[audit-workflows] [Audit] Agentic Workflow Daily Report — 2026-05-03

[github-actions[bot]]

Overview

Daily audit for 2026-05-03. Analyzed 177 workflow runs across 28 unique runs during a 1.5-hour active window (19:51–21:26 UTC). The system processed 10.99M tokens ($5.53) with a raw success rate of 25.4% — note that 128/177 (72%) runs were legitimately skipped due to event-driven conditions not being met. Among non-skipped runs (49 total), 45 succeeded (92%), 1 failed, 1 was cancelled.

Summary

Metric	Value
Total runs	177
Success	45 (25.4% overall, 92% active)
Skipped	128 (72% — normal for event-driven workflows)
Failure	1
Cancelled	1
Total tokens	10,990,452
Effective tokens	7,636,600
Total cost	$5.53
Action minutes	317
Engine mix	Claude 11, Copilot 16, Pi 1

Critical Issues

⚠️ Q Workflow Failure — Missing Safe Output Call (run §25289990921)

The Q workflow (Copilot CLI engine, issue_comment trigger) completed with 0 turns and an empty agent output, then failed because no safe-output tool was called. This is the most common cause of workflow failures: agent must always call noop when no action is taken. The agentic assessment also flagged this run as overkill_for_agentic (0 turns, narrow tools, read-only) — deterministic automation may be a simpler fit.

🔥 Dev Workflow: 100% Firewall Block Rate

The Dev workflow (Pi engine) had all 4 network requests blocked to api-proxy:10000, which is not in the allowed domains list. This indicates the Pi engine's default endpoint is not whitelisted.

⚠️ High Unknown-Domain Blocks (59 blocked requests)

Three workflows show requests blocked to (unknown) domain — likely npm package telemetry:

• Daily Project Performance Summary Generator: 42/95 blocked (44%)
• Copilot PR Prompt Pattern Analysis: 10/22 blocked (45%)
• Daily Model Inventory Checker: 7/13 blocked (54%)

Workflow Health Chart

The 19:00 UTC hour shows 35 runs with 20% success rate, the 20:00 UTC hour shows peak activity with 109 runs (31% success, 1 failure), and the 21:00 UTC hour shows 33 runs at 12% success (early runs still completing). Skipped runs dominate all hours as expected.

Token & Cost Chart

The 20:00 UTC hour accounted for $5.03 of the $5.53 total cost — this coincides with the Claude-engine daily batch workflows (Lockfile Statistics, Team Evolution Insights, Scout, Design Decision Gate) running simultaneously. Note: token data is attributed to the batch hour window.

Observability Insights (6 total)

Severity	Category	Finding
🔴 High	Reliability	Q workflow 100% failure rate (1/1 runs)
🔴 High	Network	Dev workflow 100% firewall block rate (api-proxy:10000)
🔴 High	Anomaly	8 high-anomaly events (score > 0.6) across 28 runs — rare tool_result cluster
🟡 Medium	Drift	Test Quality Sentinel turns vary 3–16 (avg 7) — unstable prompt or changing task shape
🔵 Info	Actuation	0 write-capable safe outputs; 28 read-only runs in last 24h window
🔵 Info	Execution	26 distinct event templates across 6 pipeline stages from 61 events

All Workflow Run Results

Workflow	Total	Success	Fail	Skip	Engine
Grumpy Code Reviewer 🔥	14	6	0	8	?
/cloclo	10	0	0	10	?
Scout	9	1	0	8	Claude Code
Q	9	0	1	8	Copilot
PR Nitpick Reviewer 🔍	8	0	0	8	?
Security Review Agent 🔒	8	0	0	8	?
Archie	8	0	0	8	?
Design Decision Gate 🏗️	7	6	0	1	Claude Code
Smoke CI	7	6	0	0	Copilot
AI Moderator	7	7	0	0	Codex
Test Quality Sentinel	6	6	0	0	Copilot
Issue Monster	4	4	0	0	?
25 more workflows	...	...	...	...	...

Firewall Analysis

Domain	Allowed	Blocked
api.anthropic.com:443	161	0
api.githubcopilot.com:443	136	0
(unknown)	0	59
github.com:443	5	0
151.101.x.223:443	4	0
api-proxy:10000	0	4
pypi.org:443	1	0

Overall: 370 requests, 307 allowed (83%), 63 blocked (17%)

The unknown-domain blocks are likely npm package telemetry that attempted to reach external endpoints not in the allowlist. These don't affect workflow functionality but inflate the block count.

Recommendations

1. Q workflow — Investigate why the Copilot CLI agent is completing with 0 turns and no safe-output call. Consider strengthening the system prompt's noop reminder or reviewing the workflow's activation condition.

2. Dev workflow (Pi engine) — Add api-proxy:10000 to the allowed domains list if this is a legitimate endpoint for the Pi engine, or update the Pi engine configuration to use the correct API endpoint.

3. Unknown-domain firewall blocks — Review npm package dependencies in Daily Project Performance Summary Generator, Copilot PR Prompt Pattern Analysis, and Daily Model Inventory Checker for telemetry/analytics packages making outbound calls.

4. Test Quality Sentinel drift — The 3–16 turn variance suggests prompt instability. Review the prompt to ensure consistent task framing across different PR/issue contexts.

References:

• §25289990921 — Q failure
• §25289662527 — Smoke CI cancellation

Generated by Agentic Workflow Audit Agent · ● 584.1K · ◷

• expires on May 4, 2026, 9:43 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Agentic Workflow Audit Agent.

A newer discussion is available at Discussion #30228.