Overview
Daily cross-repo compatibility audit run on 2026-04-22 against gh-aw 27e6b35. Compiled 20 public repositories (ranked by stars) that use gh-aw lock files. 17/20 pass, 3 fail after gh aw fix --write, 1 fixed by codemod.
Summary
| Metric |
Value |
| Repos tested |
20 |
| Compile pass (after fix) |
17 |
| Compile fail (after fix) |
3 |
Fixed by gh aw fix |
1 |
| gh-aw version |
27e6b35 |
Failures
1. storybookjs/storybook — 89,764 ⭐
Error: import file not found after codemod migration of tools.serena
The gh aw fix --write codemod correctly rewrites tools.serena to:
imports:
- uses: shared/mcp/serena.md
with:
languages: ["typescript"]...but does not create the target file shared/mcp/serena.md, leaving the workflow broken post-fix.
Full error:
.github/workflows/duplicate-code-detector.md:24:11: error: import file not found
- uses: shared/mcp/serena.md
Suggested remediation: The Serena migration codemod should also scaffold shared/mcp/serena.md (or verify it exists) before writing the import reference.
2. vercel/vercel — 15,347 ⭐
Error: workflow_run trigger missing branch restrictions (strict mode)
.github/workflows/ci-doctor.md:1:1: error: workflow_run trigger should include branch
restrictions for security and performance.
gh aw fix --write does not address this. The repo's ci-doctor.md uses workflow_run without a branches: filter. This is a strict-mode security validation.
Suggested remediation: Add a codemod (or documentation) that auto-injects a safe default branch restriction (e.g., branches: [main, master]) into bare workflow_run triggers. Or, provide a clear diagnostic that links to the fix in the error output.
3. Azure/azure-sdk-for-js — 2,289 ⭐
Error: Missing required permission for dependabot toolset
.github/workflows/dexter.md:1:1: error: Missing required permissions for GitHub toolsets:
- vulnerability-alerts: read (required by dependabot)
gh aw fix --write does not auto-inject this permission. The workflow uses the dependabot toolset but the frontmatter lacks vulnerability-alerts: read.
Suggested remediation: A codemod that auto-injects required permissions when a known toolset is declared (e.g., dependabot → vulnerability-alerts: read).
Successfully Fixed by Codemod
microsoft/pylance-release — roles: all was at workflow top-level instead of under on:. gh aw fix --write successfully applied the Move roles to on.roles codemod:
Before: roles: all (top-level)
After: on:
roles: all
Potential Codemod Gaps
| Gap |
Pattern |
Repos Affected |
| Serena migration scaffold |
uses: shared/mcp/serena.md referenced but not created |
storybookjs/storybook |
| workflow_run branch restriction |
Bare workflow_run trigger → strict failure |
vercel/vercel |
| Toolset permission injection |
dependabot toolset requires vulnerability-alerts: read |
Azure/azure-sdk-for-js |
Note: Each gap appears in 1 repository (below the 2-repo threshold for a dedicated codemod proposal issue).
View all 20 repos tested
| Repository |
Stars |
Result |
| f/prompts.chat |
160,385 |
✅ Pass |
| storybookjs/storybook |
89,764 |
❌ Fail |
| appwrite/appwrite |
55,805 |
✅ Pass |
| taosdata/TDengine |
24,835 |
✅ Pass |
| dotnet/maui |
23,229 |
✅ Pass |
| dotnet/core |
21,945 |
✅ Pass |
| dotnet/runtime |
17,830 |
✅ Pass |
| vercel/vercel |
15,347 |
❌ Fail |
| meshery/meshery |
10,156 |
✅ Pass |
| dotnet/machinelearning |
9,327 |
✅ Pass |
| apache/cloudstack |
2,871 |
✅ Pass |
| Azure/azure-sdk-for-js |
2,289 |
❌ Fail |
| rancher/dashboard |
590 |
✅ Pass |
| pulumi/pulumi-aws |
572 |
✅ Pass |
| moeru-ai/airi |
— |
✅ Pass |
| dotnet/msbuild |
— |
✅ Pass |
| dotnet/android |
— |
✅ Pass |
| ReactiveX/RxPY |
— |
✅ Pass |
| apollographql/rover |
— |
✅ Pass |
| microsoft/pylance-release |
— |
✅ Pass (fixed by codemod) |
References:
Generated by Daily AW Cross-Repo Compile Check · ● 408K · ◷
Overview
Daily cross-repo compatibility audit run on 2026-04-22 against gh-aw
27e6b35. Compiled 20 public repositories (ranked by stars) that use gh-aw lock files. 17/20 pass, 3 fail aftergh aw fix --write, 1 fixed by codemod.Summary
gh aw fix27e6b35Failures
1.
storybookjs/storybook— 89,764 ⭐Error:
import file not foundafter codemod migration oftools.serenaThe
gh aw fix --writecodemod correctly rewritestools.serenato:...but does not create the target file
shared/mcp/serena.md, leaving the workflow broken post-fix.Full error:
Suggested remediation: The Serena migration codemod should also scaffold
shared/mcp/serena.md(or verify it exists) before writing the import reference.2.
vercel/vercel— 15,347 ⭐Error:
workflow_runtrigger missing branch restrictions (strict mode)gh aw fix --writedoes not address this. The repo'sci-doctor.mdusesworkflow_runwithout abranches:filter. This is a strict-mode security validation.Suggested remediation: Add a codemod (or documentation) that auto-injects a safe default branch restriction (e.g.,
branches: [main, master]) into bareworkflow_runtriggers. Or, provide a clear diagnostic that links to the fix in the error output.3.
Azure/azure-sdk-for-js— 2,289 ⭐Error: Missing required permission for
dependabottoolsetgh aw fix --writedoes not auto-inject this permission. The workflow uses thedependabottoolset but the frontmatter lacksvulnerability-alerts: read.Suggested remediation: A codemod that auto-injects required permissions when a known toolset is declared (e.g.,
dependabot→vulnerability-alerts: read).Successfully Fixed by Codemod
microsoft/pylance-release—roles: allwas at workflow top-level instead of underon:.gh aw fix --writesuccessfully applied theMove roles to on.rolescodemod:Potential Codemod Gaps
uses: shared/mcp/serena.mdreferenced but not createdworkflow_runtrigger → strict failuredependabottoolset requiresvulnerability-alerts: readView all 20 repos tested
References: