[codex] Add GitHub Actions Node 24 readiness check

[grnbtqdbyx-create]

Summary

• adds actions-missing-node24-opt-in to contextforge actions-audit
• flags workflows that use JavaScript actions without FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
• keeps dogfood workflows passing with the existing Node 24 opt-in
• documents the known GitHub runner annotation behavior where Node 20 action metadata may still produce an informational warning even when Node 24 is forced
• bumps package/action references to v0.71.0

Closes #166.

Why

GitHub Actions hosted runners are moving JavaScript actions from Node 20 to Node 24. This is already creating noisy annotations in many repositories. ContextForge should turn that into a deterministic, repo-local readiness check for agent-authored workflow changes.

Research anchors:

• GitHub changelog on Node 20 deprecation for Actions runners: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
• GitHub runner issue about warning annotations even with Node 24 forced: Node 20 deprecation warning fires even when FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 forces the action to run on Node 24 actions/runner#4295

Validation

• pnpm vitest run tests/actionsAudit.test.ts tests/cli.test.ts tests/init.test.ts tests/artifactMap.test.ts tests/adoptionBrief.test.ts tests/launchSnapshot.test.ts tests/workflows.test.ts
• pnpm typecheck
• pnpm test -> 47 files, 156 tests passed
• pnpm build
• node dist/cli.js actions-audit --summary contextforge-actions-audit.md --sarif contextforge-actions.sarif -> pass, 100/100
• node dist/cli.js doctor --summary contextforge-doctor.md -> pass
• node dist/cli.js security-benchmark -> pass, 4/4
• node dist/cli.js audit --min-context-score 70 --min-cache-score 70 --min-security-score 70 --output contextforge-audit.json --report contextforge-report.html -> pass, 100/100 / 100/100 / 100/100
• node dist/cli.js publish-readiness --summary contextforge-publish-readiness.md -> warn only for human npm account setup
• npm pack --dry-run --json -> contextforge@0.71.0
• git diff --check

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5a7ca1bfee

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Require the opt-in to be workflow-scoped

When a workflow contains FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true only in a comment or in one job/step, this file-wide regex suppresses the finding for every external action in the workflow, even though other jobs still run without the documented workflow-level opt-in. That lets actions-audit report pass for workflows the new check is supposed to warn on; parse/validate the top-level env entry instead of testing the whole file as text.

Useful? React with 👍 / 👎.