chore: add crowdsplit staging sync workflow

[fahmidareem3]

📦 Summary

Introduces a new Crowdsplit Staging Sync workflow that automatically reacts to backend API changes and surfaces them inside the SDK repo.

This creates visibility and a lightweight coordination layer between the Crowdsplit backend and SDK development.

---

⚙️ What’s Included

• New workflow: .github/workflows/crowdsplit-sync.yml :contentReference[oaicite:0]{index=0}

• Triggered via repository_dispatch (crowdsplit-staging-pushed)

• Automatically creates or updates issues when staging changes occur

• Extracts and formats:

  • commit SHA + link
  • commit message
  • list of changed files
  • total file count (with truncation handling)

• Adds labels: api-sync, crowdsplit

---

🔁 Workflow Behavior

1. Crowdsplit backend pushes to staging
2. Backend CI dispatches an event to SDK repo
3. This workflow:
   • Parses payload safely
   • Filters and sanitizes changed files
   • Checks for recent open api-sync issues
     • If found → appends a comment
     • If not → creates a new issue

[ccp-manash]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ff543ef9db

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[ccp-manash]

Reviewed both my own pass and Codex's. Five blockers, a few should-fix items.

Blockers

1. escapeMd(...).slice(0, 500) can corrupt markdown by cutting between a \ and the char it escapes. Slice first, then escape.

2. compareUrl is interpolated into a markdown link without validation. Restrict to https://github.com/... before embedding, otherwise the dispatcher controls a clickable link in our issues.

3. Silent drop when changed_files is empty but file_count > 0. If the sender truncates the list to zero (size limits) and reports a non-zero count, the workflow logs and exits, losing the sync signal. Fall through to a summary-only issue when truncated && fileCount > 0.

4. issues.listForRepo returns pull requests too. If any open PR carries the api-sync label, the dedup picks it as data[0] and posts the comment there. Filter PRs out:

   const issuesOnly = existingIssues.data.filter(i => !i.pull_request);

5. No bound on issue body size. GitHub caps issue/comment bodies at 65,536 chars. A large changedFiles plus the existing scaffolding will 422 the API call. Cap the displayed list (e.g. 50 entries) and rely on truncated for the rest.

Should fix

• Number(payload.file_count) || changedFiles.length treats 0 as missing. Use Number.isFinite(payload.file_count) ? payload.file_count : changedFiles.length.
• Filename filter only blocks backticks. Filenames with newlines or markdown syntax still slip through and break the list. Either tighten the whitelist (/^[\w\-./]+$/) or escape the filename before wrapping in backticks.
• escapeMd regex misses #, !, (, ), ~, <, >, |. If we're going to escape, do it fully or use a library.
• 108 lines of inline JS in YAML is hard to test or lint. Extract to .github/scripts/crowdsplit-sync.js and call from the workflow, then add unit tests for payload parsing and dedup.
• Magic numbers (24*60*60*1000, 500, 7, per_page: 5) should be named constants at the top.

Nits

• Unbounded comment growth on the dedup target. After enough staging pushes the issue becomes unreadable. Consider closing and reopening after N comments.
• Issue body says "Follow the patterns in CLAUDE.md". Reference an engineering doc, not the AI playbook.
• PR description has a stray :contentReference[oaicite:0]{index=0} artifact from whatever tool generated it. Clean it up.

Nice work overall on the scoping. Minimal permissions, SHA-pinned action, concurrency group set right. Once the five blockers are fixed I'm happy to approve.

- from Claude

[fahmidareem3]

Thanks for review. Everything is resolved. @ccp-manash

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c154bd5c84

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".