Improving token efficiency in GitHub Agentic Workflows

 Agentic workflows that run on every pull request can quietly accumulate large API bills. Here’s how we instrumented our own production workflows, found the inefficiencies, and built agents to fix them.


GitHub Agentic Workflows is like a team of street sweepers that clean up little messes in your repo. These teams significantly improve repo hygiene and quality, but as with all agentic work, cost is a growing concern for developers. And because CI jobs like agentic workflows are automatically scheduled and triggered, costs can accumulate out of view.


Thankfully, making automations more efficient is easier than doing the same for interactive desktop sessions. Work done during a developer session can be hard to predict, but agentic workflows’ work is fully specified in YAML and repeats every execution.

https://hackmd.io/@alexaa34/B1dX_000Zx

https://medium.com/@alexharris59600/improving-token-efficiency-in-github-agentic-workflows-84511d489b83

Because we maintain and use GitHub Agentic Workflows in our own GitHub repositories, we worry about token efficiency as much as our users. That is why in April 2026, we began to systematically optimize the token usage of many of the workflows that we rely on every day. This post describes what we instrumented, the optimizations we applied, and our preliminary results.


Logging token usage

We rely on hundreds of agentic workflows in our repos for maintenance and CI. All workflows run as GitHub Actions against real API rate limits. We are building the plane as we fly it and burning jet fuel as we go.


Before we could optimize our token consumption, we needed to know how tokens were consumed. The first challenge we faced was that each agent framework (Claude CLI, Copilot CLI, Codex CLI) emitted logs in a different format, and usage data could be incomplete for historical runs. Thankfully, the agentic-workflows security architecture uses an API proxy to prevent agents from directly accessing authentication credentials. This proxy gave us a way to capture token usage across all runs in a single normalized format, regardless of agent framework.


Every workflow now outputs a token-usage.jsonl artifact with one record per API call that contains input tokens, output tokens, cache-read tokens, cache-write tokens, model, provider, and timestamps. Combining this data with the rest of the workflow’s logs gave a historical view of how tokens were typically spent and allowed us to optimize for future runs.


Workflows optimizing workflows

With token data in hand, we built two daily optimization workflows.


A Daily Token Usage Auditor reads token usage artifacts from recent workflow runs, aggregates consumption by workflow, and posts a structured report. Its job is to flag any workflow that has significantly increased its recent usage, surface the most expensive workflows, and take note of anomalous runs (e.g., a workflow that normally completes in four LLM turns taking 18).


When an Auditor flags a workflow, a Daily Token Optimizer looks at the workflow’s source and recent logs to create a GitHub issue with describing concrete inefficiencies and proposing specific optimization. The Optimizer has found many inefficiencies that we would have otherwise missed.


Of course, the Auditor and Optimizer are agentic workflows themselves, and their token usage also appear in daily reports to create a small virtuous cycle.


Eliminating unused MCP tools

Based on our initial Auditor and Optimizer results, the most common inefficiency is unused MCP tool registrations.


Because LLM APIs are stateless, agent runtimes typically include the MCP tool function names and JSON schemas with each request. In practice, this means the full set of tools can become part of every call’s context. For a GitHub MCP server with 40 tools, this can add 10–15 KB of schema per turn. If the agent only uses two tools, the remaining 38 are pure overhead added to every request.


Workflow authors naturally start with a full tool-set since it is the path of least resistance, and the agent can figure out which tools it needs. But as time goes on, most workflows rely on a narrow, stable set of tools. The Optimizer identifies this pattern by cross-referencing tool manifests against actual tool calls and recommends pruning unused tools from the configuration.


In our smoke-test workflows, removing unused tools from the MCP configuration reduced per-call context size by 8–12 KB, saving several thousand tokens per run with no change in behavior.


Replacing GitHub MCP with GitHub CLI

Removing unused MCP tools is a relatively simple win. A larger structural opportunity was replacing GitHub MCP calls for data-fetching operations like retrieving pull request diffs, file contents, and review comments with calls to the GitHub CLI.


This change did more than reduce the overhead of unused tools because an MCP tool call is a reasoning step in addition to data retrieval. The agent must decide to call the tool, formulate its arguments, and receive its output as part of the context. That’s a full round-trip LLM API call, consuming tokens for the tool-use JSON schema, the argument block, and the response. Calling ‘gh pr diff’, by contrast, is a deterministic HTTP request to GitHub’s REST API with no LLM involvement.


We used two strategies for this migration:


Pre-agentic data downloads. For data that an agent will always need like a pull request diff or the list of changed files, we added setup steps in the workflow that run gh commands before the agent starts and writes the results to workspace files. The agent reads those files instead of making MCP calls. This eliminates tool-call overhead and allows the agent to take advantage of its extensive training in bash scripting to efficiently process the data.


In-agent CLI proxy substitution. Pre-downloading isn’t possible in cases where the agent determines what to fetch at runtime. In these cases we rely on a lightweight transparent HTTP proxy that routes CLI traffic to GitHub’s API servers without exposing an authentication token to the agent. The agent runs gh pr view –json and gets structured data back, just as a user would from a terminal. This reduces token usage without compromising our zero-secrets security requirement for the agent.


Together, these techniques move the majority of GitHub data-fetching out of the LLM reasoning loop.

Comments

Post a Comment

Popular posts from this blog

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. RDP files are commonly used in enterprise environments to connect to remote systems because admins can preconfigure them to automatically redirect local resources to the remote host. Threat actors have increasingly abused this functionality in phishing campaigns. The Russian state-sponsored APT29 hacking group has previously used rogue RDP files to remotely steal data and credentials from victims. When opened, these files can connect to attacker-controlled systems and redirect local drives to the connected device, allowing the attacker-controlled device to steal files and credentials stored on disk. They can also capture clipboard data, such as passwords or sensitive text, or redirect authentication mechanisms like smart cards or Windows Hello to impersonate users https://hackmd.io/@alexaa...
Read more

How to write technical blog posts that people actually read?

 Applying recently learned knowledge is one of the best way to reinforce our learning. Turning around and teaching it to somebody else through technical blog post is excellent way to do it. Technical blogging is critical to early growth as a community. The motive of this article is not only to provide medium guidelines but also write technical blog posts that people will actually read. So, how to write such technical blog post? I have divided it into three major sections and we will discuss each one of them. Preparing raw content i.e. substance Tying up everything and packaging Publicizing i.e. making widely known Preparing raw content (Substance) Writing something that matters is challenging. We should do a lot of homework to create a quality content. Knowing the topic you’re writing about and what’s been already written about it is the first thing that’s required. After you are done with your homework, figure out what’s missing. You may feel that everything about the topic is wri...
Read more

Ultimate Guide to Activate YouTube on Smart TVs & Streaming Devices

Watching YouTube on a bigger screen is always more fun—movies, music videos, podcasts, and even your favorite creators come to life! If you’re setting up YouTube on your Smart TV, streaming stick, or gaming console, you’ll likely see an activation page asking you to visit yt.be/activate. Don’t worry — this guide will walk you through the process step-by-step and help fix any activation issues along the way. Let’s get started! https://www.bly.com/blog/general/the-virtue-of-modesty/ https://www.laserantitabac.pro/index.php/2023/04/28/les-addictions-un-probleme-de-sante-publique/ https://sirmaskafsoxila.gr/index.php/component/k2/item/1-lorem-ipsum-has-been-the-industry-s-standard-dummy-text-in-the-world What is yt.be/activate? yt.be/activate is the official YouTube activation website that lets you sign in to your Google account on a TV without typing long passwords using a remote. It connects your YouTube app on:  Smart TVs (Samsung, LG, Vizio, Sony, TCL, Hisense…)  Amazon Fire T...
Read more