Set agentic workflow threat detection to warning-only mode

[Copilot]

Threat detection runs were being tracked for agentic workflows, and the workflow sources needed explicit warning-only behavior for safe-output threat detection. This change makes that behavior consistent across all agentic news workflows.

• Workflow configuration

  • Added explicit safe-outputs.threat-detection.continue-on-error: true to every news-*.md agentic workflow source.
  • Recompiled the corresponding news-*.lock.yml files so executed workflows carry the updated setting.

• Regression coverage

  • Added a source-level guard in tests/network-diagnostics.test.ts to ensure every agentic news workflow keeps threat detection in warning-only mode.

safe-outputs:
  threat-detection:
    continue-on-error: true

[github-actions]

🏷️ Automatic Labeling Summary

This PR has been automatically labeled based on the files changed and PR metadata.

Applied Labels: size-xs

Label Categories

• 🗳️ Content: news, dashboard, visualization, intelligence
• 💻 Technology: html-css, javascript, workflow, security
• 📊 Data: cia-data, riksdag-data, data-pipeline, schema
• 🌍 I18n: i18n, translation, rtl
• 🔒 ISMS: isms, iso-27001, nist-csf, cis-controls
• 🏗️ Infrastructure: ci-cd, deployment, performance, monitoring
• 🔄 Quality: testing, accessibility, documentation, refactor
• 🤖 AI: agent, skill, agentic-workflow

For more information, see .github/labeler.yml.

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[github-actions]

🔍 Lighthouse Performance Audit

Category	Score	Status
Performance	85/100	🟡
Accessibility	95/100	🟢
Best Practices	90/100	🟢
SEO	95/100	🟢

📥 Download full Lighthouse report

Budget Compliance: Performance budgets enforced via budget.json

[Copilot]

Pull request overview

Updates the agentic news workflow frontmatter so safe-output threat detection runs in warning-only mode, and adds a regression test to prevent future drift across the repo’s compiled agentic workflows.

Changes:

• Added safe-outputs.threat-detection.continue-on-error: true to all news-*.md agentic workflow sources.
• Recompiled all corresponding news-*.lock.yml workflows so the executed workflows carry the new setting.
• Added a Vitest guard asserting all agentic news workflow sources keep threat detection in warning-only mode.

Reviewed changes

Copilot reviewed 23 out of 23 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
tests/network-diagnostics.test.ts	Adds a guard asserting all news workflows set threat detection to warning-only mode.
.github/workflows/news-committee-reports.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-committee-reports.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-evening-analysis.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-evening-analysis.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-interpellations.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-interpellations.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-month-ahead.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-month-ahead.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-monthly-review.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-monthly-review.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-motions.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-motions.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-propositions.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-propositions.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-realtime-monitor.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-realtime-monitor.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-translate.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-translate.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-week-ahead.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-week-ahead.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.
.github/workflows/news-weekly-review.md	Adds safe-outputs.threat-detection.continue-on-error: true to the workflow source.
.github/workflows/news-weekly-review.lock.yml	Recompiled workflow to include the updated safe-output threat-detection behavior.

[Copilot]

This assertion is quite strict because it requires continue-on-error: true to appear immediately on the next line after threat-detection: with fixed indentation. If additional threat-detection keys are added later (still keeping continue-on-error: true), this test will fail. Consider loosening the regex to allow intervening lines, or parsing the frontmatter block line-by-line similar to the existing domain parsers.