chore: sync workflow templates

[stranske]

Sync Summary

Files Updated

• autofix.yml: Autofix workflow - automatically fixes lint/format issues
• agents-pr-meta.yml: PR metadata - tracks agent PR state and labels (deprecated; replaced by agents-80-pr-event-hub.yml, removal no earlier than 2026-02-15)
• agents-issue-intake.yml: Issue intake - processes new issues for agent assignment
• agents-80-pr-event-hub.yml: PR event hub - consolidates PR meta, bot comments, and verify-to-issue handlers
• agents-81-gate-followups.yml: Gate followups hub - consolidates keepalive and autofix followups
• agents-keepalive-loop.yml: Keepalive loop - continues agent work until tasks complete (deprecated; replaced by agents-81-gate-followups.yml, removal no earlier than 2026-02-15)
• agents-keepalive-loop-reporter.yml: Keepalive reporter - posts summary when keepalive run fails or cancels
• agents-71-codex-belt-dispatcher.yml: Codex belt dispatcher - selects issues and creates agent branches for work
• agents-72-codex-belt-worker.yml: Codex belt worker - executes agent on issues with full prompt and context
• agents-73-codex-belt-conveyor.yml: Codex belt conveyor - orchestrates belt worker execution and handles completion
• agents-autofix-loop.yml: Autofix loop - dispatches Codex when autofix can't fix Gate failures (deprecated; replaced by agents-81-gate-followups.yml, removal no earlier than 2026-02-15)
• agents-autofix-dispatcher.yml: Autofix dispatch bridge - listens for Gate repository_dispatch events and triggers the autofix loop
• agents-verifier.yml: Verifier - validates agent work meets acceptance criteria
• agents-bot-comment-handler.yml: Bot comment handler - dispatches agents to address bot review comments (deprecated; replaced by agents-80-pr-event-hub.yml, removal no earlier than 2026-02-15)
• agents-issue-optimizer.yml: Issue optimizer - LangChain-based issue formatting and optimization (Phase 1)
• agents-verify-to-issue.yml: Verify to issue v1 (DEPRECATED) - disabled workflow, replaced by v2
• agents-verify-to-issue-v2.yml: Verify to issue v2 - creates follow-up issues from verification feedback with LLM curation (Phase 4E; deprecated for agents-80-pr-event-hub.yml, removal no earlier than 2026-02-15)
• agents-verify-to-new-pr.yml: Verify to new PR - creates follow-up issue and immediately dispatches auto-pilot to prepare a replacement PR (bridge inlined)
• agents-auto-label.yml: Auto-label - suggests/applies labels based on semantic matching (Phase 5A)
• agents-capability-check.yml: Capability check - pre-flight agent feasibility gate (Phase 3A)
• agents-decompose.yml: Task decomposition - breaks large issues into sub-tasks (Phase 3B)
• agents-dedup.yml: Duplicate detection - flags similar open issues (Phase 3C)
• agents-guard.yml: Agents guard - enforces agents workflow protections (Health 45)
• agents-auto-pilot.yml: Auto-pilot - end-to-end automation orchestrator (format → optimize → agent → verify)
• agents-weekly-metrics.yml: Weekly metrics - aggregates auto-pilot, keepalive, autofix and verifier metrics into summary reports
• maint-coverage-guard.yml: Coverage guard - daily baseline monitoring with automatic issue creation
• maint-76-claude-code-review.yml: Claude Code review (opt-in) - runs only on labeled PRs or manual dispatch
• dependabot-automerge.yml: Dependabot auto-merge - automatically merges dependabot PRs when checks pass
• reusable-pr-context.yml: Reusable PR context workflow - centralized PR data fetching via GraphQL

Files Skipped

• pr-00-gate.yml: File exists and sync_mode is create_only
• ci.yml: File exists and sync_mode is create_only
• dependabot.yml: File exists and sync_mode is create_only
• llm_slots.json: None

---

Review Checklist

• CI passes with updated workflows
• No repo-specific customizations were overwritten

Source: stranske/Workflows
Manifest: .github/sync-manifest.yml

[agents-workflows-bot]

⚠️ Action Required: Unable to determine source issue for PR #752. The PR title, branch name, or body must contain the issue number (e.g. #123, branch: issue-123, or the hidden marker ).

[agents-workflows-bot]

🤖 Keepalive Loop Status

PR #752 | Agent: Codex | Iteration 0/5

Current State

Metric	Value
Iteration progress	[----------] 0/5
Action	wait (missing-agent-label)
Disposition	skipped (transient)
Gate	success
Tasks	0/33 complete
Timeout	45 min (default)
Timeout usage	5m elapsed (13%, 40m remaining)
Keepalive	❌ disabled
Autofix	❌ disabled

🔍 Failure Classification

| Error type | infrastructure |
| Error category | resource |
| Suggested recovery | Confirm the referenced resource exists (repo, PR, branch, workflow, or file). |

[agents-workflows-bot]

Keepalive Work Log (click to expand)

#	Time (UTC)	Agent	Action	Result	Files	Tasks	Progress	Commit	Gate
0	2026-03-07 21:37:48	Codex	wait (missing-agent-label-transient)	skipped	—	0	0/33	—	—
0	2026-03-07 21:40:14	Codex	wait (missing-agent-label-transient)	skipped	—	0	0/33	—	cancelled
0	2026-03-07 21:41:50	Codex	wait (missing-agent-label-transient)	skipped	—	0	0/33	—	success

[Copilot]

Pull request overview

This PR syncs workflow templates from the central stranske/Workflows repository to pin all GitHub Actions to specific commit SHAs (instead of floating version tags) for supply chain security, and applies minor version bumps and retry-wrapper additions from upstream.

Changes:

• Pins all GitHub Actions references across 27 workflow files to immutable commit SHAs with version comments (e.g., actions/checkout@v6 → actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6)
• Bumps actions/upload-artifact from v6 to v7 and actions/download-artifact from v7 to v8
• Adds API retry wrapper infrastructure (checkout, setup-api-client, createTokenAwareRetry) to maint-76-claude-code-review.yml and adds a missing setup-api-client sparse-checkout entry in agents-81-gate-followups.yml

Reviewed changes

Copilot reviewed 29 out of 29 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
reusable-pr-context.yml	SHA-pin checkout, create-github-app-token, github-script
maint-coverage-guard.yml	SHA-pin actions + bump download-artifact v7→v8
maint-76-claude-code-review.yml	SHA-pin actions + add API retry wrappers to resolve-target job
dependabot-automerge.yml	SHA-pin checkout, fetch-metadata, github-script
autofix.yml	SHA-pin checkout, github-script
agents-weekly-metrics.yml	SHA-pin actions + bump upload-artifact v6→v7
agents-verify-to-new-pr.yml	SHA-pin checkout, setup-python, github-script
agents-verify-to-issue.yml	SHA-pin checkout, github-script
agents-verify-to-issue-v2.yml	SHA-pin checkout, setup-python, github-script
agents-verifier.yml	SHA-pin checkout, github-script
agents-pr-meta.yml	SHA-pin github-script
agents-keepalive-loop.yml	SHA-pin actions + bump upload-artifact v6→v7
agents-keepalive-loop-reporter.yml	SHA-pin checkout, github-script
agents-issue-optimizer.yml	SHA-pin checkout, create-github-app-token, setup-python, github-script
agents-issue-intake.yml	SHA-pin github-script
agents-guard.yml	SHA-pin checkout, create-github-app-token, github-script, setup-api-client
agents-dedup.yml	SHA-pin checkout, setup-python, github-script
agents-decompose.yml	SHA-pin checkout, setup-python, github-script
agents-capability-check.yml	SHA-pin checkout, setup-python, github-script
agents-bot-comment-handler.yml	SHA-pin checkout, github-script
agents-autofix-loop.yml	SHA-pin actions + bump upload-artifact v6→v7
agents-autofix-dispatcher.yml	SHA-pin checkout, create-github-app-token, github-script
agents-auto-pilot.yml	SHA-pin actions + bump upload-artifact v6→v7
agents-auto-label.yml	SHA-pin checkout, setup-python, github-script
agents-81-gate-followups.yml	SHA-pin actions + bump upload-artifact v6→v7 + add setup-api-client sparse-checkout
agents-80-pr-event-hub.yml	SHA-pin checkout, setup-python, github-script
agents-73-codex-belt-conveyor.yml	SHA-pin create-github-app-token, checkout, github-script
agents-72-codex-belt-worker.yml	SHA-pin create-github-app-token, checkout, github-script
agents-71-codex-belt-dispatcher.yml	SHA-pin create-github-app-token, checkout, github-script

---

You can also share your feedback on Copilot code review. Take the survey.