Convert agentic workflows from Discussions to Issues

[Copilot]

Four agentic workflows (daily-qa, daily-perf-improver, daily-backlog-burner, audit-workflows) were failing with "No discussion categories available" errors. Repository has Discussions disabled.

Changes

Converted workflows to use Issues for progress tracking:

• safe-outputs configuration

  • create-discussion → create-issue with labels
  • add-comment.discussion: true → add-comment.issue: true
  • close-older-discussions → close-older-issues

• Workflow instructions

  • Phase selection logic: list_discussions → list_issues
  • Progress updates: reference tracking issues instead of discussions
  • Feedback collection: comment on issues instead of discussions

Example

# Before
safe-outputs:
  create-discussion:
    title-prefix: "${{ github.workflow }}"
    category: "ideas"

# After
safe-outputs:
  create-issue:
    title-prefix: "${{ github.workflow }}"
    labels: [automation, performance, planning]

Workflows retain identical functionality: multi-phase operation state persistence, human feedback loops, and automatic cleanup of older tracking items.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[repo-status] Daily Repository Status - February 14, 2026 ✨</issue_title>
<issue_description>## 📊 Repository Health Check

Control D Sync continues to evolve with strong momentum! The project is actively maintained with excellent automation coverage and a security-first mindset.

---

🎯 Recent Activity Highlights

🔧 Security Improvements in Progress

PR #222: 🛡️ Sentinel - Fix CSV Injection (Open)

• Addresses log sanitization vulnerability
• Prevents CSV/formula injection attacks when logs are viewed in spreadsheets
• Created by automated security agent (Jules)
• Shows proactive security monitoring! 🔒

📚 Recent Merges (February 13, 2026)

Yesterday was incredibly productive with 10 PRs merged! 🎉

Major Achievements:

1. PR 🛡️ Sentinel: Fix TOCTOU vulnerability in file permission check #198: Fixed TOCTOU race conditions in permission checks
2. PR ⚡ Bolt: Skip validation for known existing rules #199: Performance optimization - skip validation for existing rules
3. PR Add badges, configuration examples, and release process to README #202: Enhanced documentation with badges and release process

Automation Expansion - 7 new agentic workflows added:

• Daily Repo Status (Add agentic workflow daily-repo-status #200)
• Daily Backlog Burner (Add agentic workflow daily-backlog-burner #203)
• Daily Perf Improver (Add agentic workflow daily-perf-improver #204)
• Daily QA (Add agentic workflow daily-qa #205)
• PR Fix (Add agentic workflow pr-fix #208)
• Daily Doc Updater (Add agentic workflow daily-doc-updater #210)
• Daily Workflow Updater (Add agentic workflow daily-workflow-updater #213)
• Audit Workflows (Add agentic workflow audit-workflows #214)

---

⚠️ Action Items

High Priority

Workflow Configuration Issues 🔧
Several agentic workflows are experiencing failures due to missing GitHub Discussions:

• [agentics] Daily Workflow Updater failed #216: Daily Workflow Updater failed
• [agentics] Agentic Workflow Audit Agent failed #215: Agentic Workflow Audit Agent failed (1 comment)
• [agentics] Daily Documentation Updater failed #212: Daily Documentation Updater failed
• [agentics] Daily QA failed #211: Daily QA failed
• [agentics] Daily Perf Improver failed #209: Daily Perf Improver failed
• [agentics] Daily Backlog Burner failed #207: Daily Backlog Burner failed (1 comment)

Root Cause: No discussion categories available in the repository

Recommendation:

1. Enable GitHub Discussions in repository settings
2. Create appropriate discussion categories
3. Or update workflows to use Issues instead of Discussions

Medium Priority

• Review PR 🛡️ Sentinel: Fix CSV Injection in log sanitization #222: CSV injection security fix awaiting merge
• Monitor Workflow Health: Parent issue [agentics] Failed runs #206 tracks all workflow failures

---

💪 Project Strengths

Security Excellence 🛡️

• ✅ Automated security scanning (Bandit, Codacy)
• ✅ Proactive vulnerability detection (Jules sentinel agent)
• ✅ Recent fixes for TOCTOU and CSV injection vulnerabilities
• ✅ Security-focused development practices

Development Velocity 🚀

• 10 PRs merged in a single day (Feb 13)
• Fast iteration cycles
• Automated PR creation and review
• Clean commit history

Code Quality ✨

• Modern Python 3.13+ codebase
• Comprehensive test coverage (test_main.py, tests/ directory)
• Clean architecture with helper functions
• Type-safe credential handling

Automation Maturity 🤖

• 9+ GitHub Actions workflows
• Agentic workflows for maintenance tasks
• CI/CD for dry-runs and live syncs
• Daily status reporting (you're reading it! 📊)

---

📈 Recent Code Changes

Last 24 Hours

10 commits pushed to main branch, including:

• Security patches for race conditions and CSV injection
• Performance optimizations
• Documentation improvements
• Workflow additions

Lines of Code

• Main: ~1,500+ lines (main.py)
• Tests: ~800+ lines
• Total: Clean, maintainable codebase

---

🎯 Recommendations

Immediate Actions

1. Fix Discussion Dependencies: Enable Discussions or reconfigure workflows to use Issues
2. Merge Security PR: Review and merge 🛡️ Sentinel: Fix CSV Injection in log sanitization #222 for CSV injection fix
3. Close Workflow Failure Issues: Once fixed, close issues [agentics] Daily Backlog Burner failed #207-216

Short Term

1. Documentation: Add troubleshooting guide for common API errors
2. Testing: Consider integration tests for full sync flow
3. Release: Cut first official release (currently no releases)

Long Term

1. Feature: Support for multi-action folders (currently single action only)
2. Config: Move folder URLs to configuration file
3. Rollback: Add capability to revert failed syncs
4. Community: Create contributing guidelines and issue templates

---

🎉 Wins of the Day

Yesterday's Momentum 🌟

• 10 successful merges in one day
• 7 new automation workflows operational
• 2 security vulnerabilities addressed
• Performance optimization shipped

Project Maturity

The repository shows excellent DevOps practices with comprehensive automation, security scanning, and proactive vulnerability management. The addition of agentic workflows demonstrates forward-thinking automation strategy!

---

📊 Quick Stats

• Open Issues: 7 (all workflow-related, have resolution path)
• Open PRs: 1 (security fix, ready for review)
• Recent Commits: 10 (last 24 hours)
• **W...

• Fixes [repo-status] Daily Repository Status - February 14, 2026 ✨ #223

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[trunk-io]

😎 Merged manually by @abhimehro - details.

[github-actions]

👋 Development Partner is reviewing this PR. Will provide feedback shortly.

[Copilot]

Pull request overview

This PR converts four agentic workflows from using GitHub Discussions to GitHub Issues for progress tracking, resolving failures caused by Discussions being disabled in the repository. The conversion maintains identical workflow functionality while adapting to the available repository features.

Changes:

• Updated safe-outputs configuration: create-discussion → create-issue with labels array, discussion: true → issue: true, close-older-discussions → close-older-issues
• Modified workflow instructions to reference issues instead of discussions in phase selection logic (list_discussions → list_issues) and progress tracking
• Replaced discussion category parameters with semantically appropriate labels following repository conventions

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/daily-qa.md	Converted QA workflow from discussions to issues with [automation, qa, report] labels
.github/workflows/daily-perf-improver.md	Updated performance optimization workflow to use issues with [automation, performance, planning] labels and revised phase selection logic
.github/workflows/daily-backlog-burner.md	Converted backlog management workflow to use issues with [automation, backlog, planning] labels for tracking progress
.github/workflows/audit-workflows.md	Updated audit workflow to create issues with [automation, audit, report] labels and revised report formatting instructions

[Copilot]

The .md workflow source files have been correctly updated, but the corresponding .lock.yml files (which are the actual GitHub Actions workflow files) still contain Discussion-based configuration and will need to be regenerated by running gh aw compile after this PR is merged. The workflows will continue to fail until the .lock.yml files are updated. Consider either: 1) Including the regenerated .lock.yml files in this PR, or 2) Adding a clear note in the PR description that gh aw compile must be run immediately after merging to regenerate the workflow files.