[org-monitor] Daily Report — 2026-03-17

[github-actions[bot]]

Monitored: 76 repositories | Excluded: php-swagger | Window: 2026-03-16T08:09Z → 2026-03-17T08:09Z

Organization Totals

Metric	Count
PRs opened	68
PRs merged	33
PRs closed (no merge)	~5
Issues opened	21
Issues closed	20
Commits to default branch	~21
New releases/tags	0
Failed CI runs (default branch)	6

ℹ️ The majority of PR/issue activity is Dependabot automation and gh-aw agentic workflow reports.

---

Active Repositories

swagger-php

Pull Requests

• ✅ Merged: #1979 Rector / CS fixes — @DerManoMann
• ✅ Merged: #1978 bump ramsey/composer-install from 3 to 4 — @dependabot[bot]
• ❌ Closed: #1981 [Backport #1976 to 5.x] Corrected incorrect object creation in README.md (automated backport)

Commits (2 to master)

• 7f6f6ab Fixed README.md (#1976) — @mariuszkrzaczkowski
• 5957b9d Rector / CS fixes (#1979) — @DerManoMann

---

subcog

Pull Requests (all Dependabot — auto-merged)

• ✅ Merged: #166 bump tracing-subscriber from 0.3.22 to 0.3.23 — @dependabot[bot]
• ✅ Merged: #165 bump once_cell from 1.21.3 to 1.21.4 — @dependabot[bot]
• ✅ Merged: #164 bump rusqlite from 0.38.0 to 0.39.0 — @dependabot[bot]
• ✅ Merged: #162 bump clap from 4.5.60 to 4.6.0 — @dependabot[bot]
• ✅ Merged: #156 bump softprops/action-gh-release from 2.5.0 to 2.6.1 — @dependabot[bot]
• ✅ Merged: #155 bump docker/metadata-action from 5 to 6 — @dependabot[bot]
• ✅ Merged: #154 bump actions/cache from 5.0.1 to 5.0.3 — @dependabot[bot]

Commits (7 to main, all Dependabot dep bumps — see PRs above)

⚠️ CRITICAL SECURITY ISSUE UNRESOLVED — see subcog#153: AWS Access Key exposed since 2026-03-14T02:27 UTC (~76 hours, ZERO remediation).

---

vscode-git-adr

Pull Requests (all Dependabot — auto-merged)

• ✅ Merged: #38 bump @typescript-eslint/eslint-plugin 8.57.0→8.57.1 — @dependabot[bot]
• ✅ Merged: #39 bump sinon from 21.0.2 to 21.0.3 — @dependabot[bot]
• ✅ Merged: #40 bump @typescript-eslint/parser 8.57.0→8.57.1 — @dependabot[bot]

Commits (3 to main, all Dependabot)

• b22e983 bump @typescript-eslint/eslint-plugin 8.57.0→8.57.1 ([Dependencies] Weekly Report — 2026-03-02 #38) — @dependabot[bot]
• 78a0054 bump sinon 21.0.2→21.0.3 ([Release] Weekly Readiness Report — 2026-03-02 #39) — @dependabot[bot]
• 6db1802 bump @typescript-eslint/parser 8.57.0→8.57.1 ([Branch Cleanup] Weekly Report — 2026-03-02 #40) — @dependabot[bot]

---

ccpkg

Pull Requests (all Dependabot — auto-merged)

• ✅ Merged: #25 bump @astrojs/starlight from 0.37.7 to 0.38.1 — @dependabot[bot]
• ✅ Merged: #24 bump astro from 5.18.0 to 6.0.5 — @dependabot[bot]
• ✅ Merged: #22 bump actions/download-artifact from 8.0.0 to 8.0.1 — @dependabot[bot]

Commits (3 to main)

• 0498714 bump @astrojs/starlight 0.37.7→0.38.1 (ci: bump actions/cache from 4.3.0 to 5.0.3 #25) — @dependabot[bot]
• da52da9 bump astro 5.18.0→6.0.5 (major) (ci: bump actions/setup-python from 5.6.0 to 6.2.0 #24) — @dependabot[bot]
• 262aa20 bump actions/download-artifact 8.0.0→8.0.1 (ci: bump github/gh-aw from 0.50.7 to 0.51.2 #22) — @dependabot[bot]

---

github-agentic-workflows

Commits (3 to main — owner commits)

• e609524 docs: add identity preamble to aw-author command — @zircote
• 93d7254 feat: add gh-aw compilation hooks for workflow editing — @zircote
• 5da296f chore: bump version to 1.0.1 — @zircote
• fd59bf0 docs: sync plugin references with upstream gh-aw specification — @zircote

---

rust-template

Pull Requests

• ✅ Merged: #39 chore(deps): bump github-actions group with 6 updates (taiki-e, codeql-action, gh-aw, download-artifact, action-gh-release, cosign-installer) — @dependabot[bot]

Commits (1 to main)

• b5da71c bump github-actions group with 6 updates ([Release] Weekly Readiness Report — 2026-03-02 #39) — @dependabot[bot]

---

github4farms-training

Pull Requests

• ✅ Merged: #27 chore(deps): bump github-actions group (gh-aw 0.56.2→0.58.3, download-artifact 8.0.0→8.0.1) — @dependabot[bot]

Commits (1 to main)

• c6e2e5c bump github-actions group with 2 updates ([agent-health] Agent Status — 2026-03-01 #27) — @dependabot[bot]

---

nsip-example

Pull Requests

• ✅ Merged: #17 chore(deps): bump github-actions group (gh-aw 0.56.2→0.58.3, download-artifact 8.0.0→8.0.1) — @dependabot[bot]

Commits (1 to main)

• ee0d751 bump github-actions group with 2 updates ([org-monitor] Daily Report — 2026-02-28 #17) — @dependabot[bot]

---

.github

Pull Requests (all Dependabot — auto-merged)

• ✅ Merged: #306 bump github/gh-aw from 0.56.2 to 0.58.3 — @dependabot[bot]
• ✅ Merged: #303 bump softprops/action-gh-release from 2.5.0 to 2.6.1 — @dependabot[bot]
• ✅ Merged: #298 bump github/codeql-action from 4.32.6 to 4.33.0 — @dependabot[bot]
• ✅ Merged: #296 bump astral-sh/setup-uv from 7.3.1 to 7.5.0 — @dependabot[bot]

Issues (automated workflows — 21 opened, 20 closed)

• 🆕 Opened: #323 [Alert] Smart Alerts — 2026-03-17 06:35 UTC — @github-actions[bot]
• 🆕 Opened: #322 Smart Alerts — 2026-03-17 ~00:49 UTC — @github-actions[bot]
• 🆕 Opened: Multiple maintenance-board, CI, housekeeping, standup, triage reports — @github-actions[bot]
• ✔️ Closed: 20 superseded bot issues (not_planned)

Commits (4 to main)

• 814924c bump github/gh-aw from 0.56.2 to 0.58.3 (ci: bump github/gh-aw from 0.56.2 to 0.58.3 #306) — @dependabot[bot]
• e83e5e8 bump softprops/action-gh-release from 2.5.0 to 2.6.1 (ci: bump softprops/action-gh-release from 2.5.0 to 2.6.1 #303) — @dependabot[bot]
• b38479e bump github/codeql-action from 4.32.6 to 4.33.0 (ci: bump github/codeql-action from 4.32.6 to 4.33.0 #298) — @dependabot[bot]
• 7fb268d bump astral-sh/setup-uv from 7.3.1 to 7.5.0 (ci: bump astral-sh/setup-uv from 7.3.1 to 7.5.0 #296) — @dependabot[bot]

---

Attention Required

🔴 CRITICAL — Security: AWS Key Exposed in subcog (Day 3+)

Field	Detail
Repo	subcog (public)
Issue	subcog#153
File	src/security/mod.rs @ commit ad6f61a6
Detected	2026-03-14T02:27 UTC
Age	~76 hours — ZERO response, ZERO remediation

Required actions (in order):

1. Revoke the AWS Access Key immediately
2. Remove the key from src/security/mod.rs and push a fix
3. Purge from git history (git filter-repo or BFG Repo Cleaner)
4. Rotate any dependent services
5. Close subcog#153 with a remediation note

---

🔴 Failing CI on Default Branch

Repo	Workflow	Age	Root Cause	Fix
atlatl	CI Checks	~11d	Clippy 1.94 strict lints + broken doc links	Fix lints manually
atlatl	Pipeline	~10d	ONNX Runtime prebuilt targets dropped	Review CI matrix
atlatl-spec	Validate Specification	~15d	Invalid <br/> in Mermaid sequence diagram	Fix diagram syntax
sdlc-quality	CI	~21d ⚠️	Broken since chore: update dependabot configuration (2026-03-01)	Investigate config — OLDEST
vscode-git-adr	CI	~19d	actions/upload-artifact v6→v7 breaking change	Update workflow to v7 API
github-project-manager	Agentic Maintenance	~4d	github/gh-aw bump to 0.56.2	Merge PR #4 — fix ready

💡 Quick win: Merge github-project-manager PR #4 immediately (gh-aw 0.58.3 fix is ready).

---

Stale PRs (> 7 days, no activity)

Repo	PR	Title	Opened
zircote-ansible	#2	some development, needs much more	2014-05-28
git-notes-memory	#33	Code review: Large PR batch (DRAFT)	2025-12-26
subcog	#152	Open contributor PR	2025-12+
atlatl	#94	Dependabot major bump	2026-02+
daedalus	#19	docker/build-push-action v6→v7 major	2026-02+
.github	#184	bump actions/setup-node v6.2.0→v6.3.0	2026-03-09
(+ ~14 additional stale Dependabot PRs across org)

Total stale open PRs: 20

---

Security-Related Activity

• subcog #153: AWS Access Key exposed — CRITICAL, Day 3, no response

---

Quiet Repositories

67 repositories with no activity in the last 24 hours

maker-rs, rlm-rs, atlatl, atlatl-spec, daedalus, sdlc-quality, github-project-manager, adr, adrscope, git-adr, structured-madr, agents, aesth, auto-harness, memory-benchmark-harness, git-notes-memory, lro-bench, lro-bench-results, human-voice, rlm-rs-plugin, memory-capture-plugin, documentation-review, MIF, Hal, chef-composer, Bloom, ApiProblem, tone-police, homebrew-tap, zircote-ansible, mnemonic, refactor, profile (and remaining non-active repos of the 76 monitored total)

---

Generated by org-monitor workflow — https://github.com/zircote/.github/actions/runs/23184479187

AI generated by Org Repository Monitor · history

• expires on Mar 24, 2026, 8:15 AM UTC