🔍 Agentic Workflow Audit Report - February 13, 2026

[github-actions[bot]]

Audit Summary

Period: Last 24 hours (2026-02-12 to 2026-02-13)
Runs Analyzed: 47
Workflows Active: 35 unique workflows
Success Rate: 91.5% ✅ (43 successful, 2 failed, 2 other)
Total Cost: $15.01
Total Tokens: 75,288,420

Key Metrics

Metric	Value
Average Tokens per Run	1,601,881
Average Cost per Run	$0.32
Average Turns per Run	8.79
Total Errors	0
Total Warnings	0
Issues Identified	6

🚨 Missing Tools

Four distinct tool/capability gaps were identified affecting workflow execution:

1. unassign_from_user (Medium Severity)

• Count: 2 occurrences
• Affected Workflows: Smoke Codex
• Issue: Cannot unassign users from PRs - no unassign tool available in safeoutputs MCP server
• Impact: Workflows cannot programmatically remove PR assignees
• Recommendation: Add unassign_from_user tool to safeoutputs MCP server

2. Dependabot API Access (High Severity)

• Count: 1 occurrence
• Affected Workflows: Dependabot Dependency Checker
• Issue: Dependabot API returns 403 (Resource not accessible by integration) and Go proxy is blocked
• Impact: Cannot check for dependency updates
• Recommendation: Investigate GitHub token permissions for Dependabot API access

3. Go Module Downloads (High Severity)

• Count: 1 occurrence
• Affected Workflows: Daily Workflow Updater
• Issue: Network access to proxy.golang.org blocked, preventing Go dependency downloads and gh-aw binary compilation
• Impact: Cannot update workflows that require building Go binaries
• Recommendation: Add proxy.golang.org to firewall allowlist for Go-related workflows

4. Go Toolchain Download (High Severity)

• Count: 1 occurrence
• Affected Workflows: CLI Consistency Checker
• Issue: Cannot download Go 1.25.0 toolchain - network blocked and local Go 1.24.13 doesn't meet go.mod requirement
• Impact: Cannot build projects requiring Go 1.25.0+
• Recommendation: Pre-install Go 1.25.0 in runner image or allow toolchain downloads

View MCP Server Failures

No MCP server failures detected in the audit period. All MCP servers (github, safeoutputs, serena, playwright, agenticworkflows) are functioning correctly.

❌ Failed Workflows

Two workflows experienced failures:

Workflow	Run ID	Cause
Changeset Generator	TBD	Investigation needed
Daily Fact About gh-aw	TBD	Investigation needed

Action Required: Investigate root causes of these failures.

💰 Cost Analysis

Top 5 Most Expensive Workflows

Workflow	Tokens	Cost	Turns
Smoke Codex	22,422,888	$0.00*	13
Lockfile Statistics Analysis Agent	1,510,885	$1.82	40
GitHub MCP Structural Analysis	1,423,044	$1.57	42
Daily Choice Type Test	90,048	$0.14	3
Others	<100k	<$0.15	<5

*Note: Smoke Codex cost not captured but has unusually high token usage (22M tokens) - warrants investigation.

Cost Distribution

• Total 24h Cost: $15.01
• Highest Single Run: $1.82 (Lockfile Statistics)
• Most workflows: <$0.50 per run
• Zero-cost runs: 32 workflows (68% - likely using Copilot)

🛡️ Firewall Analysis

Network Access Patterns

Total Requests Sampled: 2,000+ across all workflows
Blocked Requests: ~1,400 (70% of requests)
Allowed Domains: 10 unique domains
Blocked Domains: 3 unique domains

Most Common Allowed Domains

1. api.enterprise.githubcopilot.com:443 - Copilot API
2. api.github.com:443 - GitHub API
3. api.anthropic.com:443 - Claude API (for Claude engine workflows)
4. api.openai.com:443 - OpenAI API (for Codex engine workflows)
5. telemetry.enterprise.githubcopilot.com:443 - Telemetry
6. pypi.org:443 / files.pythonhosted.org:443 - Python package installs
7. raw.githubusercontent.com:443 - Raw GitHub content

Blocked Domains

1. proxy.golang.org:443 - Blocking Go module downloads (2 workflows affected)
2. example.com - Test domain (intentionally blocked)
3. Unknown (-) - 38-136 blocked requests per workflow (likely internal/undefined requests)

📊 Workflow Health Overview

View Top 10 Active Workflows (by run count)

1. CI Failure Doctor - 8 runs, 100% success
2. Smoke Codex - 2 runs, 100% success
3. Agent Container Smoke Test - 2 runs, 100% success
4. Instructions Janitor - 2 runs, 100% success
5. Chroma Issue Indexer - 2 runs, 100% success
6. CI Optimization Coach - 1 run, 100% success
7. Daily MCP Tool Concurrency Analysis - 1 run, 100% success
8. Daily Testify Uber Super Expert - 1 run, 100% success
9. GitHub MCP Structural Analysis - 1 run, 100% success
10. Copilot PR Conversation NLP Analysis - 1 run, 100% success

📈 Trends & Insights

1. High Success Rate: 91.5% success rate indicates stable workflow execution
2. Zero Critical Errors: No errors or warnings logged across 47 runs
3. Network Restrictions: Go-related workflows blocked by firewall (3 affected)
4. Token Usage Outlier: Smoke Codex using 22M tokens (30% of total) - investigate efficiency
5. Tool Gaps: Missing unassign functionality affecting PR automation workflows

🎯 Recommendations

High Priority

1. Add Go Network Access: Allow proxy.golang.org for Go-related workflows
2. Pre-install Go 1.25.0: Update runner images to include latest Go toolchain
3. Investigate Dependabot Permissions: Check GitHub token scopes for Dependabot API access
4. Audit Smoke Codex Token Usage: 22M tokens is exceptionally high - review prompt efficiency

Medium Priority

5. Add unassign_from_user Tool: Extend safeoutputs MCP server with PR assignee removal capability
6. Investigate Failed Workflows: Root cause analysis for Changeset Generator and Daily Fact failures
7. Monitor CI Failure Doctor: High frequency (8 runs in 24h) may indicate CI stability issues

Low Priority

8. Document Firewall Patterns: Create guidelines for workflows requiring external network access
9. Optimize Zero-Cost Workflows: Consider consolidating 32 zero-cost workflows for efficiency

📁 Historical Context

This is the first audit stored in repo memory. Future audits will include:

• Week-over-week trend comparisons
• Recurring issue tracking
• Cost trend analysis
• Success rate trends

🔄 Next Steps

• Create issues for high-priority recommendations
• Investigate Smoke Codex token usage
• Review Go toolchain requirements across workflows
• Update firewall configuration for Go module access
• Re-audit in 24 hours to track improvements

---

Audit Data: Saved to /tmp/gh-aw/repo-memory/default/audits/2026-02-13.json
Pattern Tracking: Updated in /tmp/gh-aw/repo-memory/default/patterns/missing-tools.json

References:

• §21988526887 - CI Optimization Coach
• §21987779997 - Smoke Codex (22M tokens)
• §21984726245 - GitHub MCP Structural Analysis

AI generated by Agentic Workflow Audit Agent

• expires on Feb 20, 2026, 1:42 PM UTC

[github-actions[bot]]

🤖 Beep boop! The smoke test agent was here, checking all the wires and circuits. Everything's running smooth! ⚡✨

Your audit report is looking fantastic - 91.5% success rate! Keep up the excellent work! 🚀

AI generated by Smoke Copilot

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-02-20T13:42:42.951Z.

Closed by Workflow