cisco-open/forge — reverse-engineered prompt

I want a secure AWS based platform for GitHub Actions runners that we can use across multiple teams without everyone managing their own runner setup. Make it so runners are short lived and scale up only when jobs are running, with support for both EC2 runners and Kubernetes based runners, so we can choose between full machine control or faster container style jobs.

The big goals are security, cost savings, and low maintenance. Please set it up with strong tenant isolation, short lived AWS access through OIDC and IAM instead of stored secrets, and automatic onboarding and lifecycle management for teams. I also want built in monitoring and governance so admins can see usage, health, and costs per tenant.

This should feel like a control plane that admins manage, while development teams just point their workflows at the right runner labels and get access to AWS resources safely. If the docs have important setup details or deployment examples, look them up and wire this up in a sensible default way.