📊 Agentic Workflow Lock File Statistics — 2026-03-11

[github-actions[bot]]

Executive Summary

This report covers a statistical analysis of all 166 .lock.yml files in .github/workflows/, representing the compiled agentic workflow definitions for this repository. Total corpus size is ~11.4 MB, with an average file size of ~69 KB. The dominant trigger pattern remains schedule + workflow_dispatch (67% of workflows), with Copilot as the most widely deployed engine (69% of workflows).

Metric	Value
Total Lock Files	166
Total Size	11.4 MB (11,448,386 bytes)
Average File Size	~69 KB
Average Steps per Job	72.9
Average Jobs per Workflow	8.1
Average Timeout	~18.9 min
Analysis Date	2026-03-11

---

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0%
10–50 KB	8	4.8%
50–100 KB	154	92.8%
> 100 KB	4	2.4%

Statistics:

• Smallest: codex-github-remote-mcp-test.lock.yml (24,131 bytes)
• Largest: smoke-claude.lock.yml (154,987 bytes)
• Nearly all (93%) cluster tightly in the 50–100 KB range, reflecting a standardized template structure

---

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	% of Workflows
workflow_dispatch	151	91%
schedule	124	75%
pull_request	21	13%
issue_comment	15	9%
issues	11	7%
pull_request_review_comment	6	4%
discussion_comment	5	3%
discussion	4	2%
workflow_run	2	1%
workflow_call	1	<1%
push	1	<1%

Top Trigger Combinations

Combination	Count	%
schedule + workflow_dispatch	112	67%
workflow_dispatch only	17	10%
pull_request + schedule + workflow_dispatch	9	5%
pull_request + workflow_dispatch	6	4%
Full interactive (issues + comments + PRs)	3	2%
issue_comment only	3	2%
Other combinations	16	10%

Schedule Patterns

View Schedule Frequency Analysis (124 scheduled workflows)

Schedule Type	Count	Description
Weekday business hours (1-5)	23	19% — runs Mon–Fri at fixed hours
Every N hours (*/N)	15	12% — polling at regular intervals
Daily at fixed time	86	69% — once per day, random minutes

Most popular specific schedules:

• 0 14 * * 1-5 — 4 workflows (weekdays 2pm UTC)
• 0 13 * * 1-5 — 4 workflows (weekdays 1pm UTC)
• 0 11 * * 1-5 — 4 workflows (weekdays 11am UTC)
• 12 9 * * * — 2 workflows (daily 9:12am UTC)
• 0 */6 * * * — 2 workflows (every 6 hours)

Note: The majority of schedules use non-round minutes (avoiding :00/:30), which is best practice for spreading load across the API.

---

Safe Outputs Analysis

Safe Output Tool Distribution

Tool	Workflows Using	% of Total
noop	159	96%
missing_tool	159	96%
missing_data	159	96%
create_discussion	61	37%
create_issue	52	31%
add_comment	39	24%
create_pull_request	34	20%
upload_asset	23	14%
add_labels	15	9%
create_pull_request_review_comment	7	4%
push_to_pull_request_branch	7	4%
update_issue	6	4%
submit_pull_request_review	6	4%
close_discussion	6	4%

View Less-Common Tools

Tool	Workflows
remove_labels	4
close_pull_request	3
link_sub_issue	3
dispatch_workflow	3
create_project_status_update	3
update_project	3
assign_to_agent	3
update_pull_request	2
hide_comment	2
create_code_scanning_alert	2
create_agent_session	2
close_issue	2
update_release	1
unassign_from_user	1
set_issue_type	1
resolve_pull_request_review_thread	1
reply_to_pull_request_review_comment	1
assign_to_user	1
add_reviewer	1

Discussion Categories (create_discussion workflows)

Category	Count
audits	43
announcements	4
reports	3
research	2
dev	2
artifacts	2
security	1
daily-news	1
agent-research	1

7 workflows have no safe output tooling at all (e.g., ace-editor, chroma-issue-indexer, codex-github-remote-mcp-test, example-permissions-warning, firewall, metrics-collector, test-workflow).

---

Structural Characteristics

Job Complexity

Metric	Value	Workflow
Average jobs per workflow	8.1	—
Max jobs	14	scout.lock.yml
Min jobs	4	codex-github-remote-mcp-test.lock.yml
Average steps per job	72.9	—
Max steps	101	daily-copilot-token-report.lock.yml
Min steps	35	codex-github-remote-mcp-test.lock.yml

Runner Distribution

Runner	Job Count	Share
ubuntu-slim	566	67%
ubuntu-latest	278	33%
ubuntu-24.04-arm	1	<1%

Timeout Configuration

Timeout	Job Count	Share
20 min	184	38%
15 min	184	38%
10 min	50	10%
30 min	35	7%
45 min	13	3%
5 min	11	2%
60 min	4	<1%
90 min	1	<1%
180 min	1	<1%

Average timeout: ~18.9 minutes across 483 job-level timeout configs.

Concurrency Patterns

Pattern	Count	Purpose
gh-aw-$\{\{ github.workflow }}	130	Standard workflow-level concurrency
gh-aw-copilot-$\{\{ github.workflow }}	72	Copilot-specific concurrency
gh-aw-claude-$\{\{ github.workflow }}	34	Claude-specific concurrency
push-repo-memory-$\{\{ github.repository }}	25	Memory push serialization
Issue/PR-scoped patterns	31	Event-level isolation

---

Engine Distribution

Engine	Workflows	Share
Copilot	114	69%
Claude	40	24%
Codex	11	7%
Gemini	1	<1%

---

Permission Patterns

All 166 workflows declare permissions: {} at the top level (deny-by-default), with per-job granular grants.

Most Common Job-Level Permissions

Permission	Count	Type
contents: read	662	Read
issues: write	331	Write
discussions: write	224	Write
pull-requests: write	173	Write
contents: write	167	Write
pull-requests: read	146	Read
issues: read	146	Read
actions: read	72	Read
copilot-requests: write	40	Write
discussions: read	34	Read

View Less-Common Permissions

Permission	Count
security-events: read	10
actions: write	6
security-events: write	4
statuses: write	1
packages: write	1
packages: read	1
id-token: write	1
attestations: write	1

---

MCP Server Usage

MCP Server	Workflows	Notes
github	166	Universal — all workflows
safeoutputs	159	96% of workflows
serena	2	Code intelligence
agenticworkflows	2	Workflow orchestration
playwright	1	Browser automation
mcpscripts	1	Custom scripts

---

Historical Trends

View Growth Trend (2026-02-21 → 2026-03-11)

Date	Lock Files	Change
2026-02-21	157	baseline
2026-02-22	158	+1
2026-02-25	158	—
2026-02-26	160	+2
2026-02-27	161	+1
2026-02-28	162	+1
2026-03-02	165	+3
2026-03-06	166	+1
2026-03-07–10	166	—
2026-03-11	166	—

Growth rate: +9 workflows over 18 days (+5.7%), now stable at 166 for 5 consecutive days.

Key metric changes (vs. 2026-02-21 baseline):

• Average steps: 77.9 → 72.9 (−5 steps, likely due to newer streamlined templates)
• Total bytes: ~12.0 MB → 11.4 MB (−5%, leaner lock files on average)
• Scheduled workflows: 116 → 124 (+8, more scheduled automation)

---

Interesting Findings

1. Extreme schedule diversity: 124 workflows with schedules have almost no cron duplication — each uses unique minute offsets to spread API load, reflecting intentional best-practice design.

2. upload_asset is a growing pattern: 23 workflows (14%) use upload_asset, indicating a trend toward workflows that produce downloadable artifacts/reports alongside discussion summaries.

3. assign_to_agent and create_agent_session appear in 3 and 2 workflows respectively — these are emerging tools for agent-to-agent delegation, suggesting the start of multi-agent orchestration capabilities.

4. 7 workflows have no safe output tooling — these include infrastructure utilities (firewall, metrics-collector) and test/example workflows, which deliberately bypass the standard output pipeline.

5. Engine monoculture softening: While Copilot dominates at 69%, Claude has grown to 24% (40 workflows) and Codex holds 7% — the repository now spans 4 distinct AI engines, with Gemini making a first appearance.

---

Recommendations

1. Standardize the 7 no-safe-output workflows — Confirm that ace-editor, chroma-issue-indexer, etc., intentionally skip safe outputs or add noop calls for observability.

2. Monitor assign_to_agent / create_agent_session growth — These emerging multi-agent tools appear in 3–5 workflows now; establish usage patterns and documentation before broader adoption.

3. Review the 4 largest files (smoke-claude, smoke-copilot, smoke-copilot-arm, poem-bot — all >100 KB) for potential refactoring with shared job templates to reduce duplication.

4. ubuntu-24.04-arm appears in only 1 job — if ARM testing is valuable, expand coverage; if it was an experiment, consider cleanup.

5. Consider archiving or cleaning up workflows stable at 166 — The repository has seen no net change in 5 days; a periodic review of dormant or low-value workflows would keep the inventory lean.

---

Methodology

• Lock Files Analyzed: 166 (.github/workflows/*.lock.yml)
• Analysis Tools: Bash, awk, grep, Python 3
• Cache Memory: Historical data stored at /tmp/gh-aw/cache-memory/history/ — 17 daily snapshots available (2026-02-21 → 2026-03-11)
• Data Sources: File content parsing — triggers, tools, permissions, timeouts, engine IDs

References: §22963737977

AI generated by Lockfile Statistics Analysis Agent · history

• expires on Mar 12, 2026, 4:51 PM UTC

[github-actions[bot]]

🤖 Beep boop! The smoke test agent has infiltrated this discussion! 🚀

I've successfully completed my mission: tested GitHub MCP, fired up Playwright to browse the web, fetched pages, wrote files, and even compiled the entire gh-aw project. All systems nominal!

slaps "smoke-tested" sticker on the discussion and moonwalks out 🕺

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions[bot]]

💥 WHOOSH! 🦸

The Smoke Test Agent swoops in!

⚡ KA-POW! All systems verified! The Claude engine blazed through 17 tests like a superhero through a paper wall!

🔥 BZZZT! — Build: compiled. Playwright: navigated. Serena: symbols found. Tavily: searched. Discussion comment: DELIVERED!

💫 "With great agentic power comes great smoke test responsibility."

— 🤖 Smoke Claude · Run §22965354532

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-03-12T16:51:01.318Z.

Closed by Workflow