feat: add architecture-guardian agentic workflow#25334
Conversation
Adds .github/workflows/architecture-guardian.md and the compiled .lock.yml to enforce code structure discipline on every PR and push to main. The workflow: - Detects files exceeding 500/1000 lines (WARNING/BLOCKER) - Detects functions exceeding 80 lines (WARNING) - Detects high public export count >10 (INFO) - Detects circular imports/dependency cycles (BLOCKER) - Posts structured PR review grouped by severity - Fails PR check on BLOCKER violations - Thresholds configurable via .architecture.yml Closes #25378" Agent-Logs-Url: https://github.com/github/gh-aw/sessions/7af87394-21f4-4209-ba3d-375346b57b4a Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
Change trigger to run daily on weekdays and operate on the changes since the last run |
|
@copilot Change trigger to run daily on weekdays and operate on the changes since the last run |
… lookback - Trigger changed from pull_request+push to daily schedule on weekdays (~2 PM UTC) - Workflow now analyzes commits from the last 24 hours instead of PR diffs - safe-outputs changed from submit-pull-request-review to create-issue - Added skip-if-match to avoid creating duplicate issues - Added tracker-id for workflow identity tracking - Updated prompt: Step 2 now uses git log --since="24 hours ago" - Updated prompt: Step 6 now creates a GitHub issue with action checklist - Removed PR-specific language (REQUEST_CHANGES review, base SHA diff) Agent-Logs-Url: https://github.com/github/gh-aw/sessions/ea35747c-7522-4c93-84e4-d44eadc4bb90 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in 875afbd. Changed the trigger from The workflow now:
|
|
@copilot this codebase is Go and JavaScript |
- File filter changed from .py/.rs to .go/.js/.cjs/.mjs - Check 2 (function size) rewritten for Go: uses grep + awk on func declarations - Check 3 (function size) rewritten for JavaScript: uses grep on function declarations - Check 4 (public exports) rewritten for Go: greps exported identifiers (uppercase), and module.exports / export for JS files - Check 5 (import cycles) rewritten for Go: uses go list/go build to detect cycles, plus grep-based JS circular require detection - Removed python3 from bash tool allowlist (no longer needed) - Updated all examples and descriptions to reference .go files and Go/JS idioms Agent-Logs-Url: https://github.com/github/gh-aw/sessions/b6d21b68-d7cd-444e-aa9d-372c363a73d5 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Fixed in 97cf245. The workflow now analyzes Go and JavaScript files instead of Python and Rust:
|
There was a problem hiding this comment.
Pull request overview
Adds a new scheduled “Architecture Guardian” agentic workflow intended to scan Go/JS changes from the last 24 hours for structural/code-architecture violations and file an issue when thresholds are exceeded.
Changes:
- Introduces a new agent prompt workflow definition for architecture checks (file size, function size, export count, import cycles).
- Adds the compiled
.lock.ymlworkflow output generated from the.mdsource.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/architecture-guardian.md |
Defines the agent’s prompt, triggers, tool allowlist, and safe-outputs behavior for architecture scans. |
.github/workflows/architecture-guardian.lock.yml |
Compiled GitHub Actions workflow produced from the .md definition. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 2
| tools: | ||
| github: | ||
| toolsets: [repos] | ||
| bash: | ||
| - "git log:*" | ||
| - "git diff:*" | ||
| - "git show:*" | ||
| - "find:*" |
There was a problem hiding this comment.
The prompt relies on running go list ./... / go build ./... to detect import cycles, but the bash tool allowlist here doesn’t permit any go commands. As a result the agent won’t be able to execute the cycle check as written. Add explicit allowlist entries for the needed Go commands (e.g., go list:* and go build:*, or a tighter subset) similar to .github/workflows/sergo.md which allowlists go list -m all.
| safe-outputs: | ||
| create-issue: | ||
| expires: 2d | ||
| title-prefix: "[architecture-guardian] " | ||
| labels: [architecture, automated-analysis, cookie] | ||
| assignees: copilot | ||
| max: 1 | ||
| noop: | ||
| messages: |
There was a problem hiding this comment.
safe-outputs.noop is declared without report-as-issue: false, which means the compiled workflow defaults to reporting no-op messages as issues ("report-as-issue":"true" in the lock file). That contradicts the stated behavior of “skip automatically” when there are no relevant changes / no violations, and will likely create daily noise issues. Set safe-outputs.noop.report-as-issue: false (as done in .github/workflows/agentic-observability-kit.md:28-29) if the intent is to truly skip without opening an issue.
Add entries to the examples documentation for the five new workflows merged on 2026-04-08: - Test Quality Sentinel (#25353): PR-triggered test quality analysis - Approach Validator (#25354): label-triggered multi-agent approach review - Design Decision Gate (#25323): ADR enforcement before implementation merges - Refactoring Cadence (#25352): daily code health tracking with auto-issue - Architecture Guardian (#25334): daily code structure violation detection Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a new
architecture-guardianworkflow addressing the "spaghetti codebase" problem — AI-assisted development accumulates structural debt without enforcement checkpoints.What it does
workflow_dispatchas a fallbackgrep/awkon Gofuncdeclarations and grep on JS function declarationsgo list ./.../go build ./...for Go and grep-basedrequire()analysis for JavaScriptskip-if-match)Configuration
Thresholds are configurable via
.architecture.ymlat the repo root; all values have sensible defaults if the file is absent.Files
.github/workflows/architecture-guardian.md— workflow source.github/workflows/architecture-guardian.lock.yml— compiled output