Migrate 21 workflows to shared/daily-audit-base.md to reduce prompt drift

[Copilot]

29 workflows were identified as carrying duplicated audit scaffolding instead of using shared/daily-audit-base.md, causing prompt drift as the shared component evolves. This migrates 21 of them (the 4 remaining smoke tests are event-triggered, not daily audit workflows, so the migration would be inappropriate).

Changes

19 daily workflows — replaced shared/reporting-otlp.md with shared/daily-audit-base.md:

# Before
imports:
  - shared/reporting-otlp.md

# After
imports:
  - uses: shared/daily-audit-base.md
    with:
      title-prefix: "[workflow-name] "
      expires: 3d

daily-audit-base.md is a superset of reporting-otlp.md: it bundles reporting.md + observability-otlp.md + daily-audit-discussion.md (standardized discussion publishing).

2 workflows (github-remote-mcp-auth-test.md, go-fan.md) — replaced shared/daily-audit-discussion.md directly with shared/daily-audit-base.md, gaining reporting.md and OTLP observability they were previously missing.

Impact

• 53 workflows now use daily-audit-base.md (up from 32)
• Zero remaining direct daily-audit-discussion.md users outside shared/
• github-remote-mcp-auth-test.md and go-fan.md gain new secrets GH_AW_OTEL_ENDPOINT/GH_AW_OTEL_HEADERS — these are the same OTLP credentials already used by 30+ other audit workflows in this repo

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw lelite-markdown---norc /usr/bin/git grep nce-�� (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw md /snap/bin/git basename l (http block)
• https://api.github.com/orgs/test-owner/actions/secrets
  • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name ithub/workflows log ode_modules/.bin/sh -n1 --format=format:-atomic --end-of-options-bool /usr/bin/gh api ../pkg/workflow/-errorsas -f x_amd64/vet l owner=github -f x_amd64/vet (http block)
• https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
  • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git edOutput37338496git .cfg ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/xtest@example.com /usr/bin/git 1041-21194/test-node 4919825/b151/vet/opt/hostedtoolcache/node/24.14.1/x64/bin/npm ow.lock.yml git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv 1041-21194/test-4213975396 config /usr/bin/git remote.origin.urgit grep x_amd64/vet git remo�� $name) { has/tmp/go-build2354919825/b440/_pkg_.a x_amd64/vet /usr/bin/git 639232936/001 639232936/002/worev-parse x_amd64/vet git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv agent-performance-analyzer.md 4919825/b290/vet.cfg 4919825/b070/gh-aw.test !../../../pkg/woinfocmp --ignore-path ../../../.prettixterm-color 4919825/b070/gh-aw.test e=/t�� t0 /tmp/go-build2354919825/b037/vet.cfg 1/x64/bin/node m0s grep (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linuTest User /usr/bin/git se 4919825/b256/vet\n 64/pkg/tool/linu: git rev-�� --show-toplevel 64/pkg/tool/linuremote /usr/bin/git les.test bash ortcfg.link git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv .lock.yml grep /usr/bin/basename ussion s/slide-deck-mai-C /usr/bin/grep basename (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv .lock.yml grep ache/go/1.25.8/x64/bin/go observability-otinfocmp s/smoke-agent-al-1 /usr/bin/grep basename .git�� onicle.md rsion=54ccdd0-dirty ache/uv/0.11.8/x86_64/bash (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/xremote /usr/bin/git 4919825/b420/_pkgit -buildtags eutil.test git rev-�� --show-toplevel eutil.test /usr/bin/git P9ch/sR1tjYVSqOEgit -buildtags ache/node/24.14.--show-toplevel git (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v9
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.github/workflows rev-parse n-detector.lock.yml l s/schema-consist-atomic /usr/bin/grep git -C ithub/workflows rev-parse /usr/bin/git s/data/action_pi/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -updater.md ash git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv ithub/workflows remote.origin.ur-ifaceassert ode_modules/.bin-nilfunc (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -c=4 -nolocalimports -importcfg /tmp/go-build2354919825/b394/importcfg -embedcfg /tmp/go-build2354919825/b394/embedcfg -pack ode_�� ithub/workflows basename sh l y-attribution.md-atomic ed } } git (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ry=1 64/pkg/tool/linu-buildtags 4919825/b469/_pkg_.a CnWerFpYn config 64/pkg/tool/linu--show-toplevel infocmp -1 xterm-color 64/pkg/tool/linu-tests /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet 09/001/test-compgit g/constants/engirev-parse .cfg /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyBlockedUsersApprovalLabelsCompiledOutput2248383875/001 config ache/node/24.14.1/x64/bin/node remote.origin.urgit show x_amd64/vet ache/node/24.14.1/x64/bin/node 2520�� (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linu/tmp/go-build2354919825/b114/vet.cfg 4919825/b468/vet.cfg DpDJ_BTqF show 64/pkg/tool/linu--show-toplevel /usr/bin/git remo�� -v 64/pkg/tool/linu.github/workflows/test.md /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile 1677269045/.githgit rkflow/js/**/*.jrev-parse 64/pkg/tool/linu--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv .lock.yml grep /usr/bin/basenam-f observability-otgit s/smoke-agent-al-C /usr/bin/grep basename .git�� scripts synced remote.origin.url grep dering-scripts-verifier.lock.yml-f (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ipts.test -buildtags 1/x64/bin/node -errorsas -ifaceassert -nilfunc 9FX53sm1OTZ6jdpoJ_/CWrYu2czG7Ca7ylQP4Z8/vCNYLdc7D8RXanEmFBss t-ha�� ithub/workflows/archie.md -buildtags g_.a -errorsas -ifaceassert -nilfunc git (http block)
• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv 88qG/8AJ7Y7dVpgtqOdVA88qG remote /usr/bin/git k/gh-aw/gh-aw :latest kflows/daily-tea--show-toplevel 4919825/b465/importcfg -C k/gh-aw/gh-aw/pkg/typeutil/convert.go url /tmp/go-build2354919825/b462/types.test ithub/workflows config x_amd64/vet /tmp/go-build2354919825/b462/types.test (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv daily-audit-base Agent-Logs-Url: REDACTED /usr/bin/grep --local committer.name bin/bash grep l n\|daily-audit-discussion s/daily-fact.md /usr/bin/grep origin optimizer.md k/_temp/uv-pytho--show-toplevel grep (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv n|safe-outputs:|remote.origin.url s/daily-mcp-concurrency-analysis.md $name) { hasDiscussionsEnabled } } FETCH_HEAD^{commbash lyzer.md /opt/hostedtoolc--noprofile grep l -dirty" -o gh-aw ./cmd/gh-aw .github/workflows/super-linter.md e (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv reporting .github/workflows/semantic-funct-d cal/bin/bash lp ormance.md /usr/local/.ghcu--noprofile grep -hea�� daily-audit-base .github/workflows/terminal-styli-j (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch .lock.yml grep r: $owner, name: $name) { hasDiscussionsEnabled } } ussion ator.md rgo/bin/bash bash --no�� ort-migrate-workflows-again grep r: $owner, name: $name) { hasDiscussionsEnabled } } daily-audit-discgit s-tester.md /usr/bin/grep sionclean (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git itmaster_branch1git itmaster_branch1rev-parse 64/pkg/tool/linu--show-toplevel /usr/bin/git remo�� -v 64/pkg/tool/linux_amd64/vet /usr/bin/git 648028478/.githugit .cfg .cfg git (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv ons-test2214098786 config /opt/hostedtoolcache/node/24.14.1/x64/bin/node l grep kflows/daily-tok--show-toplevel node 4919�� /tmp/TestHashStability_SameInputSameOutput334536-errorsas (http block)
• https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv Xz34/0uXSzV-SefrVVCpTXz34 bash /usr/bin/git k/gh-aw/gh-aw/.ggit grep /usr/bin/git 4919825/b474/importcfg rev-�� k/gh-aw/gh-aw/scripts/lint_error_messages.go l /usr/bin/infocmp k/gh-aw/gh-aw show x_amd64/vet infocmp (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-20 .github/workflowconfig cal/bin/bash 64/pkg/tool/linuremote.origin.url api te '**/*.cjs' '**/*.ts' '**/*.js--exclude-hidden=receive .cfg tartedAt,updatedAt,event,headBranch,headSha,displayTitle -f owner=github -f 64/pkg/tool/linuInitial commit (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-03-28 .github/workflowconfig bash 64/pkg/tool/linuTest User -1 te '**/*.cjs' '**/*.ts' '**/*.js-p .cfg 64/pkg/tool/linux_amd64/vet reporting-otlp\|git .github/workflowconfig $name) { hasuser.email 64/pkg/tool/linutest@example.com (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-01-27 .github/workflowconfig 86_64/git 64/pkg/tool/linuremote.origin.url k/gh�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows .cfg 64/pkg/tool/linux_amd64/vet remote.origin.urgit .github/workflowcheckout erignore 64/pkg/tool/linufeature-branch (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name ghcr.io/github/serena-mcp-servermain 64/pkg/tool/linux_amd64/vet --noprofile s/smoke-opencoderev-parse repository(owne--show-toplevel 64/pkg/tool/linux_amd64/vet --no�� 211059960 basename .cfg .lock.yml grep repository(owne--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu-dwarf=false (http block)
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 nomaly.go 64/pkg/tool/linux_amd64/compile --noprofile grep ash 64/pkg/tool/linux_amd64/compile -l g_.a pkg/workflow/compiler_activationnonexistent-workflow-12345 .cfg pkg/workflow/comgit pkg/workflow/comrev-parse pkg/workflow/com--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name -f ntdrain.test rkflow/js/**/*.jgh owner=github erignore ntdrain.test 3549�� se 4919825/b041/vet100 .cfg .lock.yml conntrack git ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 .cfg 64/pkg/tool/linux_amd64/link sclosure\|### ithub/workflows//tmp/test-expr-4143855117.js repository(ownesecrets.TOKEN dI/VlqCrFGhKv_vuXFDo5AA/4Ab4WdaL-extld=gcc -1 09/001/test-inlined-imports-enabled-with-env-template-expressions-in-body.md basename ortcfg.link .lock.yml grep ache/node/24.14.--show-toplevel GWkazqzAVAIxY_VLl-/SmEOReLVhRl1gtest@example.com (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name iptables 64/pkg/tool/linux_amd64/vet rkflow/js/**/*.jinfocmp s/prompt-cluster-1 erignore 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 config 64/pkg/tool/linux_amd64/compile remote.origin.ur/usr/bin/git arm.md .lock.yml 64/pkg/tool/linu^remote\..*\.gh-resolved$ api g_.a -f .cfg -f owner=github -f ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name rev-parse 64/pkg/tool/linux_amd64/vet ts s/smoke-opencode/tmp/test-expr-1031201716.js p/bin/bash 64/pkg/tool/linux_amd64/vet --no�� 211059960 basename .cfg ithub/workflows chr/testify/asserev-parse git ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 rev-parse 64/pkg/tool/linux_amd64/link .lock.yml grep /usr/bin/basenam--show-toplevel 64/pkg/tool/linux_amd64/link -c eutil.test o ortcfg.link .lock.yml grep ock.yml 1tjYVSqOEP82kiP9ch/8p_7IHIf_31YR46MaExS/rs4ruDNprev-parse (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name om/stretchr/testify@v1.11.1/assert/assertion_forgit.mirrors.hui-maminn.ru/github/gh-aw/pkg/actionpins 64/pkg/tool/linux_amd64/compile remote.origin.urgit s/stale-repo-iderev-parse r: $owner, name:--show-toplevel 64/pkg/tool/linux_amd64/compile --no�� g_.a basename .cfg ithub/workflows /testdeps it ache/go/1.25.8/x64/pkg/tool/linutest@example.com (http block)
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 config 64/pkg/tool/linux_amd64/vet remote.origin.ur/opt/hostedtoolcache/node/24.14.1/x64/bin/node grep bash 64/pkg/tool/linux_amd64/vet -l 3192381497 actions/setup/js/node_modules/flatted/golang/pkg/flatted/flatted.go x_amd64/vet cmd/gh-aw/capita/opt/hostedtoolcache/node/24.14.1/x64/bin/node cmd/gh-aw/comman/tmp/test-import-1841695642.js cmd/gh-aw/format_list_test.go x_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name 64/src/testing/internal/testdeps-w 64/pkg/tool/linux_amd64/link --noprofile grep $name) { has--show-toplevel 64/pkg/tool/linux_amd64/link --no�� .test basename ortcfg.link .lock.yml grep hitecture-diagra--get zXcnnh2v-nEQ9ch2remote.origin.url (http block)
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 piler_error_formatting_test.go x_amd64/compile -f owner=github -f x_amd64/compile -l g_.a pkg/workflow/template_injection_validation_fuzz_test.go .cfg pkg/workflow/temgit pkg/workflow/temrev-parse pkg/workflow/tem--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu/tmp/go-build2354919825/b112/vet.cfg (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name ghcr.io/github/serena-mcp-server:latest 64/pkg/tool/linux_amd64/vet def6316056a12d49git s/stale-repo-iderev-parse r: $owner, name:--show-toplevel 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 config 64/pkg/tool/linux_amd64/link remote.origin.urgit grep $name) { hasDiscussionsEnabl-v 64/pkg/tool/linux_amd64/link estl�� util.test basename x_amd64/compile ithub/workflows s/daily-file-dierev-parse repository(owne--git-dir x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path /opt/pipx_bin/gi-v grep _modules/.bin/sh ussion rategy-analyzer.-atomic ed } } git -C ../pkg/workflow/-errorsas rev-parse x_amd64/vet observability-otgit .github/workflowinit /usr/bin/grep x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 .go test.go x_amd64/vet 1/x6�� n_test.go validation_test.go x_amd64/vet s_test.go .go _test.go x_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 s/daily-safe-outremote bash 64/pkg/tool/linuremote2 (http block)
• https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
  • Triggering command: /tmp/go-build2354919825/b404/cli.test /tmp/go-build2354919825/b404/cli.test -test.testlogfile=/tmp/go-build2354919825/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true lp\|reporting-ot/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -report.md /usr/bin/grep grep -q json' --ignore-path ../../../.pr**/*.json grep ules/.bin/node lp\|reporting-ot/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet s/smoke-test-too-atomic ache/node/24.14.-bool git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git --write ../../../**/*.jsrev-parse 1/x64/bin/node git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git SameOutput334536du /tmp/go-build235-k .cfg git (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv 1936511325/.github/workflows 4919825/b050/vet.cfg k .lock.yml grep tnet/tools/git ache/go/1.25.8/x64/pkg/tool/linu-dwarf=false sRem�� me.go o ache/go/1.25.8/x64/pkg/tool/linu-nolocalimports .prettierignore --log-level=erro-1 r: $owner, name:xterm-color ache/go/1.25.8/x64/pkg/tool/linuother (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv '**/*.ts' '**/*.-c=4 ghcr.io/github/s-nolocalimports x_amd64/vet n|safe-outputs:|git s/daily-securityrev-parse (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
  • Triggering command: `/usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @TSV '/*.ts' '/*.json' --ignore-path ../../../.prettierignore rev-parse x_amd64/vet daily-audit-basegit s/daily-semgrep--C DiscussionsEnabl/tmp/gh-aw-test-runs/20260427-231041-21194/test-648028478/.github/workflows x_amd64/vet 8d51�� xterm-color bash x_amd64/vet s/data/action_pigit -audit-base.md

-C $name) {
has/tmp/gh-aw-test-runs/20260427-231041-21194/test-3192381497 x_amd64/vet` (http block)

• Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv xterm-color grep x_amd64/vet reporting s/daily-skill-op-C /usr/bin/head x_amd64/vet 8d51�� k/gh-aw/gh-aw/.github/workflows config x_amd64/vet remote.origin.urgit s/daily-safe-out-C n-dir/bash x_amd64/vet (http block)
• Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -c=4 -nolocalimports -importcfg /tmp/go-build2354919825/b454/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/testutil/spec_test.go /home/REDACTED/work/gh-aw/gh-aw/pkg/testutil/tempdir_test.go -1 xterm-color bash x_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv '**/*.ts' '**/*.json' --ignore-p-errorsas show x_amd64/vet (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv 1936511325 cycle_test.go ortcfg.link .lock.yml grep it Q9JjIZREDlYiHWP_71/KDaUrle63TPPPrev-parse (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion /../../.prettiergit erignore $name) { has--show-toplevel 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo er: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabl/tmp/go-build2354919825/b427/logger.test -p main -lang=go1.25 git -C ../pkg/workflow/-errorsas config x_amd64/compile l -nolocalimports $name) { has--show-toplevel x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo me: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -buildmode=exe -buildid=8PjJCAG-atomic -s git -C flib/difflib.go rev-parse x_amd64/compile observability-otgit .github/workflowrev-parse ed } } x_amd64/compile (http block)
  • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state .cfg .lock.yml conntrack git ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name on' --ignore-pat-c=4 log (http block)
• https://api.github.com/repos/test/repo
  • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch echo "��� Go code formatted" basename x_amd64/compile .lock.yml grep /usr/bin/grep x_amd64/compile sRem�� "prettier" --write 'scripts/**/*.js' --ignore-pa-p grep .cfg reporting-otlp .github/workflowrun ache/uv/0.11.8/xdownload ache/go/1.25.8/x2 (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Migrates a set of daily audit workflows to the shared shared/daily-audit-base.md component to reduce duplicated scaffolding and prompt drift, while also updating an action pin for ruby/setup-ruby.

Changes:

• Replace shared/reporting-otlp.md (and a couple of direct shared/daily-audit-discussion.md imports) with shared/daily-audit-base.md across multiple daily workflows.
• Regenerate the affected workflow lock files to reflect expanded imports (discussion publishing + reporting + OTLP observability) and required permissions/secrets.
• Bump pinned ruby/setup-ruby from v1.305.0 to v1.306.0 in action pins datasets.

Show a summary per file

File	Description
pkg/workflow/data/action_pins.json	Update pinned ruby/setup-ruby version/SHA.
pkg/actionpins/data/action_pins.json	Mirror the same ruby/setup-ruby pin update in the actionpins dataset.
.github/workflows/go-fan.md	Switch to shared/daily-audit-base.md import.
.github/workflows/github-remote-mcp-auth-test.md	Switch to shared/daily-audit-base.md import.
.github/workflows/daily-token-consumption-report.md	Replace reporting scaffolding import with daily-audit-base (adds standardized discussion + OTLP + reporting).
.github/workflows/daily-token-consumption-report.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-team-status.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-team-status.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-syntax-error-quality.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-syntax-error-quality.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-security-red-team.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-security-red-team.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-safe-outputs-conformance.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-safe-outputs-conformance.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-safe-output-optimizer.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-safe-output-optimizer.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-safe-output-integrator.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-safe-output-integrator.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-repo-chronicle.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-repo-chronicle.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-rendering-scripts-verifier.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-rendering-scripts-verifier.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-otel-instrumentation-advisor.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-otel-instrumentation-advisor.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-news.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-news.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-multi-device-docs-tester.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-multi-device-docs-tester.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-mcp-concurrency-analysis.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-mcp-concurrency-analysis.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-malicious-code-scan.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-malicious-code-scan.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-function-namer.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-function-namer.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-doc-healer.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-cli-tools-tester.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-cli-tools-tester.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-cli-performance.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-cli-performance.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.
.github/workflows/daily-architecture-diagram.md	Replace reporting scaffolding import with daily-audit-base.
.github/workflows/daily-architecture-diagram.lock.yml	Regenerate lock to reflect new import expansion, tools, permissions, and safe-outputs config.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 44/44 changed files
• Comments generated: 2

[Copilot]

Importing shared/daily-audit-base.md pulls in shared/daily-audit-discussion.md, which enables the create-discussion safe-output and (via the compiled workflow) adds discussions: write capability. For a workflow whose documented output is code-scanning alerts, consider using only the parts you need (e.g., shared/observability-otlp.md and/or shared/reporting.md) or a security-specific base so the workflow doesn’t accidentally publish security findings to Discussions.

Suggested change

	- uses: shared/daily-audit-base.md
	with:
	title-prefix: "[malicious-code-scan] "
	expires: 3d
	- shared/observability-otlp.md
	- shared/reporting.md

[Copilot]

The new daily-audit-base import sets title-prefix: "[safe-outputs-conformance] ", but this workflow’s existing safe-outputs.create-issue.title-prefix is "[Safe Outputs Conformance] ". If both issues and discussions can be created, using two different prefixes makes the artifacts harder to search/group; consider aligning the prefixes (or intentionally documenting the difference).

Suggested change

	title-prefix: "[safe-outputs-conformance] "
	title-prefix: "[Safe Outputs Conformance] "