[daily regulatory] Regulatory Report - 2026-05-16

[github-actions[bot]]

Twenty-three daily reports were reviewed for 2026-05-16. Overall data quality is good — key workflow counts and code metrics are consistent across independent sources. Three notable findings: (1) the first safe-output job failure since audit cadence started (Scout add_labels field mismatch), (2) a firewall telemetry discrepancy between the Firewall Report (0 blocked, no artifacts) and the Observability Report (114 blocked from access.log), and (3) all gateway.jsonl absent again (fallback-only MCP telemetry for the 3rd+ consecutive day).

Overall ecosystem health is recovering: open [aw] failure issues dropped from 36 peak (May 14) to 19 today. Copilot agent merge rate is trending up (76.6% → 84.9% → 86.0% over 3 days). Codebase quality score is stable at 82.1/100, with 1,495,015 total LOC (+4,117 from yesterday).

Note: The close_discussion safe-output tool is not available in this environment, so the previous regulatory report #32484 (2026-05-15) cannot be closed programmatically.

📋 Full Regulatory Report

📊 Reports Reviewed

#	Discussion	Title	Created (UTC)	Status
1	#32706	[lint-monster] Daily Lint Scan Report — 2026-05-16	21:19	✅ Valid
2	#32684	[daily-code-metrics] Daily Code Metrics Report - 2026-05-16	18:55	✅ Valid
3	#32680	[cache-strategy] Cache Strategy Analysis - 2026-05-16	~18:30	✅ Valid
4	#32676	[copilot-agent-analysis] Daily Copilot Agent Analysis - 2026-05-16	18:35	✅ Valid
5	#32670	[daily secrets] Secret Usage Analysis — 2026-05-16	~18:00	✅ Valid
6	#32658	[geo-optimizer] GEO Audit Report — 2026-05-16	~17:30	✅ Valid
7	#32657	[security-observability] Daily Security Observability — 2026-05-16	~17:00	✅ Valid
8	#32620	Agent Performance Report — Week of 2026-05-16	13:06	✅ Valid
9	#32613	[Auto-Triage] Auto-triage report	~12:00	✅ Valid
10	#32606	[api-consumption] 📊 GitHub API Consumption Report — 2026-05-16	~11:30	✅ Valid
11	#32602	[prompt-clustering] Copilot agent prompt clustering	~10:00	✅ Valid
12	#32595	[terminal-stylist] Terminal Stylist: Console Output Analysis	~09:30	✅ Valid
13	#32589	[experiments] Daily Experiment Report — 2026-05-16	~09:00	✅ Valid
14	#32585	[copilot-session-insights] Daily Copilot Agent Session Analysis	~08:00	✅ Valid
15	#32584	🦛 Hippo Memory Insights — 2026-05-16	~07:30	✅ Valid
16	#32580	[Schema Consistency] Consistency Check 2026-05-16	~07:00	✅ Valid
17	#32552	[safe-output-health] Safe Output Health Report - 2026-05-16	05:27	⚠️ Issues
18	#32549	[docs-noob-tester] 📚 Documentation Noob Test Report - 2026-05-16	~05:30	✅ Valid
19	#32547	[sergo] Sergo Report: env-override-bypass-audit — 2026-05-16	~05:10	✅ Valid
20	#32540	[daily-compiler-quality] Daily Compiler Code Quality Report - 2026-05-16	03:43	✅ Valid
21	#32537	[daily-firewall-report] Daily Firewall Report - 2026-05-16	03:31	⚠️ Issues
22	#32501	[daily-sentrux] Daily Sentrux Report - 2026-05-16	00:20	✅ Valid
23	#32499	[observability] Observability Coverage Report - 2026-05-16	00:16	✅ Valid

Missing/Not Found for 2026-05-16: [daily issues], [daily performance], [daily copilot token audit], [copilot-pr-merged-report] — no discussions with these titles found for today.

---

🔍 Data Consistency Analysis

Cross-Report Metrics Comparison

Metric	Source A	Source B	Scope Match	Status
Active workflows	[#32620] 229	[#32670] 229 (inferred)	✅ Same	✅ Consistent
Total workflow .md files	[#32684] 317	[#32484 prev] 319	✅ Same scope	⚠️ -2 change
Firewall blocked requests	[#32537] 0 blocked	[#32499] 114 blocked (30.6%)	⚠️ Different artifacts	⚠️ See Note
Safe-output job failures	[#32552] 1 failure	—	—	⚠️ First failure
MCP telemetry coverage	[#32499] 100% (rpc-messages.jsonl)	—	—	✅ Full coverage
Agent quality score	[#32620] 74/100	[#32484 prev] 74/100	✅ Same	✅ Plateau persists
Sentrux quality signal	[#32501] 5222/10000	[#32484 prev] 5223/10000	✅ Same	✅ Stable baseline
Complex functions	[#32501] 881	[#32484 prev] 875	✅ Same	⚠️ +6 increase
Total LOC	[#32684] 1,495,015	[#32484 prev] 1,490,898	✅ Same	✅ +4,117 (+0.28%)
Code quality score	[#32684] 82.1/100	[#32484 prev] 82/100	✅ Same	✅ Stable/improving
Test-to-source ratio	[#32684] 2.10	[#32484 prev] 2.10	✅ Same	✅ Stable
Compiler file quality	[#32540] 84/100 avg	—	—	✅ Valid

Scope Notes:

• Firewall blocked requests: [#32537] Firewall Report looks for firewall.jsonl / policy.jsonl artifacts (finds none → 0); [#32499] Observability Report reads access.log files (finds 114 blocked entries). These are different artifact types from the same firewall system — the absence of firewall.jsonl does not mean zero blocks; access.log is the raw squid proxy log. This is a data pipeline gap, not an operational discrepancy.
• Workflow count (317 vs 229): Code Metrics counts all .md workflow files (317), while Agent Performance and Secrets reports count deployed/compiled workflows (229). Expected difference by design.
• Total workflow .md files: Yesterday 319, today 317 — a decrease of 2. Minor, may reflect workflow deletions or merges. Worth monitoring.

Consistency Score

• Overall Consistency: 88% (7 of 8 directly comparable metrics are consistent)
• Critical Discrepancies: 1 (firewall artifact pipeline gap creating apparent 0 vs 114 block discrepancy)
• Minor Discrepancies / Scope Notes: 3

---

⚠️ Issues and Anomalies

Critical Issues

1. First Safe-Output Job Failure — add_labels Field Name Mismatch

   • Affected Reports: #32552 Safe Output Health Report
   • Metric: Safe-output job failure count
   • Description: Scout run §25950059255 failed add_labels because the agent emitted issue_number (accepted by sibling add_comment) but the handler reads item_number. Fallback to context payload failed under workflow_dispatch trigger.
   • Expected: 0 failures (previous 57 runs had 0 failures)
   • Actual: 1 actionable failure (first since audit cadence started)
   • Severity: Medium — isolated, but indicates agent field confusion between sibling tools
   • Recommended Action: Add issue_number alias to add_labels.cjs handler; optionally add additionalProperties: false to schema for earlier feedback

2. Firewall Telemetry Pipeline Gap — firewall.jsonl vs access.log Artifact Mismatch

   • Affected Reports: #32537 Firewall Report + #32499 Observability Report
   • Metric: firewall_domains_blocked
   • Description: The Daily Firewall Report finds zero firewall.jsonl / policy.jsonl artifacts in all 50 firewall-enabled runs → reports 0 blocks. The Observability Report parses access.log from the same runs → finds 114 blocked requests (30.6% block rate) with domains including api.github.com and github.com.
   • Expected: Both reports to reflect consistent block counts
   • Actual: 0 (Firewall Report) vs 114 (Observability Report) — the discrepancy is due to different artifact sources, but the net effect is that the Firewall Report cannot fulfill its purpose
   • Severity: High — this is now a 3+ day persistent gap (yesterday's regulatory report also flagged this for 2026-05-15)
   • Recommended Action: Investigate why firewall.jsonl and policy.jsonl are not being uploaded; verify gh-aw-firewall action upload configuration

Warnings

1. Quality/Effectiveness Plateau Continues (Day 15)

   • Details: Agent quality 74/100, effectiveness 71/100 — unchanged for 15 days per #32620
   • Root cause: PR-review cluster (10 workflows) producing ~272 dropped runs/day ([deep-report] Fix PR-review cluster trigger gates — 272 wasted run-attempts/day across 8 agents #31724 open)
   • Impact: Ecosystem average dragged down; real performance hidden by structural noise

2. Complex Functions Increasing (+6 in 1 day)

   • Details: Sentrux reports 881 complex functions today vs 875 yesterday (+0.7%)
   • Impact: Small but consistent upward trend; coincides with new forecast feature activity

3. gateway.jsonl Absent — 3rd+ Day

   • Details: All 15 MCP-enabled runs in [[observability] Observability Coverage Report - 2026-05-16 #32499] used fallback rpc-messages.jsonl; structured gateway log absent again
   • Impact: Response-time and structured latency metrics unavailable

4. Workflow File Count Decreased (-2 .md files)

   • Details: 317 today vs 319 yesterday in code metrics
   • Impact: Minor; may reflect intentional cleanup. No corresponding report explains the deletions.

5. 4 Expected Daily Reports Not Found

   • Details: [daily issues], [daily performance], [daily copilot token audit], [copilot-pr-merged-report] not found for 2026-05-16
   • Impact: Coverage gaps similar to yesterday; persistent workflow failures in these areas

Data Quality Notes

• All 23 reviewed reports produced substantive content — no empty or malformed bodies
• First-run baselines: Daily Sentrux (Day 2), Daily Compiler Quality (Day 2), API Consumption (Day 2)
• Lint Monster report shows 2,413 lint findings — first-ever scan establishing a large remediation workload
• Open [aw] failure issues: 19 (down from 36 peak May 14 — recovery trajectory strong)

---

📈 Trend Analysis

Day-over-Day (2026-05-15 → 2026-05-16)

Metric	2026-05-15	2026-05-16	Change
Total LOC	1,490,898	1,495,015	+4,117 (+0.28%) ⬆️
Code quality score	82/100	82.1/100	+0.1 ➡️
Sentrux quality signal	5223/10000	5222/10000	-1 ➡️
Complex functions	875	881	+6 (+0.7%) ⬆️
Safe-output failures (24h)	0	1	⚠️ First failure
Copilot agent merge rate	84.9%	86.0% (partial day)	+1.1pp ⬆️
Open [aw] failures	~25	19	-6 ↓ Recovery
Agent quality (weekly)	74/100	74/100	➡️ Plateau

Notable Trends

• Safe-output infrastructure recovering: 33 failures May 14 → 0 May 15 → 1 May 16. The May 16 failure is a distinct issue (field mismatch) not related to the May 14 infrastructure event.
• Codebase growth steady: +0.28% LOC daily, +4.55% weekly. Test ratio stable at 2.10× despite source growth.
• Firewall artifact gap is now a multi-day recurring issue: Both May 15 and May 16 Firewall Reports show 0 blocks from firewall.jsonl. Needs active investigation.
• Lint debt surfaced: First Lint Monster scan reveals 2,413 findings (2,391 function-length + 22 parameter-count). Three remediation agent tasks have been created.

---

📝 Per-Report Analysis

View Per-Report Metric Extractions

[daily-firewall-report] #32537

Period: 2026-05-09 to 2026-05-16 (7 days) — date range in report body

Metric	Value	Validation
Workflows analyzed	33	✅
Runs analyzed	50	✅
Blocked requests (firewall.jsonl)	0	⚠️ No artifacts
Blocked requests (access.log per Obs.)	114	⚠️ Discrepancy
Unique blocked domains	0 (per firewall.jsonl)	⚠️ See critical issue

[safe-output-health] #32552

Period: Last 24 hours ending 2026-05-16 05:16 UTC

Metric	Value	Validation
Runs analyzed	62	✅
Safe-output jobs succeeded	51	✅
Safe-output jobs failed (actionable)	1	⚠️ First failure
Safe-output jobs cancelled (collateral)	1	✅ Out of scope
Safe-output jobs skipped	9	✅ By design

[observability] #32499

Period: Last 7 days (30 total runs sampled, 17 analyzed)

Metric	Value	Validation
Runs analyzed	17 (completed)	✅
Firewall coverage (access.log)	93.8% (15/16)	⚠️ 1 missing
MCP telemetry coverage	100% (15/15)	✅
Total firewall requests	372 (258 allowed, 114 blocked)	✅
gateway.jsonl present	0/15 runs	⚠️ Fallback only

[daily-sentrux] #32501

Period: Full codebase scan 2026-05-16

Metric	Value	Validation
Quality signal	5222/10000	✅ Stable
Files scanned	4,630	✅
Complex functions	881	⚠️ +6 from yesterday
Import cycles	2	✅ Low
Cross-boundary imports	2,360/4,632 (50.9%)	✅ Known bottleneck

[daily-code-metrics] #32684

Period: Codebase snapshot 2026-05-16

Metric	Value	Validation
Total LOC	1,495,015	✅ +4,117 from prev
Go Source LOC	192,432	✅
Test-to-source ratio	2.10	✅ Stable
Quality score	82.1/100	✅ Good
Total workflow .md files	317	⚠️ -2 from 319 yesterday
Large files (>500 LOC)	328	⚠️ Growing +16% in 30d

Agent Performance #32620

Period: 2026-05-09 to 2026-05-16 (weekly)

Metric	Value	Validation
Agents analyzed	229	✅ Consistent with yesterday
Average quality score	74/100	⚠️ 15-day plateau
Effectiveness score	71/100	⚠️ 15-day plateau
Ecosystem health	64/100	✅ Recovering
Open [aw] failures	19	✅ Down from 36
Copilot SWE merge rate	~56% (28/50)	✅

[copilot-agent-analysis] #32676

Period: Last 24 hours

Metric	Value	Validation
Total agent PRs	55	✅
Merged	46 (83.6%)	✅ Healthy
Today's PRs (partial day)	45	✅
Today's merged	37 (86.0%)	✅ Improving
Avg merge duration	~122 min	⚠️ Elevated vs 72 min yesterday

[daily-compiler-quality] #32540

Period: 2026-05-16 (3 files analyzed)

Metric	Value	Validation
Files analyzed	3	✅
Average score	84/100	✅ Above threshold
Files meeting threshold	3/3 (100%)	✅
Combined test ratio	2.4×	✅ Excellent

[lint-monster] #32706

Period: 2026-05-16 (first-ever scan)

Metric	Value	Validation
Total lint findings	2,413	⚠️ Large debt
Function length violations	2,391	⚠️
Parameter count violations	22	⚠️
Agent tasks created	3	✅

---

💡 Recommendations

Process Improvements

1. Fix firewall.jsonl artifact upload (P0 — recurring 2+ days): Both the May 15 and May 16 Firewall Reports show zero firewall.jsonl uploads. The access.log presence confirms firewall is active. Investigate the gh-aw-firewall action's artifact upload step — this is the most urgent observability gap.

2. Fix PR-review cluster trigger gate ([deep-report] Fix PR-review cluster trigger gates — 272 wasted run-attempts/day across 8 agents #31724, P1): ~272 wasted runs/day for 15+ days. Fixing this single structural issue would likely break the quality/effectiveness plateau by removing the largest noise source.

3. Add issue_number alias to add_labels handler: Low-risk additive fix to prevent the first-ever safe-output failure class from recurring.

Data Quality Actions

1. Investigate gateway.jsonl absence: All MCP runs use rpc-messages.jsonl fallback only. Enable structured gateway logging to unlock response-time metrics.

2. Restore missing daily reports: [daily issues], [daily performance], [daily copilot token audit], [copilot-pr-merged-report] missing again today (also missing May 15).

3. Monitor workflow file count drop: 317 today vs 319 yesterday. Identify which 2 workflows were removed to confirm intentional.

Workflow Suggestions

1. Add close_discussion to safe-output toolset: The regulatory workflow cannot close previous reports. This has been flagged for 2+ days — adding this capability would complete the report lifecycle.

2. Lint debt remediation (3 agent tasks): 2,413 findings across 3 packages now tracked. Monitor progress in next regulatory cycles.

---

📊 Regulatory Metrics

Metric	Value
Reports Reviewed	23
Reports Passed (✅ Valid)	21
Reports with Issues	2 (Firewall, Safe-Output Health)
Reports Failed / Missing	4 (not found for today)
Cross-metric consistency rate	88%
Overall Health Score	76%

---

Report generated automatically by the Daily Regulatory workflow
Data sources: Daily report discussions from github/gh-aw (2026-05-16)
Previous regulatory report: #32484 (2026-05-15)
Note: close_discussion tool not available — previous report cannot be closed programmatically

References: §25973414422, §25951431389, §25953642286

Generated by ⚖️ Daily Regulatory Report Generator · ● 10.8M · ◷

• expires on May 19, 2026, 9:36 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily Regulatory Report Generator.

A newer discussion is available at Discussion #32907.