Node 22 ships npm 10.x which doesn't support trusted publishing via
OIDC (requires npm 11.5.1+). Node 24 bundles it natively, removing the
need for the `npm install -g npm@latest` step which was failing with a
`Cannot find module 'promise-retry'` error due to npm corrupting itself
during self-upgrade.
Add a rollup job that gates on all 8 E2E shards so it can be a single
required check. Exempt emdashbot from PR template validation alongside
dependabot and renovate.
GITHUB_TOKEN can't trigger CI on PRs it creates, so the changesets
release PR could never pass required checks. Use a GitHub App token
instead, which triggers workflows normally.
Also pins all actions to commit SHAs and uses frozen lockfile.
* chore: add PR template, issue templates, and contribution policy
Drive-by feature PRs are becoming a problem. This adds guardrails:
- PR template with type selection, checklist, and AI disclosure
- Bug report issue template (structured YAML form)
- Issue config that redirects features to Discussions and disables blank issues
- PR compliance workflow that enforces template completion and requires
a Discussion link for feature PRs
- Contribution policy in CONTRIBUTING.md (acceptance tiers, AI PR rules)
- Agent-facing rules in AGENTS.md (follow the template, no bulk changes)
* fornat
