Daily Org Oversight Report — 2026-05-28 (UTC)

[fro-bot]

Scope: all repositories in the fro-bot GitHub organization. Data pulled via gh at run start. Links only; no content duplication.

Previous report: #3378.

Small signal of movement on agent — one Renovate PR (#669) finally got approved and merged. The other four are still REVIEW_REQUIRED. Meanwhile Merge Data Branch has now been red for 10 days with no retry attempted, and the 14-issue audit cluster is literally untouched since 2026-05-20 (8 days). The pattern: incremental progress where attention has been applied, total drift where it hasn't.

Summary metrics

Metric	Count	Δ vs yesterday
Repositories scanned	5 (tokentoilet archived)	—
New issues (last 24h, org-wide)	3 (1 oversight, 1 autohealing, 1 wiki survey — first non-bot-housekeeping issue in days)	+2
Open issues, org-wide	32	+1
Open PRs (org-wide)	7	+1 (2 new agent PRs offset 1 merge)
Aging PRs (>7d no activity)	1	0
Stale PRs (>14d no activity)	1	0
Stale issues (>30d no activity)	5	0
Failing main-branch workflows	2 (agent → Auto Release ~67d; .github → Merge Data Branch 10d since last green)	0
Open code-scanning alerts	8 (.github=3, agent=5)	0
Open Dependabot alerts	1 (agent brace-expansion CVE-2026-45149, no upstream fix)	0
agent PRs blocked on REVIEW_REQUIRED	4 (was 5; #669 merged)	−1
Untriaged audit backlog from #3352	14 issues	0 (day 8 unchanged)

Critical items

Repo	Item	Link	Recommended action
fro-bot/.github	Merge Data Branch red for 10 days (last green 2026-05-17). No retry since 2026-05-25. The data-branch merge cadence is functionally abandoned.	latest failure	P0. Read the gate log → 🔒 Block private wiki pages step. The retry already proved the input is sticky. Two paths: patch the gate (matches #3327 defense-in-depth gaps) or remove the offending data-branch content.
fro-bot/agent	4 Renovate PRs still blocked on REVIEW_REQUIRED (#670, #668, #667, #632) with 0 failing checks. #669 cleared yesterday — proves the unblock works when applied. Direct cost of unfixed #3369.	linked above	P0. Patch #3369. Or apply the same approval treatment to the 4 remaining as was applied to #669.
fro-bot/.github	Governance bug #3369 — day 5. Has 2 comments since 2026-05-25 (discussion underway), still no label or assignee.	#3369	Land a fix; the discussion has had time.
fro-bot/agent	Dependabot #72 brace-expansion CVE-2026-45149 — day 4, still no upstream fix.	alert 72	Confirm upstream status; document exposure assessment.
fro-bot/.github	Privacy-gate cluster (P0, day 8 untouched).	#3326, #3327, #3328, #3345	Read #3327 against the failing Merge Data Branch log.
fro-bot/.github	Reconciler cluster (P1, day 8 untouched).	#3319, #3320, #3332–#3337, #3340	One hardening pass.
fro-bot/.github	Social broadcast TOCTOU (P1, day 8 untouched).	#3325	Patch.
fro-bot/agent	Auto Release failing since 2026-03-22 (~67d red). Eleventh report.	run 23399265449	Delete.
fro-bot/agent	Scorecard (5). Carryover.	code scanning	Verify #13.
fro-bot/.github	Scorecard (3). Carryover.	code scanning	—

Aging PRs (>7d no activity)

Repo	PR	Age
fro-bot/systematic	#2 feat(deps): configure Renovate	32d

The 6 open agent PRs are all at 0d updated. New today: #678 (vite v8.0.14), #677 (pending release v0.46.0). Renovate keeps producing; merges remain bottlenecked.

Stale issues (>30d no activity)

Repo	Issue	Age	Recommended next step
fro-bot/systematic	#1	80d	Decide or close. Eleventh report.
fro-bot/fro-bot.github.io	#1	80d	Close as N/A. Eleventh report.
fro-bot/.github	#3161, #3160, #3159	~37d	Triage. Close if surveys complete.
fro-bot/.github	#2828 Dependency Dashboard	~299d	Renovate-managed; pin.

Unassigned bugs or high-signal issues

bug label still doesn't exist on fro-bot/.github. New today: fro-bot/.github#3380 — Wiki Survey for marcusrbrown/gpt, unassigned, no labels.

Cluster	Issues	Days untouched	Current production impact
Privacy gates	#3326–#3328, #3345	8	Merge Data Branch red 10d
Reconciler correctness	#3319, #3320, #3332–#3337, #3340	8	observability gap
Social broadcast	#3325	8	latent privacy risk
Governance bug	#3369	5 (active discussion)	4 Renovate PRs blocked
Enhancement	agent#671	5	—

Repo hotspots

1. fro-bot/.github — 29 open issues + 10-day-failing Merge Data Branch. Issue count creeping up (+1/day) while the structural failures stay frozen.
2. fro-bot/agent — 6 Renovate PRs (4 blocked on review, 2 fresh). The repo can ship feature work (per yesterday's release v0.45.0) but can't drain its dependency-update queue without manual intervention.
3. fro-bot/systematic — Twelfth report on the same orphaned PR (fix: add @fro-bot as a collaborator to prevent it from being "removed" #2, 32d) and issue (feat: set default settings #1, 80d). At this point the listing is the punchline.

Recommended actions (checklist)

• P0 (urgent — 10-day broken cadence): Read Merge Data Branch log → 🔒 Block private wiki pages. Decide and act.
• P0 (broken merge queue): Land #3369 fix. Discussion has been open since 2026-05-25 — past time to converge.
• Manual stopgap (5 minutes): Approve #670, #668, #667, #632 the same way #669 was approved yesterday. Keeps Renovate from drifting further.
• P0 (carryover): Recheck Dependabot #72 upstream.
• 30-second closes: fro-bot.github.io#1; .github#3161/#3160/#3159 if surveys done.
• 2-minute delete: agent → Auto Release workflow.
• Label hygiene: Create bug + security labels on fro-bot/.github.
• Carryover: Audit cluster (day 8), systematic#2/#1, Scorecard.

---

Run Summary

• Event: schedule
• Repo: fro-bot/.github
• Ref: refs/heads/main
• Run ID: 26553975593
• Cache: hit
• Sessions used: ses_1c6ba9e0dffe7oK9VLD2oWDr9c (prior thread)
• Logical Thread: schedule-898cd73a
• Mode: branch-pr (single summary issue)
• Repos scanned: 5
• Data sources: gh issue list, gh pr list, gh api actions/workflows, gh api code-scanning/alerts, gh api dependabot/alerts, gh pr view --json

[fro-bot]

Auto-closed: daily report retention policy (3 days). Superseded by newer reports.