Optimize duplicate-code-detector workflow with precomputed analysis and tighter run scope

[Copilot]

duplicate-code-detector was spending most turns on deterministic discovery work (metrics/jscpd/grep), driving high token accumulation and long runtime. This change shifts that work into pre-agent workflow steps and narrows agent scope to prioritization + issue filing.

• Workflow execution model

  • Added pre-agent steps in .github/workflows/duplicate-code-detector.md to run:
    • jscpd install
    • file metrics collection
    • jscpd scans for src and containers
    • grep-based pattern extraction
  • Output artifacts are written to /tmp/gh-aw/* for agent consumption.

• Prompt reduction + scope constraints

  • Replaced interactive Phases 1–4 with a compact Pre-Computed Analysis section referencing generated files.
  • Added explicit Scope Constraint guidance:
    • do not re-run discovery
    • complete within ≤10 turns
    • file at most 3 issues/run
  • Kept Phase 5/6 logic (issue de-dup + scoring/reporting) as the primary agent task.

• Network + issue-surface tightening

  • Reduced network.allowed from ["node","github"] to ["github"].
  • Aligned safe-output issue cap to max: 3 for lower issue churn per run.

• Compiled workflow + regression guard

  • Regenerated .github/workflows/duplicate-code-detector.lock.yml from updated source.
  • Added scripts/ci/duplicate-code-detector-workflow.test.ts to assert:
    • pre-agent step presence
    • phase removal from prompt body
    • github-only allowed domains in lock output
    • issue cap configuration in compiled output.

steps:
  - name: Install jscpd
    run: npm install -g jscpd 2>&1 | tail -3
  - name: Gather file metrics
    run: |
      mkdir -p /tmp/gh-aw
      echo '=== TypeScript source ===' > /tmp/gh-aw/code-metrics.txt
      find src -name '*.ts' ! -name '*.test.ts' | xargs wc -l 2>/dev/null | sort -rn | head -20 >> /tmp/gh-aw/code-metrics.txt

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	96.57%	96.62%	📈 +0.05%
Statements	96.45%	96.49%	📈 +0.04%
Functions	98.24%	98.24%	➡️ +0.00%
Branches	90.74%	90.78%	📈 +0.04%

📁 Per-file Coverage Changes (1 files)

File	Lines (Before → After)	Statements (Before → After)
src/config-writer.ts	89.3% → 90.9% (+1.65%)	89.3% → 90.9% (+1.65%)

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

Smoke Test: Claude Engine

• ✅ GitHub API (2 recent PRs fetched)
• ✅ GitHub check (playwright_check=PASS)
• ✅ File verify (smoke-test-claude-26635862485.txt)

Result: PASS

💥 [THE END] — Illustrated by Smoke Claude

[github-actions]

🔬 Smoke Test Results

Test	Status
GitHub MCP (PR: "refactor: move test helper imports to .test-utils.ts files")	✅
GitHub.com HTTP connectivity	✅
File write/read (smoke-test-copilot-26635862545.txt)	✅

Overall: PASS

PR by @Copilot, assignees: @lpcox @Copilot

📰 BREAKING: Report filed by Smoke Copilot

[github-actions]

🔥 Smoke Test: Copilot BYOK (Offline) Mode

Test	Result
GitHub MCP connectivity	✅
GitHub.com HTTP	✅
File write/read	⚠️ pre-step vars not expanded
BYOK inference (this response)	✅

Running in BYOK offline mode (COPILOT_OFFLINE=true) via api-proxy → api.githubcopilot.com

PR by @Copilot, assignees: @lpcox @Copilot

Overall: PASS

🔑 BYOK report filed by Smoke Copilot BYOK

[github-actions]

Smoke Test Results: FAIL. Connectivity and MCP tool issues detected.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini

[github-actions]

🏗️ Build Test Suite Results

Ecosystem	Project	Build/Install	Tests	Status
Bun	elysia	✅	1/1 passed	✅ PASS
Bun	hono	✅	1/1 passed	✅ PASS
C++	fmt	✅	N/A	✅ PASS
C++	json	✅	N/A	✅ PASS
Deno	oak	N/A	1/1 passed	✅ PASS
Deno	std	N/A	1/1 passed	✅ PASS
.NET	hello-world	✅	N/A	✅ PASS
.NET	json-parse	✅	N/A	✅ PASS
Go	color	✅	1/1 passed	✅ PASS
Go	env	✅	1/1 passed	✅ PASS
Go	uuid	✅	1/1 passed	✅ PASS
Java	gson	✅	1/1 passed	✅ PASS
Java	caffeine	✅	1/1 passed	✅ PASS
Node.js	clsx	✅	All passed	✅ PASS
Node.js	execa	✅	All passed	✅ PASS
Node.js	p-limit	✅	All passed	✅ PASS
Rust	fd	✅	1/1 passed	✅ PASS
Rust	zoxide	✅	1/1 passed	✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Generated by Build Test Suite for issue #3997 · sonnet46 809.8K · ◷

[github-actions]

Smoke Test Results — FAIL ❌

Check	Result
Redis PING	❌ Timeout (host.docker.internal unreachable)
PostgreSQL pg_isready	❌ Timeout (host.docker.internal unreachable)
PostgreSQL SELECT 1	❌ Timeout (host.docker.internal unreachable)

Overall: FAIL — host.docker.internal is not reachable from this runner environment. The agent is not running inside Docker, so service containers are inaccessible via this hostname.

🔌 Service connectivity validated by Smoke Services