chore: sync workflow templates

[stranske]

Sync Summary

Files Updated

• autofix.yml: Autofix workflow - automatically fixes lint/format issues
• agents-pr-meta.yml: PR metadata - tracks agent PR state and labels (deprecated; replaced by agents-80-pr-event-hub.yml, removal no earlier than 2026-02-15)
• agents-issue-intake.yml: Issue intake - processes new issues for agent assignment
• agents-80-pr-event-hub.yml: PR event hub - consolidates PR meta, bot comments, and verify-to-issue handlers
• agents-81-gate-followups.yml: Gate followups hub - consolidates keepalive and autofix followups
• agents-keepalive-loop.yml: Keepalive loop - continues agent work until tasks complete (deprecated; replaced by agents-81-gate-followups.yml, removal no earlier than 2026-02-15)
• agents-keepalive-loop-reporter.yml: Keepalive reporter - posts summary when keepalive run fails or cancels
• agents-71-codex-belt-dispatcher.yml: Codex belt dispatcher - selects issues and creates agent branches for work
• agents-72-codex-belt-worker.yml: Codex belt worker - executes agent on issues with full prompt and context
• agents-73-codex-belt-conveyor.yml: Codex belt conveyor - orchestrates belt worker execution and handles completion
• agents-autofix-loop.yml: Autofix loop - dispatches Codex when autofix can't fix Gate failures (deprecated; replaced by agents-81-gate-followups.yml, removal no earlier than 2026-02-15)
• agents-autofix-dispatcher.yml: Autofix dispatch bridge - listens for Gate repository_dispatch events and triggers the autofix loop
• agents-verifier.yml: Verifier - validates agent work meets acceptance criteria
• agents-bot-comment-handler.yml: Bot comment handler - dispatches agents to address bot review comments (deprecated; replaced by agents-80-pr-event-hub.yml, removal no earlier than 2026-02-15)
• agents-issue-optimizer.yml: Issue optimizer - LangChain-based issue formatting and optimization (Phase 1)
• agents-verify-to-issue.yml: Verify to issue v1 (DEPRECATED) - disabled workflow, replaced by v2
• agents-verify-to-issue-v2.yml: Verify to issue v2 - creates follow-up issues from verification feedback with LLM curation (Phase 4E; deprecated for agents-80-pr-event-hub.yml, removal no earlier than 2026-02-15)
• agents-verify-to-new-pr.yml: Verify to new PR - creates follow-up issue and immediately dispatches auto-pilot to prepare a replacement PR (bridge inlined)
• agents-auto-label.yml: Auto-label - suggests/applies labels based on semantic matching (Phase 5A)
• agents-capability-check.yml: Capability check - pre-flight agent feasibility gate (Phase 3A)
• agents-decompose.yml: Task decomposition - breaks large issues into sub-tasks (Phase 3B)
• agents-dedup.yml: Duplicate detection - flags similar open issues (Phase 3C)
• agents-guard.yml: Agents guard - enforces agents workflow protections (Health 45)
• agents-auto-pilot.yml: Auto-pilot - end-to-end automation orchestrator (format → optimize → agent → verify)
• agents-weekly-metrics.yml: Weekly metrics - aggregates auto-pilot, keepalive, autofix and verifier metrics into summary reports
• maint-coverage-guard.yml: Coverage guard - daily baseline monitoring with automatic issue creation
• maint-76-claude-code-review.yml: Claude Code review (opt-in) - runs only on labeled PRs or manual dispatch
• dependabot-automerge.yml: Dependabot auto-merge - automatically merges dependabot PRs when checks pass
• reusable-pr-context.yml: Reusable PR context workflow - centralized PR data fetching via GraphQL

Files Skipped

• pr-00-gate.yml: File exists and sync_mode is create_only
• ci.yml: File exists and sync_mode is create_only
• dependabot.yml: File exists and sync_mode is create_only
• llm_slots.json: None

---

Review Checklist

• CI passes with updated workflows
• No repo-specific customizations were overwritten

Source: stranske/Workflows
Manifest: .github/sync-manifest.yml

[agents-workflows-bot]

⚠️ Action Required: Unable to determine source issue for PR #320. The PR title, branch name, or body must contain the issue number (e.g. #123, branch: issue-123, or the hidden marker ).

[agents-workflows-bot]

🤖 Keepalive Loop Status

PR #320 | Agent: Codex | Iteration 0/5

Current State

Metric	Value
Iteration progress	[----------] 0/5
Action	wait (missing-agent-label)
Disposition	skipped (transient)
Gate	success
Tasks	0/33 complete
Timeout	45 min (default)
Timeout usage	8m elapsed (19%, 37m remaining)
Keepalive	❌ disabled
Autofix	❌ disabled

🔍 Failure Classification

| Error type | infrastructure |
| Error category | resource |
| Suggested recovery | Confirm the referenced resource exists (repo, PR, branch, workflow, or file). |

[agents-workflows-bot]

Keepalive Work Log (click to expand)

#	Time (UTC)	Agent	Action	Result	Files	Tasks	Progress	Commit	Gate
0	2026-03-07 21:37:24	Codex	wait (missing-agent-label-transient)	skipped	—	0	0/33	—	cancelled
0	2026-03-07 21:40:09	Codex	wait (missing-agent-label-transient)	skipped	—	0	0/33	—	cancelled
0	2026-03-07 21:40:49	Codex	wait (missing-agent-label-transient)	skipped	—	0	0/33	—	cancelled
0	2026-03-07 21:44:41	Codex	wait (missing-agent-label-transient)	skipped	—	0	0/33	—	success

[Copilot]

Pull request overview

Syncs this repo’s GitHub Actions workflows with the upstream stranske/Workflows templates, primarily standardizing on SHA-pinned action references and aligning orchestration workflows with the latest shared helpers.

Changes:

• Pin commonly used GitHub Actions (checkout/github-script/setup-*/artifact/etc.) to specific commit SHAs for supply-chain hardening and reproducibility.
• Update multiple agent automation workflows to the latest template versions (including consolidated PR event hubs / followups).
• Extend the opt-in Claude review workflow to checkout and use the shared API client + retry wrappers.

Reviewed changes

Copilot reviewed 29 out of 29 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/workflows/autofix.yml	Pin actions to SHAs for the autofix workflow.
.github/workflows/agents-pr-meta.yml	Pin github-script usage to a SHA.
.github/workflows/agents-issue-intake.yml	Pin github-script usage to a SHA.
.github/workflows/agents-80-pr-event-hub.yml	Pin actions to SHAs for consolidated PR event handling.
.github/workflows/agents-81-gate-followups.yml	Pin actions to SHAs; adjust sparse checkout to include shared helpers.
.github/workflows/agents-keepalive-loop.yml	Pin actions to SHAs across keepalive loop jobs.
.github/workflows/agents-keepalive-loop-reporter.yml	Pin actions to SHAs for keepalive reporting.
.github/workflows/agents-71-codex-belt-dispatcher.yml	Pin actions to SHAs for belt dispatcher.
.github/workflows/agents-72-codex-belt-worker.yml	Pin actions to SHAs for belt worker.
.github/workflows/agents-73-codex-belt-conveyor.yml	Pin actions to SHAs for belt conveyor.
.github/workflows/agents-autofix-loop.yml	Pin actions to SHAs across autofix loop jobs.
.github/workflows/agents-autofix-dispatcher.yml	Pin actions to SHAs for autofix dispatch bridge.
.github/workflows/agents-verifier.yml	Pin actions to SHAs for verifier.
.github/workflows/agents-bot-comment-handler.yml	Pin actions to SHAs for bot-comment handling.
.github/workflows/agents-issue-optimizer.yml	Pin actions to SHAs for issue optimizer.
.github/workflows/agents-verify-to-issue.yml	Pin actions to SHAs for verify→issue v1 workflow.
.github/workflows/agents-verify-to-issue-v2.yml	Pin actions to SHAs for verify→issue v2 workflow.
.github/workflows/agents-verify-to-new-pr.yml	Pin actions to SHAs for verify→new PR workflow.
.github/workflows/agents-auto-label.yml	Pin actions to SHAs for auto-labeling.
.github/workflows/agents-capability-check.yml	Pin actions to SHAs for capability check.
.github/workflows/agents-decompose.yml	Pin actions to SHAs for task decomposition.
.github/workflows/agents-dedup.yml	Pin actions to SHAs for duplicate detection.
.github/workflows/agents-guard.yml	Pin actions (and remote action refs) to SHAs for guard enforcement.
.github/workflows/agents-auto-pilot.yml	Pin actions to SHAs throughout the auto-pilot orchestrator.
.github/workflows/agents-weekly-metrics.yml	Pin actions to SHAs for weekly metrics aggregation/upload.
.github/workflows/maint-coverage-guard.yml	Pin actions to SHAs for the coverage guard workflow.
.github/workflows/maint-76-claude-code-review.yml	Add checkout + shared API client setup; pin actions to SHAs.
.github/workflows/dependabot-automerge.yml	Pin actions to SHAs for dependabot auto-merge flow.
.github/workflows/reusable-pr-context.yml	Pin actions to SHAs in reusable PR context fetcher.

Comments suppressed due to low confidence (1)

.github/workflows/maint-coverage-guard.yml:126

• In guard job, the second actions/checkout uses sparse-checkout without a path. Running checkout twice in the same workspace will update the working tree to the sparse set and can remove the rest of the repo, so the later python tools/coverage_guard.py (and baseline config reads) may fail because those files are no longer present. Consider either (a) removing the second checkout and instead passing the App token to the initial full checkout, or (b) checking out the retry helpers into a separate path: so it doesn't overwrite the main workspace.

      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Checkout retry helpers
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:

          token: ${{ steps.app_token.outputs.token || github.token }}
          sparse-checkout: |

---

You can also share your feedback on Copilot code review. Take the survey.