diff --git a/pkg/cli/access_log.go b/pkg/cli/access_log.go
index 0699161053..e2878748b7 100644
--- a/pkg/cli/access_log.go
+++ b/pkg/cli/access_log.go
@@ -57,12 +57,7 @@ func parseSquidAccessLog(logPath string, verbose bool) (*DomainAnalysis, error)
 	}
 	defer file.Close()
 
-	analysis := &DomainAnalysis{
-		DomainBuckets: DomainBuckets{
-			AllowedDomains: []string{},
-			BlockedDomains: []string{},
-		},
-	}
+	analysis := &DomainAnalysis{}
 
 	allowedDomainsSet := make(map[string]bool)
 	blockedDomainsSet := make(map[string]bool)
@@ -189,12 +184,7 @@ func analyzeMultipleAccessLogs(accessLogsDir string, verbose bool) (*DomainAnaly
 		verbose,
 		parseSquidAccessLog,
 		func() *DomainAnalysis {
-			return &DomainAnalysis{
-				DomainBuckets: DomainBuckets{
-					AllowedDomains: []string{},
-					BlockedDomains: []string{},
-				},
-			}
+			return &DomainAnalysis{}
 		},
 	)
 }
diff --git a/pkg/cli/add_workflow_pr.go b/pkg/cli/add_workflow_pr.go
index 7b37414a51..a592030a38 100644
--- a/pkg/cli/add_workflow_pr.go
+++ b/pkg/cli/add_workflow_pr.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/github/gh-aw/pkg/console"
 	"github.com/github/gh-aw/pkg/logger"
+	"github.com/github/gh-aw/pkg/sliceutil"
 )
 
 var addWorkflowPRLog = logger.New("cli:add_workflow_pr")
@@ -116,10 +117,9 @@ func addWorkflowsWithPR(workflows []*ResolvedWorkflow, opts AddOptions) (int, st
 		prTitle = fmt.Sprintf("Add agentic workflow %s", joinedNames)
 		prBody = fmt.Sprintf("Add agentic workflow %s", joinedNames)
 	} else {
-		workflowNames := make([]string, len(workflows))
-		for i, wf := range workflows {
-			workflowNames[i] = wf.Spec.WorkflowName
-		}
+		workflowNames := sliceutil.Map(workflows, func(wf *ResolvedWorkflow) string {
+			return wf.Spec.WorkflowName
+		})
 		joinedNames = strings.Join(workflowNames, ", ")
 		commitMessage = fmt.Sprintf("Add agentic workflows: %s", joinedNames)
 		prTitle = fmt.Sprintf("Add agentic workflows: %s", joinedNames)
diff --git a/pkg/cli/audit_report_analysis.go b/pkg/cli/audit_report_analysis.go
index e74786c16b..45993fa2d7 100644
--- a/pkg/cli/audit_report_analysis.go
+++ b/pkg/cli/audit_report_analysis.go
@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/github/gh-aw/pkg/console"
+	"github.com/github/gh-aw/pkg/sliceutil"
 	"github.com/github/gh-aw/pkg/timeutil"
 )
 
@@ -90,10 +91,9 @@ func generateFindings(processedRun ProcessedRun, metrics MetricsData, errors []E
 
 	// MCP failure findings
 	if len(processedRun.MCPFailures) > 0 {
-		serverNames := make([]string, len(processedRun.MCPFailures))
-		for i, failure := range processedRun.MCPFailures {
-			serverNames[i] = failure.ServerName
-		}
+		serverNames := sliceutil.Map(processedRun.MCPFailures, func(failure MCPFailureReport) string {
+			return failure.ServerName
+		})
 		findings = append(findings, Finding{
 			Category:    "tooling",
 			Severity:    "high",
diff --git a/pkg/cli/firewall_log.go b/pkg/cli/firewall_log.go
index 449428fd5e..fd4269ae14 100644
--- a/pkg/cli/firewall_log.go
+++ b/pkg/cli/firewall_log.go
@@ -231,10 +231,6 @@ func parseFirewallLog(logPath string, verbose bool) (*FirewallAnalysis, error) {
 	defer file.Close()
 
 	analysis := &FirewallAnalysis{
-		DomainBuckets: DomainBuckets{
-			AllowedDomains: []string{},
-			BlockedDomains: []string{},
-		},
 		RequestsByDomain: make(map[string]DomainRequestStats),
 	}
 
@@ -391,10 +387,6 @@ func analyzeMultipleFirewallLogs(logsDir string, verbose bool) (*FirewallAnalysi
 		parseFirewallLog,
 		func() *FirewallAnalysis {
 			return &FirewallAnalysis{
-				DomainBuckets: DomainBuckets{
-					AllowedDomains: []string{},
-					BlockedDomains: []string{},
-				},
 				RequestsByDomain: make(map[string]DomainRequestStats),
 			}
 		},