Normalize h1/h2 headers to h3/h4 in 51 daily workflow prompts#43384
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
- Convert h1 (# ) -> h3 (### ) and h2 (## ) -> h4 (#### ) in prompt sections (outside code blocks) for 51 non-compliant workflows - Add **Report Formatting** RSG note after main title for the 42 workflows that were missing progressive disclosure guidance - Recompile all 258 workflow lock files (0 errors) Fixes: #43199 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
✅ PR Code Quality Reviewer completed the code quality review. |
|
🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅ |
|
✅ Design Decision Gate 🏗️ completed the design decision gate check. No ADR enforcement needed: PR #43384 does not have the 'implementation' label and has 0 new lines of code in business logic directories (threshold: 100). |
|
✅ Test Quality Sentinel completed test quality analysis. No test files were added or modified in this PR. Test Quality Sentinel skipped. PR #43384 only contains changes to daily workflow .md prompt files and their compiled .lock.yml counterparts. |
This comment has been minimized.
This comment has been minimized.
|
Hey One thing to consider before merging:
If you'd like a hand adding coverage:
|
There was a problem hiding this comment.
Pull request overview
This PR normalizes markdown header levels inside daily workflow prompt bodies to comply with the “use ### or lower” formatting guideline, and adds a standard progressive-disclosure / report-formatting reminder to many prompts. It also recompiles the generated .lock.yml workflows to reflect the markdown changes.
Changes:
- Demoted prompt-body headers from
#/##to###/####across many daily workflows (skipping code fences). - Added a standard Report Formatting note (with
<details><summary>…</summary>) under many daily workflow titles. - Regenerated corresponding
.lock.ymlfiles after the markdown edits.
Show a summary per file
View file list
| File | Description |
|---|---|
| .github/workflows/daily-yamllint-fixer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-yamllint-fixer.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-workflow-updater.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-workflow-updater.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-token-consumption-report.md | Demote headers. |
| .github/workflows/daily-testify-uber-super-expert.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-testify-uber-super-expert.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-team-status.md | Demote headers; add report-formatting note (note: workflow is source-managed). |
| .github/workflows/daily-team-evolution-insights.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-team-evolution-insights.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-syntax-error-quality.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-syntax-error-quality.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-spdd-spec-planner.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-spdd-spec-planner.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-skill-optimizer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-skill-optimizer.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-sentrux-report.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-sentrux-report.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-security-observability.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-secrets-analysis.md | Demote headers. |
| .github/workflows/daily-safeoutputs-git-simulator.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-safe-outputs-conformance.md | Demote headers. |
| .github/workflows/daily-safe-output-optimizer.md | Demote headers. |
| .github/workflows/daily-safe-output-optimizer.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-safe-output-integrator.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-safe-output-integrator.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-repo-chronicle.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-rendering-scripts-verifier.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-reliability-review.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-reliability-review.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-regulatory.md | Demote headers. |
| .github/workflows/daily-performance-summary.md | Demote headers. |
| .github/workflows/daily-observability-report.md | Demote headers. |
| .github/workflows/daily-news.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-multi-device-docs-tester.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-multi-device-docs-tester.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-model-resolution.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-model-resolution.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-model-inventory.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-model-inventory.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-mcp-concurrency-analysis.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-mcp-concurrency-analysis.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-malicious-code-scan.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-issues-report.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-hippo-learn.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-hippo-learn.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-geo-optimizer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-function-namer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-formal-spec-verifier.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-formal-spec-verifier.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-firewall-report.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-file-diet.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-file-diet.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-experiment-report.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-experiment-report.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-doc-updater.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-doc-updater.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-doc-healer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-doc-healer.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-compiler-threat-spec-optimizer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-compiler-threat-spec-optimizer.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-compiler-quality.md | Demote headers. |
| .github/workflows/daily-compiler-quality.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-community-attribution.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-community-attribution.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-code-metrics.md | Demote headers. |
| .github/workflows/daily-cli-performance.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-choice-test.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-caveman-optimizer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-caveman-optimizer.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-cache-strategy-analyzer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-awf-spec-compiler-surfacing.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-awf-spec-compiler-surfacing.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-aw-cross-repo-compile-check.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-aw-cross-repo-compile-check.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-astrostylelite-markdown-spellcheck.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-astrostylelite-markdown-spellcheck.lock.yml | Recompiled generated workflow after markdown change. |
| .github/workflows/daily-ambient-context-optimizer.md | Demote headers; add report-formatting note. |
| .github/workflows/daily-agentrx-trace-optimizer.md | Demote headers; add report-formatting note. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comments suppressed due to low confidence (1)
.github/workflows/daily-observability-report.md:66
- This phase header was demoted to h4, but the next heading (
### Step 1.1...) is h3, which inverts the heading hierarchy. Consider using h3 for phase headers (### Phase ...) or demoting step headings to keep a consistent outline.
- Files reviewed: 102/102 changed files
- Comments generated: 4
- Review effort level: Low
| source: githubnext/agentics/workflows/team-status.md@main | ||
| --- | ||
|
|
||
| # Team Status | ||
| ### Team Status | ||
|
|
| Run the `gh aw update` command to check for and apply updates to GitHub Actions versions in `.github/aw/actions-lock.json`. If updates are found, create a pull request with the changes. | ||
|
|
||
| ## Task Steps | ||
| #### Task Steps |
| 5. Publish a concise daily GitHub issue report. | ||
|
|
||
| ## Data Collection | ||
| #### Data Collection |
| --- | ||
|
|
||
| ## Phase 1: Collect Firewall-Enabled Workflow Runs | ||
| #### Phase 1: Collect Firewall-Enabled Workflow Runs |
There was a problem hiding this comment.
REQUEST_CHANGES — three critical blocking bugs and one policy violation.
### Blocking Issues
🔴 Critical: Workflow name corruption in 3 lock files
Demoting h1 to h3 removes the heading that the compiler uses to derive the workflow name: field. When no h1 is found, the compiler falls through to the first bare # in the file — which is a shell comment inside a code block. Result: three lock files now have nonsensical workflow names:
daily-cli-performance:"Copy benchmark results to our directory"daily-malicious-code-scan:"Fetch all history for analysis"daily-secrets-analysis:"Count secrets.* references"
These break GitHub Actions UI display names, OTEL telemetry labels, and credit-accounting identifiers for every run.
🔴 High: Heading hierarchy inverted in 30/51 files
Files that already had h3 sub-sections nested under h2 sections now have those h3s above their h4 parent sections (h3 ranks higher than h4). The PR converted h2→h4 but left existing h3 sub-sections untouched, creating the exact hierarchy violation it intended to fix. For example in daily-safe-output-optimizer.md: #### Analysis Process now contains ### Phase 0: Setup. Needs a third pass: h3→h5 for all existing sub-sections.
🔴 High: Upstream-managed workflow modified
daily-team-status.md has source: githubnext/agentics/workflows/team-status.md@main — it is read-only per repo policy and must be updated via gh aw update, not manually edited.
🟡 Medium: Workflow display names truncated / casing lost (~15 files)
Even for files without garbage names, descriptive suffixes are dropped and proper-noun casing breaks (e.g., AgentRx → Agentrx, Daily Project Performance Summary Generator (Using MCP Scripts) → Daily Performance Summary).
🔎 Code quality review by PR Code Quality Reviewer · 173 AIC · ⌖ 11.6 AIC · ⊞ 5.4K
Comment /review to run again
| {{#runtime-import? .github/shared-instructions.md}} | ||
|
|
||
| # Daily CLI Performance Agent | ||
| ### Daily CLI Performance Agent |
There was a problem hiding this comment.
Workflow name corruption: demoting the h1 heading breaks the compiler's name extraction — the recompiled lock file now shows "Copy benchmark results to our directory" as its workflow display name instead of "Daily CLI Performance Agent".
💡 Impact and fix
The gh aw compile step derives name:, run-name:, GH_AW_SETUP_WORKFLOW_NAME, and all OTEL_RESOURCE_ATTRIBUTES from the first # (h1) line in the prompt body. After this PR removes all h1 headings, the compiler falls back to the first bare # it finds anywhere — which happens to be a shell comment inside a code block (# Copy benchmark results to our directory at md line ~137).
Two other lock files are broken by the same cause:
daily-malicious-code-scan.lock.yml:"Daily Malicious Code Scan Agent"→"Fetch all history for analysis"daily-secrets-analysis.lock.yml:"Daily Secrets Analysis Agent"→"Count secrets.* references"
This corrupts GitHub Actions UI run titles, OTEL telemetry labels, and credit-accounting identifiers for all affected workflow runs.
Fix options:
- Keep the workflow title as h1 (
# Daily CLI Performance Agent) so the compiler finds it; demote only the section headers below it. - Add a
name:key to the frontmatter to pin the workflow name explicitly, then demote headers freely.
| ## Analysis Process | ||
| #### Analysis Process | ||
|
|
||
| ### Phase 0: Setup |
There was a problem hiding this comment.
Heading hierarchy inverted: ### Phase 0: Setup (unchanged h3) is now a sibling or ancestor of #### Analysis Process (converted from h2), not a child — the intended parent→child nesting is backwards.
💡 Full impact across the PR
Before: # Title > ## Analysis Process > ### Phase 0: Setup (correct parent → child)
After: ### Title > #### Analysis Process > ### Phase 0: Setup (h3 ranks above its supposed h4 parent)
This affects 30 of the 51 modified files — all files that already used ### sub-sections under their ## sections. The PR correctly converted h1→h3 and h2→h4, but left the existing h3 sub-sections untouched. Those h3s now sit at a higher heading level than the h4 section they belong to, creating the exact hierarchy violation the PR set out to fix.
Files affected include: daily-agentrx-trace-optimizer, daily-cli-performance, daily-malicious-code-scan, daily-regulatory, daily-security-observability, and 25 others.
Fix: Also convert the existing ### sub-section headings to ##### sub-section (or h5) to maintain depth ordering. The rule is: h1→h3, h2→h4, h3→h5.
| --- | ||
|
|
||
| # Team Status | ||
| ### Team Status |
There was a problem hiding this comment.
Read-only upstream workflow modified directly: daily-team-status.md declares source: githubnext/agentics/workflows/team-status.md@main in its frontmatter, marking it as upstream-managed. Per project policy this file must not be edited manually.
💡 Why this matters and how to fix it
The repo's AGENTS.md states:
Workflows that declare a
source:frontmatter entry are provenance-managed from an upstream bundle. Treat those workflow source files as read-only in this repository.
Manually editing this file will cause the local content to drift from upstream. The next gh aw update run will either overwrite these changes or conflict with them, potentially reverting the header-normalization changes silently.
Correct fix: Make the header-normalization change in the upstream source (githubnext/agentics/workflows/team-status.md) and then pull it in via gh aw update, or skip this file in the normalization pass.
| # gh-aw-metadata: {"schema_version":"v4","frontmatter_hash":"ab2abb8f09c46e8f1a838cb291cbb2b2f3cbfd14c5db66ff7cbf9c1d328fbfc0","body_hash":"e5156cc92a5ab37f11079b807eb23f2149077773305a0203056e758486f89c27","strict":true,"agent_id":"claude","engine_versions":{"claude":"2.1.201"}} | ||
| # gh-aw-manifest: {"version":1,"secrets":["ANTHROPIC_API_KEY","GH_AW_GITHUB_MCP_SERVER_TOKEN","GH_AW_GITHUB_TOKEN","GH_AW_OTEL_GRAFANA_AUTHORIZATION","GH_AW_OTEL_GRAFANA_ENDPOINT","GH_AW_OTEL_SENTRY_AUTHORIZATION","GH_AW_OTEL_SENTRY_ENDPOINT","GITHUB_TOKEN"],"actions":[{"repo":"actions/cache/restore","sha":"55cc8345863c7cc4c66a329aec7e433d2d1c52a9","version":"v6.1.0"},{"repo":"actions/cache/save","sha":"55cc8345863c7cc4c66a329aec7e433d2d1c52a9","version":"v6.1.0"},{"repo":"actions/checkout","sha":"9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0","version":"v7.0.0"},{"repo":"actions/download-artifact","sha":"3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c","version":"v8.0.1"},{"repo":"actions/github-script","sha":"3a2844b7e9c422d3c10d287c895573f7108da1b3","version":"v9.0.0"},{"repo":"actions/setup-go","sha":"924ae3a1cded613372ab5595356fb5720e22ba16","version":"v6.5.0"},{"repo":"actions/setup-node","sha":"48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e","version":"v6.4.0"},{"repo":"actions/upload-artifact","sha":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a","version":"v7.0.1"},{"repo":"docker/build-push-action","sha":"f9f3042f7e2789586610d6e8b85c8f03e5195baf","version":"v7.2.0"},{"repo":"docker/setup-buildx-action","sha":"d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5","version":"v4.1.0"}],"containers":[{"image":"ghcr.io/github/gh-aw-firewall/agent:0.27.22","digest":"sha256:55f06588411008b7148eb64b8dfe28602a0cce3675b36c6b190b54aca138468e","pinned_image":"ghcr.io/github/gh-aw-firewall/agent:0.27.22@sha256:55f06588411008b7148eb64b8dfe28602a0cce3675b36c6b190b54aca138468e"},{"image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.22","digest":"sha256:afb9ff9140b17d38871dfb9dbac5ff8689ea634c2f91c435da2825192d4881c1","pinned_image":"ghcr.io/github/gh-aw-firewall/api-proxy:0.27.22@sha256:afb9ff9140b17d38871dfb9dbac5ff8689ea634c2f91c435da2825192d4881c1"},{"image":"ghcr.io/github/gh-aw-firewall/squid:0.27.22","digest":"sha256:3cdcc1e2b4b4fe602ba69fd3e21aac7ac512d5c1fce24df4ce69dc4f98164b59","pinned_image":"ghcr.io/github/gh-aw-firewall/squid:0.27.22@sha256:3cdcc1e2b4b4fe602ba69fd3e21aac7ac512d5c1fce24df4ce69dc4f98164b59"},{"image":"ghcr.io/github/gh-aw-mcpg:v0.3.33","digest":"sha256:f0e1f1d562f01e737f3ef125cb4d7057ff87a68a97927f5ea9fd6d3f5091da06","pinned_image":"ghcr.io/github/gh-aw-mcpg:v0.3.33@sha256:f0e1f1d562f01e737f3ef125cb4d7057ff87a68a97927f5ea9fd6d3f5091da06"},{"image":"ghcr.io/github/gh-aw-node","digest":"sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b","pinned_image":"ghcr.io/github/gh-aw-node@sha256:529d02eb970b1161aa25c593a9c3df57fdfad5a8add328cb3b6eccef66f3183b"},{"image":"ghcr.io/github/github-mcp-server:v1.5.0","digest":"sha256:e25564dccc9110a70a77b9df560cbde11aa392fcb5f08b9abe5c4ebc6d146ea4","pinned_image":"ghcr.io/github/github-mcp-server:v1.5.0@sha256:e25564dccc9110a70a77b9df560cbde11aa392fcb5f08b9abe5c4ebc6d146ea4"}]} | ||
| # This file was automatically generated by gh-aw. DO NOT EDIT. To debug this workflow, load the skill at https://github.com/github/gh-aw/blob/main/debug.md | ||
| # |
There was a problem hiding this comment.
Workflow display name casing broken: AgentRx is a proper product name; the compiler has lowercased it to Agentrx because the title is now ### Daily AgentRx Trace Optimizer and the compiler's title-extraction path appears to title-case from h3 differently than from h1.
💡 Scope of name regressions
Beyond the three critical garbage-name cases (cli-performance, malicious-code-scan, secrets-analysis), ~15 other lock files have lost descriptive suffixes or correct casing:
| Lock file | Was | Now |
|---|---|---|
| daily-agentrx-trace-optimizer | Daily AgentRx Trace Optimizer |
Daily Agentrx Trace Optimizer |
| daily-performance-summary | Daily Project Performance Summary Generator (Using MCP Scripts) |
Daily Performance Summary |
| daily-regulatory | Daily Regulatory Report Generator |
Daily Regulatory |
| daily-code-metrics | Daily Code Metrics and Trend Tracking Agent |
Daily Code Metrics |
| daily-repo-chronicle | The Daily Repository Chronicle |
Daily Repo Chronicle |
| daily-token-consumption-report | Daily AIC Consumption Report (Sentry + Grafana OTel) |
Daily Token Consumption Report |
All of these degrade OTEL metric granularity and searchability in the Actions UI. The root cause is the same: the compiler derives the display name from the h1 heading text. When h1 is removed, name derivation logic falls back to the h3 text with different normalization rules.
There was a problem hiding this comment.
Review: Header normalization causes workflow name regressions
The Report Structure Guideline change (H1→H3, H2→H4) is correct for agent-generated output reports, but the PR applied it uniformly to the workflow title H1 that the compiler uses to determine the GitHub Actions workflow name. This breaks metadata in 7 workflows.
Root cause
findH1WorkflowName in pkg/parser/frontmatter_content.go scans the first 64 lines of the markdown body for a # (H1) header to extract the workflow name. When the title heading is demoted to ###, the compiler either:
- Falls back to
generateDefaultWorkflowName(filename)(5 workflows) — producing a shorter name derived from the file name instead of the intended title, or - Picks up the first stray
#line it finds inside bash/script blocks (1 workflow) — producing a completely wrong name.
Blocking issues
| Workflow | Old name | New name | Impact |
|---|---|---|---|
daily-cli-performance |
Daily CLI Performance Agent |
Copy benchmark results to our directory |
🚨 Bash comment picked up |
daily-agentrx-trace-optimizer |
Daily AgentRx Trace Optimizer |
Daily Agentrx Trace Optimizer |
Wrong product casing |
daily-choice-test |
Daily Choice Type Test |
Daily Choice Test |
Lost "Type" |
daily-firewall-report |
Daily Firewall Logs Collector and Reporter |
Daily Firewall Report |
Name shortened |
daily-geo-optimizer |
GEO Optimizer Daily Audit |
Daily Geo Optimizer |
Name reordered |
daily-code-metrics |
Daily Code Metrics and Trend Tracking Agent |
Daily Code Metrics |
Name shortened |
daily-issues-report |
Daily Issues Report Generator |
Daily Issues Report |
Name shortened |
These affect: GitHub Actions UI display, OTEL telemetry (gh-aw.workflow.name attributes), notifications, and any dashboards or alerts filtering on workflow name.
Fix
The workflow title H1 has dual purpose: it names the document and provides the compiler's workflow name. The Report Structure rule should apply only to sub-sections (## → ####), not to the title H1 itself.
For each affected workflow, restore the first heading to H1 (# Title) and keep only the subsequent section headers demoted to H4 (####).
🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 181.2 AIC · ⌖ 6.35 AIC · ⊞ 4.9K
| # - ghcr.io/github/github-mcp-server:v1.5.0@sha256:e25564dccc9110a70a77b9df560cbde11aa392fcb5f08b9abe5c4ebc6d146ea4 | ||
|
|
||
| name: "Daily CLI Performance Agent" | ||
| name: "Copy benchmark results to our directory" |
There was a problem hiding this comment.
🚨 Critical: Workflow name incorrectly extracted from a bash script comment.
The compiled workflow name: is now "Copy benchmark results to our directory" — a bash comment inside the prompt body — instead of the intended "Daily CLI Performance Agent".
Root cause: findH1WorkflowName scans the first 64 lines of the markdown body for a bare # header. When # Daily CLI Performance Agent was demoted to ### Daily CLI Performance Agent, the compiler no longer finds it as an H1 and instead picks up the first # ... bash comment it encounters in the body (line 56 of the body).
This breaks the GitHub Actions workflow display name, OTEL telemetry (gh-aw.workflow.name), notifications, and any dashboards tracking this workflow by name.
Fix: Move the ### Daily CLI Performance Agent heading back to an H1 (# Daily CLI Performance Agent) at the top of the body, before any bash code blocks. The H1 in the body is the compiler's source for the workflow name — it is not the same as headers inside the agent prompt narrative.
@copilot please address this.
| {{#runtime-import? .github/shared-instructions.md}} | ||
|
|
||
| # Daily CLI Performance Agent | ||
| ### Daily CLI Performance Agent |
There was a problem hiding this comment.
This ### Daily CLI Performance Agent heading needs to remain as an H1 (# Daily CLI Performance Agent) to preserve the compiled workflow name.
The findH1WorkflowName function in pkg/parser/frontmatter_content.go extracts the workflow name from the first # (H1) header in the markdown body. Changing it to ### removes it from the compiler's name-extraction path. When no H1 is found in the first 64 lines of body, the compiler picks the next available H1 it finds — which in this file is a bash comment (# Copy benchmark results to our directory) at body line 56.
The Report Structure Guidelines apply to agent-generated output reports, not to the H1 workflow title that the compiler needs for metadata. These two uses of headers are distinct.
@copilot please address this.
| # - ghcr.io/github/github-mcp-server:v1.5.0@sha256:e25564dccc9110a70a77b9df560cbde11aa392fcb5f08b9abe5c4ebc6d146ea4 | ||
|
|
||
| name: "Daily AgentRx Trace Optimizer" | ||
| name: "Daily Agentrx Trace Optimizer" |
There was a problem hiding this comment.
Workflow name changed from "Daily AgentRx Trace Optimizer" to "Daily Agentrx Trace Optimizer" — wrong casing for the product name AgentRx.
This happened because the H1 # Daily AgentRx Trace Optimizer was demoted to H3 in the source .md. With no H1 remaining in the markdown body, the compiler falls back to generateDefaultWorkflowName("daily-agentrx-trace-optimizer") which title-cases each hyphen-separated word: agentrx → Agentrx (loses the camelCase). This breaks OTEL span names and any telemetry dashboards filtering on gh-aw.workflow.name.
Fix: Keep the first heading as H1 (# Daily AgentRx Trace Optimizer) in the markdown body. The ## Section / ### Subsection demotion applies to body sections, not the workflow title.
@copilot please address this.
| # - ghcr.io/github/github-mcp-server:v1.5.0@sha256:e25564dccc9110a70a77b9df560cbde11aa392fcb5f08b9abe5c4ebc6d146ea4 | ||
|
|
||
| name: "Daily Choice Type Test" | ||
| name: "Daily Choice Test" |
There was a problem hiding this comment.
Workflow name silently changed: "Daily Choice Type Test" → "Daily Choice Test" (lost "Type").
The source .md H1 was demoted to H3, so the compiler fell back to generateDefaultWorkflowName("daily-choice-test") = "Daily Choice Test". This is a silent name-drift that breaks workflow tracking.
The same root cause affects 5 more workflows in this PR:
daily-firewall-report:"Daily Firewall Logs Collector and Reporter"→"Daily Firewall Report"daily-geo-optimizer:"GEO Optimizer Daily Audit"→"Daily Geo Optimizer"daily-code-metrics:"Daily Code Metrics and Trend Tracking Agent"→"Daily Code Metrics"daily-issues-report:"Daily Issues Report Generator"→"Daily Issues Report"daily-agentrx-trace-optimizer: wrong casing of "AgentRx" (separate comment above)
Fix for all: The workflow title H1 must remain as H1 at the top of each markdown body. The ### promotion rule in Report Structure Guidelines applies to headers in agent-generated output, not to the compiler's workflow name H1. Consider keeping the title as H1 and only demoting subsequent ## sections to ####.
@copilot please address this.
PR Review Summary 🧠Applied The progressive disclosure note insertion and the content heading demotion are well-executed. However the automation script treated two compiler-level syntax elements as ordinary content headings: 🚨 Issue 1 —
|
There was a problem hiding this comment.
Skills-Based Review 🧠
Applied /codebase-design — requesting changes on three critical regressions introduced by the heading normalization.
📋 Key Themes & Findings
🚨 Critical: Inline sub-agents silently broken (12 agents, 7 files)
The ## agent: name`` syntax is a compiler-level delimiter, not an ordinary heading. subAgentSeparatorRegex in `pkg/parser/sub_agent_extractor.go` is anchored to `^##` and will not match `^####`. All 12 inline sub-agents changed in this PR will be silently dropped at compile time — workflows will run without their sub-agents.
Affected: daily-agentrx-trace-optimizer (3), daily-ambient-context-optimizer (1), daily-awf-spec-compiler-surfacing (2), daily-firewall-report (2), daily-malicious-code-scan (2), daily-model-resolution (1), daily-safeoutputs-git-simulator (1).
🚨 Critical: Workflow names corrupted in 18 lock files
findH1WorkflowName (pkg/parser/frontmatter_content.go) only looks for # (H1). Demoting titles to ### causes it to fall through to generateDefaultWorkflowName (filename-based) or, worse, pick up the first bash comment inside a code fence as the workflow name:
daily-cli-performance→"Copy benchmark results to our directory"daily-malicious-code-scan→"Fetch all history for analysis"daily-secrets-analysis→"Count secrets.* references"
This breaks OTEL resource attributes, run-name labels, and any monitoring dashboard keyed on workflow name.
⚠️ High: Heading hierarchy inversions
In files where pre-existing ### Step N headings weren't demoted, they now appear at the same heading level as the new ### Title, while their parent sections are H4. The intended H1→H2→H3 hierarchy became H3 title → H4 sections → H3 steps.
✅ Positive highlights
- ✅ The progressive disclosure note insertion is well-formed and consistent across 42 files
- ✅ Code fences were correctly skipped when demoting content headings (the compiler issue is separate from the transformation logic)
- ✅ Lock files were correctly regenerated after the markdown changes
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 187.9 AIC · ⌖ 5.84 AIC · ⊞ 6.6K
Comment /matt to run again
| {{#runtime-import shared/noop-reminder.md}} | ||
|
|
||
| ## agent: `trajectory-builder` | ||
| #### agent: `trajectory-builder` |
There was a problem hiding this comment.
[/codebase-design] 🚨 ## agent: → #### agent: breaks sub-agent parsing — all inline sub-agents in this file will silently disappear at runtime.
subAgentSeparatorRegex in pkg/parser/sub_agent_extractor.go requires exactly ^## agent: (H2). Changing to #### agent: means ExtractInlineSubAgents finds zero matches, so the sub-agents trajectory-builder, artifacts-summarizer, and failure-pattern-classifier are never written to disk and the workflow runs without them.
💡 Fix
Revert the ## agent: lines back to H2. Sub-agent delimiters are not ordinary content headings — they are a compiler-level syntax element and must stay at H2. The ###-or-lower rule applies to content headings inside the agent body, not to the delimiter line itself.
-#### agent: `trajectory-builder`
+## agent: `trajectory-builder`Affected files in this PR: daily-agentrx-trace-optimizer.md (3 agents), daily-ambient-context-optimizer.md (1), daily-awf-spec-compiler-surfacing.md (2), daily-firewall-report.md (2), daily-malicious-code-scan.md (2), daily-model-resolution.md (1), daily-safeoutputs-git-simulator.md (1) — 12 inline sub-agents broken in total.
@copilot please address this.
| --- | ||
|
|
||
| {{#runtime-import? .github/shared-instructions.md}} | ||
|
|
There was a problem hiding this comment.
[/codebase-design] Demoting the H1 title to ### causes the compiler to pick up the first bash # comment inside a code fence as the workflow name, producing "Copy benchmark results to our directory" in the lock file instead of "Daily CLI Performance Agent".
findH1WorkflowName in pkg/parser/frontmatter_content.go scans for # prefix without checking whether the line is inside a code block. Once the real H1 is gone, it matches the next bare # it encounters (line 137 of this file, inside a ```bash fence).
💡 Fix — two options
Option A (recommended): Keep the main workflow title as H1 (#) since findH1WorkflowName treats it as the source of truth for the workflow name. The ###-or-lower guideline is about output report headings, not the title line in the prompt body.
Option B: Teach findH1WorkflowName to skip lines inside code fences before demoting all titles.
Three workflows in this PR have garbage names from this same bug:
daily-cli-performance.md→"Copy benchmark results to our directory"daily-malicious-code-scan.md→"Fetch all history for analysis"daily-secrets-analysis.md→"Count secrets.* references"
@copilot please address this.
| {{#runtime-import? .github/shared-instructions.md}} | ||
|
|
||
| # Daily Code Metrics and Trend Tracking Agent | ||
| ### Daily Code Metrics and Trend Tracking Agent |
There was a problem hiding this comment.
[/codebase-design] Demoting the H1 title causes 18 workflows to get shortened or wrong names in their compiled lock files — breaking OTEL traces, run-name labels, and any tooling that keys off the workflow name.
The lock file for this workflow now has name: "Daily Code Metrics" instead of "Daily Code Metrics and Trend Tracking Agent", and similar truncations appear across all 18 changed workflows.
💡 Scope of the regression
findH1WorkflowName (pkg/parser/frontmatter_content.go) extracts the workflow name from the first # heading. After demotion to ###, it falls back to generateDefaultWorkflowName which derives the name from the filename (e.g. daily-code-metrics.md → "Daily Code Metrics"), silently dropping the descriptive suffix.
Affected workflows with name changes (sampled):
| File | Was | Now |
|---|---|---|
| daily-code-metrics | Daily Code Metrics and Trend Tracking Agent | Daily Code Metrics |
| daily-cli-performance | Daily CLI Performance Agent | Copy benchmark results to our directory |
| daily-firewall-report | Daily Firewall Logs Collector and Reporter | Daily Firewall Report |
| daily-issues-report | Daily Issues Report Generator | Daily Issues Report |
| daily-regulatory | Daily Regulatory Report Generator | Daily Regulatory |
| daily-agentrx-trace-optimizer | Daily AgentRx Trace Optimizer | Daily Agentrx Trace Optimizer |
The ###-or-lower guideline should be clarified to exclude the prompt body title heading which drives the compiled workflow name.
@copilot please address this.
| ## Data Collection | ||
| #### Data Collection | ||
|
|
||
| ### Step 1 — Download recent runs |
There was a problem hiding this comment.
[/codebase-design] Pre-existing ### Step 1 headings now sit at the same level as the new ### Daily Ambient Context Optimizer title, creating a heading hierarchy inversion.
Before this PR the structure was logical: H1 title → H2 sections → H3 steps. After the change it reads: H3 title → H4 sections → H3 steps (steps are at the same level as the title).
💡 Fix
The pre-existing ### Step N — headings inside this file were sub-headings of the ## Data Collection section. Now that ## Data Collection became ####, the ### Step headings should be demoted one level too to #### (or the section headings should stay at ### to preserve the logical hierarchy).
The same inversion is present in several other files — wherever a pre-existing H3 appeared within a H2 section that was demoted to H4.
@copilot please address this.
|
@copilot please run the
|
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>
Addressed in commit |
|
@copilot please
|
Addressed already in I rechecked the PR review threads and the linked blocking findings are on the superseded commit ( If you want fresh CI/review signals on current HEAD, a maintainer will need to retrigger workflows (agent pushes do not retrigger CI). |
82% of daily workflow prompts used
#/##headers in their prompt bodies, violating the project's###-or-lower formatting guidelines, and 42 of those also lacked progressive disclosure guidance.Changes
Header demotion (51 files):
# Title→### Title,## Section→#### Sectionin prompt bodies — skipping headers inside code fences to avoid corrupting bash/script examplesReport Formatting note added (42 files): Inserted the standard progressive disclosure note immediately after each workflow's main title:
Lock files recompiled: All 258
.lock.ymlfiles regenerated after the markdown changes11 already-compliant workflows left untouched (
daily-security-red-team.md,daily-architecture-diagram.md, etc.)