Skip to content

[Alert] Smart Alert — 2026-03-18 12:32 UTC (Cycle 19+) #349

New issue
New issue
Closed as not planned
Closed as not planned
[Alert] Smart Alert — 2026-03-18 12:32 UTC (Cycle 19+)#349
Labels
gpm/alertGPM automated alert
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 18, 2026

Run: 23244795615 | Window: 06:32–12:32 UTC | Previous alert: #340 (closed 10:15 UTC)

🔴 CRITICAL — No Change, No Response

1. Security: AWS Access Key Pattern in subcog — Day 5+

Field Value
Issue subcog#153
Age ~125 hours (~Day 6)
Alert cycles 19+ cycles with ZERO response
Action Revoke/rotate credentials IMMEDIATELY or confirm false positive

🚨 This is the highest-priority item in the organization. Every cycle without response increases exposure window.

2. CI Failures — Ongoing (Default Branches)

Repo Workflow Age Root Cause Action
vscode-git-adr CI ~21d upload-artifact v6→v7 breaking change Update to v7 API
sdlc-quality CI ~18d Broken since dependabot config change (2026-03-01) Investigate config
atlatl-spec Validate Specification ~18d Invalid <br/> in Mermaid sequence diagram Fix diagram syntax
atlatl CI Checks ~14d Clippy 1.94 strict lints + broken doc links Fix lints
atlatl Pipeline ~13d ONNX Runtime prebuilt targets dropped Review CI matrix
github-project-manager Agentic Maintenance ~8d github/gh-aw bump Merge PR #4 (ready)

⚡ Quick win (5 min): Merge github-project-manager PR #4 — gh-aw 0.58.3 bump, CI passing, clears one failure immediately.

🟡 WARNING

3. Issue Spike — 8 New Issues in 6h Window

Threshold: >5 new issues in 6 hours | Actual: 8 issues since 06:32 UTC

ℹ️ All 8 appear to be automated (CI health reports, board audit, tracker issues, prior smart alert). No human-filed issues detected in this window. Spike is automation noise, not a true anomaly — consider filtering bot-authored issues from spike detection.

4. Review Backlog — 20 Open PRs

Threshold: >10 pending reviews | Actual: 20 open PRs with review-requested:zircote

Breakdown includes Dependabot bumps and feature PRs awaiting review:

  • subcog#152: External contributor /healthz endpoint — CI passing, needs 2 approvals
  • atlatl-spec#191: @redocly/cli bump
  • atlatl#94: upload-artifact v4→v7
  • rlm-rs#141: download-artifact 8.0.0→8.0.1
  • +16 additional open PRs across managed repos

✅ Within Threshold

Check Status
Stale critical/high labeled items ✅ No labeled critical/high items without activity (security tracked above)
New CI failures (not already tracked) ✅ No new failures this cycle

Summary

Severity Item Delta
🔴 Critical AWS credentials exposure in subcog Day 6, cycle 19+ — ZERO response
🔴 Critical CI failures in 5 repos / 6 workflows No change — all persist
🟡 Warning Issue spike (8 in 6h, mostly automated) Automation noise
🟡 Warning 20 open PRs pending review Stable

Top priorities:

  1. 🚨 Revoke subcog credentialssubcog#153 — Day 6, no response
  2. Merge github-project-manager PR #4 — 5 min fix
  3. 🔧 Fix vscode-git-adr CI — oldest failure at ~21d
  4. 🔧 Fix sdlc-quality CI — ~18d, dependabot config regression

gh-aw-workflow-id: smart-alerts

Generated by Smart Alerts ·

Generated by Smart Alerts ·

Metadata

Metadata

Assignees

No one assigned

    Labels

    gpm/alertGPM automated alert

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions