[dead-code] chore: remove dead functions — 4 functions removed

[github-actions]

Dead Code Removal

This PR removes unreachable Go functions identified by the deadcode static analyzer.

Functions Removed

Function	File
Compiler.buildInlineDetectionSteps	pkg/workflow/threat_detection.go
Compiler.formatSafeOutputsRunsOn	pkg/workflow/safe_outputs_runtime.go
extractSafeScriptsFromFrontmatter	pkg/workflow/safe_scripts.go
ErrorCollector.HasErrors	pkg/workflow/workflow_errors.go

Notes

• buildInlineDetectionSteps was a one-line deprecated wrapper around buildDetectionJobSteps; test callers were updated to call buildDetectionJobSteps directly.
• formatSafeOutputsRunsOn was superseded by the more general formatFrameworkJobRunsOn.
• extractSafeScriptsFromFrontmatter was an internal helper with no production callers.
• ErrorCollector.HasErrors was redundant — Count() > 0 is equivalent; test assertions updated.

Tests Removed

Test	File
TestBuildInlineDetectionSteps	pkg/workflow/threat_detection_test.go
TestFormatSafeOutputsRunsOn	pkg/workflow/safe_outputs_test.go
TestFormatSafeOutputsRunsOnEdgeCases	pkg/workflow/safe_outputs_runs_on_test.go
TestExtractSafeScriptsFromFrontmatter	pkg/workflow/safe_scripts_test.go
TestExtractSafeScriptsFromFrontmatterEmpty	pkg/workflow/safe_scripts_test.go

Verification

• ✅ go build ./... — passes
• ✅ go vet ./... — passes
• ✅ go vet -tags=integration ./... — passes
• ✅ make fmt — no changes needed
• ✅ go test ./pkg/workflow/... — all tests pass

Dead Function Count

• Before this batch: ~19 functions
• Removed in this PR: 4 functions
• Remaining: ~15 functions

---

Automated by Dead Code Removal workflow — https://github.com/github/gh-aw/actions/runs/23847489282

Generated by Dead Code Removal Agent · ◷

• expires on Apr 4, 2026, 12:17 PM UTC

---

---

✨ PR Review Safe Output Test - Run 23848854083

💥 [THE END] — Illustrated by Smoke Claude · ◷

[Copilot]

Pull request overview

Removes unreachable Go code (and associated tests) flagged by the deadcode analyzer to reduce maintenance surface area in the workflow compiler.

Changes:

• Removed 4 dead/unreachable functions from the workflow package.
• Updated remaining tests to call the non-deprecated implementations directly (e.g., buildDetectionJobSteps, Count()).
• Deleted tests that only covered the removed dead functions and cleaned up related imports.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pkg/workflow/workflow_errors.go	Removes redundant ErrorCollector.HasErrors helper.
pkg/workflow/error_aggregation_test.go	Updates assertions to use Count() instead of HasErrors().
pkg/workflow/threat_detection.go	Removes deprecated wrapper buildInlineDetectionSteps.
pkg/workflow/threat_detection_test.go	Removes wrapper-specific test and updates callers to buildDetectionJobSteps.
pkg/workflow/threat_detection_file_access_test.go	Updates callers to buildDetectionJobSteps and trims now-stale commentary.
pkg/workflow/safe_outputs_runtime.go	Removes superseded formatSafeOutputsRunsOn helper.
pkg/workflow/safe_outputs_test.go	Removes test that only covered removed formatSafeOutputsRunsOn and drops unused import.
pkg/workflow/safe_outputs_runs_on_test.go	Removes edge-case test that only covered removed formatSafeOutputsRunsOn.
pkg/workflow/safe_scripts.go	Removes unused internal helper extractSafeScriptsFromFrontmatter.
pkg/workflow/safe_scripts_test.go	Removes tests that only covered removed extractSafeScriptsFromFrontmatter.

Comments suppressed due to low confidence (2)

pkg/workflow/error_aggregation_test.go:83

• These back-to-back assertions duplicate the same collector.Count() == 0 check with slightly different messages. Consider removing one to keep the test focused and avoid redundant failures.

	assert.Equal(t, 0, collector.Count(), "Should not have errors")
	assert.Equal(t, 0, collector.Count(), "Should have zero count")

pkg/workflow/threat_detection_test.go:213

• This test (and its comments/error messages) still refer to “inline detection steps”, but the code now calls buildDetectionJobSteps, and the PR description notes detection runs in a separate detection job. Updating the test name/comments/messages to match the current behavior would reduce confusion for future maintainers.

func TestThreatDetectionInlineStepsDependencies(t *testing.T) {
	// Test that inline detection steps are generated when threat detection is enabled
	// and that safe-output jobs can check detection results via agent job outputs
	compiler := NewCompiler()

	data := &WorkflowData{
		SafeOutputs: &SafeOutputsConfig{
			ThreatDetection: &ThreatDetectionConfig{},
		},
	}

	// Build inline detection steps
	steps := compiler.buildDetectionJobSteps(data)
	if steps == nil {
		t.Fatal("Expected inline detection steps to be created")
	}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

These two assertions both call collector.Count() with essentially the same expectation/message. Consider keeping a single assertion here to avoid redundant checks and reduce noise in the test output when it fails.

This issue also appears on line 82 of the same file.

Suggested change

assert.Equal(t, 0, collector.Count(), "New collector should have zero count")

[Copilot]

This comment says “TestExtractSafeScriptsFromFrontmatter verifies extraction from frontmatter”, but the TestExtractSafeScriptsFromFrontmatter* tests were removed. Please remove or update the comment so it doesn’t suggest a missing test.

[github-actions]

💥 Automated smoke test review - all systems nominal!

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

Good change — using collector.Count() directly instead of the removed HasErrors() method makes the intent clearer and eliminates the need for a separate predicate method.

[github-actions]

Removing extractSafeScriptsFromFrontmatter keeps the package surface clean. The parseSafeScriptsConfig helper below is the right entry point for callers that already have the scripts map.