Add tool-usage efficiency hints to copilot-token-optimizer Phase 2 prompt

[Copilot]

The copilot-token-optimizer Phase 2 analysis matrix lacks specific anti-pattern detection guidance, resulting in generic rather than actionable optimization recommendations.

Changes

• .github/workflows/copilot-token-optimizer.md: Added ### Tool-Usage Efficiency Patterns subsection between the analysis matrix and the Rules block, listing five anti-patterns the agent should actively detect:

  • Sequential independent reads/API calls that should be batched in one tool-use block
  • Separate bash calls that could be chained with &&
  • bash cat/grep/find where typed tools (view/grep/glob) return more concise output
  • Multiple sequential gh api calls combinable into fewer round-trips via jq
  • Blind retries of failing operations without prior error analysis

• Lock file: Recompiled via make recompile (204/204 workflows).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 67d-df6fd9990398-C (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 67d-df6fd9990398-1 (http block)
• https://api.github.com/repos/actions/checkout/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
• https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
  • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq [.object.sha, .object.type] | @tsv (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .default_branch (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

Adds more specific “tool-usage efficiency” anti-pattern checks to the copilot-token-optimizer Phase 2 prompt so audits produce more actionable token-saving recommendations, and refreshes the compiled action pin lock data.

Changes:

• Add a new “Tool-Usage Efficiency Patterns” subsection with concrete anti-patterns to detect during run audits.
• Update ruby/setup-ruby action pin from v1.305.0 to v1.306.0 (incl. SHA) in the compiled pin data.

Show a summary per file

File	Description
.github/workflows/copilot-token-optimizer.md	Extends Phase 2 analysis guidance with explicit tool-usage anti-pattern detection bullets.
pkg/workflow/data/action_pins.json	Updates the pinned ruby/setup-ruby version and SHA in workflow action pin data.
pkg/actionpins/data/action_pins.json	Mirrors the same ruby/setup-ruby pin update in the actionpins package dataset.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 2

[Copilot]

The prompt recommends using view, grep, and glob as “typed tools”, but those tool names aren’t documented as GH-AW built-in tools in the repo’s Tools reference (docs/src/content/docs/reference/tools.md lists edit, bash, github, etc.). This risks the optimizer producing recommendations that can’t be applied to actual runs. Consider rewording this bullet to reference the documented tools (e.g., edit for file reads / edits) or to describe the behavior generically (e.g., “prefer built-in file read/search tools over shelling out”) without naming potentially-nonexistent tools.

Suggested change

	- **Prefer typed tools**: look for `bash cat`, `bash grep`, `bash find -name` when `view`, `grep`, `glob` would return more concise output
	- **Prefer built-in file read/search tools over shelling out**: look for `bash cat`, `bash grep`, or `bash find -name` when documented built-in tools could return more concise output

[Copilot]

This new guidance encourages consolidating gh api sequences, but repository guidance for Copilot workflows explicitly discourages direct GitHub CLI API reads in prompts in favor of GitHub MCP tools (see AGENTS.md:176). Given the firewall restrictions called out in the PR description, gh api calls may be blocked and lead to retries/token waste. Consider changing this bullet to focus on consolidating GitHub MCP calls (toolset selection + narrowing fields/limits) or, if gh api is intentionally used here, add a brief note explaining why it’s acceptable for this workflow and how to avoid blocked endpoints (e.g., prefer REST over GraphQL when needed).

Suggested change

	- **Consolidate GitHub API sequences**: look for multiple sequential `gh api` calls that could be combined into fewer round-trips with `jq` filtering
	- **Consolidate GitHub reads**: prefer fewer, narrower GitHub MCP calls by selecting only the needed tool, fields, and limits; if `gh api` is required for this workflow, avoid blocked endpoints and prefer REST over GraphQL when restrictions apply