Agentic Workflow Audit Report — 2026-02-20

[github-actions[bot]]

Daily audit of all agentic workflow runs from the last 24 hours (2026-02-19 → 2026-02-20). This is the first audit in repo memory, so no historical comparison is available yet.

---

Audit Summary

Metric	Value
Period	Last 24 hours (up to 2026-02-20 05:46 UTC)
Runs Analyzed	22 (21 completed, 1 in-progress)
Workflows Active	13 distinct workflows
Success Rate	90.5% (19/21 completed)
Total Tokens	148.8M
Total Cost	$1.83
Total Turns	113
Issues Found	2 errors, 1 missing tool, 1 missing data

---

Workflow Health

The overall system is healthy at 90.5% success rate. Codex-powered workflows dominated the period with 10 runs, all successful. Two failures occurred — one on a Gemini smoke test and one on Issue Monster (Copilot engine).

---

Missing Tools

Tool Name	Request Count	Workflows Affected	Reason
GitHub MCP tools (list_issues, get_repository)	1	GitHub Remote MCP Authentication Test	MCP toolsets unavailable in runner — tools not loaded

The github-remote-mcp-auth-test workflow detected that GitHub remote MCP toolsets are not being loaded. This is a recurring infrastructure concern that caused a discussion to be created (#17101).

---

Error Analysis

Failed Workflows

Workflow	Run	Agent	Event	Note
Issue Monster	§22212076876	copilot	schedule	Execution failure, no tokens used — early failure
Smoke Gemini	§22211157841	gemini	pull_request	Failure on branch copilot/update-clear-git-credentials-script

Both failures did not produce token usage data, indicating they failed before or during agent startup rather than during execution. The Gemini engine failure is consistent with its experimental status.

---

Missing Data

Data Type	Workflow	Reason
Pull request number	Smoke Codex	github-context pull-request-number is empty in workflow_dispatch context

The Smoke Codex run (§22211585147) was triggered via workflow_dispatch but the PR number context was missing, preventing it from adding smoke test comments to the target PR.

---

Performance Metrics

Metric	Value
Total Token Usage	148.8M tokens
Total Cost	$1.8285 (all from Daily Documentation Updater, Claude)
Average Turns	5.4 turns/run
Highest Token Consumer	Smoke Codex #1 (69.9M tokens, codex)
Most Turns	Daily Documentation Updater (39 turns, claude)
Longest Run	CI Failure Doctor (10.4 minutes)

Token Usage by Agent Engine

Engine	Runs	Total Tokens	Cost	Failures
codex	10	140.4M	$0	0
copilot	9	4.8M	$0	1
claude	2	1.7M	$1.83	0
gemini	1	0	$0	1

Note: Codex token counts are raw context tokens and not directly comparable to Claude's — Codex has a very different pricing model.

Top Workflows by Token Usage

Workflow	Agent	Tokens	Duration
Smoke Codex #1	codex	69.9M	6.5m
Smoke Codex #2	codex	26.0M	5.6m
Duplicate Code Detector	codex	27.5M	4.4m
Changeset Generator	codex	13.8M	3.4m
Chroma Issue Indexer	copilot	1.5M	5.9m
Daily Documentation Updater	claude	1.7M	6.8m

---

Firewall Analysis

Metric	Value
Total Requests	753
Allowed Requests	383 (50.9%)
Blocked Requests	370 (49.1%)

Allowed Domains

• api.anthropic.com:443 — 37 requests (Daily Documentation Updater)
• api.githubcopilot.com:443 — 196 requests (Copilot-powered workflows)
• api.openai.com:443 — 146 requests (Codex-powered workflows)
• proxy.golang.org:443 — 2 requests (Smoke Codex)
• storage.googleapis.com:443 — 2 requests (Smoke Codex)

Notable Blocked Traffic

• 367 requests to - (unknown/null domain) — These are requests that were blocked before domain resolution, likely internal Docker network traffic or malformed requests. High rate in CI Failure Doctor (88 blocked).
• github.com:443 — 1 blocked (Changeset Generator) — The Changeset Generator attempted to reach GitHub directly rather than via the MCP proxy. This is expected behavior that the firewall correctly intercepted.
• proxy.golang.org:443 — 2 blocked (CI Failure Doctor) — The CI Doctor attempted to fetch Go modules. These are correctly blocked as this domain is not in the allowlist.

The high block rate (49.1%) is largely due to the null domain entries, which are an artifact of Docker internal networking rather than actual blocked outbound attempts.

---

Affected Workflows

Workflow	Status	Issue
Issue Monster	Failure	Execution error, early termination
Smoke Gemini	Failure	Gemini engine failure on PR smoke test
GitHub Remote MCP Auth Test	Success (with warning)	Missing GitHub MCP tools
Smoke Codex	Success (with warning)	Missing PR number context data

---

Recommendations

1. Investigate Issue Monster failure: The workflow failed without consuming tokens, suggesting a pre-execution configuration or activation error. Review §22212076876 startup logs.

2. Track Gemini stability: The Smoke Gemini failure on PR branch copilot/update-clear-git-credentials-script may indicate Gemini engine is not yet stable for PR smoke tests. Monitor for recurrence.

3. Fix GitHub Remote MCP configuration: The github-remote-mcp-auth-test workflow continues to fail because GitHub MCP toolsets don't load. See Discussion #17101 for details and remediation steps.

4. Fix Smoke Codex context passing: When Smoke Codex is triggered via workflow_dispatch, it lacks PR context. Consider adding a workflow_dispatch input for explicit PR number, or improving context detection.

5. Add proxy.golang.org to allowlist for CI Doctor: If CI Failure Doctor legitimately needs Go module access, add proxy.golang.org to its allowed domains configuration.

6. Monitor high codex token usage: The two Smoke Codex runs consumed 95.9M tokens combined. Ensure this is expected behavior for the test suite scope.

---

Historical Context

This is the first audit entry in repo memory. Future audits will compare against this baseline to identify trends in:

• Success rate evolution over time
• Missing tool recurrence patterns
• Cost trajectory
• Firewall block rate changes

---

References:

• §22212920499 — This audit run
• §22212133169 — GitHub Remote MCP Auth Test (missing tools)
• §22212076876 — Issue Monster (failure)

AI generated by Agentic Workflow Audit Agent

• expires on Feb 27, 2026, 5:52 AM UTC