkout from Workflows)
β βββ workflows/ # GitHub Actions workflows
βββ docs/ # Documentation
βββ src/
β βββ my_project/ # Main package
βββ tests/ # Test suite
βββ Issues.txt # Agent issue queue
βββ pyproject.toml # Project configuration
βββ README.md
This repository uses reusable workflows from stranske/Workflows:
| Workflow | Purpose | Trigger |
|---|---|---|
| Gate | PR validation (CI, lint, tests) | Pull request |
| CI | Push-to-main continuous integration | Push to main |
| Autofix | Automatic lint/format fixes | Label: autofix |
| Workflow | Purpose | Trigger |
|---|---|---|
| Keepalive Loop | Runs Codex CLI after Gate passes | Gate completion, PR label |
| PR Meta | Updates PR status summaries | PR events |
| Issue Intake | Creates PRs from labeled issues | Issue labeled |
| Guard | Security checks for agent execution | Before agent runs |
| Bot Comment Handler | Processes @codex commands | Issue comments |
| Autofix Loop | Autofix integration with keepalive | Autofix + agent label |
Note: agents-orchestrator.yml is legacy and can be removed. The current architecture uses agents-keepalive-loop.yml which integrates with the Gate workflow for event-driven triggering.
This template uses the Gate-triggered keepalive architecture:
- Create Issue with structured Scope/Tasks/Acceptance sections
- Label Issue with
agent:codex - Issue Intake creates PR from issue
- Gate Workflow runs CI validation
- Keepalive Loop triggers after Gate completion
- Evaluates eligibility (unchecked tasks, no pause labels)
- Runs CLI Codex via
reusable-codex-run.yml - Codex implements changes and pushes commits
- Gate Runs Again β loop continues
- Completion when all acceptance criteria checked
- Activation: PR must have
agent:codexlabel, Gate success, unchecked tasks - Task Tracking: Agent updates checkboxes in PR body after completing work
- Progress Detection: Automatic checkbox reconciliation via session analysis
- Failure Handling: After 3 failures, adds
needs-humanlabel and pauses - Concurrency: One keepalive run per PR (configurable via
agents:max-parallel:N)
| Label | Effect |
|---|---|
agent:codex |
Enables Codex automation |
agents:pause |
Halts all agent activity |
needs-human |
Auto-added after failures, blocks keepalive |
agents:max-parallel:N |
Override concurrent run limit (default: 1) |
Add issues to Issues.txt using the structured format, then trigger the intake workflow:
1) Issue title here
Labels: agent:codex, enhancement
## Scope
Explanation of what needs to be done and why.
## Tasks
- [ ] Task 1
- [ ] Task 2
- [ ] Task 3
## Acceptance Criteria
- [ ] All tests pass
- [ ] Code is documented
- [ ] Coverage β₯80%
Implementation notes
- Technical details or constraints
| Secret | Purpose | Alternative |
|---|---|---|
CODEX_AUTH_JSON |
ChatGPT auth for Codex CLI | Recommended |
WORKFLOWS_APP_ID |
GitHub App ID | Use with APP_PRIVATE_KEY |
WORKFLOWS_APP_PRIVATE_KEY |
GitHub App private key | Use with APP_ID |
SERVICE_BOT_PAT |
Bot PAT for automation | Required |
OWNER_PR_PAT |
Owner PAT for PR operations | Optional |
Note: Choose either CODEX_AUTH_JSON OR the GitHub App credentials, not both.
Create in Settings β Environments:
agent-standard- For standard agent execution
| Variable | Purpose | Default |
|---|---|---|
ALLOWED_KEEPALIVE_LOGINS |
Users who can trigger keepalive | stranske |
Configure branch protection for main:
- Require status checks:
Gate / gate - Require pull request reviews: 1 approval
- Dismiss stale reviews on new commits
# Install dependencies
pip install -e ".[dev]"
# Run all checks
ruff check src/ tests/
mypy src/ tests/
pytest --cov
# Format code
ruff format src/ tests/- Verify PR has
agent:codexlabel - Check Gate workflow passed
- Ensure PR body has unchecked tasks
- Look for
agents:pauseorneeds-humanlabels - Review keepalive summary comment for skip reasons
- Verify issue has Scope/Tasks/Acceptance sections
- Run
agents-pr-meta.ymlmanually - Check PR links to source issue
After 3 failures, keepalive pauses and adds needs-human:
- Review failure reason in keepalive summary
- Fix the issue (code, prompt, auth)
- Remove
needs-humanlabel to resume
- Verify
CODEX_AUTH_JSONor GitHub App credentials are set - Check environment
agent-standardexists - Ensure PATs have required scopes:
repo,workflow
- Workflows Repo - Central workflow library
- Consumer README - Complete setup guide
- Keepalive Architecture - Detailed design
- Setup Checklist - Step-by-step configuration
MIT License - see LICENSE for details.