[plan] Add token usage limits or scope restrictions to Duplicate Code Detector workflow

[github-actions]

Objective

Reduce the Duplicate Code Detector workflow's excessive token consumption (26.5M tokens, 75% of all 24h tokens) by adding scope restrictions or early-exit conditions.

Context

From audit discussion #18635 (2026-02-26→2026-02-27):

High token alert: Duplicate Code Detector consumed 26.5M tokens — ~75% of all tokens in the 24h window. This is significantly higher than other workflows. Consider reviewing its scope or adding token limits.

The workflow uses the Codex engine and consumed 26,513,409 tokens in a single run (17 turns, 6 minutes).

Approach

1. Open .github/workflows/duplicate-code-detector.md
2. Review the current prompt scope — does it scan the entire repository?
3. Add file pattern restrictions (e.g., focus on pkg/ and actions/ only, exclude vendor/, node_modules/, test fixtures)
4. Add early-exit instructions to the prompt: if no high-confidence duplicates are found in a sample, stop analysis
5. Consider adding a max_tokens or similar constraint if supported by the Codex engine frontmatter
6. Optionally reduce run frequency (e.g., weekly instead of daily)

Files to Modify

• .github/workflows/duplicate-code-detector.md — update scope/prompt
• .github/workflows/duplicate-code-detector.lock.yml — recompile with make recompile

Acceptance Criteria

• Workflow prompt explicitly scopes analysis to key directories (not the full repo)
• Prompt includes instruction to stop early if no significant duplicates found in sample
• Estimated token usage reduced (target: under 5M tokens per run)
• make recompile and make agent-finish pass after changes
• Workflow still correctly identifies genuine duplicate code

Generated by Plan Command for issue #discussion #18635

• expires on Mar 1, 2026, 6:38 AM UTC