chore: add auto-format bot and scope CI format check to changed files

[MohamedH1998]

Summary

Adds a two-workflow auto-formatter that fixes prettier issues on PRs without contributors having to run prettier locally. Also scopes the existing CI format check from the entire repo to only the files changed in a PR, so the bot and CI agree on what's in scope.

• auto-format-build.yml — runs on pull_request, no secrets. Runs prettier against changed files, uploads any diff as a format-patch artifact.
• auto-format-apply.yml — runs on workflow_run after the build completes, with cloudflare-docs-bot App credentials. Downloads the artifact, validates the patch only touches allowlisted paths, applies it to the PR head, and pushes back via the App.

The split is deliberate: untrusted PR code runs only in the build workflow (no secrets); the privileged push workflow never executes PR-controlled code. This is the pattern recommended by GitHub Security Lab for safely auto-fixing community PRs.

Staged rollout — the build workflow is filtered to branches: [auto-format-canary] on merge. It does not fire on any existing or new PR against production until a one-line follow-up PR flips the filter (Stage B). The repo becomes prettier-clean incrementally as PRs touch files — no bulk reformat needed.

What reviewers should focus on:

File	What to look at
auto-format-build.yml	pull_request (not pull_request_target), permissions: contents: read, pnpm install --frozen-lockfile --ignore-scripts, prettier invoked directly (not via pnpm run).
auto-format-apply.yml	Path allowlist regex, stale-head check, fork checkout uses persist-credentials: false, post-apply re-validation.
ci.yml	The Check formatting (changed files) step replaces the global format:core:check.
package.json	Format scripts restructured into a <category>:<action> matrix with paired :check / :fix variants.
Out of scope (explicit non-goals):

• No bulk one-shot reformat of existing files.
• No MDX formatting (deferred — prettier's MDX support is too fragile at 5,400+ pages).
• No formatting of .github/, package.json, lockfiles, or other sensitive paths (blocklisted in the apply workflow).

Known item: CodeQL alert flagging the workflow_run + checkout pattern was reviewed and dismissed — the privileged workflow never installs or executes PR code.

Screenshots (optional)

Documentation checklist

• Is there a changelog entry (guidelines)? If you don't add one for something awesome and new (however small) — how will our customers find out? Changelogs are automatically posted to RSS feeds, the Discord, and X.
• The change adheres to the documentation style guide.
• If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
• Files which have changed name or location have been allocated redirects.

[cloudflare-docs-bot]

Review

⏸️ Automatic reviews for this PR are paused.

This PR has already received 2 automatic reviews. To run another review, a codeowner can comment /review or /full-review.

Tip: Keep PRs in draft mode until they are ready for review — the bot skips draft PRs automatically.

---

✅ No style-guide issues found in commit 84324b9.

Commands

Only codeowners can run commands. Post a comment with the command to trigger it.

Command	Description
/review	Runs a review now. Incremental if a prior review exists, full if not.
/full-review	Re-reviews the entire PR diff from scratch, ignoring incremental history. Useful after a rebase, when you want a fresh review, or if the bot gets out of sync and reports issues that no longer exist.

[github-actions]

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern	Owners
/.github/	@cloudflare/content-engineering, @kodster28, @mvvmm, @colbywhite, @ahaywood, @MohamedH1998
*	@cloudflare/product-owners
package.json	@cloudflare/content-engineering

[ask-bonk]

3 issues need addressing before merge.

• CRITICAL .github/workflows/auto-format-build.yml line 7: The branch filter [auto-format-canary] appears to be a testing artifact. If the bot is meant to run on production PRs, this should be production or the filter should be removed.
• CRITICAL .github/workflows/auto-format-apply.yml lines 182–185: pr.head.repo can be null if a fork is deleted. Add optional chaining (?.) to prevent a TypeError from crashing the workflow.
• HIGH Address the existing CodeQL alerts on auto-format-apply.yml about checking out untrusted code in a privileged context. Add suppression comments with justification if the existing validations are sufficient.

Other notes: The PR description is empty — a brief summary of the infrastructure change would help reviewers.

[ask-bonk]

The PR review for #31109 has already been completed. I applied the labels engineering and docs engine, and posted a review with three inline comments flagging:

1. CRITICAL — auto-format-build.yml is filtered to the auto-format-canary branch instead of production
2. CRITICAL — auto-format-apply.yml can crash on deleted forks due to missing optional chaining on pr.head.repo
3. HIGH — The existing CodeQL alerts on auto-format-apply.yml should be addressed

If there's anything else you'd like me to do with this PR or another task, just let me know!

github run

[MohamedH1998]

/bonk review

[ask-bonk]

Cleared one previous finding and posted suggestions for documentation accuracy, CodeQL suppressions, and diff reliability.

[ask-bonk]

Cleared one previous finding and posted suggestions for documentation accuracy, CodeQL suppressions, and diff reliability.

[ask-bonk]

Posted a review on PR #31109 with 5 inline comments.

Cleared

• auto-format-apply.yml lines 182–194: The pr.head.repo null concern from the prior review is already handled by the early return at line 182. No optional chaining is needed.

Suggested

1. auto-format-apply.yml line 220: Add CodeQL suppression comments for both checkout steps with a brief justification (stale-head check, path allowlist, no execution of PR code).
2. AGENTS.md line 154: The text says the formatter runs on every PR, but the build workflow is currently gated to auto-format-canary. Qualify the sentence to reflect the staged rollout.
3. auto-format-build.yml line 66 and ci.yml line 106: Using three-dot (...) diff syntax with a shallow clone can miscount changed files if the base branch has moved forward. Consider using the explicit PR base SHA with a two-dot diff for a more precise file list.

github run

[github-actions]

Preview URL: https://36db133b.preview.developers.cloudflare.com
Preview Branch URL: https://chore-auto-format.preview.developers.cloudflare.com