Summary Metrics
| Metric |
Count |
| Repos scanned |
4 (agent, .github, systematic, fro-bot.github.io) |
| Total open issues (org-wide) |
34 |
| Total open PRs (org-wide) |
9 |
| New issues (last 24h) |
4 (all .github — operational/autohealing logs) |
| Stale issues (>30 days) |
2 |
| Aging PRs (>7 days) |
1 (12 days stale) |
| PRs with failing CI |
0 |
| Main branch failures |
0 (yesterday's .github Survey Repo failure resolved) |
| Dependabot alerts |
1 (NEW) — agent |
| Code scanning alerts (Scorecard) |
8 (agent: 4 incl. new VulnerabilitiesID, .github: 4) |
Critical Items
| Repo |
Item |
Severity |
Recommended Action |
agent |
NEW Dependabot #67 — XSS in ip-address package (Address6 HTML-emitting methods) |
Medium |
Update or patch ip-address dependency. Check if the XSS vector is reachable in agent code. |
agent |
NEW Scorecard #13 — VulnerabilitiesID (known vulnerabilities in dependencies) |
High |
Likely triggered by the ip-address Dependabot alert above. Resolve the dep update to clear both. |
agent |
Branch-Protection #1 — release branch lacks protection |
High |
Add branch protection or repo rulesets to release branch |
.github |
Code-Review #6 — low human approval rate |
High |
Ensure PRs get review before merge |
.github |
Branch-Protection #1 — main requires only 1 reviewer |
High |
Consider requiring 2 reviewers or CODEOWNERS review |
Open PRs by Repo
fro-bot/agent — 5 open PRs (all CI green)
| PR |
Title |
Age |
Labels |
| #601 |
build(deps): update anomalyco/opencode to v1.14.39 |
~2d |
automerge, patch |
| #600 |
fix(deps): update @aws-sdk/client-s3 to v3.1041.0 |
~3d |
automerge, minor |
| #599 |
chore(dev): update eslint to v10.3.0 |
~3d |
automerge, minor |
| #598 |
build(deps): update @opencode-ai/sdk to v1.14.33 |
~3d |
automerge, patch |
| #597 |
build(deps): update @fro.bot/systematic to v2.7.3 |
~3d |
automerge, patch |
fro-bot/.github — 3 open PRs
| PR |
Title |
Age |
Status |
| #3242 |
feat(cadence): retire fixed-staleness model, add per-channel observability |
<1d |
Approved — ready to merge |
| #3230 |
chore(dev): update eslint to v10.3.0 |
~3d |
automerge, CI green |
| #3225 |
chore(deps): update jdx/mise to v2026.5.1 |
~4d |
automerge, CI green |
fro-bot/systematic — 1 open PR
| PR |
Title |
Age |
Status |
| #2 |
feat(deps): configure Renovate |
12 days |
No CI checks configured |
Aging PRs (>7 days, no activity)
| Repo |
PR |
Title |
Last Updated |
Notes |
systematic |
#2 |
feat(deps): configure Renovate |
2026-04-25 |
12 days stale. No CI configured. Merge or close. |
Stale Issues (>30 days, no activity)
| Repo |
Issue |
Title |
Last Updated |
Recommended Action |
systematic |
#1 |
Enable code scanning (CodeQL / Scorecard) |
2026-03-09 |
59 days stale. Implement or close. |
fro-bot.github.io |
#1 |
Enable code scanning (CodeQL / Scorecard) |
2026-03-09 |
59 days stale. Implement or close. |
Unassigned Bugs / High-Signal Issues
No issues labeled bug with no assignee found across the org.
Repo Hotspots
| Rank |
Repo |
Open Issues |
Open PRs |
Stale Items |
Signal |
| 1 |
agent |
2 |
5 |
0 |
New Dependabot + Scorecard vulnerability alerts. 5 green dep PRs queuing. |
| 2 |
.github |
30 |
3 |
0 |
Main branch green again. PR #3242 approved and ready. |
| 3 |
systematic |
1 |
1 |
2 |
Both items stale — needs attention |
Recommended Actions
Compared to yesterday's report (#3236): .github main branch is green again (Survey Repo failure resolved). New security finding: agent has a Dependabot alert (#67, ip-address XSS) and a new Scorecard VulnerabilitiesID alert (#13). agent release PR #596 was merged. New .github PR #3242 from Marcus is approved.
Run ID: 25474716345
Summary Metrics
agent,.github,systematic,fro-bot.github.io).github— operational/autohealing logs).githubSurvey Repo failure resolved)agentagent: 4 incl. new VulnerabilitiesID,.github: 4)Critical Items
agentip-addresspackage (Address6 HTML-emitting methods)ip-addressdependency. Check if the XSS vector is reachable in agent code.agentip-addressDependabot alert above. Resolve the dep update to clear both.agentreleasebranch lacks protectionreleasebranch.github.githubOpen PRs by Repo
fro-bot/agent— 5 open PRs (all CI green)anomalyco/opencodeto v1.14.39@aws-sdk/client-s3to v3.1041.0@opencode-ai/sdkto v1.14.33@fro.bot/systematicto v2.7.3fro-bot/.github— 3 open PRsjdx/miseto v2026.5.1fro-bot/systematic— 1 open PRAging PRs (>7 days, no activity)
systematicStale Issues (>30 days, no activity)
systematicfro-bot.github.ioUnassigned Bugs / High-Signal Issues
No issues labeled
bugwith no assignee found across the org.Repo Hotspots
agent.githubsystematicRecommended Actions
agentDependabot alert — #67ip-addressXSS vulnerability. Update the package or assess reachability. This will likely also clear Scorecard alert #13..githubPR #3242 — approved by Marcus, ready to landagentPRs (Action Required: Fix Renovate Configuration #597-Action Required: Fix Renovate Configuration #601) — dependency updates aging 2-3 days, all CI green.githubdep PRs (chore(deps): update dependency jdx/mise to v2026.5.1 #3225, chore(dev): update dependency eslint to v10.3.0 #3230)systematic#2 (Renovate onboarding) — 12 days idlesystematicandfro-bot.github.io(feat: set default settings #1 in both) — 59 days staleagentrelease branch — Scorecard flags missing protection rulesCompared to yesterday's report (#3236):
.githubmain branch is green again (Survey Repo failure resolved). New security finding:agenthas a Dependabot alert (#67,ip-addressXSS) and a new Scorecard VulnerabilitiesID alert (#13).agentrelease PR #596 was merged. New.githubPR #3242 from Marcus is approved.Run ID: 25474716345