You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Comprehensive statistical analysis of all 153 .lock.yml files in .github/workflows/. This is the first run establishing a baseline for future trend tracking.
Executive Summary
Metric
Value
Total Lock Files
153
Total Size
9,532 KB (9.31 MB)
Average File Size
62.3 KB
Size Range
25.2 KB – 122.0 KB
Analysis Date
2026-02-19
Dominant Engine
GitHub Copilot (68.6%)
Most Common Trigger Combo
schedule + workflow_dispatch (105 workflows)
File Size Distribution
Size Range
Count
Percentage
< 10 KB
0
0.0%
10–50 KB
8
5.2%
50–100 KB
142
92.8%
> 100 KB
3
2.0%
The vast majority of lock files (92.8%) fall in the 50–100 KB range, indicating a highly consistent structure across workflows.
113 workflows use scheduled triggers with 97 unique cron expressions. Most schedules run at specific times to avoid congestion.
Schedule Type Breakdown:
Weekday-only (1-5): 25 schedules
Weekly (specific day): 11 schedules
Every N hours (*/4, */6, */12): 10 schedules
One-off cron: 67 schedules
Most Popular UTC Hours for Scheduling:
Hour (UTC)
Count
Business Hours Equivalent
09:00
12
Common morning kickoff
07:00
9
Early morning
11:00
8
Mid-morning
14:00
7
Afternoon
15:00
7
Afternoon
16:00
6
Late afternoon
12:00
5
Noon
13:00
5
Early afternoon
The peak scheduling hour is 09:00 UTC (12 workflows), aligning with standard US East Coast business day starts. The 07:00–16:00 UTC window accounts for ~64% of all scheduled runs.
Safe Outputs Analysis
Core Safe Output Tools Distribution
Tool
Count
% of Workflows
noop
146
95.4%
missing_data
146
95.4%
missing_tool
146
95.4%
create_discussion
60
39.2%
create_issue
46
30.1%
add_comment
32
20.9%
create_pull_request
27
17.6%
upload_asset
22
14.4%
add_labels
13
8.5%
create_pull_request_review_comment
7
4.6%
update_issue
6
3.9%
push_to_pull_request_branch
6
3.9%
close_discussion
6
3.9%
submit_pull_request_review
6
3.9%
remove_labels
4
2.6%
The "infra trio" (noop, missing_data, missing_tool) is present in 95.4% of workflows, indicating near-universal adoption of the safe-output fallback pattern.
Common Tool Combinations (output tools only)
Combination
Count
create_discussion only
27
create_issue only
21
create_pull_request only
16
create_discussion + upload_asset
14
add_comment only
6
add_comment + create_pull_request
3
close_discussion + create_discussion
3
add_comment + create_issue + update_issue
2
add_comment + add_labels + create_issue
2
Discussion Categories
Category
Count
audits
43
reports
3
artifacts
2
dev
2
research
2
announcements
2
agent-research
1
daily-news
1
security
1
"audits" is overwhelmingly the most popular discussion category (76% of create_discussion workflows), suggesting it's the canonical reporting destination for this repository.
Specialized & Unique Tools
Several workflows use one-of-a-kind safe output tools that provide specialized functionality:
Tool
Workflow(s)
Purpose
add_reviewer
smoke-claude
Add PR reviewers
assign_to_agent
issue-monster, workflow-generator
Assign issues to AI agents
create_agent_session
daily-mcp-concurrency-analysis, poem-bot
Spawn sub-agents
create_code_scanning_alert
daily-malicious-code-scan, daily-semgrep-scan
Security scanning output
haiku_printer
smoke-copilot, smoke-macos-arm64
Custom test output format
notion_add_comment
mcp-inspector, notion-issue-summary
Notion integration
post_to_slack_channel
mcp-inspector
Slack integration
resolve_pull_request_review_thread
smoke-claude
PR review management
send_slack_message
smoke-copilot, smoke-macos-arm64
Slack notifications
update_release
release
Release management
MCP Server Usage
MCP Server
Count
% of Workflows
github
152
99.3%
safeoutputs
146
95.4%
agenticworkflows
23
15.0%
serena
22
14.4%
safeinputs
9
5.9%
brave-search
2
1.3%
chroma
1
0.7%
The GitHub MCP is present in 99.3% of all workflows (1 exception: codex-github-remote-mcp-test). safeoutputs is second at 95.4%. The serena code intelligence MCP appears in 22 workflows focused on code analysis.
Structural Characteristics
Job Complexity
Metric
Value
Average Jobs per Workflow
6.0
Average Steps per Job
12.9
Max Steps in a Single Job
54 (daily-copilot-token-report)
Median Steps per Job
9
Job Count Distribution
Jobs per Workflow
Count
2
5
3
1
4
2
5
41
6
57
7
31
8
15
9
1
The most common job count is 6 jobs (37.3% of workflows), followed by 5 jobs (26.8%). The majority of workflows (74.5%) use 5–7 jobs.
Top Workflows by Step Complexity
Workflow
Max Steps in a Single Job
daily-copilot-token-report
54
daily-news
52
prompt-clustering-analysis
48
smoke-copilot
47
stale-repo-identifier
46
Timeout Configuration
Timeout
Job Count
5 min
2
10 min
165
15 min
146
The most common job timeouts are 10 minutes and 15 minutes, indicating workflows are designed for efficient execution.
Permission Patterns
Permission Distribution (per-job)
Permission
Write
Read
Total
contents
38
113
151
issues
69
5
74
discussions
39
0
39
pull-requests
19
2
21
security-events
2
0
2
actions
1
1
2
Key observations:
contents is predominantly read-only (74.8%), reflecting minimal repo modification
issues is predominantly write (93.2%), as most workflows create or update issues
discussions is entirely write (100%), for publishing reports and findings
pull-requests skews toward write (90.5%) for code-change workflows
The "infra trio" is universal: noop, missing_data, and missing_tool appear in 95.4% of workflows — an almost universal adoption of defensive fallback patterns in agentic workflows.
Copilot dominates but Claude is a strong second: GitHub Copilot powers 68.6% of all workflows, while Claude (Anthropic) runs 24.2% and Codex 7.2%. Despite being a GitHub repository, 31.4% of workflows use non-GitHub-native AI.
Schedules align with US business hours: The most popular scheduling hour is 09:00 UTC with 12 workflows, and 64% of all scheduled runs occur in the 07:00–16:00 UTC window — corresponding to North American business hours.
Near-identical file sizes: 92.8% of all lock files are 50–100 KB, with an average of 62.3 KB, indicating a remarkably consistent generated structure across workflows despite wide variation in functionality.
Discussion "audits" category dominates: 43 of 60 create_discussion-enabled workflows (71.7%) are configured to publish to the "audits" category, making it the primary reporting hub for the repository.
The Serena MCP emerges as a specialized tool: 22 workflows (14.4%) use the serena code intelligence MCP, clustering around code analysis and refactoring workflows — a distinct specialization pattern not seen in other MCPs.
poem-bot has the most diverse toolset: With 12 distinct safe output tools, poem-bot is the most feature-rich workflow, using create_agent_session, assign_to_agent, and other advanced tools alongside standard issue/PR operations.
Recommendations
Standardize the "infra trio": The 7 workflows lacking noop/missing_data/missing_tool (4.6%) may benefit from adding these fallback tools for observability consistency.
Consider schedule distribution: With 12 workflows targeting 09:00 UTC, there may be resource contention at that hour. Spreading schedules slightly (already partially done with random-minute cron offsets) improves reliability.
The 8 files under 50 KB are worth auditing — they may be simpler or older workflows with fewer jobs/steps that could benefit from structural updates.
Consolidate "daily reporting" workflows: 33 daily reporting workflows create significant ongoing cost. Grouping related daily reports into consolidated workflows could reduce overhead.
agenticworkflows MCP adoption opportunity: Only 23 workflows (15%) use the agenticworkflows MCP. Workflows that spawn sub-agents or orchestrate multi-step tasks could benefit from adopting it.
Methodology
Analysis Tool: Python 3 with PyYAML and JSON parsing
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Comprehensive statistical analysis of all 153
.lock.ymlfiles in.github/workflows/. This is the first run establishing a baseline for future trend tracking.Executive Summary
schedule + workflow_dispatch(105 workflows)File Size Distribution
The vast majority of lock files (92.8%) fall in the 50–100 KB range, indicating a highly consistent structure across workflows.
codex-github-remote-mcp-test(25.2 KB)smoke-claude(122.0 KB)Engine Distribution
Trigger Analysis
Most Popular Triggers
workflow_dispatchschedulepull_requestissue_commentissuespull_request_review_commentdiscussion_commentdiscussionworkflow_runpushTop Trigger Combinations
schedule + workflow_dispatchworkflow_dispatch(only)pull_request + workflow_dispatchpull_request + schedule + workflow_dispatchissues + issue_comment + pr + pr_review_comment + discussion + discussion_commentissues(only)issue_comment + issues + pull_requestworkflow_runissue_comment(only)Schedule Frequency Analysis
113 workflows use scheduled triggers with 97 unique cron expressions. Most schedules run at specific times to avoid congestion.
Schedule Type Breakdown:
1-5): 25 schedulesMost Popular UTC Hours for Scheduling:
The peak scheduling hour is 09:00 UTC (12 workflows), aligning with standard US East Coast business day starts. The 07:00–16:00 UTC window accounts for ~64% of all scheduled runs.
Safe Outputs Analysis
Core Safe Output Tools Distribution
noopmissing_datamissing_toolcreate_discussioncreate_issueadd_commentcreate_pull_requestupload_assetadd_labelscreate_pull_request_review_commentupdate_issuepush_to_pull_request_branchclose_discussionsubmit_pull_request_reviewremove_labelsThe "infra trio" (
noop,missing_data,missing_tool) is present in 95.4% of workflows, indicating near-universal adoption of the safe-output fallback pattern.Common Tool Combinations (output tools only)
create_discussiononlycreate_issueonlycreate_pull_requestonlycreate_discussion + upload_assetadd_commentonlyadd_comment + create_pull_requestclose_discussion + create_discussionadd_comment + create_issue + update_issueadd_comment + add_labels + create_issueDiscussion Categories
auditsreportsartifactsdevresearchannouncementsagent-researchdaily-newssecurity"audits" is overwhelmingly the most popular discussion category (76% of create_discussion workflows), suggesting it's the canonical reporting destination for this repository.
Specialized & Unique Tools
Several workflows use one-of-a-kind safe output tools that provide specialized functionality:
add_reviewersmoke-claudeassign_to_agentissue-monster,workflow-generatorcreate_agent_sessiondaily-mcp-concurrency-analysis,poem-botcreate_code_scanning_alertdaily-malicious-code-scan,daily-semgrep-scanhaiku_printersmoke-copilot,smoke-macos-arm64notion_add_commentmcp-inspector,notion-issue-summarypost_to_slack_channelmcp-inspectorresolve_pull_request_review_threadsmoke-claudesend_slack_messagesmoke-copilot,smoke-macos-arm64update_releasereleaseMCP Server Usage
githubsafeoutputsagenticworkflowsserenasafeinputsbrave-searchchromaThe GitHub MCP is present in 99.3% of all workflows (1 exception:
codex-github-remote-mcp-test). safeoutputs is second at 95.4%. Theserenacode intelligence MCP appears in 22 workflows focused on code analysis.Structural Characteristics
Job Complexity
daily-copilot-token-report)Job Count Distribution
The most common job count is 6 jobs (37.3% of workflows), followed by 5 jobs (26.8%). The majority of workflows (74.5%) use 5–7 jobs.
Top Workflows by Step Complexity
daily-copilot-token-reportdaily-newsprompt-clustering-analysissmoke-copilotstale-repo-identifierTimeout Configuration
The most common job timeouts are 10 minutes and 15 minutes, indicating workflows are designed for efficient execution.
Permission Patterns
Permission Distribution (per-job)
contentsissuesdiscussionspull-requestssecurity-eventsactionsKey observations:
contentsis predominantly read-only (74.8%), reflecting minimal repo modificationissuesis predominantly write (93.2%), as most workflows create or update issuesdiscussionsis entirely write (100%), for publishing reports and findingspull-requestsskews toward write (90.5%) for code-change workflowsWorkflow Functional Categories
agent-persona-explorer,archie,ai-moderator,audit-workflows...daily-cli-tools-tester,daily-performance-summary,daily-news...auto-triage-issues,bot-detection,contribution-check...code-simplifier,agent-performance-analyzer,daily-semgrep-scan...smoke-claude,smoke-copilot,smoke-codex,smoke-macos-arm64...blog-auditor,poem-bot,developer-docs-consolidator...ci-coach,ci-doctor,changeset,artifacts-summaryfirewall,security-compliance,daily-malicious-code-scan...Interesting Findings
The "infra trio" is universal:
noop,missing_data, andmissing_toolappear in 95.4% of workflows — an almost universal adoption of defensive fallback patterns in agentic workflows.Copilot dominates but Claude is a strong second: GitHub Copilot powers 68.6% of all workflows, while Claude (Anthropic) runs 24.2% and Codex 7.2%. Despite being a GitHub repository, 31.4% of workflows use non-GitHub-native AI.
Schedules align with US business hours: The most popular scheduling hour is 09:00 UTC with 12 workflows, and 64% of all scheduled runs occur in the 07:00–16:00 UTC window — corresponding to North American business hours.
Near-identical file sizes: 92.8% of all lock files are 50–100 KB, with an average of 62.3 KB, indicating a remarkably consistent generated structure across workflows despite wide variation in functionality.
Discussion "audits" category dominates: 43 of 60
create_discussion-enabled workflows (71.7%) are configured to publish to the "audits" category, making it the primary reporting hub for the repository.The Serena MCP emerges as a specialized tool: 22 workflows (14.4%) use the
serenacode intelligence MCP, clustering around code analysis and refactoring workflows — a distinct specialization pattern not seen in other MCPs.poem-bot has the most diverse toolset: With 12 distinct safe output tools,
poem-botis the most feature-rich workflow, usingcreate_agent_session,assign_to_agent, and other advanced tools alongside standard issue/PR operations.Recommendations
Standardize the "infra trio": The 7 workflows lacking
noop/missing_data/missing_tool(4.6%) may benefit from adding these fallback tools for observability consistency.Consider schedule distribution: With 12 workflows targeting 09:00 UTC, there may be resource contention at that hour. Spreading schedules slightly (already partially done with random-minute cron offsets) improves reliability.
The 8 files under 50 KB are worth auditing — they may be simpler or older workflows with fewer jobs/steps that could benefit from structural updates.
Consolidate "daily reporting" workflows: 33 daily reporting workflows create significant ongoing cost. Grouping related daily reports into consolidated workflows could reduce overhead.
agenticworkflows MCP adoption opportunity: Only 23 workflows (15%) use the
agenticworkflowsMCP. Workflows that spawn sub-agents or orchestrate multi-step tasks could benefit from adopting it.Methodology
COPILOT_GITHUB_TOKEN,ANTHROPIC_API_KEY,OPENAI_API_KEY)tools.jsonsections/tmp/gh-aw/cache-memory/References:
Beta Was this translation helpful? Give feedback.
All reactions