You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Most common combinations: schedule+workflow_dispatch (161), workflow_dispatch only (47), pull_request+workflow_dispatch (26). Nearly all scheduled workflows pair with manual dispatch — strong consistency. Scheduled crons are well-distributed across off-peak minutes (no :00/:30 clustering); a handful of */6h and */4h high-frequency jobs exist.
Safe Outputs Analysis
The v1 analyzer schema does not currently extract safe-output types or discussion categories from the compiled lock files (both sections returned empty). This is a known limitation of the cached lockfile_stats_v1.py schema rather than an absence of safe outputs. Recommendation: bump to lockfile_stats_v2.py to parse the safe_outputs block. (Not changed this run to honor the script-reuse + version-marker contract.)
Structural Characteristics
Metric
Min
Avg
Max
Max workflow
Jobs/workflow
5
8.04
12
firewall-escape
Steps/workflow
72
109.6
148
smoke-copilot
Step and job counts are tightly clustered (low variance), consistent with a shared compilation template across all workflows.
Permission Patterns
Top-level permissions resolved to empty ({}) for all 246 workflows in the v1 schema — permissions are set at the per-job level in compiled lock files, which the current schema does not descend into. Flagged for v2.
Timeout Distribution
Timeout (min)
Count
≤5
16
6–15
122
16–30
326
31–60
279
>60
3
Tool & MCP Patterns
MCP server
Mention frequency
github
6,552
playwright
168
sentry
64
ruflo
16
grafana
14
arxiv / deepwiki
6 each
GitHub MCP dominates. The most-referenced GitHub read tools (126 workflows each) include get_file_contents, get_pull_request*, issue_read, list_commits, get_workflow_run*, and alert-reading tools — a consistent read-only GitHub toolset shared across ~half the fleet.
Engine Distribution
Engine
Count
copilot
164
claude
63
codex
14
antigravity / crush / gemini / opencode / pi
1 each
Interesting Findings
Copilot is the majority engine (164/246, 67%), with Claude a distant second (63, 26%). The new workflow added today was copilot-based.
Template uniformity is striking — every lockfile carries 72–148 steps and 5–12 jobs, and all share an identical {} top-level permissions shape, evidencing a single deterministic compiler.
Manual-dispatch is near-universal — 238/246 (97%) expose workflow_dispatch, making nearly the entire fleet manually runnable.
Smoke tests are the heaviest — the five largest lockfiles are all smoke-* variants (148–174 KB), driven by multi-engine/auth matrix expansion.
GitHub read surface is huge — 6,552 github-MCP mentions vs 168 for the next server (playwright); the fleet is overwhelmingly GitHub-centric and read-oriented.
Growth is steady and incremental — one new copilot, dispatch-only workflow added; aggregate structure and distributions are otherwise stable.
Recommendations
Bump analyzer to v2 to extract per-job permissions, safe_outputs types, and discussion categories — the three gaps in this report.
Investigate smoke-test size growth — the smoke-* matrix dominates total bytes; consider whether all auth/engine permutations need separate compiled files.
Audit high-frequency crons (*/4h, */6h) for necessity given AI-credit cost.
Methodology
Single-script compact JSON analysis: one cached Python analyzer (lockfile_stats_v1.py) parsed all 246 lock files in one pass, emitting a 4.8 KB compact JSON summary; all insights derived from that summary + retained daily history. No per-file inspection. Two analyzer sections (safe-output types, permissions) are unpopulated under the v1 schema and noted above as limitations, not findings.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Executive Summary
Analysis of all 246 compiled
.github/workflows/*.lock.ymlfiles as of 2026-06-12. Zero malformed/skipped files.Day-over-day (vs 2026-06-11): +1 lockfile, +139,704 bytes, +10 jobs, +147 steps, +66 scripts — one new copilot, dispatch-only workflow.
File Size Distribution
Largest & smallest lockfiles
Largest: smoke-copilot-aoai-entra (173,737 B), smoke-copilot-aoai-apikey (173,353 B), smoke-copilot (172,704 B), smoke-claude (169,588 B), smoke-copilot-arm (160,523 B), smoke-codex (148,381 B), mcp-inspector (144,281 B), deep-report (143,123 B), issue-monster (142,183 B), cloclo (139,859 B).
Smallest: test-workflow (73,942 B), example-permissions-warning (74,596 B), codex-github-remote-mcp-test (75,463 B), firewall (75,894 B), ace-editor (83,234 B).
Trigger Analysis
Most common combinations:
schedule+workflow_dispatch(161),workflow_dispatchonly (47),pull_request+workflow_dispatch(26). Nearly all scheduled workflows pair with manual dispatch — strong consistency. Scheduled crons are well-distributed across off-peak minutes (no:00/:30clustering); a handful of*/6hand*/4hhigh-frequency jobs exist.Safe Outputs Analysis
The v1 analyzer schema does not currently extract safe-output types or discussion categories from the compiled lock files (both sections returned empty). This is a known limitation of the cached
lockfile_stats_v1.pyschema rather than an absence of safe outputs. Recommendation: bump tolockfile_stats_v2.pyto parse thesafe_outputsblock. (Not changed this run to honor the script-reuse + version-marker contract.)Structural Characteristics
Step and job counts are tightly clustered (low variance), consistent with a shared compilation template across all workflows.
Permission Patterns
Top-level
permissionsresolved to empty ({}) for all 246 workflows in the v1 schema — permissions are set at the per-job level in compiled lock files, which the current schema does not descend into. Flagged for v2.Timeout Distribution
Tool & MCP Patterns
GitHub MCP dominates. The most-referenced GitHub read tools (126 workflows each) include
get_file_contents,get_pull_request*,issue_read,list_commits,get_workflow_run*, and alert-reading tools — a consistent read-only GitHub toolset shared across ~half the fleet.Engine Distribution
Interesting Findings
{}top-level permissions shape, evidencing a single deterministic compiler.workflow_dispatch, making nearly the entire fleet manually runnable.smoke-*variants (148–174 KB), driven by multi-engine/auth matrix expansion.Historical Trends
23 daily snapshots retained (2026-05-20 → 2026-06-12). Day-over-day:
Growth is steady and incremental — one new copilot, dispatch-only workflow added; aggregate structure and distributions are otherwise stable.
Recommendations
permissions,safe_outputstypes, and discussion categories — the three gaps in this report.*/4h,*/6h) for necessity given AI-credit cost.Methodology
Single-script compact JSON analysis: one cached Python analyzer (
lockfile_stats_v1.py) parsed all 246 lock files in one pass, emitting a 4.8 KB compact JSON summary; all insights derived from that summary + retained daily history. No per-file inspection. Two analyzer sections (safe-output types, permissions) are unpopulated under the v1 schema and noted above as limitations, not findings.Beta Was this translation helpful? Give feedback.
All reactions