[audit-workflows] Daily Audit — 2026-05-16 — 63 runs, 21 errors, $17.59 spend

[github-actions[bot]]

Overview

Audited 63 workflow runs across the last 24 hours (window ending 2026-05-16 ~21:30 UTC). Total spend was $17.59 over 5.4h of agent activity and 41.0M raw / 241.5M effective tokens. 21 errors were recorded with 0 warnings and 0 missing tools. Engine mix: 47 copilot · 12 claude · 2 codex · 2 unknown.

The day was dominated by one recurring infrastructure failure: the Safe Outputs MCP HTTP Server step failing at startup, which knocked out runs across at least three unrelated workflows. A separate actions/upload-artifact pattern bug broke Daily Caveman Optimizer, and PR Sous Chef hit transient Could not resolve host: github.com errors during checkout.

Headline Metrics

Metric	Value
Total runs	63
Successful runs	42
Failed runs	19 (30% failure rate)
Total cost	$17.59
Action minutes	351
Turns	865
GitHub API calls	299
High-anomaly events	11

Critical Issues (action required)

1. safe-outputs-mcp-server-startup-failure — high severity, 4+ recurrences

   • Step agent/Start Safe Outputs MCP HTTP Server exited with code 1.
   • Affected: Smoke CI (run §25972474953), LintMonster (§25971057811), Daily Caveman Optimizer (§25972743169).
   • Recommendation: Capture stderr from the safeoutputs server startup; verify ports, env vars, and image versioning are consistent.

2. cache-memory-upload-artifact-path-invalid — medium severity

   • Upload cache-memory data as artifact rejected the pattern /tmp/gh-aw/cache-memory/. with: "Relative pathing '.' and '..' is not allowed."
   • Affected: Daily Caveman Optimizer (§25972743169).
   • Recommendation: Change the workflow template to use /tmp/gh-aw/cache-memory/** or /tmp/gh-aw/cache-memory/* instead of the trailing ..

3. pr-sous-chef-dns-checkout-failure — medium severity, 3 recurrences

   • activation/Checkout actions folder failed with Could not resolve host: github.com.
   • Affected: PR Sous Chef (§25972181829, §25971628699, §25971067141).
   • Recommendation: Add retry/backoff to the checkout step; investigate whether all three failures share a runner pool.

Workflow Health Trends

Success rate fell from 100% in the 17:00 UTC bucket to 52.2% at 20:00 UTC as the Safe Outputs MCP failures clustered in the late-afternoon scheduled runs, before partial recovery at 21:00. Repo memory had no prior history at the start of this audit, so the chart is hour-bucketed for today; once daily snapshots accumulate, future audits will render a true day-over-day curve.

Token & Cost Trends

Cost was front-loaded into the 18:00–19:00 buckets ($5.83 + $5.19), driven by claude-engine workflows like Daily Code Metrics, Copilot Agent PR Analysis, and Design Decision Gate. A single late run — Daily Safe Output Tool Optimizer (§25972929656) — drove the 21:00 spike to $5.99 (≈34% of the daily total) and ended in failure, making it the day's most expensive outlier.

Top Failing Workflows

Workflow	Runs	Failed	Rate
Smoke CI	11	7	64%
PR Sous Chef	8	3	38%
LintMonster	4	3	75%
Design Decision Gate 🏗️	4	1	25%

Firewall Activity & Network Friction

15 workflows routed requests to the (unknown) domain category and were blocked:

Workflow	Blocked / Total	Block %
Linter Miner	153 / 410	37%
PR Sous Chef	19 / 44	43%
Daily Testify Uber Super Expert	18 / 45	40%
LintMonster	18 / 47	38%
Test Quality Sentinel	18 / 43	42%
Contribution Check	17 / 45	38%
Daily Model Inventory Checker	11 / 22	50%
Matt Pocock Skills Reviewer	10 / 21	48%
Daily Secrets Analysis Agent	9 / 18	50%

The consistent (unknown) domain category strongly suggests the proxy CONNECT host header is being stripped or unresolved. Recommendation: Capture the blocked CONNECT targets and add known-good entries to the firewall allowlist; verify DNS for api.githubcopilot.com is resolving inside the sandbox.

Cost Outliers & Anomalies

11 high-anomaly events flagged across 63 runs by cross-run log template analysis (anomaly score > 0.6).

Cost spikes (single-run):

Workflow	Cost	Tokens	Status
Daily Safe Output Tool Optimizer	$5.99	28.6M	❌ failure
[aw] Failure Investigator (6h)	$4.76	23.3M	✅ success
Daily Code Metrics and Trend Tracking Agent	$3.57	15.8M	✅ success
Copilot Agent PR Analysis	$1.68	6.4M	✅ success
Design Decision Gate 🏗️	$1.61	5.7M (4 runs)	mixed

Execution drift: PR Sous Chef turn count varied 0–40 (mean 14.9) — suggests prompt instability or task-shape changes. Worth inspecting recent prompt edits and adding a 0-turn branch for empty PRs.

Recommendations Summary

Priority	Recommendation
🔴 high	Investigate Safe Outputs MCP HTTP Server startup failures (4 affected workflows)
🟡 medium	Fix actions/upload-artifact pattern in cache-memory upload step
🟡 medium	Add retry/backoff to PR Sous Chef checkout step (DNS errors)
🟡 medium	Tune firewall allowlist — 15 workflows hit (unknown) blocks
🟢 low	Stabilize PR Sous Chef turn budget; investigate 0-turn cases

Repo Memory Updates

This audit seeded the previously-empty repo memory with: audit-history.jsonl (1 entry), workflow-trends.json (top 15 workflows), known-issues.json (5 issues), recommendations.json (5 recs), anomalies.json, and metrics-summary.json (1 day). Subsequent audits will accumulate multi-day history so the trend charts can become genuine 30-day rollups.

References:

• §25969150212 (Smoke CI worst failure)
• §25972743169 (Caveman Optimizer — artifact path bug)
• §25972929656 (Safe Output Tool Optimizer — $5.99 spike)

Generated by 🔍 Agentic Workflow Audit Agent · ● 15.7M · ◷

• expires on May 17, 2026, 9:43 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Agentic Workflow Audit Agent.

A newer discussion is available at Discussion #32908.