[daily regulatory] Regulatory Report - 2026-04-28

[github-actions[bot]]

Reviewed 12 daily report discussions from the last 24 hours (2026-04-28). Overall data quality is good: the majority of reports are internally consistent and cross-report metrics align within expected variance given different sampling scopes. Two noteworthy items emerged: (1) a minor PR merge count difference between the Daily Copilot Agent Analysis (45 agent-merged PRs) and the Copilot PR Merged Report (47 total merged PRs) — explainable by 2 non-agent PRs; and (2) the Security Observability Report was unable to collect firewall data due to a permission denied error, creating a gap in the security monitoring chain. Safe output health is 100%, token consumption dropped 38% day-over-day (99 vs 140 runs), and agent PR success rate held steady at ~82%.

📋 Full Regulatory Report

📊 Reports Reviewed

#	Report	Discussion	Created	Status
1	[sergo] Sergo Report: Utility Package Deep-Dive	#28980	2026-04-28T20:52Z	✅ Valid
2	[prompt-clustering] Copilot Agent Prompt Clustering	#28976	2026-04-28T20:39Z	✅ Valid
3	[copilot-pr-merged-report] Daily Copilot PR Merged Report	#28961	2026-04-28T16:09Z	✅ Valid
4	[docs-noob-tester] Documentation Noob Test Report	#28950	2026-04-28T13:30Z	✅ Valid
5	[safe-output-health] Safe Output Health Report	#28946	2026-04-28T13:27Z	✅ Valid
6	[copilot-token-audit] Daily Copilot Token Usage Audit	#28940	2026-04-28T12:27Z	✅ Valid
7	[daily-firewall-report] Daily Firewall Report	#28935	2026-04-28T12:23Z	✅ Valid
8	[copilot-session-insights] Daily Copilot Agent Session Analysis	#28933	2026-04-28T12:09Z	⚠️ API rate limit — historical only
9	[copilot-agent-analysis] Daily Copilot Agent Analysis	#28931	2026-04-28T12:04Z	✅ Valid
10	[security-observability] Daily Security Observability Report	#28928	2026-04-28T11:39Z	⚠️ Firewall data missing
11	[prompt-analysis] Copilot PR Prompt Analysis	#28856	2026-04-28T05:22Z	✅ Valid
12	Agent Performance Report — Week of 2026-04-28	#28850	2026-04-28T04:58Z	✅ Valid

🔍 Data Consistency Analysis

Cross-Report Metrics Comparison

Metric	Report A	Value A	Report B	Value B	Scope Match	Status
Merged PRs (24h)	PR Merged Report #28961	47	Agent Analysis #28931	45 agent	⚠️ Near-same (agent subset)	i️ See Note 1
Workflow runs analyzed	Token Audit #28940	99 (30d)	Firewall #28935	42 (7d)	⚠️ Different periods	i️ Expected
Firewall block rate	Firewall #28935	20.1%	Security Obs. #28928	N/A	❌ Missing data	⚠️ See Note 2
Safe output failures	Safe Output Health #28946	0 (100%)	—	—	—	✅
Agent PR success rate	Agent Analysis #28931	77.6% merged	Agent Perf #28850	90% run success	⚠️ Different metrics	i️ See Note 3

Scope Notes:

1. Merged PRs: PR Merged Report counts all 47 merged PRs (24h); Agent Analysis counts 45 agent-submitted merged PRs. Delta of 2 = non-agent PRs — consistent.
2. Firewall data gap: Security Observability hit permission denied on the logs tool — cross-validation impossible this run.
3. Agent PR success rate: Agent Analysis (77.6% merged rate) vs Agent Performance (90% run success rate) — different metrics, both in healthy range.

Consistency Score

• Overall Consistency: 85% (all independently-scoped metrics self-consistent)
• Critical Discrepancies: 0
• Warnings: 4

⚠️ Issues and Anomalies

Warnings

1. Security Observability — Firewall Data Missing

   • Affected Reports: [security-observability] Daily Security Observability Report — 2026-04-28 #28928
   • Description: logs tool returned permission denied: unable to verify repository access
   • Impact: Security monitoring chain gap; cross-validation with Firewall Report [daily-firewall-report] Daily Firewall Report - 2026-04-28 #28935 impossible
   • Severity: Medium
   • Action: Re-authorize the agentic-workflows MCP server for the logs tool

2. Copilot Session Insights — API Rate Limit

   • Affected Reports: [copilot-session-insights] Daily Copilot Agent Session Analysis — 2026-04-28 #28933
   • Description: GitHub API returned HTTP 403 during pre-fetch; today's session data unavailable
   • Severity: Low
   • Action: Review API rate limit budget; add backoff/retry logic

3. Smoke CI — Historical Error Rate (Token Audit)

   • Affected Reports: [copilot-token-audit] 📊 Daily Copilot Token Usage Audit — 2026-04-28 #28940
   • Description: Smoke CI: 10 errors in 27 runs (37% error rate) over 30-day window
   • Conflicting Signal: Agent Performance Agent Performance Report — Week of 2026-04-28 #28850 shows Smoke CI 5/5 successful (last 2 days)
   • Interpretation: Likely resolved — recent errors traced to the now-fixed safeoutputs CLI-mount issue (fix(safeoutputs): always CLI-mount infrastructure servers regardless of cli-proxy #28872)
   • Severity: Low (monitoring recommended)

4. GitHub Remote MCP Authentication Test — Day 7+ Persistent Failure

   • Affected Reports: Agent Performance Report — Week of 2026-04-28 #28850
   • Description: Model gpt-5.1-codex-mini unavailable; zero outputs for 7+ days
   • Severity: High
   • Action: Update model config — tracked in [aw] GitHub Remote MCP Authentication Test failed #27965

Data Quality Notes

• Session Insights: historical-only due to API rate limiting; no today's data available
• Security Observability: firewall section empty due to permission regression
• Token Audit: 5 workflows with 0 tokens (possible early failures or non-Copilot engine)

📈 Trend Analysis

Day-over-Day Key Metrics

Metric	2026-04-28	2026-04-27	Change
Total tokens consumed	48.5M	78.3M	-38.1%
Total workflow runs (token scope)	99	140	-29.3%
Agent PRs total	58	22	+164%
Agent PRs merged	45	18	+150%
Avg agent PR duration	79 min	225 min	-65%
Safe output failures	0	0	Stable
Firewall block rate	20.1%	~15%	+5.1pp

Notable Trends

• ✅ Strong PR throughput: 58 agent PRs (vs 22 yesterday) with faster cycle time (79 vs 225 min) — high-velocity day
• ✅ Token efficiency improved: Fewer runs, lower token consumption — better task scoping
• ⚠️ Firewall block rate elevated: 20.1% vs ~15% yesterday — driven by (unknown) proxy traffic; proxy.golang.org blocks need allowlist entry for Refactoring Cadence
• ⚠️ DIFC filtering active: 67 integrity-filter events, 90% from list_issues — workflows should pre-filter to approved-integrity issues

📝 Per-Report Metrics

View Per-Report Metric Tables

Safe Output Health (#28946)

Metric	Value
Runs analyzed	20
Workflows active	15
Safe output jobs executed	7
Safe output failures	0
Success rate	100%

Daily Firewall Report (#28935)

Metric	Value
Workflow runs analyzed	42
Runs with firewall data	39
Total network requests	1,182
Allowed requests	944 (79.9%)
Blocked requests	238 (20.1%)
Unique blocked domains	4

Daily Copilot Token Audit (#28940)

Metric	Value
Total runs	99
Total tokens	48,474,287
Total Actions minutes	569 min
Active workflows	35
Heavy hitters (>1M tokens)	5 workflows

Copilot Agent Analysis (#28931)

Metric	Value
Total agent PRs	58
Merged	45 (77.6%)
Avg duration	79 min
Success rate trend	Stable ~82%

Agent Performance Report (#28850)

Metric	Value
Workflows analyzed	10
Total runs	30 (27 success, 3 failure)
Success rate	90%
Avg quality score	74/100
Avg effectiveness score	71/100

💡 Recommendations

Process Improvements

1. Fix Security Observability firewall permissions: Re-authorize logs tool access to restore cross-report firewall validation.
2. Add proxy.golang.org to Refactoring Cadence allowlist: 10 consistent blocks — simple allowlist fix.
3. Spread API calls in Session Insights: Distribute API calls or add backoff/retry to avoid 403 rate-limit failures.

Data Quality Actions

1. Investigate (unknown) firewall entries: 94% of blocked traffic is unclassified. Review Squid proxy configuration to surface actual blocked domains.
2. Update GitHub Remote MCP Auth Test model: 7+ days zero output — update to a supported model ([aw] GitHub Remote MCP Authentication Test failed #27965).

Workflow Suggestions

1. Token Audit heavy-hitter review: Daily Community Attribution Updater (7M tokens/run, 14.5% of total) should be audited for scope reduction.
2. DIFC pre-filtering: Issue Triage Agent and Weekly Issue Summary should pre-filter to approved-integrity issues to reduce filtering events and token waste.

📊 Regulatory Metrics Summary

Metric	Value
Reports Reviewed	12
Reports Passed	10
Reports with Issues	2
Reports Failed	0
Critical Discrepancies	0
Warnings	4
Overall Health Score	83%

---

Report generated automatically by the Daily Regulatory workflow
Run: §25078218956
Data sources: Daily report discussions from github/gh-aw (2026-04-28)
Metric definitions: scratchpad/metrics-glossary.md

Generated by Daily Regulatory Report Generator · ● 468K · ◷

• expires on May 1, 2026, 9:29 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily Regulatory Report Generator.

A newer discussion is available at Discussion #29193.