feat(compliance-audit): add added/existing/removed issue count summary

.github/workflows/compliance-audit-and-improvement.yml

@@ -50,6 +50,9 @@ jobs:
       error_count: ${{ steps.audit.outputs.error_count }}
       warning_count: ${{ steps.audit.outputs.warning_count }}
       repos_with_findings: ${{ steps.audit.outputs.repos_with_findings }}
+      issues_added: ${{ steps.audit.outputs.issues_added }}
+      issues_existing: ${{ steps.audit.outputs.issues_existing }}
+      issues_removed: ${{ steps.audit.outputs.issues_removed }}
     steps:
       - name: Checkout .github repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -75,6 +78,19 @@ jobs:
           echo "warning_count=$WARNING_COUNT" >> "$GITHUB_OUTPUT"
           echo "repos_with_findings=$REPOS_WITH_FINDINGS" >> "$GITHUB_OUTPUT"
 
+          # Parse issue management counts written by the audit script
+          COUNTS_FILE="$REPORT_DIR/issue-counts.json"
+          if [ -f "$COUNTS_FILE" ]; then
+            ISSUES_ADDED=$(jq '.added' "$COUNTS_FILE")
+            ISSUES_EXISTING=$(jq '.existing' "$COUNTS_FILE")
+            ISSUES_REMOVED=$(jq '.removed' "$COUNTS_FILE")
+          else
+            ISSUES_ADDED=0; ISSUES_EXISTING=0; ISSUES_REMOVED=0
+          fi
+          echo "issues_added=$ISSUES_ADDED" >> "$GITHUB_OUTPUT"
+          echo "issues_existing=$ISSUES_EXISTING" >> "$GITHUB_OUTPUT"
+          echo "issues_removed=$ISSUES_REMOVED" >> "$GITHUB_OUTPUT"
+
       - name: Write step summary
         if: always()
         run: |
@@ -314,6 +330,9 @@ jobs:
             - Errors: ${{ needs.audit.outputs.error_count }}
             - Warnings: ${{ needs.audit.outputs.warning_count }}
             - Repos with findings: ${{ needs.audit.outputs.repos_with_findings }}
+            - Issues added (new): ${{ needs.audit.outputs.issues_added }}
+            - Issues existing (updated): ${{ needs.audit.outputs.issues_existing }}
+            - Issues removed (resolved): ${{ needs.audit.outputs.issues_removed }}
 
             ### Health Survey (runtime telemetry)
             - Report JSON: ${{ runner.temp }}/health-survey.json
@@ -488,12 +507,25 @@ jobs:
 
             **Deduplication:**
             - Check existing open issues before creating
+            - **Group findings of the same type across repos into a single issue.** For example,
+              if the same compliance check is failing in 5 repos, create ONE issue listing all
+              affected repos — not 5 separate issues. The compliance audit script already creates
+              per-repo issues; your job is to identify systemic patterns and create higher-level
+              issues for them.
             - If a similar issue exists, add a comment with latest findings instead
             - When commenting on existing issues, also ensure the `claude` label is present:
               ```bash
               gh issue edit <number> --repo ${{ github.repository_owner }}/<repo> --add-label claude
               ```
 
+            **Before writing the Phase 6 summary**, gather linked PR data for all issues you
+            created or updated this run, and for all compliance issues from the audit:
+            ```bash
+            gh search prs --owner ${{ github.repository_owner }} --state open \
+              --json number,repository,url,closingIssuesReferences --limit 300
+            ```
+            Store this PR data to populate the "Related PRs" column in the summary.
+
             ## Phase 6: Summary Report
 
             Write to $GITHUB_STEP_SUMMARY:
@@ -520,9 +552,30 @@ jobs:
             | Repos without branch protection | N |
 
             ### Issues Created/Updated
-            | Repo | Issue | Severity | Title |
-            |------|-------|----------|-------|
-            | ... | #N | ... | ... |
+            | Action | Count |
+            |--------|-------|
+            | Added (new) | ${{ needs.audit.outputs.issues_added }} |
+            | Existing (updated) | ${{ needs.audit.outputs.issues_existing }} |
+            | Removed (resolved) | ${{ needs.audit.outputs.issues_removed }} |
+
+            Group by compliance issue type — one subsection per distinct check/finding type,
+            listing every affected repo with a linked issue number and any related open PRs.
+            Render each issue and PR as a markdown hyperlink. For example:
+
+            #### `<check-type>` (`<severity>`)
+            _N repos affected_
+
+            | Repo | Issue | Related PRs |
+            |------|-------|-------------|
+            | [repo-name](https://github.com/owner/repo) | [#42 — Compliance: check-type](issue-url) | [#7](pr-url) |
+            | [other-repo](https://github.com/owner/repo) | [#18 — Compliance: check-type](issue-url) | — |
+
+            Repeat for each distinct check type, errors before warnings, sorted alphabetically
+            within each severity group.
+
+            For issues you created in Phase 5 (health/automation/best-practice issues):
+            list them after compliance issues under a sub-heading "#### Phase 5 Issues".
+            Format: `[#N — Title](url)` grouped by repo, with Related PRs where found.
 
             ### Per-Repo Scorecard
             | Repo | Compliance | CI | Security | PRs | Protection | Score |