chore: update fullsend shim workflow

[fullsend-ai-fullsend]

This PR updates the fullsend shim workflow to match the current template in the .fullsend config repo.

The shim content has drifted from the template — this brings it back in sync.

[fullsend-ai-review]

Review: #696

Head SHA: 3e90534
Timestamp: 2026-05-06T00:00:00Z
Outcome: approve

Summary

This PR adds a /stop-fix command to the fullsend shim workflow, allowing authorized users to disable automatic bot-triggered fix agent runs on a PR by applying a fullsend-no-fix label. The implementation is clean: the label guard on dispatch-fix-bot correctly prevents auto-fix when the label is present, the new dispatch-stop-fix job handles authorization appropriately, and all user-controllable values are safely passed through environment variables (no script injection vectors). The authorization scope for /stop-fix is intentionally broader than /fix (includes CONTRIBUTOR and PR author) since it is a defensive action that stops automation rather than triggering it. No correctness, security, or injection concerns were found.

Findings

Info

• [style] .github/workflows/fullsend.yaml:344 — gh label create with --force 2>/dev/null || true is redundant — --force already handles the "label exists" case without error. The 2>/dev/null || true suffix is harmless but unnecessary.

Footer

Outcome: approve
This review applies to SHA 3e90534ef46fa68d8b9a3bfc24ffd2321ae49692. Any push to the PR head clears this review and requires a new evaluation.

---

Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

• .github/workflows/fullsend.yaml

Previous run

Review: #696

Head SHA: 4c691e2
Timestamp: 2026-05-06T00:00:00Z
Outcome: comment-only

Summary

This PR replaces the dispatch-gh-classify job (auto-classify on issue open) with a new /stop-fix command that lets authorized users disable the bot-triggered fix agent on a PR by adding a fullsend-no-fix label. It also adds a corresponding label guard to dispatch-fix-bot. The changes are internally consistent and free of injection or content security concerns. One medium finding: the /stop-fix authorization includes CONTRIBUTOR association, which is more permissive than the /fix command and should be verified as intentional.

Findings

Medium

• [auth-scope] .github/workflows/fullsend.yaml:290 — The /stop-fix command allows CONTRIBUTOR association (anyone who has had a PR merged), while the /fix command only allows OWNER, MEMBER, and COLLABORATOR. This means users without write access can disable the fix agent on any PR in the repo. If this broader scope is intentional, consider adding a code comment explaining why. If not, remove CONTRIBUTOR from the allowed associations to match /fix.

Low

• [naming-convention] .github/workflows/fullsend.yaml:280 — Job is named dispatch-stop-fix but does not dispatch to the .fullsend repo like all other dispatch-* jobs. It handles the action locally (label creation, PR edit, PR comment). Consider renaming to stop-fix for consistency with the naming pattern.

Info

• [style-consistency] .github/workflows/fullsend.yaml:283 — The /stop-fix command uses exact match (== '/stop-fix') while other commands (/triage, /code, /fix, /review) also accept space-delimited args and newline body variants via startsWith. Likely intentional since /stop-fix takes no arguments, but a brief code comment would help future maintainers.

• [unused-permissions] .github/workflows/fullsend.yaml:293-295 — The job-level permissions block grants issues: write and pull-requests: write to the GITHUB_TOKEN, but all operations use FULLSEND_DISPATCH_TOKEN instead. The permissions block has no practical effect. Consider removing it to avoid confusion, or switching the step to use GITHUB_TOKEN if the dispatch token's broader scope is not needed for these same-repo operations.

Footer

Outcome: comment-only
This review applies to SHA 4c691e2b164f3e0fad8523f736b610471ce6a214. Any push to the PR head clears this review and requires a new evaluation.