ci-auditlisted

# CI Audit Audit the GitHub Actions runs on the current branch. Classify every warning / error / failure / deprecation, fix what can be fixed in-repo, and leave `git add` / `commit` / `push` to the developer. ## Repo context ```! cat .claude/skill-context.md 2>/dev/null || echo "(no .claude/skill-context.md — skill will use generic defaults)" ``` The injected `## ci_audit` section (if present) tells you which repo-side configs a CI failure can trace back to, which tools show up in error output for this repo, and any expected external PR checks (Codecov, GitGuardian, etc.). Use those instead of the generic defaults below when available. ## Scope - **In scope:** workflow YAML under `.github/workflows/`, any config referenced from it (from the injected `ci_audit.referenced_configs`, typically `pyproject.toml`, `Makefile`, dev-runner script), and source/tests when a failure traces to code. - **Out of scope:** committing, pushing, opening PRs, merging, re-running workflows. The developer drives git. ## Where runs live - Current branch: `git branch --show-current`. - Associated PR (if any): `gh pr view --json number,url,statusCheckRollup`. `statusCheckRollup[].detailsUrl` gives the run URL; the numeric id after `/runs/` is the run id you need. - If there's no PR yet, fall back to `gh run list --branch <branch> --limit 5 --json databaseId,headSha,status,conclusion,workflowName,createdAt`. Pick the **latest run per workflow** on the current head SHA. Don't mix SHAs — an olde