Refactor audit workflows with new `shared/daily-audit-charts` composite import by Copilot · Pull Request #28079 · github/gh-aw

Copilot · 2026-04-23T12:37:15Z

This introduces a shared chart-ready audit baseline so workflows no longer have to manually compose discussion/reporting/OTLP and trending chart setup. It also migrates all workflows currently using shared/trending-charts-simple.md to the new shared primitive for consistent structure.

New shared module
- Added .github/workflows/shared/daily-audit-charts.md
- Composition:
  - shared/daily-audit-base.md
  - shared/trending-charts-simple.md
- Inherited import inputs:
  - title-prefix (required)
  - expires (default: 3d)
Workflow migration (8 workflows)
- Updated:
  - agentic-observability-kit.md
  - agentic-optimization-kit.md
  - api-consumption-report.md
  - audit-workflows.md
  - daily-firewall-report.md
  - daily-performance-summary.md
  - prompt-clustering-analysis.md
  - stale-repo-identifier.md
- Replaced direct trending-charts-simple usage (and redundant direct audit/reporting imports where present) with shared/daily-audit-charts.md
Compiled workflow output updates
- Reflected import graph changes in corresponding *.lock.yml files for the migrated workflows.

imports:
  - uses: shared/daily-audit-charts.md
    with:
      title-prefix: "[api-consumption-report] "
      expires: 3d
  - shared/jqschema.md

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

https://api.github.com/graphql
- Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name 64/pkg/tool/linux_amd64/vet GOINSECURE 1730356/b011/intrev-parse ache/go/1.25.8/x--show-toplevel 64/pkg/tool/linux_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh repo view owner/repo env 2016624372 qrnP/bIu9B-2Kyy25-yTJqrnP 64/pkg/tool/linux_amd64/link GOINSECURE contextprotocol/rev-parse GOMODCACHE 64/pkg/tool/linux_amd64/link -c ger.test log x_amd64/compile -n1 --format=format:run --end-of-optionsdownload x_amd64/compile (http block)
- Triggering command: /usr/bin/gh gh repo view owner/repo env 2016624372 gNV_/-ERQMY_tDmUJytyNgNV_ .cfg GOINSECURE contextprotocol/rev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-test.v=true -V=f�� 0044404/b399/_pkg_.a GOPROXY .cfg ."; \ BEFORE=$(/opt/hostedtoolcache/node/24.14.1/x64/bin/node GOWORK 64/bin/go ache/go/1.25.8/x64/pkg/tool/linurev-parse (http block)
https://api.github.com/orgs/test-owner/actions/secrets
- Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
- Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json GO111MODULE (http block)
https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git md .cfg 64/pkg/tool/linu--show-toplevel git -C /tmp/gh-aw-test-runs/20260423-124505-35435/test-1788577107 rev-parse /usr/bin/git 1730356/b237/_pknode REzZ/UVSmm-gThuy/opt/hostedtoolcache/node/24.14.1/x64/bin/npm ache/go/1.25.8/xinstall git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel infocmp /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm xterm-color ache/go/1.25.8/xrev-parse /usr/bin/git /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm -V=f�� 0044404/b459=> git /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv remove remote2 /usr/bin/git 82/001/test-compgit GO111MODULE ache/go/1.25.8/x--show-toplevel git conf�� user.name Test User /usr/bin/git 92857401/001 GO111MODULE 64/pkg/tool/linuinstall git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v3
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv GOMODCACHE x_amd64/compile /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json GO111MODULE x_amd64/vet node /tmp�� /tmp/TestHashConsistency_GoAndJavaScript471670337/001/test-inlined-imports-enabled-with-env-tempgit x_amd64/vet /usr/bin/git -json GO111MODULE x_amd64/vet git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel outil.test /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v5
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv 5078/001/stabili--workflow 0044404/b086/vetnonexistent-workflow-test-12345 ache/go/1.25.8/x--limit -p strings -lang=go1.25 ache/go/1.25.8/x--name-only -o st-1857147932/.github/workflows -trimpath /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p crypto/internal/rev-parse -lang=go1.25 /opt/hostedtoolcache/go/1.25.8/x/tmp/go-build1580044404/b111/vet.cfg (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel /tmp/gh-aw-merge-160675078/new.md /usr/bin/git se 0044404/b066/vet\n .cfg git rev-�� --show-toplevel ache/go/1.25.8/x^remote\..*\.gh-resolved$ /usr/bin/git 4505-35435/test-git o ache/go/1.25.8/x--show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git sistency_GoAndJagit initial commit ache/go/1.25.8/x--show-toplevel git 1/x6�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git /tmp/gh-aw-test-git remote /usr/bin/git git (http block)
https://api.github.com/repos/actions/checkout/git/ref/tags/v6
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub/workflows/archie.md x_amd64/asm 0044404/b450/_pkg_.a -json GO111MODULE x_amd64/compile git -C /tmp/gh-aw-test-runs/20260423-124505-35435/test--s (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmain_branch24--repo git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitmain_branch24owner/repo 1/x64/bin/node -c=4 -nolocalimports -importcfg 1/x64/bin/node -C /tmp/gh-aw-test-runs/20260423-125334-61933/test-441972487/.github/workflows remote /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v8
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git /tmp/go-build180git -trimpath verutil.test git rev-�� --show-toplevel verutil.test /usr/bin/git -unreachable=falgit /tmp/go-build158rev-parse 64/pkg/tool/linu--show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/gh git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel resolved$ /usr/bin/git 5334-61933/test-git GO111MODULE ache/go/1.25.8/x-m git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git 5334-61933/test-git GO111MODULE ache/go/1.25.8/x--show-toplevel git (http block)
https://api.github.com/repos/actions/github-script/git/ref/tags/v9
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json age/common.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile abi/�� -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv -json t/format.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /usr/bin/gh e-frontmatter.mdgit FSSLThW2J 64/pkg/tool/linu--show-toplevel gh run list --json /usr/bin/git --workflow nonexistent-workrev-parse --limit git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git-upload-pack /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /opt/hostedtoolcache/node/24.14.1/x64/bin/node ub/workflows GO111MODULE 64/bin/go /opt/hostedtoolcsecurity /tmp�� Secret: ${{ secrOUTPUT go /usr/bin/git -json GO111MODULE ache/go/1.25.8/x--show-toplevel git (http block)
https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv /tmp/TestGuardPolicyMinIntegrityOnlymin-integrity_only_defaults_repo2297125827/001 remote /usr/bin/gh -json GO111MODULE x_amd64/compile gh api /repos/actions/github-script/git/ref/tags/v9 --jq om/org2/repo2.git -json GO111MODULE x_amd64/vet node (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv GOMODCACHE 64/pkg/tool/linuTest User /usr/bin/git ortcfg PumV21ljR x_amd64/link /usr/bin/git conf�� --get-regexp ^remote\..*\.gh-resolved$ /usr/bin/git ortcfg GO111MODULE x_amd64/link git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)
https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
- Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel -dwarf=false /usr/bin/infocmp go1.25.8 -c=4 -nolocalimports infocmp -1 runs/20260423-124505-35435/test-3580850662 /tmp/go-build1580044404/b424/_testmain.go /opt/hostedtoolcache/node/24.14.1/x64/bin/node s/test.md /common.go x_amd64/compile node (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv . git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv 42 go /usr/lib/git-core/git $GOPATH/bin/golagit GO111MODULE 64/bin/go /usr/lib/git-core/git main�� run --auto /usr/bin/git --detach GO111MODULE de git (http block)
https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/infocmp --show-toplevel git /usr/bin/git infocmp -1 xterm-color git gin/feature-branch --show-toplevel git /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv --show-toplevel git $name) { hasDiscussionsEnabled } } --show-toplevel git /usr/bin/git find /tmp�� -maxdepth 4 /usr/bin/git d -name bin git (http block)
- Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel git /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel git /usr/local/bin/bgraphql git (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel x_amd64/compile /opt/hostedtoolcache/node/24.14.1/x64/bin/node -json .cfg 64/pkg/tool/linu--show-toplevel /opt/hostedtoolcache/node/24.14.1/x64/bin/node /tmp�� steps.test.outputs.result 64/pkg/tool/linuconfig /usr/bin/git ortcfg .cfg 64/pkg/tool/linu--show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel /opt/hostedtoolcrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git /ref/tags/v9 git sv git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv GOMODCACHE x_amd64/compile /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE ache/go/1.25.8/x--show-toplevel git (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv ons-test2396573425 remote /usr/bin/git l go x_amd64/compile git -C /tmp/gh-aw-test-runs/20260423-124505-35435/test-2016624372 remote /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv status git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv -bool resolved$ 1/x64/bin/node -errorsas -ifaceassert -nilfunc 1/x64/bin/node -c : ${{ github.repository }} git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitbranch_with_hyphen3935399038/rev-parse /usr/bin/git -json GO111MODULE 64/bin/go git (http block)
https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv ons-test2396573425 rev-parse /usr/bin/git go1.25.8 -c=4 -nolocalimports git -C /tmp/gh-aw-test-runs/20260423-124505-35435/test-2016624372 rev-parse /usr/bin/git 1 GO111MODULE x_amd64/link git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv tags/v5 git sv --show-toplevel ache/go/1.25.8/xrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel x_amd64/vet /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv k/gh-aw/gh-aw/.github/workflows/agent-performance-analyzer.md -buildtags /usr/lib/git-core/git -errorsas -ifaceassert -nilfunc /usr/lib/git-core/git main�� run --auto /usr/bin/git --detach GO111MODULE 64/bin/go git (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name rg/x/text@v0.36.0/internal/language/common.go 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD 1730356/b007/sym--show-toplevel 64/pkg/tool/linux_amd64/vet ache�� 1730356/b251/_pkg_.a r73k/ZR15bOYtzO_sNGC5r73k .cfg GOINSECURE b/gh-aw/pkg/giturev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/aes/gcm 1730356/b029/sym--show-toplevel 64/pkg/tool/linux_amd64/vet env 1730356/b228/_pkg_.a ho52/RILG8Ja3npv64jHUho52 64/pkg/tool/linux_amd64/compile GOINSECURE l/httpcommon GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE /home/REDACTED/.npm/_npx/b388654678d519d9/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE sh -c "prettier" --check 'scripts/**/*.js' --ignore-paremote.origin.url GOPROXY /opt/hostedtoolcache/go/1.25.8/x64/bin/go ntent.md GOWORK 64/bin/go go (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE 1730356/b092/ GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1730356/b206/_pkg_.a GO111MODULE .cfg GOINSECURE hpke 1730356/b092/sym--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 om/modelcontextprotocol/go-sdk@v1.5.0/internal/j-ifaceassert 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2016624372 gNV_/-ERQMY_tDmUJytyNgNV_ .cfg GOINSECURE contextprotocol/rev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-test.v=true (http block)
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name =main /home/REDACTED/work/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE 749677/b394/importcfg -c runs/20260423-125334-61933/test-4236739914/.github/workflows GOPROXY ache/node/24.14.1/x64/bin/node GOSUMDB GOWORK run-script/lib/n--show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1730356/b219/_pkg_.a hxms/bWOB0OjYPOs06SIChxms 64/pkg/tool/linux_amd64/vet GOINSECURE g/x/text/unicoderev-parse GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 om/modelcontextp-c=4 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build1580044404/b452/_testmain.go ortc�� 2016624372 stmain.go .cfg GOINSECURE contextprotocol/-unsafeptr=false GOMODCACHE ache/go/1.25.8/x/tmp/go-build1580044404/b114/vet.cfg (http block)
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name faultBranchFromLsRemoteWithRealGitmain_branch2474342123/002/work /home/REDACTED/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE 749677/b401/importcfg -c runs/20260423-125334-61933/test-4236739914/.github/workflows GOPROXY (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD 1730356/b007/symuser.name 64/pkg/tool/linuTest User env 3098336034/.github/workflows fWCy/na03iXLzDBM34i--fWCy ache/go/1.25.8/x64/pkg/tool/linu-lang=go1.25 GOINSECURE g/x/net/http/httrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote (http block)
- Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE entropy GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1730356/b236/_pkg_.a h5RJ/fhSiz4P0ozPJ9_2Hh5RJ ache/go/1.25.8/x64/pkg/tool/linu-test.short=true GOINSECURE osh-tekuri/jsonsrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linushow (http block)
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE /home/REDACTED/work/gh-aw/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE sh -c licyMinIntegrityOnlyrepos_only_without_min-integrity1980476239/001 GOPROXY /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile l GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/xremote.origin.url (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1730356/b199/_pkg_.a 7Ps3/Xuna8G_bMUX3GMM57Ps3 ache/go/1.25.8/x64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linurev-parse (http block)
- Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140only GOMODCACHE 64/pkg/tool/linux_amd64/vet env til.go til_test.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-test.v=true (http block)
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name =my-default /home/REDACTED/work/node_modules/.bin/sh GOINSECURE GOMOD GOMODCACHE cho "�� Warning: .github/aw/actions-lock.json does not exist yet"; \ fi -c licyMinIntegrityOnlyrepos_only_without_min-integrity1980476239/001 GOPROXY /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm plate-expressiongit GOWORK 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/asm (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 3098336034/.github/workflows k-ff/hcoMcb4nJlDk1Ubnk-ff ache/go/1.25.8/x64/pkg/tool/linu-buildmode=exe GOINSECURE /semver GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuconfig (http block)
- Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/drbg 1730356/b029/sym--show-toplevel 64/pkg/tool/linux_amd64/vet env 1730356/b225/_pkg_.a NNuM/NZNs7zEf3uyY_7BzNNuM k GOINSECURE ce GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-goversion (http block)
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name '/tmp/TestParseDefaultBranchFromLsRemoteWithRealGitbranch_with_hyphen3935399038/001' /home/node_modules/.bin/sh GOSUMDB GOWORK 64/bin/go sh -c licyMinIntegrityOnlyCompiledOutput113906679/001 node /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet prettier --write 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linuremote.origin.url (http block)
https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE 1730356/b013/cpuconfig ache/go/1.25.8/xuser.email 64/pkg/tool/linutest@example.com env 3098336034/.github/workflows GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE g/x/net/http/httinit GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 1730356/b235/_pkg_.a 4ACQ/f02Eva1ttQPQuPWq4ACQ ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE osh-tekuri/jsonsrev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu--jq (http block)
- Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name lint:cjs 1/x64/bin/node GOSUMDB GOWORK run-script/lib/n--show-toplevel sh t-ha�� ithub/workflows/architecture-guardian.md sh /usr/bin/gcc "prettier" --wrigit git 64/bin/go gcc (http block)
https://api.github.com/repos/github/gh-aw/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path 237417998/001' 237417998/001' -importcfg /tmp/go-build1580044404/b419/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE yLNKNaz/ITCHFh6R_3VA1bELNvSY env 1730356/b180/_pkg_.a TJ4J/EoB_P8I8HxwDW6KATJ4J x_amd64/compile GOINSECURE fips140/ecdsa GOMODCACHE x_amd64/compile (http block)
https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
- Triggering command: /tmp/go-build1580044404/b404/cli.test /tmp/go-build1580044404/b404/cli.test -test.testlogfile=/tmp/go-build1580044404/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
- Triggering command: /tmp/go-build2270422403/b404/cli.test /tmp/go-build2270422403/b404/cli.test -test.testlogfile=/tmp/go-build2270422403/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x--json /usr/bin/git tion-kit.md -trimpath ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ache/go/1.25.8/x64/pkg/tool/linutest@example.com /usr/bin/git 3580850662 stmain.go 64/pkg/tool/linu/tmp/gh-aw/aw-feature-branch.patch git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel node /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --show-toplevel ache/node/24.14.-lh /usr/bin/git git (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git -json GO111MODULE k/gh-aw/gh-aw/ac--show-toplevel git rev-�� --show-toplevel go /usr/bin/git 5334-61933/test-ls GO111MODULE /opt/hostedtoolc/tmp/gh-aw/aw-feature-branch.patch git (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv g_.a 0044404/b011/vet.cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE ole ache/go/1.25.8/x--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git GOMODCACHE x_amd64/compile /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git GOMODCACHE (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv d/gh-aw-wasm GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env 839105765/001 839105765/002/work node GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json cf1419db146eff69d x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env Gitmain_branch22-p Gitmain_branch22github.com/github/gh-aw/pkg/semverutil x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet 7417�� -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv bytealg/indexbyt-p GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
- Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env lGitcustom_branch2839105765/001' lGitcustom_branch2839105765/001' 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv se 0044404/b006/vet.cfg .cfg GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linutest@example.com 1730�� /tmp/go-build1801730356/b105/_pkg_.a k/gh-aw/gh-aw/pkg/logger/doc.go .cfg -p log/internal -lang=go1.25 ache/go/1.25.8/xv1.0.0 (http block)
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --get remote.origin.urrev-parse /usr/bin/git git rev-�� --show-toplevel git /usr/bin/git --get remote.origin.urrev-parse ache/node/24.14.--show-toplevel git (http block)
- Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/nonexistent/repo/actions/runs/12345
- Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE 1730356/b133/ GOMODCACHE 64/pkg/tool/linutest@example.com (http block)
- Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion l /usr/bin/gh 64/bin/go ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -ato�� -bool -buildtags ache/node/24.14.1/x64/bin/node -errorsas -ifaceassert -nilfunc /usr/lib/git-core/git (http block)
https://api.github.com/repos/owner/repo/actions/workflows
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json age/compact/comp-ifaceassert x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
- Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json g/catmsg.go x_amd64/compile GOINSECURE GOMOD bytealg/equal_wa--show-toplevel x_amd64/compile (http block)
- Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE g/x/text/secure/rev-parse 1730356/b092/sym--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet buil�� t2149086236/.github/workflows tlhm/8_3rPEEpzk8cu5AAtlhm x_amd64/vet ./cmd/gh-aw-wasminfocmp GOWORK 64/bin/go x_amd64/vet (http block)
https://api.github.com/repos/test-owner/test-repo/actions/secrets
- Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name go1.25.8 (http block)
- Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name 74342123/001' 74342123/001' 64/bin/go GOINSECURE GOMOD GOMODCACHE go env h ../../../.prettierignore GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
https://api.github.com/repos/test/repo
- Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch 1730356/b228/_pkg_.a ho52/RILG8Ja3npv64jHUho52 64/pkg/tool/linux_amd64/compile GOINSECURE l/httpcommon GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
- Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/archie.md go /usr/bin/git tmatter-with-nesgit GO111MODULE 64/bin/go git rev-�� --show-toplevel go /usr/bin/git -json GO111MODULE 64/bin/go git (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/bf8c21c3-22a2-4e1b-a3fd-4b106e7c4b00 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

… trend workflows Agent-Logs-Url: https://github.com/github/gh-aw/sessions/bf8c21c3-22a2-4e1b-a3fd-4b106e7c4b00 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot

Pull request overview

Refactors multiple audit/report workflows to use a new shared composite import (shared/daily-audit-charts.md) that standardizes daily-audit discussion/reporting/OTLP setup plus trending chart scaffolding.

Changes:

Added new shared module .github/workflows/shared/daily-audit-charts.md (composes daily-audit-base + trending-charts-simple).
Migrated several workflows to use shared/daily-audit-charts.md instead of directly importing trending-charts-simple.md and/or audit/reporting primitives.
Regenerated corresponding *.lock.yml compiled outputs to reflect the new import graph.

Show a summary per file

File	Description
.github/workflows/shared/daily-audit-charts.md	New shared composite import that bundles daily audit base + simple trending charts.
.github/workflows/stale-repo-identifier.md	Switches workflow imports to `shared/daily-audit-charts.md`.
.github/workflows/stale-repo-identifier.lock.yml	Regenerated compiled workflow output after import changes.
.github/workflows/prompt-clustering-analysis.md	Migrates imports to `shared/daily-audit-charts.md`.
.github/workflows/prompt-clustering-analysis.lock.yml	Regenerated compiled workflow output after import changes.
.github/workflows/daily-performance-summary.md	Migrates imports to `shared/daily-audit-charts.md`.
.github/workflows/daily-performance-summary.lock.yml	Regenerated compiled workflow output after import changes.
.github/workflows/daily-firewall-report.md	Migrates imports to `shared/daily-audit-charts.md`.
.github/workflows/daily-firewall-report.lock.yml	Regenerated compiled workflow output after import changes.
.github/workflows/audit-workflows.md	Migrates imports to `shared/daily-audit-charts.md`.
.github/workflows/audit-workflows.lock.yml	Regenerated compiled workflow output after import changes.
.github/workflows/api-consumption-report.md	Migrates imports to `shared/daily-audit-charts.md`.
.github/workflows/api-consumption-report.lock.yml	Regenerated compiled workflow output after import changes.
.github/workflows/agentic-optimization-kit.md	Migrates imports to `shared/daily-audit-charts.md`.
.github/workflows/agentic-optimization-kit.lock.yml	Regenerated compiled workflow output after import changes.
.github/workflows/agentic-observability-kit.md	Migrates imports to `shared/daily-audit-charts.md`.
.github/workflows/agentic-observability-kit.lock.yml	Regenerated compiled workflow output after import changes.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 17/17 changed files
Comments generated: 6

Copilot · 2026-04-23T13:08:51Z

+          GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'
          SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
          SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
+          SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}


GH_AW_OTEL_HEADERS is a secret used by this workflow (it is exported to OTEL_EXPORTER_OTLP_HEADERS), but it is missing from the GH_AW_SECRET_NAMES list and corresponding SECRET_* env vars for the log redaction step. Include it so redaction can scrub headers if they appear in logs.

Suggested change

GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'

SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GH_AW_OTEL_HEADERS,GITHUB_TOKEN'

SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

SECRET_GH_AW_OTEL_HEADERS: ${{ secrets.GH_AW_OTEL_HEADERS }}

Copilot · 2026-04-23T13:08:51Z

+          GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'
          SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
          SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
          SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
+          SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}


The workflow uses OTLP headers (GH_AW_OTEL_HEADERS), but the "Redact secrets in logs" step does not include it in GH_AW_SECRET_NAMES or provide SECRET_GH_AW_OTEL_HEADERS. Please include it so redaction can remove it from logs/artifacts if emitted.

Suggested change

GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'

SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GH_AW_OTEL_HEADERS,GITHUB_TOKEN'

SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

SECRET_GH_AW_OTEL_HEADERS: ${{ secrets.GH_AW_OTEL_HEADERS }}

Copilot · 2026-04-23T13:08:51Z

+          GH_AW_SECRET_NAMES: 'GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'
          SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
          SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
+          SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}


GH_AW_OTEL_HEADERS is part of the workflow's OTLP configuration, but it is not included in the GH_AW_SECRET_NAMES list passed to the log redaction step. Add it (and pass SECRET_GH_AW_OTEL_HEADERS) so telemetry headers are scrubbed if they appear in logs.

Suggested change

GH_AW_SECRET_NAMES: 'GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

GH_AW_SECRET_NAMES: 'GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GH_AW_OTEL_HEADERS,GITHUB_TOKEN'

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

SECRET_GH_AW_OTEL_HEADERS: ${{ secrets.GH_AW_OTEL_HEADERS }}

Copilot · 2026-04-23T13:08:52Z

+          GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'
          SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
          SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
+          SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}


This workflow uses OTLP telemetry headers (GH_AW_OTEL_HEADERS), but the log redaction step only receives GH_AW_OTEL_ENDPOINT. Include GH_AW_OTEL_HEADERS in GH_AW_SECRET_NAMES and pass its SECRET_* env var so headers are redacted if they get logged.

Suggested change

GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'

SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GH_AW_OTEL_HEADERS,GITHUB_TOKEN'

SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

SECRET_GH_AW_OTEL_HEADERS: ${{ secrets.GH_AW_OTEL_HEADERS }}

Copilot · 2026-04-23T13:08:52Z

+          GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'
          SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
          SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
+          SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}


The OTLP headers secret (GH_AW_OTEL_HEADERS) is used by this workflow, but it is omitted from the GH_AW_SECRET_NAMES list passed to the "Redact secrets in logs" step. Add it and provide SECRET_GH_AW_OTEL_HEADERS so the redaction step can scrub it from logs/artifacts if it appears.

Suggested change

GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'

SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

GH_AW_SECRET_NAMES: 'ANTHROPIC_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GH_AW_OTEL_HEADERS,GITHUB_TOKEN'

SECRET_ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

SECRET_GH_AW_OTEL_HEADERS: ${{ secrets.GH_AW_OTEL_HEADERS }}

Copilot · 2026-04-23T13:08:53Z

+          GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'
          SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}
          SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}
          SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
+          SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}


GH_AW_OTEL_HEADERS is listed as a secret used by this workflow (and is exported as OTEL_EXPORTER_OTLP_HEADERS earlier), but the "Redact secrets in logs" step is not given that secret. Add GH_AW_OTEL_HEADERS to GH_AW_SECRET_NAMES and pass SECRET_GH_AW_OTEL_HEADERS so the redaction step can scrub it from logs/artifacts if it ever appears.

Suggested change

GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GITHUB_TOKEN'

SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GH_AW_OTEL_ENDPOINT,GH_AW_OTEL_HEADERS,GITHUB_TOKEN'

SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }}

SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }}

SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}

SECRET_GH_AW_OTEL_ENDPOINT: ${{ secrets.GH_AW_OTEL_ENDPOINT }}

SECRET_GH_AW_OTEL_HEADERS: ${{ secrets.GH_AW_OTEL_HEADERS }}

Initial plan

11e5e9c

Copilot AI assigned Copilot and pelikhan Apr 23, 2026

Copilot started work on behalf of pelikhan April 23, 2026 12:37 View session

Copilot AI linked an issue Apr 23, 2026 that may be closed by this pull request

[refactoring] Create shared/daily-audit-charts.md — shared base for audit workflows with trend charts #28041

Closed

Copilot AI and others added 2 commits April 23, 2026 12:46

chore: start daily-audit-charts refactor

e464a83

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/bf8c21c3-22a2-4e1b-a3fd-4b106e7c4b00 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

refactor(workflows): add shared daily-audit-charts import and migrate…

d6a04a3

… trend workflows Agent-Logs-Url: https://github.com/github/gh-aw/sessions/bf8c21c3-22a2-4e1b-a3fd-4b106e7c4b00 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI changed the title ~~[WIP] Create shared/daily-audit-charts for audit workflows with trend charts~~ Refactor audit workflows with new shared/daily-audit-charts composite import Apr 23, 2026

Copilot finished work on behalf of pelikhan April 23, 2026 13:01

Copilot AI requested a review from pelikhan April 23, 2026 13:01

pelikhan approved these changes Apr 23, 2026

View reviewed changes

pelikhan marked this pull request as ready for review April 23, 2026 13:02

Copilot AI review requested due to automatic review settings April 23, 2026 13:02

pelikhan merged commit badf5aa into main Apr 23, 2026
15 of 19 checks passed

pelikhan deleted the copilot/refactor-daily-audit-charts branch April 23, 2026 13:02

Copilot started reviewing on behalf of pelikhan April 23, 2026 13:03 View session

github-actions Bot mentioned this pull request Apr 23, 2026

[aw] No-Op Runs #27675

Closed

Copilot AI reviewed Apr 23, 2026

View reviewed changes

github-actions Bot mentioned this pull request Apr 23, 2026

Smoke Test: Claude - 24837114207 #28087

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor audit workflows with new `shared/daily-audit-charts` composite import#28079

Refactor audit workflows with new `shared/daily-audit-charts` composite import#28079
pelikhan merged 3 commits intomainfrom
copilot/refactor-daily-audit-charts

Copilot AI commented Apr 23, 2026 •

edited

Loading

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI Apr 23, 2026

Uh oh!

Copilot AI Apr 23, 2026

Uh oh!

Copilot AI Apr 23, 2026

Uh oh!

Copilot AI Apr 23, 2026

Uh oh!

Copilot AI Apr 23, 2026

Uh oh!

Copilot AI Apr 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

Copilot AI commented Apr 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Copilot's findings

Uh oh!

Copilot AI Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Apr 23, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Copilot AI commented Apr 23, 2026 •

edited

Loading