[lockfile-stats] Lockfile Statistics Report — 2026-06-01

[github-actions[bot]]

Executive Summary

Analysis of 236 compiled .github/workflows/*.lock.yml files on 2026-06-01 (0 malformed/skipped). Total footprint 22.8 MB (23,937,060 bytes), averaging ~99 KB per lockfile (median 98.1 KB). The corpus is large, tightly clustered, and overwhelmingly composed of scheduled agentic workflows (67.8% on a cron) that almost universally also expose workflow_dispatch (96.6%). The GitHub MCP server dominates tool usage by two orders of magnitude, and the engine mix is led by Copilot (65%) followed by Claude (27%).

Metric	Value	Δ vs 2026-05-31
Lockfiles	236	−1
Total bytes	23,937,060	−77,861
Avg size	101,428 B	+100
Median size	100,466 B	+242
Total jobs	1,891	−9
Total steps	24,704	−117
Total scripts	11,922	−51

File Size Distribution

Every lockfile falls between 64.6 KB and 183.4 KB — there are no small lockfiles, reflecting the substantial boilerplate the compiler emits per workflow.

Bucket	Count
50–100 KB	113
100–250 KB	123

Largest & smallest lockfiles

Largest

File	Bytes
smoke-claude.lock.yml	183,416
smoke-copilot.lock.yml	155,524
smoke-copilot-arm.lock.yml	146,077
smoke-codex.lock.yml	133,726
mcp-inspector.lock.yml	131,992

Smallest

File	Bytes
test-workflow.lock.yml	64,578
example-permissions-warning.lock.yml	65,263
firewall.lock.yml	65,943
codex-github-remote-mcp-test.lock.yml	67,923
ace-editor.lock.yml	76,103

Trigger Analysis

Trigger	Workflows
workflow_dispatch	228
schedule	160
pull_request	35
issues	4
issue_comment	2
push	2
workflow_run / discussion / discussion_comment / pull_request_review_comment	1 each

Most common trigger combinations: schedule + workflow_dispatch (156), workflow_dispatch only (40), pull_request + workflow_dispatch (28). The schedule+dispatch pairing is the canonical shape — automated cron runs with a manual escape hatch.

Schedule cron frequency notes

Crons are well-distributed across off-peak minutes (very few on :00/:30), consistent with the fleet-friendly scheduling guidance. Most are daily (* * *); a meaningful subset run weekday-only (1-5) or every 4–6 hours (*/4, */6). No two workflows share a heavily-contended slot.

Safe Outputs Analysis

⚠️ Safe-output type extraction returned empty in this run because the structured YAML parser was unavailable (yaml_available: false), so per-type counts could not be computed reliably this cycle. For historical context, the richer 2026-05-20 snapshot (different methodology) showed create_discussion, create_issue, and missing_tool as near-universal, add_comment (~71), create_pull_request (~56), and audits as the dominant discussion category (~68). Treat those as approximate.

Structural Characteristics

Metric	Min	Avg	Max	Max workflow
Jobs / workflow	5	8.01	12	firewall-escape.lock.yml
Steps / workflow	69	104.68	142	smoke-copilot.lock.yml

Totals: 1,891 jobs, 24,704 steps, 11,922 scripts across the corpus. Step counts are uniformly high (everything ≥69), again reflecting compiled setup/teardown scaffolding rather than user logic.

Permission Patterns

Top-level permissions resolved to an empty object ({}) for all 236 lockfiles in this run, and read/write breakdowns were empty — the same parser limitation noted above prevented per-scope extraction. This is a methodology gap, not evidence that permissions are unset; deeper extraction requires the YAML-enabled analyzer path.

Tool & MCP Patterns

MCP server	References
github	6,552
playwright	168
sentry	96
ruflo	16
grafana	14
arxiv	6
deepwiki	6

The GitHub MCP server dominates by ~39× the next server. A core bundle of ~50 GitHub read tools appears in 126 workflows each (≈53% of the fleet), indicating a standard GitHub toolset wired into most agents.

Engine distribution:

Engine	Workflows
copilot	154 (65%)
claude	63 (27%)
codex	14 (6%)
antigravity / crush / gemini / opencode / pi	1 each

Interesting Findings

1. No small lockfiles exist. The minimum is 64.6 KB; the compiler's fixed scaffolding sets a hard floor, so file size is driven far more by boilerplate than by agent complexity.
2. GitHub MCP is effectively the platform's standard library — 6,552 references vs 168 for the runner-up (playwright), with ~50 read tools provisioned uniformly into 126 workflows.
3. A long tail of experimental engines (antigravity, crush, gemini, opencode, pi) each appears exactly once — the repo is actively trialing new engines alongside the copilot/claude/codex mainstream.
4. schedule + workflow_dispatch is the house style (156 of 236), confirming these are autonomous cron agents with manual override built in.
5. Remarkably stable day-over-day — across 12 daily snapshots, totals drift by single-digit percentages; the −1 lockfile and −117 steps vs 05-31 reflect normal churn, not structural change.

Historical Trends

Comparing same-schema snapshots (2026-05-31 → 2026-06-01): lockfiles 237→236, total bytes −78 KB, jobs 1,900→1,891, steps 24,821→24,704, scripts 11,973→11,922, GitHub MCP references 6,656→6,552 (−104). Engine mix essentially unchanged (claude 64→63). The longer arc from 2026-05-20 (233 lockfiles, ~21.3 MB, avg 96 KB) shows steady growth in both count and average size, though a schema change mid-window limits exact field-by-field comparison.

Recommendations

1. Restore the YAML-enabled analyzer path so safe-output types, discussion categories, and permission scopes are captured again — three report sections are currently blind due to yaml_available: false.
2. Investigate the per-lockfile size floor (~65 KB) — if much of the 22.8 MB is shared boilerplate, a shared/compressed include could materially shrink the compiled footprint.
3. Document the standard GitHub MCP tool bundle so the 50-tool block provisioned into 126 workflows is intentional and trimmable where unused.

---

Methodology note: single-script compact JSON analysis. All metrics derive from one analyzer pass over the 236 lockfiles producing a ~4.8 KB summary; the report reasons only from that JSON plus cached prior-day snapshots.

References: §26782667552

Generated by 📊 Lockfile Statistics Analysis Agent · opus48 699.8K · ◷

• expires on Jun 2, 2026, 9:23 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Lockfile Statistics Analysis Agent.

A newer discussion is available at Discussion #36534.