[daily regulatory] Regulatory Report - 2026-06-02

[github-actions[bot]]

Today's scan reviewed 20 daily report discussions (2026-06-02). Overall data quality is good — 18 reports valid, 2 with partial-window caveats. The dominant event is a CJS js-typecheck P1 breakage (since ~01:14Z) cascading through Smoke CI (9% pass) and Agentic Commands (22%), depressing morning audit success to 84.2%. Afternoon recovery to 89.4% confirms containment. Two critical items require immediate action: the open P1 and a 13+ day unpatched critical shell-injection alert (#600, CWE-78) in awf_helpers.go.

Cross-report consistency is strong: 238 workflow files confirmed by 3 independent sources (Lockfile Stats, Secrets Analysis, Workflow Audit); PR count spread (34–47 merged) is explained by different scopes and time windows — not a data integrity issue.

📋 Full Regulatory Report

📊 Reports Reviewed (20 total)

Report	Discussion	Status
Daily Performance Summary	#36537	✅
Team Evolution Insights	#36535	✅
Lockfile Statistics	#36534	✅
Daily Code Metrics	#36519	✅
Copilot Agent Analysis	#36515	✅
Secrets Analysis	#36508	✅
GEO Audit	#36502	✅
Workflow Audit (afternoon)	#36500	✅
UK AI Resilience	#36492	✅
Repository Chronicle	#36490	✅
Copilot PR Merged Report	#36489	✅
DeepReport Intelligence	#36483	✅
Agent Performance Report	#36457	✅
GitHub API Consumption	#36441	✅
Copilot Session Insights	#36427	⚠️ no conv. logs (10th+ day)
Safe Output Health	#36409	⚠️ partial window (3h only)
Sergo Report	#36407	✅
Docs Noob Tester	#36405	✅
Workflow Audit (morning)	#36398	✅
LintMonster	#36395	✅

🔍 Consistency Analysis

Workflow File Count (3/3 agree ✅)

All three sources independently confirm 238 compiled workflow files: Lockfile Stats, Secrets Analysis, Workflow Audit.

PR Count Spread (expected, not a discrepancy ✅)

Source	Merged PRs	Scope
Copilot Agent Analysis #36515	35	Agent-only, rolling 24h
Copilot PR Merged #36489	41	All PRs, 24h
Repository Chronicle #36490	47	Editorial 24h window
Team Evolution #36535	34	Team snapshot 24h

Different scopes explain all variation. ✅ No true discrepancy.

Success Rate Trend (consistent ✅)

• Morning audit [audit-workflows] Daily Agentic Workflow Audit — 2026-06-02 (84.2% success, 9 failures / 3 classes) #36398: 84.2% (57 runs, 23:42Z 06-01 → 04:15Z 06-02) — impacted by CJS P1
• Afternoon audit [audit-workflows] Daily Agentic Workflow Audit — 2026-06-02 (afternoon window, 89.4% success, no 429) #36500: 89.4% (47 runs, 14:31–17:23Z) — recovery confirmed
• API consumption [api-consumption] 📊 GitHub API Consumption Report — 2026-06-02 #36441: 86.5% (54 runs, early-day window) — consistent

⚠️ Critical Issues

1. CJS js-typecheck P1 Build Break 🔴

• Root cause: PR Fix copilot-sdk harness stdin wiring, SDK installation/resolution, custom-provider setup from /reflect, and remove duplicate harness timestamps #36358 | Tracked: #36410
• Cascaded into: Smoke CI (9%), Agentic Commands (22%), morning success 84.2%
• Recommendation: Confirm [P1] CJS typecheck failing on main — 17+ failures since 2026-06-02 #36410 resolved; add CJS typecheck to pre-merge gate

2. Unpatched Critical Shell-Injection (13+ days) 🔴

• Alert #600: go/unsafe-quoting CWE-78/89/94 in pkg/workflow/awf_helpers.go
• Classified Tier C in UK AI Resilience report [uk ai resilience] UK AI Governance: Risk & Resilience Report — 2026-06-02 #36492
• Recommendation: Assign and fix immediately

⚠️ Warnings

1. Token-Budget 429 Re-escalated — 2 workflows exceeded 25M effective-token cap after one quiet window (issue [aw-failures] Token-budget exhaustion (25M effective-tokens cap) recurring across 6+ scheduled workflows — 2026-05-29 02:00–07:32 UTC #35661 — recurring). Apply max-daily-effective-tokens guardrail to Firewall Logs Collector and UK AI Resilience workflows.
2. Safe Output Health partial window — 3h of data vs. full day. Cannot confirm full-day health.
3. Conversation log fetch failure (10th+ day) — Copilot session analysis permanently metadata-only until pipeline is fixed.
4. LintMonster spike — largefunc violations in pkg/workflow jumped +110 to 396 (tracked in [lint-monster] [Lint] Fix pkg/workflow function length violations (286 issues) #36050).

📊 Regulatory Metrics

Metric	Value
Reports Reviewed	20
Reports Valid	18
Reports with Warnings	2
Reports Failed	0
Critical Issues	2
Warnings	4
Workflow count consistency	✅ 238 (3/3)
Overall Health Score	85%

References: §26850800310 · Morning Audit · Afternoon Audit

Data sources: 20 daily report discussions · Metric definitions: scratchpad/metrics-glossary.md

Generated by ⚖️ Daily Regulatory Report Generator · sonnet46 2.4M · ◷

• expires on Jun 5, 2026, 10:14 PM UTC