[deep-report] Consolidate Daily DIFC Analyzer + Daily Firewall Reporter into single Daily Security Observability workflow

### Description

Two daily workflows cover the same security observability domain with nearly identical behavioral profiles:

| Metric | DIFC Analyzer | Firewall Reporter |
|---|---|---|
| Schedule | Daily | Daily |
| Turns | ~43 | ~35 |
| Tokens/run | ~2.68M | ~2.49M |
| Output type | Discussion + issues | Discussion |
| Tool scope | read_only | read_only |
| Overlap score | ~0.70 | (same) |

Merging them into a single **Daily Security Observability** workflow would save ~2.49M tokens/week (eliminating one daily run) and produce a unified security intelligence report combining firewall traffic + DIFC integrity signals — more actionable than two separate reports.

**Consolidation plan (from Optimization Kit [#28742](https://github.com/github/gh-aw/discussions/28742) Prompt 3):**
1. Base the surviving workflow on the DIFC analyzer (more complex prompt)
2. Firewall log collection becomes Phase 1–2; DIFC analysis becomes Phase 3–4
3. Shared cache-memory path: `/tmp/gh-aw/cache-memory/security-observability/`
4. Single combined discussion output covering both signals

### Expected Impact
~2.49M tokens/week saved (~10M/month). Single unified security report improves analyst UX.

### Suggested Agent
Daily Workflow Updater / manual authoring

### Estimated Effort
Medium (1–4 hours)

### Data Source
DeepReport Intelligence Briefing — April 27, 2026 (run [§25003521428](https://github.com/github/gh-aw/actions/runs/25003521428)); Agentic Optimization Kit [#28742](https://github.com/github/gh-aw/discussions/28742) Consolidation Prompt 3







> Generated by [DeepReport - Intelligence Gathering Agent](https://github.com/github/gh-aw/actions/runs/25003521428/agentic_workflow) · ● 473.9K · [◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw+is%3Aissue+%22gh-aw-workflow-call-id%3A+github%2Fgh-aw%2Fdeep-report%22&type=issues)
> - [x] expires  on Apr 29, 2026, 3:35 PM UTC

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[deep-report] Consolidate Daily DIFC Analyzer + Daily Firewall Reporter into single Daily Security Observability workflow #28751

Description

Expected Impact

Suggested Agent

Estimated Effort

Data Source

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Metric	DIFC Analyzer	Firewall Reporter
Schedule	Daily	Daily
Turns	~43	~35
Tokens/run	~2.68M	~2.49M
Output type	Discussion + issues	Discussion
Tool scope	read_only	read_only
Overlap score	~0.70	(same)

[deep-report] Consolidate Daily DIFC Analyzer + Daily Firewall Reporter into single Daily Security Observability workflow #28751

Description

Description

Expected Impact

Suggested Agent

Estimated Effort

Data Source

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions