[daily regulatory] Regulatory Report - 2026-03-27

[github-actions[bot]]

Today's regulatory review analyzed 11 daily report discussions from the 48-hour window of 2026-03-26 to 2026-03-27. Overall data quality is good — reports are internally consistent, metrics are well-scoped, and cross-report comparisons yield no critical discrepancies. The most notable finding is a 2× spike in today's firewall block rate (3.0%) compared to the 7-day rolling average (1.45%), driven by identifiable workflows. Two low-severity recurring warnings in the Safe Output system (missing labels, schedule-triggered PR reviews) persist without escalation. Safe output health achieved its 3rd consecutive 100% success day.

Three items merit attention: (1) the gate check 100% failure rate across all session checks, likely by-design but worth confirming; (2) the emerging EP024 detection model failure pattern (2nd consecutive day), which is silently blocking valid agent outputs; and (3) 6 firewall-enabled workflow runs missing access.log artifacts from the prior 7-day window.

📋 Full Regulatory Report

📊 Reports Reviewed

#	Report	Discussion	Created	Status
1	Daily Firewall Report	#23226	2026-03-27T11:58Z	✅ Valid
2	Copilot Agent Analysis	#23225	2026-03-27T11:36Z	✅ Valid
3	Copilot Session Insights	#23230	2026-03-27T12:13Z	✅ Valid
4	Safe Output Health Report	#23237	2026-03-27T13:17Z	⚠️ Warnings
5	Daily Team Evolution Insights	#23217	2026-03-27T10:56Z	✅ Valid
6	Lock File Statistics	#23189	2026-03-27T00:05Z	✅ Valid
7	Observability Coverage Report	#23187	2026-03-26T23:58Z	⚠️ Issues
8	Daily Performance Summary	#23182	2026-03-26T23:29Z	✅ Valid
9	DIFC Integrity-Filtered Events	#23272	2026-03-27T20:41Z	✅ Valid
10	Agentic Workflow Audit	#23173	2026-03-26T21:20Z	✅ Valid
11	Daily Code Metrics	#23175	2026-03-26T21:40Z	✅ Valid

---

🔍 Data Consistency Analysis

Cross-Report Metrics Comparison

Reference: scratchpad/metrics-glossary.md for definitions and scopes.

Metric	Source A	Source B	Scope Match	Status
agent_prs_total (24h)	Copilot Agent: 24	Team Evolution: 27 total PRs	⚠️ Different scopes	ℹ️ See Note 1
merged_prs (24h)	Copilot Agent: 16	Team Evolution: 16	✅ Same	✅ Match
open_issues	Performance: 108	—	Single source	✅ No conflict
workflow_runs_analyzed (7d)	Observability: 62	Firewall Report (1d): 43	⚠️ Different windows	ℹ️ See Note 2
firewall_requests_blocked rate	Observability (7d): 1.45%	Firewall Report (1d): 3.0%	⚠️ Different windows	⚠️ Spike
agent_prs_merged (24h)	Copilot Agent: 16	Team Evolution: 16	✅ Same	✅ Match

Scope Notes:

1. agent_prs_total: Copilot Agent Analysis counts only Copilot-authored PRs (24). Team Evolution counts all PR authors (Copilot 21 + github-actions 6 = 27). Different scopes by design. Not a discrepancy — the Team Evolution tracks all automation, while Agent Analysis focuses on copilot-swe-agent.
2. workflow_runs_analyzed: Observability covers 7-day window (62 runs), Firewall Report covers single day (43 runs today). Intentionally different scopes. Not a discrepancy.

Consistency Score

• Overall Consistency: 100% — no same-scope metrics differ across reports
• Critical Discrepancies: 0
• Minor Discrepancies: 0
• Scope Differences (expected): 2

---

⚠️ Issues and Anomalies

High Priority

1. EP024: Detection Model Not Producing THREAT_DETECTION_RESULT — 2nd Day

• Affected Reports: Safe Output Health Report (Safe Output Health Report - 2026-03-27 #23237)
• Metric: N/A (workflow control flow)
• Description: Copilot detection model is failing to produce THREAT_DETECTION_RESULT output on at least 4 workflow runs (Delight, Smoke Gemini, Smoke Update Cross-Repo PR, Smoke Create Cross-Repo PR). When this occurs, the entire safe_outputs job is skipped, meaning valid agent outputs are silently dropped.
• Expected: Detection job completes and produces output that gates safe_outputs
• Actual: Detection job fails/times out; safe_outputs never executes
• Severity: High — silently suppresses valid agent outputs
• Recommended Action: Investigate detection model format change or timeout; add alerting when safe_outputs is skipped due to detection failure

2. Firewall Block Rate Spike Today vs 7-Day Average

• Affected Reports: Daily Firewall Report (Daily Firewall Report - 2026-03-27 #23226), Observability Coverage ([observability] Observability Coverage Report - 2026-03-26 #23187)
• Metric: firewall_requests_blocked rate
• Description: Today's block rate is 3.0% (40/1,343 requests) vs the 7-day rolling average of 1.45% (59/4,073) — approximately 2× higher
• Root Cause Identified: Three identifiable workflows driving the spike: Dependabot Dependency Checker (12 blocks, proxy.golang.org), AI Moderator (~9 blocks, ChatGPT/GitHub domains), Smoke Codex (~8 blocks, ChatGPT)
• Severity: Medium — block rate is elevated but explainable; no unexpected domain categories
• Recommended Action: Add proxy.golang.org to Dependabot Dependency Checker's allowed domains; investigate AI Moderator github.com/api.github.com blocks (see firewall report recommendation)

Medium Priority

3. Observability: 6 Firewall-Enabled Runs Missing access.log (7-Day Window)

• Affected Reports: Observability Coverage Report ([observability] Observability Coverage Report - 2026-03-26 #23187)
• Metric: runs_with_complete_logs / observability coverage
• Description: 6 of 62 firewall-enabled workflow runs (9.68%) in the last 7 days are missing access.log artifacts. This prevents post-run security auditing for those runs.
• Severity: Medium — 90.32% coverage is below an expected >98% target; specific workflows: Copilot Agent Prompt Clustering, Go Logger Enhancement, Daily Observability Report, Daily Safe Output Tool Optimizer, Issue Monster, Workflow Normalizer
• Recommended Action: Enforce hard observability guardrail; fail/mark runs where firewall_enabled=true and access.log is missing (as recommended in observability report)

4. Gate Check Failures at 100% Rate

• Affected Reports: Copilot Session Insights ([copilot-session-insights] Daily Copilot Agent Session Analysis — 2026-03-27 #23230)
• Description: All 33 gate checks today (Q, Scout, Archie, /cloclo) returned action_required. This has been ~60% failure rate over 30 days, but today it reached 100%.
• Severity: Medium — may be by-design approval gates, but 100% rate warrants confirmation
• Recommended Action: Determine if action_required outcomes are intentional approval gates or broken checks. If by-design, relabel in metrics to avoid counting as "failures."

Low Priority (Recurring Warnings)

5. EP_LABELS_MISSING: Missing Repository Labels — 4th Consecutive Day

• Affected Reports: Safe Output Health Report (Safe Output Health Report - 2026-03-27 #23237)
• Description: Constraint Solving POTD workflow specifies constraint-solving and problem-of-the-day labels that don't exist in the repository. Discussion creates successfully but labels are not applied.
• Severity: Low — non-fatal, 4 days running
• Recommended Action: Create labels in repository or remove from workflow frontmatter

6. EP015: Smoke Copilot PR Review Context on Schedule Triggers — Recurring

• Affected Reports: Safe Output Health Report (Safe Output Health Report - 2026-03-27 #23237)
• Description: Schedule-triggered Smoke Copilot generates submit_pull_request_review output without PR context. Warning only; no failure.
• Severity: Low — ~weekly recurrence
• Recommended Action: Update Smoke Copilot prompt to conditionally emit PR-specific safe outputs only on PR-triggered runs

---

📈 Trend Analysis

Key Trends (Today vs Historical)

Metric	Today	Historical	Trend
Copilot agent success rate	84% (agent PRs)	79–85% (recent)	✅ Stable
Session completion rate	100%	71.1% (30d avg)	✅ Spike up
Safe output hard failures	0	Variable	✅ 3rd clean day
Firewall block rate	3.0%	~1.45% (7d)	⚠️ 2× spike
Lock files count	178	174 (2026-03-17)	➡️ +2.3% / 10 days
DIFC filtered events	746 (7d)	—	⚠️ 560 on Mar 26

Notable Trends

• AI agent reliability is improving: Copilot agent success rate held at 84% for the second consecutive day (yesterday: 85%), while session completion hit 100% today. This suggests improved task scoping and prompt quality.
• Workflow ecosystem is growing steadily: +4 lock files in 10 days (+2.3%), with average file size growing 5.0% — indicating both new workflows and richer configurations being added.
• DIFC filter volume is increasing: 560 events on March 26 alone (75% of the 7-day total of 746) suggests a growing backlog of external contributor issues reaching integrity-filtered workflows. Trend should be monitored weekly.
• Security hardening cycle is active: YAML injection fix, SHA-pinning, and gh aw audit report all shipped today — the team is in an active security maturation phase.

---

📝 Per-Report Analysis

1. Daily Firewall Report — 2026-03-27

Source: #23226 | Run: §23644682231
Time Period: 2026-03-27 only (limited early dataset — first days of firewall log collection)
Quality: ⚠️ Limited by single-day dataset; no multi-day trend possible yet

Metric	Value	Validation
workflow_runs_analyzed	43	✅ Single-day expected
firewall_requests_total	1,343	✅ Reasonable
firewall_requests_allowed	1,303 (97.0%)	✅
firewall_requests_blocked	40 (3.0%)	⚠️ 2× 7d average
firewall_domains_blocked	7	✅ All explained

Notes: Block rate elevated but attributable. proxy.golang.org blocks for Dependabot need allowlist update.

2. Copilot Agent Analysis — 2026-03-27

Source: #23225 | Run: §23644237361
Time Period: Last 24h (2026-03-26T11:33Z → 2026-03-27T11:33Z)
Quality: ✅ Valid

Metric	Value	Validation
agent_prs_total	24	✅ Internally consistent
agent_prs_merged	16	✅
agent_success_rate	84% (16/19 completed)	✅ Consistent with formula
Closed PRs	3	✅ Superseded/WIP
Open PRs	5	✅

Internal math check: 16 merged + 3 closed + 5 open = 24 total ✅

3. Copilot Session Insights — 2026-03-27

Source: #23230 | Run: §23644187731
Time Period: 2026-03-27 snapshot
Quality: ✅ Valid

Metric	Value	Validation
Sessions analyzed	50	✅
Agent sessions	5	✅
Successful completions	5 (100%)	✅ Best recent result
Gate check failures	33/33 (100%)	⚠️ Unusual — see anomaly #4
30d agent success rate	71.1% (59/83)	✅

4. Safe Output Health Report — 2026-03-27

Source: #23237 | Run: §23647740710
Time Period: Last 24h
Quality: ⚠️ Warnings present; EP024 detection issue noted

Metric	Value	Validation
Workflow runs analyzed	166	✅
Runs with safe output jobs	133	✅
Safe output hard failures	0	✅ 3rd consecutive clean day
Success rate	100%	✅
Safe outputs blocked (detection failure)	4	⚠️ EP024 escalating
Accessible log coverage	7/133 (5.3%)	⚠️ Low observability

Notes: The 5.3% accessible log rate is a systemic observability gap, not a new issue. EP024 blocked 4 runs from getting safe outputs processed.

5. Observability Coverage Report — 2026-03-26

Source: #23187 | Run: §23623570309
Time Period: Last 7 days
Quality: ⚠️ 6 missing firewall logs

Metric	Value	Validation
workflow_runs_analyzed	62	✅
firewall_enabled_workflows	62	✅
runs_with_complete_logs (firewall)	56 (90.32%)	⚠️ Below target
mcp_enabled_workflows	45	✅
MCP telemetry coverage	45/45 (100%)	✅
firewall_requests_blocked rate	1.45%	✅ Baseline established

6. Daily Performance Summary — 2026-03-26

Source: #23182 | Run: §23622970148
Time Period: Last 90 days
Quality: ✅ Valid

Metric	Value	Validation
total_prs	100	✅
merged_prs	77	✅
open_prs	3	✅
closed_prs (not merged)	20	✅ Math: 77+3+20=100 ✅
total_issues (analyzed: 1000)	1,000	✅
open_issues	108	✅
closed_issues (in period)	892	✅ Math: 892+108=1000 ✅
Avg merge time	1.66h	✅ Exceptionally fast

7. Lock File Statistics — 2026-03-27

Source: #23189 | Run: §23624082605
Time Period: Snapshot as of 2026-03-27
Quality: ✅ Valid

Metric	Value	Validation
Total lock files	178	✅ +1 from yesterday
Total size	11.3 MB	✅
Avg file size	65.2 KB	✅ +0.3 KB from yesterday
Workflows with write permissions	171 (96.1%)	✅

8. Team Evolution Insights — 2026-03-27

Source: #23217 | Run: §23642767702
Time Period: Last 24h
Quality: ✅ Valid — corroborates Agent Analysis PR merge count (16)

9. DIFC Integrity-Filtered Events — 2026-03-27

Source: #23272 | Run: §23665157709
Time Period: Last 7 days
Quality: ✅ Valid

Metric	Value	Validation
Total filtered events	746	✅
Filter reason	integrity_blocked 100%	✅ Expected
Busiest day	2026-03-26 (560 events)	⚠️ Concentrated spike
Top blocked user	szabta89 (109 events)	✅ External contributor

---

💡 Recommendations

Process Improvements

1. Establish firewall block rate baseline and alerting: With today's 3.0% rate as a data point (vs 1.45% 7-day avg), define a threshold (e.g., >5%) for automated escalation. Current spike is explainable but monitoring should be formalized.
2. Add scope documentation to all reports: Several reports (Team Evolution, Performance Summary) could be improved by explicitly labeling their time window scope on key metrics, aligning with scratchpad/metrics-glossary.md conventions.

Data Quality Actions

1. Resolve EP024 detection model failure: 4 safe output runs silently skipped on day 2. Add monitoring/alerting when safe_outputs is bypassed due to detection failure.
2. Enforce firewall log artifact retention: 6 missing access.log files in the last 7 days. Implement the observability report's recommendation to fail/mark runs where firewall_enabled=true and logs are absent.
3. Create missing labels: constraint-solving and problem-of-the-day labels have been missing for 4+ days. Low effort, eliminates recurring EP_LABELS_MISSING warning.

Workflow Suggestions

1. Investigate gate check action_required pattern: Clarify whether 100% action_required from Q/Scout/Archie/cloclo is by-design. If intentional, recategorize in Session Insights to avoid false "failure" signals.
2. Fix Smoke Copilot schedule trigger: EP015 recurs ~weekly. A small prompt update to conditionally emit PR outputs only on PR events would eliminate this warning permanently.

---

📊 Regulatory Metrics

Metric	Value
Reports Reviewed	11
Reports Passed (✅ Valid)	8
Reports with Issues/Warnings	3
Reports Failed	0
Critical Discrepancies	0
High Priority Issues	1 (EP024)
Medium Priority Issues	2
Low Priority Issues (recurring)	2
Overall Health Score	82%

---

Report generated automatically by the Daily Regulatory workflow
Data sources: Daily report discussions from github/gh-aw (2026-03-26 to 2026-03-27)
Metric definitions: scratchpad/metrics-glossary.md
Previous report #23172 closed as OUTDATED

References:

• §23667498546 — This regulatory report run
• §23644682231 — Daily Firewall Report
• §23647740710 — Safe Output Health Monitor

AI generated by Daily Regulatory Report Generator · history

• expires on Mar 30, 2026, 9:11 PM UTC

[github-actions[bot]]

This report has been superseded by a newer daily regulatory report for 2026-03-29.