Skip to content

Daily Fro Bot Report — 2026-07-09 (UTC) #3665

Description

@fro-bot

Daily Fro Bot Report — 2026-07-09 (UTC)

Run Summary

Category Status Notes
Errored PRs No open PRs with failing CI.
Security Zero open Dependabot alerts; no unaddressed critical/high advisories.
Control-Plane Integrity All 76 third-party action refs SHA-pinned with version comments; strip-only TS clean.
Code Quality check-types, lint, test (2333 passed) all green.
Oversight ⚠️ 6 open Renovate PRs org-wide (all healthy); 2 stale issues (>30d).
Cross-Project Intelligence No new adoptable patterns this pass.
Progressive Improvement No meaningful tool-version drift or convention drift.

Errored PRs

None. The single open PR in this repo — #3664 (github/codeql-action → v4.37.0, Renovate) — has all checks green and is BLOCKED only on required human review. No repair needed; approval/merge is out of scope for this run.

Security

None. dependabot/alerts returns zero open alerts. No unaddressed critical/high advisories on direct dependencies or Actions. PR #3664 is itself a routine CodeQL-action digest bump owned by Renovate — left to the normal review path, not touched here.

Control-Plane Integrity

No drift.

  • SHA pinning: All 76 third-party uses: references in .github/workflows/*.yaml and .github/actions/**/action.yaml are pinned to full commit SHAs, each carrying a # vX.Y.Z comment. No floating tags.
  • Strip-only TypeScript: Check Types and Test Scripts Load pass; no enum/namespace/parameter-property/import-alias drift detected in scripts/*.ts.
  • Least privilege / guards: Workflows use ./.github/actions/setup; the wiki-authority guard, private-leak sentinel, and privacy gates remain intact. Nothing weakened.

Code Quality

All local gates green on main:

  • pnpm check-types → pass
  • pnpm lint → pass
  • pnpm test → 43 files, 2333 passed (3 todo)

No mechanical fixes required; nothing committed.

Oversight

Org-wide scan of fro-bot/* (6 active repos). Main-branch CI healthy everywhere; no failing default-branch checks.

Open PRs (all Renovate-authored, dependency-owned — left to Renovate):

Stale issues (>30d, both untouched since 2026-03-09):

  • fro-bot/systematic#1 — Enable code scanning (CodeQL / Scorecard) for coverage parity
  • fro-bot/fro-bot.github.io#1 — Enable code scanning (CodeQL / Scorecard) for coverage parity
  • Recommended next step: decide whether coverage parity is still wanted on these two static/repos; if yes, land a CodeQL+Scorecard workflow pair, else close as won't-do.

Cross-repo goal #3652 remains open (last activity 2026-07-08); no receipt or tracker action owed from this path.

Cross-Project Intelligence

No new adoptable automation patterns surfaced this pass. Sibling repos (bfra-me/.github, bfra-me/works) continue to track ahead on reusable-workflow patterns already mirrored here; nothing net-new worth importing today.

Progressive Improvement

No action.

  • Tool versions current: eslint 10.6.0, prettier 3.9.1, typescript 6.0.3, vitest 4.1.4 — none more than a minor behind; Renovate owns bumps.
  • Node 24.18.0 / pnpm 11.10.0 pinned in mise.toml, consistent with packageManager.
  • No convention drift from copilot-instructions.md; no stale TODO/FIXME of note in scripts/.

Gateway Rollout Tracker

No obvious drift. #3512 last updated 2026-07-08; the dedicated Gateway Rollout Tracker workflow owns tracker writes — not touched here.

Needs Human Attention

  • Coverage-parity code scanning (fro-bot/systematic, fro-bot/fro-bot.github.io): Two 4-month-stale issues request CodeQL + OpenSSF Scorecard for parity with the rest of the org. Smallest safe fix: add a codeql-analysis.yaml + scorecard.yaml pair modeled on fro-bot/.github's existing workflows (SHA-pinned actions, least-privilege permissions), scoped per repo's language. fro-bot.github.io is a Pages site (likely JS/no compiled code) — confirm CodeQL has an analyzable language before wiring it, or close the issue as N/A. Verify by a green CodeQL run on the target's default branch. Deferred here because it's a multi-file, cross-repo addition, not a minimal reversible edit in this repo.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions