tracking: gh-aw bot allowlist bug (github/gh-aw#21098)

## Summary

We filed [github/gh-aw#21098](https://github.com/github/gh-aw/issues/21098) — `check_membership.cjs` exits on the `error` branch before reaching the bot allowlist fallback. This means `bots:` in workflow frontmatter is effectively broken for GitHub App actors like Copilot.

## Current Workaround

Using `roles: all` to skip the permission check entirely. This is overly permissive — any actor can trigger the workflow, not just authorized users and bots.

## When to Revisit

When gh-aw ships a fix for #21098, we should:
1. Remove `roles: all` from review-responder.md and quality-gate.md
2. Restore the default roles (`admin,maintainer,write`) — the compiler adds these automatically when no `roles:` is specified
3. Keep `bots: [Copilot, copilot-pull-request-reviewer]` under `on:`
4. Recompile and verify the agent activates correctly

## Related

- Upstream bug: [github/gh-aw#21098](https://github.com/github/gh-aw/issues/21098)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tracking: gh-aw bot allowlist bug (github/gh-aw#21098) #74

Summary

Current Workaround

When to Revisit

Related

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

tracking: gh-aw bot allowlist bug (github/gh-aw#21098) #74

Description

Summary

Current Workaround

When to Revisit

Related

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions