OMT-Global · jmcte · Apr 30, 2026 · Apr 28, 2026 · Apr 28, 2026 · Apr 30, 2026
@@ -18,6 +18,10 @@ Closes #
 - [ ] Contributor or PR guidance changes are reflected in `CONTRIBUTING.md`, `.github/PULL_REQUEST_TEMPLATE.md`, and `docs/bootstrap/onboarding.md` when applicable
 - [ ] No real secrets, runtime auth, or machine-local env files are committed
 
+## Merge Automation
+
+- [ ] Auto-merge is enabled, or the reason it is unavailable or unsafe is noted below
+
 ## Notes
 
 -
@@ -54,10 +54,8 @@ jobs:
             app:
               - 'project.bootstrap.yaml'
               - 'AGENTS.md'
-              - 'CLAUDE.md'
               - 'CONTRIBUTING.md'
               - '.github/PULL_REQUEST_TEMPLATE.md'
-              - '.devcontainer/**'
               - '.githooks/**'
               - '.github/workflows/**'
               - 'scripts/**'
@@ -67,10 +65,8 @@ jobs:
             ci:
               - 'project.bootstrap.yaml'
               - 'AGENTS.md'
-              - 'CLAUDE.md'
               - 'CONTRIBUTING.md'
               - '.github/PULL_REQUEST_TEMPLATE.md'
-              - '.devcontainer/**'
               - '.githooks/**'
               - '.github/workflows/**'
               - 'scripts/**'

@@ -34,10 +34,8 @@ jobs:
             app:
               - 'project.bootstrap.yaml'
               - 'AGENTS.md'
-              - 'CLAUDE.md'
               - 'CONTRIBUTING.md'
               - '.github/PULL_REQUEST_TEMPLATE.md'
-              - '.devcontainer/**'
               - '.githooks/**'
               - '.github/workflows/**'
               - 'scripts/**'
@@ -47,10 +45,8 @@ jobs:
             ci:
               - 'project.bootstrap.yaml'
               - 'AGENTS.md'
-              - 'CLAUDE.md'
               - 'CONTRIBUTING.md'
               - '.github/PULL_REQUEST_TEMPLATE.md'
-              - '.devcontainer/**'
               - '.githooks/**'
               - '.github/workflows/**'
               - 'scripts/**'
@@ -98,6 +94,7 @@ jobs:
           require_line "## Governing Issue"
           require_line "## Validation"
           require_line "## Bootstrap Governance"
+          require_line "## Merge Automation"
           require_line "## Notes"
 
           if grep -Eiq 'Closes #$|#<issue-number>|what changed|why it changed|notable tradeoffs|migration or rollout notes|follow-up work if any' <<<"$PR_BODY"; then
@@ -115,6 +112,11 @@ jobs:
             failed=1
           fi
 
+          if ! grep -Eiq '(auto-merge is enabled|auto-merge enabled|auto merge is enabled|auto merge enabled|auto-merge.*(unavailable|unsafe|blocked|not supported)|auto merge.*(unavailable|unsafe|blocked|not supported))' <<<"$PR_BODY"; then
+            echo "PR body must state that auto-merge is enabled or explain why it is unavailable or unsafe."
+            failed=1
+          fi
+
           exit "$failed"
 
   validate-secrets:

@@ -6,6 +6,5 @@ dist/
 coverage/
 .playwright-cli/
 tmp/
-.claude/
 .bootstrap/
 .new-project-bootstrap/
@@ -2,17 +2,17 @@
 
 Manifest-first control plane for repo scaffolding, GitHub governance, and portable agent profiles.
 
-Use `project.bootstrap.yaml` as the control plane for repo-local scaffolding, GitHub governance, CI policy, and portable Codex/Claude profile sync. Plan first, then apply repo, GitHub, and home targets deliberately.
+Use `project.bootstrap.yaml` as the control plane for repo-local scaffolding, GitHub governance, CI policy, and portable Codex profile sync. Plan first, then apply repo, GitHub, and home targets deliberately.
 
 ## What The Bootstrap Owns
 
-- GitHub governance, environments, and optional org defaults
+- GitHub governance, issue labels, environments, and optional org defaults
 
-- Repo-local `AGENTS.md`, `CLAUDE.md`, `CONTRIBUTING.md`, and pull request template guidance
+- Repo-local `AGENTS.md`, `CONTRIBUTING.md`, and pull request template guidance
 - Fast PR checks plus heavier extended validation lanes
 - SemVer release automation with floating major/minor compatibility tags
 - Optional signed AI attestation workflow backed by the control-plane reusable contract
-- Portable Codex and Claude home profile sync
+- Portable Codex home profile sync
 - Operator docs for onboarding, hosted agents, and follow-up setup
 
 ## Quickstart
@@ -25,7 +25,21 @@ bootstrap apply home --manifest ./project.bootstrap.yaml
 bootstrap doctor --manifest ./project.bootstrap.yaml
 ```
 
-If `github.organization` is set and `OMT-Global` is an organization, `bootstrap apply github` also reconciles org defaults for new repos.
+Daily fleet reconciliation should start in plan mode and write a report:
+
+```sh
+bootstrap reconcile --workspace-root ~/src --report bootstrap-reconcile.json
+```
+
+To discover GitHub repos first, add `--org OMT-Global`; repositories without local bootstrapped checkouts are skipped in the report.
+
+Once the repo allowlist is trusted, run repo file drift through draft PRs:
+
+```sh
+bootstrap reconcile --workspace-root ~/src --apply-repo --create-pr --report bootstrap-reconcile.json
+```
+
+If `github.organization` is set and `OMT-Global` is an organization, `bootstrap apply github` also reconciles org defaults for new repos. It also syncs `github.issueLabels` for issue routing, risk, status, and review gates.
 
 Confirm branch protection points at the `CI Gate` status. and require approval from someone other than the most recent pusher.
 
@@ -67,16 +81,6 @@ This repo now carries the shared Tier A workflow contracts:
 
 Use `docs/bootstrap/tier-a-ci-contract.md` for the consumer interface and rollout pattern. Use `docs/bootstrap/next-steps.md` as the publish checklist before downstream repos pin to a tag or immutable SHA.
 
-## Claude Code
-
-This bootstrap can prepare these Claude workflows:
-
-- First-party Claude Code on the web via `claude.ai/code` and `bash scripts/claude-cloud/setup.sh`
-- Interactive containerized work via `.devcontainer/devcontainer.json` and `bash scripts/claude/setup-devcontainer.sh`
-- Remote GitHub-hosted automation via `.github/workflows/claude.yml`
-
-The full checklist is in `docs/bootstrap/claude-environment.md`.
-
 ## Repository URL
 
 - https://github.com/OMT-Global/bootstrap
@@ -45,6 +45,15 @@ Use this checklist after the first bootstrap render or whenever `project.bootstr
 - To retrofit an existing bootstrapped repo, add `CONTRIBUTING.md` and `.github/PULL_REQUEST_TEMPLATE.md` to `repo.managedPaths` when that repo restricts managed paths, then run `bootstrap apply repo --manifest ./project.bootstrap.yaml`.
 - Keep these files repo-generic unless project metadata or the manifest requires a stricter local rule.
 
+## Fleet Reconciliation
+
+- Run `bootstrap reconcile --workspace-root ~/src --report bootstrap-reconcile.json` first; this is plan-only and does not write files.
+- Add `--org OMT-Global` when OpenClaw should enumerate GitHub repos first; missing local checkouts or repos without `project.bootstrap.yaml` are skipped and reported.
+- Use `--repo <name...>` as the initial allowlist when onboarding daily OpenClaw reconciliation.
+- Use `--apply-repo --create-pr` for unattended repo drift so generated changes go through draft PRs instead of default-branch pushes.
+- Use `--apply-github` only after the report shape is trusted because it mutates repository settings, environments, branch protection, and labels directly through the GitHub API.
+- Dirty target worktrees are blocked and reported instead of being overwritten.
+
 ## Release Standard
 
 - Use immutable exact SemVer tags such as `v1.2.3` as the source of truth.
@@ -60,11 +69,4 @@ Use this checklist after the first bootstrap render or whenever `project.bootstr
 ## Home Profiles
 
 - Run `bootstrap apply home --manifest ./project.bootstrap.yaml` after reviewing the bundled profile content.
-- The bootstrap manages portable Codex and Claude assets only. Auth, sessions, caches, and machine-local state stay unmanaged.
-
-## Claude Setup
-
-- First-party Claude web sessions should use `bash scripts/claude-cloud/setup.sh` in `claude.ai/code`.
-- Interactive Claude work is prepared through `.devcontainer/devcontainer.json`.
-- GitHub-hosted Claude automation lives in `.github/workflows/claude.yml` and is intentionally separate from the required PR checks.
-- Finish GitHub-side auth by running `/install-github-app` in Claude Code or adding `ANTHROPIC_API_KEY` as a repo secret.
+- The bootstrap manages portable Codex assets only. Auth, sessions, caches, and machine-local state stay unmanaged.
@@ -6,4 +6,4 @@ When asked to set up a new repository, standardize on:
 - one required PR status check named `CI Gate`
 - `dev`, `stage`, and `prod` GitHub environments
 - 1 approval plus code owner review on the default branch
-- portable Codex and Claude home assets only
+- portable Codex home assets only