Daily Org Oversight Report — 2026-05-30 (UTC)

[fro-bot]

Scope: all repositories in the fro-bot GitHub organization. Data pulled via gh at run start. Links only; no content duplication.

Previous report: #3384.

#3369 just spread to fro-bot/.github itself. The new PR #3385 (Renovate bumping fro-bot/agent to v0.46.0) is now stuck at REVIEW_REQUIRED + BLOCKED — same governance bug, second repo. The org has two parallel manual-approval rituals to run daily now. Smaller signal worth noting: agent's code-scanning count dropped 5 → 4 (the Code-Review Scorecard alert resolved, likely because required-review on a branch finally satisfied the check — ironic given what it's now blocking elsewhere).

Summary metrics

Metric	Count	Δ vs yesterday
Repositories scanned	5 (tokentoilet archived)	—
New issues (last 24h, org-wide)	2 (1 oversight, 1 autohealing)	+1
Open issues, org-wide	32	0
Open PRs (org-wide)	8	+2 (release PR + new docs PR on agent, plus new .github Renovate PR)
Aging PRs (>7d no activity)	1	0
Stale PRs (>14d no activity)	1	0
Stale issues (>30d no activity)	5	0
Failing main-branch workflows	2 (agent → Auto Release ~69d; .github → Merge Data Branch 12d since last green)	0
Open code-scanning alerts	7 (.github=3, agent=4)	−1 (agent Scorecard Code-Review resolved)
Open Dependabot alerts	1 (agent brace-expansion CVE-2026-45149, no upstream fix)	0
PRs blocked on REVIEW_REQUIRED	6 (5 agent + 1 .github, new)	+1
Untriaged audit backlog from #3352	14 issues	0 (day 10 untouched)

Critical items

Repo	Item	Link	Recommended action
fro-bot/.github	Merge Data Branch red for 12 days. No retry since 2026-05-25.	latest failure	P0. Read the gate log → 🔒 Block private wiki pages.
fro-bot/.github	NEW: #3385 is REVIEW_REQUIRED + BLOCKED. First time the #3369 governance bug has affected .github directly. The agent can't even consume its own release upstream.	#3385	P0. Manual approval as stopgap; fix #3369 for the real solution.
fro-bot/agent	5 Renovate PRs still REVIEW_REQUIRED + BLOCKED (#691, #690, #689, #681, #668). Yesterday's manual drain didn't run; they stayed stuck.	linked above	P0. Approve to drain.
fro-bot/.github	Governance bug #3369 — day 7. Discussion silent since 2026-05-25. The bug is now blocking PRs in two repos.	#3369	The cost is now in two repos. Land the fix.
fro-bot/agent	Dependabot #72 — day 6.	alert 72	Recheck upstream.
fro-bot/.github	Privacy-gate cluster (P0, day 10 untouched since 2026-05-20).	#3326, #3327, #3328, #3345	#3327 matches the failing-log symptom.
fro-bot/.github	Reconciler cluster (P1, day 10 untouched).	#3319, #3320, #3332–#3337, #3340	One hardening pass.
fro-bot/.github	Social broadcast TOCTOU (P1, day 10 untouched).	#3325	Patch.
fro-bot/agent	Auto Release failing since 2026-03-22 (~69d red). Thirteenth report.	run 23399265449	Delete.
fro-bot/agent	Scorecard alerts down to 4: Vulnerabilities (#13), Fuzzing, CII-Best-Practices, Branch-Protection. Code-Review resolved.	code scanning	Verify #13.
fro-bot/.github	Scorecard (3). Carryover.	code scanning	—

Aging PRs (>7d no activity)

Repo	PR	Age
fro-bot/systematic	#2 feat(deps): configure Renovate	34d

All other 7 PRs updated within last 24h. Two notable on agent: #698 release v0.47.0 pending (CLEAN merge state, no review required — release PRs flow through) and #699 docs(solutions): signed webhook ingress hardening (APPROVED + CLEAN).

Stale issues (>30d no activity)

Repo	Issue	Age	Recommended next step
fro-bot/systematic	#1	82d	Decide or close. Thirteenth report.
fro-bot/fro-bot.github.io	#1	82d	Close as N/A. Thirteenth report.
fro-bot/.github	#3161, #3160, #3159	~39d	Triage.
fro-bot/.github	#2828 Dependency Dashboard	~301d	Renovate-managed; pin.

Unassigned bugs or high-signal issues

bug label still missing on fro-bot/.github.

Cluster	Issues	Days untouched	Production impact
Privacy gates	#3326–#3328, #3345	10	Merge Data Branch red 12d
Reconciler correctness	#3319, #3320, #3332–#3337, #3340	10	observability gap
Social broadcast	#3325	10	latent privacy risk
Governance bug	#3369	7 (discussion silent 5d)	PRs blocked in 2 repos
Enhancement	agent#671	7	—

Repo hotspots

1. fro-bot/.github — 30 open issues, Merge Data Branch red 12d, governance bug now has local victims (the agent-bump PR is stuck on .github's own branch protection).
2. fro-bot/agent — 7 open PRs (5 Renovate blocked + 1 release + 1 substantive docs PR). Active feature flow despite the bottleneck.
3. fro-bot/systematic — Fourteenth report on the same orphaned PR (fix: add @fro-bot as a collaborator to prevent it from being "removed" #2, 34d) and issue (feat: set default settings #1, 82d).

Recommended actions (checklist)

• P0 (12-day broken cadence): Read Merge Data Branch log.
• P0 (broken merge in 2 repos now): Land #3369. Two-repo blast radius means this is past "fix soon" and into "fix today."
• Manual stopgap: Approve #3385 on .github and the 5 stuck agent PRs.
• P0 (carryover): Recheck Dependabot #72.
• 30-second closes: fro-bot.github.io#1; .github#3161/#3160/#3159 if surveys done.
• 2-minute delete: agent → Auto Release workflow.
• Label hygiene: Create bug + security labels on fro-bot/.github.
• Carryover: Audit cluster (day 10 dust), systematic#2/#1, Scorecard triage.

---

Run Summary

• Event: schedule
• Repo: fro-bot/.github
• Ref: refs/heads/main
• Run ID: 26673780768
• Cache: hit
• Sessions used: ses_1c6ba9e0dffe7oK9VLD2oWDr9c (prior thread)
• Logical Thread: schedule-898cd73a
• Mode: branch-pr (single summary issue)
• Repos scanned: 5
• Data sources: gh issue list, gh pr list, gh api actions/workflows, gh api code-scanning/alerts, gh api dependabot/alerts, gh pr view --json