feat: Auto-resolve pr_body.md conflicts before Codex runs

[stranske]

Source: Issue #123

Automated Status Summary

Scope

After merging PR #103 (multi-agent routing infrastructure), we need to:

1. Validate the CLI agent pipeline works end-to-end with the new task-focused prompts
2. Add GITHUB_STEP_SUMMARY output so iteration results are visible in the Actions UI
3. Streamline the Automated Status Summary to reduce clutter when using CLI agents
4. Clean up comment patterns to avoid a mix of old UI-agent and new CLI-agent comments

Context for Agent

Design Decisions & Constraints

• 4. Clean up comment patterns to avoid a mix of old UI-agent and new CLI-agent comments
• The keepalive loop now:
• | <!-- keepalive-loop-summary --> | github-actions[bot] | NEW: CLI agent iteration tracking | ✅ Keep for CLI agents |
• | <!-- keepalive-state:v1 --> | agents-workflows-bot[bot] | State tracking | ⚠️ Multiple copies accumulate |
• | <!-- keepalive-round: N --> | stranske | OLD: Instruction comment | ❌ CLI agents dont need this |
• The goal: For CLI agents (agent:* label), we should have exactly one updating comment (<!-- keepalive-loop-summary -->) instead of accumulating 10+ comments per PR.
• Requires PR #103 to be merged first
• This round you MUST:
• Review the Scope/Tasks/Acceptance below, identify the next incomplete task that requires code, implement it, then post a reply comment with the completed items using their exact original text.

Related Issues/PRs

• #103
• #89
• #123

References

• https://github.com/stranske/Workflows/compare/main...codex/issue-123?expand=1

Blockers & Dependencies

• After merging PR #103 (multi-agent routing infrastructure), we need to:
• 3. Mark a task checkbox complete ONLY after verifying the implementation works.

Tasks

Pipeline Validation

• After PR chore(codex): bootstrap PR for issue #101 #103 merges, create a test PR with agent:codex label
• Verify task appendix appears in Codex prompt (check workflow logs)
• Verify Codex works on actual tasks (not random infrastructure work)
• Verify keepalive comment updates with iteration progress

GITHUB_STEP_SUMMARY

• Add step summary output to agents-keepalive-loop.yml after agent run
• Include: iteration number, tasks completed, files changed, outcome
• Ensure summary is visible in workflow run UI

Conditional Status Summary

• Modify buildStatusBlock() in agents_pr_meta_update_body.js to accept agentType parameter
• When agentType is set (CLI agent): hide workflow table, hide head SHA/required checks
• Keep Scope/Tasks/Acceptance checkboxes for all cases
• Pass agent type from workflow to the update_body job

Comment Pattern Cleanup

• For CLI agents (agent:* label):
• Suppress <!-- gate-summary: --> comment posting (use step summary instead)
• Suppress <!-- keepalive-round: N --> instruction comments (task appendix replaces this)
• Update <!-- keepalive-loop-summary --> to be the single source of truth
• Ensure state marker is embedded in the summary comment (not separate)
• For UI Codex (no agent:* label):
• Keep existing comment patterns (instruction comments, connector bot reports)
• Keep <!-- gate-summary: --> comment
• Add agent_type output to detect job so downstream workflows know the mode
• Update agents-pr-meta.yml to conditionally skip gate summary for CLI agent PRs

Acceptance criteria

• CLI agent receives explicit tasks in prompt and works on them
• Iteration results visible in Actions workflow run summary
• PR body shows checkboxes but not workflow clutter when using CLI agents
• UI Codex path (no agent label) continues to show full status summary
• CLI agent PRs have ≤3 bot comments total (summary, one per iteration update) instead of 10+
• State tracking is consolidated in the summary comment, not scattered

Dependencies

• - Requires PR chore(codex): bootstrap PR for issue #101 #103 to be merged first

Head SHA: fd727c9
Latest Runs: ✅ success — Gate
Required: gate: ✅ success

Workflow / Job	Result	Logs
Agents PR meta manager	❔ in progress	View run
Auto-label Dependabot PRs	⏭️ skipped	View run
CI Autofix Loop	✅ success	View run
Copilot code review	❔ in progress	View run
Gate	✅ success	View run
Health 40 Sweep	✅ success	View run
Health 44 Gate Branch Protection	✅ success	View run
Health 45 Agents Guard	✅ success	View run
Health 50 Security Scan	✅ success	View run
Maint 52 Validate Workflows	✅ success	View run
PR 11 - Minimal invariant CI	✅ success	View run
Selftest CI	✅ success	View run
Validate Sync Manifest	✅ success	View run

[github-actions]

Automated Status Summary

Head SHA: fe24e46
Latest Runs: ⏳ pending — Gate
Required contexts: Gate / gate, Health 45 Agents Guard / Enforce agents workflow protections
Required: core tests (3.11): ⏳ pending, core tests (3.12): ⏳ pending, docker smoke: ⏳ pending, gate: ⏳ pending

Workflow / Job	Result	Logs
(no jobs reported)	⏳ pending	—

Coverage Overview

• Coverage history entries: 1

Coverage Trend

Metric	Value
Current	92.21%
Baseline	85.00%
Delta	+7.21%
Minimum	70.00%
Status	✅ Pass

Top Coverage Hotspots (lowest coverage)

File	Coverage	Missing
scripts/workflow_health_check.py	62.6%	28
scripts/classify_test_failures.py	62.9%	37
scripts/ledger_validate.py	65.3%	63
scripts/mypy_return_autofix.py	82.6%	11
scripts/ledger_migrate_base.py	85.5%	13
scripts/fix_cosmetic_aggregate.py	92.3%	1
scripts/coverage_history_append.py	92.8%	2
scripts/workflow_validator.py	93.3%	4
scripts/update_autofix_expectations.py	93.9%	1
scripts/pr_metrics_tracker.py	95.7%	3
scripts/generate_residual_trend.py	96.6%	1
scripts/build_autofix_pr_comment.py	97.0%	2
scripts/aggregate_agent_metrics.py	97.2%	0
scripts/fix_numpy_asserts.py	98.1%	0
scripts/sync_test_dependencies.py	98.3%	1

Updated automatically; will refresh on subsequent CI/Docker completions.

---

Keepalive checklist

Scope

No scope information available

Tasks

• No tasks defined

Acceptance criteria

• No acceptance criteria defined

[github-actions]

🤖 Keepalive Loop Status

PR #685 | Agent: Codex | Iteration 0/5

Current State

Metric	Value
Iteration progress	[----------] 0/5
Action	wait (missing-agent-label)
Disposition	skipped (transient)
Gate	success
Tasks	0/28 complete
Keepalive	❌ disabled
Autofix	❌ disabled

🔍 Failure Classification

| Error type | infrastructure |
| Error category | resource |
| Suggested recovery | Confirm the referenced resource exists (repo, PR, branch, workflow, or file). |

[Copilot]

Pull request overview

This PR introduces automated resolution of trivial merge conflicts for PR-specific files (like pr_body.md) before invoking Codex. The goal is to reduce unnecessary Codex invocations for predictable file conflicts that can be automatically resolved using the "ours" merge strategy.

Key changes:

• Added a new resolve-trivial-conflicts job that runs before Codex when conflicts are detected
• Auto-resolves PR-specific files using git checkout --ours strategy
• Modified run-codex job to skip execution when all conflicts were trivially resolved
• Added standalone script .github/scripts/auto_resolve_ignored_conflicts.sh for manual use

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

File	Description
templates/consumer-repo/.github/workflows/agents-keepalive-loop.yml	Adds resolve-trivial-conflicts job and updates run-codex job dependencies and conditions
.github/scripts/auto_resolve_ignored_conflicts.sh	New standalone script for auto-resolving PR-specific file conflicts

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The file list here contains only 3 files, but the standalone script at .github/scripts/auto_resolve_ignored_conflicts.sh contains 6 files (including "coverage-trend-history.ndjson", "metrics-history.ndjson", and "residual-trend-history.ndjson"). These lists should be consistent to ensure the same behavior across different usage contexts.

Suggested change

	IGNORED_FILES=("pr_body.md" "ci/autofix/history.json" "keepalive-metrics.ndjson")
	IGNORED_FILES=("pr_body.md" "ci/autofix/history.json" "keepalive-metrics.ndjson" "coverage-trend-history.ndjson" "metrics-history.ndjson" "residual-trend-history.ndjson")

[Copilot]

The condition only checks for 'skipped' result, not 'failure'. If the resolve-trivial-conflicts job fails (e.g., git push fails at line 399), the run-codex job will not execute because the condition doesn't account for the 'failure' result. Consider updating the condition to also handle job failures, for example: needs.resolve-trivial-conflicts.result == 'skipped' || needs.resolve-trivial-conflicts.result == 'failure' || needs.resolve-trivial-conflicts.outputs.remaining_conflicts != '0'

Suggested change

	(needs.resolve-trivial-conflicts.result == 'skipped' ||
	(needs.resolve-trivial-conflicts.result == 'skipped' ||
	needs.resolve-trivial-conflicts.result == 'failure' ||

[Copilot]

When the merge fails but no unmerged files are detected by git diff --name-only --diff-filter=U (REMAINING=0, RESOLVED=0), neither the commit branch (line 397) nor the abort branch (line 401) executes. This leaves the repository in a conflicted merge state without cleanup. Consider adding an else clause to handle this edge case, likely by aborting the merge with git merge --abort.

Suggested change

	git merge --abort || true
	git merge --abort || true
	else
	echo "⚠ Merge did not complete successfully, but no conflicts were detected (resolved=$RESOLVED, remaining=$REMAINING). Aborting merge to clean up state."
	git merge --abort || true

[Copilot]

The commit message lists all files in the IGNORED_CONFLICT_FILES array, regardless of which files actually had conflicts and were resolved. This could be misleading. Consider only listing the files that were actually resolved in this specific merge, similar to how the workflow inline script does it.

[Copilot]

The condition checks vars.WORKFLOWS_APP_ID but the preflight job at line 266 checks secrets.WORKFLOWS_APP_ID, and line 423 passes secrets.WORKFLOWS_APP_ID to the reusable workflow. This inconsistency could cause the app token generation to be skipped when WORKFLOWS_APP_ID is stored as a secret (the recommended approach per line 15 in the file header). Consider using secrets.WORKFLOWS_APP_ID here for consistency, or clarify if the App ID should be stored in vars vs secrets.

Suggested change

	if: ${{ vars.WORKFLOWS_APP_ID != '' }}
	uses: actions/create-github-app-token@v2
	with:
	app-id: ${{ vars.WORKFLOWS_APP_ID }}
	if: ${{ secrets.WORKFLOWS_APP_ID != '' }}
	uses: actions/create-github-app-token@v2
	with:
	app-id: ${{ secrets.WORKFLOWS_APP_ID }}

[Copilot]

When the merge fails but no unmerged files are found (RESOLVED_COUNT=0, REMAINING_CONFLICTS empty), the script attempts to commit at line 83. Since no files were staged, git commit will fail with "nothing to commit", and due to set -e at line 13, the script will exit with an error code. Consider checking if RESOLVED_COUNT > 0 before attempting to commit, or handling the edge case where a merge conflict is reported but no conflicted files are detected.