Update Github actions, Agents.md, tooling, dependencies

[NandanPrabhu]

Update tooling configs and deps

---

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

📋 Changes

• Added repository-level governance artifacts (CODEOWNERS, SCA workflow, AGENTS guidelines) and tightened the bug report template checklist.
• Updated reusable GitHub Actions to newer pins, installed xcpretty, and improved Carthage caching plus switched test runs to mxcl/xcodebuild@v2.
• Secured sample configuration files by deleting AppUIComponents/Auth0.plist and expanding .gitignore to cover all Auth0.plist instances while keeping the test fixture.
• Raised the Auth0 SDK dependency to 2.16.1, aligned Carthage/SwiftPM sources, and bumped the macOS deployment target to 14 across the podspec, package manifest, and Xcode project (including signing/profile adjustments and removal of the unused RealityKitContent package).
• Consolidated utility sources under Auth0UIComponents/Core/Utils/ without code changes for better organization.

📎 References

None.

🎯 Testing

Manually tested flows in iPhone 16 iOS 26.2
Not run (CI will validate).

[sanchitmehta94]

LGTM

1 nit pick

[pmathew92]

Why do we have two separate hash for the same pinned version ? I think version might have changed

[NandanPrabhu]

checked all the places. Hash for the pinned version 3.4.0 is same across d3ee9b419c1be9a988086c58fe0988f32d99cfc5 @pmathew92

[pmathew92]

The hash is correct but the version you have tagged is wrong. The above hash is for version 3.6.0
https://github.com/mxcl/xcodebuild/releases/tag/v3.6.0

[Copilot]

Pull request overview

This PR performs comprehensive maintenance updates across GitHub Actions workflows, dependency management, tooling configurations, and repository governance. The changes modernize the build infrastructure by updating action versions, add repository governance artifacts (CODEOWNERS, SCA workflow, AGENTS guidelines), update the Auth0 SDK dependency to version 2.16.1, raise the macOS deployment target to 14, and consolidate utility sources for better organization.

Key Changes

• Updated GitHub Actions to newer versions (checkout@v6, cache@v5, ruby/setup-ruby@v1.268.0) and corrected runner versions from non-existent macos-26 to macos-15
• Raised Auth0 SDK dependency to 2.16.1 and increased macOS deployment target from 13 to 14 across Package.swift, Cartfile, and podspec
• Added repository governance with CODEOWNERS file, SCA security scanning workflow, and comprehensive AGENTS.md documentation for AI coding assistants

Reviewed changes

Copilot reviewed 25 out of 40 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
opslevel.yml	Added new repository governance configuration file
AGENTS.md	Added comprehensive AI agent guidelines document (928 lines)
.github/CODEOWNERS	Added code ownership assignment
.github/workflows/sca_scan.yml	Added Snyk SCA security scanning workflow
.github/workflows/main.yml	Updated runner from macos-26 to macos-15, updated actions to v6
.github/workflows/rl-scanner.yml	Updated checkout action to v6
.github/actions/test/action.yml	Updated cache to v5, updated xcodebuild action SHA
.github/actions/setup/action.yml	Updated ruby setup to v1.268.0, updated xcodebuild action SHA
Package.swift	Updated Auth0 dependency to 2.16.1, raised macOS target to v14
Cartfile	Updated Auth0 dependency from master branch to 2.16.1 tag
Cartfile.resolved	Updated Auth0.swift resolution to 2.16.1
Auth0UIComponents.podspec	Updated Auth0 dependency to 2.16.1, raised macOS target to 14.0
fastlane/Fastfile	Changed repository name from 'Auth0UIComponents.swift' to 'ui-components-ios'
.gitignore	Improved Auth0.plist ignore patterns with wildcards
AppUIComponents/Auth0.plist	Deleted sample configuration file containing test credentials
Auth0UIComponentsTests/Utilities/Auth0UIComponentError.swift	Renamed parameter variables from abbreviated to descriptive names
Auth0UIComponentsTests/SavedAuthenticators/*.swift	Improved code formatting by breaking long parameter lists
Auth0UIComponentsTests/RecoveryCode/*.swift	Improved code formatting by breaking long parameter lists
Auth0UIComponents/TOTPPushEnrollment/Presentation/*.swift	Improved code formatting by extracting long inline request objects
Auth0UIComponents/RecoveryCode/Presentation/*.swift	Improved code formatting by extracting long inline request objects
Auth0UIComponents/EmailSMSEnrollment/Presentation/*.swift	Improved code formatting by extracting long inline request objects
Auth0UIComponents/Core/Utils/*.swift	Added new utility files (Toast, NavigationStore, ErrorScreen, CountryPicker, BundleResolver, Error handling)
Auth0UIComponents/Core/Utils/OTPTextField.swift	Renamed String extension methods from underscore-prefixed to standard names
Auth0UIComponents.xcodeproj/project.pbxproj	Updated signing configuration, removed RealityKitContent dependency, added test target dependencies

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The GitHub Actions pin comment references version v3.4.0, but the commit SHA has been updated. Please verify that the new commit SHA (d3ee9b419c1be9a988086c58fe0988f32d99cfc5) actually corresponds to the v3.4.0 tag of mxcl/xcodebuild, or update the comment to reflect the correct version.

Suggested change

	uses: mxcl/xcodebuild@d3ee9b419c1be9a988086c58fe0988f32d99cfc5 # pin@v3.4.0
	uses: mxcl/xcodebuild@d3ee9b419c1be9a988086c58fe0988f32d99cfc5 # pinned to specific commit d3ee9b4

[pmathew92]

Update the correct version number to 3.6.0

[Copilot]

The GitHub Actions pin comment references version v3.4.0, but the commit SHA has been updated. Please verify that the new commit SHA (d3ee9b419c1be9a988086c58fe0988f32d99cfc5) actually corresponds to the v3.4.0 tag of mxcl/xcodebuild, or update the comment to reflect the correct version.

Suggested change

	uses: mxcl/xcodebuild@d3ee9b419c1be9a988086c58fe0988f32d99cfc5 # pin@v3.4.0
	uses: mxcl/xcodebuild@d3ee9b419c1be9a988086c58fe0988f32d99cfc5 # pinned to d3ee9b419c1be9a988086c58fe0988f32d99cfc5

[pmathew92]

Update the correct version number to 3.6.0

[Copilot]

The dependency specification in Package.swift is using a branch name instead of a version specifier. The value "2.16.1" should be specified using .exact("2.16.1") or .upToNextMinor(from: "2.16.1") instead of branch:. Using a branch name that looks like a version tag is misleading and may cause confusion or build issues.

[Sudhanshu96]

Valid suggestion, branches specific to versions are mutable hence error prone and code compilation would be problematic in future (if branch gets deleted or a breaking change is pushed). Versions are immutable and accurate.

[Copilot]

Hardcoding a specific developer's code signing identity is inappropriate for a shared repository. The CODE_SIGN_IDENTITY should remain as a generic value like "Apple Development" or be parameterized, not set to a specific developer's email address.

Suggested change

	CODE_SIGN_IDENTITY = "Apple Development: nandan.prabhup@okta.com (28U95KH38S)";
	CODE_SIGN_IDENTITY = "Apple Development";

[Sudhanshu96]

Why not using switch-case instead of if-else?

[Sudhanshu96]

switch-case instead of if-else would be better to make the code cleaner.

[Sudhanshu96]

dependencies.tokenProvider.store(apiCredentials: APICredentials(from: credentials), for: dependencies.audience) this line is throwing a warning in Xcode (using Swift 5) as well and in Swift 6 it will give an error. Better to use await here to fix this.

[Sudhanshu96]

Valid suggestion, branches specific to versions are mutable hence error prone and code compilation would be problematic in future (if branch gets deleted or a breaking change is pushed). Versions are immutable and accurate.