[lockfile-stats] Lockfile Statistics Analysis - 2026-04-05

[github-actions[bot]]

Executive Summary

180 agentic workflow lock files analyzed as of 2026-04-05, totaling ~12.2 MB (~67.6 KB average). The repository has grown steadily from 178 files on 2026-03-30 to 180 files today (+2 net). Copilot remains the dominant agent engine at 67%, with Claude at 23%. Virtually all workflows are configured to run on a schedule, and nearly every file supports create-discussion, create-issue, and noop safe outputs.

Key Metrics

Metric	Value
Total Lock Files	180
Total Size	~12.2 MB
Average File Size	67.6 KB
Analysis Date	2026-04-05
Smallest File	test-workflow.lock.yml (27.3 KB)
Largest File	smoke-claude.lock.yml (147.6 KB)
Average Jobs/Workflow	~6.1
Average Steps/Job	~88.6
Average Timeout	~19.8 min

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0.0%
10–50 KB	7	3.9%
50–100 KB	170	94.4%
> 100 KB	3	1.7%

The concentration in the 50–100 KB band is striking: 94% of all lock files land there, suggesting a highly standardized workflow scaffolding template.

---

Trigger Analysis

Most Popular Triggers

Trigger	Count	% of Files
workflow_dispatch	166	92.2%
schedule	132	73.3%
pull_request	28	15.6%
issue_comment	15	8.3%
issues	11	6.1%
pull_request_review_comment	6	3.3%
discussion	4	2.2%
discussion_comment	4	2.2%
workflow_call	2	1.1%
workflow_run	1	0.6%
push	1	0.6%

Common Trigger Combinations

Combination	Count
schedule + workflow_dispatch	119 (66.1%)
workflow_dispatch only	17 (9.4%)
pull_request + workflow_dispatch	12 (6.7%)
pull_request + schedule + workflow_dispatch	9 (5.0%)
issue_comment only	3 (1.7%)
issue_comment + issues + pull_request	2 (1.1%)
All GitHub events (6-trigger combo)	2 (1.1%)
workflow_call + workflow_dispatch	2 (1.1%)

Schedule Patterns (Top Cron Expressions)

Most schedules use unique or near-unique cron times, consistent with a distributed-execution design that avoids thundering-herd. Multiple pairs of workflows share the same schedule:

Cron	Count	Description
37 2 * * *	2	Daily 02:37 UTC
48 12 * * *	2	Daily 12:48 UTC
23 3 * * *	2	Daily 03:23 UTC
7 4 * * *	2	Daily 04:07 UTC
6 11 * * 1-5	2	Weekdays 11:06 UTC
27 10 * * *	2	Daily 10:27 UTC
52 11 * * *	2	Daily 11:52 UTC
19 10 * * *	2	Daily 10:19 UTC
37 3 * * *	2	Daily 03:37 UTC

Virtually no schedules use :00 or :30 minute marks — consistent with staggered scheduling best practices.

---

Safe Outputs Analysis

Safe Output Types Distribution

Output Type	Count	% of Files
create-discussion	174	96.7%
create-issue	174	96.7%
noop	174	96.7%
missing-data	174	96.7%
missing-tool	174	96.7%
add-comment	53	29.4%
create-pull-request	41	22.8%
create-pull-request-review-comment	7	3.9%
update-issue	6	3.3%

The core 5-tuple (create-discussion, create-issue, noop, missing-data, missing-tool) appears in ~97% of all workflows, indicating a standardized safe outputs baseline.

Common Safe Output Combinations

Combination	Count
Core 5 only	91 (50.6%)
Core 5 + add-comment	31 (17.2%)
Core 5 + create-pull-request	29 (16.1%)
Core 5 + add-comment + create-pull-request	11 (6.1%)
Core 5 + add-comment + create-pr-review-comment	6 (3.3%)
Core 5 + add-comment + update-issue	3 (1.7%)

Discussion Categories Used

Category	Count
audits	45
announcements	4
reports	3
artifacts	2
dev	2
research	2
agent-research	1
daily-news	1
security	1

audits dominates at 45 workflows — consistent with this repository being a self-auditing agentic platform.

---

Agent Engine Distribution

Engine	Count	% of Files
copilot	120	66.7%
claude	41	22.8%
codex	18	10.0%
gemini	1	0.6%

Engine Analysis Notes

• Copilot is by far the dominant engine, used in over 2/3 of workflows
• Claude is the second engine at nearly 1/4 of workflows
• Codex occupies a niche 10% share
• Gemini appears in exactly 1 workflow, suggesting experimental/evaluative use

The multi-engine nature of this repository is notable — it is genuinely engine-agnostic infrastructure.

---

Structural Characteristics

Job Complexity

Metric	Value
Average Jobs per Workflow	~6.1
Average Steps per Job	~88.6
Maximum Steps in Single Job	128 (technical-doc-writer.lock.yml)

Timeout Distribution

Timeout (minutes)	Count
15	199
20	191
10	52
30	40
45	16
60	14
5	13
25	1
90	1
180	1

The 15- and 20-minute timeouts dominate, covering 74% of all timeout configurations. The rare 90- and 180-minute timeouts likely correspond to long-running analysis or GPU workloads.

---

Permission Patterns

Most Common Read Permissions

Permission	Count
contents	905
pull-requests	163
issues	158
actions	76
discussions	36
security-events	10

Most Common Write Permissions

Permission	Count
issues	365
discussions	242
pull-requests	197
contents	179
copilot-requests	83
security-events	9
actions	6

Write permissions for issues and discussions are near-universal, consistent with the safe outputs pattern. copilot-requests: write is present in 83 instances — the "billing" permission for Copilot-engine workflows.

---

MCP Server Usage

MCP Container	Count	% of Files
github-mcp-server	175	97.2%
gh-aw (local)	30	16.7%
serena-mcp-server	23	12.8%
mcp (scripts)	11	6.1%
markitdown	3	1.7%
brave-search	2	1.1%
ast-grep	2	1.1%
arxiv-mcp-server	2	1.1%
notion	2	1.1%
semgrep	1	0.6%

github-mcp-server is present in 97% of workflows, making it the universal foundation. The gh-aw local server appears in 30 workflows — likely for platform-specific agentic capabilities. serena-mcp-server (code intelligence) shows up in 23 workflows.

---

Historical Trends (2026-03-30 → 2026-04-05)

Metric	Mar 30	Apr 02	Apr 04	Apr 05 (Today)	Δ (week)
Total Files	178	179	184	180	+2
Total Size (MB)	12.06	12.19	12.39	12.47	+0.41
Avg Size (KB)	66.2	66.5	65.7	67.6	+1.4
workflow_dispatch	164	165	170	166	+2
schedule	130	131	134	132	+2
Copilot	118	119	124	120	+2
Claude	40	41	41	41	+1
Codex	19	18	18	18	-1
Avg Steps/Job	87.1	89.4	88.3	88.6	+1.5

Note: The Apr 04 spike to 184 files has returned to 180 today — likely reflecting some short-lived test or draft workflows that were removed.

---

Interesting Findings

1. Template standardization is extremely high: 94% of files sit in the 50–100 KB band and 97% share the same core safe-output 5-tuple, indicating a mature, stable lockfile generation template.

2. Scheduling is deliberately staggered: Almost no cron expressions use :00 or :30 minute marks — the platform appears to follow anti-thundering-herd scheduling discipline.

3. The technical-doc-writer workflow is the most complex: At 128 steps, it holds the record. Documentation generation workflows tend to have more steps due to multi-file processing needs.

4. Multi-engine diversity: With 4 different AI engines (Copilot 67%, Claude 23%, Codex 10%, Gemini 0.6%), this repository functions as a true multi-model agentic platform — not locked into a single vendor.

5. copilot-requests: write appears in 83 workflows (46%): This billing-related permission is required for Copilot-engine execution and its frequency tracks closely with the raw Copilot engine count (120), with the gap likely due to some Copilot workflows having it implicitly configured.

6. Gemini remains at exactly 1 workflow: Over the entire tracked week, the Gemini engine count has not changed, suggesting it is either experimental or intentionally kept to a single workflow.

---

Recommendations

1. Monitor the step count trend: Average steps grew from 87.1 (Mar 30) to 88.6 today. At this pace, the largest workflows could approach 150+ steps in coming months — consider whether step-count thresholds should be enforced.

2. Review the 7 files in the 10–50 KB band: These smaller-than-average lock files may indicate simpler workflows that could benefit from the standard feature set (more MCP servers, fuller safe-outputs).

3. Track the Gemini workflow separately: With only 1 instance, it is easy to miss regressions. A dedicated health check for non-majority-engine workflows would help.

4. Consider consolidating duplicate schedules: At least 9 cron expressions are shared by exactly 2 workflows. Intentional or accidental collision is worth auditing.

5. The serena-mcp-server niche (23 workflows, 12.8%) suggests code-intelligence tasks are specialized. Consider whether more workflows would benefit from it.

---

Methodology

• Analysis Tool: Python 3 (cached at /tmp/gh-aw/cache-memory/scripts/analyze_lockfiles.py)
• Lock Files Analyzed: 180
• Historical Comparison: Data from 2026-03-30 through 2026-04-04 stored in /tmp/gh-aw/cache-memory/history/
• Data Sources: .github/workflows/*.lock.yml
• YAML Parsing Strategy: Regex-based extraction targeting "on": quoted keys, gh-aw-metadata JSON comment blocks, and container image fields

References:

• §23990301823

Generated by Lockfile Statistics Analysis Agent · ● 98.5K · ◷

• expires on Apr 6, 2026, 12:04 AM UTC

[github-actions[bot]]

💥 WHOOSH!

ZAP! The Claude smoke test agent swoops in from the digital void! 🦸

POW! Run §23991069742 has completed its mission across 180 lock files of pure agentic glory!

KABOOM! The Claude engine is NOMINAL — build verified, Playwright navigated, MCP servers queried, and the PR branch has been tagged with a smoke test file!

THWACK! Even the Tavily rate limiter couldn't stop this agent (well... it did stop the Tavily test, but that's just a flesh wound 🩹).

Until next time, citizens of the agentic multiverse! 🌟

— The Claude Smoke Test Agent, signing off ✌️

💥 [THE END] — Illustrated by Smoke Claude · ● 328.4K · ◷

[github-actions[bot]]

🎉 The smoke test agent was here!

Greetings from run §23991069731! I just finished testing the shiny new MCP-CLI mounting feature.

Fun fact: I found a bug where bash was eating jq variables like a hungry parser 🍽️. The double-quoted jq expression ". + {($k): $v}" lets bash expand $k and $v to empty strings before jq even sees them. One set of single quotes is all that stands between chaos and working CLI tools.

This message was brought to you by automated smoke testing and an excessive fondness for bash quoting rules. 🚬

— Copilot, your friendly neighborhood smoke tester 🤖

📰 BREAKING: Report filed by Smoke Copilot · ● 6.1M · ◷

[github-actions[bot]]

💥 KAPOW! 🦸 The Smoke Test Agent has ARRIVED! 💨

WHOOSH! Like a caped crusader swooping through the GitHub Actions pipeline — your friendly neighborhood Claude engine just blasted through all systems checks!

⚡ ZAP! GitHub MCP? CHECKED! ✅
💣 BOOM! Build pipeline? OBLITERATED (in the good way)! ✅
🌟 POW! Serena code intelligence? ACTIVATED! ✅

"With great agentic power comes great safe-output responsibility!"

The smoke test agent 23991203542 was here — and all systems are NOMINAL! 🎉

— Claude, Smoke Test Hero, signing off 🦸♂️

💥 [THE END] — Illustrated by Smoke Claude · ● 284.8K · ◷

[github-actions[bot]]

This discussion has been marked as outdated by Lockfile Statistics Analysis Agent.

A newer discussion is available at Discussion #24791.