DeepReport Intelligence Briefing — 2026-04-13

[github-actions[bot]]

Executive Summary

The gh-aw agent ecosystem remains highly productive but is operating under compounding stress from three persistent, unresolved infrastructure failures. After a 10-day gap since the last deep analysis (Apr 3), the most striking finding is an 86% surge in open issues (56 → 104) driven almost entirely by automated agents and community reporters. The Copilot SWE agent is delivering extraordinary output — 20 PRs merged in 48 hours — but the failure rate across the wider workflow portfolio has hit 31%, with 14 workflows failing 100% of runs and burning ~$18.70 in waste over just 4 days.

The three most urgent issues are: the Gemini proxy sidecar with no Gemini API handler (multiple community reports, smoke tests failing 5+ days); a recurring safe-output rate-limit burst now in its 3rd occurrence with no fix deployed; and the Daily Documentation Updater failing 100% for 13+ days at $3.31/4 days. Three GitHub issues have been filed for these (see Actionable Tasks below).

On the positive side, the codebase is in excellent health (73/100 quality, test:source ratio of 2.17), security posture is exemplary (100% redaction and permissions coverage across 187 workflows), and 11 new agent workflows have been deployed since Apr 3 — representing continued ecosystem growth.

---

Pattern Analysis

Positive Patterns

Copilot SWE Agent Throughput — The Copilot coding agent merged 20 PRs in 48 hours (Apr 12–13), with a remarkable breadth of concerns: OTel exception enrichment (exception.type, sanitized attributes), SEC-004 sanitization fixes, cache-memory cleanup, dependency updates, and multiple agent assignment fixes. PRs are small, focused, and use conventional commit style — exactly what you want from automated agents. Quality score: 85/100, effectiveness: 88/100.

Security Posture: Excellent — The Secrets Analysis (Apr 12) shows 187/187 workflows have redact_secrets steps and explicit permissions: blocks. Zero secrets in job outputs. 97% include sanitization steps. The cascade fallback pattern (GH_AW_GITHUB_MCP_SERVER_TOKEN || GITHUB_TOKEN) appears 703 times consistently.

New Agent Ecosystem Expansion — 11 new agents deployed since Apr 3: daily-firewall-report, repository-quality, claude-code-user-docs-review, docs-noob-tester, typist, terminal-stylist, sergo, prompt-clustering, daily-regulatory, lockfile-stats, nlp-analysis. Monitoring coverage is expanding.

Concerning Patterns

31% Portfolio Failure Rate — The Portfolio Dashboard (#26002) reports 470 runs across 4 days (Apr 10–13) with 146 failures (31.1%) and $18.70 in waste spend. 46 workflows exceed 30% failure rate; 14 are at 100% failure. This is a systemic issue requiring workflow health intervention.

Gemini Engine Systemically Broken — Multiple converging signals: community bug #25294 (proxy has no Gemini handler), community bug #25944 (API key rejected by proxy sidecar), and the internal Smoke Gemini test (#25216) with 20+ accumulated failure comments. No fix has been deployed despite 5+ days of reports.

Safe-Output Concurrent Burst — The rate-limit burst pattern has now occurred on Apr 2, Apr 7, and Apr 13, all during the 12:17–12:20 UTC window when daily workflows converge. The Safe Output Health Report (#26038) reports "Degraded" status with 97.8% success rate (was 100%) and flags this as the 3rd recurrence. No throttle or retry has been added.

Open Issue Surge — 56 → 104 open issues in 10 days (+86%). Most are bot-filed (83/104 from github-actions), but the ratio of opened:closed issues has widened. Cross-repo smoke tests (#25221, #25217) each have 11+ failure comments with repeated failed agent fix attempts.

Emerging Patterns

Community Engagement Accelerating — 9 open community issues in the 7-day window, covering: E2BIG sandbox crash (#26045), GOROOT not propagated (#25946), Gemini key rejection (#25944), Docker-in-Docker breakage (#25511), Copilot CLI model validation failure (#25593), projects_v2_item trigger missing (#25336), and more. Community users are hitting real blockers at an accelerating rate.

Documentation Debt Crystallizing — Two independent reports converge on documentation gaps: the Repository Quality report (#26034) identifies 219 exported Go functions missing godoc (in pkg/constants, pkg/console/console_wasm.go, pkg/workflow/js.go, pkg/parser); the Claude Code User Docs Review (#26035) flags 7 persistent docs issues unresolved for 5–13 days, with the score unchanged at 7.5/10 for 3 consecutive days.

---

Trend Intelligence

Metric	Apr 3	Apr 13	Change
Tokens/day	99.5M	97.0M	−2.5%
Token peak	—	110.2M (Apr 10)	New peak detected
PR merge rate (Copilot)	78.4%	55.6%	−22.8% ⚠️
Safe-output success	100%	97.8%	−2.2%
WHM score	72/100	73/100	+1
Open issues	56	104	+86% ⚠️
Lock files	~241 workflows	187 lock files	Stabilized Apr 9
Portfolio failure	—	31%	First measure
New agents	—	+11	Growth

Token trend: Peak was 110.2M on Apr 10, now declining. Top consumers today: Q (12M), Test Quality Sentinel (8M), Smoke Copilot (5.9M), Contribution Check (5.7M). The Q workflow averages 6M tokens/run and has an error — worth investigation.

PR merge rate decline: Today's 55.6% is a significant drop from 77.8% yesterday. The Copilot agent has 5 open PRs including a BenchmarkParseWorkflow regression and a charmbracelet pseudoversion update — these may be blocking merges.

---

Notable Findings

Exciting: Observability Investment — The Team Evolution report (#26011) identifies a coherent thread: two consecutive commits added OTel exception span events with exception.type and sanitized attributes. This is deliberate instrumentation of the agentic runtime — treating it as production infrastructure. Combined with the Observability Coverage report (#25952), the team is building a proper telemetry layer.

Concerning: Observability Gap in Telemetry Itself — Ironically, while building observability, the audit found access.log missing in 121/121 (100%) firewall-enabled runs and gateway.jsonl missing from 96/120 (80%) MCP-enabled runs. The monitoring infrastructure isn't monitoring itself.

Suspicious: Architecture Violations — Issue #26048 was filed today flagging architecture violations. This appeared shortly after the Repository Quality report noted 58 files exceeding 600 lines. Worth human review.

Exciting: No-Op Tracker at 100 Comments — Issue #25214 (No-Op Runs tracker) has reached 100 comments, showing the ecosystem is healthy enough that most scheduled runs are finding nothing to do — a positive signal of maintenance completeness.

---

Predictions and Recommendations

1. Gemini fix urgency is rising: Community reports are accumulating at ~1 per day. If the proxy Gemini handler isn't added soon, this will become the top community complaint. The root cause is documented and actionable (Gemini engine fails with AWF proxy: GEMINI_API_BASE_URL points to proxy but proxy has no Gemini handler #25294).

2. Issue surge will continue: At the current rate of 86% growth in 10 days, open issues will exceed 150 within 2 weeks without faster closure velocity. Consider running the auto-triage agent more frequently or adding an issue closer for resolved/stale items.

3. Token usage has peaked and is declining: The Apr 10 peak of 110.2M is being worked down. If the pattern holds, expect further decline toward 90M/day. This could indicate some high-token workflows are being optimized or disabled.

4. Copilot PR merge decline needs watching: The 55.6% rate today vs 77.8% yesterday may be noise, but if it persists, investigate whether recent compiler changes or PR policy changes are blocking merges.

5. Firewall block rate (11.1%) is new baseline: This is the first day of firewall report data. The 204 "unresolved/ephemeral" blocks suggest some workflows are making connection attempts to unresolvable addresses. Monitor for trends.

---

Actionable Agentic Tasks (Quick Wins)

Three GitHub issues have been filed based on this analysis:

1. Fix Gemini proxy sidecar — Add a Gemini API (generativelanguage.googleapis.com) route handler to the AWF proxy. Blocks all Gemini users, documented root cause in #25294. Estimated: Medium (1–4h).

2. Add rate-limit retry to safe-output create_issue — Add exponential backoff/jitter when HTTP 403 is received. Prevents the recurring 3x burst pattern. Estimated: Quick (< 1h).

3. Fix Daily Documentation Updater — Investigate and fix (or disable) the workflow that has been failing at 100% for 13+ days, burning $3.31/4d. Also check CI Cleaner. Estimated: Medium (1–4h).

---

Source Attribution

Discussions analyzed (7-day window, 39 total):

• Safe Output Health #26038
• Copilot Token Audit #26031
• Portfolio Dashboard #26002
• Agentic Observability #25997
• Daily Firewall #26021
• Auto-Triage #26026
• Claude Code Docs Review #26035
• Repository Quality #26034
• Copilot Agent Analysis #26019
• Daily Team Evolution #26011
• Lockfile Stats #25957
• Org Health #25996
• Daily Code Metrics #25940
• Observability Coverage #25952
• Agent Performance #25981
• Daily Secrets #25943

Issues analyzed: 500 issues from the 7-day window (104 open, 396 closed)

Repo-memory used: Previous analysis from 2026-04-03 (trend deltas, known patterns)

Workflow run: §24350668325

Analysis period: 2026-04-06 – 2026-04-13 (7 days)

Generated by DeepReport - Intelligence Gathering Agent · ● 444.6K · ◷

• expires on Apr 20, 2026, 3:17 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by DeepReport - Intelligence Gathering Agent.

A newer discussion is available at Discussion #26240.