You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Window evaluated: last 24 full hours (UTC), intended 2026-07-01T13:00:00Z → 2026-07-02T13:00:00Z
Data coverage: the logs fetch (start_date: -1d) hit the 60s gateway deadline; 87 runs with complete metadata (run_summary.json + aw_info.json) were analyzed. Observed runs span 2026-07-02T10:11:23.608Z → 2026-07-02T13:06:50.312Z.
Total runs analyzed: 87
Detection-enabled runs: 21 (24%)
Regular runs: 66 (76%)
Misconfigured workflows found: 5
Warning
5 workflows were flagged with detection misconfigurations — see the section below.
Metric
Regular Runs
Detection Runs
Total runs
66
21
Success rate
90.9%
90.5%
Avg tokens (input+output)
70,839
23,158
Failure count
6
2
Misconfigured count
—
5
Detection classification uses features.gh-aw-detection from each run's aw_info.json (present in 33 of 87 runs; absent → treated as Regular).
Comparison Chart
Success rates are effectively identical (~90.5% vs ~90.9%). Detection-enabled runs show a much lower average token footprint (~23,158 vs ~70,839) — the Regular average is inflated by high-volume smoke tests (e.g. Smoke Copilot variants at 0.7M–1.4M tokens).
Misconfigured Workflows
Workflow
Misconfiguration
Runs
Example run
Recommended fix
Copilot Agent Prompt Clustering Analysis
Detection absent on audit/analysis/report workflow
Add gh-aw-detection: true — name indicates an audit/analysis/report workflow that should run threat detection.
The most actionable case is Smoke CI — 4 runs, 0% success, with detection explicitly disabled. The remaining four are audit/analysis workflows whose names imply they should carry threat detection but currently do not.
View All Run Metrics (87 runs across 42 workflows)
Detection-run volume has grown modestly (12→21 over the last two days) while detection success rate has held in the 80–95% band. (Trend covers 6 days; the 7-day threshold in the spec is nearly met — the line will fill in on the next run.)
Recommendations
Fix Smoke CI (priority): it is failing every run (0/4). Investigate the failure first, then decide on gh-aw-detection — as an active, repeatedly-run workflow it should have detection enabled once green.
Enable detection on audit/analysis workflows: add gh-aw-detection: true to Daily Agentic Workflow AIC Usage Audit, GitHub MCP Structural Analysis, Copilot Agent Prompt Clustering Analysis, and Typist - Go Type Analysis — these read/analyze repo content and are natural threat-detection candidates.
No detection-job failures observed: all 21 detection-enabled runs completed their detection job successfully — no type-3 issues this window.
No inconsistent-state workflows: no workflow alternated detection on/off within the window.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
2026-07-01T13:00:00Z → 2026-07-02T13:00:00Zlogsfetch (start_date: -1d) hit the 60s gateway deadline; 87 runs with complete metadata (run_summary.json+aw_info.json) were analyzed. Observed runs span2026-07-02T10:11:23.608Z→2026-07-02T13:06:50.312Z.Warning
5 workflows were flagged with detection misconfigurations — see the section below.
Detection classification uses
features.gh-aw-detectionfrom each run'saw_info.json(present in 33 of 87 runs; absent → treated as Regular).Comparison Chart
Success rates are effectively identical (~90.5% vs ~90.9%). Detection-enabled runs show a much lower average token footprint (~23,158 vs ~70,839) — the Regular average is inflated by high-volume smoke tests (e.g. Smoke Copilot variants at 0.7M–1.4M tokens).
Misconfigured Workflows
gh-aw-detection: true— name indicates an audit/analysis/report workflow that should run threat detection.gh-aw-detection: true— this workflow has >3 runs/window and should have threat detection on.gh-aw-detection: true— name indicates an audit/analysis/report workflow that should run threat detection.gh-aw-detection: true— name indicates an audit/analysis/report workflow that should run threat detection.gh-aw-detection: true— name indicates an audit/analysis/report workflow that should run threat detection.The most actionable case is Smoke CI — 4 runs, 0% success, with detection explicitly disabled. The remaining four are audit/analysis workflows whose names imply they should carry threat detection but currently do not.
View All Run Metrics (87 runs across 42 workflows)
Detection column: Yes =
gh-aw-detection: true; Off = explicitlyfalse; — = flag absent (treated as Regular).View Historical Trend (6 days: 2026-06-27 → 2026-07-02)
Detection-run volume has grown modestly (12→21 over the last two days) while detection success rate has held in the 80–95% band. (Trend covers 6 days; the 7-day threshold in the spec is nearly met — the line will fill in on the next run.)
Recommendations
gh-aw-detection— as an active, repeatedly-run workflow it should have detection enabled once green.gh-aw-detection: trueto Daily Agentic Workflow AIC Usage Audit, GitHub MCP Structural Analysis, Copilot Agent Prompt Clustering Analysis, and Typist - Go Type Analysis — these read/analyze repo content and are natural threat-detection candidates.detectionjob successfully — no type-3 issues this window.References:
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.
Beta Was this translation helpful? Give feedback.
All reactions