Skip to content

optimize(firewall-issue-dispatcher): reduce token usage#2300

Merged
lpcox merged 2 commits intomainfrom
copilot/update-copilot-token-usage-report
Apr 29, 2026
Merged

optimize(firewall-issue-dispatcher): reduce token usage#2300
lpcox merged 2 commits intomainfrom
copilot/update-copilot-token-usage-report

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 29, 2026
edited
Loading

The Firewall Issue Dispatcher averages 581K tokens/run (886K peak), driven by over-fetching comment data and triggering expensive AGENTS.md reads on every invocation.

Changes

  • GraphQL query: comments(first: 100)comments(first: 10) — we only need early comments to detect an existing dispatch link; 90+ comments were being fetched needlessly
  • GraphQL query: removed labels(first: 10) from the response — labels are already a query filter parameter, returning them adds tokens with zero value
  • Prompt: removed "See AGENTS.md for component descriptions" instruction and added an explicit "No extra reads" guideline — this was causing the agent to read the full AGENTS.md (~6 KB) on every run
  • Prompt: capped tracking issue body at 200 words — prevents verbose free-form generation from inflating conversation history
  • Prompt: added "Don't retry without diagnosing" guideline per the efficiency best practices flagged in the token report
  • Lock file: recompiled with gh aw compile (also picks up updated actions/github-script SHA pin and compiler-scattered cron offset)

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 29, 2026 that may be closed by this pull request
📊 Copilot Token Usage Report2026-04-29 #2289
Closed
@lpcox
optimize(firewall-issue-dispatcher): reduce token usage
ee96642 
- Reduce comments query from first:100 to first:10 (10x data reduction)
- Remove labels from GraphQL response (already filtered in query)
- Cap tracking issue body at 200 words (prevent verbose outputs)
- Add 'No extra reads' guideline (prevent AGENTS.md file reads)
- Add 'Don't retry without diagnosing' guideline
- Recompile lock file with gh aw compile (also pins updated actions/github-script SHA)

Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/8bf32321-13f8-40e2-8d41-ce4bf4666b64

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
Copilot AI changed the title [WIP] Update Copilot token usage report for period 2026-04-28 to 2026-04-29 optimize(firewall-issue-dispatcher): reduce token usage Apr 29, 2026
Copilot AI requested a review from lpcox April 29, 2026 14:49
@lpcox lpcox marked this pull request as ready for review April 29, 2026 15:06
@lpcox lpcox requested a review from Mossaka as a code owner April 29, 2026 15:06
Copilot AI review requested due to automatic review settings April 29, 2026 15:06
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

✅ Coverage Check Passed

Overall Coverage

Metric Base PR Delta
Lines 86.08% 86.16% 📈 +0.08%
Statements 86.08% 86.15% 📈 +0.07%
Functions 88.18% 88.18% ➡️ +0.00%
Branches 80.32% 80.36% 📈 +0.04%
📁 Per-file Coverage Changes (1 files)
File Lines (Before → After) Statements (Before → After)
src/docker-manager.ts 87.4% → 87.7% (+0.29%) 87.0% → 87.3% (+0.27%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

Smoke Test: Copilot BYOK (Offline) Mode

Test Result
GitHub MCP connectivity ✅ Listed merged PRs successfully
GitHub.com connectivity ⚠️ Pre-step data not expanded (template vars unresolved)
File write/read ⚠️ Pre-step data not expanded (template vars unresolved)
BYOK inference (agent → api-proxy → api.githubcopilot.com) ✅ Responding via BYOK path

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com.

PR author: @Copilot — Assignees: @lpcox, @Copilot

Overall: PARTIAL PASS (BYOK inference ✅, pre-step smoke data template vars unresolved ⚠️)

🔑 BYOK report filed by Smoke Copilot BYOK

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

Smoke Test

PR titles: fix: make ~/.gemini setup conditional on geminiApiKey; perf(security-guard): eliminate redundant API call and raise diff pre-fetch limit to 100 KB
GitHub MCP last 2 merged PRs: ❌
Safeinputs GH PR query: ❌
Playwright GitHub title: ✅
Tavily search: ❌
File write / bash read / discussion comment / build: ✅
Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color 1/1 passed ✅ PASS
Go env 1/1 passed ✅ PASS
Go uuid 1/1 passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx passed ✅ PASS
Node.js execa passed ✅ PASS
Node.js p-limit passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #2300 · ● 484.2K ·

Copilot AI reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Reduces token usage in the Firewall Issue Dispatcher agentic workflow by shrinking the GraphQL payload and tightening prompt instructions, then recompiling the corresponding lock workflow.

Changes:

  • Reduce GraphQL response size by fetching fewer issue comments and removing label nodes from the query.
  • Update the workflow prompt to discourage extra file reads (e.g., AGENTS.md) and constrain tracking issue verbosity.
  • Recompile the lock workflow, updating pinned action SHAs and incorporating compiler output changes (cron offset, sparse-checkout, AWF install step changes).
Show a summary per file
File Description
.github/workflows/firewall-issue-dispatcher.md Adjusts the data-fetching query and prompt guidelines to reduce tokens and avoid unnecessary reads.
.github/workflows/firewall-issue-dispatcher.lock.yml Recompiled workflow reflecting the .md changes plus updated action pins and workflow generation changes.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 3

Comment thread .github/workflows/firewall-issue-dispatcher.lock.yml
else
echo "No session state found at $SESSION_STATE_SRC"
fi
run: bash "${RUNNER_TEMP}/gh-aw/actions/copy_copilot_session_state.sh"
Comment thread .github/workflows/firewall-issue-dispatcher.md
Comment on lines 43 to 56
@@ -52,8 +52,7 @@ gh api graphql -f query='
title
body
url
labels(first: 10) { nodes { name } }
comments(first: 100) {
comments(first: 10) {
nodes { author { login } body }
Comment thread .github/workflows/firewall-issue-dispatcher.lock.yml
(umask 177 && touch /tmp/gh-aw/agent-stdio.log)
# shellcheck disable=SC1003
sudo -E awf --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --allow-domains api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --session-state-dir /tmp/gh-aw/sandbox/agent/session-state --enable-host-access --allow-host-ports 80,443,8080 --build-local --enable-api-proxy \
sudo -E awf --container-workdir "${GITHUB_WORKSPACE}" --mount "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro" --mount "${RUNNER_TEMP}/gh-aw:/host${RUNNER_TEMP}/gh-aw:ro" --env-all --exclude-env COPILOT_GITHUB_TOKEN --exclude-env GITHUB_MCP_SERVER_TOKEN --exclude-env MCP_GATEWAY_API_KEY --allow-domains api.business.githubcopilot.com,api.enterprise.githubcopilot.com,api.github.com,api.githubcopilot.com,api.individual.githubcopilot.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,github.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,telemetry.enterprise.githubcopilot.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com,www.googleapis.com --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --audit-dir /tmp/gh-aw/sandbox/firewall/audit --enable-host-access --allow-host-ports 80,443,8080 --image-tag 0.25.29 --skip-pull --enable-api-proxy \
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

Smoke Test Results

✅ GitHub MCP: Listed 2 merged PRs

  • fix: make ~/.gemini setup conditional on geminiApiKey
  • perf(security-guard): eliminate redundant API call and raise diff pre-fetch limit to 100 KB

✅ Playwright: GitHub page title verified
✅ File Writing: Created smoke test file
✅ Bash: File creation verified

Status: PASS

💥 [THE END] — Illustrated by Smoke Claude

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

🔥 Smoke Test Results

Overall: PASS

PR author: @Copilot | Assignees: @lpcox, @Copilot

📰 BREAKING: Report filed by Smoke Copilot

@lpcox lpcox merged commit 369fcde into main Apr 29, 2026
64 of 71 checks passed
@lpcox lpcox deleted the copilot/update-copilot-token-usage-report branch April 29, 2026 16:26
This was referenced Apr 29, 2026
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

@Mossaka Mossaka Awaiting requested review from Mossaka Mossaka is a code owner

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

build-test smoke-claude smoke-copilot smoke-copilot-byok

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

📊 Copilot Token Usage Report2026-04-29

3 participants

@lpcox