[deep-report] Static-analysis RGS-* security issues recreated daily after closure (no dedup-by-rule)

[github-actions]

Problem

The static-analysis workflow is filing the same RGS-* security findings each day, recreating issues that were closed the previous day:

Rule	2026-05-07 (closed)	2026-05-08 (refiled)
RGS-004 (comment-triggered workflow w/o auth)	#30778	#30945 (brave.lock.yml)
RGS-012 (secret exfil via outbound HTTP)	#30776	#30947 (visual-regression-checker.lock.yml)
RGS-018 (suspicious payload exec pattern)	#30777	#30946 (api-consumption-report.lock.yml)

The rule IDs are identical; only the affected files differ. The workflow either (a) treats every file independently with no awareness of prior closure, or (b) lacks a fingerprint that matches across runs.

Suggested Fix

In the static-analysis workflow prompt:

1. Before filing a create_issue, search existing issues by title pattern [static-analysis] RGS-NNN and the file path; if a CLOSED issue exists for the same rule+file, skip; if an OPEN issue exists, add a comment instead.
2. Optionally include a rule + file-hash fingerprint in a hidden HTML comment to make matching robust.

Suggested Agent

agentic-workflows — workflow .md prompt edit.

Estimated Effort

1–2 hours.

Source

DeepReport 2026-05-08.

Generated by DeepReport - Intelligence Gathering Agent · ● 18.1M · ◷

• expires on May 10, 2026, 3:20 PM UTC

[github-actions]

�� Issue Monster selected this for Copilot

I've identified this issue as a good candidate for automated resolution and requested assignment to the Copilot coding agent.

If assignment succeeds, the Copilot coding agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

🍪 Om nom nom by Issue Monster · ● 130.9K · ◷