Summary

• add the internal project-screening CronJob implementation
• preserve the working GitHub Project -> codex exec -> Discord thread workflow in source control
• add both raw k8s manifests and Helm support for reproducible deployment

Problem

The workflow is live and working in-cluster, but it was not yet preserved in upstream source control.

That creates drift risk on redeploy, rebuild, or future cluster recreation. The goal of this PR is to make the current working implementation reproducible and reviewable without treating it as the official OpenAB-recommended architecture for all users.

Changes

This PR adds the internal project-screening workflow implementation:

• raw manifests for the screening Secret, ConfigMap, and CronJob
• Helm values and templates for the same workflow
• the screen_once.sh runtime script and screening_prompt.md
• GitHub Project polling and claim logic for Incoming -> PR-Screening
• codex exec report generation using mounted auth.json instead of OPENAI_API_KEY
• Discord summary message delivery, thread creation, and full report posting
• setup and usage documentation in docs/project-screening-cronjob.md

The implementation stays intentionally k8s-native and stateless:

• scheduler is a Kubernetes CronJob
• each screening run gets a fresh pod
• GH_TOKEN and auth.json come from the screening Secret
• Discord bot auth comes from the existing openab-kiro-codex Secret
• no shared PVC with the long-lived codex pod
• concurrencyPolicy: Forbid

Out Of Scope

• declaring this the official or public OpenAB-recommended CronJob architecture
• broader productization or generalization of scheduled agent workflows
• applying or changing cluster state as part of this PR
• the separate higher-level design note comparing all alternatives and final architectural rationale

Test Plan

Verified previously against the live internal workflow:

• claim from Incoming -> PR-Screening
• report generation via codex exec
• Discord summary message posted to the parent channel
• Discord thread created from that message
• full report posted into the thread

Checked in this branch:

• bash -n charts/openab/files/project-screening/screen_once.sh
• reviewed staged Helm and raw-k8s file set for the full workflow wiring

Discord Discussion URL: https://discord.com/channels/1491295327620169908/1494860860408201286