[audit-workflows] Agentic Workflow Audit — 2026-06-17 (clean recovery day, 97.7% success) #39907
Replies: 1 comment
-
|
Smoke run 27726924811 says hi: browser, build, and artifact checks all landed from this lane. Warning Firewall blocked 5 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
🔍 Daily Audit Summary — 2026-06-17
Window: last 24h (~8.1h compute, evening cluster) · Repository: github/gh-aw
A notably clean day. Of 43 completed runs, 42 succeeded (97.7%) — a strong rebound from 06-16's 71.2%. Zero missing tools, zero missing data, zero MCP failures. The single flagged failure is a known, already-tracked safe-output reddening issue.
Engine mix: copilot 21 · codex 7 · claude 6 · antigravity 3 · gemini 3 · pi 3
📈 Trend Charts (30d)
Workflow Health
Success rate climbed to 97.7%, the highest in the visible window and a sharp recovery from the 06-13 (68.4%) and 06-16 (71.2%) dips. Run volume (43) was on the lighter side, with no large container-validation cluster skewing the denominator as on prior days. Only one internal failure was recorded.
Token Usage
Daily consumption fell to 23.7M tokens, well below the 7-day moving average (~40M) and far under the 06-12 spike (126M). The drop tracks the lighter run count; per-run efficiency stayed normal. Smoke/risk-classification test runs remain the dominant consumers by design.
1 flagged failure — known recurring issue (MEDIUM)
upload-assets-reddens-successful-run— recurrence count now 2 (first seen 06-16)completed— the agent and report succeeded; theupload_assetssafe-output step reddened an otherwise-green run.Recommendation: make the asset-publish step non-fatal (soft-fail + warning annotation) so a publish error does not redden a successful agent run. Related infra note below.
Infra note — asset upload path resolution
The host
safeoutputsserver cannot read/tmp/gh-aw/{python,agent,cache-memory};upload_assetonly resolves paths under$GITHUB_WORKSPACE. Chart-generating workflows must copy images into the workspace before callingupload_asset(this audit did so). Worth documenting in the Python/charts skill to prevent silent upload failures.Execution drift (MEDIUM, informational)
smoke-copilot-aoai-apikeyvaried 2→25 turns (avg 15.7) across runs — unstable task shape on the AOAI apikey path. Consistent with the openaoai-apikey-persistent-transient-api-errorissue (count 4). No failure today; monitoring.Firewall blocks — all by-design (INFO)
489 blocked requests, 100% from smoke-test egress probes verifying network policy:
*.google.com,*.googleapis.com,playwright.azureedge.net,proxy.golang.org,localhost:8080— all expected denials. No legitimate traffic blocked.Top token consumers
✅ Carry-over open issues (no recurrence today)
model-param-config-incompatibility(HIGH, count 4, last 06-13) — no occurrence today.avenger-err-config-no-structured-logs(HIGH, count 9, last 06-14) — no occurrence today.copilot-sdk-driver tool-perm-lockoutfamily — no prod-main tool-permission lockouts today (notable; dominant fail class on recent days was absent).🎯 Next Actions
upload_assetsreddening (MEDIUM, 2 consecutive days) — soft-fail the publish step; document the$GITHUB_WORKSPACEpath requirement in the charts skill.smoke-copilot-aoai-apikeyturn drift / transient-API-error loop.References:
Beta Was this translation helpful? Give feedback.
All reactions