Process completed with exit code 1.\\n```\\n\\n`gh extension install .` from this repo\\u0026#39;s manifest does not produce a runnable binary at `${HOME}/.local/share/gh/extensions/gh-aw/gh-aw`. The step name says \\u0026#34;Build and install\\u0026#34; but the script never builds anything. PR Sous Chef has only ever run twice and failed both times — same call-site, same outcome.\\n\\n\\n\\n\\nCluster A2 — Daily Copilot Token Usage Audit: dual install steps conflict\\n\\nThe workflow has **two install steps**:\\n\\n1. `Build and install gh-aw CLI from source` (`.github/workflows/copilot-token-audit.lock.yml:436-440`) — `gh extension install .`\\n2. `Install gh-aw extension` (`.github/workflows/copilot-token-audit.lock.yml:534-561`) — checks `gh extension list | grep -q \\u0026#34;github/gh-aw\\u0026#34;`, falls into install branch if not matched, then runs `gh extension install github/gh-aw`.\\n\\nThe detection in step 2 only matches the upstream-repo name `github/gh-aw`, so the local install from step 1 isn\\u0026#39;t recognized. Step 2 then attempts `gh extension install github/gh-aw`, which fails because the local install already registered the `aw` command:\\n\\n```\\nInstalling gh-aw extension...\\nthere is already an installed extension that provides the \\u0026#34;aw\\u0026#34; command\\n##[error]Process completed with exit code 1.\\n```\\n\\nThis workflow succeeded yesterday — the regression came in between 2026-05-12 12:01 (run 25733084778 ✅) and 2026-05-13 12:02 (run 25797859828 ❌).\\n\\n\\n\\n\\naudit-diff: Daily Copilot Token Usage Audit success → failure\\n\\nBase: 25733084778 (success, 2026-05-12). Compare: 25797859828 (failure, 2026-05-13).\\n\\n- `api.githubcopilot.com:443` traffic dropped from **17 allowed requests → 0** (agent never reached the LLM).\\n- `core` GitHub API consumption jumped **+367%** (603 → 2816) — likely log-download step ran before the install conflict killed the job.\\n- No new denied domains; no MCP tool diffs (agent never ran).\\n\\n\\n\\n### Existing issue correlation\\n\\n- **No existing open issue** covers the extension-install conflict in `agentic-workflows` tracking (pre-fetched 14 open issues, none match `Sous Chef`, `extension install`, or `Build and install`).\\n- Related but distinct: #31178 (Bash permission denials), #31370 (chroot node-missing), #31651 (LLM-invocation cap), #31575 (Gemini fetch failed) — none of these target the gh-aw extension install flow.\\n\\n### Proposed fix roadmap\\n\\n**P0 — unblock the agent:**\\n\\n1. **`pr-sous-chef.lock.yml:390-394`** — replace `gh extension install .` with a real build step (e.g. `make` then `gh extension install .` on the produced binary), or switch to the `gh extension install github/gh-aw` pattern that the other workflows use. The current command silently registers the extension without producing a binary.\\n2. **`copilot-token-audit.lock.yml:534-561`** — fix the detection grep. Use `gh extension list | grep -qE \\u0026#39;\\\\bgh-aw\\\\b\\u0026#39;` (matches both `github/gh-aw` and a local install) instead of `grep -q \\u0026#34;github/gh-aw\\u0026#34;`. This prevents the duplicate-install conflict when step 1 already registered the extension.\\n\\n**Success criteria:**\\n- A fresh PR Sous Chef scheduled run completes the `Build and install gh-aw CLI from source` step and reaches the agent.\\n- A fresh Daily Copilot Token Usage Audit run reaches `api.githubcopilot.com:443` (≥1 allowed firewall hit) and completes `Install gh-aw extension` without `there is already an installed extension` errors.\\n\\n**P1 (after P0):**\\n- Audit all `.github/workflows/*.lock.yml` for similar two-install patterns. At least `daily-rendering-scripts-verifier.lock.yml:544-550` and `copilot-token-audit.lock.yml:534-561` use the same grep-pattern that would conflict with a from-source install.\\n\\n### Confidence and unknowns\\n\\n- **High confidence** the dual-install conflict in `copilot-token-audit` is the root cause for cluster A2 (direct log evidence + step source).\\n- **Medium confidence** for cluster A1