[lockfile-stats] Agentic Workflow Lock File Statistics - 2026-04-29

[github-actions[bot]]

Executive Summary

• Total Lock Files: 204
• Total Size: 16.24 MB (avg 81.5 KB per file)
• Schema Version: v3 (100% of files)
• Analysis Date: 2026-04-29
• Workflow Run: §25084234965

---

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0.0%
10–50 KB	7	3.4%
50–100 KB	183	89.7%
> 100 KB	14	6.9%

Statistics:

• Smallest: test-workflow.lock.yml (33.2 KB)
• Largest: smoke-claude.lock.yml (167.2 KB)
• The vast majority (89.7%) of lock files cluster in the 50–100 KB band, reflecting consistent boilerplate generated by the gh-aw compiler.

View Top 10 Largest Files

Rank	File	Size
1	smoke-claude.lock.yml	167.2 KB
2	smoke-copilot.lock.yml	132.0 KB
3	smoke-copilot-arm.lock.yml	130.5 KB
4	mcp-inspector.lock.yml	114.5 KB
5	issue-monster.lock.yml	111.4 KB
6	smoke-codex.lock.yml	111.4 KB
7	cloclo.lock.yml	108.1 KB
8	unbloat-docs.lock.yml	104.6 KB
9	daily-performance-summary.lock.yml	104.5 KB
10	poem-bot.lock.yml	101.4 KB

Smoke test workflows dominate the top — they configure multiple engines and extra MCP servers (including Serena), inflating their size.

---

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	% of Workflows
workflow_dispatch	186	91.2%
schedule	137	67.2%
pull_request	36	17.6%
issue_comment	15	7.4%
issues	12	5.9%
pull_request_review_comment	6	2.9%
discussion	4	2.0%
discussion_comment	4	2.0%
push	2	1.0%
workflow_call	2	1.0%
deployment_status	1	0.5%
workflow_run	1	0.5%

Common Trigger Combinations

Combination	Count	% of Workflows
schedule + workflow_dispatch	131	64.2%
pull_request + workflow_dispatch	23	11.3%
workflow_dispatch only	20	9.8%
issue_comment only	3	1.5%
pull_request only	3	1.5%
issue_comment + issues + pull_request	2	1.0%
workflow_call + workflow_dispatch	2	1.0%

The schedule + workflow_dispatch pairing is the dominant pattern (64%), used for recurring autonomous tasks that can also be triggered on-demand.

View Workflows with Broadest Trigger Coverage

These workflows listen to the widest range of events:

• scout.lock.yml: discussion, discussion_comment, issue_comment, issues, pull_request, pull_request_review_comment, workflow_dispatch (7 triggers)
• cloclo.lock.yml: discussion, discussion_comment, issue_comment, issues, pull_request, pull_request_review_comment (6 triggers)
• q.lock.yml: discussion, discussion_comment, issue_comment, issues, pull_request, pull_request_review_comment (6 triggers)
• dev.lock.yml: discussion, issues, pull_request, schedule, workflow_dispatch (5 triggers)

Schedule Patterns

All scheduled workflows use daily cron expressions. The cron times are spread across off-peak hours (avoiding :00 and :30 minute marks) to reduce API contention — a best practice reflected across the board.

---

Engine Distribution

Engine	Count	% of Workflows
copilot	132	64.7%
claude	57	27.9%
codex	12	5.9%
crush	1	0.5%
gemini	1	0.5%
opencode	1	0.5%

GitHub Copilot is the dominant engine (~65%). Claude covers more than a quarter of workflows. Codex, crush, gemini, and opencode represent minority/experimental usage.

---

Safe Outputs Analysis

Safe Output Types Distribution

Type	Count	% of Workflows
create-discussion	197	96.6%
add-comment	92	45.1%
create-issue	71	34.8%
create-pull-request	49	24.0%
update-issue	9	4.4%

Nearly every workflow (96.6%) is configured to post results as a discussion. High add-comment and create-issue usage shows many workflows also interact with issues and PRs directly.

Safe Output Combinations

Combination	Count
create-discussion only	58
create-discussion + create-issue	44
create-discussion + create-pull-request	29
add-comment + create-discussion	26
add-comment + create-discussion + create-issue	13
add-comment + create-discussion + create-pull-request	10
No safe output configured	6
add-comment + create-discussion + create-issue + create-pull-request	5

139 out of 204 workflows (68.1%) use multiple safe output types.

Discussion Categories Used

Category	Count
audits	64
announcements	5
reports	3
artifacts	2
dev	2
research	2
agent-research	1
daily-news	1

audits is the dominant discussion category (64 workflows), confirming it as the primary channel for analytical/reporting agents.

---

Structural Characteristics

Job Complexity

Jobs per Workflow	Count
2 jobs	5
4 jobs	2
5 jobs	46
6 jobs	93
7 jobs	43
8 jobs	12
9 jobs	3

• Average jobs per workflow: 6.0
• Average steps across all jobs: ~94.5 total steps per workflow
• Maximum steps: 133 (in copilot-token-audit.lock.yml)
• Minimum steps: 39

Timeout Distribution

Timeout	Occurrences
15 min	224
20 min	219
10 min	55
30 min	48
45 min	18
5 min	14
60 min	8
90 min	1
180 min	1

• Average timeout: 19.3 minutes
• Range: 5–180 minutes
• 15 and 20 minutes are the two most common values, reflecting balanced defaults across activation and agent jobs.

Concurrency

100% of workflows (204/204) configure a concurrency group, enforcing the gh-aw- prefixed pattern uniformly across all lock files.

---

Permission Patterns

Most Requested Permissions (Read)

Permission	Count
contents	1,061
actions	287
pull-requests	181
issues	177
discussions	39
security-events	12
checks	1

Most Requested Permissions (Write)

Permission	Count
issues	410
discussions	262
pull-requests	209
contents	148
copilot-requests	100
security-events	9
actions	6

contents:read is the most universally required permission, appearing in nearly every job. Write permissions for issues, discussions, and pull-requests reflect the safe output patterns observed above.

---

MCP Server Usage

MCP Server	Occurrences	Notes
gh-aw-mcpg	1,045	Core gh-aw gateway, present in nearly all workflows
github-mcp-server	998	GitHub API access, nearly universal
serena-mcp-server	127	Advanced code analysis (25 workflows)

serena-mcp-server is used in 25 workflows (~12%), concentrated in code-quality and refactoring-focused agents.

View All Workflows Using serena-mcp-server (25 workflows)

archie, cloclo, daily-compiler-quality, daily-file-diet, daily-function-namer, daily-mcp-concurrency-analysis, daily-testify-uber-super-expert, developer-docs-consolidator, duplicate-code-detector, glossary-maintainer, go-fan, jsweep, mcp-inspector, q, repository-quality-improver, semantic-function-refactor, sergo, smoke-claude, smoke-codex, smoke-copilot-arm, smoke-copilot, spec-extractor, spec-librarian, terminal-stylist, typist

---

Interesting Findings

1. 100% concurrency adoption: Every single workflow uses concurrency groups — no rogue workflows that could cause race conditions with themselves.

2. Dominant schedule+dispatch pattern: 64% of workflows combine a daily cron schedule with manual dispatch, creating a dual-access pattern well-suited for autonomous agents that should also be testable on-demand.

3. Smoke tests are size outliers: The 4 smoke test workflows (smoke-claude, smoke-copilot, smoke-copilot-arm, smoke-codex) are consistently among the largest files, as they configure additional MCP servers and broader permissions for cross-engine testing.

4. 6-job structure is the modal shape: 93 of 204 workflows (45.6%) have exactly 6 jobs — suggesting a standard gh-aw compilation template of activation + setup + agent + output + cleanup jobs.

5. Nearly all workflows post to discussions: 96.6% configure create-discussion as a safe output, making GitHub Discussions the primary communication channel for this agentic system's results.

6. copilot-requests write permission: 100 jobs request write access to copilot-requests, revealing ~half of Copilot-engine workflows explicitly require this permission for proper operation.

---

Recommendations

1. Investigate the 6 workflows without safe outputs: Six workflows have no create-discussion, add-comment, or other safe output configured — they may silently swallow results. Worth auditing to confirm they use alternative reporting mechanisms.

2. Review 180-minute timeout workflow: One workflow has a 3-hour timeout — significantly above the 19.3-minute average. This could indicate an overly complex or inefficient agent worth reviewing.

3. Serena adoption opportunity: Only 12% of workflows use serena-mcp-server. For code-analysis and refactoring workflows not yet using it, adding Serena could improve accuracy.

4. Schema uniformity is a strength: All 204 files are on schema v3. Upgrades can be applied uniformly with no legacy concerns.

5. Monitor experimental engines: crush, gemini, and opencode each have a single workflow. Tracking their performance vs. copilot/claude/codex would inform future engine selection policies.

---

Methodology

• Analysis Tool: Python 3 with regex-based YAML parsing
• Lock Files Analyzed: 204 (all .github/workflows/*.lock.yml)
• Cache Memory: Scripts and historical data stored at /tmp/gh-aw/cache-memory/
• Data Sources: Metadata comments, YAML structure, and inline tool configurations within lock files

References:

• §25084234965

Generated by Lockfile Statistics Analysis Agent · ● 241K · ◷

• expires on Apr 30, 2026, 12:17 AM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Lockfile Statistics Analysis Agent.

A newer discussion is available at Discussion #29221.