chore: sync actions from gh-aw@v0.77.0

[github-actions]

Automated sync of actions from gh-aw at v0.77.0.

[Copilot]

Pull request overview

Automated sync of compiled setup actions and prompts from upstream github/gh-aw@v0.77.0, updating this downstream action mirror with new safe-output metadata, outcome evaluation, OTLP, patch, forecast, and threat-detection behavior.

Changes:

• Adds execution metadata capture/manifest persistence and expands outcome evaluation/OTLP outcome spans.
• Improves patch/bundle handling, model multiplier flow, threat detection parsing, and forecast issue generation.
• Updates supporting prompts, shell helpers, footer hints, reviewer/label/comment handlers, and dev dependency versions.

Show a summary per file

File	Description
setup/action.yml	Adds OTLP OIDC token input.
setup/index.js	Passes OTLP OIDC input through setup.
setup/setup.sh	Removes legacy model multiplier env export.
setup/md/forecast_issue.md	Adds forecast issue template.
setup/md/threat_detection.md	Adds npm lockfile validation guidance.
setup/sh/mask_otlp_headers.sh	Skips over-short mask values.
setup/sh/setup_cache_memory_git.sh	Adds cache-memory writability preflight.
setup/sh/setup_cache_memory_git_test.sh	Tests SPDD cache directory preflight.
setup/sh/start_cli_proxy.sh	Runs proxy container as current user.
setup/sh/start_difc_proxy.sh	Runs proxy container as current user.
setup/js/action_setup_otlp.cjs	Merges OIDC bearer auth into OTLP headers.
setup/js/add_comment.cjs	Treats locked targets as skipped warnings.
setup/js/add_labels.cjs	Captures issue state around label additions.
setup/js/add_reaction.cjs	Skips unsupported review-object reactions.
setup/js/add_reviewer.cjs	Adds cross-repo and Copilot reviewer metadata support.
setup/js/check_workflow_timestamp_api.cjs	Adds optional body-hash stale checks.
setup/js/commit_sha_helpers.cjs	Adds shared commit SHA normalization.
setup/js/constants.cjs	Adds Copilot bot ID and structured detection filename constants.
setup/js/copilot_harness.cjs	Adds detection-phase reflect retry for model availability races.
setup/js/create_forecast_issue.cjs	Renders forecast issue template and error reports.
setup/js/create_pull_request.cjs	Improves patch/bundle apply anchoring.
setup/js/effective_tokens.cjs	Loads merged/built-in model multipliers from files.
setup/js/emit_outcome_spans.cjs	Emits normalized outcome attributes.
setup/js/evaluate_outcomes.cjs	Expands outcome classification and summary fields.
setup/js/extra_empty_commit.cjs	Ignores merge commits in empty-commit cycle checks.
setup/js/extract_base_branch_from_agent_output.cjs	Adds base branch extraction helper.
setup/js/frontmatter_hash_pure.cjs	Adds body hashing and input size guard.
setup/js/fuzz_template_branch_harness.cjs	Imports shared template renderer directly.
setup/js/generate_aw_info.cjs	Writes merged model multiplier data.
setup/js/generate_git_patch.cjs	Supports validated workspace-relative patch paths.
setup/js/git_helpers.cjs	Avoids expensive unshallow fetches.
setup/js/handle_agent_failure.cjs	Refactors failure issue lookup to body markers.
setup/js/interpolate_prompt.cjs	Reuses shared markdown template renderer.
setup/js/merge_awf_model_multipliers.cjs	Adds AWF config model multiplier merge script.
setup/js/messages_footer.cjs	Adds slash-command rerun hint support.
setup/js/package.json	Bumps Vitest/Vite-related dev dependencies.
setup/js/parse_mcp_gateway_log.cjs	Updates ET multiplier source documentation.
setup/js/parse_threat_detection_results.cjs	Prefers structured detection result files.
setup/js/pi_provider.cjs	Emits report-incomplete safe output for early provider failures.
setup/js/pr_review_buffer.cjs	Captures review before/after execution state.
setup/js/push_to_pull_request_branch.cjs	Pins patch apply to recorded base commits and logs metadata.
setup/js/redact_secrets.cjs	Broadens ghs_ token redaction pattern.
setup/js/render_template.cjs	Deduplicates regexes and improves fence accounting.
setup/js/safe_output_execution_metadata.cjs	Adds shared state snapshot helpers.
setup/js/safe_output_handler_manager.cjs	Centralizes manifest logging and logs deferred review results.
setup/js/safe_output_manifest.cjs	Persists execution metadata and skips deferred/skipped placeholders.
setup/js/safe_outputs_handlers.cjs	Resolves validated patch workspace paths.
setup/js/safe_outputs_mcp_server.cjs	Passes logger into tool handler attachment.
setup/js/safe_outputs_mcp_server_http.cjs	Passes logger into HTTP tool handler attachment.
setup/js/safe_outputs_tools.json	Clarifies review submission body/comment requirements.
setup/js/safe_outputs_tools_loader.cjs	Strips unknown strict-schema args and preserves handlers on clones.
setup/js/send_otlp_span.cjs	Adds run URL attributes and removes estimated-cost metric emission.
setup/js/submit_pr_review.cjs	Marks buffered review results as deferred for manifest logging.
setup/js/update_handler_factory.cjs	Adds execution metadata hooks for update handlers.
setup/js/update_issue.cjs	Captures issue update before/after state.
setup/js/update_pull_request.cjs	Captures PR update before/after state.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 56/56 changed files
• Comments generated: 5