[lockfile-stats] Lockfile Statistics Audit — 2026-06-06 (242 lockfiles, 24.6 MB)

[github-actions[bot]]

Executive Summary

Snapshot of 242 compiled lockfiles (.github/workflows/*.lock.yml) on 2026-06-06. Zero malformed/skipped files.

Metric	Value
Lockfiles	242
Total size	24.6 MB (25,819,695 bytes)
Avg / Median size	104.2 KB / 103.6 KB
Min / Max size	67.1 KB (test-workflow) / 162.9 KB (smoke-copilot-aoai-apikey)
Total jobs / steps / scripts	1,941 / 25,913 / 12,308
Dominant engine	copilot (159)
Dominant MCP server	github (6,656 refs)

Compiled workflows are uniformly large (generated YAML); every file falls between 67–163 KB.

File Size Distribution

Bucket	Count
50–100 KB	65
100–250 KB	177

Largest & smallest lockfiles

Largest: smoke-copilot-aoai-apikey (162.9 KB), smoke-copilot (162.2 KB), smoke-claude (158.4 KB), smoke-copilot-arm (150.8 KB), smoke-codex (137.7 KB), mcp-inspector, issue-monster, deep-report, cloclo, daily-news.

Smallest: test-workflow (67.1 KB), example-permissions-warning (67.8 KB), codex-github-remote-mcp-test (67.8 KB), firewall (69.0 KB), ace-editor (76.2 KB).

Trigger Analysis

Trigger	Workflows
workflow_dispatch	234
schedule	163
pull_request	33
issues	4
issue_comment	2
push	2
workflow_run / discussion / discussion_comment / pull_request_review_comment	1 each

Top combinations: schedule+workflow_dispatch (159), workflow_dispatch only (45), pull_request+workflow_dispatch (26). The corpus is overwhelmingly scheduled-agent oriented: 163 workflows run on cron, nearly all also manually dispatchable.

Cron cadence notes

Schedules are well-jittered (off-minute, staggered hours) — almost no two share a minute mark. Common shapes: daily (* * *), weekday (* * 1-5), every-6h (*/6), every-4h (*/4), weekly. This reflects good scheduling hygiene to avoid fleet-wide API spikes.

Safe Outputs Analysis

⚠️ Parser limitation: the current lockfile_stats_v1 analyzer extracts safe-output types and discussion categories via regex over compiled lock YAML, which no longer surfaces these in a matchable form — both buckets returned empty this run. For historical reference, the 2026-05-20 baseline (richer schema) recorded: create_discussion 233, create_issue 233, missing_tool 233, noop 227, add_comment 71, push_to_pull_request_branch 57, create_pull_request 56, plus add_labels, upload_assets, create_pull_request_review_comment, update_issue. Discussion categories then: audits 68, announcements 5, research 2. This is a known metric gap, not a corpus change — flagged for a v2 analyzer fix.

Structural Characteristics

Metric	Min	Avg	Max
Jobs / workflow	5	8.02	12 (firewall-escape)
Steps / workflow	69	107.1	146 (smoke-copilot)

Totals: 1,941 jobs, 25,913 steps, 12,308 embedded scripts across the corpus.

Permission Patterns

The analyzer reports a uniform {} top-level permission kind for all 242 files (read/write maps empty). Like safe-outputs, granular permission extraction is a v1 parser gap rather than a finding that workflows lack permissions.

Tool & MCP Patterns

MCP Server	References
github	6,656
playwright	168
sentry	96
ruflo	16
grafana	14
arxiv / deepwiki	6 each

GitHub MCP is the near-universal backbone. The most-referenced GitHub tools (128 workflows each) are read APIs: issue_read, get_file_contents, list_commits, get_pull_request, list_dependabot_alerts, get_code_scanning_alert, etc. — consistent with the read-only MCP posture.

Engine distribution

Engine	Workflows
copilot	159
claude	64
codex	14
antigravity / crush / gemini / opencode / pi	1 each

Interesting Findings

1. Copilot leads, Claude is the strong second. 159 copilot vs 64 claude vs 14 codex — plus a long tail of five single-use experimental engines (antigravity, crush, gemini, opencode, pi), signalling active engine experimentation.
2. Smoke tests are the heaviest artifacts. The five largest lockfiles are all smoke-* workflows (137–163 KB), each exercising a full engine+MCP matrix.
3. Compiled output is uniformly heavy. No lockfile is under 67 KB; the generator emits ~104 KB of boilerplate per workflow on average — 25,913 steps for 242 source workflows (≈107 steps each).
4. Scheduling discipline is excellent. Of 163 cron workflows, schedules are spread across off-minute marks and varied hours, avoiding synchronized API bursts.
5. Near-monoculture on GitHub MCP (6,656 refs) with a small specialized periphery (playwright/sentry/grafana/arxiv/deepwiki) for browser, observability, and research agents.

Historical Trends

Day-over-day (2026-06-05 → 2026-06-06)

Metric	06-05	06-06	Δ
Lockfiles	240	242	+2
Total bytes	25.49 MB	24.62 MB→25.82 MB	+327 KB
Avg size	106,217	106,692	+475
workflow_dispatch	232	234	+2
schedule	162	163	+1
Jobs total	1,923	1,941	+18
Steps total	25,670	25,913	+243
Scripts total	12,192	12,308	+116
copilot / claude engines	158 / 63	159 / 64	+1 / +1

Since baseline (2026-05-20, ~17 days)

Metric	05-20	06-06	Δ
Lockfiles	233	242	+9
Avg size	96,081	106,692	+11.0%
Total bytes	22.39 MB	25.82 MB	+15.3%
Steps total	24,002	25,913	+1,911

Steady organic growth: +9 workflows and ~11% larger average compiled output, reflecting both new agents and a heavier generated runtime.

Recommendations

1. Ship a lockfile_stats_v2 analyzer that parses safe-output types, discussion categories, and granular permissions from the current lock format (extract from the embedded GITHUB_AW_SAFE_OUTPUTS JSON and the per-job permissions: blocks). Today's empties for these three sections are parser gaps, not real zeros.
2. Watch compiled-size growth. Average lockfile size rose ~11% in 17 days. If the generator boilerplate is the driver, consider deduplicating shared step blocks to keep .lock.yml diffs reviewable.
3. Consolidate or retire single-use engines. The five 1-off engines add matrix surface; confirm they're intentional experiments rather than abandoned configs.

---

Methodology note: single-script compact JSON analysis — all 242 lockfiles parsed once by a cached analyzer (lockfile_stats_v1.py) into a ≤5 KB JSON summary; the report is derived solely from that summary and prior-day history snapshots. No individual lockfile was opened for analysis.

Generated by 📊 Lockfile Statistics Analysis Agent · 79.1 AIC · ⌖ 12.1 AIC · ⊞ 5.4K ambient context · ◷

• expires on Jun 7, 2026, 8:41 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Lockfile Statistics Analysis Agent.

A newer discussion is available at Discussion #37650.