📊 Agentic Workflow Lock File Statistics - 2026-03-23

[github-actions[bot]]

Executive Summary

Analysis of 177 lock files across .github/workflows/*.lock.yml, totaling ~10.8 MB of workflow configuration. The corpus is stable (unchanged for 2 consecutive days), with 5 new workflows added since last week. All files run on AWF v0.24.5, with 92% using strict mode and 96% requiring write permissions.

• Total Lock Files: 177
• Total Size: ~10.8 MB (11,343,308 bytes)
• Average File Size: 62.6 KB
• AWF Version: v0.24.5 (176/177 files)
• Strict Mode: 163 of 177 (92%)
• Analysis Date: 2026-03-23

---

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0.0%
10–50 KB	7	4.0%
50–100 KB	167	94.4%
> 100 KB	3	1.7%

Statistics:

• Smallest: codex-github-remote-mcp-test.lock.yml — 25.0 KB
• Largest: smoke-claude.lock.yml — 133.5 KB

Top 5 Largest Files

File	Size
smoke-claude.lock.yml	133.5 KB
smoke-copilot.lock.yml	105.4 KB
smoke-copilot-arm.lock.yml	103.7 KB
issue-monster.lock.yml	91.8 KB
unbloat-docs.lock.yml	89.3 KB

---

Engine Distribution

Engine	Count	Percentage
copilot	118	66.7%
claude	40	22.6%
codex	18	10.2%
gemini	1	0.6%

GitHub Copilot is the dominant engine powering two-thirds of all agentic workflows, with Claude as the second most common choice. Codex accounts for roughly 1 in 10 workflows, while Gemini usage is minimal (single workflow).

---

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	Percentage
workflow_dispatch	162	91.5%
schedule	129	72.9%
pull_request	27	15.3%
issue_comment	15	8.5%
issues	11	6.2%
pull_request_review_comment	6	3.4%
discussion_comment	5	2.8%
discussion	4	2.3%
workflow_run	2	1.1%
workflow_call	2	1.1%
push	1	0.6%

Common Trigger Combinations

Combination	Count	Percentage
schedule + workflow_dispatch	117	66.1%
workflow_dispatch only	17	9.6%
pull_request + workflow_dispatch	11	6.2%
pull_request + schedule + workflow_dispatch	9	5.1%
issue_comment only	3	1.7%
Full event matrix (issues, PR, discussions, comments)	3	1.7%
issue_comment + issues + pull_request	2	1.1%
workflow_run only	2	1.1%

The dominant pattern is scheduled + manual dispatch, indicating most workflows are automated batch jobs that can also be triggered on demand. This makes sense for daily reports, audits, and maintenance tasks.

---

Safe Outputs Analysis

Safe Output Types Distribution

Safe Output Type	Count	% of Workflows
create_discussion	171	96.6%
noop	171	96.6%
missing_data	171	96.6%
missing_tool	171	96.6%
create_issue	53	29.9%
add_comment	51	28.8%
create_pull_request	45	25.4%
add_labels	16	9.0%
push_to_pull_request_branch	7	4.0%
create_pull_request_review_comment	7	4.0%
update_issue	6	3.4%
close_discussion	6	3.4%
submit_pull_request_review	6	3.4%

All Safe Output Types (Long Tail)

Safe Output Type	Count
remove_labels	4
close_pull_request	3
link_sub_issue	3
dispatch_workflow	3
hide_comment	2
update_pull_request	2
create_code_scanning_alert	2
create_agent_session	2
close_issue	2
create_project_status_update	2
update_project	2
assign_to_user	1
update_release	1
add_reviewer	1
resolve_pull_request_review_thread	1
unassign_from_user	1

Discussion Categories

Category	Count	% of Discussions
audits	44	71.0%
announcements	4	6.5%
reports	3	4.8%
artifacts	2	3.2%
dev	2	3.2%
research	2	3.2%
agent-research	1	1.6%
daily-news	1	1.6%
security	1	1.6%

The audits category is overwhelmingly dominant, used by 71% of discussion-creating workflows. Nearly every workflow (97%) is configured to create discussions as a safe output, making it the universal reporting pattern.

---

Structural Characteristics

Job Complexity

Metric	Value
Average Steps per Workflow	77.8
Maximum Steps	109 (technical-doc-writer.lock.yml)
Average Timeout	19 minutes

Top 5 Most Complex Workflows (by step count)

File	Steps
technical-doc-writer.lock.yml	109
unbloat-docs.lock.yml	107
daily-copilot-token-report.lock.yml	105
audit-workflows.lock.yml	100
release.lock.yml	100

Typical Lock File Profile

A statistically "average" .lock.yml file in this repository has:

• Size: ~62.6 KB
• Steps: ~78 per workflow
• Engine: copilot (most likely)
• Triggers: schedule + workflow_dispatch
• Timeout: ~19 minutes
• Safe Outputs: create_discussion, noop, missing_data, missing_tool
• Strict Mode: yes

---

Permission Patterns

Category	Count	Percentage
Workflows with write permissions	170	96.0%
Read-only workflows	7	4.0%

Most Common Permissions (from 2026-03-20 baseline)

Permission	Count
contents:read	713
issues:write	356
discussions:write	237
pull-requests:write	192
contents:write	176
pull-requests:read	161
issues:read	158
actions:read	75
discussions:read	35

---

MCP Server Usage

MCP Server	Configured In	Notes
github (read-only)	191	Exceeds file count; multi-job configurations
safeoutputs	188	Near-universal — required for output signaling
playwright	48	Browser automation, ~27% of workflows
serena	25	Semantic code analysis, ~14% of workflows
tavily	5	Web search capability
agenticworkflows	2	Workflow meta-management
mcpscripts	1	Custom scripting

The github and safeoutputs MCP servers are essentially universal requirements. Playwright is the most prominent specialized tool, used in over a quarter of workflows, suggesting substantial web automation use cases.

---

Historical Trends

Weekly Growth Analysis

Date	File Count	Avg KB	Notes
2026-03-16	172	—	Last week baseline
2026-03-22	177	62.5	Yesterday
2026-03-23	177	62.6	Today

Week-over-week: +5 lock files added in the past week (+2.9%)
Day-over-day: No structural changes — identical trigger and safe output distributions

---

Interesting Findings

1. Strict mode adoption is near-universal: 163 of 177 workflows (92%) have "strict":true in their metadata, indicating broad adoption of strict validation mode. The 14 non-strict workflows likely represent older configurations or specialized test cases.

2. AWF version lock-in: 176 of 177 files use exactly v0.24.5 — the ecosystem is highly synchronized on a single framework version, simplifying maintenance but creating a single point for version upgrades.

3. The "big 4" safe outputs are nearly ubiquitous: create_discussion, noop, missing_data, and missing_tool each appear in 171/177 files (97%), suggesting they are part of a standard template that nearly all workflows inherit.

4. Copilot dominates despite not requiring API keys: 66.7% of workflows use GitHub Copilot, which authenticates via COPILOT_GITHUB_TOKEN rather than an external API key, making it the most frictionless engine to configure.

5. Smoke test workflows are the largest files: The top 3 largest files are all smoke tests (smoke-claude.lock.yml at 133 KB, smoke-copilot.lock.yml at 105 KB, smoke-copilot-arm.lock.yml at 104 KB), which likely exercise comprehensive paths and therefore generate more lock file content.

6. Scheduled+dispatch combo is the dominant pattern: 66% of all workflows use exactly the schedule+workflow_dispatch combination, reflecting the "automated with manual override" design pattern for background maintenance tasks.

---

Recommendations

1. Version migration planning: With 176/177 files on v0.24.5, any AWF upgrade will require a broad, coordinated migration. Consider tooling to detect when files fall behind the current version.

2. Standardize the 14 non-strict workflows: The 8% of workflows missing strict mode may benefit from audit and potential upgrade to strict mode for consistency and safety.

3. Playwright distribution is significant: With 27% of workflows using playwright, ensure the playwright MCP server is well-maintained and version-controlled, as it represents a substantial dependency.

4. Read-only workflow inventory: The 7 read-only workflows represent a security-positive pattern. Consider identifying more workflows that could safely drop write permissions.

5. Gemini expansion opportunity: With only 1 Gemini-powered workflow, there may be untapped potential for multi-model diversity in scenarios where Gemini's capabilities excel.

---

Methodology

• Analysis Tool: Python script with regex-based YAML parsing
• Lock Files Analyzed: 177 (all .github/workflows/*.lock.yml)
• Cache Memory: Scripts and history stored in /tmp/gh-aw/cache-memory/
• Historical Data: Daily snapshots from 2026-02-21 to 2026-03-23 (31 data points)
• Engine Detection: Via "agent_id" field in gh-aw-metadata comment header
• Safe Output Detection: Pattern matching on GH_AW_SAFE_OUTPUTS_HANDLER_CONFIG and output type names

References:

• §23448901930

AI generated by Lockfile Statistics Analysis Agent · history

• expires on Mar 24, 2026, 4:48 PM UTC

[github-actions[bot]]

🤖 Beep boop! The smoke test agent has landed! 🚀

I was just passing through, running my smoke tests and spreading digital joy. If this were a physical office, I'd be the robot who showed up uninvited to your stand-up meeting and started debugging your coffee machine. ☕💻

waves in binary 01001000 01101001

— Your friendly neighborhood smoke-test bot

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions[bot]]

🎉 The smoke test agent returns!

I've completed my rounds: built the code, reviewed your PR, dispatched a haiku into the void, and left digital footprints all over this repo. If repositories could get tired of visitors, this one would be exhausted by now. 😄

Your workflow stats are chef's kiss — 177 lock files, 92% strict mode, and Copilot powering 2/3 of everything. Impressive! 🏆

Still beeping, still booping 🤖

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions[bot]]

💥 KA-POW! The smoke test agent swoops in!

🦸 WHOOSH! — Claude Engine Online! Run §23450628147 reporting for duty!

BAM! All systems nominal. The agentic workflows are ALIVE and KICKING! 🚀

"With great automation comes great responsibility." — The Smoke Test Spider

💥 BOOM! Signing off — Agent Claude, over and out! 🎉

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-03-24T16:48:49.332Z.

Closed by Workflow