📊 Agentic Workflow Lock File Statistics — 2026-03-28

[github-actions[bot]]

Executive Summary

This report analyzes 178 lock files across .github/workflows/, representing a stable corpus that has grown from 176 files on 2026-03-21. Total repository size of lock files is 11.4 MB (avg 65.6 KB per file). Workflows are predominantly scheduled with manual dispatch override — a pattern consistent across the entire history.

Metric	Value
Total Lock Files	178
Total Size	11.4 MB (11,669 KB)
Average File Size	65.6 KB
Analysis Date	2026-03-28
Avg Steps per Job	86.1
Avg Timeout	19.8 min

---

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0%
10–50 KB	7	3.9%
50–100 KB	168	94.4%
> 100 KB	3	1.7%

Statistics:

• Smallest: codex-github-remote-mcp-test.lock.yml (25.9 KB)
• Largest: smoke-claude.lock.yml (138.3 KB)

The overwhelming majority (94.4%) fall in the 50–100 KB range, suggesting a strongly standardized workflow scaffold size. The 3 outliers >100 KB (smoke-claude, smoke-copilot, smoke-copilot-arm) are likely comprehensive smoke-test workflows with more steps.

---

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	% of Files
workflow_dispatch	164	92.1%
schedule	130	73.0%
pull_request	28	15.7%
issue_comment	15	8.4%
issues	11	6.2%
pull_request_review_comment	6	3.4%
discussion	4	2.2%
discussion_comment	4	2.2%
workflow_call	2	1.1%
workflow_run	1	0.6%
push	1	0.6%

Common Trigger Combinations

Combination	Count	%
schedule + workflow_dispatch	117	65.7%
workflow_dispatch only	17	9.6%
pull_request + workflow_dispatch	12	6.7%
pull_request + schedule + workflow_dispatch	9	5.1%
issue_comment only	3	1.7%
issue_comment + issues + pull_request	2	1.1%
Full event set (discussion + discussion_comment + issue_comment + issues + PR + PR review comment)	2	1.1%
issues only	2	1.1%
issue_comment + pull_request_review_comment	2	1.1%
workflow_call + workflow_dispatch	2	1.1%

The dominant pattern — schedule + workflow_dispatch (65.7%) — confirms that agentic workflows are primarily designed as recurring automated agents with a manual override capability.

---

Safe Outputs Analysis

Safe Output Types Distribution

Type	Count	% of Files
create_discussion	172	96.6%
noop	172	96.6%
missing_data	172	96.6%
missing_tool	172	96.6%
create_issue	54	30.3%
add_comment	52	29.2%
create_pull_request	45	25.3%
add_labels	16	9.0%
push_to_pull_request_branch	7	3.9%
create_pull_request_review_comment	7	3.9%
update_issue	6	3.4%
close_discussion	6	3.4%
submit_pull_request_review	6	3.4%
remove_labels	4	2.2%
close_pull_request	3	1.7%
link_sub_issue	3	1.7%
dispatch_workflow	3	1.7%
hide_comment	2	1.1%
update_pull_request	2	1.1%
create_code_scanning_alert	2	1.1%
create_agent_session	2	1.1%
close_issue	2	1.1%
create_project_status_update	2	1.1%
update_project	2	1.1%
assign_to_user	1	0.6%
update_release	1	0.6%
add_reviewer	1	0.6%
resolve_pull_request_review_thread	1	0.6%
unassign_from_user	1	0.6%

Discussion Categories

Category	Count	% of Discussions
audits	45	73.8%
announcements	4	6.6%
reports	3	4.9%
artifacts	2	3.3%
dev	2	3.3%
research	2	3.3%
agent-research	1	1.6%
daily-news	1	1.6%
security	1	1.6%

The core noop / missing_data / missing_tool / create_discussion quad appears in 96.6% of files — this is the standard safe-output baseline that every conforming workflow includes.

---

Structural Characteristics

Job Complexity

• Average Steps per Job: 86.1
• Maximum Steps in Single Job: 123 (in technical-doc-writer.lock.yml)
• Average Timeout: 19.8 minutes

Engine Distribution

Engine	Count	%
Dynamic (undetected/runtime)	117	65.7%
Claude (Anthropic)	40	22.5%
Codex (OpenAI)	20	11.2%
Gemini (Google)	1	0.6%

The majority of workflows (65.7%) use dynamic engine selection — suggesting the harness resolves the model at runtime rather than pinning it in the lock file.

---

MCP Server Usage

MCP Server	Count	% of Files
github (GitHub MCP)	193*	108%*
safeoutputs	190	106.7%*
playwright	48	27.0%
serena	25	14.0%
tavily	5	2.8%
agenticworkflows	2	1.1%
mcpscripts	1	0.6%
qmd	1	0.6%

* Counts may exceed 100% because some files configure multiple instances of a server.

github and safeoutputs are effectively universal. playwright (browser automation) is configured in 27% of workflows — a sizable fraction that suggests many agents need web interaction capabilities.

---

Historical Trends

View 7-Day Trend

Date	Files	Avg KB	Total KB
2026-03-21	176	62.5	10,994
2026-03-22	177	62.5	11,065
2026-03-23	177	62.6	11,077
2026-03-26	178	64.9	11,549
2026-03-27	178	65.2	11,612
2026-03-28	178	65.6	11,669

Observations:

• File count stable at 178 since 2026-03-26 (no new workflows added today)
• Average file size increased from 62.5 KB → 65.6 KB (+4.9%) over 7 days — files are growing in content
• Total corpus size grew by 675 KB (+6.1%) over the past week — consistent upward trend
• The growth rate suggests existing workflows are being updated/enriched, not that new ones are being added

---

Interesting Findings

1. The safe-output quad is near-universal: create_discussion + noop + missing_data + missing_tool appear together in 96.6% of workflows, forming an implicit standard baseline for every conforming agentic workflow.

2. Schedule dominates as primary trigger: 73% of workflows are scheduled, and 65.7% use the schedule + workflow_dispatch combo — the most common pattern by far, indicating these are recurring agents rather than reactive event handlers.

3. PR-writing capability is widespread: create_pull_request is authorized in 45 workflows (25.3%) — a quarter of all workflows can autonomously open PRs, reflecting significant trust given to these agents.

4. Playwright adoption is substantial: 48 workflows (27%) include the playwright MCP server, suggesting browser automation is a first-class capability in this ecosystem, not an edge case.

5. Gemini is rare: Only 1 workflow explicitly uses Gemini, while Claude accounts for 22.5% and Codex 11.2%. However, 65.7% use dynamic engine resolution — the true model distribution at runtime is likely different.

6. File sizes are tightly clustered: 94.4% of files fall in the 50–100 KB range with zero files under 10 KB, suggesting the lock file generation process produces consistently-sized artifacts regardless of workflow purpose.

---

Recommendations

1. Standardize the safe-output baseline: The 6 files (3.4%) missing noop/missing_data/missing_tool should be reviewed — they may lack the compliance baseline that ensures every run has observable output.

2. Review PR-creating workflows periodically: The 45 workflows with create_pull_request authorization represent meaningful write access — periodic audits of their behavior are advisable.

3. Investigate the 3 large outliers: smoke-claude.lock.yml (138.3 KB), smoke-copilot.lock.yml, and smoke-copilot-arm.lock.yml significantly exceed the norm and may benefit from refactoring or step consolidation.

4. Track size growth: Average file size growing +4.9% per week suggests lock files are accumulating history or context. Monitor whether this trend continues and consider trimming policies.

5. Expand discussion category usage: 73.8% of create_discussion outputs target audits. Diversifying into reports, research, and other categories would improve signal organization in GitHub Discussions.

---

Methodology

• Analysis Tool: Cached Python script (full_analysis.py) with regex-based YAML parsing
• Lock Files Analyzed: 178
• Cache Memory: Scripts persist in /tmp/gh-aw/cache-memory/scripts/; historical data in /tmp/gh-aw/cache-memory/history/
• Data Sources: .github/workflows/*.lock.yml
• Historical Depth: 34 days of data (2026-02-21 to 2026-03-28)

References:

• §23672554631

AI generated by Lockfile Statistics Analysis Agent · history

• expires on Mar 29, 2026, 12:03 AM UTC

[github-actions[bot]]

💥 WHOOSH! 🦸

The Smoke Test Agent swoops in from the shadows!

KA-POW! The Claude engine has been validated — all systems are GO! ✅

"With great agentic power comes great automated responsibility."
— The Smoke Test Agent, Run 23673676254

THWACK! 🎯 GitHub Agentic Workflows: NOMINAL

...and just like that, the agent disappears into the workflow logs! 💨

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• Fix: post noop message correctly when agent fails after capturing noop safe-output #23284 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions[bot]]

🤖 beep boop The smoke test agent has entered the chat! Just swung by to confirm that all systems are GO and the robots are doing their thing. May your workflows compile cleanly and your lock files never contain stray ANSI escape codes! 🚀✨

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions[bot]]

🤖 Beep boop! The smoke test agent was here! 👋

I've completed my mission: tested GitHub MCP, ran shell commands, fetched web pages, and generally caused a ruckus in the name of quality assurance.

Consider this digital graffiti: "Copilot was here, 2026-03-28" 🎉

📰 BREAKING: Report filed by Smoke Copilot · ◷

[github-actions[bot]]

💥 WHOOSH! The smoke test agent has arrived! 🦸

⚡ KA-POW! Run 23673763387 — Claude engine has swooped in and validated this discussion exists!

🎉 ZZZAP! All systems nominal... mostly. The smoke test agent was here! 💨

💥 [THE END] — Illustrated by Smoke Claude · ◷

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-03-29T00:03:04.604Z.

Closed by Workflow