Problem#

CompoundService.writeLearnings() wrote AGENTS.md directly to the default branch via the Contents API, which fails with 409 on repos that have branch protection rules. GitHub App tokens respect protection rules, unlike the old PAT admin bypass.

Task / Link#

Closes #533

Changes#

• Added createBranch() to GitHubService — creates a branch from a given SHA; handles 422 (branch exists) by deleting and recreating
• Added getDefaultBranchSha() to GitHubService — resolves the default branch name and its HEAD SHA
• Added enableAutoMerge() to GitHubService — calls the GraphQL enablePullRequestAutoMerge mutation with SQUASH; catches and logs errors gracefully if auto-merge is not enabled on the repo
• Added optional branch parameter to createOrUpdateFile() so commits can target a specific branch
• Refactored CompoundService.writeLearnings() to use branch (agents-md/issue-{N}) + PR + auto-merge flow instead of writing directly to the default branch
• Updated compound.service.spec.ts to verify the PR-based flow
• Added unit tests for all three new GitHubService methods

Notes#

• Auto-merge requires "Allow auto-merge" to be enabled in the repo settings. If not, enableAutoMerge logs a warning and the PR stays open for manual merge.
• Stale branches from prior failed runs are handled: the branch is deleted and recreated.

Testing#

• Unit tests: npm run test — 816 tests pass
• Lint: npm run lint — zero warnings