From 8192648abc165ebde94142b13cc99703dc75b9c2 Mon Sep 17 00:00:00 2001
From: Jack Ye <yezhaoqin@gmail.com>
Date: Tue, 2 Dec 2025 14:45:42 -0800
Subject: [PATCH 1/2] ci: fix bot sophon access

---
 .../codex-update-lance-dependency.yml         | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/codex-update-lance-dependency.yml b/.github/workflows/codex-update-lance-dependency.yml
index eafc9b81..b61f0692 100644
--- a/.github/workflows/codex-update-lance-dependency.yml
+++ b/.github/workflows/codex-update-lance-dependency.yml
@@ -99,6 +99,26 @@ jobs:
           printenv OPENAI_API_KEY | codex login --with-api-key
           codex --config shell_environment_policy.ignore_default_excludes=true exec --dangerously-bypass-approvals-and-sandbox "$(cat /tmp/codex-prompt.txt)"
 
+      - name: Debug token access
+        env:
+          GH_TOKEN: ${{ secrets.ROBOT_TOKEN }}
+        run: |
+          set -euo pipefail
+          echo "=== Checking authenticated user ==="
+          gh api user --jq '.login' || echo "Failed to get user info"
+
+          echo ""
+          echo "=== Listing repos in lancedb org that token can access ==="
+          gh repo list lancedb --limit 50 --json name,visibility --jq '.[] | "\(.name) (\(.visibility))"' || echo "Failed to list repos"
+
+          echo ""
+          echo "=== Checking if sophon repo exists and is accessible ==="
+          gh repo view lancedb/sophon --json name,visibility 2>&1 || echo "Cannot access lancedb/sophon"
+
+          echo ""
+          echo "=== Checking token scopes ==="
+          gh api -i user 2>&1 | grep -i "x-oauth-scopes" || echo "Could not determine token scopes"
+
       - name: Trigger sophon dependency update
         env:
           TAG: ${{ inputs.tag }}

From 26c105205c7d661a8b5e6119bdb71947d5e153f1 Mon Sep 17 00:00:00 2001
From: Jack Ye <yezhaoqin@gmail.com>
Date: Tue, 2 Dec 2025 14:48:03 -0800
Subject: [PATCH 2/2] trigger ci

---
 .github/workflows/codex-update-lance-dependency.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codex-update-lance-dependency.yml b/.github/workflows/codex-update-lance-dependency.yml
index b61f0692..2e991e5c 100644
--- a/.github/workflows/codex-update-lance-dependency.yml
+++ b/.github/workflows/codex-update-lance-dependency.yml
@@ -1,6 +1,9 @@
 name: Codex Update Lance Dependency
 
 on:
+  pull_request:
+    paths:
+      - '.github/workflows/codex-update-lance-dependency.yml'
   workflow_call:
     inputs:
       tag:
@@ -11,7 +14,8 @@ on:
     inputs:
       tag:
         description: "Tag name from Lance"
-        required: true
+        required: false
+        default: "v1.0.0-rc.1"
         type: string
 
 permissions:
@@ -25,7 +29,7 @@ jobs:
     steps:
       - name: Show inputs
         run: |
-          echo "tag = ${{ inputs.tag }}"
+          echo "tag = ${{ inputs.tag || 'v1.0.0-rc.1' }}"
 
       - name: Checkout Repo LanceDB
         uses: actions/checkout@v4
@@ -65,7 +69,7 @@ jobs:
 
       - name: Run Codex to update Lance dependency
         env:
-          TAG: ${{ inputs.tag }}
+          TAG: ${{ inputs.tag || 'v1.0.0-rc.1' }}
           GITHUB_TOKEN: ${{ secrets.ROBOT_TOKEN }}
           GH_TOKEN: ${{ secrets.ROBOT_TOKEN }}
           OPENAI_API_KEY: ${{ secrets.CODEX_TOKEN }}
@@ -121,7 +125,7 @@ jobs:
 
       - name: Trigger sophon dependency update
         env:
-          TAG: ${{ inputs.tag }}
+          TAG: ${{ inputs.tag || 'v1.0.0-rc.1' }}
           GH_TOKEN: ${{ secrets.ROBOT_TOKEN }}
         run: |
           set -euo pipefail