new file: .github/workflows/00_Validation.yml

	deleted:    .github/workflows/00_vetting.yml

Author: Tearran

.github/workflows/00_Validation.yml

@@ -0,0 +1,40 @@
+name: A. PR Validation
+
+on:
+  pull_request:
+    types: [opened, reopened, edited, synchronize, review_requested]
+
+jobs:
+  check-staging-only:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout PR
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Ensure only staging files changed
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          # Fetch base branch
+          git fetch --no-tags --prune origin "${{ github.base_ref }}"
+          base_ref="origin/${{ github.base_ref }}"
+
+          # List changed files
+          changed="$(git diff --name-only "${base_ref}"...HEAD || true)"
+
+          # Only allow changes in staging/ and docs/ (or other allowed directories)
+          allowed_regex='^(staging|docs)(/|$)'
+
+          # Detect changes outside allowed paths
+          unvetted="$(printf '%s\n' "$changed" | grep -vE "$allowed_regex" || true)"
+
+          if [[ -n "$unvetted" ]]; then
+            echo "❌ ERROR: PR contains changes outside allowed directories (staging/docs):"
+            printf '%s\n' "$unvetted"
+            exit 1
+          fi
+
+          echo "✅ Only allowed directories modified. PR passes validation."