fix(workflow-normalizer): consolidate per-workflow issues into a single issue per run

[Copilot]

workflow-normalizer was creating up to 5 separate issues per run (one per non-compliant workflow), causing issue spam.

Changes

• safe-outputs.create-issue: max: 5 → max: 1 to enforce a single issue per run
• Step 4 prompt: Replaced "For each non-compliant workflow, create an issue" with a single consolidated issue template that includes:
  • A summary table of all non-compliant workflows and their specific violations
  • Unified required-changes instructions covering all affected workflows
  • A single agent task targeting all listed workflows
• Lock file: Recompiled to reflect the updated max constraint

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v3
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha g_.a 9091879/b003/vet.cfg .cfg ./../.prettieriggit (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha --write ../../../**/*.json /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu-importcfg --ignore-path ../../../.prettirev-parse _TOKEN"; }; f /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/pkg/stringutil/pat_validation.go -uns�� 3724-14722/test-553600916 /tmp/go-build4089091879/b080/vet.cfg .cfg (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha /ref/tags/v8 (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq .object.sha uts.version -buildtags /usr/bin/git -errorsas -ifaceassert -nilfunc git -C /tmp/gh-aw-test-runs/20260219-143724-14722/test-553600916 rev-parse /usr/bin/git @{u} assword=$GITHUB_rev-parse x_amd64/vet git (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v5
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha ting Go code..." .cfg 64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha -bool -buildtags ipts.test -errorsas -ifaceassert -nilfunc ipts.test 0890�� --show-toplevel -tests /usr/bin/git (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha run --auto /usr/bin/git --detach (http block)
• https://api.github.com/repos/actions/github-script/git/ref/tags/v8
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha json' --ignore-p-errorsas (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha go1.25.0 -c=4 -nolocalimports -importcfg /tmp/go-build4089091879/b403/importcfg -pack /tmp/go-build4089091879/b403/_testmain.go (http block)
• https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --write ../../../**/*.json /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --ignore-path ../../../.prettirev-parse _TOKEN"; }; f /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� runs/20260219-143724-14722/test-688485492/.github/workflows /tmp/go-build4089091879/b061/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha /ref/tags/v8 git /usr/bin/git matter-with-env-git main 64/pkg/tool/linu--show-toplevel git rev-�� gh-aw/actions/setup/sh/sanitize_path.sh' '/usr/bin:::/usr/local/bin' && echo "$PATH" 64/pkg/tool/linux_amd64/vet /usr/bin/git 688485492/.githu/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/link .cfg 64/pkg/tool/linux_amd64/vet git (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha --write ../../../**/*.json ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet --ignore-path ../../../.prettirev-parse _TOKEN"; }; f ache/go/1.25.0/x64/pkg/tool/linux_amd64/vet -uns�� -unreachable=false /tmp/go-build4089091879/b055/vet.cfg /opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet (http block)
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha tags/v4 REDACTED /usr/bin/infocmp orkflow-normalizgit main 64/pkg/tool/linu--show-toplevel infocmp -1 gh-aw/actions/setup/sh/sanitize_path.sh' '/usr/bin::/usr/local/bin' && echo "$PATH" 64/pkg/tool/linux_amd64/vet /usr/bin/git 688485492/.githu/opt/hostedtoolcache/go/1.25.0/x64/pkg/tool/linux_amd64/vet .cfg 64/pkg/tool/linux_amd64/vet git (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
  • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 origin 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
  • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 pull.rebase x_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
  • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 pull.rebase 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
  • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 origin 64/pkg/tool/linux_amd64/vet (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
  • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 origin 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
  • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 origin 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
  • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 origin 64/pkg/tool/linux_amd64/compile (http block)
• https://api.github.com/repos/github/gh-aw/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path d -n 10 (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 (http block)
  • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 (http block)
• https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha FETCH_HEAD .cfg At,event,headBranch,headSha,displayTitle nore (http block)
• https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
  • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha FETCH_HEAD .cfg 64/pkg/tool/linux_amd64/vet nore (http block)
• https://api.github.com/repos/nonexistent/repo/actions/runs/12345
  • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion ignore (http block)
• https://api.github.com/repos/owner/repo/actions/workflows
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo t (http block)
  • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo nfig/composer/vendor/bin/git (http block)
• https://api.github.com/repos/owner/repo/contents/file.md
  • Triggering command: /tmp/go-build4089091879/b370/cli.test /tmp/go-build4089091879/b370/cli.test -test.testlogfile=/tmp/go-build4089091879/b370/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true (http block)
• https://api.github.com/repos/test-owner/test-repo/actions/secrets
  • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[q] Update workflow normalizer to create a single consolidated issue</issue_title>
<issue_description>## Q Workflow Optimization Report

Issue Found

The workflow-normalizer workflow was creating up to 5 separate issues (one per non-compliant workflow), resulting in issue spam. See issue #16830 as an example — it was generated for a single workflow when all findings should be consolidated.

Changes Made

.github/workflows/workflow-normalizer.md:

1. Changed max: 5 → max: 1 in the safe-outputs.create-issue configuration — limits output to a single issue per run.

2. Rewrote Step 4 prompt — changed from "For each non-compliant workflow, create an issue" to "Create one issue that consolidates all non-compliant workflows found." The new template includes:

   • A summary table listing all non-compliant workflows at once
   • Consolidated required-changes instructions covering all workflows
   • A single agent task to fix all listed workflows

Expected Improvements

• Reduces issue noise: 1 issue per run (max) instead of up to 5
• Gives the fixing agent a complete picture of all workflows needing attention in one place
• Makes it easier to track and close style-normalization work

Validation

✅ workflow-normalizer.md compiled successfully.

• Fixes [workflow-style] Normalize report formatting for cli-consistency-checker #16830

AI generated by Q

• expires on Feb 21, 2026, 2:19 PM UTC

---

[!NOTE]
This was originally intended as a pull request, but the git push operation failed.

Workflow Run: View run details and download patch artifact

The patch file is available in the agent-artifacts artifact in the workflow run linked above.

To apply the patch locally:

# Download the artifact from the workflow run https://github.com/github/gh-aw/actions/runs/22185285725
# (Use GitHub MCP tools if gh CLI is not available)
gh run download 22185285725 -n agent-artifacts

# The patch file will be at agent-artifacts/tmp/gh-aw/aw.patch after download
# Apply the patch
git am agent-artifacts/tmp/gh-aw/aw.patch

Show patch preview (168 of 168 lines)

From 971ca23ceb19d95513220be10e89e87ba9da6d0a Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 19 Feb 2026 14:16:26 +0000
Subject: [PATCH] fix(workflow-normalizer): create single consolidated issue
 instead of multiple

- Change max from 5 to 1 in safe-outputs create-issue config
- Update Step 4 prompt to consolidate all non-compliant workflows into one issue
- New issue template uses a table listing all workflows with a single agent task

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .../workflows/workflow-normalizer.lock.yml    |  8 +--
 .github/workflows/workflow-normalizer.md      | 60 ++++++++++++-------
 2 files changed, 41 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/workflow-normalizer.lock.yml b/.github/workflows/workflow-normalizer.lock.yml
index ceabad9..4f2c12c 100644
--- a/.github/workflows/workflow-normalizer.lock.yml
+++ b/.github/workflows/workflow-normalizer.lock.yml
@@ -28,7 +28,7 @@
 #     - shared/mood.md
 #     - shared/reporting.md
 #
-# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"8673a900f90be1db556f4d2a8902d74919937b2037e03b2cd6445fd5e78675d4"}
+# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"45bc7216cd4ae98e16bbe10affdf05c580698482093dade0516ec7a7e515da36"}
 
 name: "Workflow Normalizer"
 "on":
@@ -436,12 +436,12 @@ jobs:
           mkdir -p /tmp/gh-aw/safeoutputs
           mkdir -p /tmp/gh-aw/mcp-logs/safeoutputs
           cat > /opt/gh-aw/safeoutputs/config.json << 'GH_AW_SAFE_OUTPUTS_CONFIG_EOF'
-          {"create_issue":{"expires":24,"group":true,"max":5},"missing_data":{},"missing_tool":{},"noop":{"max":1}}
+          {"create_issue":{"expires":24,"group":true,"max":1},"missing_data":{},"missing_tool":{},"noop":{"max":1}}
           GH_AW_SAFE_OUTPUTS_CONFIG_EOF
           cat > /opt/gh-aw/safeoutputs/tools.json << 'GH_AW_SAFE_OUTPUTS_TOOLS_EOF'
           [
             {
-              "description
... (truncated)

Comments on the Issue (you are @copilot in this section)

• Fixes [q] Update workflow normalizer to create a single consolidated issue #16840

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR updates the workflow-normalizer workflow to consolidate multiple per-workflow issues into a single consolidated issue per run, reducing issue spam. The change addresses issue #16830 where the workflow was creating up to 5 separate issues (one per non-compliant workflow).

Changes:

• Updated max constraint from 5 to 1 in safe-outputs configuration to enforce a single issue per run
• Rewrote Step 4 instructions to create one consolidated issue with a table of all non-compliant workflows instead of individual issues
• Recompiled lock file to reflect the updated configuration across all relevant sections (config.json, tools.json, and handler config)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
.github/workflows/workflow-normalizer.md	Changed max: 5 to max: 1 in frontmatter; rewrote Step 4 to create a single consolidated issue with a table listing all non-compliant workflows
.github/workflows/workflow-normalizer.lock.yml	Updated frontmatter hash; updated safe-outputs configuration in three places (config.json, tools.json description, and GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG) to reflect max: 1 constraint

Comments suppressed due to low confidence (1)

.github/workflows/workflow-normalizer.md:170

• The updated Step 4 template is well-structured and correctly consolidates all non-compliant workflows into a single issue. However, the Output Format section (lines 216-220, outside this diff) still shows an example with multiple issues being created:

### Issues Created

- [#123](link) - Normalize report formatting for workflow-name-1
- [#124](link) - Normalize report formatting for workflow-name-2

This example is now inconsistent with the new max: 1 constraint and should be updated to show a single consolidated issue instead. Consider updating that section to reflect that only one issue will be created per run, containing all non-compliant workflows.

### Step 4: Create One Consolidated Improvement Issue

Create **one** issue that consolidates all non-compliant workflows found.

**Title**: `[workflow-style] Normalize report formatting for non-compliant workflows`

**Body Template**:
```markdown
### Workflows to Update

The following workflows generate reports but don't include markdown style guidelines:

| Workflow File | Issues Found |
|---|---|
| `.github/workflows/<workflow-name-1>.md` | Missing header level guidelines |
| `.github/workflows/<workflow-name-2>.md` | No progressive disclosure instructions |

### Required Changes

For each workflow listed above, update the prompt to include these formatting guidelines:

#### 1. Header Levels
Add instruction: "Use h3 (###) or lower for all headers in your report to maintain proper document hierarchy."

#### 2. Progressive Disclosure
Add instruction: "Wrap long sections in `<details><summary><b>Section Name</b></summary>` tags to improve readability and reduce scrolling."

Example:
\`\`\`markdown
<details>
<summary><b>Full Analysis Details</b></summary>

[Long detailed content here...]

</details>
\`\`\`

#### 3. Report Structure
Suggest a structure like:
- Brief summary (always visible)
- Key metrics or highlights (always visible)
- Detailed analysis (in `<details>` tags)
- Recommendations (always visible)

### Design Principles (Airbnb-Inspired)

The updated workflows should create reports that:
1. **Build trust through clarity**: Most important info immediately visible
2. **Exceed expectations**: Add helpful context, trends, comparisons
3. **Create delight**: Use progressive disclosure to reduce overwhelm
4. **Maintain consistency**: Follow the same patterns as other reporting workflows

### Example Reference

See workflows like `daily-repo-chronicle` or `audit-workflows` for good examples of structured reporting.

### Agent Task

Update each workflow file listed in the table above to include the formatting guidelines in the prompt instructions. Test the updated workflows to ensure they produce well-formatted reports.

</details>



---

💡 <a href="/github/gh-aw/new/main/.github/instructions?filename=*.instructions.md" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Add Copilot custom instructions</a> for smarter, more guided reviews. <a href="https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Learn how to get started</a>.