fix(ci): unblock daily-qa network and add issue input

[zircote]

Summary

• Network fix: Add strict: false, github, and containers ecosystem identifiers to network.allowed — resolves the 403 firewall blocks on cargo/crates.io and GitHub API calls reported in discussion Daily QAReport - 2026-02-27 #114
• Issue input: Add workflow_dispatch input so the QA report can target a specific issue/discussion number
• Issue discipline: Only create issues for actionable findings; informational results go to discussions only

Context

Discussion #114 showed all cargo operations (build, test, clippy, doc) and GitHub API calls failing with CONNECT tunnel failed, response 403 due to the Agent Workflow Firewall blocking egress. The rust ecosystem identifier was present but strict mode (default) was preventing non-defaults identifiers from resolving.

Test plan

• Verify gh aw compile daily-qa succeeds with 0 errors
• Manually dispatch Daily QA workflow and confirm cargo build/test pass
• Manually dispatch with issue: 114 input and verify focused analysis

[github-actions]

Benchmark Results

No benchmarks configured. Add benchmarks to benches/ directory.

Full results available in CI artifacts.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.83%. Comparing base (ba8783b) to head (d4a2eb5).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #115   +/-   ##
=======================================
  Coverage   95.83%   95.83%           
=======================================
  Files           9        9           
  Lines        6499     6499           
=======================================
  Hits         6228     6228           
  Misses        271      271           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Code Coverage Report

Overall Coverage: 0%

Summary

Filename                      Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover    Branches   Missed Branches     Cover
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
client.rs                        1444                67    95.36%         118                13    88.98%         923                35    96.21%           0                 0         -
format.rs                        2172                 3    99.86%         132                 1    99.24%        1292                 1    99.92%           0                 0         -
main.rs                           326               241    26.07%          14                 8    42.86%         225               168    25.33%           0                 0         -
mcp/analytics.rs                  408                 2    99.51%          24                 0   100.00%         331                 0   100.00%           0                 0         -
mcp/mod.rs                        144                55    61.81%          23                15    34.78%         128                65    49.22%           0                 0         -
mcp/prompts.rs                   1908                33    98.27%         126                 6    95.24%        1043                12    98.85%           0                 0         -
mcp/resources.rs                 1317                20    98.48%          93                 1    98.92%         865                 6    99.31%           0                 0         -
mcp/tools.rs                     2146                90    95.81%         116                18    84.48%        1333                47    96.47%           0                 0         -
models.rs                        1079                31    97.13%          78                10    87.18%         762                14    98.16%           0                 0         -
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                           10944               542    95.05%         724                72    90.06%        6902               348    94.96%           0                 0         -

Full HTML report available in CI artifacts.

[Copilot]

Pull request overview

This PR fixes network access issues in the Daily QA workflow by configuring the Agent Workflow Firewall to allow access to Rust/Cargo ecosystems, and adds the ability to focus QA analysis on specific issues via a workflow dispatch input. The changes address Discussion #114 where cargo operations and GitHub API calls were blocked with 403 errors.

Changes:

• Added strict: false and ecosystem identifiers (github, rust, containers) to network configuration, enabling access to crates.io, rustup, and related domains needed for Rust development
• Added issue input parameter to workflow_dispatch trigger, allowing manual runs to target specific issues or discussions for focused QA analysis
• Updated workflow instructions to emphasize creating issues only for actionable problems (bugs, test failures, documentation errors) rather than informational findings

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/daily-qa.md	Source workflow configuration with network fixes, new issue input, and improved issue creation discipline
.github/workflows/daily-qa.lock.yml	Generated lockfile with compiler v0.47.1 incorporating network domain allowlists, issue input wiring, and infrastructure updates
.github/aw/actions-lock.json	Added version entry for gh-aw/actions/setup@v0.47.1

[Copilot]

The concurrency group was changed from gh-aw-${{ github.workflow }} to include ${{ github.event.discussion.number }}. However, this workflow is only triggered by schedule and workflow_dispatch events (lines 35-42), neither of which populate github.event.discussion.number. This means the expression will always evaluate to gh-aw-Daily QA- (with an empty string for the discussion number), causing all runs to share the same concurrency group.

This appears to be introduced by the compiler upgrade from v0.45.0 to v0.47.1. Since this is a generated file, this may be a compiler bug that should be reported upstream. For now, consider:

1. Checking if there's a way to configure concurrency in the source .md file
2. Reporting this as a bug to the gh-aw compiler maintainers
3. As a temporary workaround, manually fixing this line to group: "gh-aw-${{ github.workflow }}" (though this would be overwritten on next compile)

Suggested change

	group: "gh-aw-${{ github.workflow }}-${{ github.event.discussion.number }}"
	group: "gh-aw-${{ github.workflow }}"