auto-enforcer-actionlisted

# Auto-Enforcer GitHub Action ## Overview The harness enforces constraints across three loops: - **Inner loop** (PreToolUse hooks) — advisory, runs while editing in Claude Code - **Middle loop** (CI on PR) — runs automatically on every pull request - **Outer loop** (scheduled audit) — investigative, runs on demand via `/harness-audit` The standard `harness.yml` CI workflow handles the middle loop for deterministic constraints only. Agent-based PR constraints — rules like "All frontmatter has name and description" that require judgement — are silently skipped at PR time unless someone remembers to run `/harness-audit` manually. The auto-enforcer closes this gap. It runs every PR-scoped constraint in HARNESS.md automatically on each pull request: - **Deterministic constraints** execute their tool command directly. Failures are blocking — they fail the CI job and prevent merge. - **Agent constraints** send the constraint rule plus the PR diff to the Claude API. Findings are advisory — posted as a PR comment but never blocking. AI judgement should inform reviewers, not gate merges. The workflow is data-driven: it reads constraint definitions from HARNESS.md at runtime. Adding or modifying constraints in HARNESS.md changes what the action checks with no workflow edits needed. --- ## Prerequisites 1. **HARNESS.md** exists at the project root with at least one PR-scoped constraint 2. **ANTHROPIC_API_KEY** stored as a GitHub Actions secret: Settings > Secret