[detection-analysis] Detection Analysis Report — 2026-06-29 (last 24h)

[github-actions[bot]]

Summary

• Window evaluated: last 24 full hours (UTC), report generated 2026-06-29
• Data coverage caveat: the logs download was truncated by a 60s gateway timeout, so the analyzed sample covers runs created 2026-06-29T10:31Z → 13:55Z (75 runs). Older runs in the 24h window were not retrievable in this run.
• Total runs analyzed: 75 (74 completed, 1 still in progress)
• Detection-enabled runs: 19 (25.3%)
• Regular runs: 56 (74.7%)
• Misconfigured workflows found: 7

Warning

7 workflows were flagged for detection misconfigurations — 1 high-frequency workflow with detection explicitly disabled and 6 analysis/audit/report workflows missing gh-aw-detection: true. See the table below.

Comparison Chart

Metric	Regular Runs	Detection Runs
Total runs	56	19
Success rate	100.0%	94.7%
Avg tokens	n/a*	n/a*
Failure count	0	1
Misconfigured count	—	7

* Token usage was 0 / unpopulated in aw_info.json and token_usage.jsonl for every run in this window (these are predominantly Copilot-engine runs that did not emit token metrics), so per-group average tokens could not be computed.

The single detection-run failure is "Daily Max AI Credits Test (Intentionally Fails)" — a by-design failure test. Its threat-detection job steps ran/skipped correctly (no detection-job error), so it is not counted as a detection misconfiguration.

Misconfigured Workflows

Workflow	Misconfiguration type	Runs	Recommended fix
Smoke CI	(1) detection explicitly disabled on active workflow (10 runs/24h)	10	Confirm gh-aw-detection: false is intentional for this fast CI smoke check; otherwise enable detection. Likely acceptable for a low-risk CI gate — document the exemption.
Daily AIC Consumption Report (Sentry + Grafana OTel)	(2) report workflow missing detection	1	Add gh-aw-detection: true to frontmatter.
Daily Agentic Workflow AIC Usage Audit	(2) audit workflow missing detection	1	Add gh-aw-detection: true to frontmatter.
Weekly Workflow Analysis	(2) analysis workflow missing detection	1	Add gh-aw-detection: true to frontmatter.
GitHub MCP Structural Analysis	(2) analysis workflow missing detection	1	Add gh-aw-detection: true to frontmatter.
Copilot Agent Prompt Clustering Analysis	(2) analysis workflow missing detection	1	Add gh-aw-detection: true to frontmatter.
Typist - Go Type Analysis	(2) analysis workflow missing detection	1	Add gh-aw-detection: true to frontmatter.

Keyword stems used for rule (2): audit, analy (analyzer/analysis), report, detect, monitor, inspect. Analysis/report workflows that already set gh-aw-detection: true (e.g. GitHub API Consumption Report Agent, Copilot PR Conversation NLP Analysis, Daily MCP Tool Concurrency Analysis) were not flagged.

Rules (3) detection-job failure and (4) inconsistent detection state within the window produced no matches.

View All Run Metrics

Workflow	Runs	Detection	Success	Fail	Success rate
Smoke CI	10	❌ disabled	10	0	100%
Design Decision Gate 🏗️	7	— absent	7	0	100%
Matt Pocock Skills Reviewer	7	— absent	7	0	100%
PR Code Quality Reviewer	7	— absent	7	0	100%
Test Quality Sentinel	7	✅ enabled	7	0	100%
Impeccable Skills Reviewer	6	— absent	6	0	100%
Auto-Triage Issues	2	✅ enabled	2	0	100%
Issue Monster	2	— absent	1	0	100% (1 in progress)
PR Sous Chef	2	— absent	2	0	100%
AI Moderator	1	✅ enabled	1	0	100%
Claude Code User Documentation Review	1	✅ enabled	1	0	100%
Constraint Solving — Problem of the Day	1	✅ enabled	1	0	100%
Copilot Agent Prompt Clustering Analysis	1	— absent	1	0	100%
Copilot PR Conversation NLP Analysis	1	✅ enabled	1	0	100%
Daily AIC Consumption Report (Sentry + Grafana OTel)	1	— absent	1	0	100%
Daily Agentic Workflow AIC Usage Audit	1	— absent	1	0	100%
Daily Choice Type Test	1	✅ enabled	1	0	100%
Daily Documentation Updater	1	✅ enabled	1	0	100%
Daily Go Function Namer	1	✅ enabled	1	0	100%
Daily MCP Tool Concurrency Analysis	1	✅ enabled	1	0	100%
Daily Max AI Credits Test (Intentionally Fails)	1	✅ enabled	0	1	0% (by design)
Dependabot Dependency Checker	1	— absent	1	0	100%
Draft PR Cleanup	1	— absent	1	0	100%
GitHub API Consumption Report Agent	1	✅ enabled	1	0	100%
GitHub MCP Structural Analysis	1	— absent	1	0	100%
Glossary Maintainer	1	— absent	1	0	100%
PR Description Updater	1	— absent	1	0	100%
PR Triage Agent	1	— absent	1	0	100%
Package Specification Enforcer	1	— absent	1	0	100%
Package Specification Extractor	1	— absent	1	0	100%
Scout	1	— absent	1	0	100%
Team Status	1	— absent	1	0	100%
Typist - Go Type Analysis	1	— absent	1	0	100%
Weekly Workflow Analysis	1	— absent	1	0	100%

View Historical Trend

Trend chart requires ≥7 days of history; the cache currently holds 3 days (2026-06-27 → 2026-06-29). The trend chart will be generated automatically once 7 days accumulate in cache-memory/trending/detection-metrics/history.jsonl.

Recommendations

1. Add gh-aw-detection: true to the 6 analysis/audit/report workflows listed above — these read external data and produce reports, exactly the class of workflow threat detection is meant to cover.
2. Confirm the Smoke CI exemption. gh-aw-detection: false across 10 runs is likely intentional for a fast CI gate; if so, document the exemption so it stops being flagged. Otherwise enable detection.
3. Investigate token metrics. Token usage is reported as 0 for all runs in this window, which blocks the avg-token comparison. Verify whether Copilot-engine runs are expected to emit token_usage.
4. Fix the logs download window. The logs tool repeatedly hit the 60s gateway timeout, truncating coverage to ~3.4h instead of 24h. Consider paging by count/date ranges so the full window can be analyzed.

References:

• §28368579246 — Smoke CI (detection disabled)
• §28372740647 — Daily Max AI Credits Test (intentional failure)
• §28373307037 — Daily Agentic Workflow AIC Usage Audit (missing detection)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by 🔎 Detection Analysis Report · 208.8 AIC · ⌖ 17.6 AIC · ⊞ 5.8K · ◷

• expires on Jul 2, 2026, 6:19 AM UTC-08:00