GuardeX PR/merge workflows rely on GitHub CLI, but setup/status only tracked npm-managed tools. This change adds an explicit required-system-tool check for gh, keeps npm global installs limited to npm packages, and surfaces clear install guidance when gh is missing.

Constraint: gh is a system CLI dependency and cannot be installed via npm package detection

Rejected: Add gh to npm global package list | Would route users to incorrect install path

Confidence: high

Scope-risk: narrow

Directive: Keep gh checks advisory unless workflow policy explicitly requires hard-fail behavior

Tested: npm test; node --check bin/multiagent-safety.js; npm pack --dry-run; git diff --check

Not-tested: OS-specific gh installation commands and auth flows