Skip to main content

Documentation Index

Fetch the complete documentation index at: https://jacobpevans-docs-automation-surface.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

One repo of reusable workflows. Every consumer repo writes ten-line callers and inherits the entire pipeline.
JacobPEvans/ai-workflows ships 16 reusable GitHub Actions workflows (on: workflow_call:) that consumer repos invoke with uses: references. The AI orchestration, prompts, and rate guards live in the upstream workflow; the consumer caller declares the trigger and inherits secrets.

Event-triggered workflows

These run on GitHub events. Wire one caller per workflow you want.
WorkflowTriggerWhat it does
issue-triage.ymlissues: [opened]Categorizes, deduplicates, labels new issues
issue-resolver.ymlissues: [opened]Creates a draft PR when the issue is well-scoped and not excluded by labels
ci-fix.ymlworkflow_run of your CI workflow, conclusion: failureReads the failed log, pushes a fix commit
final-pr-review.ymlpull_request_review: [submitted]Final merge-readiness gate before human merge
project-router.ymlissues/pull_request: [opened, labeled]Routes items to GitHub Projects with smart field assignment
post-merge-docs-review.ymlpush: [main] → dispatchAfter merge, audits docs touched by the commit, creates fix PRs
post-merge-tests.ymlpush: [main] → dispatchAfter merge, analyzes the code changes and drafts targeted tests
issue-linker.ymlpull_request: [opened, closed]Links open issues to PRs on open; closes resolved issues on merge
notify-ai-pr.ymlpull_request: [opened] from a botSlack notification when an AI-authored PR opens

Scheduled workflows

These run on cron — typically called with schedule: and a manual workflow_dispatch:.
WorkflowDefault scheduleWhat it does
code-simplifier.ymlDaily 04:00 UTCDRY enforcement, dead code removal, drafts PRs
best-practices.ymlWeekly Wed 03:00 UTCAudit creating actionable recommendations
next-steps.ymlDaily 05:00 UTCAnalyzes merge momentum, suggests next logical action
issue-sweeper.ymlWeekly Mon 06:00 UTCScans open issues, comments on progress, closes resolved
issue-hygiene.ymlWeekly Mon 07:00 UTCDetects duplicates, links merged PRs, flags stale issues
label-sync.ymlWeekly Sun 05:00 UTCSyncs canonical labels from the .github repo to consumers
repo-orchestrator.ymlworkflow_dispatchMulti-repo hub-and-spoke dispatcher for ad-hoc operations

What’s deprecated or disabled

WorkflowStatusReplacement
claude-review.ymlDEPRECATED 2026-04-04. All jobs gated if: false.External Gemini + Copilot PR reviews
pr-issue-linker.ymlAuto-triggers explicitly disabled (workflow_dispatch only)issue-linker.yml
Wiring a caller for a deprecated workflow is a no-op — the consumer caller runs, the upstream silently skips. Don’t.

How a caller looks

A consumer caller is the smallest YAML that declares a trigger, sets permissions, and forwards to the upstream: 
name: Issue Triage
on:
  issues:
    types: [opened]
permissions:
  contents: read
  id-token: write
  issues: write
jobs:
  run:
    uses: JacobPEvans/ai-workflows/.github/workflows/issue-triage.yml@main
    secrets: inherit
Permission shape varies per workflow — issue-resolver needs pull-requests: write, ci-fix needs actions: read, post-merge-* needs actions: write for the re-dispatch. The canonical caller templates list the exact permission block for each.

Versioning

Per ci-cd-policy.md, JacobPEvans self-references use @main or a major tag like @v0 — never minor/patch pins. The full SemVer tags exist (@v0.15.1) and are tracked by Renovate, but consumers should ride a moving ref so upstream improvements land without a Renovate PR per repo.

Authentication

Every reusable workflow uses anthropics/claude-code-action@v1, authenticated directly against the Anthropic API:
  • secrets.ANTHROPIC_API_KEY — Anthropic API key. Spend draws from the Claude Max plan’s $200/month automation credits.
OAuth tokens from a Claude Code subscription session are explicitly forbidden in unattended CI — they violate the Claude Code Terms of Service. OpenRouter is supported as a fallback provider (set secrets.OPENROUTER_API_KEY and secrets.OPENROUTER_BASE_URL) but is no longer the default. The provider matrix lives in AUTHENTICATION.md.

Commit signing

Every AI workflow mints a JacobPEvans-claude GitHub App installation token immediately before calling the action, then hands it in as github_token with use_commit_signing: true. Commits land web-flow-signed and attributed to the bot. The App credentials (GH_APP_CLAUDE_BOT_PRIVATE_KEY, GH_APP_CLAUDE_BOT_ID) are distributed by secrets-sync to every repo in the _github_app_repos anchor.

Where to go next

Getting started

Caller templates for every workflow, with the correct permission blocks.

Patterns

The post-merge dispatch pattern, bot guards, and other recurring shapes.

Authentication

Anthropic API key setup, cost controls, fallback providers, why not OAuth.

Verification

The e2e runbook for checking a freshly-wired repo end to end.

Issue → PR pipeline on this repo

Exactly which six callers are wired on JacobPEvans/docs and why.

Secret distribution

How ANTHROPIC_API_KEY and the App credentials land on each consumer repo.