Setup Documentation Autogen Pipeline

[GeorgeNgMsft]

Automated package README regeneration

Adds a daily-cron pipeline that regenerates the README.md of every package under ts/packages/** whose source has changed since the last successful run, and opens a single batched PR with the updates.

What's in this PR

• @typeagent/docs-autogen — new tool at ts/tools/docsAutogen/ that builds each README from a deterministic skeleton (entry points, dependencies, used-by, agent surface, file map) plus an optional
  LLM-authored ## Overview section via packages/aiclient. Output is split into a human-readable section and an LLM-friendly Reference section with disk-resolvable file links.
• .github/workflows/docs-generate.yml — runs daily at 08:00 UTC and on workflow_dispatch. Mirrors the existing fix-dependabot-alerts.yml patterns: GitHub-App auth, branch
  automated/docs-readmes-<date>-<run_number>, supersedes prior open bot PRs, advances a docs-bot/last-run git tag only on scheduled successes.
• Design doc — ts/docs/architecture/doc-autogen.md captures the full architecture, format rules, idempotency model, and operations playbook.
• Root npm scripts — pnpm docs:generate, docs:generate:dry, docs:generate:llm, docs:verify-links for local one-off runs.

Safety guardrails

• Trademarks block revalidated against the canonical text in tools/scripts/policyChecks/npmPackage.mjs before each write — refuses to write if it would break.
• Every link in the generated content is checked to resolve on disk; any broken link aborts that package's write.
• Diff guard skips packages whose new content differs only in the staleness footer, so the daily PR doesn't churn unmodified docs.
• --max-packages cap (default 25) bounds the per-run blast radius; overflow defers to the next run.
• LLM output validator enforces a hard 500-word cap, blocks marketing prose / hallucinated headings / Mermaid / external URLs / unfenced code, with one retry on validation failure before falling back
  to a deterministic placeholder.

Required repository configuration

Kind	Name	Purpose
variable	DOCS_BOT_APP_ID	GitHub App that opens the generated PR
secret	DOCS_BOT_APP_PRIVATE_KEY	Private key for the same GitHub App
secret	AZURE_OPENAI_ENDPOINT	Azure OpenAI endpoint URL
secret	AZURE_OPENAI_API_KEY	Azure OpenAI key (or wire OIDC instead)

The workflow runs but no-ops at the auth step until these are provisioned, so it cannot modify anything before they're in place.

Verification

• 118 jest specs pass (15 spec files); prettier --check clean; repo-policy-check clean (6510 checks).
• End-to-end smoke on list-agent: dry-run → unchanged; first real --write → wrote (351 → 2470 bytes, 10 valid links, 0 broken); second --write → footer-only (no churn); --verify-links → 0 broken.

Follow-ups (not in this PR)

• Provision DOCS_BOT_APP_ID + secrets in repo settings.
• After provisioning, run workflow_dispatch with dry-run: true and since: main against this branch to confirm the full pipeline end-to-end.
• First scheduled run will no-op until the docs-bot/last-run tag is seeded (see operations notes in tools/docsAutogen/README.md).