Daily Org Oversight Report — 2026-05-20 (UTC)

[fro-bot]

Scope: all repositories in the fro-bot GitHub organization. Data pulled via gh at run start. Links only; no content duplication.

Previous report: #3311. Yesterday's P0 (bfra-me collaborator-grant duplicates #3307, #3308) is closed — perimeter handled. Reconciler dedup bug is now formally tracked in #3319 and #3320.

Summary metrics

Metric	Count	Δ vs yesterday
Repositories scanned	5 (tokentoilet archived)	—
New issues (last 24h, org-wide)	7 (2 op logs, 1 autohealing, 1 oversight, 1 agent bug, 2 reconciler self-reports)	+1
Open PRs (org-wide)	6	−3 (Renovate batch merged)
Aging PRs (>7d no activity)	1	0
Stale PRs (>14d no activity)	1	0
Stale issues (>30d no activity)	2	0
Operational-log issues >14d	21	+1
Failing main-branch workflows (latest run)	1 (agent → Auto Release, red since 2026-03-22, now ~59d)	0
Open code-scanning alerts	9 (.github=3, agent=6)	+1 (agent alert #13 Vulnerabilities surfaced; opened 2026-01-14, prior count was paginated)
Open Dependabot alerts	0	0
Unassigned bug issues	1 (new: agent #646)	+1

Critical items

Repo	Item	Link	Recommended action
fro-bot/agent	New bug-labeled, unassigned: "Gateway intent-posture flip — make privileged intents opt-in" (handoff from marcusrbrown/.dotfiles Discord-revival plan, Unit 9).	#646	Assign and scope. Cross-repo handoff means the dependency chain is live — don't let this rot.
fro-bot/.github	Reconciler dedup/race bugs self-reported: rollup race-suppression not observable in summary/logs (#3319); cross-run idempotency gap for rollup creation (#3320). Confirms yesterday's diagnosis of the double-emission at 08:54:50Z.	#3319, #3320	Triage these together. The reconciler audited itself and filed the receipts — now fix the gates.
fro-bot/agent	Auto Release workflow still failing on main since 2026-03-22 (~59d red). Prepare Release PR is doing the work.	run 23399265449	Delete or fix. Third report in a row.
fro-bot/agent	Scorecard alerts: Vulnerabilities, SAST, Fuzzing, CII-Best-Practices, Code-Review, Branch-Protection	code scanning	Policy debt. Alert #13 (Vulnerabilities, opened 2026-01-14) is the highest-value one to inspect — verify it isn't a real CVE before treating it as taxonomy noise.
fro-bot/.github	Scorecard alerts: Branch-Protection, CII-Best-Practices, Fuzzing	code scanning	Policy debt. Carryover.

No Dependabot alerts. No broken release pipelines blocking shipping.

Aging PRs (>7d no activity)

Repo	PR	Age	Author
fro-bot/systematic	#2 feat(deps): configure Renovate	24d	app/fro-bot

All 5 PRs on agent updated within the last 24h (Renovate). The .github Renovate batch from yesterday merged cleanly — backlog shrunk by 3.

Stale issues (>30d no activity)

Repo	Issue	Age	Recommended next step
fro-bot/systematic	#1 Enable code scanning (CodeQL / Scorecard) for coverage parity	72d	Decide enablement or close. Carryover.
fro-bot/fro-bot.github.io	#1 Enable code scanning (CodeQL / Scorecard) for coverage parity	72d	Static site — likely close as N/A. Carryover.

Op-log entropy: 21 operational-log issues now >14d old in fro-bot/.github (+1 since yesterday). The retention recommendation is two reports old. The queue is calcifying.

Unassigned bugs or high-signal issues

Repo	Issue	Status
fro-bot/agent	#646 Gateway intent-posture flip	bug label, no assignee. Cross-repo handoff from .dotfiles Discord-revival plan Unit 9.
fro-bot/.github	#3319, #3320	No labels, no assignees — but high signal: the reconciler diagnosed its own dedup bug. Treat as P1.

The bug label taxonomy is now active (one issue carries it). Carryover recommendation: extend the baseline to .github so reconciler bugs like #3319/#3320 get the same label treatment.

Repo hotspots

1. fro-bot/.github — 53 open issues (40+ op logs + 2 reconciler self-reports + autohealing/oversight noise), 0 open PRs. Issue volume keeps climbing; PR queue is clean.
2. fro-bot/agent — 5 open PRs (all Renovate), 3 open issues including the new bug Action Required: Fix Renovate Configuration #646. Active and now carrying real engineering work.
3. fro-bot/systematic — Stalest PR in org (fix: add @fro-bot as a collaborator to prevent it from being "removed" #2, 24d), 72d-cold issue feat: set default settings #1. Three reports of stillness. Decide if this repo is alive or archive it.

Recommended actions (checklist)

• New: Triage fro-bot/agent#646 (gateway intent-posture). Assign owner. This is the active cross-repo dependency edge from the .dotfiles Discord-revival plan.
• New: Triage #3319 + #3320 together — they're the receipts for yesterday's reconciler dedup bug. Pair the fix.
• New: Inspect agent code-scanning alert #13 Vulnerabilities — open since 2026-01-14, surfaced today in pagination. Confirm it's policy noise vs a real CVE.
• Carryover ×3: Implement 14d auto-close for op-log + autohealing issue patterns. Backlog is now 21 issues deep past the retention threshold.
• Carryover ×3: Decide fro-bot/agent → Auto Release (delete or fix). 59 days red.
• Carryover ×3: Resolve fro-bot/systematic#2 (Renovate, 24d cold) — merge or close.
• Carryover ×3: Resolve fro-bot/systematic#1 and fro-bot/fro-bot.github.io#1 (CodeQL enablement, 72d cold).
• Carryover ×3: Triage the 9 Scorecard alerts or enforce Branch-Protection baseline across .github + agent.
• Carryover ×2: Extend bug label taxonomy from agent to .github so reconciler issues like Reconcile: rollup race-suppression not observable in summary or logs #3319/Reconcile: cross-run idempotency gap for rollup creation #3320 are queryable.

---

Run Summary

• Event: schedule
• Repo: fro-bot/.github
• Ref: refs/heads/main
• Run ID: 26140484512
• Cache: hit
• Sessions used: ses_1c6ba9e0dffe7oK9VLD2oWDr9c (prior thread)
• Logical Thread: schedule-898cd73a
• Mode: branch-pr (single summary issue)
• Repos scanned: 5
• Data sources: gh issue list, gh pr list, gh api actions/workflows, gh api code-scanning/alerts, gh api dependabot/alerts

[fro-bot]

Auto-closed: daily report retention policy (3 days). Superseded by newer reports.