Fix workflows, dependencies, Dockerfile, and lint issues for working CI

[blackboxprogramming]

• ci.yml: Target both main/master branches, install via pyproject.toml [dev]
• autonomous-agent.yml: Replace unsafe blind auto-merge with validated
  PR automation; remove 6-hour cron spam; add concurrency limits;
  restrict auto-merge to dependabot only; drop unnecessary write perms
• pyproject.toml: Add all runtime deps (click, rich, httpx, keyring,
  pyyaml), dev deps (pytest, ruff), entry points (road/roadcli),
  build-system config, ruff/pytest tool config
• Dockerfile: Use pyproject.toml install instead of missing requirements.txt,
  fix entrypoint to use road CLI command
• init.py: Add missing version (imported by main.py)
• cli.py: Fix help=rue typo, fix bare type comparison (E721)
• config.py: Fix bare except (E722)
• ai.py/deploy.py/interactive.py: Remove unused imports, fix f-strings
• README.md: Replace incorrect Node.js references with actual Python
  install/run instructions and correct env vars

All 25 tests pass, lint clean.

https://claude.ai/code/session_01QBbtM2ArN8zNt9x4HDDmDo

[Copilot]

Pull request overview

This PR updates packaging, CI workflows, and runtime entry points so the project can be installed/tested/linted consistently in CI and Docker, and fixes several small lint/code-quality issues across the CLI.

Changes:

• Move dependency/install flow to pyproject.toml (runtime + dev deps), add console scripts, and align CI to install via .[dev].
• Harden GitHub Actions workflows (branch targeting, PR validation, restricted auto-merge for dependabot, concurrency).
• Fix minor Python issues (bare except, E721, unused imports, small string/lint cleanups) and add __version__ used by the CLI.

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/roadcli/interactive.py	Removes unused imports to satisfy linting.
src/roadcli/commands/deploy.py	Cleans up unnecessary f-strings in console output.
src/roadcli/commands/config.py	Replaces bare except with except Exception for lint compliance.
src/roadcli/commands/ai.py	Removes unused Rich imports.
src/roadcli/cli.py	Fixes E721 bool type check and a help=rue typo; whitespace cleanup.
src/roadcli/init.py	Adds __version__ for runtime version reporting.
pyproject.toml	Defines runtime/dev dependencies, entry points, build system, and ruff/pytest config.
README.md	Updates install/run instructions to Python and correct env vars.
Dockerfile	Builds/install from pyproject.toml and uses road entrypoint.
.gitignore	Adds Python build/cache/env ignores.
.github/workflows/ci.yml	Runs CI on main/master and installs via .[dev].
.github/workflows/autonomous-agent.yml	Replaces unsafe automation with PR validation + dependabot-only auto-merge.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

__version__ is hard-coded here while the package version is also declared in pyproject.toml. This can drift over time and cause the CLI to report a different version than the installed distribution. Consider deriving __version__ from package metadata (e.g., importlib.metadata.version("roadcli")) with a fallback for editable/uninstalled contexts, or otherwise ensuring a single source of truth for the version.

[Copilot]

Top-level workflow permissions grant pull-requests: write, but the validate job only checks out code and runs lint/tests. Consider reducing the default to read-only (e.g., pull-requests: read) and keeping write permissions only on the dependabot auto-merge job to follow least-privilege.

[Copilot]

The final COPY . . copies the entire repository into the image after the package is already installed, which increases image size and may unintentionally include non-runtime files. Consider removing this layer or copying only the minimal runtime artifacts needed at container runtime.