feat(update-automation): harden ui-summary contracts and selector matching

[chris-trustrelay]

Description

Summary

This PR introduces a complete update-automation workflow for Awesome Copilot resources and hardens IDE integration reliability by enforcing strict ui-summary contracts.

Why

• Improve confidence for IDE consumers that parse update results.
• Provide safer update application defaults for locally modified resources.
• Add precise targeting controls for bulk updates.
• Make update commands discoverable for end users, not only contributors.

Scope of Changes

Update index generation

• Added update index generator at generate-update-index.mjs.
• Produces generated catalog at update-index.json.
• Includes per-resource integrity hashes and plugin provider metadata.

Update detection and apply engines

• Added checker at check-resource-updates.mjs.
• Added apply engine at apply-resource-updates.mjs.
• Supports state-aware safe updates using managed baseline tracking.
• Default behavior safely skips unknown drift and local conflicts.
• Optional force behavior remains available for unknown-drift overwrite scenarios.

What Changed

ui-summary schema-contract hardening

• Added strict key-shape assertions for checker and apply ui-summary payloads in test-resource-updates.mjs.
• Tests now verify exact top-level and nested keys to prevent accidental API drift for IDE integrations.

Selector grammar expansion

Added support for:

• exact:
• prefix:
• regex:

Implemented in:

• check-resource-updates.mjs
• apply-resource-updates.mjs

Existing selectors remain supported:

• type:
• provider:
• path:
• substring fallback behavior

Selector test coverage improvements

• Added tests for exact, prefix, and regex selectors.
• Added invalid regex handling test.
• Added include/exclude interaction tests.
• All in test-resource-updates.mjs.

End-user command visibility

• Added compact update-command reference and selector examples to README.md so users can discover update workflows without digging into contributor docs.

Supporting updates

Script wiring and repo docs updates in:

• package.json
• AGENTS.md

Updated generated index artifact:

• update-index.json

Generator touched in:
generate-update-index.mjs

Validation

Ran resource update test suite:

• npm run plugin:test-resource-updates

Result:

• All resource update tests passed

Why This Matters

• Prevents breaking IDE consumers that depend on predictable ui-summary payloads.
• Improves update targeting precision for automation workflows.
• Makes update operations easier to discover and use for end users.

PR Checklist (Repo Requirements)

• PR targets the staged branch
• Build-related generated artifacts included where applicable
• README updated for end-user discoverability
• Relevant validation command executed
• Run line-ending normalization before final merge: bash fix-line-endings.sh
• Run full build verification before merge: npm run build
• Notes for Reviewers
• Main behavioral changes are in selector parsing/matching and ui-summary contract testing.
• README additions are intentionally compact and user-focused.
• No breaking changes intended for existing selector usage; this is additive plus contract tightening.

---

Type of Contribution

• New instruction file.
• New prompt file.
• New agent file.
• New plugin.
• New skill file.
• New agentic workflow.
• Update to existing instruction, prompt, agent, plugin, skill, or workflow.
• Other (please specify):

---

By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.

[aaronpowell]

It looks like you've incorrectly branched from the main branch not staged, and as a result all the materialised plugins are included in this PR.

You can attempt to fix this with a rebase:

git fetch origin staged
git rebase --onto origin/staged origin/main <branch name>
git push --force-with-lease

If that does not resolve it, you can run npm run plugin:clean which will delete the materialised plugins and you can commit that change.