Skip to content

Add daily concurrency analysis workflow for MCP server tools#14147

Merged
pelikhan merged 2 commits intomainfrom
copilot/create-daily-agentic-workflow
Feb 6, 2026
Merged

Add daily concurrency analysis workflow for MCP server tools#14147
pelikhan merged 2 commits intomainfrom
copilot/create-daily-agentic-workflow

Conversation

Copy link
Contributor

Copilot AI commented Feb 6, 2026
edited
Loading

Implements automated concurrency safety analysis for the 32 safe-outputs MCP server tools to detect data races and thread-safety violations before they reach production.

Analysis Methodology

  • Detection targets: Module-level mutable state, unprotected read-modify-write sequences, TOCTOU bugs, shared resource access without coordination
  • Static analysis: Serena MCP server for semantic Go/TypeScript code analysis with data flow tracing
  • Selection strategy: Round-robin with priority for recently modified tools, one deep analysis per run
  • State management: cache-memory tracks analysis history and prevents redundant work

Issue Generation

Issues created for findings include:

  • Severity classification (CRITICAL/HIGH/MEDIUM/LOW)
  • Concrete race condition scenarios with timeline examples
  • Fix recommendations with before/after code
  • Optional Copilot agent session creation for auto-remediation

Example detected pattern:

// ❌ UNSAFE: Module-level mutable state in create_issue.cjs
let issuesToAssignCopilotGlobal = [];  // Shared across concurrent invocations

function getIssuesToAssignCopilot() {
  return issuesToAssignCopilotGlobal;  // Race condition
}

Configuration

  • Runs weekdays 9 AM UTC, 45min timeout
  • Tools: Serena (go/typescript), cache-memory, github, bash
  • Safe-outputs: create-issue (7d expiry, max 5), create-agent-session (max 3)
Original prompt

Create a daily agentic-workflow that performs a deep-dive analysis on each tool exposed in the MCP-server component to ensure it is safe to run concurrently. This agentic-workflow should use Serena and apply best-in-class concurrency checking techniques from software engineering to validate that the tools can run concurrently without data races or data corruption.

Analyze each tool for:

  • Use of global state
  • Mutable data structures, especially those accessed concurrently
  • Mutations that are not protected by appropriate locking or synchronization

When issues are identified, generate clear agentic prompts with recommended fixes and create-issue entries describing the problems. If no problems are found for a given tool, record a no-op result and continue to the next tool.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@pelikhan
Add daily MCP tool concurrency analysis workflow
0c6722f 
- Analyzes safe-outputs MCP server tools for thread-safety issues
- Uses Serena for semantic code analysis
- Detects global state, race conditions, and missing synchronization
- Creates issues with detailed fix recommendations for problems found
- Implements round-robin analysis with cache-memory for state tracking
- Configured with copilot engine, serena tools, and safe-outputs

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Create agentic workflow for deep-dive analysis of MCP-server tools Add daily concurrency analysis workflow for MCP server tools Feb 6, 2026
Copilot AI requested a review from pelikhan February 6, 2026 13:55
@pelikhan pelikhan marked this pull request as ready for review February 6, 2026 14:05
Copilot AI review requested due to automatic review settings February 6, 2026 14:05
@pelikhan pelikhan merged commit 0f45c02 into main Feb 6, 2026
116 checks passed
@pelikhan pelikhan deleted the copilot/create-daily-agentic-workflow branch February 6, 2026 14:05
Copilot AI reviewed Feb 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces an automated daily concurrency analysis workflow that systematically examines MCP server tools for thread-safety issues and race conditions. The workflow uses Serena for semantic code analysis, implements round-robin tool selection with modification-based prioritization, and creates detailed GitHub issues for discovered concurrency problems.

Changes:

  • Adds daily scheduled workflow (weekdays 9 AM UTC) for concurrency analysis
  • Implements cache-based round-robin scheduling to track analysis progress across tools
  • Configures Serena MCP server for Go/TypeScript semantic code analysis with data flow tracing

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/daily-mcp-concurrency-analysis.md Defines workflow instructions including analysis methodology, issue templates, and step-by-step agent guidance for concurrency safety validation
.github/workflows/daily-mcp-concurrency-analysis.lock.yml Generated workflow file implementing the MCP concurrency analysis with job orchestration, safe outputs processing, and artifact management

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

This was referenced Feb 6, 2026
Closed
Closed
Merged
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan