From 5bb18e07c637495b5bb7c9c24d22b545546b493e Mon Sep 17 00:00:00 2001
From: Brendan Ryan <brendan@brendanjryan.com>
Date: Tue, 24 Mar 2026 21:01:52 -0700
Subject: [PATCH 1/2] ci: add Cyclops PR audit workflow

---
 .github/workflows/pr-audit.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/pr-audit.yml

diff --git a/.github/workflows/pr-audit.yml b/.github/workflows/pr-audit.yml
new file mode 100644
index 00000000..6dffe0d3
--- /dev/null
+++ b/.github/workflows/pr-audit.yml
@@ -0,0 +1,27 @@
+name: PR Audit
+
+on:
+  pull_request:
+    types: [labeled]
+
+jobs:
+  gate:
+    if: github.event.label.name == 'cyclops'
+    runs-on: ubuntu-latest
+    outputs:
+      allowed: ${{ steps.check.outputs.allowed }}
+    steps:
+      - id: check
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PERM=$(gh api "repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission" --jq '.permission')
+          if [ "$PERM" = "admin" ]; then
+            echo "allowed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+  pr-audit:
+    needs: gate
+    if: needs.gate.outputs.allowed == 'true'
+    uses: tempoxyz/gh-actions/.github/workflows/pr-audit.yml@main
+    secrets: inherit

From dc340f0c4b079d1b62104df0e4ca1cb96f9bccdb Mon Sep 17 00:00:00 2001
From: Brendan Ryan <brendan@brendanjryan.com>
Date: Fri, 27 Mar 2026 12:51:41 -0700
Subject: [PATCH 2/2] chore: replace pr-audit workflow with reth-style inline
 curl

---
 .github/workflows/pr-audit.yml | 37 ++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/pr-audit.yml b/.github/workflows/pr-audit.yml
index 6dffe0d3..7019593e 100644
--- a/.github/workflows/pr-audit.yml
+++ b/.github/workflows/pr-audit.yml
@@ -1,27 +1,30 @@
-name: PR Audit
+name: Pull request audit
 
 on:
   pull_request:
     types: [labeled]
 
 jobs:
-  gate:
-    if: github.event.label.name == 'cyclops'
+  publish:
     runs-on: ubuntu-latest
-    outputs:
-      allowed: ${{ steps.check.outputs.allowed }}
+    if: github.event.label.name == 'cyclops'
     steps:
-      - id: check
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Publish event
         run: |
-          PERM=$(gh api "repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission" --jq '.permission')
-          if [ "$PERM" = "admin" ]; then
-            echo "allowed=true" >> "$GITHUB_OUTPUT"
-          fi
+          set -euo pipefail
+
+          echo "${{ secrets.EVENTS_KEY }}" > ${{ runner.temp }}/key
+          echo "${{ secrets.EVENTS_CERT }}" > ${{ runner.temp }}/cert
 
-  pr-audit:
-    needs: gate
-    if: needs.gate.outputs.allowed == 'true'
-    uses: tempoxyz/gh-actions/.github/workflows/pr-audit.yml@main
-    secrets: inherit
+          curl -sf -o /dev/null -X POST ${{ secrets.EVENTS_ARGS }} \
+            -H "Content-Type: application/json" \
+            --key ${{ runner.temp }}/key \
+            --cert ${{ runner.temp }}/cert \
+            -d '{
+              "repository": "${{ github.repository }}",
+              "event": "pr_audit",
+              "data": {
+                "pr_number": ${{ github.event.pull_request.number }},
+                "sha": "${{ github.event.pull_request.head.sha }}"
+              }
+            }'