feat: add daily token usage analyzer workflow

[lpcox]

Summary

Adds a daily agentic workflow that mines token-usage.jsonl from recent workflow runs, computes per-workflow statistics, identifies optimization opportunities, and creates a summary issue.

What it does

1. Discovers completed workflow runs from the past 24 hours
2. Downloads agent-artifacts and extracts token-usage.jsonl
3. Computes per-workflow stats: total tokens, cache hit rate, I/O ratio, cost estimate, model mix
4. Flags inefficiencies: zero cache hits, high I/O ratios, increasing costs
5. Compares with previous reports for historical trend analysis
6. Creates a structured issue with progressive disclosure (<details> blocks)

Configuration

Setting	Value
Schedule	Daily
Engine	Copilot (default)
Timeout	15 minutes
Safe outputs	create-issue with 📊 Token Usage Report prefix
Skip logic	Skips if an open token usage report issue exists
Tools	GitHub MCP (default + actions), bash

Graceful Degradation

Token tracking is new (PR #1539), so the workflow:

• Skips runs without agent-artifacts
• Skips runs without token-usage.jsonl
• Reports which workflows are not yet instrumented
• Creates a minimal report if no data is available

Files

• .github/workflows/token-usage-analyzer.md — Workflow definition
• .github/workflows/token-usage-analyzer.lock.yml — Compiled lock file
• .github/aw/actions-lock.json — Updated action SHA lock

Example Output

The issue will contain a summary table like:

Workflow	Runs	Total Tokens	Cost	Cache Rate	I/O Ratio
smoke-claude	2	395K	$0.46	99.5%	0.6:1
smoke-copilot	2	603K	$1.20	0%	184:1

Plus optimization recommendations and per-workflow detail sections.

Closes #1551

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	82.67%	82.77%	📈 +0.10%
Statements	82.34%	82.43%	📈 +0.09%
Functions	81.22%	81.22%	➡️ +0.00%
Branches	75.94%	76.00%	📈 +0.06%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/docker-manager.ts	85.8% → 86.2% (+0.41%)	85.3% → 85.7% (+0.40%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

Adds a new scheduled agentic workflow to analyze token-usage.jsonl artifacts from recent GitHub Actions runs, compute per-workflow token/cost/cache metrics, and publish a daily “Token Usage Report” issue.

Changes:

• Introduces .github/workflows/token-usage-analyzer.md defining the analyzer agent prompt, safe outputs, and skip logic.
• Adds the compiled workflow .github/workflows/token-usage-analyzer.lock.yml.
• Updates .github/aw/actions-lock.json to lock github/gh-aw-actions/setup@v0.65.3.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
.github/workflows/token-usage-analyzer.md	New workflow manifest/prompt describing discovery, artifact download, aggregation, and report issue structure.
.github/workflows/token-usage-analyzer.lock.yml	Generated compiled workflow to execute the agent and safe-outputs issue creation.
.github/aw/actions-lock.json	Adds the pinned SHA entry for the newer gh-aw-actions/setup version used by the compiled workflow.

Comments suppressed due to low confidence (1)

.github/workflows/token-usage-analyzer.md:163

• The example Workflow Summary table inside the suggested issue body also uses || at the start of each row, which will render with a blank first column. Use standard GFM table syntax (| Workflow | ... |) so the report issue displays as intended.

### Workflow Summary

| Workflow | Runs | Total Tokens | Cost | Cache Rate | I/O Ratio | Top Model |
|----------|------|-------------|------|------------|-----------|-----------|
| smoke-claude | 2 | 395K | $0.46 | 99.5% | 0.6:1 | sonnet-4.6 |
| smoke-copilot | 2 | 603K | $1.20 | 0% | 184:1 | gpt-4o |
| ... | | | | | | |

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Smoke Test Results — Run 23866856394

✅ GitHub MCP — #1553 [WIP] Create daily token usage analysis workflow, #1552 [WIP] Fix NODE_EXTRA_CA_CERTS path issue after chroot for SSL bump
✅ Playwright — github.com title contains "GitHub"
✅ File Write — /tmp/gh-aw/agent/smoke-test-claude-23866856394.txt created and verified
✅ Bash — file contents confirmed

Overall: PASS

💥 [THE END] — Illustrated by Smoke Claude for issue #1557

[github-actions]

Smoke Test Results — @lpcox

✅ GitHub MCP: Last 2 merged PRs fetched (#1553 "[WIP] Create daily token usage analysis workflow", #1552 "[WIP] Fix NODE_EXTRA_CA_CERTS path issue after chroot for SSL bump")
✅ Playwright: github.com title contains "GitHub"
✅ File Write: /tmp/gh-aw/agent/smoke-test-copilot-23866856379.txt created
✅ Bash: File verified via cat

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot for issue #1557

[github-actions]

🤖 Smoke test results for Copilot engine — PR #1557 (@lpcox, no assignees)

Test	Result
GitHub MCP (last 2 merged PRs)	✅ #1555 "fix: copy AWF CA cert to chroot-accessible path for ssl-bump", #1550 "fix: decompress gzip responses for Anthropic token extraction"
Playwright (github.com title)	✅ Title contains "GitHub"
File write	✅ /tmp/gh-aw/agent/smoke-test-copilot-23867957427.txt created
Bash verify (cat)	✅ File contents confirmed

Overall: PASS

📰 BREAKING: Report filed by Smoke Copilot for issue #1557

[github-actions]

Smoke Test Results — PASS

• ✅ GitHub MCP: fix: copy AWF CA cert to chroot-accessible path for ssl-bump #1555 fix: copy AWF CA cert to chroot-accessible path for ssl-bump, fix: decompress gzip responses for Anthropic token extraction #1550 fix: decompress gzip responses for Anthropic token extraction
• ✅ Playwright: github.com title contains "GitHub"
• ✅ File write: /tmp/gh-aw/agent/smoke-test-claude-23867957467.txt created
• ✅ Bash verify: file contents confirmed

💥 [THE END] — Illustrated by Smoke Claude for issue #1557

[github-actions]

Smoke Test: GitHub Actions Services Connectivity ✅

All checks passed:

Check	Result
Redis PING host.docker.internal:6379	✅ PONG
PostgreSQL pg_isready host.docker.internal:5432	✅ accepting connections
psql SELECT 1 on smoketest db	✅ returned 1

🔌 Service connectivity validated by Smoke Services

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	passed	✅ PASS
Go	env	✅	passed	✅ PASS
Go	uuid	✅	passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	passed	✅ PASS
Node.js	execa	✅	passed	✅ PASS
Node.js	p-limit	✅	passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #1557 · ◷

[github-actions]

PR titles:

• fix: copy AWF CA cert to chroot-accessible path for ssl-bump
• fix: decompress gzip responses for Anthropic token extraction
• feat: add daily token usage analyzer workflow
• fix: add node ecosystem to smoke-codex network allow-list

Results: GitHub MCP ✅ | safeinputs-gh ❌ | Playwright ❌ | Tavily ❌ | File write ✅ | Bash cat ✅ | Discussion comment ❌ | Build ✅
Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex