chore(triage): v2 production cutover (#478)

Three changes bundled because they land together as the cutover:

1. **v2 `issues: [opened]` trigger enabled.** Workflow now fires
   automatically on new issues in addition to the existing
   workflow_dispatch path. `run-name`, `concurrency.group`, and the
   gate step's ISSUE_NUMBER all resolve via
   `github.event.issue.number || inputs.issue_number` so both
   trigger paths work. The existing `inputs.dry_run != true` gates
   on label/comment application — under an issues trigger that
   expression is empty ≠ true, so production posts/labels land.

2. **v1 `issues` trigger removed.** `issue-triage.yml` keeps
   `workflow_dispatch` for manual fallback (maintainer can still
   fire it if v2 is paused or rolled back), but no longer runs
   automatically. v1's `run-name`/concurrency dropped the now-dead
   `github.event.issue.number` fallback.

3. **Investigate timeout 600s → 1200s.** Bumped after two
   consecutive timeouts on #311 during Phase 4 + drift-as-banner
   verification. The investigator needs more tool-call budget on
   complex issues. Review step stays at 600s — it runs without
   tool access and has never timed out.

Rollback: revert this commit to restore v1's automatic trigger;
v2's `issues:` block goes back to workflow_dispatch-only in the
same operation.

Co-authored-by: Claude <claude@anthropic.com>

.github/workflows/issue-triage-v2.yml

@@ -1,8 +1,8 @@
 name: Issue Triage v2
 run-name: |
-  Triage v2: #${{ inputs.issue_number }}
+  Triage v2: #${{ github.event.issue.number || inputs.issue_number }}
 
-# Phase 4 — Stages 1, 2, 3, 4, 5, 6, 7, 8a, 8b, 8c, 9.
+# Production — Stages 1, 2, 3, 4, 5, 6, 7, 8a, 8b, 8c, 9.
 # Bug / duplicate / enhancement classifications run through
 # investigate → mechanical-validate → adversarial-review → decision
 # gate. Decision gate selects between 8a (bug findings), 8c
@@ -14,10 +14,17 @@ run-name: |
 # keeps it at reduced weight in the avg-confidence gate; reject
 # drops it. Confirmed-duplicate routing fires only when the reviewer
 # rated the duplicate_of target exact or related.
-# v1 (issue-triage.yml) stays wired to its own triggers during rollout.
+#
+# Triggers: fires automatically on `issues: [opened]`; also accepts
+# `workflow_dispatch` for re-runs, dry-run testing, and manual
+# triage on backfilled issues. v1 (issue-triage.yml) is kept as a
+# workflow_dispatch-only fallback — its `issues` trigger was
+# disabled when v2 took over production routing.
 # See docs/issue-triage/{README.md,implementation-plan.md}.
 
 on:
+  issues:
+    types: [opened]
   workflow_dispatch:
     inputs:
       issue_number:
@@ -35,7 +42,7 @@ permissions:
   contents: read
 
 concurrency:
-  group: issue-triage-v2-${{ inputs.issue_number }}
+  group: issue-triage-v2-${{ github.event.issue.number || inputs.issue_number }}
   cancel-in-progress: true
 
 jobs:
@@ -53,7 +60,7 @@ jobs:
         id: check
         env:
           GH_TOKEN: ${{ github.token }}
-          ISSUE_NUMBER: ${{ inputs.issue_number }}
+          ISSUE_NUMBER: ${{ github.event.issue.number || inputs.issue_number }}
         run: |
           echo "issue_number=${ISSUE_NUMBER}" >> "$GITHUB_OUTPUT"
 
@@ -539,7 +546,10 @@ jobs:
           # CLI hands back prose for any reason.
           #
           # Step hardening from earlier PRs:
-          # * `timeout 600s` bounds the step at 10 min
+          # * `timeout 1200s` bounds the step at 20 min. Bumped from
+          #   10m after repeated timeouts on complex issues (e.g. #311
+          #   on two consecutive dispatches) where the investigator
+          #   needed more tool-call budget to verify claims.
           # * `if cmd; then; else` form — GHA's `bash -e` treats a
           #   failing command substitution as a fatal error and aborts
           #   before `claude_exit=$?` can run; the if-form is the only
@@ -550,7 +560,7 @@ jobs:
           #   post-mortem debuggable.
           # * Raw response + extracted payload archived before schema
           #   checks so a reject still leaves artifacts to inspect.
-          if raw=$(timeout 600s claude -p "$(cat /tmp/triage/investigate-prompt.txt)" \
+          if raw=$(timeout 1200s claude -p "$(cat /tmp/triage/investigate-prompt.txt)" \
               --dangerously-skip-permissions \
               --output-format json \
               --json-schema "${schema}" \

.github/workflows/issue-triage.yml

@@ -1,10 +1,17 @@
-name: Issue Triage
+name: Issue Triage (v1 — manual fallback only)
 run-name: |
-  Triage: #${{ github.event.issue.number || inputs.issue_number }}
+  Triage v1: #${{ inputs.issue_number }}
+
+# v1 pipeline kept as a workflow_dispatch-only fallback. Automatic
+# triggering on `issues` was removed when v2 (issue-triage-v2.yml)
+# took over production routing. If v2 is ever paused or rolled back,
+# re-enable the `issues: [opened, reopened]` trigger here.
+#
+# Kept (not deleted) because v1 uses different code paths for
+# investigation and label application, which still occasionally help
+# for backfilled issues the maintainer wants a second opinion on.
 
 on:
-  issues:
-    types: [opened, reopened]
   workflow_dispatch:
     inputs:
       issue_number:
@@ -18,7 +25,7 @@ permissions:
   actions: read
 
 concurrency:
-  group: issue-triage-${{ github.event.issue.number || inputs.issue_number }}
+  group: issue-triage-${{ inputs.issue_number }}
   cancel-in-progress: true
 
 jobs: