You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This report provides a comprehensive statistical and structural analysis of all 157 .lock.yml agentic workflow files in .github/workflows/, collected and analyzed on 2026-02-21.
Executive Summary
Metric
Value
Total Lock Files
157
Total Size
~10,113 KB (9.9 MB)
Average File Size
64.4 KB
Smallest File
codex-github-remote-mcp-test (24.5 KB)
Largest File
smoke-claude (144.3 KB)
All Files Have Concurrency
✅ 157/157 (100%)
Analysis Date
2026-02-21
File Size Distribution
Size Range
Count
Percentage
< 10 KB
0
0.0%
10–50 KB
7
4.5%
50–100 KB
146
93.0%
> 100 KB
4
2.5%
The vast majority of lock files (93%) fall in the 50–100 KB range, reflecting a remarkably consistent compiled output size across workflows. The 4 files exceeding 100 KB are all smoke tests or data-heavy reporters.
Top 10 Largest Files
File
Size
smoke-claude
144.3 KB
smoke-copilot-arm
114.4 KB
smoke-copilot
114.3 KB
poem-bot
105.1 KB
smoke-project
90.6 KB
daily-performance-summary
88.0 KB
bot-detection
87.8 KB
smoke-codex
86.6 KB
cloclo
85.8 KB
mcp-inspector
85.3 KB
Top 10 Smallest Files
File
Size
codex-github-remote-mcp-test
24.5 KB
test-workflow
24.7 KB
example-permissions-warning
24.8 KB
firewall
25.2 KB
chroma-issue-indexer
27.2 KB
example-custom-error-patterns
27.4 KB
metrics-collector
34.6 KB
daily-malicious-code-scan
50.1 KB
test-dispatcher
51.4 KB
repo-tree-map
53.8 KB
Trigger Analysis
Most Popular Triggers
Trigger Type
Count
Percentage
workflow_dispatch
142
90.4%
schedule
116
73.9%
pull_request
19
12.1%
issue_comment
14
8.9%
issues
12
7.6%
pull_request_review_comment
6
3.8%
discussion_comment
5
3.2%
discussion
4
2.5%
workflow_run
2
1.3%
push
1
0.6%
Common Trigger Combinations
Combination
Count
Percentage
[schedule, workflow_dispatch]
106
67.5%
[workflow_dispatch] only
17
10.8%
[pull_request, schedule, workflow_dispatch]
7
4.5%
[pull_request, workflow_dispatch]
6
3.8%
Full event listener (discussion + issue + PR all types)
3
1.9%
[issues] only
3
1.9%
[issue_comment] only
2
1.3%
[workflow_run] only
2
1.3%
The dominant pattern is schedule + workflow_dispatch (67.5%), reflecting that most agentic workflows are designed to run automatically on a schedule while also supporting manual triggering.
Schedule Pattern Details
Schedule Types
Schedule Type
Count
Daily (every day)
64
Weekdays only (Mon–Fri)
23
Specific day of week
17
Periodic (every N hours)
12
Most Common Cron Patterns
Cron Expression
Count
Description
0 14 * * 1-5
4
Weekdays 14:00 UTC
0 13 * * 1-5
4
Weekdays 13:00 UTC
0 11 * * 1-5
4
Weekdays 11:00 UTC
0 9 * * 1-5
3
Weekdays 09:00 UTC
0 */6 * * *
2
Every 6 hours
0 15 * * 1-5
2
Weekdays 15:00 UTC
0 10 * * 1-5
2
Weekdays 10:00 UTC
0 16 * * 1-5
2
Weekdays 16:00 UTC
Schedule hours cluster between 09:00–17:00 UTC, corresponding to EU/US business hours overlap. This suggests workflows are optimized to deliver results when teams are active.
Engine (Agent) Distribution
Engine
Count
Percentage
Avg Size
Copilot
106
67.5%
62.9 KB
Claude
38
24.2%
68.6 KB
Codex
12
7.6%
64.1 KB
Gemini
1
0.6%
68.5 KB
Copilot is the dominant engine at 67.5%, with Claude as the second-most-used at 24.2%. Claude workflows tend to be slightly larger on average (68.6 KB vs 62.9 KB for Copilot), likely due to more complex tool configurations.
There are 10 dedicated smoke test workflows covering all major engines: smoke-claude, smoke-copilot, smoke-copilot-arm, smoke-codex, smoke-gemini, smoke-project, smoke-agent, smoke-multi-pr, smoke-temporary-id, and smoke-test-tools.
Safe Outputs Analysis
Safe Output Tools Distribution
Tool
Workflows
Percentage
noop
150
95.5%
missing_data
150
95.5%
missing_tool
150
95.5%
create_discussion
60
38.2%
create_issue
47
29.9%
add_comment
35
22.3%
create_pull_request
29
18.5%
upload_asset
22
14.0%
add_labels
14
8.9%
create_pull_request_review_comment
7
4.5%
update_issue
6
3.8%
push_to_pull_request_branch
6
3.8%
close_discussion
6
3.8%
submit_pull_request_review
6
3.8%
create_missing_tool_issue
4
2.5%
remove_labels
4
2.5%
link_sub_issue
3
1.9%
assign_to_agent
3
1.9%
dispatch_workflow
3
1.9%
hide_comment
2
1.3%
update_pull_request
2
1.3%
create_code_scanning_alert
2
1.3%
notion-add-comment
2
1.3%
send-slack-message
2
1.3%
create_project_status_update
2
1.3%
update_project
2
1.3%
Utility tools (noop, missing_data, missing_tool) appear in 95.5% of workflows, making them the de-facto standard output mechanism.
Top Feature Tool Combinations
Tool Combination
Count
Percentage
[create_discussion] only
26
16.6%
[create_issue] only
21
13.4%
[create_pull_request] only
16
10.2%
[create_discussion, upload_asset]
14
8.9%
[add_comment] only
6
3.8%
[add_comment, create_pull_request]
4
2.5%
[add_comment, add_labels, create_issue]
3
1.9%
Discussion Categories
Category
Count
audits
43
announcements
3
reports
3
artifacts
2
dev
2
research
2
agent-research
1
daily-news
1
security
1
The audits category is overwhelmingly dominant (43 of 60 discussion-creating workflows), confirming its role as the primary reporting channel for this agentic system.
Most Complex Safe Output Configurations
The poem-bot workflow has the most complex safe output config with 15 tools (excluding utility tools). Smoke tests also have high complexity as they test the full range of capabilities.
The event-scoped concurrency (29 workflows) is used for event-driven workflows that should allow parallel execution on different issues/PRs, while the workflow-scoped pattern ensures only one instance runs at a time for scheduled workflows.
Infrastructure Patterns
Runner Distribution
Runner
Occurrences
Notes
ubuntu-slim
532
Optimized slim image (majority)
ubuntu-latest
407
Standard Ubuntu runner
ubuntu-24.04-arm
1
ARM testing (smoke-copilot-arm)
ubuntu-slim is preferred for most agent/processing jobs, while ubuntu-latest is used for standard GitHub Actions steps.
Memory & State Management
Pattern
Count
Percentage
update_cache_memory job
67
42.7%
push_repo_memory job
21
13.4%
References to /cache-memory/
68
43.3%
References to repo-memory
21
13.4%
External Integrations
Integration
Workflows
Notion
2
Slack
3
Interesting Findings
Perfect Concurrency Adoption: All 157 workflows (100%) use concurrency controls, preventing duplicate runs — a strong quality signal for production reliability.
Canonical Job Structure: The activation → agent → conclusion pattern with detection and safe_outputs jobs appears in 93–100% of all workflows, indicating a mature, standardized workflow framework with consistent lifecycle management.
Engine Diversity: While Copilot dominates (67.5%), the system supports 4 different AI engines (Copilot, Claude, Codex, Gemini). Claude workflows average slightly larger files (68.6 KB), possibly due to richer tool configurations.
Utility Tools Universal: noop, missing_data, and missing_tool appear in 95.5% of workflows. These "escape valves" let agents communicate failures or no-ops without side effects — a safety-first design principle.
audits Category Dominance: Of the 60 discussion-creating workflows, 43 (71.7%) target the audits category, making it the central reporting hub for the entire agentic system.
Remarkable File Size Consistency: 93% of all lock files are 50–100 KB, suggesting the compiled output from gh aw compile is highly normalized regardless of workflow complexity or engine type.
Business Hours Scheduling: Schedule triggers cluster heavily at 09:00–17:00 UTC with weekday preferences, indicating these workflows serve teams operating in European/US time zones with results ready during working hours.
Smoke Tests Cover Full Matrix: The 10 smoke test workflows provide systematic coverage of all supported engines and capabilities (claude, copilot, copilot-arm, codex, gemini, project management, multi-PR, temporary IDs, tool testing).
Recommendations
Expand Gemini Coverage: With only 1 Gemini workflow, consider expanding Gemini adoption or documenting why coverage remains limited.
Standardize Complex Safe Output Configs: Workflows with 10+ tools (like poem-bot) may benefit from documentation about which tool combinations are well-tested.
Review 9 Read-Only Workflows: The 5.7% of workflows with no write permissions — confirm these are intentionally read-only or if they should be updated.
Monitor the 4 workflows over 100KB: smoke-claude, smoke-copilot-arm, smoke-copilot, and poem-bot significantly exceed the norm. Regular review can prevent configuration bloat.
Cache Memory Adoption Gap: Only 42.7% of workflows use update_cache_memory. Workflows that collect repeated data (daily reports, metrics) could benefit from persisting state across runs.
Methodology
Analysis Tool: Python 3 regex-based YAML parsing (no external dependencies)
Lock Files Analyzed: 157 files in .github/workflows/*.lock.yml
Analysis Date: 2026-02-21
Cache Memory: Scripts saved to /tmp/gh-aw/cache-memory/scripts/full_analysis.py
Historical Data: Stored at /tmp/gh-aw/cache-memory/history/2026-02-21.json
Patterns Library: Saved to /tmp/gh-aw/cache-memory/patterns/
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
This report provides a comprehensive statistical and structural analysis of all 157
.lock.ymlagentic workflow files in.github/workflows/, collected and analyzed on 2026-02-21.Executive Summary
codex-github-remote-mcp-test(24.5 KB)smoke-claude(144.3 KB)File Size Distribution
The vast majority of lock files (93%) fall in the 50–100 KB range, reflecting a remarkably consistent compiled output size across workflows. The 4 files exceeding 100 KB are all smoke tests or data-heavy reporters.
Top 10 Largest Files
smoke-claudesmoke-copilot-armsmoke-copilotpoem-botsmoke-projectdaily-performance-summarybot-detectionsmoke-codexcloclomcp-inspectorTop 10 Smallest Files
codex-github-remote-mcp-testtest-workflowexample-permissions-warningfirewallchroma-issue-indexerexample-custom-error-patternsmetrics-collectordaily-malicious-code-scantest-dispatcherrepo-tree-mapTrigger Analysis
Most Popular Triggers
workflow_dispatchschedulepull_requestissue_commentissuespull_request_review_commentdiscussion_commentdiscussionworkflow_runpushCommon Trigger Combinations
[schedule, workflow_dispatch][workflow_dispatch]only[pull_request, schedule, workflow_dispatch][pull_request, workflow_dispatch][issues]only[issue_comment]only[workflow_run]onlyThe dominant pattern is schedule + workflow_dispatch (67.5%), reflecting that most agentic workflows are designed to run automatically on a schedule while also supporting manual triggering.
Schedule Pattern Details
Schedule Types
Most Common Cron Patterns
0 14 * * 1-50 13 * * 1-50 11 * * 1-50 9 * * 1-50 */6 * * *0 15 * * 1-50 10 * * 1-50 16 * * 1-5Schedule hours cluster between 09:00–17:00 UTC, corresponding to EU/US business hours overlap. This suggests workflows are optimized to deliver results when teams are active.
Engine (Agent) Distribution
Copilot is the dominant engine at 67.5%, with Claude as the second-most-used at 24.2%. Claude workflows tend to be slightly larger on average (68.6 KB vs 62.9 KB for Copilot), likely due to more complex tool configurations.
There are 10 dedicated smoke test workflows covering all major engines:
smoke-claude,smoke-copilot,smoke-copilot-arm,smoke-codex,smoke-gemini,smoke-project,smoke-agent,smoke-multi-pr,smoke-temporary-id, andsmoke-test-tools.Safe Outputs Analysis
Safe Output Tools Distribution
noopmissing_datamissing_toolcreate_discussioncreate_issueadd_commentcreate_pull_requestupload_assetadd_labelscreate_pull_request_review_commentupdate_issuepush_to_pull_request_branchclose_discussionsubmit_pull_request_reviewcreate_missing_tool_issueremove_labelslink_sub_issueassign_to_agentdispatch_workflowhide_commentupdate_pull_requestcreate_code_scanning_alertnotion-add-commentsend-slack-messagecreate_project_status_updateupdate_projectUtility tools (
noop,missing_data,missing_tool) appear in 95.5% of workflows, making them the de-facto standard output mechanism.Top Feature Tool Combinations
[create_discussion]only[create_issue]only[create_pull_request]only[create_discussion, upload_asset][add_comment]only[add_comment, create_pull_request][add_comment, add_labels, create_issue]Discussion Categories
auditsannouncementsreportsartifactsdevresearchagent-researchdaily-newssecurityThe
auditscategory is overwhelmingly dominant (43 of 60 discussion-creating workflows), confirming its role as the primary reporting channel for this agentic system.Most Complex Safe Output Configurations
The
poem-botworkflow has the most complex safe output config with 15 tools (excluding utility tools). Smoke tests also have high complexity as they test the full range of capabilities.Top 5 Most Complex Safe Output Configs
poem-botcreate_agent_session,link_sub_issue,push_to_pull_request_branch,create_missing_tool_issuesmoke-claudeadd_reviewer,resolve_pull_request_review_thread,push_to_pull_request_branchsmoke-copilot-armdispatch_workflow,send-slack-message,create_pull_request_review_commentsmoke-copilotsmoke-projectcreate_project_status_update,update_projectStructural Characteristics
Job Complexity
firewall-escape)Job Count Distribution
Universal Job Names
All 157 workflows share the same core job structure:
activationagentconclusionsafe_outputsdetectionupdate_cache_memorypre_activationupload_assetspush_repo_memoryunlocknotion_add_commentsend_slack_messageThe
activation → agent → conclusionpipeline withdetectionandsafe_outputsjobs forms the canonical agentic workflow skeleton.Steps Analysis
daily-copilot-token-report)Top 10 Workflows by Step Count
daily-copilot-token-reportaudit-workflowsdeep-reportcopilot-pr-nlp-analysissmoke-claudesmoke-copilot-armsmoke-copilotunbloat-docscopilot-session-insightsdaily-newsPermission Patterns
Most Common Permission Configurations
contents:readissues:writeissues:readpull-requests:readdiscussions:writeactions:readpull-requests:writecontents:writediscussions:readsecurity-events:readsecurity-events:writeactions:writeWrite vs Read-Only
Common Job-Level Permission Sets
{contents:read}{contents:read, discussions:write, issues:write}{contents:read, discussions:write, issues:write, pull-requests:write}{contents:read, issues:read, pull-requests:read}{contents:read, issues:write}{contents:write}{actions:read, contents:read, issues:read, pull-requests:read}Timeout Configuration
Timeout Distribution
smoke-claudeThe bi-modal distribution around 10 min (setup/utility steps) and 15–20 min (agent execution steps) is notable.
Concurrency Patterns
All 157 workflows (100%) use concurrency settings. The two dominant patterns are:
gh-aw-$\{\{ github.workflow }}gh-aw-$\{\{ github.workflow }}-$\{\{ github.event.* }}The event-scoped concurrency (29 workflows) is used for event-driven workflows that should allow parallel execution on different issues/PRs, while the workflow-scoped pattern ensures only one instance runs at a time for scheduled workflows.
Infrastructure Patterns
Runner Distribution
ubuntu-slimubuntu-latestubuntu-24.04-armsmoke-copilot-arm)ubuntu-slimis preferred for most agent/processing jobs, whileubuntu-latestis used for standard GitHub Actions steps.Memory & State Management
update_cache_memoryjobpush_repo_memoryjob/cache-memory/repo-memoryExternal Integrations
Interesting Findings
Perfect Concurrency Adoption: All 157 workflows (100%) use concurrency controls, preventing duplicate runs — a strong quality signal for production reliability.
Canonical Job Structure: The
activation → agent → conclusionpattern withdetectionandsafe_outputsjobs appears in 93–100% of all workflows, indicating a mature, standardized workflow framework with consistent lifecycle management.Engine Diversity: While Copilot dominates (67.5%), the system supports 4 different AI engines (Copilot, Claude, Codex, Gemini). Claude workflows average slightly larger files (68.6 KB), possibly due to richer tool configurations.
Utility Tools Universal:
noop,missing_data, andmissing_toolappear in 95.5% of workflows. These "escape valves" let agents communicate failures or no-ops without side effects — a safety-first design principle.auditsCategory Dominance: Of the 60 discussion-creating workflows, 43 (71.7%) target theauditscategory, making it the central reporting hub for the entire agentic system.Remarkable File Size Consistency: 93% of all lock files are 50–100 KB, suggesting the compiled output from
gh aw compileis highly normalized regardless of workflow complexity or engine type.Business Hours Scheduling: Schedule triggers cluster heavily at 09:00–17:00 UTC with weekday preferences, indicating these workflows serve teams operating in European/US time zones with results ready during working hours.
Smoke Tests Cover Full Matrix: The 10 smoke test workflows provide systematic coverage of all supported engines and capabilities (claude, copilot, copilot-arm, codex, gemini, project management, multi-PR, temporary IDs, tool testing).
Recommendations
Expand Gemini Coverage: With only 1 Gemini workflow, consider expanding Gemini adoption or documenting why coverage remains limited.
Standardize Complex Safe Output Configs: Workflows with 10+ tools (like
poem-bot) may benefit from documentation about which tool combinations are well-tested.Review 9 Read-Only Workflows: The 5.7% of workflows with no write permissions — confirm these are intentionally read-only or if they should be updated.
Monitor the 4 workflows over 100KB:
smoke-claude,smoke-copilot-arm,smoke-copilot, andpoem-botsignificantly exceed the norm. Regular review can prevent configuration bloat.Cache Memory Adoption Gap: Only 42.7% of workflows use
update_cache_memory. Workflows that collect repeated data (daily reports, metrics) could benefit from persisting state across runs.Methodology
.github/workflows/*.lock.yml/tmp/gh-aw/cache-memory/scripts/full_analysis.py/tmp/gh-aw/cache-memory/history/2026-02-21.json/tmp/gh-aw/cache-memory/patterns/References:
Beta Was this translation helpful? Give feedback.
All reactions