📊 Lockfile Statistics Analysis - 2025-10-14

[github-actions[bot]]

📊 Agentic Workflow Lock File Statistics - 2025-10-14

Executive Summary

• Total Lock Files: 29
• Total Size: 5.35 MB (5,607,217 bytes)
• Average File Size: 189 KB (193,352 bytes)
• Analysis Date: 2025-10-14

This comprehensive analysis examines all .lock.yml files in the .github/workflows/ directory to identify usage patterns, popular triggers, safe outputs, structural characteristics, and other interesting insights about agentic workflows in the githubnext/gh-aw repository.

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0%
10-50 KB	0	0%
50-100 KB	0	0%
100-200 KB	19	65.5%
> 200 KB	10	34.5%

Statistics:

• Smallest: smoke-opencode.lock.yml (116 KB)
• Largest: poem-bot.lock.yml (313 KB)
• Median Size: ~186 KB

Key Insight

All lock files are substantial in size (>100KB), indicating rich, fully-compiled workflow definitions with comprehensive safety checks, permission management, and agent instructions embedded within.

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	Percentage	Example Workflows
workflow_dispatch	23	79%	Most workflows support manual triggering
schedule	8	28%	daily-news, lockfile-stats, artifacts-summary
issue_comment	7	24%	Interactive workflows responding to comments
issues	6	21%	Issue-driven workflows
pull_request	3	10%	PR-based analysis workflows
discussion	2	7%	Discussion interaction workflows
discussion_comment	2	7%	Discussion comment handlers
pull_request_review_comment	2	7%	PR review comment handlers
workflow_run	1	3%	Dependent workflow triggers
push	2	7%	Push-triggered workflows

Key Findings

1. Manual Control Dominates: 79% of workflows support workflow_dispatch, giving users manual control over when agents run
2. Scheduled Automation: 28% run on schedules, providing automated monitoring and maintenance
3. Interactive Workflows: 24% respond to issue comments, enabling conversational agent interactions
4. Multi-Modal Design: Most workflows combine multiple triggers for flexibility

Common Trigger Combinations

The most common trigger combination patterns:

1. schedule + workflow_dispatch (7 workflows) - Automated with manual override capability
2. workflow_dispatch only (9 workflows) - Purely manual execution
3. Multi-event interactive (2 workflows) - Support issues, comments, PRs, discussions, and reviews
4. issue_comment + workflow_dispatch (3 workflows) - Comment-driven with manual option

Schedule Patterns

Schedule (Cron)	Count	Description
0 10 * * *	2	Daily at 10:00 AM UTC
0 9 * * 1	1	Weekly on Mondays at 9:00 AM
0 9 * * 1-5	1	Weekdays at 9:00 AM
0 0 * * *	1	Daily at midnight
0 11 * * *	1	Daily at 11:00 AM UTC
0 6 * * *	1	Daily at 6:00 AM UTC
0 3 * * *	1	Daily at 3:00 AM UTC

Pattern: Most scheduled workflows run daily during business hours (UTC morning), with staggered times to distribute load.

Safe Outputs Analysis

Safe Output Types Distribution

Based on grep analysis of all lock files:

Type	Occurrences	Description
create-pull-request	691	Dominant safe output - agents creating PRs for code changes
create-issue	175	Issue creation for tracking tasks/bugs
update-issue	157	Updating existing issues with new information
add-comment	141	Adding comments to existing issues/PRs
create-discussion	117	Creating discussions for reports/summaries

Key Insights

1. PR-First Culture: create-pull-request is the most common safe output (691 occurrences), indicating agents primarily operate by proposing code changes through PRs
2. Issue Management: Combined issue operations (create + update) total 332 occurrences, showing strong issue-based workflow integration
3. Discussion-Based Reporting: 117 occurrences of create-discussion show agents use discussions for publishing reports and summaries
4. Universal Adoption: All 29 workflows (100%) use at least one safe output mechanism

Discussion Categories

Based on repository categories, agents can publish to:

• Audits - Analysis and audit reports
• Artifacts - Build and artifact summaries
• Daily News - Automated news digests
• Dev - Development discussions
• Tidy - Code cleanup reports
• General - General-purpose discussions
• Q&A - Question and answer format
• Announcements - Important updates

Structural Characteristics

Job Complexity

• Average Jobs per Workflow: 6.7 jobs
• Minimum Jobs: 4 (notion-issue-summary)
• Maximum Jobs: 14 (poem-bot)
• Most Common: 6 jobs (17 workflows)

Step Complexity

• Average Steps per Job: 6.9 steps
• Minimum Steps per Job: 1 (common for check/validation jobs)
• Maximum Steps in Single Job: 42 (in q.lock.yml)
• Typical Pattern: 10 steps for setup, ~25-35 steps for main agent execution

Average Lock File Structure

Based on statistical analysis, a typical .lock.yml file has:

• Size: ~189 KB
• Jobs: 6-7 jobs with distinct responsibilities:
  1. check_membership - Permission validation (1 step)
  2. validation - Input/trigger validation (1 step)
  3. run_agent - Main agent execution (25-35 steps)
  4. safe_outputs - Output handling (10 steps)
  5. on_error - Error handling (1-2 steps)
  6. on_complete - Completion notification (1 step)
• Permissions: Carefully scoped (read + selective write)
• Triggers: Multiple triggers for flexibility
• Timeout: 8.5 minutes average
• Concurrency: Group-based to prevent conflicts

Timeout Analysis

• Average Timeout: 8.5 minutes
• Most Common Timeouts:
  • 10 minutes (69 jobs)
  • 5 minutes (26 jobs)
• Pattern: Main agent jobs get 10 minutes, ancillary jobs get 5 minutes

Permission Patterns

Most Common Permissions

Permission	Count	Typical Access
contents	90	Read/Write for repository content
issues	41	Write for issue management
pull-requests	32	Write for PR creation/management
discussions	23	Write for discussion creation
actions	21	Read for workflow metadata
security-events	1	Read for security scanning
models	1	Read for AI model access

Permission Distribution

• Total Permission Grants: 209
• Read Permissions: 108 (52%)
• Write Permissions: 101 (48%)

Key Insights

1. Balanced Access: Nearly equal split between read (52%) and write (48%) permissions
2. Contents Dominance: contents permission appears in 90 instances, essential for repository operations
3. Issue/PR Focus: High usage of issues (41) and pull-requests (32) aligns with safe output patterns
4. Minimal Security Scope: Only 1 workflow requires security-events, showing careful permission scoping

Tool & MCP Patterns

Most Used MCP Servers

MCP Server	Occurrences	Description
github	1,242	GitHub API operations (issues, PRs, discussions)
notion	8	Notion integration for notion-issue-summary

Key Insights

1. GitHub MCP Dominance: The github MCP server is overwhelmingly the most used (1,242 occurrences), appearing in virtually all workflows
2. Specialized Integration: notion MCP server shows targeted use for specific workflow needs
3. Built-in Tools: All workflows use standard GitHub Actions toolkit (github-script@v8, checkout@v4, setup-node@v4)

Concurrency Patterns

• Concurrency Group: gh-aw-${{ github.workflow }} (26 workflows)
• Purpose: Prevents multiple instances of the same workflow from running simultaneously
• Coverage: 90% of workflows use this pattern

This ensures:

• No race conditions when agents modify repository state
• Resource efficiency (only one agent per workflow at a time)
• Predictable execution order

Interesting Findings

1. Six-Job Standard Architecture

Most workflows follow a consistent 6-job pattern:

• Permission check → Validation → Agent execution → Safe outputs → Error handling → Completion

This standardization suggests:

• Mature workflow template evolution
• Strong emphasis on safety and validation
• Consistent error handling across all agents

2. Size Consistency Despite Complexity

Despite different purposes (code analysis, documentation, issue triage), most lock files cluster around 180-190 KB. This suggests:

• Standardized safety scaffolding dominates file size
• Core agent logic is relatively compact
• Compilation process adds consistent overhead

3. Manual Control Preferred

79% of workflows support manual dispatch despite many being suitable for full automation. This indicates:

• Preference for human oversight
• Testing and development flexibility
• Cost/resource management considerations

4. PR-First Safety Model

With 691 PR creation operations vs. 141 direct comments, the repository strongly favors:

• Code changes through review process
• Traceable, revertible modifications
• Community review before merge

5. Tiered Timeout Strategy

Clear separation between 5-minute and 10-minute timeouts shows:

• Quick validation/setup jobs get 5 minutes
• Complex agent reasoning gets 10 minutes
• Prevents runaway costs while allowing sufficient thinking time

Historical Context

This is a comprehensive baseline analysis of the repository's agentic workflow infrastructure. Key metrics for future trend tracking:

• Growth Rate: 29 workflows as of 2025-10-14
• Size Efficiency: ~189 KB average per workflow
• Safety Coverage: 100% of workflows use safe outputs
• Automation Level: 28% scheduled, 79% manual-capable

Recommendations

1. Documentation Standards

• Create a workflow template guide based on the 6-job pattern
• Document common permission patterns for different workflow types
• Provide safe output selection guidance

2. Performance Optimization

• Consider caching strategies for workflows with frequent schedule triggers
• Review workflows with >35 steps for possible modularization
• Monitor timeout patterns to optimize resource allocation

3. Safety Enhancements

• Standardize discussion category usage across similar workflow types
• Implement consistent error handling patterns
• Add workflow-level monitoring for permission escalation

4. Developer Experience

• Create workflow composition tools to reduce boilerplate
• Provide testing framework for lock file validation
• Build analytics dashboard for workflow execution metrics

5. Cost Management

• Review 10-minute timeouts for opportunities to optimize
• Consider workflow consolidation for similar scheduled tasks
• Implement workflow execution budgets per category

Methodology

• Analysis Tool: Python script with YAML parsing + bash utilities
• Lock Files Analyzed: 29 (100% coverage)
• Cache Memory: Used /tmp/gh-aw/cache-memory/ for script persistence
• Data Sources: .github/workflows/*.lock.yml
• Validation: Cross-referenced multiple extraction methods
• MCP Integration: GitHub MCP server for discussion categories

Analysis Scripts Stored

The following reusable scripts are available in /tmp/gh-aw/cache-memory/scripts/:

• analyze_lockfiles.py - Comprehensive YAML parser and statistics generator
• analyze_structure.py - Structural analysis helper
• extract_triggers.sh - Trigger pattern extraction
• extract_safe_outputs.sh - Safe output type extraction
• extract_mcp_servers.sh - MCP server usage analysis

Appendix: Complete File Listing

File	Size	Jobs	Triggers
smoke-opencode.lock.yml	116 KB	6	workflow_dispatch
smoke-genaiscript.lock.yml	118 KB	6	workflow_dispatch
issue-classifier.lock.yml	140 KB	7	issues
notion-issue-summary.lock.yml	141 KB	4	workflow_dispatch
smoke-codex.lock.yml	147 KB	6	workflow_dispatch
smoke-claude.lock.yml	156 KB	6	workflow_dispatch
duplicate-code-detector.lock.yml	165 KB	6	workflow_dispatch
go-pattern-detector.lock.yml	168 KB	6	workflow_dispatch
cli-version-checker.lock.yml	178 KB	6	schedule + dispatch
dev.lock.yml	179 KB	6	issue_comment + dispatch
audit-workflows.lock.yml	178 KB	6	schedule + dispatch
github-mcp-tools-report.lock.yml	178 KB	6	schedule + dispatch
smoke-copilot.lock.yml	179 KB	6	workflow_dispatch
artifacts-summary.lock.yml	182 KB	6	schedule + dispatch
daily-news.lock.yml	182 KB	6	schedule + dispatch
lockfile-stats.lock.yml	183 KB	6	schedule + dispatch
security-fix-pr.lock.yml	185 KB	6	workflow_dispatch
repo-tree-map.lock.yml	187 KB	6	workflow_dispatch
changeset-generator.lock.yml	194 KB	7	pull_request + dispatch
ci-doctor.lock.yml	209 KB	7	issues + dispatch
technical-doc-writer.lock.yml	210 KB	8	issue_comment + dispatch
plan.lock.yml	213 KB	7	workflow_dispatch
brave.lock.yml	219 KB	7	workflow_run
pdf-summary.lock.yml	221 KB	7	workflow_dispatch
unbloat-docs.lock.yml	223 KB	8	workflow_dispatch
scout.lock.yml	235 KB	7	multi-event
tidy.lock.yml	235 KB	8	workflow_dispatch
q.lock.yml	251 KB	7	multi-event + dispatch
poem-bot.lock.yml	313 KB	14	workflow_dispatch

---

Generated by Lockfile Statistics Analysis Agent on 2025-10-14

Analysis powered by:

• Python-based YAML parsing
• Bash text processing utilities
• GitHub MCP server integration
• Persistent cache memory at /tmp/gh-aw/cache-memory/

AI generated by Lockfile Statistics Analysis Agent

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 month ago.