Move extraction to gen job and add artifact audit trail

[mattleibow]

Summary

Moves placeholder extraction from the agent runtime into the mechanical regenerate-stubs CI job, adds artifact audit trail, and strengthens the agent prompt to prevent session termination failures.

Companion PR: mono/SkiaSharp#4030 (merge guard, anchored regex, SKILL.md fixes)

Context

Reviewed PR #115 and found the automated docs pipeline had systemic issues:

• False-positive regex extracting already-documented members
• No merge guard allowing agent to invent fields
• No audit trail to compare before/after
• Agent session termination when waiting for background sub-agents

Workflow Changes

Extraction moved to regenerate-stubs job (mechanical)

• Extraction now runs in the Windows gen job alongside mdoc, not in the agent container
• Produces docs-extracted artifact (7-day retention) as an immutable baseline
• Agent downloads pre-extracted JSON — no extraction at runtime

Artifact audit trail

• Pre-agent step: copies original JSON to /tmp/gh-aw/agent/docs-work-original/
• Post-step: copies final JSON to /tmp/gh-aw/agent/docs-work-final/
• Both are uploaded as part of the agent artifact for diffing

Agent prompt hardening (session termination fix)

• Problem: In runs 2 and 5, the orchestrator launched background agents, said "waiting" in text, ended its turn with NO active tool call, and the Copilot CLI terminated the session. All work was lost.
• Fix: Explicit rules requiring read_agent(wait=true) in the same response as agent launch, with multi-agent sequential pattern documented. FORBIDDEN pattern called out. Budget fallback: skip Phase 5 if past 10 minutes.
• COMPLETION GATE: Session cannot end without create_pull_request or noop call.

Validation Runs

Run	Duration	Result	PR	Notes
Run 1	25m	✅	#117	First validation
Run 2	10m	❌	—	Session terminated (writer wait)
Run 3	25m	✅	#118	Second validation
Run 4	23m	✅	#119	Single-agent fix in place
Run 5	13m	❌	—	Session terminated (reviewer wait)
Run 6	16m	✅	#120	Multi-agent fix applied
Run 7	23m	✅	#121	Multi-agent fix ✅
Run 8	20m	✅	#122	Multi-agent fix ✅

Results: 3/3 post-fix runs succeeded (100%). Pre-fix had 2/5 failures (40% failure rate).

[learn-build-service-prod]

PoliCheck Scan Report

The following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans.

✅ No issues found

More information about PoliCheck

Information: PoliCheck | Severity Guidance | Term
For any questions: Try searching the learn.microsoft.com contributor guides or post your question in the Learn support channel.

[learn-build-service-prod]

Learn Build status updates of commit 2bbaeea:

✅ Validation status: passed

File	Status	Preview URL	Details
.github/workflows/auto-api-docs-writer.md	✅Succeeded

For more details, please refer to the build report.

[learn-build-service-prod]

PoliCheck Scan Report

The following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans.

✅ No issues found

More information about PoliCheck

Information: PoliCheck | Severity Guidance | Term
For any questions: Try searching the learn.microsoft.com contributor guides or post your question in the Learn support channel.

[learn-build-service-prod]

Learn Build status updates of commit abb99d0:

✅ Validation status: passed

File	Status	Preview URL	Details
.github/workflows/auto-api-docs-writer.lock.yml	✅Succeeded
.github/workflows/auto-api-docs-writer.md	✅Succeeded

For more details, please refer to the build report.

[learn-build-service-prod]

Learn Build status updates of commit 45608f2:

✅ Validation status: passed

File	Status	Preview URL	Details
.github/workflows/auto-api-docs-writer.lock.yml	✅Succeeded
.github/workflows/auto-api-docs-writer.md	✅Succeeded

For more details, please refer to the build report.

[learn-build-service-prod]

PoliCheck Scan Report

The following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans.

✅ No issues found

More information about PoliCheck

Information: PoliCheck | Severity Guidance | Term
For any questions: Try searching the learn.microsoft.com contributor guides or post your question in the Learn support channel.

[learn-build-service-prod]

Learn Build status updates of commit 716704d:

✅ Validation status: passed

File	Status	Preview URL	Details
.github/workflows/auto-api-docs-writer.lock.yml	✅Succeeded
.github/workflows/auto-api-docs-writer.md	✅Succeeded

For more details, please refer to the build report.

[learn-build-service-prod]

PoliCheck Scan Report

The following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans.

✅ No issues found

More information about PoliCheck

Information: PoliCheck | Severity Guidance | Term
For any questions: Try searching the learn.microsoft.com contributor guides or post your question in the Learn support channel.