Add output mode, artifact upload, and condensed inputs

- Add 'output' input: 'Create Issue' (default) or 'Action Summary'
  When 'Action Summary', the report is written to the step summary
  and uploaded as an artifact but no issue is created.

- Condense repo/branch inputs into owner/repo:branch format:
  csharp_sdk: 'modelcontextprotocol/csharp-sdk:main'
  conformance: 'modelcontextprotocol/conformance:main'
  Parsed with bash parameter expansion (${var%%:*} / ${var#*:})

- Add post-steps to upload /tmp/audit-report.md as an artifact
  (90-day retention, ignore if missing)

- Executive summary now uses bullet points instead of a paragraph

- Audit report always written to $GITHUB_STEP_SUMMARY regardless
  of output mode, so the summary page always shows results

- Agent writes a single /tmp/audit-report.md combining executive
  summary + assessment + remediation, used for both issue body
  and action summary

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jeffhandley

.github/aw/actions-lock.json

@@ -20,6 +20,11 @@
       "version": "v6.3.0",
       "sha": "53b83947a5a98c8d113130e565377fae1a50d02f"
     },
+    "actions/upload-artifact@v4": {
+      "repo": "actions/upload-artifact",
+      "version": "v4",
+      "sha": "ea165f8d65b6e75b540449e92b4886f43607fa02"
+    },
     "actions/upload-artifact@v7": {
       "repo": "actions/upload-artifact",
       "version": "v7",

.github/workflows/sdk-tier-audit.lock.yml

@@ -4,24 +4,15 @@ description: "SDK Tier Audit"
 permissions:
   contents: read
   issues: read
-  pull-requests: read
 
 safe-outputs:
   create-issue:
     title-prefix: "[C# SDK Tier Audit] "
     labels: [automation]
     close-older-issues: true
-    max: 1
-
-tools:
-  github:
-    min-integrity: approved
 
 if: github.repository_owner == 'modelcontextprotocol' || github.event_name == 'workflow_dispatch'
 
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-
 concurrency:
   group: tier-audit-${{ github.event.inputs.scope || 'Conformance + Repo Health' }}
   cancel-in-progress: true
@@ -42,24 +33,10 @@ network:
 timeout-minutes: 120
 
 steps:
-  - name: Write tier-check outputs to files
+  - name: Write tier-check scorecard to file
     env:
       TIER_CHECK_JSON: ${{ needs.tier-check.outputs.tier_check_json }}
-      AUDIT_SCOPE: ${{ needs.tier-check.outputs.scope }}
-      AUDIT_OUTPUT: ${{ needs.tier-check.outputs.output }}
-      AUDIT_SDK_REPO: ${{ needs.tier-check.outputs.csharp_sdk_repo }}
-      AUDIT_SDK_BRANCH: ${{ needs.tier-check.outputs.csharp_sdk_branch }}
-      AUDIT_CONF_REPO: ${{ needs.tier-check.outputs.conformance_repo }}
-      AUDIT_CONF_BRANCH: ${{ needs.tier-check.outputs.conformance_branch }}
-    run: |
-      echo "$TIER_CHECK_JSON" > /tmp/tier-check-scorecard.json
-      mkdir -p /tmp/audit-params
-      echo "$AUDIT_SCOPE" > /tmp/audit-params/scope
-      echo "$AUDIT_OUTPUT" > /tmp/audit-params/output
-      echo "$AUDIT_SDK_REPO" > /tmp/audit-params/csharp-sdk-repo
-      echo "$AUDIT_SDK_BRANCH" > /tmp/audit-params/csharp-sdk-branch
-      echo "$AUDIT_CONF_REPO" > /tmp/audit-params/conformance-repo
-      echo "$AUDIT_CONF_BRANCH" > /tmp/audit-params/conformance-branch
+    run: echo "$TIER_CHECK_JSON" > /tmp/tier-check-scorecard.json
 
 post-steps:
   - name: Upload audit report
@@ -278,18 +255,12 @@ Perform a tier audit of the C# MCP SDK. The deterministic tier-check scorecard h
 
 ## Inputs
 
-All parameters are written to `/tmp/audit-params/` by a pre-agent step. Read them:
+- **Scope**: ${{ needs.tier-check.outputs.scope }}
+- **Output mode**: ${{ needs.tier-check.outputs.output }}
+- **C# SDK**: ${{ needs.tier-check.outputs.csharp_sdk_repo }} (branch: ${{ needs.tier-check.outputs.csharp_sdk_branch }})
+- **Conformance**: ${{ needs.tier-check.outputs.conformance_repo }} (branch: ${{ needs.tier-check.outputs.conformance_branch }})
 
-```bash
-SCOPE=$(cat /tmp/audit-params/scope)
-OUTPUT_MODE=$(cat /tmp/audit-params/output)
-SDK_REPO=$(cat /tmp/audit-params/csharp-sdk-repo)
-SDK_BRANCH=$(cat /tmp/audit-params/csharp-sdk-branch)
-CONF_REPO=$(cat /tmp/audit-params/conformance-repo)
-CONF_BRANCH=$(cat /tmp/audit-params/conformance-branch)
-```
-
-The tier-check scorecard is at `/tmp/tier-check-scorecard.json`.
+The scorecard is at `/tmp/tier-check-scorecard.json` (written by a pre-agent step from the `tier-check` job output).
 
 ## Tier-Check Scorecard (pre-computed)
 
@@ -301,16 +272,11 @@ cat /tmp/tier-check-scorecard.json
 
 ## Step 1: Setup
 
-Read the parameters from `/tmp/audit-params/` and clone both repositories for the AI-assisted evaluations. Use shallow clones.
+Clone both repositories for the AI-assisted evaluations. Use shallow clones.
 
 ```bash
-SDK_REPO=$(cat /tmp/audit-params/csharp-sdk-repo)
-SDK_BRANCH=$(cat /tmp/audit-params/csharp-sdk-branch)
-CONF_REPO=$(cat /tmp/audit-params/conformance-repo)
-CONF_BRANCH=$(cat /tmp/audit-params/conformance-branch)
-
-git clone --depth 1 -b "$SDK_BRANCH" "https://github.com/${SDK_REPO}.git" /tmp/csharp-sdk
-git clone --depth 1 -b "$CONF_BRANCH" "https://github.com/${CONF_REPO}.git" /tmp/conformance
+git clone --depth 1 -b <csharp_sdk_branch> https://github.com/<csharp_sdk_repo>.git /tmp/csharp-sdk
+git clone --depth 1 -b <conformance_branch> https://github.com/<conformance_repo>.git /tmp/conformance
 ```
 
 You do NOT need to build either repo or start any servers — the conformance tests have already run.
@@ -365,13 +331,11 @@ cat /tmp/audit-report.md >> "$GITHUB_STEP_SUMMARY"
 
 ## Step 4: Publish Results
 
-Read the output mode: `cat /tmp/audit-params/output`
-
 ### If output mode is "Create Issue"
 
 Create a GitHub issue using the `create-issue` safe output.
 
-**Issue title** — Read the scope from `cat /tmp/audit-params/scope`. The dynamic part (after the `[C# SDK Tier Audit] ` prefix):
+**Issue title** — The dynamic part (after the `[C# SDK Tier Audit] ` prefix):
 
 - **"Conformance + Repo Health" scope**: `<YYYY-MM-DD> - Tier <N>`
 - **"Repo Health" scope**: `<YYYY-MM-DD> - Tier <N> (Repo Health)`