[codex] Track token usage per provider response #16

	name: Dependabot Auto-Merge

	on: pull_request

	permissions:
	contents: write
	pull-requests: write

	jobs:
	automerge:
	runs-on: ubuntu-latest
	if: github.actor == 'dependabot[bot]'
	steps:
	- name: Fetch Dependabot metadata
	id: metadata
	uses: dependabot/fetch-metadata@v2
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Auto-approve patch and minor updates
	if: steps.metadata.outputs.update-type != 'version-update:semver-major'
	run: gh pr review "$PR_URL" --approve -b "Auto-approved (dependabot ${{ steps.metadata.outputs.update-type }})"
	env:
	PR_URL: ${{ github.event.pull_request.html_url }}
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Enable auto-merge for patch and minor updates
	if: steps.metadata.outputs.update-type != 'version-update:semver-major'
	run: gh pr merge "$PR_URL" --auto --squash
	env:
	PR_URL: ${{ github.event.pull_request.html_url }}
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Flag major updates for manual review
	if: steps.metadata.outputs.update-type == 'version-update:semver-major'
	run: \|
	gh pr comment "$PR_URL" --body "⚠️ Major version bump detected (${{ steps.metadata.outputs.dependency-names }}: ${{ steps.metadata.outputs.previous-version }} → ${{ steps.metadata.outputs.new-version }}). Skipping auto-merge — please review manually."
	gh pr edit "$PR_URL" --add-label "major-update"
	env:
	PR_URL: ${{ github.event.pull_request.html_url }}
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback