chore: publish from main

2026-06-25 17:00:20 +00:00 · 2026-06-25 04:39:24 +00:00
parent ffab45c53e
commit 76cf2f5776
32 changed files with 713 additions and 128 deletions
@@ -7,7 +7,7 @@
 - [ ] The content is clearly structured and follows the example format.
 - [ ] I have tested my instructions, prompt, agent, skill, workflow, or canvas extension with GitHub Copilot.
 - [ ] I have run `npm start` and verified that `README.md` is up to date.
- [ ] I am targeting the `staged` branch for this pull request.
+- [ ] I am targeting the `main` branch for this pull request.
 ---
@@ -0,0 +1,614 @@
 # This file was automatically generated by pkg/workflow/maintenance_workflow.go (v0.80.9). DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md
 #
 #    ___                   _   _      
 #   / _ \                 | | (_)     
 #  | |_| | __ _  ___ _ __ | |_ _  ___ 
 #  |  _  |/ _` |/ _ \ '_ \| __| |/ __|
 #  | | | | (_| |  __/ | | | |_| | (__ 
 #  \_| |_/\__, |\___|_| |_|\__|_|\___|
 #          __/ |
 #  _    _ |___/ 
 # | |  | |                / _| |
 # | |  | | ___ _ __ _  __| |_| | _____      ____
 # | |/\| |/ _ \ '__| |/ /|  _| |/ _ \ \ /\ / / ___|
 # \  /\  / (_) | | | | ( | | | | (_) \ V  V /\__ \
 #  \/  \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/
 #
 #
 # To regenerate this workflow, run:
 #   gh aw compile
 # Not all edits will cause changes to this file.
 #
 # For more information: https://github.github.com/gh-aw/introduction/overview/
 #
 # This file defines the generated agentic maintenance workflow for this repository.
 # It runs scheduled cleanup for expiring safe outputs and supports manual maintenance operations.
 # 
 # This workflow is generated automatically when workflows use expiring safe outputs
 # or when repository maintenance features are enabled in .github/workflows/aw.json.
 # 
 # To disable maintenance workflow generation, set in .github/workflows/aw.json:
 # {"maintenance": false}
 # 
 # Agentic maintenance docs:
 # https://github.github.com/gh-aw/reference/ephemerals/#manual-maintenance-operations
 #
 name: Agentic Maintenance
 on:
  schedule:
    - cron: "37 0 * * *"  # Daily (based on minimum expires: 30 days)
  workflow_dispatch:
    inputs:
      operation:
        description: 'Optional maintenance operation to run'
        required: false
        type: choice
        default: ''
        options:
          - ''
          - 'disable'
          - 'enable'
          - 'update'
          - 'upgrade'
          - 'safe_outputs'
          - 'create_labels'
          - 'activity_report'
          - 'close_agentic_workflows_issues'
          - 'clean_cache_memories'
          - 'update_pull_request_branches'
          - 'validate'
          - 'forecast'
      run_url:
        description: 'Run URL or run ID to replay safe outputs from (e.g. https://github.com/owner/repo/actions/runs/12345 or 12345). Required when operation is safe_outputs.'
        required: false
        type: string
        default: ''
  workflow_call:
    inputs:
      operation:
        description: 'Optional maintenance operation to run (disable, enable, update, upgrade, safe_outputs, create_labels, activity_report, close_agentic_workflows_issues, clean_cache_memories, update_pull_request_branches, validate, forecast)'
        required: false
        type: string
        default: ''
      run_url:
        description: 'Run URL or run ID to replay safe outputs from (e.g. https://github.com/owner/repo/actions/runs/12345 or 12345). Required when operation is safe_outputs.'
        required: false
        type: string
        default: ''
    outputs:
      operation_completed:
        description: 'The maintenance operation that was completed (empty when none ran or a scheduled job ran)'
        value: ${{ jobs.run_operation.outputs.operation || inputs.operation }}
      applied_run_url:
        description: 'The run URL that safe outputs were applied from'
        value: ${{ jobs.apply_safe_outputs.outputs.run_url }}
 permissions: {}
 jobs:
  close-expired-entities:
    if: ${{ (!(github.event.repository.fork)) && github.event_name != 'push' && (github.event_name != 'workflow_dispatch' && github.event_name != 'workflow_call' || inputs.operation == '') }}
    runs-on: ubuntu-slim
    permissions:
      discussions: write
      issues: write
      pull-requests: write
    steps:
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Close expired discussions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/close_expired_discussions.cjs');
            await main();
      - name: Close expired issues
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/close_expired_issues.cjs');
            await main();
      - name: Close expired pull requests
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/close_expired_pull_requests.cjs');
            await main();
  cleanup-cache-memory:
    if: ${{ (!(github.event.repository.fork)) && github.event_name != 'push' && (github.event_name != 'workflow_dispatch' && github.event_name != 'workflow_call' || inputs.operation == '' || inputs.operation == 'clean_cache_memories') }}
    runs-on: ubuntu-slim
    permissions:
      actions: write
    steps:
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Cleanup outdated cache-memory entries
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/cleanup_cache_memory.cjs');
            await main();
  run_operation:
    if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation != '' && inputs.operation != 'safe_outputs' && inputs.operation != 'create_labels' && inputs.operation != 'activity_report' && inputs.operation != 'close_agentic_workflows_issues' && inputs.operation != 'clean_cache_memories' && inputs.operation != 'update_pull_request_branches' && inputs.operation != 'validate' && inputs.operation != 'forecast' && (!(github.event.repository.fork)) }}
    runs-on: ubuntu-slim
    permissions:
      actions: write
      contents: write
      pull-requests: write
    outputs:
      operation: ${{ steps.record.outputs.operation }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
        with:
          persist-credentials: false
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Check admin/maintainer permissions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
            await main();
      - name: Install gh-aw
        uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          version: v0.80.9
      - name: Run operation
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GH_AW_OPERATION: ${{ inputs.operation }}
          GH_AW_CMD_PREFIX: gh aw
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/run_operation_update_upgrade.cjs');
            await main();
      - name: Record outputs
        id: record
        env:
          GH_AW_OPERATION: ${{ inputs.operation }}
        run: echo "operation=$GH_AW_OPERATION" >> "$GITHUB_OUTPUT"
  update_pull_request_branches:
    if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'update_pull_request_branches' && (!(github.event.repository.fork)) }}
    runs-on: ubuntu-slim
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Check admin/maintainer permissions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
            await main();
      - name: Update pull request branches
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/update_pull_request_branches.cjs');
            await main();
  apply_safe_outputs:
    if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'safe_outputs' && (!(github.event.repository.fork)) }}
    runs-on: ubuntu-slim
    permissions:
      actions: read
      contents: write
      discussions: write
      issues: write
      pull-requests: write
    outputs:
      run_url: ${{ steps.record.outputs.run_url }}
    steps:
      - name: Checkout actions folder
        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
        with:
          sparse-checkout: |
            actions
          persist-credentials: false
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Check admin/maintainer permissions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
            await main();
      - name: Apply Safe Outputs
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GH_AW_RUN_URL: ${{ inputs.run_url }}
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/apply_safe_outputs_replay.cjs');
            await main();
      - name: Record outputs
        id: record
        env:
          GH_AW_RUN_URL: ${{ inputs.run_url }}
        run: echo "run_url=$GH_AW_RUN_URL" >> "$GITHUB_OUTPUT"
  create_labels:
    if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'create_labels' && (!(github.event.repository.fork)) }}
    runs-on: ubuntu-slim
    permissions:
      contents: read
      issues: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
        with:
          persist-credentials: false
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Check admin/maintainer permissions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
            await main();
      - name: Install gh-aw
        uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          version: v0.80.9
      - name: Create missing labels
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        env:
          GH_AW_CMD_PREFIX: gh aw
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/create_labels.cjs');
            await main();
  activity_report:
    if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'activity_report' && (!(github.event.repository.fork)) }}
    runs-on: ubuntu-slim
    timeout-minutes: 120
    permissions:
      actions: read
      contents: read
      issues: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
        with:
          persist-credentials: false
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Check admin/maintainer permissions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
            await main();
      - name: Install gh-aw
        uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          version: v0.80.9
      - name: Restore activity report logs cache
        id: activity_report_logs_cache
        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
          path: ./.cache/gh-aw/activity-report-logs
          key: ${{ runner.os }}-activity-report-logs-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_id }}
          restore-keys: |
            ${{ runner.os }}-activity-report-logs-${{ github.repository }}-
            ${{ runner.os }}-activity-report-logs-
      - name: Download activity report logs
        timeout-minutes: 20
        shell: bash
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GH_AW_CMD_PREFIX: gh aw
        run: |
          ${GH_AW_CMD_PREFIX} logs \
            --repo "${{ github.repository }}" \
            --start-date -1w \
            --count 500 \
            --output ./.cache/gh-aw/activity-report-logs \
            --format markdown \
            --report-file ./.cache/gh-aw/activity-report-logs/report.md
      - name: Save activity report logs cache
        if: ${{ always() }}
        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
          path: ./.cache/gh-aw/activity-report-logs
          key: ${{ steps.activity_report_logs_cache.outputs.cache-primary-key }}
      - name: Generate activity report issue
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const fs = require('node:fs');
            const reportPath = './.cache/gh-aw/activity-report-logs/report.md';
            if (!fs.existsSync(reportPath)) {
              core.warning('Activity report markdown not found at ' + reportPath + '; skipping issue creation.');
              return;
            }
            let reportBody = '';
            try {
              reportBody = fs.readFileSync(reportPath, 'utf8').trim();
            } catch (error) {
              core.warning('Failed to read activity report markdown at ' + reportPath + ': ' + error.message);
              return;
            }
            if (!reportBody) {
              core.warning('Activity report markdown is empty at ' + reportPath + '; skipping issue creation.');
              return;
            }
            const repoSlug = context.repo.owner + '/' + context.repo.repo;
            const body = [
              '### Agentic workflow activity report',
              '',
              'Repository: ' + repoSlug,
              'Generated at: ' + new Date().toISOString(),
              '',
              reportBody,
            ].join('\n');
            const createdIssue = await github.rest.issues.create({
              owner: context.repo.owner,
              repo: context.repo.repo,
              title: '[aw] agentic status report',
              body,
              labels: ['agentic-workflows'],
            });
            core.info('Created issue #' + createdIssue.data.number + ': ' + createdIssue.data.html_url);
  forecast_report:
    if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'forecast' && (!(github.event.repository.fork)) }}
    runs-on: ubuntu-slim
    timeout-minutes: 60
    permissions:
      actions: read
      contents: read
      issues: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
        with:
          persist-credentials: false
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Check admin/maintainer permissions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
            await main();
      - name: Install gh-aw
        uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          version: v0.80.9
      - name: Restore forecast report logs cache
        id: forecast_report_logs_cache
        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
          path: ./.github/aw/logs
          key: ${{ runner.os }}-forecast-report-logs-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_id }}
          restore-keys: |
            ${{ runner.os }}-forecast-report-logs-${{ github.repository }}-
            ${{ runner.os }}-forecast-report-logs-
      - name: Generate forecast report
        id: generate_forecast_report
        timeout-minutes: 30
        shell: bash
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          DEBUG: "*"
          GH_AW_CMD_PREFIX: gh aw
        run: |
          mkdir -p ./.cache/gh-aw/forecast
          set +e
          ${GH_AW_CMD_PREFIX} forecast --repo "${{ github.repository }}" --timeout 30 --verbose --json > ./.cache/gh-aw/forecast/report.json
          forecast_exit_code=$?
          set -e
          if [ "${forecast_exit_code}" -eq 124 ]; then
            echo '{"outcome":"timeout","message":"Forecast computation timed out after 30 minutes."}' > ./.cache/gh-aw/forecast/error.json
            echo "::error::Forecast computation timed out after 30 minutes."
            exit 1
          fi
          if [ "${forecast_exit_code}" -ne 0 ]; then
            echo '{"outcome":"error","message":"Forecast computation failed before producing a report."}' > ./.cache/gh-aw/forecast/error.json
            echo "::error::Forecast computation failed with exit code ${forecast_exit_code}."
            exit 1
          fi
      - name: Debug forecast logs folder
        if: ${{ always() }}
        shell: bash
        run: |
          if [ ! -d ./.github/aw/logs ]; then
            echo "Logs directory not found: ./.github/aw/logs"
            exit 0
          fi
          echo "Files under ./.github/aw/logs:"
          find ./.github/aw/logs -type f | sort
      - name: Save forecast report logs cache
        if: ${{ always() }}
        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
          path: ./.github/aw/logs
          key: ${{ runner.os }}-forecast-report-logs-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_id }}
      - name: Generate forecast issue
        if: ${{ always() }}
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        env:
          FORECAST_STEP_OUTCOME: ${{ steps.generate_forecast_report.outcome }}
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/create_forecast_issue.cjs');
            await main();
  close_agentic_workflows_issues:
    if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'close_agentic_workflows_issues' && (!(github.event.repository.fork)) }}
    runs-on: ubuntu-slim
    permissions:
      issues: write
    steps:
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Check admin/maintainer permissions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
            await main();
      - name: Close no-repro agentic-workflows issues
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/close_agentic_workflows_issues.cjs');
            await main();
  validate_workflows:
    if: ${{ (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call') && inputs.operation == 'validate' && (!(github.event.repository.fork)) }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
        with:
          persist-credentials: false
      - name: Setup Scripts
        uses: github/gh-aw-actions/setup@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          destination: ${{ runner.temp }}/gh-aw/actions
      - name: Check admin/maintainer permissions
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/check_team_member.cjs');
            await main();
      - name: Install gh-aw
        uses: github/gh-aw-actions/setup-cli@8c7d04ebf1ece56cd381446125da3e0f6896294a # v0.80.9
        with:
          version: v0.80.9
      - name: Validate workflows and file issue on findings
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        env:
          GH_AW_CMD_PREFIX: gh aw
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { setupGlobals } = require('${{ runner.temp }}/gh-aw/actions/setup_globals.cjs');
            setupGlobals(core, github, context, exec, io, getOctokit);
            const { main } = require('${{ runner.temp }}/gh-aw/actions/run_validate_workflows.cjs');
            await main();
@@ -2,7 +2,7 @@ name: Build Website
 on:
  pull_request:
-    branches: [staged]
+    branches: [main]
    paths:
      - website
      - agents
@@ -2,9 +2,9 @@ name: Check Line Endings
 on:
  push:
-    branches: [staged]
+    branches: [main]
  pull_request:
-    branches: [staged]
+    branches: [main]
 permissions:
  contents: read
@@ -2,7 +2,7 @@ name: Check Plugin Structure
 on:
  pull_request:
-    branches: [staged]
+    branches: [main]
    paths:
      - "plugins/**"
@@ -93,8 +93,8 @@ jobs:
                  if (files.length > 0) {
                    errors.push(
                      `${pluginPath}/${subdir}/ contains ${files.length} file(s): ${files.join(', ')}. ` +
-                      `Plugin directories on staged should only contain .github/plugin/plugin.json and README.md. ` +
+                      `Plugin directories on main should only contain .github/plugin/plugin.json and README.md. ` +
-                      `Agent, command, and skill files are materialized automatically during publish to main.`
+                      `Agent, command, and skill files are materialized automatically during publish to marketplace.`
                    );
                  }
                }
@@ -120,11 +120,11 @@ jobs:
              const body = [
                '⚠️ **Materialized files or symlinks detected in plugin directories**',
                '',
-                'Plugin directories on the `staged` branch should only contain:',
+                'Plugin directories on the `main` branch should only contain:',
                '- `.github/plugin/plugin.json` (metadata)',
                '- `README.md`',
                '',
-                'Agent, command, and skill files are copied in automatically when publishing to `main`.',
+                'Agent, command, and skill files are copied in automatically when publishing to `marketplace`.',
                '',
                '**Issues found:**',
                ...errors.map(e => `- ${e}`),
@@ -133,12 +133,12 @@ jobs:
                '',
                '### How to fix',
                '',
-                'It looks like your branch may be based on `main` (which contains materialized files). Here are two options:',
+                'It looks like your branch may include materialized plugin files that should not be on `main`. Here are two options:',
                '',
-                '**Option 1: Rebase onto `staged`** (recommended if you have few commits)',
+                '**Option 1: Rebase to drop materialized files** (recommended if you have few commits)',
                '```bash',
-                `git fetch origin staged`,
+                `git fetch origin main`,
-                `git rebase --onto origin/staged origin/main ${prBranch}`,
+                `git rebase --onto origin/main origin/main ${prBranch}`,
                `git push --force-with-lease`,
                '```',
                '',
@@ -179,7 +179,7 @@ jobs:
                core.warning(body);
              }
-              core.setFailed('Plugin directories contain materialized files or symlinks that should not be on staged');
+              core.setFailed('Plugin directories contain materialized files or symlinks that should not be on main');
            } else {
              console.log('✅ All plugin directories are clean');
            }
@@ -15,7 +15,7 @@ jobs:
  check-target:
    runs-on: ubuntu-latest
    steps:
-      - name: Reject PR targeting main
+      - name: Reject PR targeting staged
        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        with:
          script: |
@@ -39,16 +39,16 @@ jobs:
            const latestBotState = latestBotReview?.state;
-            if (pull.base.ref === 'main') {
+            if (pull.base.ref === 'staged') {
              if (latestBotState !== 'CHANGES_REQUESTED') {
                const requestChangesBody = [
-                  '⚠️ **This PR targets `main`, but PRs should target `staged`.**',
+                  '⚠️ **This PR targets `staged`, but PRs should target `main`.**',
                  '',
-                  'The `main` branch is auto-published from `staged` and should not receive direct PRs.',
+                  'The `staged` branch is no longer the contributor branch.',
-                  'Please close this PR and re-open it against the `staged` branch.',
+                  'Please change the base branch to `main`.',
                  '',
                  'You can change the base branch using the **Edit** button at the top of this PR,',
-                  'or run: `gh pr edit ${{ github.event.pull_request.number }} --base staged`'
+                  'or run: `gh pr edit ${{ github.event.pull_request.number }} --base main`'
                ].join('\n');
                await github.rest.pulls.createReview({
@@ -67,7 +67,7 @@ jobs:
              const approveBody = [
                '✅ Base branch is now set correctly.',
                '',
-                'Removing the prior block because this PR no longer targets `main`.'
+                'Removing the prior block because this PR no longer targets `staged`.'
              ].join('\n');
              await github.rest.pulls.createReview({
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"b256feb874346cc27a15b2e35925c0a556b4ca2ccc9176856d46a02436d36290","body_hash":"5c07a283ed8102cce7785f6bfce7172c19991f6005a2538a86547cb3f3ac2f9a","compiler_version":"v0.80.9","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.63"}}
+# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"0cca12f44308f56bb90c8bb5a2a0d30781200c5ea84188ee176a42fc36325e02","body_hash":"0b544aa6df7ccf92d28c3c515573894ba1ca9d2882c327c2ad4fb1e21644969e","compiler_version":"v0.80.9","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.63"}}
 # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0","version":"v7.0.0"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"8c7d04ebf1ece56cd381446125da3e0f6896294a","version":"v0.80.9"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.7","digest":"sha256:aae231e4635c8999d039c132f1602d3df850fe9b84a00aa2b5ac981179b5661c","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.7@sha256:aae231e4635c8999d039c132f1602d3df850fe9b84a00aa2b5ac981179b5661c"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.7","digest":"sha256:009caf2e3d88fa77b64e9a03a95a228fc58db0f1701c6d324b29ba5a3c7c79b6","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.7@sha256:009caf2e3d88fa77b64e9a03a95a228fc58db0f1701c6d324b29ba5a3c7c79b6"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.7","digest":"sha256:deb1d4e19de62d51cee0508057a596a19315c3423ada4d675cad136dc8037c96","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.7@sha256:deb1d4e19de62d51cee0508057a596a19315c3423ada4d675cad136dc8037c96"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.27","digest":"sha256:fe984bddde4ec05d756d9043edb0a32912e6b7b72f6a121b1082f29221421cc7","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.27@sha256:fe984bddde4ec05d756d9043edb0a32912e6b7b72f6a121b1082f29221421cc7"},{"image":"ghcr.io/github/gh-aw-node","digest":"sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b","pinned_image":"ghcr.io/github/gh-aw-node@sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b"},{"image":"ghcr.io/github/github-mcp-server:v1.4.0","digest":"sha256:2afb26356481d1a350e14544a6e160f7f7ec1561a1ea309b823665abf0309036","pinned_image":"ghcr.io/github/github-mcp-server:v1.4.0@sha256:2afb26356481d1a350e14544a6e160f7f7ec1561a1ea309b823665abf0309036"}]}
 # This file was automatically generated by gh-aw (v0.80.9). DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md
 #
@@ -524,9 +524,9 @@ jobs:
          mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
          mkdir -p /tmp/gh-aw/safeoutputs
          mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
-          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_8cf390c1a74d4407_EOF'
+          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_9860a40b73cea1ae_EOF'
-          {"create_pull_request":{"base_branch":"staged","labels":["automated-update","learning-hub","cli-for-beginners"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[bot] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
+          {"create_pull_request":{"base_branch":"main","labels":["automated-update","learning-hub","cli-for-beginners"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[bot] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
-          GH_AW_SAFE_OUTPUTS_CONFIG_8cf390c1a74d4407_EOF
+          GH_AW_SAFE_OUTPUTS_CONFIG_9860a40b73cea1ae_EOF
      - name: Generate Safe Outputs Tools
        env:
          GH_AW_TOOLS_META_JSON: |
@@ -1626,7 +1626,7 @@ jobs:
          GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com"
          GITHUB_SERVER_URL: ${{ github.server_url }}
          GITHUB_API_URL: ${{ github.api_url }}
-          GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request\":{\"base_branch\":\"staged\",\"labels\":[\"automated-update\",\"learning-hub\",\"cli-for-beginners\"],\"max\":1,\"max_patch_files\":100,\"max_patch_size\":4096,\"protect_top_level_dot_folders\":true,\"protected_files\":[\"package.json\",\"bun.lockb\",\"bunfig.toml\",\"deno.json\",\"deno.jsonc\",\"deno.lock\",\"global.json\",\"NuGet.Config\",\"Directory.Packages.props\",\"mix.exs\",\"mix.lock\",\"go.mod\",\"go.sum\",\"stack.yaml\",\"stack.yaml.lock\",\"pom.xml\",\"build.gradle\",\"build.gradle.kts\",\"settings.gradle\",\"settings.gradle.kts\",\"gradle.properties\",\"package-lock.json\",\"yarn.lock\",\"pnpm-lock.yaml\",\"npm-shrinkwrap.json\",\"requirements.txt\",\"Pipfile\",\"Pipfile.lock\",\"pyproject.toml\",\"setup.py\",\"setup.cfg\",\"Gemfile\",\"Gemfile.lock\",\"uv.lock\",\"CODEOWNERS\",\"DESIGN.md\",\"README.md\",\"CONTRIBUTING.md\",\"CHANGELOG.md\",\"SECURITY.md\",\"CODE_OF_CONDUCT.md\",\"AGENTS.md\",\"CLAUDE.md\",\"GEMINI.md\"],\"protected_files_policy\":\"request_review\",\"title_prefix\":\"[bot] \"},\"create_report_incomplete_issue\":{},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"},\"report_incomplete\":{}}"
+          GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request\":{\"base_branch\":\"main\",\"labels\":[\"automated-update\",\"learning-hub\",\"cli-for-beginners\"],\"max\":1,\"max_patch_files\":100,\"max_patch_size\":4096,\"protect_top_level_dot_folders\":true,\"protected_files\":[\"package.json\",\"bun.lockb\",\"bunfig.toml\",\"deno.json\",\"deno.jsonc\",\"deno.lock\",\"global.json\",\"NuGet.Config\",\"Directory.Packages.props\",\"mix.exs\",\"mix.lock\",\"go.mod\",\"go.sum\",\"stack.yaml\",\"stack.yaml.lock\",\"pom.xml\",\"build.gradle\",\"build.gradle.kts\",\"settings.gradle\",\"settings.gradle.kts\",\"gradle.properties\",\"package-lock.json\",\"yarn.lock\",\"pnpm-lock.yaml\",\"npm-shrinkwrap.json\",\"requirements.txt\",\"Pipfile\",\"Pipfile.lock\",\"pyproject.toml\",\"setup.py\",\"setup.cfg\",\"Gemfile\",\"Gemfile.lock\",\"uv.lock\",\"CODEOWNERS\",\"DESIGN.md\",\"README.md\",\"CONTRIBUTING.md\",\"CHANGELOG.md\",\"SECURITY.md\",\"CODE_OF_CONDUCT.md\",\"AGENTS.md\",\"CLAUDE.md\",\"GEMINI.md\"],\"protected_files_policy\":\"request_review\",\"title_prefix\":\"[bot] \"},\"create_report_incomplete_issue\":{},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"},\"report_incomplete\":{}}"
          GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }}
        with:
          github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
@@ -13,7 +13,7 @@ safe-outputs:
  create-pull-request:
    labels: [automated-update, learning-hub, cli-for-beginners]
    title-prefix: "[bot] "
-    base-branch: staged
+    base-branch: main
 ---
 # CLI for Beginners Content Sync
@@ -116,7 +116,7 @@ Before opening the PR, write an updated `cli-for-beginners-sync-state.json` to `
 ## Step 6 — Open a pull request
-Create a pull request with your changes using the `create-pull-request` safe output. Use `staged` as the base branch for all work related to this workflow, and never branch from `main`. The PR body must include:
+Create a pull request with your changes using the `create-pull-request` safe output. Use `main` as the base branch for all work related to this workflow. The PR body must include:
 1. **What changed upstream** — a concise summary of the commits and file changes found in `github/copilot-cli-for-beginners`
 2. **What was updated locally** — list each mirrored Learning Hub file or asset you edited and what changed
@@ -132,7 +132,7 @@ If there is nothing to change after your analysis, do **not** open a PR. Instead
 - Only edit `website/astro.config.mjs` or `website/src/content/docs/learning-hub/index.md` when upstream course structure or navigation truly requires it
 - Preserve existing frontmatter fields; only update `lastUpdated` and `description` if genuinely warranted
 - Keep the course source-faithful; avoid summaries or interpretive rewrites
- Use `staged` as the base branch for any branch or PR created by this workflow; never branch from `main`
+- Use `main` as the base branch for any branch or PR created by this workflow
 - Do not auto-merge; the PR is for human review
 - If you are uncertain whether an upstream change warrants a Learning Hub update, err on the side of creating the PR — a human reviewer can always decline
 - Always call either `create-pull-request` or `noop` at the end of your run so the workflow clearly signals its outcome
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"fb8e597be5c327d7095df52ed29ac0ec6ad15b0d678f464cacb29a57eb73d1cf","body_hash":"eb065f746018ba63fee97cb27ba43cb3cda501554d76b4595285214911bc9e10","compiler_version":"v0.80.9","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.63"}}
+# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"c8f83f27af87865de9d5f13d1ef53cae15edc5f32a942cc1d438dfb173a4aaac","body_hash":"408df128d7b2623572ab8c06638b472d7e270daff1eb81c82ca24bf609125c25","compiler_version":"v0.80.9","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.63"}}
 # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0","version":"v7.0.0"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"8c7d04ebf1ece56cd381446125da3e0f6896294a","version":"v0.80.9"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.7","digest":"sha256:aae231e4635c8999d039c132f1602d3df850fe9b84a00aa2b5ac981179b5661c","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.7@sha256:aae231e4635c8999d039c132f1602d3df850fe9b84a00aa2b5ac981179b5661c"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.7","digest":"sha256:009caf2e3d88fa77b64e9a03a95a228fc58db0f1701c6d324b29ba5a3c7c79b6","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.7@sha256:009caf2e3d88fa77b64e9a03a95a228fc58db0f1701c6d324b29ba5a3c7c79b6"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.7","digest":"sha256:deb1d4e19de62d51cee0508057a596a19315c3423ada4d675cad136dc8037c96","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.7@sha256:deb1d4e19de62d51cee0508057a596a19315c3423ada4d675cad136dc8037c96"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.27","digest":"sha256:fe984bddde4ec05d756d9043edb0a32912e6b7b72f6a121b1082f29221421cc7","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.27@sha256:fe984bddde4ec05d756d9043edb0a32912e6b7b72f6a121b1082f29221421cc7"},{"image":"ghcr.io/github/gh-aw-node","digest":"sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b","pinned_image":"ghcr.io/github/gh-aw-node@sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b"},{"image":"ghcr.io/github/github-mcp-server:v1.4.0","digest":"sha256:2afb26356481d1a350e14544a6e160f7f7ec1561a1ea309b823665abf0309036","pinned_image":"ghcr.io/github/github-mcp-server:v1.4.0@sha256:2afb26356481d1a350e14544a6e160f7f7ec1561a1ea309b823665abf0309036"}]}
 # This file was automatically generated by gh-aw (v0.80.9). DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md
 #
@@ -529,9 +529,9 @@ jobs:
          mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
          mkdir -p /tmp/gh-aw/safeoutputs
          mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
-          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_78b846dafc5848d5_EOF'
+          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_88a26329341c5fce_EOF'
-          {"add_comment":{"max":1},"create_pull_request":{"base_branch":"staged","draft":false,"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[codeowner] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
+          {"add_comment":{"max":1},"create_pull_request":{"base_branch":"main","draft":false,"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[codeowner] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
-          GH_AW_SAFE_OUTPUTS_CONFIG_78b846dafc5848d5_EOF
+          GH_AW_SAFE_OUTPUTS_CONFIG_88a26329341c5fce_EOF
      - name: Generate Safe Outputs Tools
        env:
          GH_AW_TOOLS_META_JSON: |
@@ -1671,7 +1671,7 @@ jobs:
          GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com"
          GITHUB_SERVER_URL: ${{ github.server_url }}
          GITHUB_API_URL: ${{ github.api_url }}
-          GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"max\":1},\"create_pull_request\":{\"base_branch\":\"staged\",\"draft\":false,\"max\":1,\"max_patch_files\":100,\"max_patch_size\":4096,\"protect_top_level_dot_folders\":true,\"protected_files\":[\"package.json\",\"bun.lockb\",\"bunfig.toml\",\"deno.json\",\"deno.jsonc\",\"deno.lock\",\"global.json\",\"NuGet.Config\",\"Directory.Packages.props\",\"mix.exs\",\"mix.lock\",\"go.mod\",\"go.sum\",\"stack.yaml\",\"stack.yaml.lock\",\"pom.xml\",\"build.gradle\",\"build.gradle.kts\",\"settings.gradle\",\"settings.gradle.kts\",\"gradle.properties\",\"package-lock.json\",\"yarn.lock\",\"pnpm-lock.yaml\",\"npm-shrinkwrap.json\",\"requirements.txt\",\"Pipfile\",\"Pipfile.lock\",\"pyproject.toml\",\"setup.py\",\"setup.cfg\",\"Gemfile\",\"Gemfile.lock\",\"uv.lock\",\"CODEOWNERS\",\"DESIGN.md\",\"README.md\",\"CONTRIBUTING.md\",\"CHANGELOG.md\",\"SECURITY.md\",\"CODE_OF_CONDUCT.md\",\"AGENTS.md\",\"CLAUDE.md\",\"GEMINI.md\"],\"protected_files_policy\":\"request_review\",\"title_prefix\":\"[codeowner] \"},\"create_report_incomplete_issue\":{},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"},\"report_incomplete\":{}}"
+          GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"add_comment\":{\"max\":1},\"create_pull_request\":{\"base_branch\":\"main\",\"draft\":false,\"max\":1,\"max_patch_files\":100,\"max_patch_size\":4096,\"protect_top_level_dot_folders\":true,\"protected_files\":[\"package.json\",\"bun.lockb\",\"bunfig.toml\",\"deno.json\",\"deno.jsonc\",\"deno.lock\",\"global.json\",\"NuGet.Config\",\"Directory.Packages.props\",\"mix.exs\",\"mix.lock\",\"go.mod\",\"go.sum\",\"stack.yaml\",\"stack.yaml.lock\",\"pom.xml\",\"build.gradle\",\"build.gradle.kts\",\"settings.gradle\",\"settings.gradle.kts\",\"gradle.properties\",\"package-lock.json\",\"yarn.lock\",\"pnpm-lock.yaml\",\"npm-shrinkwrap.json\",\"requirements.txt\",\"Pipfile\",\"Pipfile.lock\",\"pyproject.toml\",\"setup.py\",\"setup.cfg\",\"Gemfile\",\"Gemfile.lock\",\"uv.lock\",\"CODEOWNERS\",\"DESIGN.md\",\"README.md\",\"CONTRIBUTING.md\",\"CHANGELOG.md\",\"SECURITY.md\",\"CODE_OF_CONDUCT.md\",\"AGENTS.md\",\"CLAUDE.md\",\"GEMINI.md\"],\"protected_files_policy\":\"request_review\",\"title_prefix\":\"[codeowner] \"},\"create_report_incomplete_issue\":{},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"},\"report_incomplete\":{}}"
          GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }}
        with:
          github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
@@ -13,7 +13,7 @@ tools:
    toolsets: [default]
 safe-outputs:
  create-pull-request:
-    base-branch: staged
+    base-branch: main
    title-prefix: "[codeowner] "
    draft: false
  add-comment:
@@ -59,7 +59,7 @@ If **no files** match these directories, exit with a `noop` message: "No files i
 ### 4. Read the Current CODEOWNERS File
-Read the `CODEOWNERS` file from the root of the repository on the `staged` branch. Parse its existing entries so you can avoid creating duplicates.
+Read the `CODEOWNERS` file from the root of the repository on the `main` branch. Parse its existing entries so you can avoid creating duplicates.
 ### 5. Build the Updated CODEOWNERS File
@@ -2,9 +2,9 @@ name: Check Spelling
 on:
  push:
-    branches: [staged]
+    branches: [main]
  pull_request:
-    branches: [staged]
+    branches: [main]
 permissions:
  contents: read
@@ -17,7 +17,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
-          ref: staged
+          ref: main
      - name: Extract Node version from package.json
        id: node-version
@@ -75,7 +75,7 @@ jobs:
        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
-          base: staged
+          base: main
          commit-message: "docs: update contributors"
          title: "Update Contributors"
          body: |
@@ -23,10 +23,10 @@ jobs:
      !github.event.issue.pull_request &&
      (startsWith(github.event.comment.body, '/approve') || startsWith(github.event.comment.body, '/reject'))
    steps:
-      - name: Checkout staged branch
+      - name: Checkout main branch
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
          fetch-depth: 0
      - name: Setup Node.js
@@ -207,7 +207,7 @@ jobs:
          pr_url=""
          pr_number=""
          if git diff --quiet; then
-            pr_number=$(gh pr list --head "$branch" --base staged --json number --jq '.[0].number')
+            pr_number=$(gh pr list --head "$branch" --base main --json number --jq '.[0].number')
            if [ -n "$pr_number" ]; then
              pr_url=$(gh pr view "$pr_number" --json url --jq '.url')
            fi
@@ -227,7 +227,7 @@ jobs:
          git commit -m "${title_action} external plugin ${plugin_name}"
          git push --force-with-lease origin "$branch"
-          pr_number=$(gh pr list --head "$branch" --base staged --json number --jq '.[0].number')
+          pr_number=$(gh pr list --head "$branch" --base main --json number --jq '.[0].number')
          pr_body=$(cat <<EOF
          ## Summary
@@ -249,7 +249,7 @@ jobs:
            pr_url=$(gh pr view "$pr_number" --json url --jq '.url')
          else
            pr_url=$(gh pr create \
-              --base staged \
+              --base main \
              --head "$branch" \
              --title "[external-plugin] ${title_action} ${plugin_name}" \
              --body "$pr_body")
@@ -342,8 +342,8 @@ jobs:
              `- **Catalog action:** ${action}`,
              `- **Source repository:** \`${process.env.SOURCE_REPO}\``,
              prUrl
-                ? `- **PR against \`staged\`:** ${prUrl}`
+              ? `- **PR against \`main\`:** ${prUrl}`
-                : '- **PR against `staged`:** No new PR was needed because the approved listing is already present.'
+              : '- **PR against `main`:** No new PR was needed because the approved listing is already present.'
            ].join('\n');
            await syncIssueLabels(issueNumber, new Set(['external-plugin', 'approved']));
@@ -487,10 +487,10 @@ jobs:
      !github.event.issue.pull_request &&
      startsWith(github.event.comment.body, '/mark-ready-for-review')
    steps:
-      - name: Checkout staged branch
+      - name: Checkout main branch
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
      - name: Apply explicit ready-for-review override
        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
@@ -606,10 +606,10 @@ jobs:
      issue-state: ${{ steps.evaluate.outputs.issue-state }}
      issue-labels: ${{ steps.evaluate.outputs.issue-labels }}
    steps:
-      - name: Checkout staged branch
+      - name: Checkout main branch
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
      - name: Validate command and evaluate intake
        id: evaluate
@@ -716,10 +716,10 @@ jobs:
    needs: [rerun-intake-parse, rerun-intake-quality-gates]
    if: always() && needs.rerun-intake-parse.outputs.should-run == 'true'
    steps:
-      - name: Checkout staged branch
+      - name: Checkout main branch
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
      - name: Apply merged intake evaluation
        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
@@ -30,7 +30,7 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
      - name: Evaluate issue guard rails
        id: guard
@@ -86,7 +86,7 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
      - name: Merge evaluation and sync labels/comments
        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
@@ -2,7 +2,7 @@ name: External Plugin PR Quality Gates
 on:
  pull_request_target:
-    branches: [staged]
+    branches: [main]
    paths:
      - "plugins/external.json"
    types: [opened, synchronize, reopened, edited, ready_for_review]
@@ -80,10 +80,10 @@ jobs:
    outputs:
      quality-result: ${{ steps.quality.outputs.quality-result }}
    steps:
-      - name: Checkout staged branch
+      - name: Checkout main branch
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
          persist-credentials: false
          submodules: false
@@ -116,10 +116,10 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - name: Checkout staged branch
+      - name: Checkout main branch
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
      - name: Sync labels and PR status comment
        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
@@ -21,10 +21,10 @@ jobs:
    outputs:
      quality-result: ${{ steps.quality.outputs.quality-result }}
    steps:
-      - name: Checkout staged branch
+      - name: Checkout main branch
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
          persist-credentials: false
          submodules: false
@@ -20,10 +20,10 @@ jobs:
      !github.event.issue.pull_request &&
      contains(github.event.comment.body, '/re-review-')
    steps:
-      - name: Checkout staged branch
+      - name: Checkout main branch
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
        with:
-          ref: staged
+          ref: main
          fetch-depth: 0
      - name: Setup Node.js
@@ -226,7 +226,7 @@ jobs:
          git commit -m "Remove external plugin ${plugin_name} after six-month re-review"
          git push --force-with-lease origin "$branch"
-          pr_url=$(gh pr list --head "$branch" --base staged --json url --jq '.[0].url')
+          pr_url=$(gh pr list --head "$branch" --base main --json url --jq '.[0].url')
          if [ -z "$pr_url" ]; then
            pr_body=$(printf '%s\n' \
              '## Summary' \
@@ -235,7 +235,7 @@ jobs:
              '- regenerate marketplace outputs after the six-month re-review decision' \
              "- closes #${issue_number} review follow-up for this listing")
            pr_url=$(gh pr create \
-              --base staged \
+              --base main \
              --head "$branch" \
              --title "[external-plugin] Remove ${plugin_name} after re-review" \
              --body "$pr_body")
@@ -311,7 +311,7 @@ jobs:
                issue_number: context.issue.number,
                labels: ['re-review-due', 're-review-follow-up']
              });
-              body = `Opened the removal PR for **${pluginName}**: ${prUrl}. The issue remains approved and due for re-review until that removal lands in \`staged\`.`;
+              body = `Opened the removal PR for **${pluginName}**: ${prUrl}. The issue remains approved and due for re-review until that removal lands in \`main\`.`;
            }
            await github.rest.issues.createComment({
@@ -175,7 +175,7 @@ jobs:
              '',
              `- \`${rereview.REREVIEW_COMMANDS.keep}\` — renew the plugin for another six months`,
              `- \`${rereview.REREVIEW_COMMANDS.needsChanges}\` — keep the plugin in the due queue while follow-up work happens`,
-              `- \`${rereview.REREVIEW_COMMANDS.remove}\` — open or update a PR against \`staged\` that removes the plugin from the marketplace`,
+              `- \`${rereview.REREVIEW_COMMANDS.remove}\` — open or update a PR against \`main\` that removes the plugin from the marketplace`,
              '',
              `- **Threshold date used by this run:** ${formatDate(threshold.toISOString())}`,
              '',
@@ -1,4 +1,4 @@
-# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"10131e84d3179b567add14c2db8d9789d81b0234fd532d6e0b2d40b7d6869eb8","body_hash":"6920106416265ac54a301ae21308dd6564f48218f63902db69c2bf3c1c6837e1","compiler_version":"v0.80.9","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.63"}}
+# gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"395672dffe715b728f7b6b0b6d43397ec71c6b56c0b050f3c5bdd2491d7618a4","body_hash":"d1646d891ce854f6e674a56c71b0f1d5d7a0e236c1647d9ed85e33e16290bee5","compiler_version":"v0.80.9","strict":true,"agent_id":"copilot","engine_versions":{"copilot":"1.0.63"}}
 # gh-aw-manifest: {"version":1,"secrets":["COPILOT_GITHUB_TOKEN","GH_AW_CI_TRIGGER_TOKEN","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/cache/save","sha":"27d5ce7f107fe9357f9df03efb73ab90386fccae","version":"v5.0.5"},{"repo":"actions/checkout","sha":"9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0","version":"v7.0.0"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"github/gh-aw-actions/setup","sha":"8c7d04ebf1ece56cd381446125da3e0f6896294a","version":"v0.80.9"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.7","digest":"sha256:aae231e4635c8999d039c132f1602d3df850fe9b84a00aa2b5ac981179b5661c","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.7@sha256:aae231e4635c8999d039c132f1602d3df850fe9b84a00aa2b5ac981179b5661c"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.7","digest":"sha256:009caf2e3d88fa77b64e9a03a95a228fc58db0f1701c6d324b29ba5a3c7c79b6","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.7@sha256:009caf2e3d88fa77b64e9a03a95a228fc58db0f1701c6d324b29ba5a3c7c79b6"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.7","digest":"sha256:deb1d4e19de62d51cee0508057a596a19315c3423ada4d675cad136dc8037c96","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.7@sha256:deb1d4e19de62d51cee0508057a596a19315c3423ada4d675cad136dc8037c96"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.27","digest":"sha256:fe984bddde4ec05d756d9043edb0a32912e6b7b72f6a121b1082f29221421cc7","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.27@sha256:fe984bddde4ec05d756d9043edb0a32912e6b7b72f6a121b1082f29221421cc7"},{"image":"ghcr.io/github/gh-aw-node","digest":"sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b","pinned_image":"ghcr.io/github/gh-aw-node@sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b"},{"image":"ghcr.io/github/github-mcp-server:v1.4.0","digest":"sha256:2afb26356481d1a350e14544a6e160f7f7ec1561a1ea309b823665abf0309036","pinned_image":"ghcr.io/github/github-mcp-server:v1.4.0@sha256:2afb26356481d1a350e14544a6e160f7f7ec1561a1ea309b823665abf0309036"}]}
 # This file was automatically generated by gh-aw (v0.80.9). DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md
 #
@@ -499,9 +499,9 @@ jobs:
          mkdir -p "${RUNNER_TEMP}/gh-aw/safeoutputs"
          mkdir -p /tmp/gh-aw/safeoutputs
          mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
-          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_cb8888fbc6b26530_EOF'
+          cat > "${RUNNER_TEMP}/gh-aw/safeoutputs/config.json" << 'GH_AW_SAFE_OUTPUTS_CONFIG_bf105b7d2524f53f_EOF'
-          {"create_pull_request":{"base_branch":"staged","labels":["automated-update","copilot-updates"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[bot] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
+          {"create_pull_request":{"base_branch":"main","labels":["automated-update","copilot-updates"],"max":1,"max_patch_files":100,"max_patch_size":4096,"protect_top_level_dot_folders":true,"protected_files":["package.json","bun.lockb","bunfig.toml","deno.json","deno.jsonc","deno.lock","global.json","NuGet.Config","Directory.Packages.props","mix.exs","mix.lock","go.mod","go.sum","stack.yaml","stack.yaml.lock","pom.xml","build.gradle","build.gradle.kts","settings.gradle","settings.gradle.kts","gradle.properties","package-lock.json","yarn.lock","pnpm-lock.yaml","npm-shrinkwrap.json","requirements.txt","Pipfile","Pipfile.lock","pyproject.toml","setup.py","setup.cfg","Gemfile","Gemfile.lock","uv.lock","CODEOWNERS","DESIGN.md","README.md","CONTRIBUTING.md","CHANGELOG.md","SECURITY.md","CODE_OF_CONDUCT.md","AGENTS.md","CLAUDE.md","GEMINI.md"],"protected_files_policy":"request_review","title_prefix":"[bot] "},"create_report_incomplete_issue":{},"missing_data":{},"missing_tool":{},"noop":{"max":1,"report-as-issue":"true"},"report_incomplete":{}}
-          GH_AW_SAFE_OUTPUTS_CONFIG_cb8888fbc6b26530_EOF
+          GH_AW_SAFE_OUTPUTS_CONFIG_bf105b7d2524f53f_EOF
      - name: Generate Safe Outputs Tools
        env:
          GH_AW_TOOLS_META_JSON: |
@@ -1607,7 +1607,7 @@ jobs:
          GH_AW_ALLOWED_DOMAINS: "api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,code.visualstudio.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.blog,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,localhost,nishanil.github.io,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com"
          GITHUB_SERVER_URL: ${{ github.server_url }}
          GITHUB_API_URL: ${{ github.api_url }}
-          GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request\":{\"base_branch\":\"staged\",\"labels\":[\"automated-update\",\"copilot-updates\"],\"max\":1,\"max_patch_files\":100,\"max_patch_size\":4096,\"protect_top_level_dot_folders\":true,\"protected_files\":[\"package.json\",\"bun.lockb\",\"bunfig.toml\",\"deno.json\",\"deno.jsonc\",\"deno.lock\",\"global.json\",\"NuGet.Config\",\"Directory.Packages.props\",\"mix.exs\",\"mix.lock\",\"go.mod\",\"go.sum\",\"stack.yaml\",\"stack.yaml.lock\",\"pom.xml\",\"build.gradle\",\"build.gradle.kts\",\"settings.gradle\",\"settings.gradle.kts\",\"gradle.properties\",\"package-lock.json\",\"yarn.lock\",\"pnpm-lock.yaml\",\"npm-shrinkwrap.json\",\"requirements.txt\",\"Pipfile\",\"Pipfile.lock\",\"pyproject.toml\",\"setup.py\",\"setup.cfg\",\"Gemfile\",\"Gemfile.lock\",\"uv.lock\",\"CODEOWNERS\",\"DESIGN.md\",\"README.md\",\"CONTRIBUTING.md\",\"CHANGELOG.md\",\"SECURITY.md\",\"CODE_OF_CONDUCT.md\",\"AGENTS.md\",\"CLAUDE.md\",\"GEMINI.md\"],\"protected_files_policy\":\"request_review\",\"title_prefix\":\"[bot] \"},\"create_report_incomplete_issue\":{},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"},\"report_incomplete\":{}}"
+          GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG: "{\"create_pull_request\":{\"base_branch\":\"main\",\"labels\":[\"automated-update\",\"copilot-updates\"],\"max\":1,\"max_patch_files\":100,\"max_patch_size\":4096,\"protect_top_level_dot_folders\":true,\"protected_files\":[\"package.json\",\"bun.lockb\",\"bunfig.toml\",\"deno.json\",\"deno.jsonc\",\"deno.lock\",\"global.json\",\"NuGet.Config\",\"Directory.Packages.props\",\"mix.exs\",\"mix.lock\",\"go.mod\",\"go.sum\",\"stack.yaml\",\"stack.yaml.lock\",\"pom.xml\",\"build.gradle\",\"build.gradle.kts\",\"settings.gradle\",\"settings.gradle.kts\",\"gradle.properties\",\"package-lock.json\",\"yarn.lock\",\"pnpm-lock.yaml\",\"npm-shrinkwrap.json\",\"requirements.txt\",\"Pipfile\",\"Pipfile.lock\",\"pyproject.toml\",\"setup.py\",\"setup.cfg\",\"Gemfile\",\"Gemfile.lock\",\"uv.lock\",\"CODEOWNERS\",\"DESIGN.md\",\"README.md\",\"CONTRIBUTING.md\",\"CHANGELOG.md\",\"SECURITY.md\",\"CODE_OF_CONDUCT.md\",\"AGENTS.md\",\"CLAUDE.md\",\"GEMINI.md\"],\"protected_files_policy\":\"request_review\",\"title_prefix\":\"[bot] \"},\"create_report_incomplete_issue\":{},\"missing_data\":{},\"missing_tool\":{},\"noop\":{\"max\":1,\"report-as-issue\":\"true\"},\"report_incomplete\":{}}"
          GH_AW_CI_TRIGGER_TOKEN: ${{ secrets.GH_AW_CI_TRIGGER_TOKEN }}
        with:
          github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
@@ -20,7 +20,7 @@ safe-outputs:
  create-pull-request:
    labels: [automated-update, copilot-updates]
    title-prefix: "[bot] "
-    base-branch: staged
+    base-branch: main
 ---
 # Check for Awesome GitHub Copilot Updates
@@ -79,10 +79,10 @@ If the new information can be added to existing pages, edit those pages to inclu
 ## Step 4 — Open a pull request
-Create a pull request with your changes, using the `staged` branch as the base branch. The PR title should summarize what was updated (e.g., "Add/plan command and model marketplace documentation"). The PR body should list:
+Create a pull request with your changes, using the `main` branch as the base branch. The PR title should summarize what was updated (e.g., "Add/plan command and model marketplace documentation"). The PR body should list:
 1. What new features or changes were found
 2. What sections of the guide were updated
 3. Links to the source announcements
-The PR should target the `staged` branch and include the labels `automated-update` and `copilot-updates`.
+The PR should target the `main` branch and include the labels `automated-update` and `copilot-updates`.
@@ -2,7 +2,7 @@ name: PR Risk Scan — Gate
 on:
  pull_request:
-    branches: [staged]
+    branches: [main]
    types: [opened, synchronize, reopened]
    paths:
      - "skills/**"
@@ -2,11 +2,10 @@ name: Publish distribution branches
 on:
  push:
-    branches: [staged]
+    branches: [main]
 env:
-  SOURCE_BRANCH: staged
+  SOURCE_BRANCH: main
  LEGACY_PUBLISHED_BRANCH: main
  MARKETPLACE_BRANCH: marketplace
  WEBSITE_DEPLOY_REF: main
@@ -58,17 +57,12 @@ jobs:
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          snapshot_dir="$(mktemp -d)"
          main_worktree_dir="$(mktemp -d)"
          marketplace_worktree_dir="$(mktemp -d)"
          main_publish_ref="refs/heads/publish-${LEGACY_PUBLISHED_BRANCH}"
          marketplace_publish_ref="refs/heads/publish-${MARKETPLACE_BRANCH}"
          main_base_sha=""
          marketplace_base_sha=""
          cleanup() {
            git worktree remove --force "${main_worktree_dir}" 2>/dev/null || true
            git worktree remove --force "${marketplace_worktree_dir}" 2>/dev/null || true
            git update-ref -d "${main_publish_ref}" 2>/dev/null || true
            git update-ref -d "${marketplace_publish_ref}" 2>/dev/null || true
            rm -rf "${snapshot_dir}"
          }
@@ -83,10 +77,9 @@ jobs:
            local branch="$1"
            local worktree_dir="$2"
            local publish_ref="$3"
            local base_sha=""
            git fetch origin "${branch}"
-            base_sha="$(git rev-parse "origin/${branch}")"
+            marketplace_base_sha="$(git rev-parse "origin/${branch}")"
            git worktree add --force --detach "${worktree_dir}" "origin/${branch}"
            rsync -a --delete \
@@ -101,45 +94,22 @@ jobs:
              git commit -m "chore: publish from ${SOURCE_BRANCH}" --allow-empty
              git update-ref "${publish_ref}" HEAD
            )
            if [[ "${branch}" == "${LEGACY_PUBLISHED_BRANCH}" ]]; then
              main_base_sha="${base_sha}"
            elif [[ "${branch}" == "${MARKETPLACE_BRANCH}" ]]; then
              marketplace_base_sha="${base_sha}"
            fi
          }
          publish_branch "${LEGACY_PUBLISHED_BRANCH}" "${main_worktree_dir}" "${main_publish_ref}"
          publish_branch "${MARKETPLACE_BRANCH}" "${marketplace_worktree_dir}" "${marketplace_publish_ref}"
-          git fetch origin "${LEGACY_PUBLISHED_BRANCH}" "${MARKETPLACE_BRANCH}"
+          git fetch origin "${MARKETPLACE_BRANCH}"
          current_main_tip="$(git rev-parse "origin/${LEGACY_PUBLISHED_BRANCH}")"
          current_marketplace_tip="$(git rev-parse "origin/${MARKETPLACE_BRANCH}")"
          drift_detected=false
          if [[ "${current_main_tip}" != "${main_base_sha}" ]]; then
            echo "Remote branch tip changed: ${LEGACY_PUBLISHED_BRANCH} expected ${main_base_sha}, got ${current_main_tip}"
            drift_detected=true
          fi
          if [[ "${current_marketplace_tip}" != "${marketplace_base_sha}" ]]; then
            echo "Remote branch tip changed: ${MARKETPLACE_BRANCH} expected ${marketplace_base_sha}, got ${current_marketplace_tip}"
            drift_detected=true
          fi
          if [[ "${drift_detected}" == true ]]; then
            echo "Concurrent branch update detected during publish. Please rerun the publish workflow."
            exit 1
          fi
          git push origin --atomic \
            "${main_publish_ref}:${LEGACY_PUBLISHED_BRANCH}" \
            "${marketplace_publish_ref}:${MARKETPLACE_BRANCH}"
-          git fetch origin "${LEGACY_PUBLISHED_BRANCH}" "${MARKETPLACE_BRANCH}"
+          echo "Successfully published to ${MARKETPLACE_BRANCH}"
          if ! git diff --quiet "origin/${LEGACY_PUBLISHED_BRANCH}" "origin/${MARKETPLACE_BRANCH}"; then
            echo "Published branch mismatch detected between ${LEGACY_PUBLISHED_BRANCH} and ${MARKETPLACE_BRANCH}"
            git --no-pager diff --stat "origin/${LEGACY_PUBLISHED_BRANCH}" "origin/${MARKETPLACE_BRANCH}"
            exit 1
          fi
          echo "Verified published outputs are in sync across ${LEGACY_PUBLISHED_BRANCH} and ${MARKETPLACE_BRANCH}"
      - name: Dispatch website deployment
        run: gh workflow run deploy-website.yml --ref "${WEBSITE_DEPLOY_REF}"
@@ -18,7 +18,7 @@ jobs:
              // Intent labels for PR categorization
              'targets-main': {
                color: 'B60205',
-                description: 'PR targets main instead of staged'
+                description: 'PR targets staged instead of main'
              },
              'branched-main': {
                color: 'D93F0B',
@@ -2,7 +2,7 @@ name: Skill Validator — PR Gate
 on:
  pull_request:
-    branches: [staged]
+    branches: [main]
    types: [opened, synchronize, reopened]
    paths:
      - "skills/**"
@@ -2,7 +2,7 @@ name: Validate Agentic Workflow Contributions
 on:
  pull_request:
-    branches: [staged]
+    branches: [main]
    types: [opened, synchronize, reopened]
    paths:
      - "workflows/**"
@@ -2,7 +2,7 @@ name: Validate Canvas Extensions
 on:
  pull_request:
-    branches: [staged]
+    branches: [main]
    types: [opened, synchronize, reopened]
    paths:
      - "extensions/**"
@@ -2,7 +2,7 @@ name: Validate README.md
 on:
  pull_request:
-    branches: [staged]
+    branches: [main]
    types: [opened, synchronize, reopened]
    paths:
      - "instructions/**"
@@ -170,9 +170,9 @@ When adding a new agent, instruction, skill, hook, workflow, or plugin:
 6. After issue edits, the issue author or a maintainer can comment `/rerun-intake` to re-run automated intake and quality gates without opening a new submission issue
 7. Maintainers can explicitly override a quality-gate blocker with `/mark-ready-for-review [optional reason]`, which moves the issue to `ready-for-review`
 8. Maintainers make the decision with `/approve` or `/reject <reason>` issue comments once the issue is in `ready-for-review`; approved issues are closed and used as the six-month re-review anchor
-9. Approval automation creates or updates the PR against `staged`, updates `plugins/external.json`, and regenerates marketplace outputs
+9. Approval automation creates or updates the PR against `main`, updates `plugins/external.json`, and regenerates marketplace outputs
 10. Nightly re-review automation finds closed `external-plugin` + `approved` issues that are at least six months old, applies `re-review-due`, and opens or updates a tracking issue for maintainers
-11. Maintainers complete re-review on the original approved submission issue with `/re-review-keep`, `/re-review-needs-changes`, or `/re-review-remove`; keep resets the issue `closed_at`, and remove opens a PR against `staged`
+11. Maintainers complete re-review on the original approved submission issue with `/re-review-keep`, `/re-review-needs-changes`, or `/re-review-remove`; keep resets the issue `closed_at`, and remove opens a PR against `main`
 ### Testing Instructions
@@ -215,7 +215,7 @@ Before committing:
 When creating a pull request:
-> **Important:** All pull requests should target the **`staged`** branch, not `main`.
+> **Important:** All pull requests should target the **`main`** branch, not `staged`.
 1. **README updates**: New files should automatically be added to the README when you run `npm run build`
 2. **Front matter validation**: Ensure all markdown files have the required front matter fields
@@ -238,7 +238,7 @@ The public-submission policy builds on those rules and also requires `license` p
 6. **Requesting another intake pass**: after updating the issue body or source plugin, the issue author or a maintainer can comment `/rerun-intake` to re-run automated intake and quality gates on demand. Open issues re-trigger intake automatically on edit; closed maintainer-rejected issues need `/rerun-intake`. When the rerun is accepted, automation reacts to the command comment with 👀 so it is visible that processing started.
 7. **Maintainer override path**: a maintainer with write access can comment `/mark-ready-for-review [optional reason]` to explicitly move a `requires-submitter-fixes` issue to `ready-for-review`.
 8. **Maintainer decision**: once in `ready-for-review`, a maintainer with write access performs the manual review, then comments `/approve` or `/reject <reason>` on the issue. Commands from non-maintainers are ignored.
-9. **Approval path**: on `/approve`, automation removes `ready-for-review`, adds `approved`, closes the issue, and opens or updates a PR against `staged` that updates `plugins/external.json` and generated marketplace outputs.
+9. **Approval path**: on `/approve`, automation removes `ready-for-review`, adds `approved`, closes the issue, and opens or updates a PR against `main` that updates `plugins/external.json` and generated marketplace outputs.
 10. **Rejection path**: on `/reject <reason>`, automation removes `ready-for-review`, adds `rejected`, closes the issue, and records the reason in an issue comment. After addressing the feedback, update the same issue and use `/rerun-intake` to re-queue intake.
 ##### Updating listed external plugins via PR
@@ -281,7 +281,7 @@ Maintainers complete the re-review on the **original approved submission issue**
 - `/re-review-keep` — renew the listing for another six months by reopening and reclosing the approved issue, which resets the `closed_at` review anchor and removes the due labels
 - `/re-review-needs-changes` — keep the listing in the due queue while adding `re-review-follow-up` so maintainers can track extra investigation or remediation work
- `/re-review-remove` — open or update a PR against `staged` that removes the plugin from `plugins/external.json` and regenerates marketplace outputs; the issue stays in the due queue until that removal lands
+- `/re-review-remove` — open or update a PR against `main` that removes the plugin from `plugins/external.json` and regenerates marketplace outputs; the issue stays in the due queue until that removal lands
 Approved submissions are converted into `plugins/external.json` entries following the [Claude Code plugin marketplace spec](https://code.claude.com/docs/en/plugin-marketplaces#plugin-entries). A typical GitHub-hosted entry looks like this:
@@ -402,18 +402,18 @@ Create a daily summary of open issues for the team.
 ## Submitting Your Contribution
 1. **Fork this repository**
-2. **Create a new branch** for your contribution from the `staged` branch. **This is critical** - ensure that a branch is created from `staged`, not `main`. Branches created from `main` will cause merge conflicts and delays in processing your contribution, or they may be outright rejected.
+2. **Create a new branch** for your contribution from the `main` branch. **This is critical** — ensure that a branch is created from `main`, not `staged`. Branches created from `staged` may include materialized plugin files that will cause conflicts and delays, or may be outright rejected.
 3. **Add your instruction, skills, agents, workflow, or plugin** following the guidelines above
 4. **Run the update script**: `npm start` to update the README with your new file (make sure you run `npm install` first if you haven't already)
   - A GitHub Actions workflow will verify that this step was performed correctly
   - If the README.md would be modified by running the script, the PR check will fail with a comment showing the required changes
-5. **Submit a pull request** targeting the `staged` branch with:
+5. **Submit a pull request** targeting the `main` branch with:
   - A clear title describing your contribution
   - A brief description of what your instruction/skill/agent does
   - Any relevant context or usage notes
 > [!IMPORTANT]
-> All pull requests should target the **`staged`** branch, not `main`.
+> All pull requests should target the **`main`** branch, not `staged`.
 > [!NOTE]
 > Branch migration tracking for source/published branch changes lives in [Issue #1368](https://github.com/github/awesome-copilot/issues/1368). Phase 2 migration work stays gated until maintainers confirm external tooling rollout is complete.
@@ -23,7 +23,7 @@ See [CONTRIBUTING.md](../CONTRIBUTING.md#adding-plugins) for guidelines on how t
 - Open the Extensions search view and type \`@agentPlugins\` to browse available plugins
 - Or open the Command Palette and run \`Chat: Plugins\`
 - Published marketplace manifest (tool-facing): `https://raw.githubusercontent.com/github/awesome-copilot/marketplace/.github/plugin/marketplace.json`
- Source plugin content (human-authored): `https://github.com/github/awesome-copilot/tree/HEAD/plugins`
+- Source plugin content (human-authored): `https://github.com/github/awesome-copilot/tree/main/plugins`
 | Name | Description | Items | Tags |
 | ---- | ----------- | ----- | ---- |
@@ -799,7 +799,8 @@ function generatePluginsSection(pluginsDir) {
  }
  const publishedManifestUrl = `${publishedArtifactBaseUrl}/.github/plugin/marketplace.json`;
-  const sourceTreeUrl = "https://github.com/github/awesome-copilot/tree/HEAD/plugins";
+  const sourceTreeUrl =
    "https://github.com/github/awesome-copilot/tree/main/plugins";
  const pluginLinkGuidance = [
    "",
    `- Published marketplace manifest (tool-facing): \`${publishedManifestUrl}\``,
@@ -196,7 +196,7 @@ gh aw compile --validate --no-emit workflows/my-new-workflow.md
 1. Fork the repository and create a new branch
 2. Add your workflow `.md` file to the `workflows/` directory
 3. Run `npm run build` to update the README
-4. Submit a pull request targeting the `staged` branch
+4. Submit a pull request targeting the `main` branch
 > **Important:** Only submit the `.md` source file. Do not include compiled `.lock.yml` or `.yml` files — CI will block them.