Daily cross-repository compatibility audit — run §24831382557 · gh-aw c292442 · 2026-04-23.
17 of 20 repositories compiled cleanly after gh aw fix. Three repositories remain broken, falling into two distinct error clusters.
Summary
| Metric |
Value |
| Repos analyzed |
20 |
| Compile pass after fix |
17 (85%) |
| Compile fail after fix |
3 (15%) |
| gh-aw version |
c292442 |
| Error clusters |
2 |
Critical Issues
Cluster A — serena-tools-to-shared-import codemod leaves residual errors (2 repos)
The serena-tools-to-shared-import codemod (introduced v1.0.0) successfully runs but leaves workflows in a broken state in two scenarios. See issue #28032 for a dedicated codemod-bug report.
Cluster B — tools.fetch.allowed has no codemod (1 repo, 3 workflows)
microsoft/security-devops-action uses tools.fetch.allowed for network allowlists. This field is no longer recognized, and gh aw fix reports "No fixes needed" — there is no codemod for this migration.
Per-repository results (20 repos)
Failing repositories
| Repository |
Stars |
CB |
Fix |
CA |
Error summary |
| storybookjs/storybook |
~84k |
✗ |
applied |
✗ |
serena.md@main: required with.languages missing after codemod |
| microsoft/FluidFramework |
~4.5k |
✗ |
applied |
✗ |
model: gpt-5.2 misplaced after codemod disrupts engine: block |
| microsoft/security-devops-action |
~800 |
✗ |
no-op |
✗ |
tools.fetch: Unknown property — no codemod available |
CB = compile-before exit code, CA = compile-after exit code.
Passing repositories
storybookjs/storybook excluded; all others: dotnet/aspnetcore, taosdata/TDengine, dotnet/core, f/prompts.chat, dotnet/runtime, Z3Prover/z3, internetarchive/openlibrary, royshil/obs-backgroundremoval, moeru-ai/airi, CommunityToolkit/Aspire, npgsql/efcore.pg, rancher/dashboard, pulumi/pulumi-awsx, fslaborg/Deedle, github/awesome-copilot, microsoft/vscode-mypy, pulumi/pulumi-eks.
Cluster A — serena codemod details
storybookjs/storybook (duplicate-code-detector.md):
Before fix:
tools:
serena: ['typescript']
After codemod applied — file looks correct locally but compile still fails:
error: import 'github/gh-aw/.github/workflows/shared/mcp/serena.md@main':
required 'with' input "languages" is missing (declared in import-schema)
The source: pin in this file references commit 852cb06 of the upstream duplicate-code-detector.md. That pinned version resolves to a serena import without the languages parameter, causing validation failure even after the local codemod adds languages. Root cause: backward-compatibility gap between old source: pins and the new required languages parameter in shared/mcp/serena.md.
microsoft/FluidFramework (duplicate-code-detector.md):
Before fix — the engine: block had both tools.serena and other sub-fields:
engine:
tools:
serena:
languages: ["typescript"]
model: gpt-5.2
id: copilotAfter codemod — model and id misplaced as siblings of imports entries:
engine:
imports:
- uses: shared/mcp/serena.md
with:
languages: ["typescript"]
model: gpt-5.2
id: copilotCompile error:
.../duplicate-code-detector.md:16:3: error: value is not allowed in this context
model: gpt-5.2
Root cause: codemod moves tools.serena out of engine: but does not preserve sibling fields (model, id), resulting in malformed YAML.
Cluster B — tools.fetch details
microsoft/security-devops-action — 3 workflow files affected: ci-doctor.md, msdo-breach-monitor.md, msdo-issue-assistant.md.
Representative error (repeated across all 3 files):
tools:
fetch:
allowed: [] ← "Unknown property: fetch"
Compiler message: Unknown property: fetch. Did you mean 'watch'? It belongs under 'on'
gh aw fix reports "No fixes needed" — no codemod exists for this field.
Recommended migration (manual until codemod added):
# Before
tools:
fetch:
allowed:
- raw.githubusercontent.com
- nvd.nist.gov
# After
network:
allowed:
- raw.githubusercontent.com
- nvd.nist.govProposed codemod ID: fetch-tools-to-network-allowed-migration
Recommended Actions
- Fix
serena-tools-to-shared-import codemod (see #28032): handle engine: sub-fields and source:-pinned workflows.
- Add
fetch-tools-to-network-allowed-migration codemod: transform tools.fetch.allowed to network.allowed. Affects at least 3 workflow files in the wild.
- Schema backward-compatibility: consider whether
source: pinning to older commits should gracefully degrade when imported shared schemas add required fields.
References:
Daily cross-repository compatibility audit — run §24831382557 · gh-aw
c292442· 2026-04-23.17 of 20 repositories compiled cleanly after
gh aw fix. Three repositories remain broken, falling into two distinct error clusters.Summary
c292442Critical Issues
Cluster A —
serena-tools-to-shared-importcodemod leaves residual errors (2 repos)The
serena-tools-to-shared-importcodemod (introduced v1.0.0) successfully runs but leaves workflows in a broken state in two scenarios. See issue#28032for a dedicated codemod-bug report.Cluster B —
tools.fetch.allowedhas no codemod (1 repo, 3 workflows)microsoft/security-devops-actionusestools.fetch.allowedfor network allowlists. This field is no longer recognized, andgh aw fixreports "No fixes needed" — there is no codemod for this migration.Per-repository results (20 repos)
Failing repositories
serena.md@main: requiredwith.languagesmissing after codemodmodel: gpt-5.2misplaced after codemod disruptsengine:blocktools.fetch: Unknown property— no codemod availableCB = compile-before exit code, CA = compile-after exit code.
Passing repositories
storybookjs/storybook excluded; all others: dotnet/aspnetcore, taosdata/TDengine, dotnet/core, f/prompts.chat, dotnet/runtime, Z3Prover/z3, internetarchive/openlibrary, royshil/obs-backgroundremoval, moeru-ai/airi, CommunityToolkit/Aspire, npgsql/efcore.pg, rancher/dashboard, pulumi/pulumi-awsx, fslaborg/Deedle, github/awesome-copilot, microsoft/vscode-mypy, pulumi/pulumi-eks.
Cluster A — serena codemod details
storybookjs/storybook (
duplicate-code-detector.md):Before fix:
After codemod applied — file looks correct locally but compile still fails:
The
source:pin in this file references commit852cb06of the upstreamduplicate-code-detector.md. That pinned version resolves to a serena import without thelanguagesparameter, causing validation failure even after the local codemod addslanguages. Root cause: backward-compatibility gap between oldsource:pins and the new requiredlanguagesparameter inshared/mcp/serena.md.microsoft/FluidFramework (
duplicate-code-detector.md):Before fix — the
engine:block had bothtools.serenaand other sub-fields:After codemod —
modelandidmisplaced as siblings of imports entries:Compile error:
Root cause: codemod moves
tools.serenaout ofengine:but does not preserve sibling fields (model,id), resulting in malformed YAML.Cluster B — tools.fetch details
microsoft/security-devops-action — 3 workflow files affected:
ci-doctor.md,msdo-breach-monitor.md,msdo-issue-assistant.md.Representative error (repeated across all 3 files):
Compiler message: Unknown property: fetch. Did you mean 'watch'? It belongs under 'on'
gh aw fixreports "No fixes needed" — no codemod exists for this field.Recommended migration (manual until codemod added):
Proposed codemod ID:
fetch-tools-to-network-allowed-migrationRecommended Actions
serena-tools-to-shared-importcodemod (see#28032): handleengine:sub-fields andsource:-pinned workflows.fetch-tools-to-network-allowed-migrationcodemod: transformtools.fetch.allowedtonetwork.allowed. Affects at least 3 workflow files in the wild.source:pinning to older commits should gracefully degrade when imported shared schemas add required fields.References: