From e016f9f9e6d4d59b6a34df4ad1d0afd4165ed325 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sat, 20 Jun 2026 10:29:07 +0000
Subject: [PATCH] docs: update constants package specification with missing
 constants

Add missing constants to pkg/constants/README.md:
- ExperimentArtifactName and UsageArtifactName (artifact names)
- OtlpExportErrorsFilename (OTLP export failure log)
- DetectAgentErrorsStepID (agent job step ID)
- DefaultThreatDetectVersion (version constant)
- ThreatDetectionLogPath, ThreatDetectionDir, ThreatDetectionResultPath (new section)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 pkg/constants/README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pkg/constants/README.md b/pkg/constants/README.md
index 35f2312c8a5..b7c296067cd 100644
--- a/pkg/constants/README.md
+++ b/pkg/constants/README.md
@@ -182,6 +182,8 @@ constants.AgentArtifactName           // "agent" (unified agent artifact)
 constants.DetectionArtifactName       // "detection"
 constants.LegacyDetectionArtifactName // "threat-detection.log" (backward compat)
 constants.ActivationArtifactName      // "activation"
+constants.ExperimentArtifactName      // "experiment" — A/B experiment state uploaded by the activation job
+constants.UsageArtifactName           // "usage" — compact run metadata and token-usage files from the conclusion job
 constants.SafeOutputItemsArtifactName // "safe-outputs-items"
 constants.SarifArtifactName           // "code-scanning-sarif"
 
@@ -191,6 +193,7 @@ constants.SafeOutputsFilename         // "safeoutputs.jsonl"
 constants.TokenUsageFilename          // "agent_usage.json"
 constants.GithubRateLimitsFilename    // "github_rate_limits.jsonl"
 constants.OtelJsonlFilename           // "otel.jsonl"
+constants.OtlpExportErrorsFilename    // "otlp-export-errors.jsonl" — OTLP per-endpoint export failure log
 constants.TemporaryIdMapFilename      // "temporary-id-map.json"
 constants.SarifFileName               // "code-scanning-alert.sarif"
 constants.SarifArtifactDownloadPath   // "/tmp/gh-aw/sarif/"
@@ -219,6 +222,7 @@ constants.PreActivationAppTokenStepID    // "pre-activation-app-token"
 
 // Agent job step IDs
 constants.ParseMCPGatewayStepID          // "parse-mcp-gateway"
+constants.DetectAgentErrorsStepID        // "detect-agent-errors" — post-execution error detection step
 ```
 
 ### Step Output Keys
@@ -265,6 +269,7 @@ constants.DefaultPiVersion              // Pi CLI version (experimental)
 // Infrastructure
 constants.DefaultGitHubMCPServerVersion // GitHub MCP server Docker image version
 constants.DefaultFirewallVersion        // AWF firewall version
+constants.DefaultThreatDetectVersion    // gh-aw-threat-detection binary version
 constants.DefaultMCPGatewayVersion      // MCP Gateway (gh-aw-mcpg) Docker image version
 
 // MCP tooling
@@ -398,6 +403,14 @@ constants.DefaultGitHubLockdown      // false — GitHub MCP server lockdown def
 constants.AWFAPIProxyContainerIP     // "172.30.0.30" — fixed api-proxy sidecar address inside the AWF sandbox network
 ```
 
+### Threat Detection Paths
+
+```go
+constants.ThreatDetectionLogPath    // "/tmp/gh-aw/threat-detection/detection.log" — engine log file
+constants.ThreatDetectionDir        // "/tmp/gh-aw/threat-detection" — working directory
+constants.ThreatDetectionResultPath // "/tmp/gh-aw/threat-detection/detection_result.json" — structured verdict output
+```
+
 ## Validation Field Lists
 
 These variables control YAML key ordering and validation during workflow compilation: