create-agentic-pdlc 2.3.0 → 2.4.0

package/.agentic-pdlc/templates/.github/workflows/pdlc-health-check.yml

@@ -1,121 +0,0 @@
-name: PDLC Health Check (Drift Detection)
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 8 * * 1' # Every Monday at 8am
-
-env:
-  PROJECT_ID: "{{PROJECT_ID}}"
-  STATUS_FIELD_ID: "{{STATUS_FIELD_ID}}"
-  STATUS_BRAINSTORMING: "{{ID_BRAINSTORMING}}"
-  STATUS_DETAILING: "{{ID_DETAILING}}"
-  STATUS_APPROVAL: "{{ID_APPROVAL}}"
-  STATUS_DEVELOPMENT: "{{ID_DEVELOPMENT}}"
-  STATUS_TESTING: "{{ID_TESTING}}"
-  STATUS_CODE_REVIEW_PR: "{{ID_CODE_REVIEW_PR}}"
-  STATUS_PRODUCTION: "{{ID_PRODUCTION}}"
-
-jobs:
-  check-drift:
-    name: Detect Project Board Drift
-    runs-on: ubuntu-latest
-    env:
-      PROJECT_TOKEN: ${{ secrets.PROJECT_TOKEN }}
-    permissions:
-      issues: write
-    steps:
-      - name: Validate Board Configuration
-        if: ${{ env.PROJECT_TOKEN != '' && env.PROJECT_ID != '{{PROJECT_ID}}' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ env.PROJECT_TOKEN }}
-          script: |
-            const projectId = process.env.PROJECT_ID;
-            const statusFieldId = process.env.STATUS_FIELD_ID;
-            const envVars = {
-              'STATUS_BRAINSTORMING': process.env.STATUS_BRAINSTORMING,
-              'STATUS_DETAILING': process.env.STATUS_DETAILING,
-              'STATUS_APPROVAL': process.env.STATUS_APPROVAL,
-              'STATUS_DEVELOPMENT': process.env.STATUS_DEVELOPMENT,
-              'STATUS_TESTING': process.env.STATUS_TESTING,
-              'STATUS_CODE_REVIEW_PR': process.env.STATUS_CODE_REVIEW_PR,
-              'STATUS_PRODUCTION': process.env.STATUS_PRODUCTION
-            };
-
-            const query = `
-              query($projectId: ID!) {
-                node(id: $projectId) {
-                  ... on ProjectV2 {
-                    title
-                    fields(first: 20) {
-                      nodes {
-                        ... on ProjectV2SingleSelectField {
-                          id
-                          name
-                          options {
-                            id
-                            name
-                          }
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-            `;
-
-            let result;
-            try {
-              result = await github.graphql(query, { projectId });
-            } catch (error) {
-              console.log("❌ Error fetching project. Verify your PROJECT_ID.");
-              console.log(error);
-              return;
-            }
-
-            const project = result.node;
-            if (!project) {
-              console.log("❌ Project not found.");
-              return;
-            }
-
-            const statusField = project.fields.nodes.find(f => f.id === statusFieldId);
-            if (!statusField) {
-              console.log("❌ Status field not found.");
-              return;
-            }
-
-            const validOptions = statusField.options;
-            const validOptionIds = validOptions.map(o => o.id);
-
-            let hasDrift = false;
-            let missingVars = [];
-
-            for (const [varName, id] of Object.entries(envVars)) {
-              if (id && !id.startsWith('{{') && !validOptionIds.includes(id)) {
-                hasDrift = true;
-                missingVars.push(varName);
-              }
-            }
-
-            if (hasDrift) {
-              console.log("🚨 Drift detected! The following mapped columns no longer exist: " + missingVars.join(", "));
-              
-              let table = "| Column Name | New ID |\n|---|---|\n";
-              validOptions.forEach(opt => {
-                table += `| ${opt.name} | \`${opt.id}\` |\n`;
-              });
-
-              const body = `🚨 **Agentic PDLC Drift Detected**\n\nThe following columns mapped in your \`.github/workflows/project-automation.yml\` no longer exist in your project board:\n\n**${missingVars.join(", ")}**\n\n### How to fix it:\nHere is the list of current columns in your board with their valid IDs. Please update the \`env\` block in your \`.github/workflows/project-automation.yml\` and \`.github/workflows/pdlc-health-check.yml\`.\n\n${table}`;
-
-              await github.rest.issues.create({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                title: '🚨 Agentic PDLC Drift Detected in Project Board',
-                body: body,
-                labels: ['bug']
-              });
-            } else {
-              console.log("✅ No drift detected. Board configuration is healthy.");
-            }

package/.agentic-pdlc/templates/.github/workflows/pdlc-stage-gate.yml

@@ -1,51 +0,0 @@
-name: PDLC Stage Gate
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, labeled, unlabeled]
-
-permissions:
-  pull-requests: read
-  issues: read
-
-jobs:
-  stage-gate:
-    name: PDLC Stage Gate
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check stage:approval
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -e
-          REPO="${{ github.repository }}"
-          PR_NUMBER="${{ github.event.pull_request.number }}"
-
-          PR_LABELS=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json labels --jq '[.labels[].name] | join(" ")')
-          if echo "$PR_LABELS" | grep -qw "hotfix"; then
-            echo "✅ Hotfix label — stage gate bypassed."
-            exit 0
-          fi
-
-          PR_BODY=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json body --jq '.body // ""')
-          ISSUE_NUMS=$(echo "$PR_BODY" | grep -oiE '(Closes?|Fixes?|Resolves?)\s+#([0-9]+)' | grep -oE '[0-9]+' || true)
-
-          if [ -z "$ISSUE_NUMS" ]; then
-            echo "❌ No linked issues in PR body."
-            echo "   Add 'Closes #N' to PR body, or add 'hotfix' label to PR for emergencies."
-            exit 1
-          fi
-
-          for NUM in $ISSUE_NUMS; do
-            LABELS=$(gh issue view "$NUM" --repo "$REPO" --json labels --jq '[.labels[].name] | join(" ")' 2>/dev/null || echo "")
-            if echo "$LABELS" | grep -qw "stage:approval" || echo "$LABELS" | grep -qw "spec:approved" || echo "$LABELS" | grep -qw "stage:development"; then
-              echo "✅ Issue #$NUM approved"
-            else
-              STAGE=$(echo "$LABELS" | tr ' ' '\n' | grep "^stage:" | head -1 || echo "none")
-              echo "❌ Issue #$NUM missing approval (current: $STAGE)"
-              echo "   Required: stage:approval OR spec:approved OR stage:development label on the issue."
-              echo "   Emergency bypass: add 'hotfix' label to this PR."
-              exit 1
-            fi
-          done
-
-          echo "✅ All linked issues approved."

package/.agentic-pdlc/templates/.github/workflows/project-automation.yml

@@ -1,274 +0,0 @@
-name: PDLC Board Automation
-
-on:
-  pull_request:
-    types: [opened, reopened, closed, labeled]
-  pull_request_review:
-    types: [submitted]
-  issues:
-    types: [labeled]
-
-env:
-  PROJECT_ID: "{{PROJECT_ID}}"
-  STATUS_FIELD_ID: "{{STATUS_FIELD_ID}}"
-  STATUS_IDEA: "{{ID_IDEA}}"
-  STATUS_BRAINSTORMING: "{{ID_BRAINSTORMING}}"
-  STATUS_DETAILING: "{{ID_DETAILING}}"
-  STATUS_APPROVAL: "{{ID_APPROVAL}}"
-  STATUS_DEVELOPMENT: "{{ID_DEVELOPMENT}}"
-  STATUS_TESTING: "{{ID_TESTING}}"
-  STATUS_CODE_REVIEW_PR: "{{ID_CODE_REVIEW_PR}}"
-  STATUS_PRODUCTION: "{{ID_PRODUCTION}}"
-
-jobs:
-  # Issue Labeled → Move Upstream
-  move-card-on-label:
-    name: Upstream Label → Move Card
-    if: github.event_name == 'issues' && github.event.action == 'labeled'
-    runs-on: ubuntu-latest
-    env:
-      PROJECT_PAT: ${{ secrets.PROJECT_PAT }}
-    steps:
-      - name: Detect Label and Move Issue
-        if: ${{ env.PROJECT_PAT != '' && env.PROJECT_ID != '{{PROJECT_ID}}' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ env.PROJECT_PAT }}
-          script: |
-            const labelName = context.payload.label.name;
-            let targetStatusId = null;
-            let stageName = null;
-
-            if (labelName === 'stage:brainstorming') {
-              targetStatusId = process.env.STATUS_BRAINSTORMING;
-              stageName = 'Brainstorming';
-            } else if (labelName === 'stage:detailing') {
-              targetStatusId = process.env.STATUS_DETAILING;
-              stageName = 'Detailing';
-            } else if (labelName === 'stage:approval') {
-              targetStatusId = process.env.STATUS_APPROVAL;
-              stageName = 'Approval';
-            } else if (labelName === 'stage:development') {
-              targetStatusId = process.env.STATUS_DEVELOPMENT;
-              stageName = 'Development';
-            } else if (labelName === 'stage:testing') {
-              targetStatusId = process.env.STATUS_TESTING;
-              stageName = 'Testing';
-            }
-
-            if (!targetStatusId) {
-              console.log('No stage PDLC label found. Skipping.');
-              return;
-            }
-
-            const { issue: { number, node_id } } = context.payload;
-
-            const moveItem = async (nodeId, statusId) => {
-              const { addProjectV2ItemById: { item } } = await github.graphql(`
-                mutation($p: ID!, $c: ID!) {
-                  addProjectV2ItemById(input: {projectId: $p, contentId: $c}) { item { id } }
-                }`, { p: process.env.PROJECT_ID, c: nodeId });
-
-              await github.graphql(`
-                mutation($p: ID!, $i: ID!, $f: ID!, $v: ProjectV2FieldValue!) {
-                  updateProjectV2ItemFieldValue(input: {projectId: $p, itemId: $i, fieldId: $f, value: $v}) {
-                    projectV2Item { id }
-                  }
-                }`, {
-                  p: process.env.PROJECT_ID, i: item.id, f: process.env.STATUS_FIELD_ID,
-                  v: { singleSelectOptionId: statusId }
-                });
-            };
-
-            await moveItem(node_id, targetStatusId);
-            console.log(`Issue #${number} moved to ${stageName}`);
-
-  # OPTIONAL: Uncomment to enable architecture-violation → Idea
-  # move-violation-to-board:
-  #   name: architecture-violation → 💡 Idea
-  #   if: github.event_name == 'issues' && github.event.action == 'labeled' && github.event.label.name == 'architecture-violation'
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Move issue to Idea
-  #       if: ${{ env.PROJECT_PAT != '' && env.PROJECT_ID != '{{PROJECT_ID}}' }}
-  #       uses: actions/github-script@v7
-  #       with:
-  #         github-token: ${{ env.PROJECT_PAT }}
-  #         script: |
-  #           const { issue: { number, node_id } } = context.payload;
-  #           const { addProjectV2ItemById: { item } } = await github.graphql(`
-  #             mutation($p: ID!, $c: ID!) {
-  #               addProjectV2ItemById(input: {projectId: $p, contentId: $c}) { item { id } }
-  #             }`, { p: process.env.PROJECT_ID, c: node_id });
-  #           await github.graphql(`
-  #             mutation($p: ID!, $i: ID!, $f: ID!, $v: ProjectV2FieldValue!) {
-  #               updateProjectV2ItemFieldValue(input: {projectId: $p, itemId: $i, fieldId: $f, value: $v}) {
-  #                 projectV2Item { id }
-  #               }
-  #             }`, {
-  #               p: process.env.PROJECT_ID, i: item.id, f: process.env.STATUS_FIELD_ID,
-  #               v: { singleSelectOptionId: process.env.STATUS_IDEA }
-  #             });
-  #           console.log(`Issue #${number} moved to Idea`);
-
-  # PR Opened → Move linked issue to Testing (Variant B — QA Agent enabled)
-  move-card-on-pr-open:
-    name: Open PR → Testing
-    if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened')
-    runs-on: ubuntu-latest
-    env:
-      PROJECT_PAT: ${{ secrets.PROJECT_PAT }}
-    steps:
-      - name: Move linked issue to Testing
-        if: ${{ env.PROJECT_PAT != '' && env.PROJECT_ID != '{{PROJECT_ID}}' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ env.PROJECT_PAT }}
-          script: |
-            const prNumber = context.payload.pull_request.number;
-            const { owner, repo } = context.repo;
-
-            const { data: pr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber });
-            const body = pr.body ?? '';
-
-            // Extract issues linked via "Closes #N", "Fixes #N", "Resolves #N"
-            const linkedIssues = [...body.matchAll(/(?:Closes?|Fixes?|Resolves?)\s+#(\d+)/gi)]
-              .map(m => parseInt(m[1]));
-
-            const moveItem = async (nodeId) => {
-              const { addProjectV2ItemById: { item } } = await github.graphql(`
-                mutation($p: ID!, $c: ID!) {
-                  addProjectV2ItemById(input: {projectId: $p, contentId: $c}) { item { id } }
-                }`, { p: process.env.PROJECT_ID, c: nodeId });
-
-              await github.graphql(`
-                mutation($p: ID!, $i: ID!, $f: ID!, $v: ProjectV2FieldValue!) {
-                  updateProjectV2ItemFieldValue(input: {projectId: $p, itemId: $i, fieldId: $f, value: $v}) {
-                    projectV2Item { id }
-                  }
-                }`, {
-                  p: process.env.PROJECT_ID, i: item.id, f: process.env.STATUS_FIELD_ID,
-                  v: { singleSelectOptionId: process.env.STATUS_TESTING }
-                });
-            };
-
-            if (linkedIssues.length > 0) {
-              for (const n of linkedIssues) {
-                const { data: issue } = await github.rest.issues.get({ owner, repo, issue_number: n });
-                await moveItem(issue.node_id);
-                console.log(`Issue #${n} → Testing`);
-              }
-            } else {
-              await moveItem(pr.node_id);
-              console.log(`PR #${prNumber} → Testing (no linked issue)`);
-            }
-
-            await github.rest.issues.addLabels({ owner, repo, issue_number: prNumber, labels: ['pr:in-review'] }).catch(() => {});
-
-  # QA Approved → Move linked issue to Code Review / PR
-  move-card-on-qa-pass:
-    name: qa:approved → Code Review / PR
-    if: github.event_name == 'pull_request' && github.event.action == 'labeled' && github.event.label.name == 'qa:approved'
-    runs-on: ubuntu-latest
-    env:
-      PROJECT_PAT: ${{ secrets.PROJECT_PAT }}
-    steps:
-      - name: Move linked issue to Code Review / PR
-        if: ${{ env.PROJECT_PAT != '' && env.PROJECT_ID != '{{PROJECT_ID}}' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ env.PROJECT_PAT }}
-          script: |
-            const prNumber = context.payload.pull_request.number;
-            const { owner, repo } = context.repo;
-            const { data: pr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber });
-            const body = pr.body ?? '';
-            const linkedIssues = [...body.matchAll(/(?:Closes?|Fixes?|Resolves?)\s+#(\d+)/gi)].map(m => parseInt(m[1]));
-            const moveItem = async (nodeId) => {
-              const { addProjectV2ItemById: { item } } = await github.graphql(`
-                mutation($p: ID!, $c: ID!) {
-                  addProjectV2ItemById(input: {projectId: $p, contentId: $c}) { item { id } }
-                }`, { p: process.env.PROJECT_ID, c: nodeId });
-              await github.graphql(`
-                mutation($p: ID!, $i: ID!, $f: ID!, $v: ProjectV2FieldValue!) {
-                  updateProjectV2ItemFieldValue(input: {projectId: $p, itemId: $i, fieldId: $f, value: $v}) {
-                    projectV2Item { id }
-                  }
-                }`, {
-                  p: process.env.PROJECT_ID, i: item.id, f: process.env.STATUS_FIELD_ID,
-                  v: { singleSelectOptionId: process.env.STATUS_CODE_REVIEW_PR }
-                });
-            };
-            if (linkedIssues.length > 0) {
-              for (const n of linkedIssues) {
-                const { data: issue } = await github.rest.issues.get({ owner, repo, issue_number: n });
-                await moveItem(issue.node_id);
-                console.log(`Issue #${n} → Code Review / PR`);
-              }
-            } else {
-              await moveItem(pr.node_id);
-              console.log(`PR #${prNumber} → Code Review / PR (no linked issue)`);
-            }
-
-  # Review Approved → Add Label
-  move-card-on-review-approved:
-    name: Approved PR → Add Label
-    if: github.event_name == 'pull_request_review' && github.event.review.state == 'approved'
-    runs-on: ubuntu-latest
-    env:
-      PROJECT_PAT: ${{ secrets.PROJECT_PAT }}
-    steps:
-      - name: Swap PR labels
-        if: ${{ env.PROJECT_PAT != '' && env.PROJECT_ID != '{{PROJECT_ID}}' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ env.PROJECT_PAT }}
-          script: |
-            const prNumber = context.payload.pull_request.number;
-            const { owner, repo } = context.repo;
-            try { await github.rest.issues.removeLabel({ owner, repo, issue_number: prNumber, name: 'pr:in-review' }); } catch {}
-            await github.rest.issues.addLabels({ owner, repo, issue_number: prNumber, labels: ['pr:approved'] }).catch(() => {});
-
-  # PR Merged → Production
-  move-card-on-pr-merge:
-    name: Merged PR → Production
-    if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true
-    runs-on: ubuntu-latest
-    env:
-      PROJECT_PAT: ${{ secrets.PROJECT_PAT }}
-    steps:
-      - name: Move issue to Production
-        if: ${{ env.PROJECT_PAT != '' && env.PROJECT_ID != '{{PROJECT_ID}}' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ env.PROJECT_PAT }}
-          script: |
-            const prNumber = context.payload.pull_request.number;
-            const { owner, repo } = context.repo;
-            const { data: pr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber });
-            const body = pr.body ?? '';
-            const linkedIssues = [...body.matchAll(/(?:Closes?|Fixes?|Resolves?)\s+#(\d+)/gi)].map(m => parseInt(m[1]));
-
-            const moveItem = async (nodeId) => {
-              const { addProjectV2ItemById: { item } } = await github.graphql(`
-                mutation($p: ID!, $c: ID!) {
-                  addProjectV2ItemById(input: {projectId: $p, contentId: $c}) { item { id } }
-                }`, { p: process.env.PROJECT_ID, c: nodeId });
-              await github.graphql(`
-                mutation($p: ID!, $i: ID!, $f: ID!, $v: ProjectV2FieldValue!) {
-                  updateProjectV2ItemFieldValue(input: {projectId: $p, itemId: $i, fieldId: $f, value: $v}) {
-                    projectV2Item { id }
-                  }
-                }`, { p: process.env.PROJECT_ID, i: item.id, f: process.env.STATUS_FIELD_ID,
-                      v: { singleSelectOptionId: process.env.STATUS_PRODUCTION } });
-            };
-
-            if (linkedIssues.length > 0) {
-              for (const n of linkedIssues) {
-                const { data: issue } = await github.rest.issues.get({ owner, repo, issue_number: n });
-                await moveItem(issue.node_id);
-                console.log(`Issue #${n} → Production`);
-              }
-            } else {
-              await moveItem(pr.node_id);
-            }

package/.agentic-pdlc/templates/.github/workflows/protect-workflows.yml

@@ -1,21 +0,0 @@
-name: Protect Workflows
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, labeled]
-    paths:
-      - '.github/**'
-
-jobs:
-  block-unauthorized-edits:
-    name: Protect .github directory
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check for Human Approval
-        if: ${{ !contains(github.event.pull_request.labels.*.name, 'human-approved') }}
-        run: |
-          echo "🚨 Modifications in the .github/ directory detected."
-          echo "As a security measure, this repository blocks workflow edits by default."
-          echo "If you are an AI Agent, do not add the approval label yourself."
-          echo "If you are the human owner, please add the 'human-approved' label to this PR to allow merging."
-          exit 1

package/.agentic-pdlc/templates/.github/workflows/qa-agent.yml

@@ -1,128 +0,0 @@
-name: AI QA Agent
-on:
-  pull_request:
-    types: [opened, synchronize, reopened]
-
-permissions:
-  pull-requests: write
-  contents: read
-  issues: read
-  models: read
-
-jobs:
-  qa:
-    name: AC Coverage Verification (GitHub Models)
-    runs-on: ubuntu-latest
-    env:
-      PROJECT_PAT: ${{ secrets.PROJECT_PAT }}
-      PROJECT_ID: "{{PROJECT_ID}}"
-      STATUS_FIELD_ID: "{{STATUS_FIELD_ID}}"
-      STATUS_CODE_REVIEW_PR: "{{ID_CODE_REVIEW_PR}}"
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Verify AC Coverage via GitHub Models
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -e
-
-          PR_NUMBER="${{ github.event.pull_request.number }}"
-          BASE="${{ github.event.pull_request.base.sha }}"
-          HEAD="${{ github.event.pull_request.head.sha }}"
-
-          # Get PR diff (truncated to 8000 chars to stay within context limits)
-          DIFF=$(git diff "$BASE" "$HEAD" | head -c 64000)
-
-          # Extract linked issues from PR body
-          PR_BODY=$(gh pr view "$PR_NUMBER" --json body --jq '.body // ""')
-          ISSUE_NUMS=$(echo "$PR_BODY" | grep -oiE '(Closes?|Fixes?|Resolves?)\s+#([0-9]+)' | grep -oE '[0-9]+' || true)
-
-          # Build acceptance criteria context
-          AC_CONTEXT=""
-          if [ -n "$ISSUE_NUMS" ]; then
-            for NUM in $ISSUE_NUMS; do
-              ISSUE_BODY=$(gh issue view "$NUM" --json body --jq '.body // ""' 2>/dev/null || echo "")
-              AC_CONTEXT="${AC_CONTEXT}\\n\\n--- Issue #${NUM} ---\\n${ISSUE_BODY}"
-            done
-          fi
-
-          if [ -z "$AC_CONTEXT" ]; then
-            AC_CONTEXT="No linked issue found. Evaluate if the PR description is self-contained."
-          fi
-
-          # Serialize prompt as JSON string and call GitHub Models API (30s timeout)
-          PROMPT_JSON=$(printf '%s' "You are a senior QA engineer. Review whether this PR diff satisfies the Acceptance Criteria below.\n\nACCEPTANCE CRITERIA:\n${AC_CONTEXT}\n\nPR DIFF:\n${DIFF}\n\nFirst line of your response must be exactly one word: PASS or FAIL. Second line: brief explanation (max 3 sentences)." | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))')
-
-          RESPONSE=$(curl -sf -X POST \
-            "https://models.github.ai/inference/chat/completions" \
-            -H "Authorization: Bearer ${GITHUB_TOKEN}" \
-            -H "Content-Type: application/json" \
-            -d "{\"model\":\"gpt-4o-mini\",\"messages\":[{\"role\":\"user\",\"content\":${PROMPT_JSON}}]}" \
-            --max-time 30 || echo "API_ERROR")
-
-          if [ "$RESPONSE" = "API_ERROR" ]; then
-            GH_TOKEN="$PROJECT_PAT" gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" --method POST -f 'labels[]=infra:qa-broken'
-            gh pr comment "$PR_NUMBER" --body "🤖 **QA Agent:** Could not reach GitHub Models API. Manual review required."
-            exit 0
-          fi
-
-          VERDICT=$(echo "$RESPONSE" | python3 -c 'import json,sys,re; d=json.load(sys.stdin); t=d.get("choices",[{}])[0].get("message",{}).get("content","").strip(); first=t.split("\n")[0].upper() if t else ""; print("FAIL" if re.search(r"\bFAIL\b",first) else "PASS" if re.search(r"\bPASS\b",first) else "API_ERROR")')
-          EXPLANATION=$(echo "$RESPONSE" | python3 -c 'import json,sys; d=json.load(sys.stdin); t=d.get("choices",[{}])[0].get("message",{}).get("content","").strip(); lines=t.split("\n",1); print(lines[1].strip() if len(lines)>1 else "")')
-
-          if echo "$VERDICT" | grep -q "^PASS"; then
-            GH_TOKEN="$PROJECT_PAT" gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" --method POST -f 'labels[]=qa:approved'
-            gh pr comment "$PR_NUMBER" --body "🤖 **QA Agent:** AC coverage verified. ${EXPLANATION}"
-          elif echo "$VERDICT" | grep -q "^FAIL"; then
-            GH_TOKEN="$PROJECT_PAT" gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" --method POST -f 'labels[]=qa:needs-work'
-            gh pr comment "$PR_NUMBER" --body "🤖 **QA Agent:** AC coverage insufficient. ${EXPLANATION}"
-          else
-            GH_TOKEN="$PROJECT_PAT" gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" --method POST -f 'labels[]=infra:qa-broken'
-            gh pr comment "$PR_NUMBER" --body "🤖 **QA Agent:** Could not parse GitHub Models response. Manual review required."
-          fi
-
-      - name: Move board card to Code Review on qa:approved
-        if: ${{ env.PROJECT_PAT != '' && env.PROJECT_ID != '{{PROJECT_ID}}' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ env.PROJECT_PAT }}
-          script: |
-            const prNumber = context.payload.pull_request.number;
-            const { owner, repo } = context.repo;
-
-            const { data: pr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber });
-            if (!pr.labels.some(l => l.name === 'qa:approved')) {
-              console.log('qa:approved not on PR — skipping board move');
-              return;
-            }
-
-            const body = pr.body ?? '';
-            const linkedIssues = [...body.matchAll(/(?:Closes?|Fixes?|Resolves?)\s+#(\d+)/gi)]
-              .map(m => parseInt(m[1]));
-
-            const moveItem = async (nodeId) => {
-              const { addProjectV2ItemById: { item } } = await github.graphql(`
-                mutation($p: ID!, $c: ID!) {
-                  addProjectV2ItemById(input: {projectId: $p, contentId: $c}) { item { id } }
-                }`, { p: process.env.PROJECT_ID, c: nodeId });
-              await github.graphql(`
-                mutation($p: ID!, $i: ID!, $f: ID!, $v: ProjectV2FieldValue!) {
-                  updateProjectV2ItemFieldValue(input: {projectId: $p, itemId: $i, fieldId: $f, value: $v}) {
-                    projectV2Item { id }
-                  }
-                }`, { p: process.env.PROJECT_ID, i: item.id, f: process.env.STATUS_FIELD_ID,
-                     v: { singleSelectOptionId: process.env.STATUS_CODE_REVIEW_PR } });
-            };
-
-            if (linkedIssues.length > 0) {
-              for (const n of linkedIssues) {
-                const { data: issue } = await github.rest.issues.get({ owner, repo, issue_number: n });
-                await moveItem(issue.node_id);
-                console.log(`Issue #${n} → Code Review / PR`);
-              }
-            } else {
-              await moveItem(pr.node_id);
-              console.log(`PR #${prNumber} → Code Review / PR (no linked issue)`);
-            }