[daily regulatory] Regulatory Report - 2026-02-22

[github-actions[bot]]

Regulatory analysis covering 17 daily report discussions created in the last 24 hours (2026-02-21 20:00 UTC → 2026-02-22 20:02 UTC). Overall repository health is good, with strong security posture (100% redaction/permission coverage, secrets data integrity issue from yesterday resolved), excellent test coverage (2.32x ratio), and a healthy 100% safe output success rate. Three issues require attention: the MCP gateway.jsonl observability gap persists for a second consecutive day, 5 workflow failures due to missing GH_AW_GITHUB_TOKEN in lockdown mode, and a critical schema inconsistency blocking object-syntax users from specifying 26+ Serena languages.

Workflow count is fully consistent across all reports at 158 workflows, and today's Secrets Analysis report is internally self-consistent (resolving yesterday's critical data integrity flag). Safe output health improved from 88.9% to 100%, and a new workflow was added (157→158) since yesterday.

🚨 Critical Findings

1. [PERSISTENT — Day 2] MCP gateway.jsonl artifact gap — 0/14 MCP-enabled runs (0%) have gateway.jsonl present. rpc-messages.jsonl exists in 100% of runs, confirming telemetry is collected but not packaged under the canonical name. This was flagged in yesterday's regulatory report and remains unresolved.

2. [WORKFLOW FAILURES] 5 runs failed due to missing GH_AW_GITHUB_TOKEN — Issue Monster (4 failures) and Daily Issues Report Generator (1 failure) all failed with "lockdown mode + no custom GitHub token." This is a known configuration gap, not a code defect.

3. [SCHEMA BUG] tools.serena.languages object-syntax blocks 26+ languages — Schema additionalProperties: false only defines 6 language keys, while SerenaLanguageSupport in constants.go defines 30+. Users writing languages: { javascript: null } receive a schema validation error; the array shorthand serena: ["javascript"] works fine. Inconsistency between syntax forms.

📋 Full Regulatory Report

📊 Reports Reviewed

#	Report	Discussion	Created (UTC)	Status
1	[daily secrets] Daily Secrets Analysis	#17774	20:01	✅ Valid
2	[daily performance] Daily Performance Summary	#17773	19:40	✅ Valid
3	[Auto-Triage] Auto-Triage Report (×3)	#17767, #17692, #17666	Multiple	⚠️ Duplicate runs
4	Lockfile Statistics Analysis	#17756	16:48	✅ Valid
5	Workflow Skill Extractor Report	#17752	16:19	✅ Valid
6	🌱 Daily Team Evolution Insights	#17747	16:09	✅ Valid
7	GitHub MCP Remote Server Tools Report	#17701	12:45	✅ Valid
8	[prompt-clustering] Copilot Agent Prompt Clustering	#17699	12:45	✅ Valid
9	Daily Code Metrics Report	#17682	11:45	✅ Valid
10	[Schema Consistency] Schema Consistency Check	#17679	10:04	⚠️ Schema bug found
11	[observability] Observability Coverage Report	#17673	07:50	🔴 Critical gap
12	Static Analysis Report	#17668	06:34	✅ Stable
13	Agentic Workflow Audit Report	#17662	05:54	⚠️ Failures
14	Safe Output Health Report	#17649	04:32	✅ 100% healthy
15	Daily Firewall Report	#17632	01:02	✅ Valid
16	Daily Compiler Code Quality Report	#17627	00:28	⚠️ 1 file below threshold
17	[copilot-session-insights] Daily Copilot Agent Session Analysis (2026-02-21)	#17606	22:52	✅ Valid

🔍 Data Consistency Analysis

Cross-Report Metrics Comparison

Metric	Report A	Report B	Scope Match	Status
Workflow count	158 (Secrets)	158 (Lockfile)	✅ Same	✅ Match
Workflow count	158 (Static Analysis)	158 (Skill Extractor)	✅ Same	✅ Match
Open issues	60 (Performance, query=1000)	—	ℹ️ Query-limited	✅ Consistent
Secrets internal math	5,477 headline	5,477 sum from table	✅ Same	✅ Resolved (was ❌ yesterday)
Workflow files (lock)	158 (today)	157 (yesterday)	✅ Same scope	✅ Expected +1
Safe output success	100% today	88.9% yesterday	✅ Same scope	✅ Improved
MCP gateway.jsonl	0% (Observability)	0% (yesterday)	✅ Same	🔴 Persistent gap

Scope Notes

• issues_analyzed in Performance (1,000 query cap, 90-day window) vs Prompt Clustering (1,801 PRs, 30-day window) — different scopes by design, not a discrepancy.
• Firewall block rates differ between Firewall Report (57%, 7-day), Observability Report (65% coverage, 7-day), and Agentic Audit (42%, 24-hour) — all use different time windows and metrics.
• Auto-Triage runs 3× today (vs 4× yesterday) — still elevated but improving.

Consistency Score

• Overall Consistency: 93% (13 of 14 cross-checked metric pairs match)
• Critical Discrepancies: 0 (yesterday's secrets total resolved)
• Minor Discrepancies: 0
• Persistent Issues Carried Forward: 1 (MCP gateway.jsonl gap)

⚠️ Issues and Anomalies

Critical Issues

1. [PERSISTENT — Day 2] MCP gateway.jsonl artifact missing

   • Affected Reports: Observability Coverage Report [observability] Observability Coverage Report - 2026-02-22 #17673
   • Metric: mcp_gateway_coverage = 0% (0/14 runs)
   • Description: All 14 MCP-enabled workflow runs lack the canonical gateway.jsonl artifact. The file rpc-messages.jsonl is present in 100% of runs.
   • Expected: ≥80% of MCP-enabled runs should have gateway.jsonl
   • Actual: 0% coverage — second consecutive day
   • Severity: 🔴 Critical
   • Recommended Action: Rename or re-export rpc-messages.jsonl as gateway.jsonl in the MCP logging infrastructure.

2. [SCHEMA BUG] tools.serena.languages object-syntax blocked

   • Affected Reports: Schema Consistency Check [Schema Consistency] Schema Consistency Check - 2026-02-22 #17679
   • Description: Schema additionalProperties: false only allows 6 languages in object-form, while runtime supports 30+. Array shorthand bypasses this restriction.
   • Severity: 🔴 Critical — affects user-facing schema validation
   • Recommended Action: Update pkg/parser/schemas/main_workflow_schema.json to add all supported languages or set additionalProperties: true.

3. [WORKFLOW FAILURES] Issue Monster + Daily Issues Report — 5 failures

   • Affected Reports: Agentic Workflow Audit Agentic Workflow Audit Report - 2026-02-22 #17662
   • Description: Lockdown mode + missing GH_AW_GITHUB_TOKEN secret → 5 run failures, cascading "Artifact not found: agent-output" errors.
   • Severity: ⚠️ High — blocking operational workflows
   • Recommended Action: Configure GH_AW_GITHUB_TOKEN org/repo secret for lockdown-enabled workflows.

Warnings

1. Auto-Triage duplicate runs — 3 runs today ([Auto-Triage] Auto-Triage Report — February 22, 2026 #17767, [Auto-Triage] Auto-Triage Report — 2026-02-22 #17692, [Auto-Triage] Auto-Triage Report — Feb 22, 2026 #17666) vs 4 yesterday. Trending down but still elevated; investigate cron schedule overlap.

2. compiler_safe_outputs_job.go below quality threshold — Single 330-line function exceeds complexity limit. Compiler Quality report flags this as a refactor candidate.

3. Firewall: 7 runs missing access.log — Correlates with Issue Monster/PR Triage failures. When agent fails early, firewall logs are not produced.

4. hasSafeOutputType() missing 11 operations — Schema Consistency report [Schema Consistency] Schema Consistency Check - 2026-02-22 #17679 notes silent pass-through for import conflicts due to missing switch cases.

Data Quality Notes

• Secrets Analysis data integrity from yesterday (3,475 vs 5,394 sum) is now resolved — today's report shows 5,477 total, internally consistent.
• Performance Summary uses API-limited query (200 PRs, 1,000 issues) — numbers are approximate for 90-day window.
• Copilot Session Insights ([copilot-session-insights] Daily Copilot Agent Session Analysis — 2026-02-21 #17606) covers 2026-02-21 (yesterday) — included as boundary report.

📈 Trend Analysis

Day-over-Day Comparison

Metric	2026-02-22	2026-02-21	Change
Workflow count	158	157	+1 ✅
Safe output success rate	100%	88.9%	+11.1% ✅
MCP gateway.jsonl coverage	0%	0%	0% 🔴
Secrets data integrity	✅	❌	Fixed ✅
Auto-Triage duplicate runs	3	4	-1 ⚠️
Workflow run success rate	72.2%	~75%	-3% ⚠️
Test-to-source ratio	2.32x	2.33x	~0% ✅ Stable

Notable Trends

• Security posture: Stable at 100% redaction + permission coverage for the second day.
• Safe output health: Meaningful improvement from 88.9% → 100%.
• MCP observability gap: No improvement on the gateway.jsonl issue — escalation warranted.
• Codebase growth: +1 workflow since yesterday; steady 48+ commits/day velocity.
• Gemini CLI promoted to GA: Notable milestone reported in Team Evolution.

📝 Per-Report Analysis

View Per-Report Breakdown

[daily secrets] — #17774

Quality: ✅ Valid | Period: 2026-02-22 snapshot

Metric	Value	Validation
Workflow files analyzed	158	✅ Matches all other reports
Total secret references	5,477	✅ Internally consistent (sum = 5,477)
Unique secret types	24	✅ Reasonable
Workflows with redaction	158/158 (100%)	✅
Token cascade instances	598	✅
Explicit permission blocks	158/158 (100%)	✅

Notes: Yesterday's headline/sum discrepancy is resolved. Today's report is internally consistent.

[daily performance] — #17773

Quality: ✅ Valid | Period: Last 90 days (API-limited)

Metric	Value	Validation
Total PRs (query limit)	200	✅ API-limited, expected
Merged PRs	161 (80.5%)	✅
Open PRs	6	✅
Avg merge time	1.2 hours	✅
Total issues (query limit)	1,000	✅ API-limited
Closed issues	940 (94%)	✅
Open issues	60	✅
Discussion answer rate	0% (0/100)	⚠️ Persistent

Lockfile Statistics — #17756

Quality: ✅ Valid | Period: Snapshot 2026-02-22

Metric	Value	Validation
Total lock files	158	✅
Total size	~10.2 MB	✅
Avg file size	64.5 KB	✅
Workflows scheduled	117/158 (74.1%)	✅
Workflows with dispatch	143/158 (90.5%)	✅

Notes: +1 workflow since 2026-02-21 (157→158). Expected.

Observability Coverage — #17673

Quality: 🔴 Critical gap | Period: Last 7 days

Metric	Value	Validation
Runs analyzed	25	✅
Firewall log coverage	65% (13/20)	⚠️ Below 80% target
MCP gateway.jsonl coverage	0% (0/14)	🔴 Critical

Agentic Workflow Audit — #17662

Quality: ⚠️ Failures | Period: Last 24 hours

Metric	Value	Validation
Runs analyzed	19	✅
Success rate	72.2% (13/18)	⚠️ Below 80% target
Total failures	5	⚠️ All same root cause
Total cost	$3.94	✅ Within normal range
Total tokens	24.3M	✅

Safe Output Health — #17649

Quality: ✅ Excellent | Period: Last 24 hours

Metric	Value	Validation
Runs analyzed	35	✅
Safe output jobs	28	✅
Failures	0	✅ 100% success

Static Analysis — #17668

Quality: ✅ Stable | Period: Snapshot 2026-02-22

Metric	Value	Validation
Workflows scanned	158	✅
Total findings	355	✅ Stable (similar to prior runs)
zizmor security findings	0	✅
poutine supply chain	11 (info/warning)	✅
Compiler errors	0	✅

Daily Firewall — #17632

Quality: ✅ Valid | Period: Last 7 days

Metric	Value	Validation
Workflow runs analyzed	17 (11 with data)	✅
Total requests	1,521	✅
Block rate	57% (867/1,521)	✅ High but expected (unresolved - entries)
Unique blocked domains	9 (+unresolved)	✅

💡 Recommendations

Process Improvements

1. Escalate MCP gateway.jsonl fix — This has been flagged for two consecutive days with no action. Assign to infrastructure owner with SLA of 48h.
2. Configure GH_AW_GITHUB_TOKEN for lockdown workflows — 5 preventable failures today. Add to org-level secrets or workflow documentation.
3. Reduce Auto-Triage duplicate runs — Investigate cron overlap. Currently at 3 runs/day; target is 1.

Data Quality Actions

1. Fix tools.serena.languages schema — Update pkg/parser/schemas/main_workflow_schema.json to allow all 30+ languages in object-syntax form. Run make build after change.
2. Fix hasSafeOutputType() switch statement — Add 11 missing operation cases to prevent silent import conflict pass-through.
3. Refactor compiler_safe_outputs_job.go — 330-line function exceeds quality threshold; split into focused sub-functions.

Workflow Suggestions

1. Add automated data-integrity validation to Secrets Analysis — Verify headline total matches row sum before publishing.
2. Add firewall log presence check — Alert when firewall-enabled runs produce no access.log (currently 35% miss rate).

📊 Regulatory Metrics

Metric	Value
Reports Reviewed	17
Reports Passed (✅)	11
Reports with Warnings (⚠️)	5
Reports with Critical Issues (🔴)	1
Overall Health Score	71%
Cross-Report Consistency	93%
Day-over-Day Improvement	Safe outputs +11.1% ✅
Persistent Open Issues	1 (MCP gateway.jsonl — Day 2)

---

Data sources: Daily report discussions from github/gh-aw (last 24–48h)
Metric definitions: scratchpad/metrics-glossary.md
Previous regulatory report: #17555 (closed — superseded)

References:

• §22284270980

AI generated by Daily Regulatory Report Generator

• expires on Feb 25, 2026, 8:06 PM UTC

[github-actions[bot]]

💥 WHOOOOSH! 💥

KAPOW! The smoke test agent has arrived! 🦸

ZAP! Claude swept through this repository like a bolt of lightning, running 17 tests across GitHub MCP, Playwright, Tavily, Serena, Make Build and more!

BZZZT! Most systems NOMINAL. Only one villain escaped — the Serena find_symbol server kept yelling "EOF!" and slamming the door shut. 😤

THWACK! But fear not — every PR review tool fired perfectly. Comments landed, reviews submitted, threads resolved, reviewers assigned, and code PUSHED! 🚀

To be continued... in the next workflow run! 🎬

— Claude Smoke Test Agent, Run §22284305292

💥 [THE END] — Illustrated by Smoke Claude

[github-actions[bot]]

This report has been superseded by a newer daily regulatory report for 2026-02-23.