feat(workflows): scope README regen and enforce reviewer ordering

[ashleyshaw]

Summary

• implement scoped README regeneration workflow with changed-path targeting and concurrency guard (#67)
• enforce CodeRabbit-success gate before reviewer job execution (#69)
• codify orphan-label exception policy and treat protected labels as allowed extras in label validation (#95)

Changes

#67 README regeneration scope/concurrency

• added .github/workflows/readme-regen.yml
  • scoped triggers for markdown/workflow/agent/instruction changes
  • computes impacted README paths from git diff
  • processes only impacted README files via meta.agent --files
  • uses workflow concurrency guard: readme-regen-${{ github.ref }}
• updated .github/workflows/meta.yml
  • set META_SKIP_README=true for meta-agent run to avoid duplicate/conflicting README writes
• updated scripts/agents/meta.agent.js
  • added --files support for targeted processing
  • added META_SKIP_README handling

#69 CodeRabbit-before-reviewer enforcement

• updated .github/workflows/reviewer.yml
  • added coderabbit-gate job that waits for CodeRabbit status context success on PR head SHA
  • blocks reviewer execution on CodeRabbit failure/timeout
  • reviewer now depends on gate result for PR events
  • added workflow concurrency control

#95 orphan-label policy disposition

• updated .github/label-governance-policy.yml
  • documented accepted repository-specific orphan-label exception set under never_delete_labels
• updated scripts/agents/includes/label-sync.js
  • validation now treats policy-protected labels as allowed extras
  • report now includes Allowed extra count
• updated docs/ISSUE_LABELS.md
  • documented policy controls for destructive cleanup and accepted exceptions

Validation

• npx eslint scripts/agents/meta.agent.js scripts/agents/includes/label-sync.js
• npx markdownlint-cli2 docs/ISSUE_LABELS.md
• npx spectral lint .github/workflows/reviewer.yml .github/workflows/readme-regen.yml .github/workflows/meta.yml --ruleset .spectral-workflows.cjs
• node scripts/validation/validate-labeling-configs.cjs
• node scripts/validation/validate-workflows.js

Links

• Epic: [Epic] Label governance stabilisation and automation hardening #449
• Issues: 🏷️ Orphan Labels Detected (30) #95, [Workflows] Scope README regen to changed paths with concurrency guard #67, [Workflows] Enforce CodeRabbit before Copilot on PRs #69

[coderabbitai]

Warning

Review limit reached

@ashleyshaw, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 23 minutes and 27 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: b796d7b9-ed51-4ea8-adc1-45ec3f4256f7

📥 Commits

Reviewing files that changed from the base of the PR and between 411bf2f and afd4c4e.

📒 Files selected for processing (7)

• .github/label-governance-policy.yml
• .github/workflows/meta.yml
• .github/workflows/readme-regen.yml
• .github/workflows/reviewer.yml
• docs/ISSUE_LABELS.md
• scripts/agents/includes/label-sync.js
• scripts/agents/meta.agent.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/449-closeout

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces changes to the label governance policy, updates documentation regarding orphan-label cleanup, and refactors the label synchronization and meta agent scripts. The updates allow specifying allowed extra labels during synchronization and processing explicit file lists in the meta agent. The review feedback highlights two robustness issues in scripts/agents/meta.agent.js: first, missing files in the explicit file list can cause the script to crash with an ENOENT error; second, CLI argument parsing for the --files flag can mistakenly consume subsequent flags (like --verbose) as file paths if no value is provided.

[gemini-code-assist]

If any of the explicitly provided file paths in explicitFiles do not exist (e.g., due to a typo or a deleted file in a pull request), fs.readFileSync will throw an ENOENT error and crash the entire script. Since processAllMarkdownFiles does not catch errors per file, this prevents any other files from being processed.

Filtering explicitFiles to only include existing files (and logging a warning for missing ones) prevents fatal crashes and improves the robustness of the workflow.

  const files =
    Array.isArray(explicitFiles) && explicitFiles.length > 0
      ? explicitFiles.filter((f) => {
          const exists = fs.existsSync(f);
          if (!exists) {
            console.warn('[meta-agent] Warning: Explicit file not found: ' + f);
          }
          return exists;
        })
      : globSync(pattern, {
          cwd: process.cwd(),
          ignore: ['node_modules/**', '.git/**', '**/node_modules/**'],
        });

[gemini-code-assist]

If the --files flag is passed without a value or is immediately followed by another flag (e.g., node meta.agent.js --files --verbose), the current argument parsing logic will treat the next flag (e.g., --verbose) as the comma-separated list of files. This will cause the script to attempt to process --verbose as a file path and crash.

Adding a check to ensure the next argument does not start with - prevents flags from being incorrectly parsed as file names.

Suggested change

	const filesArgIndex = process.argv.findIndex((arg) => arg === "--files");
	const fileList =
	filesArgIndex > -1 && process.argv[filesArgIndex + 1]
	? process.argv[filesArgIndex + 1]
	.split(",")
	.map((f) => f.trim())
	.filter(Boolean)
	: [];
	const filesArgIndex = process.argv.findIndex((arg) => arg === '--files');
	const nextArg = filesArgIndex > -1 ? process.argv[filesArgIndex + 1] : undefined;
	const fileList =
	nextArg && !nextArg.startsWith('-')
	? nextArg
	.split(',')
	.map((f) => f.trim())
	.filter(Boolean)
	: [];

[github-actions]

🔍 Reviewer Summary for PR #452

CI Status: ✅ success
Files changed: 7

Recommendations

• Ready to proceed pending human review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: afd4c4ed5d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restrict README commit to README paths

On push events where this workflow finds any impacted README, meta.agent.js --files ... still rewrites .github/metrics/meta-metrics.json with a fresh timestamp on every run, even when the README content is unchanged. Because this step stages the whole worktree with git add -A, the workflow will create noisy chore(readme) commits containing metrics or any other incidental generated files instead of only README updates; stage only the resolved README paths or suppress metrics for this workflow.

Useful? React with 👍 / 👎.