feat: add agent-shield.yml compliance workflow

[don-petry]

Summary

• Adds the required agent-shield.yml workflow as a thin caller delegating to the org-level reusable workflow (agent-shield-reusable.yml)
• Follows the same pattern as other thin-caller workflows in this repo (e.g., claude.yml, feature-ideation.yml)
• Brings the repository into compliance with ci-standards.md#required-workflows

Changes

• .github/workflows/agent-shield.yml — new thin-caller workflow

Closes #57

Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@don-petry has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 7 minutes and 16 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 7 minutes and 16 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c26e2f4b-dcb1-4548-ad1b-e0a94619a34f

📥 Commits

Reviewing files that changed from the base of the PR and between c29026e and df954d1.

📒 Files selected for processing (1)

• .github/workflows/agent-shield.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/issue-57-20260407-1732

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[don-petry]

Hi @don-petry — this PR adds the required agent-shield.yml workflow to resolve the compliance finding. CI is being monitored. Please review and merge when ready.

[sonarqubecloud]

Quality Gate failed

Failed conditions
2 Security Hotspots

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Adds the missing required Agent Shield GitHub Actions workflow as a thin-caller that delegates execution to the org-level reusable workflow, bringing the repo into compliance with the CI standards referenced in issue #57.

Changes:

• Add .github/workflows/agent-shield.yml thin-caller workflow invoking petry-projects/.github/.github/workflows/agent-shield-reusable.yml@main
• Configure triggers for pull_request and push on main, with least-privilege token permissions set at the job level

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[don-petry]

Closing as stale — predates the standards PR.

This PR was generated by Claude during the original bulk-toggle yesterday, before petry-projects/.github#86 landed. That standards PR added prompt rules that:

• Require copying from petry-projects/.github/standards/workflows/ verbatim instead of writing workflow files from scratch
• Require verifying SHAs via gh api instead of guessing
• Require the CodeQL actions ecosystem in the matrix where applicable
• Allow gh api and gh label create for admin operations

Re-toggling the underlying issue will let Claude regenerate this fix using the new rules. The next run should produce a workflow that is byte-identical to the standard template (verified with the canary on TalkTerm#51 → PR #78 yesterday).