Fix nightly release: scope homebrew cask to vigilante archives, gate …

…publish to main (#464)

* ci: scope homebrew cask to vigilante archive id and gate nightly publish to main

The nightly release was failing at the homebrew cask stage with:

  one tap can handle only one archive of an OS/Arch combination.
  Consider using ids in the homebrew_casks section

Both `vigilante` and `gh-sandbox` produce Linux amd64/arm64 archives, so
the unscoped homebrew_casks entry tried to template both into a single
cask and collided. Filter the cask to the `release-archives` archive id
(which already pins to the `vigilante` build) so gh-sandbox artifacts
are excluded from the cask template while still shipping as release
assets.

Also harden the workflow so it only publishes/updates external
artifacts when running on `main`. Non-main pushes (currently used as a
temporary verification branch for this fix) exercise the goreleaser
build step but skip the rolling prerelease, nightly verification, and
Homebrew tap update. The `main`-only gates are the permanent behavior;
the branch entry under `on.push.branches` is temporary and will be
removed once this run is confirmed green.

Local verification:
- goreleaser check — pass
- goreleaser release --snapshot --clean --skip=publish — pass; the
  generated dist/homebrew/Casks/vigilante.rb references only the
  vigilante archives (macOS amd64/arm64, Linux amd64).

* ci: make environment and tap-token step main-only for nightly

Branch pushes hit environment protection rules before the job could
even start, because the job unconditionally required environment `main`
and that environment is gated to `main`. Make the environment
conditional so non-main verification pushes still build the goreleaser
snapshot, and gate the `Get token for Homebrew tap` step to main since
its secrets are only available inside the `main` environment.

On main pushes the behavior is identical to before.

* ci: remove temporary branch entry from nightly trigger

Nightly run 24846173714 on this branch succeeded with the goreleaser
homebrew_casks fix in place (build step passed; publish/tap steps
correctly skipped off-main). Drop the temporary branch entry from the
push trigger list so nightly only fires on main again.

The permanent main-only gates on the publish/verify/tap steps and the
conditional `environment: main` stay in place as a safety net.

Remove Renovate configuration (#396)

Add `vigilante issue create` for agent-driven issue authoring (#344)

* Add `vigilante issue create` for agent-driven issue authoring on repo-specific trackers

Introduce `vigilante issue create --repo <owner/name> [--provider value] <prompt...>`
that turns a free-form prompt into an implementation-ready issue by invoking a
supported coding-agent CLI with the vigilante-create-issue skill. The command
resolves the configured issue-tracker backend (GitHub or Linear) from the watch
target before invocation and fails clearly for unknown repos or unsupported backends.

- Add IssueCreateTask type and BuildIssueCreateInvocation to the Provider interface
- Implement for codex, claude, and gemini providers
- Add BuildIssueCreatePrompt/BuildIssueCreatePromptDefault to the skill package
- Add `issue` subcommand group with `create` subcommand to the CLI dispatcher
- Add comprehensive tests for CLI parsing, repo resolution, backend selection,
  provider override, tool preflight, and prompt assembly

* Fix gofmt formatting in issue_create_test.go and provider.go

Prevent coding-agent attribution in published text (#329)

docs: fix nightly homebrew install command (#311)

Teach service dependency skill to consult logs (#286)

Add vigilante logs command for session log viewing (#281)

Add a `logs` subcommand that lists session log files or shows a
specific session log filtered by --repo and --issue flags.

Co-authored-by: Matt Van Horn <[email protected]>

Fix README release workflow badge status (#265)

Install bundled skills for all providers during setup (#248)

Auto-recover stale blocked PR maintenance sessions (#227)