Unpin @playwright/cli@0.1.15 (or drop it to 0.1.14) in pkg/constants/version_constants.go — the pin is younger than the compiled NPM_CONFIG_MIN_RELEASE_AGE=3 gate, so every Playwright-CLI workflow hard-reds at install before the agent ever runs.
Severity: P1 (self-healing ~2026-07-03, but 14 workflows are 100% red right now). New, untracked. Distinct from #42398 (rootless EACCES firewall/logs) — this fails at the Install Playwright CLI step, not sandbox bootstrap.
Problem statement
The default Playwright CLI version was bumped to 0.1.15, which npm publishes at 2026-06-30T14:53:08Z. The same install step exports NPM_CONFIG_MIN_RELEASE_AGE: '3', which forbids npm from resolving any version published within the last 3 days. There is no 0.1.15 older than the cutoff to fall back to, so npm returns ETARGET / notarget and the job exits 1 — the agent is never invoked.
npm error code ETARGET
npm error notarget No matching version found for `@playwright/cli`@0.1.15 with a date before 6/28/2026, 12:56:20 PM.
##[error]Process completed with exit code 1.
This is a self-inflicted config conflict: the pin outran its own freshness gate. It will self-heal once 0.1.15 ages past 3 days (~2026-07-03), but until then it is a guaranteed hard-red on every workflow that installs @playwright/cli in CLI mode.
Affected workflows and run IDs
Confirmed failures in the 6h window:
| Workflow |
Engine |
Failed run |
Step |
| Smoke Codex |
codex |
§28519007298 |
Install Playwright CLI |
| Smoke Claude |
claude |
§28519007309 |
Install Playwright CLI |
Blast radius: 14 compiled .lock.yml workflows pin @playwright/cli@0.1.15 with NPM_CONFIG_MIN_RELEASE_AGE=3 — all are exposed until the version ages out. Examples: smoke-codex, smoke-claude, smoke-copilot, smoke-copilot-arm, smoke-copilot-aoai-entra, smoke-copilot-aoai-apikey, visual-regression-checker, daily-model-inventory, weekly-editors-health-check, slide-deck-maintainer, cloclo, docs-noob-tester, daily-multi-device-docs-tester, blog-auditor.
Probable root cause
pkg/constants/version_constants.go:132 — const DefaultPlaywrightCLIVersion Version = "0.1.15". The generator (pkg/workflow/playwright_cli.go) emits npm install -g @playwright/cli@<version> alongside NPM_CONFIG_MIN_RELEASE_AGE: '3'. Bumping the default to a version published <3 days ago makes the two mutually exclusive.
Registry evidence — publish timestamps vs the 3-day gate
'0.1.13': '2026-05-07T23:01:54Z' (aged, installable)
'0.1.14': '2026-06-10T00:20:51Z' (aged, installable)
'0.1.15': '2026-06-30T14:53:08Z' (< 3 days old on 2026-07-01 → blocked)
Failure is pre-agent: token_usage: 0, agent never invoked — no audit-diff needed, root cause is deterministic from the registry timestamps above.
Proposed remediation
Pick one (in preference order):
- Roll the default back to
0.1.14 in pkg/constants/version_constants.go and recompile — 0.1.14 is well past the gate. Re-bump to 0.1.15 after 2026-07-03.
- Never pin a default younger than the min-release-age window. Add a guard/test in the version-bump path that rejects a
DefaultPlaywrightCLIVersion whose npm publish date is within NPM_CONFIG_MIN_RELEASE_AGE days.
- Relax the gate for this pinned install only (e.g.
NPM_CONFIG_MIN_RELEASE_AGE=0 on the Playwright step) — weakest option; it removes the supply-chain delay protection the gate exists for.
Success criteria / verification
npm install -g @playwright/cli@<default> succeeds under NPM_CONFIG_MIN_RELEASE_AGE=3 on a clean runner.
- Smoke Codex and Smoke Claude reach the agent step (non-zero
token_usage) on the next scheduled run.
- Regression guard rejects a default Playwright CLI version newer than the min-release-age window.
Correlation with existing tracking issues
Other clusters observed this window (no new issue — already tracked or working-as-designed)
References:
Generated by 🔍 [aw] Failure Investigator (6h) · 168.6 AIC · ⌖ 22.2 AIC · ⊞ 5.2K · ◷
Unpin
@playwright/cli@0.1.15(or drop it to0.1.14) inpkg/constants/version_constants.go— the pin is younger than the compiledNPM_CONFIG_MIN_RELEASE_AGE=3gate, so every Playwright-CLI workflow hard-reds at install before the agent ever runs.Severity: P1 (self-healing ~2026-07-03, but 14 workflows are 100% red right now). New, untracked. Distinct from #42398 (rootless
EACCESfirewall/logs) — this fails at theInstall Playwright CLIstep, not sandbox bootstrap.Problem statement
The default Playwright CLI version was bumped to
0.1.15, which npm publishes at 2026-06-30T14:53:08Z. The same install step exportsNPM_CONFIG_MIN_RELEASE_AGE: '3', which forbids npm from resolving any version published within the last 3 days. There is no0.1.15older than the cutoff to fall back to, so npm returnsETARGET / notargetand the job exits 1 — the agent is never invoked.This is a self-inflicted config conflict: the pin outran its own freshness gate. It will self-heal once
0.1.15ages past 3 days (~2026-07-03), but until then it is a guaranteed hard-red on every workflow that installs@playwright/cliin CLI mode.Affected workflows and run IDs
Confirmed failures in the 6h window:
Blast radius: 14 compiled
.lock.ymlworkflows pin@playwright/cli@0.1.15withNPM_CONFIG_MIN_RELEASE_AGE=3— all are exposed until the version ages out. Examples:smoke-codex,smoke-claude,smoke-copilot,smoke-copilot-arm,smoke-copilot-aoai-entra,smoke-copilot-aoai-apikey,visual-regression-checker,daily-model-inventory,weekly-editors-health-check,slide-deck-maintainer,cloclo,docs-noob-tester,daily-multi-device-docs-tester,blog-auditor.Probable root cause
pkg/constants/version_constants.go:132—const DefaultPlaywrightCLIVersion Version = "0.1.15". The generator (pkg/workflow/playwright_cli.go) emitsnpm install -g@playwright/cli@<version>alongsideNPM_CONFIG_MIN_RELEASE_AGE: '3'. Bumping the default to a version published <3 days ago makes the two mutually exclusive.Registry evidence — publish timestamps vs the 3-day gate
Failure is pre-agent:
token_usage: 0, agent never invoked — noaudit-diffneeded, root cause is deterministic from the registry timestamps above.Proposed remediation
Pick one (in preference order):
0.1.14inpkg/constants/version_constants.goand recompile —0.1.14is well past the gate. Re-bump to0.1.15after 2026-07-03.DefaultPlaywrightCLIVersionwhose npm publish date is withinNPM_CONFIG_MIN_RELEASE_AGEdays.NPM_CONFIG_MIN_RELEASE_AGE=0on the Playwright step) — weakest option; it removes the supply-chain delay protection the gate exists for.Success criteria / verification
npm install -g@playwright/cli@<default>succeeds underNPM_CONFIG_MIN_RELEASE_AGE=3on a clean runner.token_usage) on the next scheduled run.Correlation with existing tracking issues
[aw-failures]issue. Only raw per-run auto-issues exist ([aw] Smoke Codex failed #42712 Smoke Codex, [aw] Smoke Claude failed #42713 Smoke Claude) — those are symptoms, this is the shared root cause.EACCES mkdir /tmp/gh-aw/sandbox/firewall/logs, agent never invoked (rootless left [Content truncated due to length] #42398 (rootlessEACCES mkdir firewall/logs), which recurred today (§28520578086) and remains correctly open.Other clusters observed this window (no new issue — already tracked or working-as-designed)
copilot-harness exitCode=1thenRootless artifact permission repair failed+ chroot cleanupEACCES unlink .aws/config. Same rootless-residue family as [aw-failures] Smoke CI hard-red at startup —EACCES mkdir /tmp/gh-aw/sandbox/firewall/logs, agent never invoked (rootless left [Content truncated due to length] #42398 / [aw-failures] Copilot CLI false-red — runs marked failure (exit 1) after safe-outputs succeed, via "numerous permission denied" [Content truncated due to length] #41636; not a new signature.safe_outputscorrectly blockedpush_to_pull_request_branchbecause the bundle modified files outside allowed-files (pkg/linters/...). Safety mechanism working as designed on PR refactor(copilot-sdk): multi-provider only — remove single-provider legacy #42740 — not a defect.References:
EACCES mkdir /tmp/gh-aw/sandbox/firewall/logs, agent never invoked (rootless left [Content truncated due to length] #42398, distinct)Related to [aw-failures] [aw] Failure Investigator (6h) - Issue Group #39884