perf(doc-maintainer): reduce per-run token usage by Copilot · Pull Request #4765 · github/gh-aw-firewall

Copilot · 2026-06-11T16:52:55Z

The doc-maintainer workflow was burning redundant tokens per run: AGENTS.md (a symlink to CLAUDE.md) was included twice in the doc pool, the doc preview was unnecessarily wide at 80 lines, and the prompt/context could be tightened without changing the 7-day change-detection gate.

Changes

Rec 1 — Deduplicate doc pool: Exclude AGENTS.md, CLAUDE.md, and skill.md from the find . -maxdepth 1 doc pool — these are agent meta-files, not project docs, and AGENTS.md is a symlink to CLAUDE.md, causing identical content to load twice
Rec 2 — Narrow doc preview: head -80 → head -40 in the Pre-load step; section headers + opening paragraphs are sufficient for the agent to decide if a file needs updating
Rec 3 — Cap max-turns: max-turns: 6 → 4; observed runs used ≤4 turns, and the higher ceiling only enabled wasteful failure spirals
Rec 4 — Tighten agent context window with delay buffer: --since="7 days ago" → --since="48 hours ago" in the three git log calls inside steps: only — the check_relevant_changes job gate stays at 7 days, while the agent context now stays focused and still covers delayed daily runs
Rec 5 — Trim system prompt: Remove the ## Context background section; the agent has what it needs from the task steps alone
Follow-up clarification: Update the workflow description and mission text to make the 7-day gate vs 48-hour agent context explicit
Regression coverage: Update the scripts/ci/doc-maintainer-workflow.test.ts assertions to match the optimized workflow and recompiled lock file

Lock file recompiled via gh aw compile.

- Rec 1: exclude AGENTS.md, CLAUDE.md, skill.md from doc pool to eliminate ~10K tokens of duplicate content per run - Rec 2: reduce doc preview from head-80 to head-40 (~5,250 tokens saved) - Rec 3: lower max-turns from 6 to 4 (prevents runaway turn-5/6 waste) - Rec 4: narrow git log window in steps from 7 days to 24 hours (daily workflow; keeps check_relevant_changes job at 7 days) - Rec 5: remove ## Context background section from system prompt - Recompile + post-process lock file Closes #4742

Copilot

Pull request overview

Reduces token usage and runaway behavior in the doc-maintainer workflow by tightening the context it gathers and constraining the agent’s execution limits, while keeping the existing “should we run?” change-detection gate.

Changes:

Deduplicate the root-level markdown doc pool by excluding agent meta-files (avoids loading duplicated AGENTS.md/CLAUDE.md content).
Reduce the amount of preloaded context (head -80 → head -40) and shorten the included git diff preview.
Lower agent max turns (6 → 4) and tighten step-level git log lookback (7 days → 24 hours) for the agent context generation.

Show a summary per file

File	Description
.github/workflows/doc-maintainer.md	Adjusts the human-readable workflow source and agent prompt to reduce context size and cap turns.
.github/workflows/doc-maintainer.lock.yml	Regenerated lock file reflecting the new context-building logic and max-turns/maxRuns settings.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 2/2 changed files
Comments generated: 2

 ## Your Mission

-Review git commits from the past 7 days, identify documentation that has drifted out of sync with code, and create a PR with the necessary updates.
-
-## Context
-
-This repository is a security-critical firewall for GitHub Copilot CLI. Accurate documentation is essential for safe usage. The documentation frequently drifts out of sync with code changes, especially:
- Architecture changes (Docker, containers, networking, iptables)
- CLI flag additions and modifications
- MCP configuration changes
- Security guidance updates
+Review git commits from the past 24 hours, identify documentation that has drifted out of sync with code, and create a PR with the necessary updates.



+      git log --since="24 hours ago" --format="=== Commit %H: %s ===" --stat -- src/ containers/ scripts/ docs/ '*.md' | head -20 > "$CONTEXT_DIR/recent-diffs.txt"

-      git log --since="7 days ago" --format="%H" -- src/ containers/ scripts/ | \
+      git log --since="24 hours ago" --format="%H" -- src/ containers/ scripts/ | \


lpcox · 2026-06-11T17:08:37Z

@copilot address review feedback

Copilot · 2026-06-11T17:18:24Z

@copilot address review feedback

Addressed in 2bc357e. The doc-maintainer workflow now keeps the 7-day change-detection gate explicit, widens the agent context window to 48 hours to cover delayed runs, recompiles the lock file, and updates the workflow regression test accordingly.

github-actions · 2026-06-11T17:33:33Z

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	96.43%	96.47%	📈 +0.04%
Statements	96.34%	96.38%	📈 +0.04%
Functions	98.77%	98.77%	➡️ +0.00%
Branches	90.70%	90.74%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
`src/config-writer.ts`	89.3% → 90.9% (+1.65%)	89.3% → 90.9% (+1.65%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

github-actions · 2026-06-11T17:38:18Z

Smoke Test Results: Copilot BYOK ✅ PASS

Test	Result
GitHub MCP (list PRs)	✅ PR #4760, #4755 retrieved
GitHub.com connectivity	✅ HTTP 200
File write/read	✅ Confirmed
BYOK inference path	✅ Working

Mode: Direct BYOK (COPILOT_PROVIDER_API_KEY) → api-proxy sidecar → api.githubcopilot.com

Status: PASS | Author: @Copilot | Assignees: @lpcox, @Copilot

🔑 BYOK report filed by Smoke Copilot BYOK

github-actions · 2026-06-11T17:38:23Z

🔬 Smoke Test Results — Auth mode: PAT (COPILOT_GITHUB_TOKEN)

Test	Result
GitHub MCP (list PRs)	✅
GitHub.com connectivity (HTTP 200)	✅
File write/read	✅

Overall: PASS

PR: perf(doc-maintainer): reduce per-run token usage — author @Copilot, assignees @lpcox @Copilot

🔑 PAT report filed by Smoke Copilot PAT

github-actions · 2026-06-11T17:38:40Z

🔬 Smoke Test Results

Test	Result
GitHub MCP connectivity	✅
GitHub.com HTTP	✅ 200
File write/read	⚠️ Template vars not substituted

PR: perf(doc-maintainer): reduce per-run token usage
Author: @Copilot | Assignees: @lpcox @Copilot

Overall: FAIL (file test unverifiable — ${{ steps.smoke-data.outputs.SMOKE_FILE_PATH }} was not evaluated)

📰 BREAKING: Report filed by Smoke Copilot

github-actions · 2026-06-11T17:39:54Z

@Copilot @lpcox
perf(doc-maintainer): reduce per-run token usage

GitHub MCP connectivity: ✅
github.com HTTP: ✅
Container file I/O: ✅
BYOK inference via Azure OpenAI: ✅

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw)

Status: PASS

🔑 BYOK (AOAI api-key) report filed by Smoke Copilot BYOK AOAI (api-key)

github-actions · 2026-06-11T17:40:09Z

Smoke test results

docs: sync schemas and specs with source changes automation schemas smoke-claude smoke-codex smoke-copilot-byok smoke-copilot-byok-aoai-apikey smoke-copilot-pat: ✅
[Test Coverage] host-iptables branch coverage smoke-claude smoke-codex smoke-copilot smoke-copilot-byok smoke-copilot-pat: ✅
GitHub title check: ✅
File write/read: ✅
Build (npm ci && npm run build): ❌ napi-postinstall missing
Overall status: FAIL

🔮 The oracle has spoken through Smoke Codex

github-actions · 2026-06-11T17:40:17Z

fix(api-proxy): stop double-counting cached tokens in AI credits — ✅
GitHub.com connectivity — ✅
File write/read test — ✅
BYOK inference path — ✅
Running in direct BYOK mode (AWF_AUTH_TYPE=github-oidc + AWF_AUTH_AZURE_* + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra
Overall: PASS
cc @Copilot @lpcox

🪪 BYOK (AOAI Entra) report filed by Smoke Copilot BYOK AOAI (Entra)

github-actions · 2026-06-11T17:40:41Z

Smoke Test: GitHub Actions Services Connectivity

Check	Result
Redis PING	❌ timeout (no PONG)
PostgreSQL pg_isready	❌ no response
PostgreSQL SELECT 1	❌ connection failed

host.docker.internal resolves → 172.17.0.1, but ports 6379 and 5432 are unreachable (connection timeout/no response). Services do not appear to be running or are blocked.

Overall: FAIL

🔌 Service connectivity validated by Smoke Services

github-actions · 2026-06-11T17:50:43Z

GitHub API: ✅ PASS
GitHub check: ✅ PASS
File verify: ✅ PASS

Total: PASS

💥 [THE END] — Illustrated by Smoke Claude

Initial plan

93b88e5

Copilot AI assigned Copilot and lpcox Jun 11, 2026

Copilot started work on behalf of lpcox June 11, 2026 16:53 View session

Copilot AI changed the title ~~[WIP] Optimize Claude token usage in doc-maintainer~~ perf(doc-maintainer): reduce per-run token usage ~8% Jun 11, 2026

Copilot finished work on behalf of lpcox June 11, 2026 17:00

Copilot AI requested a review from lpcox June 11, 2026 17:00

lpcox marked this pull request as ready for review June 11, 2026 17:00

Copilot AI review requested due to automatic review settings June 11, 2026 17:00

Copilot started reviewing on behalf of lpcox June 11, 2026 17:00 View session

Copilot AI reviewed Jun 11, 2026

View reviewed changes

Copilot AI had a problem deploying to aoai-model June 11, 2026 17:03 Failure