[daily regulatory] Regulatory Report - 2026-03-22

[github-actions[bot]]

19 daily reports from 2026-03-22 were reviewed. Overall data quality is high — all key metrics are consistent across reports, with no critical discrepancies. The 177-workflow count is confirmed across 4 independent reports. Two recurring operational issues remain unresolved (EP006 add_comment context mismatch, Day 8 static analysis poutine finding), and one new smoke-test failure (EP022) was introduced today. No secrets exposure, 100% permission coverage, and strong test ratios indicate a healthy codebase posture.

The most actionable finding is the Smoke Update Cross-Repo PR persistent 0% success rate (7+ days), which warrants immediate attention. The 20 stale lock files (needs make recompile) represent a minor health gap that is easy to resolve. Firewall block-rate differences between the Firewall Report (0.25%) and Observability Report (4.13%) reflect different time windows and workflow scopes — not a data quality issue.

📋 Full Regulatory Report

📊 Reports Reviewed

#	Report	Discussion	Created	Status
1	[daily secrets] Daily Secrets Analysis	#22316	20:03 UTC	✅ Valid
2	[daily performance] Daily Performance Summary	#22314	19:42 UTC	✅ Valid
3	Agent Performance Report	#22295	17:40 UTC	⚠️ Issues
4	Workflow Skill Extractor Report	#22289	16:26 UTC	✅ Valid
5	Daily Team Evolution Insights	#22283	16:04 UTC	✅ Valid
6	GitHub MCP Remote Server Tools Report	#22265	12:38 UTC	✅ Valid
7	[Auto-Triage] Auto-Triage Report	#22263	12:24 UTC	⚠️ Issues
8	Daily Code Metrics Report	#22261	11:46 UTC	✅ Valid
9	UX Analysis Report	#22260	11:35 UTC	✅ Valid
10	[integrity] DIFC Integrity-Filtered Events	#22253	08:50 UTC	✅ Valid
11	[observability] Observability Coverage Report	#22243	08:07 UTC	✅ Valid
12	Documentation Noob Test Report	#22242	08:05 UTC	✅ Valid
13	Static Analysis Report	#22240	06:34 UTC	⚠️ Issues
14	Artifacts Usage Report	#22238	05:59 UTC	✅ Valid
15	Daily Audit Report	#22237	05:52 UTC	⚠️ Issues
16	Safe Output Health Report	#22230	04:34 UTC	⚠️ Issues
17	[daily issues] Daily Issues Report	#22225	02:08 UTC	✅ Valid
18	Daily Firewall Report	#22216	01:06 UTC	✅ Valid
19	Daily Compiler Code Quality Report	#22213	00:27 UTC	✅ Valid

🔍 Data Consistency Analysis

Cross-Report Metrics Comparison

Reference scratchpad/metrics-glossary.md for metric definitions and scopes.

Metric	Daily Issues	Daily Performance	Agent Perf	Scope	Status
open_issues (snapshot)	98	120	—	⚠️ Different timestamps	ℹ️ See note
closed_issues (sampled 1000)	902	880	—	✅ Same scope	⚠️ Minor diff
Total workflows (.md)	—	—	177	✅ Confirmed ×4 reports	✅
AI engine: Copilot	79 (secret count)	—	118 (engine count)	⚠️ Different scopes	ℹ️ See note
AI engine: Claude	40	—	40	✅ Same	✅
AI engine: Codex	18	—	18	✅ Same	✅
AI engine: Gemini	1	—	1	✅ Same	✅
Firewall block rate	0.25% (7d/20 runs)	—	—	⚠️ Different windows	ℹ️ See note
MCP telemetry coverage	—	—	—	100% (Observability)	✅
Safe output success rate	—	—	—	93.8% (30 jobs)	✅

Scope Notes:

• open_issues: Daily Issues collected at 02:08 UTC (98 open), Performance at 19:42 UTC (120 open). With ~70 issues/day activity, a ~22 issue delta over 17 hours is plausible. Not a discrepancy.
• closed_issues (902 vs 880): Same 22-issue delta explains the difference — consistent.
• Engine distribution (Copilot 79 vs 118): Secrets report counts workflows using COPILOT_GITHUB_TOKEN; Agent Performance counts workflows configured with engine: copilot. Many Copilot workflows use GITHUB_TOKEN instead of COPILOT_GITHUB_TOKEN. Different scopes, not a discrepancy.
• Firewall block rate: Firewall Report (0.25%) covers 7-day rolling window of 20 firewall-enabled runs; Observability (4.13%) covers 60 recent active agent runs including MCP-heavy workflows. Different workflow populations explain the difference. Different scopes.

Consistency Score

• Overall Consistency: 95% (metrics with identical scopes all agree)
• Critical Discrepancies: 0
• Scope Differences Documented: 4 (all expected, explained above)

⚠️ Issues and Anomalies

Critical Issues

1. Smoke Update Cross-Repo PR: 0% success, 7+ consecutive days

   • Affected Reports: Agent Performance (Agent Performance Report — Week of 2026-03-22 #22295), Safe Output Health (Safe Output Health Report - 2026-03-22 #22230)
   • Metric: agent_success_rate for Smoke Update Cross-Repo PR
   • Description: The PR update path (push to existing branch) has failed on every scheduled run for 7+ days. The create path works; the update path consistently fails with a missing branch (pr-branch no longer exists on githubnext/gh-aw-side-repo).
   • Severity: High — smoke test coverage gap for PR update workflows
   • Recommended Action: Create pr-branch in the side-repo or update the smoke test to dynamically reset the branch before each run.

2. EP006 Recurring Safe Output Failure: 8th+ occurrence since 2026-02-25

   • Affected Reports: Safe Output Health (Safe Output Health Report - 2026-03-22 #22230), Daily Audit (Daily Audit Report – 2026-03-22 #22237)
   • Metric: Safe output job success rate
   • Description: add_comment with target=triggering fails when triggered by workflow_dispatch/schedule (no issue/PR context). Recurs in Smoke Multi PR and Agent Container Smoke Test. 8+ occurrences with no fix applied.
   • Severity: Medium — smoke test failures, not production workflow failures
   • Recommended Action: Add context-awareness to agent prompts for schedule/dispatch triggers, or handle gracefully in the safe output handler (skip instead of fail).

Warnings

1. Poutine untrusted_checkout_exec — Day 8 Unresolved

   • Report: Static Analysis (Static Analysis Report - 2026-03-22 #22240)
   • Details: 6 findings in smoke-workflow-call and smoke-workflow-call-with-inputs. First detected 2026-03-15, briefly resolved 2026-03-18, re-emerged 2026-03-19. Now at day 8.
   • Impact: Supply chain risk classification remaining open for extended period.

2. 20 Stale Lock Files (Needs make recompile)

   • Report: Agent Performance (Agent Performance Report — Week of 2026-03-22 #22295)
   • Details: 20 stale .lock.yml files appeared 2026-03-21 to 2026-03-22, reducing ecosystem health score from 74 to 69/100.
   • Impact: Workflow compilation outputs may be out of sync with source .md files.

3. EP022: New push_to_pull_request_branch failure

   • Report: Safe Output Health (Safe Output Health Report - 2026-03-22 #22230)
   • Details: New error class — target branch pr-branch missing at git fetch phase. 1 occurrence today. Cascaded into 1 cancelled add_comment.
   • Impact: Single test failure; related to the Smoke Update Cross-Repo PR P1 issue.

4. Auto-Triage Blocked: 6 issues inaccessible due to integrity policy

   • Report: Auto-Triage ([Auto-Triage] Auto-Triage Report — 2026-03-22 #22263)
   • Details: 6 unlabeled issues could not be read or labeled. Likely community issues requiring manual triage.
   • Impact: Real community issues may go unlabeled without manual intervention.

5. Daily Audit: push_repo_memory false-positive size error (recurring)

   • Report: Daily Audit (Daily Audit Report – 2026-03-22 #22237)
   • Details: Tool reports ~560 bytes as ~29 KB — systemic measurement bug.
   • Impact: False tool failures in audit logs; may mask real issues.

6. Code Quality Score Dip: 73/100 (was 79/100 yesterday)

   • Report: Daily Code Metrics (Daily Code Metrics Report - 2026-03-22 #22261)
   • Details: 6-point drop driven by reduced documentation coverage (docs/MD: 39K LOC vs ~42K prior) and continued moderate churn (823 source files modified, 323 commits in 7 days).
   • Impact: Score still "Good" tier; monitor for further decline.

Data Quality Notes

• No reports were missing or failed to generate today — 19/19 reports present.
• The Artifacts Usage Report noted 234 total workflows (includes .yml files); other reports consistently use 177 (.md agentic workflows only). This is expected.
• Daily Audit analyzed only 39 runs (from ~24h window) while Observability downloaded 398 runs — different scopes and sampling strategies.
• First run for GitHub MCP Remote Server Tools Report — no trend data available yet.

📈 Trend Analysis

Key Trends Observed

Metric	Today	Yesterday (#22190)	Change
Total workflows (.md)	177	~177	→ Stable
Open issues (daily issues)	98	~100 (est.)	→ Stable
Safe output success rate	93.8%	~93% (est.)	→ Stable
Code quality score	73/100	79/100	↓ -6
Agent ecosystem health	69/100	74/100	↓ -5
Firewall block rate (7d)	0.25%	—	Baseline
MCP telemetry coverage	100%	—	✅ Full

Notable Trends

• Positive: Contribution Check improved from 67% → 90% success rate.
• Positive: Daily Rendering Scripts Verifier is RECOVERING after 43+ failures.
• Positive: MCP telemetry coverage at 100% — strong observability posture.
• Concerning: Agent ecosystem health declined 5 points due to stale lock files — easily recoverable with make recompile.
• Persistent: Smoke Update Cross-Repo PR still at 0% — no recovery signals after 7+ days.

📝 Per-Report Analysis

View Per-Report Breakdown

[daily issues] Daily Issues Report — #22225

Source: #22225
Time Period: Snapshot at ~02:08 UTC, last 1000 issues
Quality: ✅ Valid

Metric	Value	Validation
issues_analyzed	1,000	✅
open_issues	98 (9.8%)	✅
closed_issues	902 (90.2%)	✅
issues_opened_7d	483	✅ High activity
issues_without_labels	31	✅
issues_without_assignees	676	⚠️ High (67.6%)
stale_issues	0	✅

Notes: High unassigned rate (676/1000) is expected for an AI-driven repo. Average close time of 17.28 hours is excellent.

---

[daily performance] Daily Performance Summary — #22314

Source: #22314
Time Period: Sample of 100 PRs, 1000 issues, 100 discussions
Quality: ✅ Valid

Metric	Value	Validation
merged_prs	82/100 sampled (82%)	✅
open_prs	4	✅
Avg merge time	1.1 hours	✅ Excellent
Open issues (snapshot)	120	ℹ️ Later snapshot than Issues Report
Avg resolution time	16.4 hours	✅

---

Daily Firewall Report — #22216

Source: #22216
Time Period: 7 days (2026-03-15 to 2026-03-22), 20 runs, 12 workflows
Quality: ✅ Valid

Metric	Value	Validation
workflow_runs_analyzed	20	✅
firewall_requests_total	398	✅
firewall_requests_allowed	397 (99.75%)	✅
firewall_requests_blocked	1 (0.25%)	✅ Low
firewall_domains_blocked	1 (DNS failure)	✅

---

[observability] Observability Coverage — #22243

Source: #22243
Time Period: Recent 60 active agent runs (from 398 downloaded)
Quality: ✅ Valid (⚠️ 1 firewall telemetry gap)

Metric	Value	Validation
firewall_enabled_workflows	60	✅
Firewall telemetry coverage	98.33% (59/60)	⚠️ Smoke Gemini missing
MCP telemetry coverage	100% (60/60)	✅
Blocked requests	70 / 1,694 (4.13%)	ℹ️ Different scope from Firewall Report
MCP tool-call events	1,028	✅

---

Safe Output Health Report — #22230

Source: #22230
Time Period: Last 24 hours (110 runs downloaded)
Quality: ⚠️ 2 failures

Metric	Value	Validation
Runs analyzed	110 of 173	✅
Safe output jobs executed	30	✅
Safe output jobs failed	2	⚠️
Success rate	93.8%	⚠️ Below 95% target
Recurring error (EP006)	8th+ occurrence	❌ Unresolved

---

Daily Audit Report — #22237

Source: #22237
Time Period: ~24 hours, 39 runs
Quality: ⚠️ 5 failures

Metric	Value	Validation
Total runs	39	✅
Success	32 (82.1%)	⚠️
Failure	5 (12.8%)	⚠️
Missing tools	2	⚠️
MCP failures	0	✅

---

Static Analysis Report — #22240

Source: #22240
Time Period: 2026-03-22 snapshot, 177 workflows
Quality: ⚠️ Day 8 critical finding

Metric	Value	Validation
Workflows scanned	177	✅
Compiler errors	0	✅
Compiler warnings	21	⚠️
Total findings	7,771	ℹ️ Mostly informational
Critical (poutine errors)	6	❌ Day 8 unresolved
High (zizmor)	10	⚠️

---

[daily secrets] Daily Secrets Analysis — #22316

Source: #22316
Time Period: Snapshot, 177 workflow files
Quality: ✅ Valid (first run baseline)

Metric	Value	Validation
Workflows with redaction	177/177 (100%)	✅
Workflows with permissions	177/177 (100%)	✅
Secrets exposed in outputs	0	✅
Total secrets references	3,663	✅ Baseline

💡 Recommendations

Process Improvements

1. Resolve Smoke Update Cross-Repo PR (P1): Re-create pr-branch in githubnext/gh-aw-side-repo or refactor the smoke test to dynamically create/reset the branch. 7+ days of 0% success is a significant coverage gap.

2. Fix EP006 permanently: Add context detection logic to agent prompts for workflow_dispatch/schedule triggers to avoid producing add_comment with target=triggering when no PR/issue context exists.

3. Run make recompile: 20 stale lock files are degrading the ecosystem health score. This is a simple one-command fix.

4. Unblock Auto-Triage integrity policy: 6 community issues are being blocked from labeling. Review and adjust the integrity policy scope or add a manual fallback triage step.

Data Quality Actions

1. Fix push_repo_memory size measurement bug: The tool is reporting incorrect file sizes (~560 bytes reported as 29 KB). This is a systemic false-positive in the Daily Audit.

2. Investigate Smoke Gemini firewall telemetry gap: Run §23392520645 is missing access.log. Check if Gemini runs have a different container configuration that omits firewall telemetry.

3. Add CONTEXT7_API_KEY to redaction list: The secrets report noted this key was partially masked due to the numeric character. Explicitly add it to redact_secrets.cjs.

Workflow Suggestions

1. Poutine untrusted_checkout_exec: Escalate to a tracked issue with a deadline. Day 8 of an unresolved supply-chain security finding warrants explicit ownership.

2. Code quality score: The 6-point dip (79→73) warrants a one-time docs refresh pass. If the trend continues for 3+ days, investigate what is driving the documentation LOC reduction.

📊 Regulatory Metrics

Metric	Value
Reports Reviewed	19
Reports Passed (✅)	14
Reports with Issues (⚠️)	5
Reports Failed (❌)	0
Critical Discrepancies	0
Documented Scope Differences	4
Open Actionable Issues	5
Overall Health Score	74%

---

Report generated automatically by the Daily Regulatory workflow
Run: §23411350181
Data sources: 19 daily report discussions from github/gh-aw (2026-03-22)
Metric definitions: scratchpad/metrics-glossary.md
Previous reports closed: #22190, #22024

AI generated by Daily Regulatory Report Generator · history

• expires on Mar 25, 2026, 8:09 PM UTC

[github-actions[bot]]

This report has been superseded by a newer daily regulatory report.