Harden autopilot control-plane execution

[OgeonX-Ai]

Summary

• enforce explicit label-gated, bounded issue execution
• add prompt-injection and generated-change safety boundaries
• require verification and an explicit org mutation credential
• repair workflow YAML and add executable control-plane contract tests
• retain GSD audit, verification, and per-finding memory evidence

Validation

• python tests/validate_workflows.py
• powershell -NoProfile -ExecutionPolicy Bypass -File tests/contract-tests.ps1
• python -m compileall -q tests
• yamllint with GitHub Actions-compatible rules
• git diff --check origin/main...HEAD

Manual deployment prerequisites

• provision ORG_AUTOPILOT_TOKEN as a short-lived GitHub App installation token or least-privilege fine-grained token
• run a live end-to-end test in a sandbox organization with the self-hosted Windows runner
• decide the secretless Codex authentication path when provider workload identity is supported

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.