📊 Agentic Workflow Lock File Statistics - November 24, 2025

[github-actions[bot]]

This comprehensive analysis examines all 100 lock files in the githubnext/gh-aw repository to understand patterns, usage trends, and structural characteristics of agentic workflows.

Executive Summary

• Total Lock Files: 100
• Total Size: 23.48 MB (24,615,336 bytes)
• Average File Size: 240.15 KB (246,153 bytes)
• Analysis Date: November 24, 2025
• Repository: githubnext/gh-aw

Full Statistical Analysis

File Size Distribution

Size Range	Count	Percentage
50-100 KB	15	15.0%
100-200 KB	4	4.0%
200-300 KB	63	63.0%
> 300 KB	18	18.0%

Statistics:

• Smallest: shared/mcp/arxiv.lock.yml (80.2 KB / 82,160 bytes)
• Largest: poem-bot.lock.yml (425.8 KB / 436,000 bytes)
• Median Range: 200-300 KB (contains 63% of all files)

Observations:

• No files under 50 KB (minimum is 80 KB)
• The vast majority (81%) are between 200 KB and 400 KB
• Only 18% exceed 300 KB, suggesting relatively consistent workflow complexity

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	Percentage	Usage Pattern
workflow_dispatch	73	73.0%	Manual execution
schedule	45	45.0%	Automated/cron
issues	11	11.0%	Issue events
pull_request	9	9.0%	PR events
discussion_comment	5	5.0%	Discussion comments
discussion	4	4.0%	Discussion events
push	2	2.0%	Push events

Note: 82 files (82%) have triggers defined; 18 files (18%) have no triggers.

Trigger Subtypes Analysis

Discussion Triggers:

• created: 4 workflows
• edited: 4 workflows

Issue Triggers:

• opened: 10 workflows
• edited: 7 workflows
• reopened: 7 workflows
• labeled: 2 workflows

Pull Request Triggers:

• opened: 5 workflows
• edited: 5 workflows
• reopened: 5 workflows
• labeled: 4 workflows

Schedule Triggers:

• All 45 scheduled workflows use cron expressions

Common Trigger Combinations

Rank	Combination	Count	Percentage
1	schedule + workflow_dispatch	42	42.0%
2	workflow_dispatch (alone)	22	22.0%
3	issues (alone)	4	4.0%
4	discussion + discussion_comment + issues + pull_request	3	3.0%
5	pull_request + schedule + workflow_dispatch	3	3.0%
6	push + workflow_dispatch	2	2.0%
7	issues + workflow_dispatch	2	2.0%

Key Insight: The dominant pattern (42%) is combining scheduled automation with manual override capability (schedule + workflow_dispatch).

Schedule Patterns

Sample of unique cron patterns found:

Schedule (Cron)	Count	Description
0 0,6,12,18 * * *	3	Every 6 hours
0/10 * * * *	2	Every 10 minutes
0 11 * * 1-5	1	11am weekdays
0 14 * * 1-5	1	2pm weekdays
0 15 * * 1	1	3pm Mondays
0 22 * * *	1	10pm daily
0 9 * * *	1	9am daily

Total: 45 workflows use schedule triggers with various cron patterns ranging from every 10 minutes to weekly.

Files Without Triggers (18 total)

These workflows likely serve as reusable components or are triggered via other mechanisms:

• arxiv.lock.yml
• brave.lock.yml
• ci-doctor.lock.yml
• context7.lock.yml
• dev-hawk.lock.yml
• grumpy-reviewer.lock.yml
• mergefest.lock.yml
• smoke-detector.lock.yml
• test-claude-close-pull-request.lock.yml
• test-close-discussion.lock.yml
• test-codex-close-pull-request.lock.yml
• test-copilot-close-pull-request.lock.yml
• test-firewall-default.lock.yml
• test-secret-masking.lock.yml
• test-serena-custom-gomod.lock.yml
• test-serena-go-config.lock.yml
• test-serena-long.lock.yml
• test-serena-short.lock.yml

Pattern: Many of these are test workflows or MCP server configurations (shared/mcp/).

Safe Outputs Analysis

Safe Output Types Distribution

Type	Count	Percentage	Workflows (sample)
create-discussion	30	30.0%	daily-news, daily-team-status, copilot-pr-nlp-analysis
add-comment	18	18.0%	smoke-codex, pr-nitpick-reviewer, grumpy-reviewer
create-issue	17	17.0%	cli-version-checker, security-fix-pr, dependabot-go-checker
create-pull-request	14	14.0%	repository-quality-improver, daily-doc-updater, semantic-function-refactor
close-pull-request	3	3.0%	test-claude-close-pull-request, test-codex-close-pull-request, test-copilot-close-pull-request
close-issue	2	2.0%	Various test workflows
add-label	2	2.0%	issue-classifier, triage workflows
update-issue	1	1.0%	Specific update workflow

Total Safe Output Instances: 87 (some workflows use multiple safe output types)

Discussion Categories

For workflows using create-discussion, the following categories are specified:

Category	Count	Usage
audits	12	Primary audit/reporting category
General	4	General discussions
Audits	3	Alternative capitalization
dev	2	Development discussions
artifacts	2	Artifact-related discussions
security	1	Security discussions
research	1	Research findings
general	1	General (lowercase)
daily-news	1	News updates
audit	1	Audit (singular)
announcements	1	Announcements

Observation: "audits" (lowercase) is by far the most common category, used for workflow analysis reports and automated audits.

Structural Characteristics

Timeout Configuration

Analysis of timeout-minutes values across all workflows:

Timeout (minutes)	Count	Percentage
10	300	65.4%
20	112	24.4%
15	17	3.7%
30	9	2.0%
5	10	2.2%
45	3	0.7%
12	1	0.2%

Note: Count exceeds 100 because each job within a workflow can have its own timeout setting.

Key Findings:

• 10 minutes is the default/most common timeout (65%)
• 20 minutes is the second choice (24%)
• Longer timeouts (30-45 min) are rare, used only for complex workflows

Concurrency Settings

• Workflows with concurrency: 100 (100%)
• All workflows implement concurrency control to prevent duplicate runs

Common Patterns:

• group: "gh-aw-${{ github.workflow }}" - Per-workflow grouping
• group: "gh-aw-${{ github.workflow }}-${{ github.event.issue.number }}" - Per-issue grouping
• cancel-in-progress: true - Some workflows cancel in-progress runs

Job Complexity

Common Job Names (across all workflows):

Job Name	Approximate Count	Purpose
agent	~100	Main AI agent execution
conclusion	~90	Workflow conclusion/cleanup
activation	~85	Workflow activation check
detection	~80	Detection/analysis phase
missing_tool	~70	Missing tool reporting
create_discussion	~30	Discussion creation
add_comment	~18	Comment addition
create_issue	~17	Issue creation
create_pull_request	~14	PR creation
pre_activation	~15	Pre-activation checks

Typical Workflow Structure:

1. activation - Check if workflow should run
2. pre_activation (optional) - Additional setup
3. agent - Main AI agent task
4. detection - Analyze results
5. create_discussion/add_comment/create_issue - Safe output
6. missing_tool (conditional) - Report missing tools
7. conclusion - Final cleanup

Estimated Average:

• ~5-7 jobs per workflow
• Most workflows follow a similar pattern with conditional safe output jobs

Permission Patterns

Most Common Permissions

Permission	Count	Percentage	Type
contents	96	96.0%	Read/Write
pull-requests	76	76.0%	Read/Write
issues	74	74.0%	Read/Write
actions	42	42.0%	Read
discussions	8	8.0%	Read/Write
security-events	4	4.0%	Read
repository-projects	2	2.0%	Read

Permission Scope Analysis:

• Minimal Permissions: 0 workflows (all request at least 3 permissions)
• Standard Set: Most workflows request contents, pull-requests, and issues (read access)
• Extended Permissions: 42% request actions permission for workflow artifact access
• Discussion Permissions: Only 8% need discussions permission

Permission Distribution

• Read-only workflows: 0 (0%) - All workflows have write capabilities via safe outputs
• Write permissions: 100 (100%) - All use safe outputs that write to repository
• Security-aware: 4 workflows request security-events permission

Tool & MCP Patterns

MCP Server Usage

Finding: No MCP servers are configured in any of the analyzed lock files.

This is surprising given the repository's focus on agentic workflows. Possible explanations:

1. MCP integration may be configured at runtime rather than in lock files
2. MCP features may be newer than these lock files
3. The repository may use other integration patterns

AI Engine Distribution

Based on comments and configuration hints found in lock files:

Engine	Files Mentioning	Notes
copilot	2	Explicitly configured (changeset.lock.yml, craft.lock.yml)
claude	1	Mentioned in mcp-inspector.lock.yml
codex	0	No explicit mentions
(default)	97	No engine specification

Note: Most workflows don't specify an engine, likely using system defaults.

Common Tool Patterns

Based on safe outputs and workflow structure:

• GitHub API tools: 100% (all workflows interact with GitHub)
• Bash tools: ~100% (standard in agent jobs)
• Discussion creation: 30%
• Issue creation/updates: 19%
• PR creation/updates: 17%
• Comment addition: 18%

Average Lock File Structure

Based on statistical analysis, a typical .lock.yml file has:

• Size: ~240 KB
• Triggers: 2-3 triggers (typically schedule + workflow_dispatch)
• Jobs: 5-7 jobs
• Permissions: 3-4 permissions (contents, issues, pull-requests)
• Timeout: 10 minutes per job
• Concurrency: Enabled with workflow-level grouping
• Safe Outputs: 1-2 safe output types
• Structure: activation → agent → detection → safe_output → conclusion

Interesting Findings

1. Manual Override is Standard: 73% of workflows support manual triggering via workflow_dispatch, indicating operational flexibility is prioritized.

2. Discussion Creation Dominates: 30% of workflows create discussions, making it the most popular safe output. This suggests a strong preference for threaded, collaborative communication over simple issue creation.

3. Automated Reporting is Common: 42% combine scheduled runs with manual override (schedule + workflow_dispatch), pointing to heavy use of automated daily/periodic reporting.

4. No MCP Integration: Surprisingly, none of the 100 lock files configure MCP servers, despite MCP being a key technology for agentic workflows.

5. Consistent Timeouts: 65% use 10-minute timeouts, suggesting most agentic tasks complete quickly or are designed to be time-bounded.

6. Universal Concurrency Control: 100% of workflows implement concurrency management, preventing resource waste and race conditions.

7. "audits" Category Leadership: The "audits" discussion category is used 4x more than any other category, indicating this repository heavily focuses on automated auditing and analysis.

8. Test Workflows Have No Triggers: 18 workflows lack triggers, with many being test workflows that are likely called programmatically or serve as reusable components.

Historical Trends

First Analysis: This is the initial comprehensive analysis of lock files in this repository. Future runs will compare against this baseline to track:

• Growth in lock file count
• Changes in average file size
• Shifts in trigger patterns
• Evolution of safe output preferences
• Introduction of MCP servers

Baseline Metrics (November 24, 2025):

• Total files: 100
• Average size: 240.15 KB
• Most popular trigger combo: schedule + workflow_dispatch (42%)
• Most popular safe output: create-discussion (30%)
• MCP adoption: 0%

Recommendations

Based on this comprehensive analysis:

1. Standardize Discussion Categories: Consider consolidating "audits", "Audits", and "audit" into a single canonical category to improve organization.

2. Investigate MCP Integration: With 0% MCP adoption in lock files, evaluate whether MCP integration should be documented or encouraged for enhanced agent capabilities.

3. Document Trigger Patterns: The schedule + workflow_dispatch pattern (42% adoption) could be documented as a best practice for automated workflows with manual override.

4. Optimize File Sizes: With 63% of files in the 200-300 KB range, consider whether there are opportunities to reduce duplication or extract common patterns.

5. Review No-Trigger Workflows: Audit the 18 workflows without triggers to ensure they're intentionally designed as components or properly integrated into the workflow ecosystem.

6. Timeout Guidelines: Document the rationale for 10-minute vs 20-minute timeouts to help workflow authors choose appropriate values.

7. Safe Output Best Practices: With create-discussion being dominant (30%), document when to prefer discussions over issues or PRs.

Methodology

• Analysis Tool: Bash scripts with text processing (grep, awk) and Python for structured analysis
• Lock Files Analyzed: 100 (100% coverage)
• Data Sources: .github/workflows/**/*.lock.yml
• Cache Memory: Used for data persistence at /tmp/gh-aw/cache-memory/
• Analysis Date: November 24, 2025
• Repository: githubnext/gh-aw
• Commit: cf5b572

---

Generated by Lockfile Statistics Analysis Agent on November 24, 2025

AI generated by Lockfile Statistics Analysis Agent

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.