Agentic Workflow Lock File Statistics - 2026-03-22

[github-actions[bot]]

Executive Summary

This report analyzes all 177 lock files in .github/workflows/*.lock.yml as of 2026-03-22, covering 10.81 MB of workflow configuration data. One new lock file was added since yesterday (+1 codex workflow), and overall structure remains highly consistent — the vast majority of workflows follow the schedule + workflow_dispatch pattern with dynamic engine routing.

Metric	Value
Total Lock Files	177
Total Size	10.81 MB
Average File Size	62.5 KB
Average Steps per Job	77.6
Average Timeout	19.0 min
Analysis Date	2026-03-22

---

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0%
10–50 KB	7	4.0%
50–100 KB	167	94.4%
> 100 KB	3	1.7%

Statistics:

• Smallest: codex-github-remote-mcp-test.lock.yml (25.0 KB)
• Largest: smoke-claude.lock.yml (133.5 KB)
• Most complex (steps): technical-doc-writer.lock.yml (109 steps)
• Least complex (steps): codex-github-remote-mcp-test.lock.yml (36 steps)

The distribution is strikingly uniform — 94.4% of all lock files fall within the 50–100 KB range, reflecting the standardized AWF harness template structure.

---

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	% of Workflows
workflow_dispatch	162	91.5%
schedule	129	72.9%
pull_request	27	15.3%
issue_comment	15	8.5%
issues	11	6.2%
pull_request_review_comment	6	3.4%
discussion_comment	5	2.8%
discussion	4	2.3%
workflow_run	2	1.1%
workflow_call	2	1.1%
push	1	0.6%

Common Trigger Combinations

Combination	Count	%
schedule + workflow_dispatch	117	66.1%
workflow_dispatch only	17	9.6%
pull_request + workflow_dispatch	11	6.2%
pull_request + schedule + workflow_dispatch	9	5.1%
issue_comment only	3	1.7%
Full event set (6 triggers)	3	1.7%
Other combinations	17	9.6%

The dominant pattern is scheduled + on-demand (66.1%), confirming that most agentic workflows run autonomously on a cadence while remaining manually triggerable.

Schedule Pattern Details

Cron Expression	Count	Description
0 14 * * 1-5	4	Weekdays at 14:00 UTC
0 13 * * 1-5	4	Weekdays at 13:00 UTC
0 11 * * 1-5	4	Weekdays at 11:00 UTC
0 9 * * 1-5	3	Weekdays at 09:00 UTC
0 */6 * * *	2	Every 6 hours
0 15 * * 1-5	2	Weekdays at 15:00 UTC
0 10 * * 1-5	2	Weekdays at 10:00 UTC
0 16 * * 1-5	2	Weekdays at 16:00 UTC
12 9 * * *	2	Daily at 09:12 UTC

Most scheduled workflows target weekday business hours (UTC), with a preference for morning/afternoon slots. Two workflows run continuously every 6 hours.

---

Safe Outputs Analysis

Safe Output Types Distribution

Output Type	Count	% of Workflows
create_discussion	171	96.6%
noop	171	96.6%
missing_data	171	96.6%
missing_tool	171	96.6%
create_issue	53	29.9%
add_comment	51	28.8%
create_pull_request	45	25.4%
add_labels	16	9.0%
push_to_pull_request_branch	7	4.0%
create_pull_request_review_comment	7	4.0%
update_issue	6	3.4%
close_discussion	6	3.4%
submit_pull_request_review	6	3.4%
remove_labels	4	2.3%
close_pull_request	3	1.7%
link_sub_issue	3	1.7%
dispatch_workflow	3	1.7%

Rare Safe Output Types (≤2 workflows)

Output Type	Count
hide_comment	2
update_pull_request	2
create_code_scanning_alert	2
create_agent_session	2
close_issue	2
create_project_status_update	2
update_project	2
assign_to_user	1
update_release	1
add_reviewer	1
resolve_pull_request_review_thread	1
unassign_from_user	1

The four "base" outputs (create_discussion, noop, missing_data, missing_tool) are present in 96.6% of workflows, suggesting they are part of the standard AWF safe-output template. Beyond these, create_issue, add_comment, and create_pull_request form the next tier of common outputs.

Discussion Categories

Category	Count	% of Workflows with create_discussion
audits	44	25.7%
announcements	4	2.3%
reports	3	1.7%
artifacts	2	1.2%
dev	2	1.2%
research	2	1.2%
agent-research	1	0.6%
daily-news	1	0.6%
security	1	0.6%

The audits category dominates (this very report included!), accounting for over 25% of all create_discussion usage.

---

Engine Distribution

Engine	Count	%
Dynamic (runtime-selected)	117	66.1%
Claude (Anthropic)	40	22.6%
Codex (OpenAI)	19	10.7%
Gemini (Google)	1	0.6%

The majority of workflows use dynamic engine routing (66.1%), where the engine is determined at runtime rather than being hardcoded. Among fixed-engine workflows, Claude accounts for 22.6%, Codex 10.7%, and Gemini 0.6%.

---

Structural Characteristics

Permission Patterns

Permission	Count	Type
contents:read	712	Read
issues:write	356	Write
discussions:write	235	Write
pull-requests:write	192	Write
contents:write	178	Write
pull-requests:read	161	Read
issues:read	158	Read
actions:read	74	Read
copilot-requests:write	41	Write
discussions:read	35	Read

contents:read is nearly universal (712 occurrences across 177 workflows), while issues:write and discussions:write are the most common write permissions, reflecting the primary output channels for agentic workflows.

MCP Server Usage

MCP Server	Count	% of Workflows
github	191	108% (some have multiple)
safeoutputs	188	106%
playwright	48	27.1%
serena	25	14.1%
tavily	5	2.8%
agenticworkflows	2	1.1%
mcpscripts	1	0.6%

GitHub and safeoutputs MCP servers are effectively universal (some workflows configure them multiple times). Playwright is used in 27.1% of workflows — a substantial fraction for browser automation tasks. Serena (code intelligence) appears in 14.1%, indicating significant code analysis workloads.

---

Historical Trends (7-Day)

Date	Files	Engine: Dynamic	Claude	Codex	Gemini
2026-03-16	172	113	41	17	1
2026-03-18	175	116	41	17	1
2026-03-21	176	117	40	18	1
2026-03-22	177	117	40	19	1

Observed trends:

• Lock file count is growing gradually (+5 files over the past week)
• Codex engine adoption is increasing (+2 this week), while Claude fixed-engine count is stable
• Dynamic routing remains dominant and growing proportionally

Changes since yesterday (2026-03-21 → 2026-03-22)

Metric	Yesterday	Today	Delta
Total files	176	177	+1
Total size	10.74 MB	10.81 MB	+71.7 KB
Avg timeout	18.9 min	19.0 min	+0.1
Codex workflows	18	19	+1
workflow_dispatch trigger	161	162	+1
pull_request trigger	26	27	+1
schedule trigger	128	129	+1

The new workflow added today uses Codex, responds to pull_request, schedule, and workflow_dispatch triggers.

---

Interesting Findings

1. Remarkable Uniformity: 94.4% of lock files fall within the 50–100 KB size range, indicating the AWF harness produces highly standardized workflow definitions regardless of the agent's purpose.

2. Dynamic Routing Dominance: 66.1% of workflows rely on runtime engine selection rather than hardcoded models, enabling flexible model switching without workflow changes.

3. The "Audit Tax": create_discussion in the audits category accounts for 25.7% of all discussion creation — agentic workflows are heavily self-reporting.

4. Browser Automation at Scale: Playwright is configured in 27.1% of workflows, far exceeding what one might expect for a typical CI system. This reflects the prevalence of web research and UI testing agents.

5. Serena's Footprint: The Serena code intelligence MCP server appears in 14.1% of workflows (25 files), establishing it as the third most popular MCP server after the mandatory GitHub and safeoutputs servers.

6. Business Hours Bias: Scheduled workflows cluster heavily around UTC business hours (9:00–16:00 on weekdays), suggesting most are designed for interactive use by teams in European/Western time zones.

---

Recommendations

1. Normalize Timeout Values: With an average of 19.0 min and variance likely significant, auditing outliers for timeout misconfiguration could prevent runaway jobs.

2. Review create_discussion Non-adopters: The 6 workflows (3.4%) without standard safe-output tooling (noop/missing_data/missing_tool) may be outdated or using a non-standard template.

3. Monitor Codex Growth: Codex adoption has grown from 17 to 19 (+11.8%) in one week. If this trend continues, workflow engine diversity should be tracked for cost and reliability planning.

4. Consolidate MCP Configurations: Some workflows show multiple GitHub/safeoutputs entries — standardizing MCP configs via a shared base template could reduce lock file size.

---

Methodology

• Lock Files Analyzed: 177 (.github/workflows/*.lock.yml)
• Analysis Tool: Python 3 with regex-based YAML parsing
• Cache Memory: Scripts persisted at /tmp/gh-aw/cache-memory/scripts/full_analysis.py
• Historical Data: 28 days of history maintained at /tmp/gh-aw/cache-memory/history/
• Data Sources: Direct file system reads of all .lock.yml files

References:

• Workflow run: §23407570388

AI generated by Lockfile Statistics Analysis Agent · history

• expires on Mar 23, 2026, 4:44 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Lockfile Statistics Analysis Agent.

A newer discussion is available at Discussion #22462.