Add product-manager-impersonator and refactor-opportunist workflows

[Copilot]

Adds two continuous-improvement detector workflows for downstream repos: product-manager-impersonator and refactor-opportunist.

New workflows

• product-manager-impersonator

  • Proposes one customer-aligned feature idea per run, grounded in repository evidence.
  • Uses the scheduled-audit base and emits create-issue (max 1, closes older reports); otherwise emits noop.
  • Scheduled for weekdays (0 10 * * 1-5) and supports manual dispatch.

• refactor-opportunist

  • Identifies one high-impact structural refactor candidate and requires a partial implementation to prove viability before filing.
  • Uses the scheduled-audit base and emits create-issue (max 1, closes older reports); otherwise emits noop.
  • Scheduled weekly (0 14 * * 1) and supports manual dispatch.

Additional changes

• Added workflow templates for both detectors:
  • gh-agent-workflows/product-manager-impersonator/example.yml
  • gh-agent-workflows/refactor-opportunist/example.yml
• Added generated trigger workflows in this repo:
  • .github/workflows/trigger-product-manager-impersonator.yml
  • .github/workflows/trigger-refactor-opportunist.yml
• Updated docs/discovery surfaces:
  • gh-agent-workflows/README.md (detectors list and --continuous-improvement set)
  • gh-agent-workflows/product-manager-impersonator/README.md
  • gh-agent-workflows/refactor-opportunist/README.md
• Updated scripts/quick-setup.sh to include both workflows in continuous_improvement_workflows.

Consumer usage

# product-manager-impersonator
jobs:
  run:
    uses: elastic/ai-github-actions/.github/workflows/gh-aw-product-manager-impersonator.lock.yml@v0
    secrets:
      COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

# refactor-opportunist
jobs:
  run:
    uses: elastic/ai-github-actions/.github/workflows/gh-aw-refactor-opportunist.lock.yml@v0
    secrets:
      COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces two new continuous improvement GitHub Actions workflows—Ideas Man and Refactor Proposal—with complete job definitions, trigger schedules, documentation, and examples. Both workflows integrate Copilot CLI, MCP servers, safe outputs handling, and threat detection. Updates include setup scripts and documentation to include these workflows in the default automation suite.

Changes

Cohort / File(s)	Summary
Ideas Man Workflow .github/workflows/gh-aw-ideas-man.lock.yml, .github/workflows/gh-aw-ideas-man.md, .github/workflows/trigger-ideas-man.yml	Comprehensive workflow for proposing feature ideas, including activation pipeline, Copilot agent orchestration, safe outputs MCP server, threat detection, and conclusion stages with artifact logging and secret redaction.
Refactor Proposal Workflow .github/workflows/gh-aw-refactor-proposal.lock.yml, .github/workflows/gh-aw-refactor-proposal.md, .github/workflows/trigger-refactor-proposal.yml	Complete refactor-proposal automation with multi-stage pipeline (activation, agent, detection, safe outputs, conclusion) designed to assess, partially implement, and propose structural refactors.
Ideas Man Examples & Documentation gh-agent-workflows/ideas-man/README.md, gh-agent-workflows/ideas-man/example.yml	Documentation and example workflow template for Ideas Man, including operation flow, trigger events, inputs, and safe outputs schema.
Refactor Proposal Examples & Documentation gh-agent-workflows/refactor-proposal/README.md, gh-agent-workflows/refactor-proposal/example.yml	Documentation and example workflow for Refactor Proposal, detailing architectural review approach, verification steps, and issue-based reporting.
Setup & Configuration Updates gh-agent-workflows/README.md, scripts/quick-setup.sh	Updates main README and setup script to include Ideas Man and Refactor Proposal in the default continuous improvement workflows list.

Sequence Diagram(s)

sequenceDiagram
    participant GH as GitHub<br/>Actions
    participant Act as Activation<br/>Job
    participant Agent as Copilot<br/>Agent Job
    participant Detect as Threat<br/>Detection
    participant SafeOut as Safe<br/>Outputs Job
    participant Conclude as Conclusion<br/>Job

    GH->>Act: Trigger workflow
    activate Act
    Act->>Act: Validate context<br/>Create prompt<br/>Setup environment
    Act-->>GH: Artifacts created
    deactivate Act

    Act->>Agent: Pre-activation check<br/>passed
    activate Agent
    Agent->>Agent: Install Copilot CLI<br/>Start MCP servers<br/>Configure gateway
    Agent->>Agent: Run Copilot with<br/>sandboxed commands
    Agent-->>GH: Agent logs & outputs
    deactivate Agent

    Agent->>Detect: Threat detection<br/>trigger
    activate Detect
    Detect->>Detect: Download artifacts<br/>Parse output types<br/>Run detection analysis
    Detect-->>GH: Threat report
    deactivate Detect

    Detect->>SafeOut: Process safe outputs
    activate SafeOut
    SafeOut->>SafeOut: MCP server init<br/>Tool validation<br/>Policy enforcement
    SafeOut->>SafeOut: Handle create_issue,<br/>noop, missing_data
    SafeOut-->>GH: Safe outputs report
    deactivate SafeOut

    SafeOut->>Conclude: Finalize results
    activate Conclude
    Conclude->>Conclude: Aggregate results<br/>Process no-ops<br/>Redact secrets
    Conclude-->>GH: Final summary
    deactivate Conclude

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Clarify lock files and trigger files are auto-generated; add do-not-modify headers #335: Modifies generated trigger workflows and developer documentation scripts (trigger-\*.yml files), with overlapping workflow generation and configuration patterns.
• Add quick setup script for gh-aw workflows #173: Updates scripts/quick-setup.sh and the continuous-improvement workflow list, directly affected by additions of ideas-man and refactor-proposal.
• Add configurable allowed-bot-users workflow input #229: Adds and wires the allowed-bot-users workflow input into GitHub Actions workflow definitions, affecting the same workflow-level configuration as these new workflows.

Suggested reviewers

• github-actions

Poem

🐰 Hark! Two new workflows bound for glory—
Ideas Man spins features into story,
Refactor's voice rings wise and strong,
While safe outputs keep us from going wrong. 🎉
Continuous improvement, our trusty guide!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main changes: adding two new workflows (ideas-man and refactor-proposal) to the codebase.
Linked Issues check	✅ Passed	The PR fully implements all coding requirements from issue #359: adds ideas-man workflow proposing feature ideas, adds refactor-proposal workflow with senior-architect persona and partial implementation validation, and documents both workflows for consumer use.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to issue #359 requirements: the two new workflows, their documentation, example configurations, and setup script updates are all within the stated objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch copilot/setup-workflow-for-refactor

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[strawgate]

@copilot maybe rename to product-manager-impersonator and refactor-opportunist?

[Copilot]

@copilot maybe rename to product-manager-impersonator and refactor-opportunist?

Renamed in c5855c1: ideas-man → product-manager-impersonator, refactor-proposal → refactor-opportunist. All source files, examples, READMEs, triggers, lock files, quick-setup.sh, and the workflows README updated. make compile and make lint pass clean.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/ruby/setup-ruby/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/ruby/setup-ruby/git/ref/tags/v1 --jq .object.sha 0.1-go1.25.7.lin--gdwarf-5 ux-amd64/src/cry--64 0.1-go1.25.7.lin-o r (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)