[instructions] Sync instruction files: client-id preferred, Serena migration

.github/aw/github-mcp-server.md

@@ -34,8 +34,9 @@ tools:
   github:
     toolsets: [default]     # or specific toolsets
     # Optional: GitHub App authentication
-    app-id: ${{ vars.APP_ID }}
-    private-key: ${{ secrets.APP_PRIVATE_KEY }}
+    github-app:
+      client-id: ${{ vars.APP_ID }}
+      private-key: ${{ secrets.APP_PRIVATE_KEY }}
 ```
 
 > ⚠️ **Do NOT use `mode: remote`** in GitHub Actions workflows. Remote mode does not work with the GitHub Actions token (`GITHUB_TOKEN`) — it requires a special PAT or GitHub App token with MCP access. The default `mode: local` (Docker-based) works with `GITHUB_TOKEN` and should always be used.

.github/aw/safe-outputs.md

@@ -948,7 +948,7 @@ Fields that influence permission computation (`add-comment.discussions`, `create
 - `github-app:` - GitHub App credentials for minting installation access tokens (object)
   - When configured, generates a token from the app and uses it for all safe output operations (alternative to `github-token`)
   - Fields:
-    - `app-id:` - GitHub App ID (required, e.g., `${{ vars.APP_ID }}`)
+    - `client-id:` - GitHub App client ID (required, e.g., `${{ vars.APP_ID }}`). Use `app-id:` for legacy compatibility.
     - `private-key:` - GitHub App private key (required, e.g., `${{ secrets.APP_PRIVATE_KEY }}`)
     - `owner:` - Optional App installation owner (defaults to current repository owner)
     - `repositories:` - Optional list of repositories to grant access to
@@ -957,7 +957,7 @@ Fields that influence permission computation (`add-comment.discussions`, `create
     ```yaml
     safe-outputs:
       github-app:
-        app-id: ${{ vars.APP_ID }}
+        client-id: ${{ vars.APP_ID }}
         private-key: ${{ secrets.APP_PRIVATE_KEY }}
       create-issue:
     ```

.github/aw/serena-tool.md

@@ -22,17 +22,21 @@ Serena is a **language service protocol (LSP) MCP server** for semantic code ana
 
 ## Configuration
 
-Add to workflow frontmatter:
+Import the shared Serena workflow via the `imports:` field — `tools.serena` has been removed:
 
 ```yaml
-tools:
-  serena: ["go"]  # Specify language(s): go, typescript, python, ruby, rust, java, cpp, csharp
+imports:
+  - uses: shared/mcp/serena.md
+    with:
+      languages: ["go"]  # Specify language(s): go, typescript, python, ruby, rust, java, cpp, csharp
 ```
 
 Multi-language repositories:
 ```yaml
-tools:
-  serena: ["go", "typescript"]  # First language is default fallback
+imports:
+  - uses: shared/mcp/serena.md
+    with:
+      languages: ["go", "typescript"]  # First language is default fallback
 ```
 
 ## Available Serena Tools
@@ -78,8 +82,11 @@ tools:
 **Best practice**: Use bash for discovery, Serena for analysis
 
 ```yaml
+imports:
+  - uses: shared/mcp/serena.md
+    with:
+      languages: ["go"]
 tools:
-  serena: ["go"]
   bash:
     - "find pkg -name '*.go' ! -name '*_test.go'"
     - "cat go.mod"
@@ -97,9 +104,11 @@ tools:
 Track analysis state across runs:
 
 ```yaml
-tools:
-  serena: ["go"]
-  cache-memory: true  # Store analysis history
+imports:
+  - uses: shared/mcp/serena.md
+    with:
+      languages: ["go"]
+cache-memory: true  # Store analysis history
 ```
 
 Load cache → Analyze new/changed files → Save results → Avoid redundant work

.github/aw/syntax.md

@@ -79,7 +79,7 @@ The YAML frontmatter supports these fields:
     - Mints a single installation access token shared across reactions, status comments, and skip-if queries
     - Can be defined in a shared agentic workflow and inherited by importing workflows
     - Fields:
-      - `app-id:` - GitHub App ID (required, e.g., `${{ vars.APP_ID }}`)
+      - `client-id:` - GitHub App client ID (required, e.g., `${{ vars.APP_ID }}`). Use `app-id:` for legacy compatibility.
       - `private-key:` - GitHub App private key (required, e.g., `${{ secrets.APP_PRIVATE_KEY }}`)
       - `owner:` - Optional installation owner (defaults to current repository owner)
       - `repositories:` - Optional list of repositories to grant access to
@@ -90,7 +90,7 @@ The YAML frontmatter supports these fields:
         issues:
           types: [opened]
         github-app:
-          app-id: ${{ vars.APP_ID }}
+          client-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
       ```
 
@@ -487,7 +487,7 @@ The YAML frontmatter supports these fields:
     - `github-token:` - Custom GitHub token
     - `lockdown:` - Enable lockdown mode to limit content surfaced from public repositories to items authored by users with push access (boolean, default: false)
     - `github-app:` - GitHub App configuration for token minting; when set, mints an installation access token at workflow start that overrides `github-token`
-      - `app-id:` - GitHub App ID (required, e.g., `${{ vars.APP_ID }}`)
+      - `client-id:` - GitHub App client ID (required, e.g., `${{ vars.APP_ID }}`). Use `app-id:` for legacy compatibility.
       - `private-key:` - GitHub App private key (required, e.g., `${{ secrets.APP_PRIVATE_KEY }}`)
       - `owner:` - Optional installation owner (defaults to current repository owner)
       - `repositories:` - Optional list of repositories to grant access to (array)