Refactor daily audit import stack into shared daily-audit-base component

[Copilot]

This issue identified repeated use of the same daily-audit import trio across workflows (daily-audit-discussion + reporting + observability-otlp) and requested consolidation behind a shared wrapper with title-prefix passthrough.
This PR introduces that wrapper and migrates the 10 confirmed triple-import workflows to it.

• New shared import wrapper

  • Added .github/workflows/shared/daily-audit-base.md
  • Bundles the standard daily audit stack:
    • shared/daily-audit-discussion.md
    • shared/reporting.md
    • shared/observability-otlp.md
  • Exposes:
    • title-prefix (required)
    • expires (optional, default 3d)

• Workflow migration (10 confirmed triple-import workflows)

  • Replaced three-import stack with a single shared/daily-audit-base.md import in:
    • daily-code-metrics.md
    • daily-compiler-quality.md
    • daily-firewall-report.md
    • daily-integrity-analysis.md
    • daily-issues-report.md
    • daily-observability-report.md
    • daily-performance-summary.md
    • daily-regulatory.md
    • daily-secrets-analysis.md
    • daily-team-evolution-insights.md
  • Preserved per-workflow title-prefix and any explicit expires override.

• Related authoring guidance

  • Added a recommendation to prefer shared/daily-audit-base.md for daily discussion-based audit workflows in:
    • docs/src/content/docs/guides/deterministic-agentic-patterns.md
  • Added a note in shared/daily-audit-discussion.md pointing authors to the new wrapper when reporting+OTLP are also needed.

• Example (before/after)

  # before
  imports:
    - uses: shared/daily-audit-discussion.md
      with:
        title-prefix: "[my-workflow] "
    - shared/reporting.md
    - shared/observability-otlp.md
  
  # after
  imports:
    - uses: shared/daily-audit-base.md
      with:
        title-prefix: "[my-workflow] "

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOWORK 64/bin/go /opt/hostedtoolcGOPROXY -o /tmp/go-build204GOSUMDB -trimpath 64/bin/go -p github.com/githu-w -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOWORK 64/bin/go /opt/hostedtoolcGOPROXY -o /tmp/go-build204GOSUMDB -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw --ignore-path ../../../.pretti. /opt/hostedtoolc-v -o /tmp/go-build204GOSUMDB -trimpath 64/bin/go -p main -lang=go1.25 go (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Refactors the common “daily audit” workflow import stack (discussion publishing + reporting guidance + OTLP observability) into a single shared wrapper and migrates the identified workflows to use it.

Changes:

• Added shared/daily-audit-base.md wrapper that composes daily-audit-discussion, reporting, and observability-otlp with title-prefix passthrough (+ optional expires).
• Updated 10 daily workflows (and their compiled .lock.yml counterparts) to replace the triple-import stack with the new base wrapper.
• Updated authoring documentation and inline guidance to point to the new wrapper.

Show a summary per file

File	Description
pkg/testutil/spec_test.go	Minor struct-literal alignment changes in YAML comment header tests.
docs/src/content/docs/guides/deterministic-agentic-patterns.md	Recommends using shared/daily-audit-base.md for daily discussion-based audit workflows.
.github/workflows/shared/daily-audit-discussion.md	Adds guidance to prefer the new base wrapper when reporting+OTLP are also needed.
.github/workflows/shared/daily-audit-base.md	New shared wrapper bundling discussion + reporting + OTLP with input passthrough.
.github/workflows/daily-team-evolution-insights.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-team-evolution-insights.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-secrets-analysis.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-secrets-analysis.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-regulatory.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-regulatory.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-performance-summary.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-performance-summary.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-observability-report.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-observability-report.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-issues-report.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-issues-report.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-integrity-analysis.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-integrity-analysis.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-firewall-report.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-firewall-report.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-compiler-quality.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-compiler-quality.lock.yml	Regenerated compiled workflow after import refactor.
.github/workflows/daily-code-metrics.md	Migrates imports to shared/daily-audit-base.md.
.github/workflows/daily-code-metrics.lock.yml	Regenerated compiled workflow after import refactor.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 23/24 changed files
• Comments generated: 1

[Copilot]

This PR is scoped to workflow import refactoring, but this hunk in spec_test.go only changes struct literal field alignment (no functional change). Consider dropping this formatting-only change to keep the PR focused and reduce merge/conflict noise (or run gofmt across the file/package if the intent is to normalize formatting).

[github-actions]

🧪 Test Quality Sentinel Report

Test Quality Score: 85/100

✅ Excellent test quality

Metric	Value
New/modified tests analyzed	7 (in changed file)
✅ Design tests (behavioral contracts)	7 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	3 (43%)
Duplicate test clusters	0
Test inflation detected	No
🚨 Coding-guideline violations	None

i️ Note on change scope: The only logical change in pkg/testutil/spec_test.go is pure whitespace alignment (4 additions / 4 deletions — Go struct field alignment inside a table-driven test). No test functions were added or modified in behavior. The 7 tests analyzed are the full contents of the changed file, included for completeness.

---

Test Classification Details

View All 7 Tests

Test	File	Classification	Notes
TestSpec_PublicAPI_GetTestRunDir_Idempotent	pkg/testutil/spec_test.go:22	✅ Design	Verifies sync.Once idempotency contract; good assertion messages
TestSpec_PublicAPI_GetTestRunDir_PathLocation	pkg/testutil/spec_test.go:39	✅ Design	Verifies path naming and directory creation contracts
TestSpec_PublicAPI_TempDir_CreatesSubdirectory	pkg/testutil/spec_test.go:55	✅ Design	Verifies subdir is inside test run dir; checks IsDir()
TestSpec_PublicAPI_TempDir_CleanupOnTestCompletion	pkg/testutil/spec_test.go:75	✅ Design	Tests cleanup contract with assert.ErrorIs(os.ErrNotExist) ✓
TestSpec_PublicAPI_CaptureStderr_ReturnsOutput	pkg/testutil/spec_test.go:97	✅ Design	Verifies stderr capture returns written content
TestSpec_PublicAPI_CaptureStderr_RestoresAfterCapture	pkg/testutil/spec_test.go:112	✅ Design	Verifies os.Stderr is restored after capture (behavioral contract)
TestSpec_PublicAPI_StripYAMLCommentHeader	pkg/testutil/spec_test.go:130	✅ Design	Table-driven; covers happy path + "no comment" edge case ✓

---

Flagged Tests — Requires Review

No tests flagged. All tests enforce observable behavioral contracts with proper assertion messages and build tags.

Minor observation (not blocking): Edge/error case coverage is modest at 43% (3 of 7 tests). Tests GetTestRunDir_Idempotent and CaptureStderr_ReturnsOutput cover only happy paths. Consider adding:

• A test for TempDir behavior when the underlying os.MkdirTemp might fail (or at least an invalid pattern)
• A test for CaptureStderr when fn panics (to verify stderr is still restored)

---

Language Support

Tests analyzed:

• 🐹 Go (*_test.go): 7 tests — unit (//go:build !integration)
• 🟨 JavaScript (*.test.cjs, *.test.js): 0 tests

---

Verdict

✅ Check passed. 0% of new tests are implementation tests (threshold: 30%). The change to pkg/testutil/spec_test.go is a pure formatting alignment fix. All existing tests in the file are well-structured design tests that enforce observable behavioral contracts with descriptive assertion messages.

---

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

• Assert on observable outputs, return values, or state changes
• Cover error paths and boundary conditions
• Would catch a behavioral regression if deleted
• Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

• Assert on internal function calls (mocking internals)
• Only test the happy path with typical inputs
• Break during legitimate refactoring even when behavior is correct
• Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

References: §24516631498

🧪 Test quality analysis by Test Quality Sentinel · ● 834.7K · ◷

[github-actions]

✅ Test Quality Sentinel: 85/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). The only change to pkg/testutil/spec_test.go is a whitespace alignment fix; all 7 tests in the file are well-structured behavioral design tests with proper build tags and descriptive assertion messages.