Daily Org Oversight Report — 2026-05-08 (UTC)

[fro-bot]

Summary Metrics

Metric	Count
Repos scanned	4 (agent, .github, systematic, fro-bot.github.io)
Total open issues (org-wide)	34
Total open PRs (org-wide)	6
New issues (last 24h)	4 (all .github — operational/autohealing logs)
Stale issues (>30 days)	2
Aging PRs (>7 days)	1 (13 days — systematic)
PRs with failing CI	0
Main branch failures	0
Dependabot alerts	1 (agent)
Code scanning alerts	8 (agent: 4 incl. 2 high, .github: 4 incl. 2 high)

Critical Items

Repo	Item	Severity	Recommended Action
agent	Dependabot #67 — XSS in ip-address (Address6 HTML methods)	Medium	Update or patch ip-address. Assess reachability in agent code.
agent	Scorecard #13 — VulnerabilitiesID (known dep vulnerabilities)	High	Resolving Dependabot #67 should clear this.
agent	Branch-Protection #1 — release branch lacks protection	High	Add branch protection or repo rulesets
.github	Code-Review #6 — low human approval rate	High	Ensure PRs get review before merge
.github	Branch-Protection #1 — main requires only 1 reviewer	High	Consider 2 reviewers or CODEOWNERS

All default branches green. No main branch CI failures.

Open PRs by Repo

fro-bot/agent — 5 open PRs (all CI green)

PR	Title	Age	Labels
#601	build(deps): update anomalyco/opencode to v1.14.41	3d	automerge, patch
#600	fix(deps): update @aws-sdk/client-s3 to v3.1042.0	4d	automerge, minor
#599	chore(dev): update eslint to v10.3.0	4d	automerge, minor
#598	build(deps): update @opencode-ai/sdk to v1.14.35	4d	automerge, patch
#597	build(deps): update @fro.bot/systematic to v2.7.3	4d	automerge, patch

fro-bot/.github — 0 open PRs

All 3 PRs from yesterday (#3242, #3230, #3225) were merged. The backlog is clear.

fro-bot/systematic — 1 open PR

PR	Title	Age	Status
#2	feat(deps): configure Renovate	13 days	No CI checks configured

Aging PRs (>7 days, no activity)

Repo	PR	Title	Last Updated	Notes
systematic	#2	feat(deps): configure Renovate	2026-04-25	13 days stale. Approaching 14-day threshold. Merge or close.

Stale Issues (>30 days, no activity)

Repo	Issue	Title	Last Updated	Recommended Action
systematic	#1	Enable code scanning (CodeQL / Scorecard)	2026-03-09	60 days stale. Implement or close.
fro-bot.github.io	#1	Enable code scanning (CodeQL / Scorecard)	2026-03-09	60 days stale. Implement or close.

Unassigned Bugs / High-Signal Issues

No issues labeled bug with no assignee found across the org.

Repo Hotspots

Rank	Repo	Open Issues	Open PRs	Stale Items	Signal
1	agent	2	5	0	Dependabot alert active. 5 dep PRs aging 3-4 days.
2	.github	30	0	0	Clean — all PRs merged. Issue count is operational logs.
3	systematic	1	1	2	Both items stale — 60-day issue, 13-day PR

Recommended Actions

• Resolve agent Dependabot alert — #67 ip-address XSS. Update the package to clear both the Dependabot and Scorecard #13 alerts.
• Review and merge the 5 green agent PRs (Action Required: Fix Renovate Configuration #597-Action Required: Fix Renovate Configuration #601) — dependency updates aging 3-4 days, all CI green
• Merge or close systematic #2 (Renovate onboarding) — 13 days idle, hits 14-day stale threshold tomorrow
• Triage stale issues in systematic and fro-bot.github.io (feat: set default settings #1 in both) — 60 days stale, implement CodeQL/Scorecard or close
• Harden agent release branch — Scorecard flags missing protection (force push, status checks, PR requirements)

---

Compared to yesterday's report (#3243): .github cleared its entire PR backlog — #3242, #3230, and #3225 all merged. agent PRs unchanged (5 open, all green, versions rebased). Dependabot alert and Scorecard vulnerability on agent persist. systematic PR #2 approaches 14-day stale threshold.

_{Run ID: 25535119813}

[fro-bot]

Auto-closed: daily report retention policy (3 days). Superseded by newer reports.