[workflow-analysis] Weekly Workflow Analysis — 2026-02-23

[github-actions[bot]]

This report covers workflow runs analyzed on 2026-02-23, capturing all observable runs within the past week. 35 runs were analyzed, totaling 148.6M tokens, ~$2.43 in estimated cost, and 99 agent turns. 10 errors were recorded across 5 distinct failing workflows.

---

Summary

Metric	Value
Total runs analyzed	35
Total tokens	148,559,654
Estimated cost	$2.43
Agent turns	99
Errors	10
Warnings	0
Missing tools	3
Safe output items	18
Failed workflows (distinct)	5

Overall success rate: 71% (25/35 completed runs succeeded; 3 are still in-progress)

---

Critical Issues

Issue Monster — Systematic Recurring Failure (6/6 runs failed)

Issue Monster (issue-monster.lock.yml) has failed on every run today (runs #2036–#2041). Each failure is characterized by:

• Agent job completes in ~27–84 seconds
• Zero tokens consumed, zero agent turns
• secret_verification_result output is set but the agent never executes

This pattern indicates the agent is failing at startup — either during secret validation (COPILOT_GITHUB_TOKEN) or lockdown mode validation — before the LLM is even invoked. Other Copilot workflows (Auto-Triage Issues, CI Failure Doctor, Contribution Check) are succeeding, which may point to a workflow-specific configuration issue rather than a global token problem.

Recommendation: Investigate the Validate lockdown mode requirements and Validate COPILOT_GITHUB_TOKEN secret steps in the failed agent job. Check whether the skip-if-match condition (is:pr is:open is:draft author:app/copilot-swe-agent, max 5) is being evaluated correctly, or if the workflow has a configuration mismatch with the runner environment.

Documentation Noob Tester — Upload Assets Failure + High Firewall Blocking

The agent job succeeded and created a discussion (#17863), but the upload_assets job failed. The workflow also generated an unusually high network block rate:

• 546/671 (81%) network requests were blocked
• Blocked domains: www.google.com (188), content-autofill.googleapis.com (56), accounts.google.com (27), 172.30.0.20:4321 (27), avatars.githubusercontent.com (12), clients2.google.com (10), android.clients.google.com (3)

The blocked domains are consistent with a Chromium/Playwright browser process running within the sandbox and attempting to reach Google services (sign-in, autofill, telemetry). This does not prevent the test from running, but it generates excessive firewall noise and may indicate the browser configuration should suppress Google-specific telemetry/autofill requests.

Recommendation: Configure the browser instance used by Documentation Noob Tester to disable autofill, telemetry, and sync features (e.g., --disable-sync, --no-default-browser-check, --disable-client-side-phishing-detection). Separately investigate the upload_assets failure; the agent succeeded but the artifact upload step failed.

---

Failure Summary

All Failed Runs

Workflow	Run #	Duration	Tokens	Error	Failed Job
Issue Monster	#2041	1.4m	0	Agent startup failure	agent
Issue Monster	#2040	1.2m	0	Agent startup failure	agent
Issue Monster	#2039	1.3m	0	Agent startup failure	agent
Issue Monster	#2038	1.4m	0	Agent startup failure	agent
Issue Monster	#2037	1.3m	0	Agent startup failure	agent
Issue Monster	#2036	1.3m	0	Agent startup failure	agent
Organization Health Report	#23	1.3m	0	Agent startup failure	agent
PR Triage Agent	#125	51s	0	Agent startup failure	agent
Daily Malicious Code Scan Agent	#107	5.6m	—	Agent job failure (noop logged)	agent
Documentation Noob Tester	#118	20.3m	5,514,833	Post-processing failure	upload_assets

---

Performance Analysis

Token Usage by Workflow

Workflow	Tokens	Duration	Turns	Engine
Documentation Noob Tester	5,514,833	20.3m	—	copilot
Workflow Health Manager	2,756,937	9.5m	—	copilot
Layout Specification Maintainer	2,482,820	6.9m	—	copilot
Go Fan	2,395,432	7.6m	59	claude
Contribution Check	1,016,152	5.4m	—	copilot
Daily News	1,108,926	6.4m	—	copilot (in-progress)
Dependabot Dependency Checker	647,325	6.0m	—	copilot
Chroma Issue Indexer	917,512	5.2m	—	copilot
Smoke Codex #1997	28,335,975	6.1m	11	codex
Smoke Codex #1996	26,761,576	6.0m	18	codex
Changeset Generator #1554	59,705,680	6.8m	3	codex
Changeset Generator #1553	11,036,841	3.8m	3	codex

Notable: Codex-based workflows consume very high token counts relative to their turn counts. Changeset Generator run #1554 used 59.7M tokens in only 3 turns (~20M tokens/turn), likely due to large context payloads.

Cost breakdown: Total $2.43, entirely attributed to the Go Fan workflow (Claude engine, $2.43 for 2.4M tokens, 59 turns, 7.6m). All Copilot and Codex runs show no cost data.

---

Firewall & Network Analysis

Network Request Breakdown

Overall: 2,341 total requests | 1,085 allowed (46%) | 1,256 blocked (54%)

The majority of blocked traffic (924) is unclassified (- domain), likely local/loopback traffic. Key patterns:

Healthy (allow-listed):

• api.githubcopilot.com: 532 allowed (Copilot LLM)
• github.com: 323 allowed (API calls)
• api.openai.com: 132 allowed (Codex/OpenAI)
• api.anthropic.com: 46 allowed (Claude)
• registry.npmjs.org: 36 allowed (package installs)

Blocked (unexpected):

• www.google.com: 188 blocked — browser telemetry from Documentation Noob Tester
• content-autofill.googleapis.com: 56 blocked — browser autofill from Documentation Noob Tester
• accounts.google.com: 27 blocked — browser sign-in from Documentation Noob Tester
• 172.30.0.20:4321: 27 blocked — internal IP (local dev server?)
• proxy.golang.org: 3 blocked — Dependabot Dependency Checker attempting Go module proxy (not in its allow-list)

Actionable: Dependabot Dependency Checker should add proxy.golang.org to its network allow-list if it needs to check Go dependencies. Currently blocked 3/3 requests to that domain.

---

Missing Tools

Missing Tool Reports

Tool	Workflow	Count	Notes
playwright	Smoke Codex	1	Cannot navigate to GitHub to verify page title
playwright MCP tools	Smoke Codex	1	Same run, different report
GitHub MCP server	AI Moderator	1	Cannot read issue/comment content — only safeoutputs tools available

Smoke Codex: Both runs (#1996, #1997) flagged missing Playwright, but both succeeded overall by working around the limitation. This is a recurring gap if the smoke test requires page navigation verification.

AI Moderator: The codex engine had only safeoutputs tools available, meaning it could not fetch issue or comment content to perform moderation. This run succeeded overall (2 turns, 195K tokens), but the AI Moderator's effectiveness may be limited without GitHub MCP access.

---

Workflow Inventory Observations

Compilation & Status Concerns

Uncompiled workflows (compiled: "No") — changes to these .md files won't take effect until compiled:

• agent-performance-analyzer
• daily-doc-updater (status: active — runs despite being uncompiled)
• daily-issues-report
• daily-news (status: active — runs despite being uncompiled)
• daily-rendering-scripts-verifier
• discussion-task-miner
• github-mcp-tools-report (status: active)
• layout-spec-maintainer
• typist

Expired workflow: daily-team-status shows time_remaining: "Expired" — the stop-after deadline has passed. If this workflow is still relevant, the stop-after date should be extended. If not, it can be archived.

---

Recommendations

1. Issue Monster (Critical): Investigate the agent job startup sequence — specifically steps "Validate COPILOT_GITHUB_TOKEN secret" and "Validate lockdown mode requirements" — to identify why 6 consecutive runs fail in under 30 seconds with 0 token usage. Check for a workflow-specific secret or configuration mismatch. Runs: §22300114470, §22298919454, §22294636876

2. Documentation Noob Tester (Medium): Add browser flags to suppress Google telemetry/autofill to reduce firewall noise (546 blocked requests per run). Separately, fix the upload_assets step failure. Run: §22297365436

3. Dependabot Dependency Checker (Low): Add proxy.golang.org to the network allow-list to enable Go dependency checks.

4. Uncompiled workflows (Low): Compile workflows marked as compiled: "No" — especially daily-doc-updater, daily-news, and github-mcp-tools-report which are active but running from stale compiled files.

5. Smoke Codex (Low): Consider adding a Playwright MCP server to the smoke test environment if web navigation verification is a meaningful test signal.

6. AI Moderator (Medium): Verify whether the GitHub MCP server should be available in the AI Moderator environment. Without it, the agent cannot read issue/comment content for moderation.

---

References:

• §22300114470 — Issue Monster (latest failure)
• §22297365436 — Documentation Noob Tester
• §22296558298 — Go Fan (highest cost run)

AI generated by Weekly Workflow Analysis

• expires on Feb 24, 2026, 9:39 AM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-02-24T09:39:32.173Z.

Closed by Workflow