Skip to content

feat: add gh-aw-detection: true to 4 flagged audit/analysis workflows#45575

Merged
pelikhan merged 2 commits into
mainfrom
copilot/deep-report-add-gh-aw-detection-again
Jul 15, 2026
Merged

feat: add gh-aw-detection: true to 4 flagged audit/analysis workflows#45575
pelikhan merged 2 commits into
mainfrom
copilot/deep-report-add-gh-aw-detection-again

Conversation

Copilot AI commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

DeepReport detection-analysis flagged 5 audit/analysis workflows running without gh-aw-detection: true. This adds the flag to bring them to a consistent detection posture.

Changes

  • Added features: gh-aw-detection: true to frontmatter of:
    • typist.md (Typist - Go Type Analysis)
    • github-mcp-structural-analysis.md (GitHub MCP Structural Analysis)
    • prompt-clustering-analysis.md (Copilot Agent Prompt Clustering Analysis)
    • example-workflow-analyzer.md (Weekly Workflow Analysis)
  • Recompiled all affected .lock.yml files
features:
  gh-aw-detection: true

Out of scope

agentic-token-audit.md (Daily Agentic Workflow AIC Usage Audit) declares source: githubnext/agentic-ops@... and is upstream-managed — the change must be made in the upstream repo and pulled in via gh aw update.

Add `gh-aw-detection: true` to the `features` frontmatter of:
- typist.md (Typist - Go Type Analysis)
- github-mcp-structural-analysis.md (GitHub MCP Structural Analysis)
- prompt-clustering-analysis.md (Copilot Agent Prompt Clustering Analysis)
- example-workflow-analyzer.md (Weekly Workflow Analysis)

Note: agentic-token-audit.md (Daily Agentic Workflow AIC Usage Audit) has
`source: githubnext/agentic-ops@...` and is upstream-managed — changes must
go through the upstream repo first.

Closes #45284

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add gh-aw-detection flag to 5 workflows feat: add gh-aw-detection: true to 4 flagged audit/analysis workflows Jul 14, 2026
Copilot AI requested a review from pelikhan July 14, 2026 23:15
@github-actions

Copy link
Copy Markdown
Contributor

🤖 PR Triage — Run §29379921158

Field Value
Category chore
Risk 🟢 low
Score 30 / 100
Action auto_merge
Batch workflow-config

Score breakdown: impact 10 + urgency 8 + quality 12

Rationale: Adds gh-aw-detection: true to 4 flagged audit/analysis workflows (8 files, +108). Draft — undraft when CI passes for auto-merge.

Generated by 🔧 PR Triage Agent · 197.2 AIC · ⌖ 5.45 AIC · ⊞ 5.6K ·

@github-actions

Copy link
Copy Markdown
Contributor

Thanks for tackling the gh-aw-detection: true consistency updates across the flagged audit/analysis workflows. The change is on-topic and reasonably focused around one operational concern. The blocker is process: this repository requires non-core contributors to work through issues/agentic plans rather than direct PRs. There are also no test changes, so reviewers would likely want explicit validation evidence for the regenerated workflow outputs.

Suggested next step: move this into an issue/implementation plan that lists the target workflow markdown files, expected lockfile recompilation, and validation commands/results.

Turn this workflow-config PR into a github/gh-aw issue plan for the core team. Summarize why `gh-aw-detection: true` is needed, list each workflow source file affected, note corresponding .lock.yml recompilation expectations, and provide validation steps (for example recompilation/audit checks). Do not open a PR directly.

Generated by ✅ Contribution Check · 82.2 AIC · ⌖ 8.96 AIC · ⊞ 6.2K ·

@pelikhan pelikhan marked this pull request as ready for review July 15, 2026 03:24
Copilot AI review requested due to automatic review settings July 15, 2026 03:24
@pelikhan pelikhan merged commit be43f8c into main Jul 15, 2026
@pelikhan pelikhan deleted the copilot/deep-report-add-gh-aw-detection-again branch July 15, 2026 03:25

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds external gh-aw-detection support to four audit and analysis workflows.

Changes:

  • Enables gh-aw-detection in workflow frontmatter.
  • Regenerates lock files with the external threat-detection pipeline.
Show a summary per file
File Description
.github/workflows/typist.md Enables detection.
.github/workflows/typist.lock.yml Regenerates compiled workflow.
.github/workflows/prompt-clustering-analysis.md Enables detection.
.github/workflows/prompt-clustering-analysis.lock.yml Regenerates compiled workflow.
.github/workflows/github-mcp-structural-analysis.md Enables detection.
.github/workflows/github-mcp-structural-analysis.lock.yml Regenerates compiled workflow.
.github/workflows/example-workflow-analyzer.md Enables detection.
.github/workflows/example-workflow-analyzer.lock.yml Regenerates compiled workflow.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 8/8 changed files
  • Comments generated: 4
  • Review effort level: Medium

Comment on lines +1582 to +1585
- name: Execute threat detection with AWF
id: detection_agentic_execution
# Allowed tools (sorted):
# - Bash
# - BashOutput
# - Edit(/tmp/*)
# - ExitPlanMode
# - Glob
# - Grep
# - KillBash
# - LS
# - MultiEdit(/tmp/*)
# - NotebookRead
# - Read
# - Read(/tmp/*)
# - Task
# - TodoWrite
# - Write(/tmp/*)
timeout-minutes: 20
if: always() && steps.detection_guard.outputs.run_detection == 'true'
continue-on-error: true
Comment on lines +1702 to +1705
- name: Execute threat detection with AWF
id: detection_agentic_execution
# Allowed tools (sorted):
# - Bash
# - BashOutput
# - Edit(/tmp/*)
# - ExitPlanMode
# - Glob
# - Grep
# - KillBash
# - LS
# - MultiEdit(/tmp/*)
# - NotebookRead
# - Read
# - Read(/tmp/*)
# - Task
# - TodoWrite
# - Write(/tmp/*)
timeout-minutes: 20
if: always() && steps.detection_guard.outputs.run_detection == 'true'
continue-on-error: true
Comment on lines +1582 to +1585
- name: Execute threat detection with AWF
id: detection_agentic_execution
# Allowed tools (sorted):
# - Bash
# - BashOutput
# - Edit(/tmp/*)
# - ExitPlanMode
# - Glob
# - Grep
# - KillBash
# - LS
# - MultiEdit(/tmp/*)
# - NotebookRead
# - Read
# - Read(/tmp/*)
# - Task
# - TodoWrite
# - Write(/tmp/*)
timeout-minutes: 20
if: always() && steps.detection_guard.outputs.run_detection == 'true'
continue-on-error: true
Comment on lines +1563 to +1566
- name: Execute threat detection with AWF
id: detection_agentic_execution
# Allowed tools (sorted):
# - Bash
# - BashOutput
# - Edit(/tmp/*)
# - ExitPlanMode
# - Glob
# - Grep
# - KillBash
# - LS
# - MultiEdit(/tmp/*)
# - NotebookRead
# - Read
# - Read(/tmp/*)
# - Task
# - TodoWrite
# - Write(/tmp/*)
timeout-minutes: 20
if: always() && steps.detection_guard.outputs.run_detection == 'true'
continue-on-error: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[deep-report] Add gh-aw-detection: true to 5 flagged audit/analysis workflows

3 participants