Enable lockdown mode and public repository filtering for stale-repo-identifier workflow

[Copilot]

The stale-repo-identifier workflow needs to operate in lockdown mode and only analyze public repositories to prevent exposure of untrusted content.

Changes

GitHub MCP Configuration

• Added lockdown: true to limit content from public repos to items authored by users with push access
• Added read-only: true to enforce read-only operations
• Uses local Docker-based mode (not remote) for GitHub MCP server

Workflow Instructions

• Added explicit public repository filtering requirements at multiple checkpoints:
  • Step 2 (Deep Research) header with critical notice
  • Repository Overview section with visibility checks
  • Edge Cases section listing private repos first
  • Important Guidelines making it guideline rejig docs #1
• All instructions now mandate skipping private repositories during analysis

Trending and Cache Memory

• Added cache-memory tool for persistent data storage across workflow runs
• Imported shared/trending-charts-simple.md for trending visualization capabilities
• Enables tracking of stale repository metrics over time

Configuration

tools:
  github:
    read-only: true
    lockdown: true
    toolsets:
      - repos
      - issues
      - pull_requests
  cache-memory:
    key: stale-repos-analysis-${{ github.workflow }}-${{ github.run_id }}

The lock file uses local Docker-based GitHub MCP server with GITHUB_LOCKDOWN_MODE=1 and GITHUB_READ_ONLY=1 environment variables.

Original prompt

Update workflow https://github.com/githubnext/gh-aw/blob/main/.github/workflows/stale-repo-identifier.md

Make sure to only review public repos. Use github MCP in lockdown mode.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[pelikhan]

@copilot add tending and cache-memory (shred agentic workflow)

[pelikhan]

@copilot not remote

[Copilot]

Removed mode: remote from the GitHub MCP configuration. The workflow now uses local Docker-based mode instead. (commit 4378874)

[Copilot]

@copilot add tending and cache-memory (shred agentic workflow)

Added cache-memory tool with key stale-repos-analysis-${{ github.workflow }}-${{ github.run_id }} and imported shared/trending-charts-simple.md for trending visualization support. (commit 4378874)