Fix drift in agentic workflow contract, prompts, and docs#2008
Merged
Conversation
…ews-* workflows and prompts Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/3b78b26f-16ee-49b7-a930-02609b034351 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
…ubfolder/Tier-C duplicates, refresh keepalive comment, strip seo-contract audit history Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/c6bacac9-73cf-4ff6-8a36-1db50ffecba1 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
…ate bash arrays to AWF-safe printf+while-read pattern Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/578dd6ee-d206-4e2e-a93c-e532889ed8f6 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
…, version 0.8.56, stack versions) Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/6267053c-1d30-40a1-8a80-220e636148dd Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
pethers
April 26, 2026 08:27
View session
github-actions
Bot
added
documentation
Contributor
🏷️ Automatic Labeling SummaryThis PR has been automatically labeled based on the files changed and PR metadata. Applied Labels: documentation,security,workflow,isms,iso-27001,nist-csf,cis-controls,ci-cd,skill,size-xl,news,agentic-workflow,agent Label Categories
For more information, see |
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
Contributor
There was a problem hiding this comment.
Pull request overview
Aligns the agentic news workflow “contract surface” (workflows, prompt modules, skills, and root docs) to the current repository reality (11 workflows, updated toolchain versions) and reduces duplicated workflow boilerplate by introducing a shared pre-warm/pre-flight composite action.
Changes:
- Harmonizes agentic workflow runtime/time-budget expectations (notably
timeout-minutes: 45and safe-outputs deadline guidance) across news workflows and regenerated.lock.ymloutputs. - Cleans up prompt modules (deduplication, updated gate-check descriptions, and AWF-safe shell rewrites avoiding banned array/process-substitution patterns).
- Updates documentation/skill references to reflect the current workflow counts and toolchain versions; adds
.github/actions/news-prewarmto centralize common setup.
Reviewed changes
Copilot reviewed 75 out of 75 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
analysis/templates/README.md |
Updates workflow-count reference in template documentation. |
analysis/methodologies/README.md |
Updates workflow-count reference in methodology documentation. |
SWOT.md |
Updates agentic workflow count reference in SWOT narrative. |
SECURITY_ARCHITECTURE.md |
Updates agentic workflow count reference in security architecture summary. |
README.md |
Updates workflow-file count references and timeline mention to match current workflow set. |
MINDMAP.md |
Updates agentic workflow count reference in mindmap changelog section. |
FUTURE_WORKFLOWS.md |
Re-bases projections and current metrics to the new workflow-file counts. |
ARCHITECTURE.md |
Updates workflow surface summary to reflect 43 files / 11 agentic workflows. |
.github/workflows/news-weekly-review.md |
Sets timeout-minutes: 45 and replaces duplicated setup/preflight steps with the composite action; updates deadline wording. |
.github/workflows/news-weekly-review.lock.yml |
Regenerated lock file reflecting workflow + contract updates. |
.github/workflows/news-week-ahead.md |
Sets timeout-minutes: 45 and replaces duplicated setup/preflight steps with the composite action; updates deadline wording. |
.github/workflows/news-week-ahead.lock.yml |
Regenerated lock file reflecting workflow + contract updates. |
.github/workflows/news-translate.md |
Sets timeout-minutes: 45, uses composite prewarm, and tightens translate-specific time budget guidance to the safe-outputs deadline. |
.github/workflows/news-translate.lock.yml |
Regenerated lock file reflecting workflow + contract updates (incl. new aw_context input). |
.github/workflows/news-realtime-monitor.md |
Sets timeout-minutes: 45, uses composite prewarm, and updates safe-outputs deadline wording. |
.github/workflows/news-propositions.md |
Sets timeout-minutes: 45, uses composite prewarm, and updates safe-outputs deadline wording. |
.github/workflows/news-propositions.lock.yml |
Regenerated lock file reflecting workflow + contract updates. |
.github/workflows/news-motions.md |
Sets timeout-minutes: 45, uses composite prewarm, and updates safe-outputs deadline wording. |
.github/workflows/news-motions.lock.yml |
Regenerated lock file reflecting workflow + contract updates. |
.github/workflows/news-monthly-review.md |
Sets timeout-minutes: 45, uses composite prewarm, and updates safe-outputs deadline wording. |
.github/workflows/news-monthly-review.lock.yml |
Regenerated lock file reflecting workflow + contract updates. |
.github/workflows/news-month-ahead.md |
Sets timeout-minutes: 45, uses composite prewarm, and updates safe-outputs deadline wording. |
.github/workflows/news-month-ahead.lock.yml |
Regenerated lock file reflecting workflow + contract updates. |
.github/workflows/news-interpellations.md |
Sets timeout-minutes: 45, uses composite prewarm, and updates safe-outputs deadline wording. |
.github/workflows/news-evening-analysis.md |
Sets timeout-minutes: 45, uses composite prewarm, and updates safe-outputs deadline wording. |
.github/workflows/news-committee-reports.md |
Sets timeout-minutes: 45, uses composite prewarm, and updates safe-outputs deadline wording. |
.github/workflows/README.md |
Updates workflow catalog counts (43 total; 21 yaml + 11 md + 11 lock). |
.github/skills/swedish-political-system/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/strategic-communication-analysis/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/risk-assessment-frameworks/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/riksdag-regering-mcp/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/prospective-news-coverage/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/product-management-patterns/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/political-science-analysis/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/osint-methodologies/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/legislative-monitoring/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/investigative-journalism/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/intelligence-analysis-techniques/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/github-agentic-workflows/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-workflow-authoring/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-tools-ecosystem/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-security-architecture/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-safe-outputs/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-mcp-gateway/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-mcp-configuration/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-logging-monitoring/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-github-actions-integration/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-firewall/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-continuous-ai-patterns/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-containerization/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/gh-aw-authentication-credentials/SKILL.md |
Updates workflow-count reference for gh-aw usage in this repo. |
.github/skills/electoral-analysis/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/editorial-standards/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/data-science-for-intelligence/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/copilot-agent-patterns/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/comparative-politics-reporting/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/cia-data-integration/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/behavioral-analysis/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/skills/automated-content-generation/SKILL.md |
Updates workflow-count reference in skill integration section. |
.github/prompts/seo-metadata-contract.md |
Removes audit-history/change-log material and keeps the contract as a cleaner normative reference. |
.github/prompts/ext/tier-c-aggregation.md |
Removes a duplicated/overlapping workflow list line. |
.github/prompts/README.md |
Updates gate-check wording (checks 1–9) and adds the SEO metadata contract to the module catalogue; updates workflow-file count. |
.github/prompts/07-commit-and-pr.md |
Updates “deadline enforcement” framing to three timers and revises deadline narrative accordingly. |
.github/prompts/05-analysis-gate.md |
Rewrites bash gate examples to avoid banned array/process-substitution patterns; removes stale phase-checkpoint reference. |
.github/prompts/04-analysis-pipeline.md |
Removes stale phase-checkpoint guidance and retains Pass-1 snapshot requirement. |
.github/prompts/03-data-download.md |
Rewrites required-artifact loop to avoid banned bash array patterns; merges duplicate realtime rows. |
.github/prompts/02-mcp-access.md |
Deduplicates duplicated intro/table section. |
.github/prompts/00-base-contract.md |
Updates session keepalive guidance to the “three timers” model and clarifies operative deadline. |
.github/copilot-instructions.md |
Updates stack/toolchain versions and workflow counts; bumps instructions version metadata. |
.github/aw/actions-lock.json |
Adds actions/setup-node@v6.4.0 to the action lock registry. |
.github/actions/news-prewarm/action.yml |
New composite action encapsulating node setup, npm install, MCP pre-warm, and network pre-flight checks. |
| using: 'composite' | ||
| steps: | ||
| - name: Setup Node.js | ||
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 |
There was a problem hiding this comment.
.github/actions/news-prewarm pins actions/setup-node to the v6.2.0 SHA, but this version/SHA is not present in .github/aw/actions-lock.json (which now lists v6.3.0 and v6.4.0). This creates lock drift and can break any validation that expects all used actions to be represented in the actions lock. Align by updating the composite action to the repo’s pinned setup-node version (or add the missing v6.2.0 entry to the lock, but keeping one consistent version across workflows is preferable).
Suggested change
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| uses: actions/setup-node@v6.4.0 |
Comment on lines
+17
to
53
| while IFS= read -r f; do | ||
| [ -z "$f" ] && continue | ||
| COUNT=$((COUNT + 1)) | ||
| [ -s "$ANALYSIS_DIR/$f" ] || { ALL_PRESENT=false; break; } | ||
| done | ||
| done <<'REQUIRED_ARTIFACTS' | ||
| README.md | ||
| executive-brief.md | ||
| synthesis-summary.md | ||
| significance-scoring.md | ||
| classification-results.md | ||
| swot-analysis.md | ||
| risk-assessment.md | ||
| threat-analysis.md | ||
| stakeholder-perspectives.md | ||
| data-download-manifest.md | ||
| cross-reference-map.md | ||
| scenario-analysis.md | ||
| comparative-international.md | ||
| devils-advocate.md | ||
| intelligence-assessment.md | ||
| methodology-reflection.md | ||
| election-2026-analysis.md | ||
| voter-segmentation.md | ||
| coalition-mathematics.md | ||
| historical-parallels.md | ||
| media-framing-analysis.md | ||
| implementation-feasibility.md | ||
| forward-indicators.md | ||
| REQUIRED_ARTIFACTS | ||
|
|
||
| # Tier-C workflows add no new files — all 23 are already mandatory. What | ||
| # Tier-C adds is the cross-type synthesis + period multipliers enforced by | ||
| # ext/tier-c-aggregation.md and the gate in 05-analysis-gate.md. | ||
|
|
||
| [ "$ALL_PRESENT" = "true" ] && SKIP_ANALYSIS=true | ||
| echo "SKIP_ANALYSIS=$SKIP_ANALYSIS (required artifacts present: $ALL_PRESENT, count: ${#REQ[@]})" | ||
| echo "SKIP_ANALYSIS=$SKIP_ANALYSIS (required artifacts present: $ALL_PRESENT, count: $COUNT)" | ||
| ``` |
There was a problem hiding this comment.
The pre-flight loop breaks on the first missing artifact, so COUNT is the number of items checked up to the first missing file, not the total required-artifact count. The log line can therefore be misleading (e.g., it may print count: 7 even though 23 artifacts are required). Consider emitting a constant expected count (23) and/or tracking a separate EXPECTED=23 vs CHECKED=$COUNT to keep the output accurate for debugging.
| > | ||
| > **🆕 What changed since last review (v1.0 → v1.1, 2026-04-20):** | ||
| > - **Strengths (expanded):** `v0.8.48` shipped to npm with SLSA provenance; dual-distribution model (static site + public npm package); **2,669 files** across 14 languages including RTL (HE, AR); **15 CIA data subsystems**; **12 agentic news workflows** under five-layer safe-output control; OpenSSF Best Practices badge #12069; OpenSSF Scorecard transparency; AI FIRST quality process (minimum-2-iteration rule); full OIDC CI/CD with zero long-lived AWS credentials; 24 Copilot agents + 92 skills driving automation leverage. | ||
| > - **Strengths (expanded):** `v0.8.48` shipped to npm with SLSA provenance; dual-distribution model (static site + public npm package); **2,669 files** across 14 languages including RTL (HE, AR); **15 CIA data subsystems**; **11 agentic news workflows** under five-layer safe-output control; OpenSSF Best Practices badge #12069; OpenSSF Scorecard transparency; AI FIRST quality process (minimum-2-iteration rule); full OIDC CI/CD with zero long-lived AWS credentials; 24 Copilot agents + 92 skills driving automation leverage. |
There was a problem hiding this comment.
This line claims there are “92 skills”, but the canonical skill catalog .github/skills/README.md states the repository contains 91 skill packages. Please reconcile this number (either update the SWOT entry to 91, or update the skill catalog if 92 is now correct) to avoid ongoing doc drift.
| > | ||
| > **🆕 What changed since last review (v1.1 → v1.2, 2026-04-20):** | ||
| > - Mindmaps expanded to explicitly enumerate the **15 CIA data subsystems** (anomaly, coalition, committee, distribution, election, election-cycle, ministry, parties, party, percentile, politician, pre-election, risk, seasonal, voting), **12 agentic news workflows**, **24 Copilot agents**, **92 skills**, **8 MCP servers**, **14 languages**, and the **dual distribution model** (static site + `riksdagsmonitor` npm package with SLSA provenance). | ||
| > - Mindmaps expanded to explicitly enumerate the **15 CIA data subsystems** (anomaly, coalition, committee, distribution, election, election-cycle, ministry, parties, party, percentile, politician, pre-election, risk, seasonal, voting), **11 agentic news workflows**, **24 Copilot agents**, **92 skills**, **8 MCP servers**, **14 languages**, and the **dual distribution model** (static site + `riksdagsmonitor` npm package with SLSA provenance). |
There was a problem hiding this comment.
This line claims there are “92 skills”, but the canonical skill catalog .github/skills/README.md describes 91 skill packages. Please reconcile the number here (and elsewhere) to keep documentation consistent.
…API_README (SEO-rich) Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/8bc12e70-2317-481c-b367-b67432376ca3 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
Member
|
@copilot apply changes based on the comments in this thread |
…fact counter, 91 skills Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/bc64b7e5-0b4b-4543-9084-62fdbdaae9bd Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Contributor
Author
All four review threads addressed in 39baad0:
|
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
Comment on lines
32
to
34
| Shared types, theme system, and dashboard utilities are published as an npm package with provenance: | ||
|
|
||
| Shared types, theme system, and dashboard utilities are published as an npm package with provenance: |
There was a problem hiding this comment.
The "npm Package" section repeats the same sentence twice (lines 32 and 34), which looks like an accidental duplication and makes the doc harder to read. Remove one of the duplicate lines so the section only introduces the package once.
| @@ -35,43 +35,63 @@ This is the **only** gate separating analysis from article generation. If it fai | |||
|
|
|||
| No dedicated validator script exists yet — implement the checks as an inline bash gate. Full implementation (covers checks 1–8): | |||
There was a problem hiding this comment.
This section says the inline bash implementation "covers checks 1–8", but the contract in .github/prompts/README.md now defines checks 1–9 (with supplementary check 9 conditions). Update the wording here to match the current contract (either enumerate check 9 in the list above or say the implementation covers checks 1–9, with check 9 conditional).
Suggested change
| No dedicated validator script exists yet — implement the checks as an inline bash gate. Full implementation (covers checks 1–8): | |
| No dedicated validator script exists yet — implement the checks as an inline bash gate. Full implementation (covers checks 1–9, with check 9 conditional where applicable): |
Member
|
@copilot apply changes based on the comments in this thread fix all with focus correctness/consistency |
… checks 1–9 Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/6ce65863-3e44-40ef-a73c-6b2bdd802964 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Contributor
Author
Both threads addressed in f956aa6:
|
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
Copilot AI
added a commit
that referenced
this pull request
Apr 26, 2026
…ction (PR #2008) Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/9779450d-1150-4617-ae7c-9a19f74bef10 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New requirement (this iteration) — addressing 2 reviewer comments on PR #2008
docs/API_README.md— removed duplicate "Shared types, theme system, and dashboard utilities…" sentence in the npm Package section (was repeated on lines 32 and 34)..github/prompts/05-analysis-gate.md— updated implementation note from "covers checks 1–8" → "covers checks 1–9, with check 9 conditional where applicable", aligning with the contract in.github/prompts/README.md.Carry-over from prior iterations (already in branch)
gh aw compile --validatev0.69.3 → 0 errors / 0 warnings