Summary
| Severity |
Count |
| 🚨 BLOCKER |
0 |
| ⚠️ WARNING |
21 |
| i️ INFO |
1 |
No BLOCKER violations found. All warnings are pre-existing structural debt surfaced by this scan.
⚠️ WARNING Violations
These violations should be addressed soon to prevent further structural debt.
File Size — Large Go Files
File: pkg/workflow/domains.go | Lines: 1,015
Commit: 6dce746 — Fix Serena codemod output for nested engine config
Issue: File exceeds the 1,000-line WARNING threshold
Suggested fix: Split into domains_ecosystems.go (ecosystem category maps and getEcosystemDomains), domains_engine.go (per-engine domain logic), and domains_http_mcp.go (HTTP MCP / Playwright domain extraction). Each file would be ~300–350 lines.
File: pkg/workflow/cache.go | Lines: 1,002
Commit: 6dce746 — Fix Serena codemod output for nested engine config
Issue: File exceeds the 1,000-line WARNING threshold
Suggested fix: Extract the cache-memory artifact/git step generation into cache_steps.go and keep configuration parsing + validation in cache.go. Target ~500 lines each.
File Size — Large CJS Files
File: actions/setup/js/create_pull_request.cjs | Lines: 1,789
Issue: File is nearly 1.8× the WARNING threshold
Suggested fix: Extract the diff-and-patch logic into create_pull_request_diff.cjs and PR metadata/label handling into create_pull_request_labels.cjs. The core PR creation should remain in create_pull_request.cjs.
File: actions/setup/js/handle_agent_failure.cjs | Lines: 1,597
Issue: File exceeds the WARNING threshold
Suggested fix: Separate failure classification logic from reporting/notification logic. Extract failure analysis into handle_agent_failure_classifier.cjs and keep remediation/output steps in the main file.
File: actions/setup/js/update_project.cjs | Lines: 1,451
Issue: File exceeds the WARNING threshold
Suggested fix: Split project field update logic (update_project_fields.cjs) from project item query/linking logic (update_project_items.cjs).
File: actions/setup/js/safe_output_handler_manager.cjs | Lines: 1,378
Issue: File exceeds the WARNING threshold
Suggested fix: Extract individual handler registration and routing into safe_output_handler_registry.cjs, keeping the manager orchestration in the main file.
File: actions/setup/js/sanitize_content_core.cjs | Lines: 1,235
Issue: File exceeds the WARNING threshold
Suggested fix: Separate regex/pattern definitions into a sanitize_patterns.cjs constants file and keep transformation logic in sanitize_content_core.cjs.
File: actions/setup/js/safe_outputs_handlers.cjs | Lines: 1,044
Issue: File exceeds the WARNING threshold
Suggested fix: Group handlers by output type into separate files (e.g., safe_outputs_text_handlers.cjs, safe_outputs_json_handlers.cjs).
File: actions/setup/js/mcp_cli_bridge.cjs | Lines: 1,027
Issue: File exceeds the WARNING threshold
Suggested fix: Extract protocol framing (JSON-RPC message building/parsing) into mcp_cli_protocol.cjs and keep I/O bridge logic in mcp_cli_bridge.cjs.
File: actions/setup/js/runtime_import.cjs | Lines: 1,022
Issue: File exceeds the WARNING threshold
Suggested fix: Separate runtime detection/resolution from import mechanism into runtime_resolver.cjs.
Function Size — Large Go Functions (> 200 lines)
File: pkg/workflow/mcp_setup_generator.go | Function: generateMCPSetup | Lines: ~852
Issue: Function is more than 4× the 200-line threshold — an entire subsystem crammed into one function
Suggested fix: Decompose by MCP provider type: extract generateDockerMCPSetup, generateHTTPMCPSetup, generateBuiltinMCPSetup, each called from a coordinator. This would bring each extracted function under 200 lines.
File: pkg/workflow/compiler_yaml_main_job.go | Function: generateMainJobSteps | Lines: ~638
Issue: Function is 3× the threshold; generates dozens of heterogeneous steps inline
Suggested fix: Group steps by phase — extract generateSetupSteps, generateCheckoutSteps, generateAgentSteps, generateConclusionSteps — and call them sequentially from generateMainJobSteps.
File: pkg/workflow/compiler_safe_outputs_job.go | Function: buildConsolidatedSafeOutputsJob | Lines: ~515
Issue: Function builds the entire safe-outputs job in one pass
Suggested fix: Extract step builders (buildSafeOutputsCheckoutStep, buildSafeOutputsRunStep, etc.) into private helpers and compose from the main function.
File: pkg/workflow/frontmatter_extraction_yaml.go | Function: commentOutProcessedFieldsInOnSection | Lines: ~488
Issue: Function is 2.4× the threshold
Suggested fix: Extract YAML traversal helpers into separate functions and reduce the main function to a coordinator.
File: pkg/workflow/compiler.go | Function: validateWorkflowData | Lines: ~393
Issue: Validation logic is monolithic; hard to extend or test individual rules
Suggested fix: Following the existing validation architecture pattern, split into focused validators (e.g., validateEngineConfig, validateTriggers, validatePermissions) and call them from validateWorkflowData.
File: pkg/parser/import_field_extractor.go | Function: extractAllImportFields | Lines: ~372
Issue: Function combines HTTP fetching, recursive traversal, and field extraction
Suggested fix: Extract fetching into fetchImportContent, traversal into traverseImportGraph, and keep field extraction in extractAllImportFields.
File: pkg/cli/audit.go | Function: AuditWorkflowRun | Lines: ~356
Issue: Top-level command function handling all audit phases inline
Suggested fix: Extract downloadAuditArtifacts, parseAuditLogs, formatAuditReport as separate functions; AuditWorkflowRun becomes a coordinator calling each phase.
File: pkg/workflow/compiler_jobs.go | Function: buildCustomJobs | Lines: ~351
Issue: Iterates and builds all custom jobs with inline logic per job type
Suggested fix: Extract buildCustomJobFromConfig for individual job construction and resolveCustomJobDependencies for dependency wiring.
File: pkg/workflow/compiler.go | Function: generatePrompt | Lines: ~236
Issue: Exceeds threshold
Suggested fix: Extract prompt section ordering logic and section rendering into small helper functions.
File: pkg/workflow/unified_prompt_step.go | Function: generateUnifiedPromptCreationStep | Lines: ~247
Issue: Exceeds threshold
Suggested fix: Extract expression mapping logic and step YAML generation into separate private helpers.
File: pkg/workflow/compiler_safe_outputs_handlers.go | Function: buildSafeOutputsSections | Lines: ~244
Issue: Exceeds threshold
Suggested fix: Extract per-output-type section builders into small dedicated functions.
i️ INFO Violations
Informational findings. Consider addressing in future refactoring.
pkg/workflow/domains.go: 24 exported identifiers (threshold: 10) — This file is a large public API surface for domain allow-list logic. Consider splitting into focused packages (pkg/workflow/domains/ecosystems, pkg/workflow/domains/engines) so each subpackage has a smaller, well-defined export surface.
Configuration
Thresholds from .architecture.yml:
- File size BLOCKER: 2,000 lines
- File size WARNING: 1,000 lines
- Function size: 200 lines
- Max public exports: 10
Action Checklist
🏛️ Thresholds configured in .architecture.yml at the repository root.
🏛️ Architecture report by Architecture Guardian · ● 2.2M · ◷
Summary
6dce746— [aw-compat] Fix Serena codemod output for nested engine config and stale gh-aw source pins ([aw-compat] Fix Serena codemod output for nested engine config and stale gh-aw source pins #28080)No BLOCKER violations found. All warnings are pre-existing structural debt surfaced by this scan.
File Size — Large Go Files
File:
pkg/workflow/domains.go| Lines: 1,015Commit:
6dce746— Fix Serena codemod output for nested engine configIssue: File exceeds the 1,000-line WARNING threshold
Suggested fix: Split into
domains_ecosystems.go(ecosystem category maps andgetEcosystemDomains),domains_engine.go(per-engine domain logic), anddomains_http_mcp.go(HTTP MCP / Playwright domain extraction). Each file would be ~300–350 lines.File:
pkg/workflow/cache.go| Lines: 1,002Commit:
6dce746— Fix Serena codemod output for nested engine configIssue: File exceeds the 1,000-line WARNING threshold
Suggested fix: Extract the cache-memory artifact/git step generation into
cache_steps.goand keep configuration parsing + validation incache.go. Target ~500 lines each.File Size — Large CJS Files
File:
actions/setup/js/create_pull_request.cjs| Lines: 1,789Issue: File is nearly 1.8× the WARNING threshold
Suggested fix: Extract the diff-and-patch logic into
create_pull_request_diff.cjsand PR metadata/label handling intocreate_pull_request_labels.cjs. The core PR creation should remain increate_pull_request.cjs.File:
actions/setup/js/handle_agent_failure.cjs| Lines: 1,597Issue: File exceeds the WARNING threshold
Suggested fix: Separate failure classification logic from reporting/notification logic. Extract failure analysis into
handle_agent_failure_classifier.cjsand keep remediation/output steps in the main file.File:
actions/setup/js/update_project.cjs| Lines: 1,451Issue: File exceeds the WARNING threshold
Suggested fix: Split project field update logic (
update_project_fields.cjs) from project item query/linking logic (update_project_items.cjs).File:
actions/setup/js/safe_output_handler_manager.cjs| Lines: 1,378Issue: File exceeds the WARNING threshold
Suggested fix: Extract individual handler registration and routing into
safe_output_handler_registry.cjs, keeping the manager orchestration in the main file.File:
actions/setup/js/sanitize_content_core.cjs| Lines: 1,235Issue: File exceeds the WARNING threshold
Suggested fix: Separate regex/pattern definitions into a
sanitize_patterns.cjsconstants file and keep transformation logic insanitize_content_core.cjs.File:
actions/setup/js/safe_outputs_handlers.cjs| Lines: 1,044Issue: File exceeds the WARNING threshold
Suggested fix: Group handlers by output type into separate files (e.g.,
safe_outputs_text_handlers.cjs,safe_outputs_json_handlers.cjs).File:
actions/setup/js/mcp_cli_bridge.cjs| Lines: 1,027Issue: File exceeds the WARNING threshold
Suggested fix: Extract protocol framing (JSON-RPC message building/parsing) into
mcp_cli_protocol.cjsand keep I/O bridge logic inmcp_cli_bridge.cjs.File:
actions/setup/js/runtime_import.cjs| Lines: 1,022Issue: File exceeds the WARNING threshold
Suggested fix: Separate runtime detection/resolution from import mechanism into
runtime_resolver.cjs.Function Size — Large Go Functions (> 200 lines)
File:
pkg/workflow/mcp_setup_generator.go| Function:generateMCPSetup| Lines: ~852Issue: Function is more than 4× the 200-line threshold — an entire subsystem crammed into one function
Suggested fix: Decompose by MCP provider type: extract
generateDockerMCPSetup,generateHTTPMCPSetup,generateBuiltinMCPSetup, each called from a coordinator. This would bring each extracted function under 200 lines.File:
pkg/workflow/compiler_yaml_main_job.go| Function:generateMainJobSteps| Lines: ~638Issue: Function is 3× the threshold; generates dozens of heterogeneous steps inline
Suggested fix: Group steps by phase — extract
generateSetupSteps,generateCheckoutSteps,generateAgentSteps,generateConclusionSteps— and call them sequentially fromgenerateMainJobSteps.File:
pkg/workflow/compiler_safe_outputs_job.go| Function:buildConsolidatedSafeOutputsJob| Lines: ~515Issue: Function builds the entire safe-outputs job in one pass
Suggested fix: Extract step builders (
buildSafeOutputsCheckoutStep,buildSafeOutputsRunStep, etc.) into private helpers and compose from the main function.File:
pkg/workflow/frontmatter_extraction_yaml.go| Function:commentOutProcessedFieldsInOnSection| Lines: ~488Issue: Function is 2.4× the threshold
Suggested fix: Extract YAML traversal helpers into separate functions and reduce the main function to a coordinator.
File:
pkg/workflow/compiler.go| Function:validateWorkflowData| Lines: ~393Issue: Validation logic is monolithic; hard to extend or test individual rules
Suggested fix: Following the existing validation architecture pattern, split into focused validators (e.g.,
validateEngineConfig,validateTriggers,validatePermissions) and call them fromvalidateWorkflowData.File:
pkg/parser/import_field_extractor.go| Function:extractAllImportFields| Lines: ~372Issue: Function combines HTTP fetching, recursive traversal, and field extraction
Suggested fix: Extract fetching into
fetchImportContent, traversal intotraverseImportGraph, and keep field extraction inextractAllImportFields.File:
pkg/cli/audit.go| Function:AuditWorkflowRun| Lines: ~356Issue: Top-level command function handling all audit phases inline
Suggested fix: Extract
downloadAuditArtifacts,parseAuditLogs,formatAuditReportas separate functions;AuditWorkflowRunbecomes a coordinator calling each phase.File:
pkg/workflow/compiler_jobs.go| Function:buildCustomJobs| Lines: ~351Issue: Iterates and builds all custom jobs with inline logic per job type
Suggested fix: Extract
buildCustomJobFromConfigfor individual job construction andresolveCustomJobDependenciesfor dependency wiring.File:
pkg/workflow/compiler.go| Function:generatePrompt| Lines: ~236Issue: Exceeds threshold
Suggested fix: Extract prompt section ordering logic and section rendering into small helper functions.
File:
pkg/workflow/unified_prompt_step.go| Function:generateUnifiedPromptCreationStep| Lines: ~247Issue: Exceeds threshold
Suggested fix: Extract expression mapping logic and step YAML generation into separate private helpers.
File:
pkg/workflow/compiler_safe_outputs_handlers.go| Function:buildSafeOutputsSections| Lines: ~244Issue: Exceeds threshold
Suggested fix: Extract per-output-type section builders into small dedicated functions.
i️ INFO Violations
pkg/workflow/domains.go: 24 exported identifiers (threshold: 10) — This file is a large public API surface for domain allow-list logic. Consider splitting into focused packages (pkg/workflow/domains/ecosystems,pkg/workflow/domains/engines) so each subpackage has a smaller, well-defined export surface.Configuration
Thresholds from
.architecture.yml:Action Checklist
generateMCPSetup(852 lines) — highest priority function violationgenerateMainJobSteps(638 lines)buildConsolidatedSafeOutputsJob(515 lines)pkg/workflow/domains.goexport surface (INFO)