Internal actions are shared composite GitHub Actions under .github/actions/. They are implementation building blocks consumed by workflows, not commands users invoke directly.
| Action | Purpose | Key inputs | Key outputs or side effects |
|---|---|---|---|
.github/actions/setup-agent-runtime | Bootstraps the runtime before an agent run | node_version, install_codex, codex_version, install_claude, claude_version | installs or verifies Node, runs npm ci, builds .agent/dist, adds tool bins to PATH, optionally installs Codex or Claude |
.github/actions/resolve-github-auth | Resolves the GitHub token used by workflow steps and agent runs | app_id, app_private_key, pat, fallback_token | outputs token and auth_mode; selects GitHub App, hosted OIDC broker, PAT, or workflow-token auth |
.github/actions/resolve-agent-provider | Resolves the provider, optional model, and reasoning effort for single-agent runs and review synthesis before runtime setup | route, route_provider, default_provider, model_policy, openai_api_key, claude_oauth_token, anthropic_api_key, required | outputs provider, reason, install_codex, install_claude, model, and reasoning_effort; selects explicit inline overrides, route provider overrides from AGENT_MODEL_POLICY, or AGENT_DEFAULT_PROVIDER, otherwise auto-detects from configured provider secrets |
.github/actions/check-agent-action-expiration | Shared expiration guard for generated scheduled agent workflows | expires_at | outputs expired, expires_at, and today; validates a UTC YYYY-MM-DD expiration and skips generated workflows after that date without relying on GNU-only date -d parsing |
.github/actions/run-skill-setup | Checks a repository skill and runs its optional setup.sh hook | skill, skill_root, trusted_ref, run_setup | outputs exists, skill_path, setup_exists, setup_ran, and setup_path; refuses setup from untrusted PR checkout refs |
.github/actions/run-agent-task | Runs a prompt or skill through the runtime and acpx | prompt, skill, agent, model, display_model, reasoning_effort, route, lane, target_*, source_kind, request_text, session_policy, session_bundle_mode, memory_policy, memory_mode_override, memory_ref, rubrics_policy, rubrics_mode_override, rubrics_ref, rubrics_limit | renders the prompt, runs .agent/dist/run.js, captures response/session files, exposes model_display when enabled, passes configured model-provider credentials through, restores and uploads session bundles when enabled, resolves memory/rubrics modes, optionally mounts agent/memory and agent/rubrics, and commits permitted memory or validated rubric edits |
.github/actions/download-agent-memory | Best-effort shallow clone of the repo-local agent/memory branch into $RUNNER_TEMP/agent-memory so the agent can read and write memory without staging it on the feature branch | github_token, ref, path, continue_on_missing | outputs memory_available, memory_dir, memory_ref |
The memory-related inputs and CLIs (memory/search.js, memory/update.js, memory/sync-github-artifacts.js, memory/read-sync-state.js, memory/write-sync-state.js, memory/resolve-policy.js) are documented together in Repository memory. Rubrics inputs and CLIs are documented in team rubrics.
Questions or feedback?
Ask questions, share feedback, or suggest improvements in GitHub Discussions. Please feel free to tag
@sepo-agent.