Daily Org Oversight Report — 2026-05-21 (UTC)

[fro-bot]

Scope: all repositories in the fro-bot GitHub organization. Data pulled via gh at run start. Links only; no content duplication.

Previous report: #3322.

The big signal today: the issue count on fro-bot/.github jumped 53 → 74 (+21 in 24h), but ~14 of those are substantive engineering issues from a self-audit of the reconcile, survey, privacy-gate, and social-broadcast subsystems. The agent looked inward and filed the receipts. That's not noise — it's a backlog of real work surfaced in one cycle. The other major delta: yesterday's agent#646 (bug, unassigned) closed.

Summary metrics

Metric	Count	Δ vs yesterday
Repositories scanned	5 (tokentoilet archived)	—
New issues (last 24h, org-wide)	18 (14 substantive + 2 op logs + 1 autohealing + 1 oversight)	+11
Open PRs (org-wide)	7	+1 (a new docs PR on .github)
Aging PRs (>7d no activity)	1	0
Stale PRs (>14d no activity)	1	0
Stale issues (>30d no activity)	2	0
Operational-log issues >14d	22	+1
Failing main-branch workflows (latest run)	1 (agent → Auto Release, ~60d red)	0
Open code-scanning alerts	9 (.github=3, agent=6)	0
Open Dependabot alerts	0	0
Unassigned bug issues	0 (yesterday's agent#646 closed)	−1

Critical items

Repo	Item	Link	Recommended action
fro-bot/.github	Privacy-gate cluster (4 issues): Private wiki gate re-leaks canonical filenames via stderr, defense-in-depth gaps, metadata-tampering bypass (flip private→false in same PR), plus Survey Repo privacy-gate stderr-surfacing gap. Security-sensitive — visibility-leak surface.	#3326, #3327, #3328, #3345	P0. Triage as a group. The metadata-tampering bypass (#3328) is the highest-leverage one — a malicious PR can defeat the whole gate by toggling one field. Patch that before the others.
fro-bot/.github	Reconcile visibility-transition cluster (7 issues): same-run dedup race, missing operator-readable counter, silent duplicate-skip, legacy node_id-less entries, duplicate test, counter accuracy in error paths, missing label-cache.	#3332–#3337, #3340	P1. Schedule a focused reconciler hardening pass. Combined with yesterday's #3319/#3320, the reconciler now has 9 open correctness/observability issues. Pair them; treat as one work unit.
fro-bot/.github	Social broadcast TOCTOU: #3325 — recheck-then-broadcast window allows expansion.	#3325	P1. Read-then-write windows on a broadcast surface are a privacy footgun.
fro-bot/.github	Survey Repo App-token NBCs: #3349 — token-expiry race + App-install assumption gaps.	#3349	P2. Document and harden token-lifecycle assumptions before they break in production.
fro-bot/agent	Auto Release still failing on main since 2026-03-22 (~60d red). Fourth report.	run 23399265449	Decide and act. Delete or fix. The recurring carryover is itself a signal: nobody owns it.
fro-bot/agent	Scorecard: Vulnerabilities (#13), SAST, Fuzzing, CII-Best-Practices, Code-Review, Branch-Protection	code scanning	Policy debt. Carryover. Verify #13 (Vulnerabilities) isn't a real CVE.
fro-bot/.github	Scorecard: Branch-Protection, CII-Best-Practices, Fuzzing	code scanning	Policy debt. Carryover.

No Dependabot alerts. No broken release pipelines blocking shipping.

Aging PRs (>7d no activity)

Repo	PR	Age	Author
fro-bot/systematic	#2 feat(deps): configure Renovate	25d	app/fro-bot

All other 6 PRs (5 on agent, 1 docs PR on .github) updated within the last 24h.

Stale issues (>30d no activity)

Repo	Issue	Age	Recommended next step
fro-bot/systematic	#1 Enable code scanning (CodeQL / Scorecard) for coverage parity	73d	Decide enablement or close. Fourth report.
fro-bot/fro-bot.github.io	#1 Enable code scanning (CodeQL / Scorecard) for coverage parity	73d	Static site — close as N/A. Fourth report.

Op-log entropy: 22 op-log/autohealing issues now >14d old in fro-bot/.github (+1 since yesterday). Auto-close still unimplemented — and now the substantive issue queue is sharing space with the noise.

Unassigned bugs or high-signal issues

No bug-labeled issues open. But unlabeled high-signal items are accumulating fast:

Repo	Issue	Why it's high-signal
fro-bot/.github	#3326–#3328, #3345	Privacy/security gate gaps. Treat as P0.
fro-bot/.github	#3319, #3320, #3332–#3337, #3340	Reconciler correctness/observability cluster (9 issues).
fro-bot/.github	#3325	Social broadcast TOCTOU.

Carryover: extend bug/security label taxonomy to .github so these are queryable. Right now they're only findable by title search.

Repo hotspots

1. fro-bot/.github — 73 open issues. ~45 op logs, ~14 substantive engineering issues filed today, 4 autohealing/oversight reports, plus survey/dependency-dashboard residue. The substantive work backlog just doubled. 1 open PR (the docs PR from earlier sessions).
2. fro-bot/agent — 5 open PRs (all Renovate), 2 open issues. Steady Renovate churn. #646 closed.
3. fro-bot/systematic — Same call as the last four reports: 25d-cold PR fix: add @fro-bot as a collaborator to prevent it from being "removed" #2, 73d-cold issue feat: set default settings #1. The repo is either dead or needs to be revived deliberately.

Recommended actions (checklist)

• New (P0): Patch the privacy-gate metadata-tampering bypass in #3328. That's the highest-leverage gap. Then handle #3326/#3327/#3345 together.
• New (P1): Treat the 9-issue reconciler cluster (#3319, #3320, #3332–#3337, #3340) as one hardening pass. They cite the same code paths.
• New (P1): Fix the social-broadcast TOCTOU in #3325.
• New (P2): Document the Survey Repo App-token lifecycle assumptions per #3349.
• Carryover ×4: Implement 14d auto-close for op-log + autohealing issue patterns. The backlog is calcifying and now competing for attention with real engineering issues.
• Carryover ×4: Decide fro-bot/agent → Auto Release (delete or fix). 60 days red. The carryover itself is now diagnostic.
• Carryover ×4: Resolve fro-bot/systematic#2 (25d cold) — merge or close.
• Carryover ×4: Resolve fro-bot/systematic#1 and fro-bot/fro-bot.github.io#1 (CodeQL, 73d cold).
• Carryover ×4: Triage the 9 Scorecard alerts; specifically verify agent's #13 Vulnerabilities isn't a real CVE.
• Carryover ×3: Add bug/security labels to fro-bot/.github so today's privacy/reconciler issues are queryable.

---

Run Summary

• Event: schedule
• Repo: fro-bot/.github
• Ref: refs/heads/main
• Run ID: 26204937114
• Cache: hit
• Sessions used: ses_1c6ba9e0dffe7oK9VLD2oWDr9c (prior thread)
• Logical Thread: schedule-898cd73a
• Mode: branch-pr (single summary issue)
• Repos scanned: 5
• Data sources: gh issue list, gh pr list, gh api actions/workflows, gh api code-scanning/alerts, gh api dependabot/alerts

[marcusrbrown]

Sunsetting the Fro Bot operational-log journal pipeline. The journal-entry pipeline is removed in PR (link forthcoming); future control-plane activity will route through Discord (in a follow-up integration). Closing as superseded by the sunset.