Skip to content

Move scripts to their own directory #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
kevinbackhouse wants to merge 6 commits into from
+39 −33
Closed

Move scripts to their own directory #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c518603
Change scripts so that they work from the main directory of the repo.
kevinbackhouse Jan 27, 2026
51dd8dd
Move scripts to their own directory.
kevinbackhouse Jan 27, 2026
263712d
Better argument passing to bash.
kevinbackhouse Jan 27, 2026
8e2ec44
Update scripts/run_seclab_agent.sh
kevinbackhouse Jan 28, 2026
9f8fc90
Add shebang to run_seclab_agent.sh
kevinbackhouse Jan 28, 2026
434df1c
Update documentation
kevinbackhouse Jan 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ This repository contains example taskflows to use with the [SecLab Taskflow Agen

## Running with docker script

The recommended way of running the taskflows in this repo is by creating a codespace, and running the script [`run_seclab_agent.sh`](https://github.com/GitHubSecurityLab/seclab-taskflows/blob/main/src/run_seclab_agent.sh) to run a docker container of the `seclab-taskflow-agent` as outlined [here](https://github.com/GitHubSecurityLab/seclab-taskflow-agent/tree/main?tab=readme-ov-file#deploying-from-docker). Note that this script needs to be run from the `src` directory, and the `.env` file with the environment variables for the custom MCP servers to store data needs to be in the same directory.
The recommended way of running the taskflows in this repo is by creating a codespace, and running the script [`run_seclab_agent.sh`](scripts/run_seclab_agent.sh) to run a docker container of the `seclab-taskflow-agent` as outlined [here](https://github.com/GitHubSecurityLab/seclab-taskflow-agent/tree/main?tab=readme-ov-file#deploying-from-docker). Note that this script needs to be run from the main directory of the repo, and the `.env` file with the environment variables for the custom MCP servers to store data needs to be in the same directory.

First, create a directory named `data` and a `.env` file in the `src` directory. For [`run_seclab_agent.sh`](https://github.com/GitHubSecurityLab/seclab-taskflows/blob/main/src/run_seclab_agent.sh) you can use:
First, create a `.env` file in the main directory of the repo. For [`run_seclab_agent.sh`](scripts/run_seclab_agent.sh) you can use:

```
MEMCACHE_STATE_DIR=/app/data
Expand All @@ -16,7 +16,7 @@ LOG_DIR=/app/logs
```


The `MEMCACHE_STATE_DIR` is needed to persist some intermediate data in the memcache, `DATA_DIR` is needed for various mcp servers to store intermediate results, and `LOG_DIR` is used to store log files generated by the servers. These can be set in a `.env` file in the `src` directory. If no environment variables are set for the custom MCP servers, relevant folders will be created automatically. The location depends on the platform, and is set by [`platformdirs`](https://pypi.org/project/platformdirs/).
The `MEMCACHE_STATE_DIR` is needed to persist some intermediate data in the memcache, `DATA_DIR` is needed for various mcp servers to store intermediate results, and `LOG_DIR` is used to store log files generated by the servers. These can be set in a `.env` file in the main directory. If no environment variables are set for the custom MCP servers, relevant folders will be created automatically. The location depends on the platform, and is set by [`platformdirs`](https://pypi.org/project/platformdirs/).

In addition, AI API endpoints and secrets also need to be configured via [environment variables or Codespace secrets](https://github.com/GitHubSecurityLab/seclab-taskflow-agent?tab=readme-ov-file#configuration). In particular, the environment variables `AI_API_TOKEN` and `AI_API_ENDPOINT` need to be set to the appropriate AI API endpoints and credentials. If not set, the default `AI_API_ENDPOINT` is GitHub models:

Expand All @@ -31,7 +31,6 @@ Individual taskflows may need additional setup, please refer to the `README.md`
After setting the relevant env vars, run an example taskflow with:

```bash
cd src
./run_seclab_agent.sh -t seclab_taskflows.taskflows.audit.ghsa_variant_analysis_demo -g repo=github/cmark-gfm -g ghsa=GHSA-c944-cv5f-hpvr
```

Expand Down
16 changes: 16 additions & 0 deletions scripts/audit/run_audit.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description suggests running the audit script directly in Codespaces as /scripts/audit/run_audit.sh github/cmark-gfm, but the script is added at scripts/audit/run_audit.sh within the repo, so the correct usage from the repo root would be ./scripts/audit/run_audit.sh github/cmark-gfm (or similar). Please align the description and any user-facing examples with the actual relative path so users don’t try to call a non-existent absolute /scripts/... path.

Copilot uses AI. Check for mistakes.
# SPDX-FileCopyrightText: 2025 GitHub
# SPDX-License-Identifier: MIT

set -e

if [ -z "$1" ]; then
echo "Usage: $0 <repo>";
exit 1;
fi

python -m seclab_taskflow_agent -t seclab_taskflows.taskflows.audit.fetch_source_code -g repo=$1
python -m seclab_taskflow_agent -t seclab_taskflows.taskflows.audit.identify_applications -g repo=$1
python -m seclab_taskflow_agent -t seclab_taskflows.taskflows.audit.gather_web_entry_point_info -g repo=$1
python -m seclab_taskflow_agent -t seclab_taskflows.taskflows.audit.classify_application_local -g repo=$1
python -m seclab_taskflow_agent -t seclab_taskflows.taskflows.audit.audit_issue_local_iter -g repo=$1
20 changes: 20 additions & 0 deletions scripts/run_seclab_agent.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/bash
# SPDX-FileCopyrightText: 2025 GitHub
# SPDX-License-Identifier: MIT

Copy link

Copilot AI Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script has been moved from src/run_seclab_agent.sh to scripts/run_seclab_agent.sh, but the top-level README and other docs (for example README.md lines 7–9 and src/seclab_taskflows/mcp_servers/codeql_python/README.md line 29) still reference the old location and assume it is run from src. Please update those docs and examples to point at the new scripts/ path and root-level .env/data locations so users don’t follow outdated instructions.

Copilot uses AI. Check for mistakes.
if [ ! -f ".env" ]; then
touch ".env"
fi

mkdir -p .local
mkdir -p logs
mkdir -p data

# Note: this uses the trick described [here](https://unix.stackexchange.com/a/646335)
# to pass extra command line arguments into `bash -c`.
docker run -i \
--mount type=bind,src="$PWD",dst=/app \
--mount type=bind,src="./local",dst=/root/.local \
-e GH_TOKEN="$GH_TOKEN" -e AI_API_TOKEN="$AI_API_TOKEN" --entrypoint /bin/bash \
"ghcr.io/githubsecuritylab/seclab-taskflow-agent" \
-c 'pip install -q -e /app && exec "$@"' this-is-bash-dollar-zero "$@"
16 changes: 0 additions & 16 deletions src/run_audit.sh
View file
Open in desktop

This file was deleted.

13 changes: 0 additions & 13 deletions src/run_seclab_agent.sh
View file
Open in desktop

This file was deleted.