chore: manage Dispatch labels from labels.yaml

[joryirving]

Why

Dispatch worker queues and PR workflows depend on stable labels such as status/*, priority/*, agent/*, and ai-review. This moves the canonical Dispatch-managed label set into .github/labels.yaml so label setup is version-controlled instead of manual GitHub UI state.

What changed

• Added .github/labels.yaml with Dispatch status, priority, classification, workflow, stable agent, ai-review, and active umbrella labels.
• Added a pinned label sync workflow using EndBug/label-sync@52074158190acb45f3077f9099fea818aa43f97a.
• The workflow supports workflow_dispatch and runs when .github/labels.yaml changes on main.

Safety

• Add/update only for the first rollout.
• Unknown labels are not pruned: delete-other-labels: false.
• Repo-specific labels, Renovate labels, and dynamic agent/* labels remain untouched unless explicitly listed in the config.
• No Dispatch runtime state, app behavior, DB data, issues, or home-ops files were changed.

Validation

• Parsed .github/labels.yaml as YAML.
• Parsed .github/workflows/label-sync.yaml as YAML.
• Verified required status/*, priority/*, stable agent/*, and ai-review labels are present.
• Verified pinned actions/checkout and pinned EndBug/label-sync references.
• Verified minimal workflow permissions: contents: read, issues: write.
• Verified delete-other-labels: false is present.
• Generated a local label report from the public GitHub Labels API: create=9, update=14, delete=0.

Dispatch worker labels are now version-controlled.

[its-saffron]

AI Automated Review

Full PR review.

Analysis engine: MiniMax-M2.7@https://litellm.jory.dev/v1 (anthropic) — escalated (fast_low_confidence)

Review Summary

PR PR 373 adds version-controlled label management for Dispatch via a canonical .github/labels.yaml file and a pinned GitHub Actions workflow that syncs those labels using EndBug/label-sync. The changes are well-scoped, safe by design (delete-other-labels: false), and CI has passed both Validate and Docker Build.

Change-by-Change Findings

.github/labels.yaml (76 lines)

Defines 24 labels across five categories: Status (5), Priority (4), Type/Classification (8), Dispatch/Workflow (4), and Stable Agents (2). The Status and Priority labels exactly match the conventions documented in AGENTS.md. The two stable agent labels (agent/saffron-normal, agent/saffron-escalated) follow the agent/* prefix pattern. The file includes a trailing comment noting that repo-specific labels can be appended and that unknown labels are not pruned.

Notable labels not explicitly documented in AGENTS.md but present in the codebase: pr-review-fix (referenced in the OpenClaw contract and pr-fix-queue), ai-review (implied by ai-pr-review.yaml), and umbrella (referenced in lane classification docs as a parent/audit item marker). These appear to be intentional additions reflecting operational needs. The needs-escalation label is documented in routing rules as a legacy label that should NOT trigger ESCALATED routing, but it is included here as a stable Dispatch-managed label — this is acceptable as the routing logic explicitly disregards it.

.github/workflows/label-sync.yaml (39 lines)

A minimal, well-structured workflow that:

• Triggers on workflow_dispatch (with a dry_run toggle) and on push to main when .github/labels.yaml changes.
• Uses pinned SHA references for both actions/checkout (v6.0.3, matching other workflows in the repo) and EndBug/label-sync (v2.3.3, commit 52074158190acb45f3077f9099fea818aa43f97a).
• Requests minimal permissions: contents: read at the workflow level, issues: write only where needed for the sync step.
• Sets delete-other-labels: false, ensuring existing repo-specific, Renovate, and dynamic agent/* labels are preserved.
• Uses sparse checkout to fetch only .github/labels.yaml, keeping the checkout lightweight.
• Sets persist-credentials: false on checkout, which is appropriate since the label-sync action authenticates via its own GitHub App installation token rather than needing persisted credentials.

Standards Compliance

Convention	Status	Notes
status/* labels follow documented pattern	✅ Pass	All five status labels match AGENTS.md exactly
priority/* labels follow documented pattern	✅ Pass	p0–p3 match exactly
agent/* labels follow documented pattern	✅ Pass	Two stable agent labels use the agent/ prefix
No hardcoded agent names in generic docs	✅ Pass	Labels file is operational config, not documentation; stable agent names are appropriate for Dispatch's own infrastructure
Pinned action references	✅ Pass	Both actions use full SHA pins matching repo usage
Minimal workflow permissions	✅ Pass	contents: read + issues: write only; no unneeded scopes
No commit of secrets	✅ Pass	No secrets or credentials in the diff

Linked Issue Fit

No linked issue was provided. The PR body states the goal is to version-control Dispatch-managed labels so label setup is no longer manual GitHub UI state. The implementation achieves this: a canonical YAML file drives label sync, and the workflow ensures the file stays applied on every main push. The Safety section accurately describes the non-destructive behavior (delete-other-labels: false).

Evidence Provider Findings

No evidence providers were configured for this review.

Tool Harness Findings

No tool harness requests were made for this review.

Unknowns / Needs Verification

None. The diff is self-contained, CI passed, the action is a well-known community tool with a pinned SHA, and the label set aligns with documented conventions and operational references found in the codebase.

Recommendation

Approve. The PR delivers version-controlled label management with a safe, minimal workflow. All label conventions are followed, permissions are scoped correctly, action references are pinned, and CI validates cleanly.