[plan] Fix SC1003: Switch awf --allow-domains from single to double quotes in 23 workflow source files

[github-actions]

Objective

Fix the 156 ShellCheck SC1003 occurrences across 23 workflow source files by replacing single-quoted domain lists with double-quoted strings in awf --allow-domains arguments.

Context

From static analysis discussion #17844: The daily static analysis scan reports 156 shellcheck:SC1003 findings (info severity) across 23 agentic workflows. ShellCheck warns because single-quoted strings can mask escape sequences. Double-quoting domain lists is the correct fix since wildcards like *.githubusercontent.com are command arguments, not shell globs.

Approach

1. Find all .md source files in .github/workflows/ that use awf --allow-domains '...'
2. Replace single-quoted domain lists with double-quoted strings: '*.domain.com,...' → "*.domain.com,..."
3. After fixing all 23 files, run make recompile to regenerate .lock.yml files
4. Verify the SC1003 count drops to 0 with actionlint .github/workflows/*.lock.yml

Files to Modify (source .md files only)

• .github/workflows/copilot-cli-deep-research.md
• .github/workflows/daily-compiler-quality.md
• .github/workflows/daily-doc-updater.md
• .github/workflows/daily-file-diet.md
• .github/workflows/daily-mcp-concurrency-analysis.md
• .github/workflows/daily-syntax-error-quality.md
• .github/workflows/daily-testify-uber-super-expert.md
• .github/workflows/delight.md
• .github/workflows/developer-docs-consolidator.md
• .github/workflows/discussion-task-miner.md
• .github/workflows/glossary-maintainer.md
• .github/workflows/go-fan.md
• .github/workflows/go-logger.md
• .github/workflows/instructions-janitor.md
• .github/workflows/layout-spec-maintainer.md
• .github/workflows/semantic-function-refactor.md
• .github/workflows/sergo.md
• .github/workflows/step-name-alignment.md
• .github/workflows/typist.md
• .github/workflows/ubuntu-image-analyzer.md
• .github/workflows/unbloat-docs.md
• .github/workflows/workflow-skill-extractor.md
• .github/workflows/ci-doctor.md

Example Fix

# Before (triggers SC1003):
run: |
  sudo -E awf --allow-domains '*.githubusercontent.com,api.github.com,models.github.com' \
    --other-flags

# After (correct):
run: |
  sudo -E awf --allow-domains "*.githubusercontent.com,api.github.com,models.github.com" \
    --other-flags

IMPORTANT: Fix .md source files only. Run make recompile after all fixes to regenerate .lock.yml files. Run make agent-finish before committing.

Acceptance Criteria

• All 23 .md files updated to use double-quoted domain lists
• make recompile runs without errors
• make agent-finish passes (build + test + lint)
• SC1003 count drops to 0 in actionlint output

Generated by Plan Command for issue #discussion #17844

• expires on Feb 25, 2026, 7:18 AM UTC