Skip to content
Latchkey
Documentation menu

AI optimization insights

How Latchkey generates workflow optimization recommendations automatically, and how to apply them as pull requests.

The Optimization Insights page
Optimization Insights: AI recommendations with confidence scores, by workflow.

Latchkey's AI continuously analyzes your monitored workflows and produces concrete, per-workflow recommendations: caching improvements, redundant steps, runner right-sizing, reliability fixes, and more. You review them on the Optimization Insights page and apply the ones you want as a pull request.

The lifecycle#

01CI eventBackfill done, workflow edited, repeated failures, cost spike, or slowdown
02AI analysisThe agent analyzes the workflow with your Knowledge Base as context
03You reviewRecommendations appear on this page with confidence scores
04Apply as PRLatchkey opens a pull request with the selected changes
05Merge on GitHubYou review and merge; Latchkey tracks the fix as applied

The important property of this lifecycle: nothing changes in your repositories until you decide it should. The AI proposes; every change ships as an ordinary pull request that you review and merge yourself.

When recommendations are generated#

Generation is automatic and event-driven; there is no button to press. The agent runs:

  • After the initial backfill of a newly monitored repository.
  • When a workflow file changes on the analysis branch.
  • When a workflow hits repeated consecutive failures, which also triggers a diagnostic analysis.
  • On a cost spike (a run costing far above the recent average).
  • On performance degradation (a run taking far longer than the recent average).

A processing banner shows on the page while an analysis is running. New recommendations also trigger a notification if you have that type enabled.

The five recommendation categories#

costCostCaching, runner right-sizing, redundant work: changes that cut spend.
performancePerformanceParallelization and pipeline changes that shorten build time.
reliabilityPlatformRetry, timeout, and resilience fixes for flaky or fragile workflow patterns.
securitySecurityRisky workflow patterns and permissions worth tightening.
diagnosticDiagnosticRoot-cause analyses produced when a pipeline keeps failing.

Each recommendation is specific, like "add npm caching to the build job" or "pin GitHub Actions to commit SHAs". Some examples of what each category produces:

CategoryExample recommendations
CostRunner right-sizing, concurrency and cancel-in-progress, path filters, duplicate job elimination, dependency and Docker layer caching, artifact retention
PerformanceJob and step parallelization, matrix tuning, dependency-chain flattening, build caching, conditional execution, fail-fast
Platform (reliability)Retry configuration, timeout tuning, flaky test detection, resource limits for out-of-memory and disk pressure
SecurityExcessive permissions, unpinned actions (one consolidated SHA-pinning recommendation), secret exposure in logs, pull_request_target risks, script injection
DiagnosticRoot-cause fixes proposed after a pipeline failure; see Failure diagnosis below

Reading the page#

  • Optimization Overview: a health badge with priority counts (High, Medium, Low), the distribution of recommendation types, and estimated monthly savings.
  • Top Optimization Opportunities by repository and by workflow.
  • Insight Severity Distribution and Insight Resolution Rate.
  • AI Optimization Insights table: recommendations grouped by workflow, each with a confidence score.
  • Trends: insights generated over time and confidence score trends.

Working with confidence scores#

Every recommendation carries a 0-100% confidence score, shown as a segmented gauge and a color-coded badge: High at 80%+ confidence, Medium at 50%+, Low below 50%. A practical way to treat it: the score sets how much of your own review effort a recommendation deserves, not whether it is worth reading at all.

High confidence

  • Good candidates to select together and ship in a single PR
  • Usually safe to review quickly: the intent of the change is clear
  • Still read the diff on the PR; high confidence is not a merge instruction

Lower confidence

  • Treat as a well-informed pointer, not a finished patch
  • Apply one at a time so effects are easy to attribute
  • Pair it with what you know about the workflow before selecting it

Beyond the score, each recommendation ships with a detailed description, implementation steps, supporting evidence, and known risks. Cost and performance recommendations add a Current State vs Optimized State comparison covering Duration, Cost/run, Success rate, and Runner, plus a Potential Savings figure: dollars per month, time saved per run, and percent faster. You know what merging a change is worth before you act.

One lever you control here: the agent analyzes with your Knowledge Base as context, so uploading runbooks and conventions gives it more of the ground truth an engineer would want before proposing a change.

Inside the review drawer#

Click View Insights on a workflow to open the full-screen review drawer. It has two tabs: a per-card review and a final file preview. The per-card view walks you through each recommendation in three sections:

  • Best Practice Insights: advice that cannot be expressed as an automatic YAML edit. Mark each item "I've done this" or "Not relevant".
  • Code Change Insights: each change renders as an inline diff block, removed lines in red, added lines in green. Choose "Apply with Latchkey" or "Skip this" per change. Linked changes that must ship together carry a Group badge; accepting one accepts the whole group.
  • Changes Requiring Manual Placement: if the workflow file changed after analysis, a change that can no longer be placed automatically is flagged here. Choose "I'll apply this" and handle it by hand.

The AI Insights Breakdown panel on the right shows full detail for the selected recommendation, with previous and next navigation, the state comparison, savings, and the confidence gauge. The drawer header keeps a running tally of Available, Accepted, and Declined recommendations, and the footer offers Cancel, Select All, and Apply.

The Final file preview tab renders the exact proposed file with only your accepted changes, so you see precisely what will land in your repository. The net effect: you review AI changes the way you review a teammate's PR, line by line, with full context.

Applying recommendations as a PR#

Open a workflow

Click View Insights on a workflow in the insights table to open its review drawer.

Select the recommendations you want

Accept or skip each change individually, mark best-practice items as done or not relevant, and check the final file preview. The header tally tracks what you have accepted.

Apply

Latchkey reads the current workflow file from your analysis branch, commits the accepted changes, and opens a pull request titled "latchkey AI: Optimize <workflow> workflow" on a branch named latchkey/optimize-.... A success banner shows the new PR number, how many recommendations were applied, and a View PR link.

Review and merge on GitHub

The PR is yours to review, edit, and merge like any other. Nothing is merged automatically. When you merge it, Latchkey records the fix as applied.

A useful drawer habit#

You do not have to apply everything a drawer offers in one go. A suggested rhythm: select the high-confidence recommendations first and ship them as one small, easy-to-review PR, then come back for the lower-confidence items individually. Small PRs get reviewed and merged; a single PR that rewrites half a workflow tends to sit.

When that happens, the listed items are not lost work: the PR that was opened is yours to edit, so you can place those remaining changes by hand on the same branch, using the recommendation's description of what it changes and why as your guide.

How recommendations resolve#

The insights list stays current on its own. A recommendation resolves when:

  • You apply it through the PR flow and merge the change.
  • Latchkey detects you fixed the issue manually.
  • The workflow changes so the advice no longer applies; stale recommendations are auto-resolved so they stop resurfacing.
  • A recurring failure stops recurring (for diagnostic insights).

The result is a list you can trust: open items are real, and you never wade through advice for problems you already solved.

Failure diagnosis#

When a pipeline fails, a diagnostic agent starts automatically: nothing to configure, nothing to trigger by hand. It reads the failed job logs, compares the failing workflow file against the last passing run on the same branch, and pinpoints the exact error location. The result lands on this page as a Diagnostic insight that answers three questions: what broke, why it broke, and what to do about it.

Each diagnosis classifies the failure as one of nine types: build error, test failure, dependency issue, environment error, timeout, resource limit, configuration error, external service, or flaky test. It flags whether the failure is recurring or a one-off, and like every recommendation, it carries a confidence badge.

While the analysis runs, a live banner at the top of the page shows what is happening: a headline such as "Diagnostic agent is investigating a pipeline failure", a stage label such as "Finding root cause" or "Generating recommendations", and a progress bar. When the diagnosis is ready, you are notified with the root-cause summary and the number of suggested fixes.

Where the fix can be expressed as a workflow YAML change, you get an applyable change you review in the same drawer as every other recommendation, diff in front of you. Where it needs a human, you get manual steps instead, clearly separated so nothing is silently mis-applied.

Diagnosis and self-healing#

Self-healing

  • Acts at runtime, while the job is still running
  • Fixes environment failures on Latchkey runners with no PR to merge
  • Real defects in your code pass through unchanged, so tests fail truthfully
  • Keeps today's build alive

Failure diagnosis

  • Acts after the run, on any failed pipeline
  • Names the root cause and proposes a durable fix
  • You review and apply on your terms
  • Stops the failure from coming back

The two are complementary, not redundant: self-healing rescues the run in progress, and diagnosis makes sure the same failure does not keep happening.

FAQ#

Why do I have no insights yet?

Generation is event-driven, and the first pass for a repository runs after its initial backfill completes, so a freshly enabled repository takes a little while to produce anything. Check for the backfill progress banner first. Also confirm the branch being analyzed: the Monitoring modal has a per-repository branch selector, and the AI analyzes that branch (defaulting to the repository default branch). See Managing repositories.

How often does the analysis run?

There is no schedule and no button. The agent runs when something happens: after the initial backfill, when a workflow file changes on the analysis branch, on repeated consecutive failures, on a cost spike, or on performance degradation. A processing banner shows on the page while an analysis is in progress.

Will Latchkey ever change my workflows without me?

No. Every change ships as a pull request that you review, edit, and merge yourself. Nothing is merged automatically.

What if the workflow file changed after the recommendations were generated?

Latchkey applies what still fits cleanly and lists the recommendations that need manual placement. The PR is a normal branch you can edit, so you can add those remaining changes by hand.

How do I hear about new recommendations without checking the page?

New recommendations trigger a notification when you have that notification type enabled. See Notifications for the channels and toggles.