feat: optimization workflows skip already-tracked workflows instead of blocking

[lpcox]

Summary

Both token optimization workflows (copilot-token-optimizer and claude-token-optimizer) previously used skip-if-match to skip entirely when any open optimization issue existed. This meant only one workflow could ever have an open optimization issue at a time, blocking coverage of other expensive workflows.

Changes

1. Removed skip-if-match — workflows always run now
2. Added pre-agent step — fetches open optimization issues and extracts workflow names already being tracked (from issue title format ⚡ ... Optimization YYYY-MM-DD — <workflow-name>)
3. Updated agent prompt (Step 2) — reads /tmp/gh-aw/token-audit/already-optimized.txt exclusion list, skips workflows already tracked, optimizes the next most expensive one. If all workflows are covered, exits gracefully without creating a duplicate issue.

Behavior Before

• Open optimization issue for workflow A → entire optimizer skipped → workflow B never gets optimized

Behavior After

• Open optimization issue for workflow A → optimizer runs → skips A → optimizes workflow B instead
• All workflows covered by open issues → optimizer exits gracefully (no duplicate)

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	89.68%	89.75%	📈 +0.07%
Statements	89.59%	89.66%	📈 +0.07%
Functions	94.18%	94.18%	➡️ +0.00%
Branches	81.52%	81.56%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/config-writer.ts	78.4% → 81.0% (+2.59%)	78.4% → 81.0% (+2.59%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[Copilot]

Pull request overview

This PR updates the Copilot/Claude token optimization advisor workflows so they don’t fully skip execution when an optimization issue is already open. Instead, they now run, detect which workflows are already being tracked by open optimization issues, and (per the updated prompt) select the next most expensive untracked workflow or exit gracefully if all are covered.

Changes:

• Removed skip-if-match gating so both optimizers always run.
• Added a pre-agent step to list open optimization issues and extract already-tracked workflow names into /tmp/gh-aw/token-audit/already-optimized.txt.
• Updated the agent prompt to skip excluded workflows and avoid creating duplicate issues when everything is already covered.

Show a summary per file

File	Description
.github/workflows/copilot-token-optimizer.md	Removes skip gate; adds “already optimized” issue scan step and prompt logic to skip tracked workflows.
.github/workflows/copilot-token-optimizer.lock.yml	Compiled workflow updates reflecting the new scan step and removal of skip-if-match activation logic.
.github/workflows/claude-token-optimizer.md	Same as Copilot optimizer changes, scoped to Claude labels/reporting.
.github/workflows/claude-token-optimizer.lock.yml	Compiled workflow updates reflecting the new scan step and removal of skip-if-match activation logic.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (2)

.github/workflows/copilot-token-optimizer.md:123

• The new exclusion-list logic (skip workflows already tracked by open optimization issues) won’t work as intended while safe-outputs.create-issue.close-older-issues remains enabled. As soon as the workflow creates a new optimization issue for a different workflow, the safe-output handler will close existing optimization issues with this label/prefix, so you’ll still end up with only one open issue at a time (and the next run will “forget” previously tracked workflows). Disable close-older-issues (and ensure any other safe-output limits allow multiple concurrent optimization issues) to match the PR’s described behavior.

**Skip any workflow whose name appears in `already-optimized.txt`** — an open optimization issue already tracks it. Select the highest-ranked workflow that is **not** in the exclusion list.

If **all** workflows in the report are already covered by open issues, do **not** create an issue. Log a message noting that all heavy-usage workflows already have open optimization issues and stop without calling any safe-output tools.

.github/workflows/claude-token-optimizer.md:125

• Same issue as in the Copilot optimizer: the new “skip already-tracked workflows” logic won’t achieve multi-workflow coverage while safe-outputs.create-issue.close-older-issues is still enabled in this workflow. Creating a new optimization issue will close prior optimization issues, so you can’t keep multiple workflows tracked concurrently. Disable close-older-issues (and confirm safe-output limits allow multiple open optimization issues) to align with the intended behavior.

**Skip any workflow whose name appears in `already-optimized.txt`** \u2014 an open optimization issue already tracks it. Select the highest-ranked workflow that is **not** in the exclusion list.

If **all** workflows in the report are already covered by open issues, do **not** create an issue. Log a message noting that all heavy-usage workflows already have open optimization issues and stop without calling any safe-output tools.

• Files reviewed: 4/4 changed files
• Comments generated: 4

[github-actions]

Smoke Test Results

• ❌ GitHub MCP Testing (gh CLI auth failed)
• ✅ Playwright Testing (page title verified)
• ✅ File Writing Testing (file created)
• ✅ Bash Tool Testing (file verified)

Overall Status: FAIL

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🔬 Smoke Test Results

Test	Result
GitHub MCP connectivity	❌ 401 Bad credentials
GitHub.com HTTP connectivity	⚠️ Template vars unexpanded
File write/read (smoke-test-copilot-25766963831.txt)	✅ Verified

Overall: FAIL — GitHub MCP returned 401 (unauthenticated).

Actor: @lpcox

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🔥 Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP connectivity	❌ 401 (token scope in sandbox)
GitHub.com HTTP	⚠️ Pre-step outputs not expanded
File write/read	✅ /tmp/gh-aw/agent/smoke-test-copilot-byok-25766963819.txt confirmed
BYOK inference	✅ Agent responding via api-proxy → api.githubcopilot.com

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com.

Overall: PARTIAL — BYOK inference path confirmed ✅; GitHub MCP auth and pre-step template expansion had issues.

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Merged PR titles: unavailable (GitHub read failed: gh 401)
GitHub PR review/query: ❌
Playwright GitHub title: ✅
Tavily search: ❌
File write/read: ✅
Discussion interaction: ❌
Build AWF: ✅
Overall status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Note (Java): Maven's default local repository path (~/.m2/repository) was not writable due to container permissions. Tests succeeded using -Dmaven.repo.local=/tmp/gh-aw/agent/m2repo as a workaround.

Generated by Build Test Suite for issue #3057 · ● 394.1K · ◷

[github-actions]

Smoke Test Results — FAIL

Check	Result
Redis PING	❌ Connection timeout
PostgreSQL pg_isready	❌ No response
PostgreSQL SELECT 1	❌ No response

host.docker.internal resolves to 172.17.0.1 but both ports 6379 (Redis) and 5432 (PostgreSQL) timed out. The service containers appear unreachable from this environment.

🔌 Service connectivity validated by Smoke Services