Summary
- Analysis Period: Last 24 hours
- Files Analyzed: ~1,261 Go/JS source files (initial repository commit
99e30a3)
- Total Violations: 31+
- Date: 2026-04-20
| Severity |
Count |
| π¨ BLOCKER |
0 |
| β οΈ WARNING |
31+ |
| iοΈ INFO |
0 |
β οΈ WARNING Violations
These violations should be addressed soon to prevent further structural debt.
File Size Warnings β CJS Files Exceeding 1000 Lines
Commit: 99e30a3 β [copilot-opt] Enforce MCP-only GitHub reads by removing direct gh API paths (#27358)
| File |
Lines |
actions/setup/js/create_pull_request.cjs |
1779 |
actions/setup/js/log_parser_shared.cjs |
1703 |
actions/setup/js/handle_agent_failure.cjs |
1590 |
actions/setup/js/update_project.cjs |
1451 |
actions/setup/js/safe_output_handler_manager.cjs |
1321 |
actions/setup/js/sanitize_content_core.cjs |
1224 |
actions/setup/js/runtime_import.cjs |
1022 |
actions/setup/js/safe_outputs_handlers.cjs |
1009 |
pkg/workflow/cache.go |
1002 |
Why it matters: Files this large are difficult to navigate, review, and reason about. They tend to accumulate unrelated logic and resist refactoring.
Suggested fixes:
create_pull_request.cjs (1779 lines): Extract PR validation logic, conflict-resolution helpers, and body-formatting utilities into separate .cjs modules (e.g., create_pull_request_validation.cjs, create_pull_request_format.cjs)log_parser_shared.cjs (1703 lines): Split into domain-specific parsers β log line parsing, OTLP emission, and metric aggregation are distinct concernshandle_agent_failure.cjs (1590 lines): Extract failure classification, retry logic, and notification routing into focused filesupdate_project.cjs (1451 lines): Separate GraphQL query builders from field-update orchestrationsafe_output_handler_manager.cjs (1321 lines): The manager should delegate to per-output-type handlers; split into safe_output_handler_*.cjs filessanitize_content_core.cjs (1224 lines): Separate input sanitization from output encoding, and isolate regex-based cleaning into a dedicated filepkg/workflow/cache.go (1002 lines): Extract cache-memory artifact upload/download helpers, TTL logic, and key-naming utilities into sub-files
Oversized Functions β Go Files
Commit: 99e30a3 β [copilot-opt] Enforce MCP-only GitHub reads by removing direct gh API paths (#27358)
| File |
Function |
Estimated Lines |
pkg/workflow/mcp_setup_generator.go |
generateMCPSetup |
~849 |
pkg/workflow/compiler_yaml_main_job.go |
generateMainJobSteps |
~619 |
pkg/workflow/notify_comment.go |
buildConclusionJob |
~562 |
pkg/workflow/safe_outputs_config.go |
extractSafeOutputsConfig |
~559 |
pkg/workflow/compiler_safe_outputs_job.go |
buildConsolidatedSafeOutputsJob |
~501 |
pkg/workflow/frontmatter_extraction_yaml.go |
commentOutProcessedFieldsInOnSection |
~488 |
pkg/workflow/mcp_config_custom.go |
renderSharedMCPConfig |
~495 |
pkg/cli/run_workflow_execution.go |
RunWorkflowOnGitHub |
~442 |
pkg/workflow/compiler_pre_activation_job.go |
buildPreActivationJob |
~429 |
pkg/workflow/repo_memory.go |
extractRepoMemoryConfig |
~400 |
pkg/cli/audit.go |
AuditWorkflowRun |
~356 |
pkg/workflow/compiler.go |
validateWorkflowData |
~369 |
pkg/parser/import_field_extractor.go |
extractAllImportFields |
~372 |
pkg/workflow/compiler_jobs.go |
buildCustomJobs |
~344 |
cmd/gh-aw/main.go |
validateEngine |
~411 |
cmd/gh-aw/main.go |
init |
~404 |
pkg/workflow/unified_prompt_step.go |
collectPromptSections |
~213 |
pkg/workflow/unified_prompt_step.go |
generateUnifiedPromptCreationStep |
~247 |
pkg/workflow/unified_prompt_step.go |
buildSafeOutputsSections |
~225 |
pkg/workflow/imports.go |
mergeSafeOutputConfig |
~239 |
pkg/cli/logs_download.go |
downloadRunArtifacts |
~267 |
pkg/cli/pr_command.go |
transferPR |
~227 |
Why it matters: Functions this large are impossible to unit test in isolation, accumulate mixed responsibilities, and create merge conflicts when multiple developers touch the same feature.
Suggested fixes by priority:
-
generateMCPSetup (~849 lines) in mcp_setup_generator.go β the most severe violation. This function handles per-tool rendering for Playwright, GitHub MCP, custom registries, etc. Each tool type should be extracted into its own generateXxxMCPSetup(...) helper, e.g., generatePlaywrightMCPSetup, generateGitHubMCPSetup, generateCustomMCPSetup. The main function becomes an orchestrator/dispatcher (~50 lines).
-
generateMainJobSteps (~619 lines) in compiler_yaml_main_job.go β extract distinct step-generation phases into helpers: generateCheckoutSteps, generateSetupRuntimeSteps, generateAgentRunStep, generatePostRunSteps, etc.
-
buildConclusionJob (~562 lines) in notify_comment.go β separate conclusion-comment rendering from job-dependency graph construction and OTLP span emission into dedicated helpers.
-
extractSafeOutputsConfig (~559 lines) in safe_outputs_config.go β this is a large parsing function; split parsing by section: parseMessagesConfig, parseDispatchConfig, parsePermissionsConfig, etc.
-
buildConsolidatedSafeOutputsJob (~501 lines) β extract step-list construction, environment variable injection, and permission assembly into named helpers.
-
validateEngine & init (~400+ lines each) in cmd/gh-aw/main.go β init() should register subcommands only; large engine-validation logic belongs in pkg/cli/ (e.g., engine_validation.go).
-
AuditWorkflowRun (~356 lines) in pkg/cli/audit.go β extract artifact downloading, log parsing, and report rendering phases into private helper functions.
Configuration
Thresholds from .architecture.yml:
- File size BLOCKER: 2000 lines
- File size WARNING: 1000 lines
- Function size: 200 lines
- Max public exports: 10
Action Checklist
ποΈ Thresholds are configured in .architecture.yml at the repository root.
ποΈ Architecture report by Architecture Guardian Β· β 1.4M Β· β·
Summary
99e30a3)File Size Warnings β CJS Files Exceeding 1000 Lines
Commit:
99e30a3β [copilot-opt] Enforce MCP-only GitHub reads by removing directghAPI paths (#27358)actions/setup/js/create_pull_request.cjsactions/setup/js/log_parser_shared.cjsactions/setup/js/handle_agent_failure.cjsactions/setup/js/update_project.cjsactions/setup/js/safe_output_handler_manager.cjsactions/setup/js/sanitize_content_core.cjsactions/setup/js/runtime_import.cjsactions/setup/js/safe_outputs_handlers.cjspkg/workflow/cache.goWhy it matters: Files this large are difficult to navigate, review, and reason about. They tend to accumulate unrelated logic and resist refactoring.
Suggested fixes:
create_pull_request.cjs(1779 lines): Extract PR validation logic, conflict-resolution helpers, and body-formatting utilities into separate.cjsmodules (e.g.,create_pull_request_validation.cjs,create_pull_request_format.cjs)log_parser_shared.cjs(1703 lines): Split into domain-specific parsers β log line parsing, OTLP emission, and metric aggregation are distinct concernshandle_agent_failure.cjs(1590 lines): Extract failure classification, retry logic, and notification routing into focused filesupdate_project.cjs(1451 lines): Separate GraphQL query builders from field-update orchestrationsafe_output_handler_manager.cjs(1321 lines): The manager should delegate to per-output-type handlers; split intosafe_output_handler_*.cjsfilessanitize_content_core.cjs(1224 lines): Separate input sanitization from output encoding, and isolate regex-based cleaning into a dedicated filepkg/workflow/cache.go(1002 lines): Extract cache-memory artifact upload/download helpers, TTL logic, and key-naming utilities into sub-filesOversized Functions β Go Files
Commit:
99e30a3β [copilot-opt] Enforce MCP-only GitHub reads by removing directghAPI paths (#27358)pkg/workflow/mcp_setup_generator.gogenerateMCPSetuppkg/workflow/compiler_yaml_main_job.gogenerateMainJobStepspkg/workflow/notify_comment.gobuildConclusionJobpkg/workflow/safe_outputs_config.goextractSafeOutputsConfigpkg/workflow/compiler_safe_outputs_job.gobuildConsolidatedSafeOutputsJobpkg/workflow/frontmatter_extraction_yaml.gocommentOutProcessedFieldsInOnSectionpkg/workflow/mcp_config_custom.gorenderSharedMCPConfigpkg/cli/run_workflow_execution.goRunWorkflowOnGitHubpkg/workflow/compiler_pre_activation_job.gobuildPreActivationJobpkg/workflow/repo_memory.goextractRepoMemoryConfigpkg/cli/audit.goAuditWorkflowRunpkg/workflow/compiler.govalidateWorkflowDatapkg/parser/import_field_extractor.goextractAllImportFieldspkg/workflow/compiler_jobs.gobuildCustomJobscmd/gh-aw/main.govalidateEnginecmd/gh-aw/main.goinitpkg/workflow/unified_prompt_step.gocollectPromptSectionspkg/workflow/unified_prompt_step.gogenerateUnifiedPromptCreationSteppkg/workflow/unified_prompt_step.gobuildSafeOutputsSectionspkg/workflow/imports.gomergeSafeOutputConfigpkg/cli/logs_download.godownloadRunArtifactspkg/cli/pr_command.gotransferPRWhy it matters: Functions this large are impossible to unit test in isolation, accumulate mixed responsibilities, and create merge conflicts when multiple developers touch the same feature.
Suggested fixes by priority:
generateMCPSetup(~849 lines) inmcp_setup_generator.goβ the most severe violation. This function handles per-tool rendering for Playwright, GitHub MCP, custom registries, etc. Each tool type should be extracted into its owngenerateXxxMCPSetup(...)helper, e.g.,generatePlaywrightMCPSetup,generateGitHubMCPSetup,generateCustomMCPSetup. The main function becomes an orchestrator/dispatcher (~50 lines).generateMainJobSteps(~619 lines) incompiler_yaml_main_job.goβ extract distinct step-generation phases into helpers:generateCheckoutSteps,generateSetupRuntimeSteps,generateAgentRunStep,generatePostRunSteps, etc.buildConclusionJob(~562 lines) innotify_comment.goβ separate conclusion-comment rendering from job-dependency graph construction and OTLP span emission into dedicated helpers.extractSafeOutputsConfig(~559 lines) insafe_outputs_config.goβ this is a large parsing function; split parsing by section:parseMessagesConfig,parseDispatchConfig,parsePermissionsConfig, etc.buildConsolidatedSafeOutputsJob(~501 lines) β extract step-list construction, environment variable injection, and permission assembly into named helpers.validateEngine&init(~400+ lines each) incmd/gh-aw/main.goβinit()should register subcommands only; large engine-validation logic belongs inpkg/cli/(e.g.,engine_validation.go).AuditWorkflowRun(~356 lines) inpkg/cli/audit.goβ extract artifact downloading, log parsing, and report rendering phases into private helper functions.Configuration
Thresholds from
.architecture.yml:Action Checklist
generateMCPSetup(~849 lines) into per-tool sub-functions β highest prioritygenerateMainJobSteps(~619 lines) into step-phase helpersbuildConclusionJob,extractSafeOutputsConfig,buildConsolidatedSafeOutputsJobvalidateEngine/initbloat fromcmd/gh-aw/main.gotopkg/cli/