[SECURITY] GitHub Governance Vulnerability: Unenforced Label Write-Scopes Allow Agents to Corrupt State

A critical security oversight in a GitHub integration framework allows any authorized agent to arbitrarily add or remove labels on any repository issue, bypassing declared write permissions. This vulnerability, currently rated MEDIUM, is set to escalate to HIGH severity upon the deployment of 'Phase 1.2,' where it would enable the silent corruption of governance state machines. The flaw resides in the explicit bypass of label scope enforcement within the system's write-scope checking logic.

The vulnerability is located in the `checkWriteScope` function within `packages/github/src/write-scopes.ts`. For operations where `kind === "label"`, the function unconditionally returns `null`, which the system interprets as an allowance. This means an agent with a GitHub client token can manipulate labels—including those used for governance tracking—on any issue in any repository the token can access, irrespective of the agent's configured write scopes. While the `labels` field is defined in the scope configuration objects (`GithubWriteScopes` and `CompiledWriteScopes`), its enforcement is completely absent.

This gap creates a direct threat to governance integrity. Once Phase 1.2 is live and system state is managed through `state:*` labels on GitHub issues, any agent could silently alter these labels. For example, an item in a `state:consent-round` could be moved back to `state:open`, effectively bypassing critical governance gates and consensus mechanisms. The proposed fix is to implement label scope enforcement using the same allow-list pattern currently applied to `issueComments`, restricting label operations to an explicitly permitted set.