[Alert] Smart Alerts — 2026-03-14 10:00 UTC #264
Description
Run: #23085695703 · Window: 6h · Repos scanned: 22 · Date: 2026-03-14 · Previous alert: #259 (00:50 UTC, 9h ago — all items unresolved)
🔴 Critical — CI Failing on Default Branch (Escalated)
zircote/atlatl — Security Audit + CI Offline (~57h, ↑ from 48h)
| Field | Value |
|---|---|
| Workflows failing | Security Audit, CI Checks, Code Coverage |
| Failing since | 2026-03-13 00:45 UTC |
| Duration | ~57 hours — no remediation in 9h |
| Last Security Audit run | #23030912384 |
| Root causes | (1) sigstore/cosign-installer v4.1.0 incompatibility; (2) Clippy 1.94 strict lints unresolved on main; (3) 13 workflows currently disabled |
| CI Health Report | Confirmed in issue #260: 0% pass rate on CI Checks + Coverage |
Action required:
- Pin
sigstore/cosign-installerto SHAfaadad0cce49287aee09b3a48701e75088a2c6ad(v4.0.0) - Fix Clippy 1.94 lint violations (
use_self,cast_sign_loss,match_same_arms) - Re-enable workflows incrementally after fixes
zircote/daedalus — Security Audit Offline (~57h, ↑ from 48h)
| Field | Value |
|---|---|
| Workflow | Security Audit |
| Failing since | 2026-03-13 00:27 UTC |
| Duration | ~57 hours — no remediation in 9h |
| Last run | #23030422370 |
| Root cause | sigstore/cosign-installer 4.0.0→4.1.0 breaking change (same as atlatl) |
Action required: Same cosign-installer pin fix as atlatl — batch fix both repos together.
zircote/atlatl-spec — API Docs Offline (~84h, ↑ from 72h) ⬆️ Escalated to Critical
| Field | Value |
|---|---|
| Workflow | Deploy to GitHub Pages |
| Failing since | 2026-03-11 02:01 UTC |
| Duration | ~84 hours — consumer-facing API documentation offline |
| Last run | #22933079025 |
| Root cause | @redocly/cli 2.20.0→2.20.4 breaking change merged via Dependabot (#187) |
Action required:
- Pin
@redocly/cliback to2.20.0inpackage.json - Re-deploy to restore API documentation site
🟠 Warning — Ongoing CI Failures (Unresolved from #259)
zircote/github-project-manager — Agentic Maintenance Failing (~57h)
| Field | Value |
|---|---|
| Workflow | Agentic Maintenance |
| Failing since | 2026-03-13 01:02 UTC |
| Duration | ~57 hours |
| Last run | #23031352906 |
| Root cause | github/gh-aw 0.51.5→0.56.2 breaking change — close-expired-entities job broken |
Action required: Pin github/gh-aw to SHA 88319be75ab1adc60640307a10e5cf04b3deff1e (0.51.5) in agentics-maintenance.yml.
zircote/rlm-rs — Daily QA Status Update
| Field | Value |
|---|---|
| Previous status | Daily QA failing (~13h as of #259) |
| New activity | CI Failure Doctor ran successfully at 08:36 UTC (#23084410746) |
| Assessment | Partial remediation detected — CI Failure Doctor suggests self-healing triggered, but root gh-aw 0.56.2 issue persists |
Action required: Verify Daily QA status on next scheduled run; if still failing, pin github/gh-aw to 0.51.5 SHA.
🟡 Warning — Infrastructure
zircote/.github — Dependabot Automation Still Broken (12+ days)
| Workflow | Status |
|---|---|
dependabot-rollout |
Disabled manually (2026-03-13) |
dependabot-sweep |
Disabled manually (2026-03-13) |
Impact: Dependabot PRs accumulating unmerged across all 22 repos, including the cosign-installer and redocly/cli PRs that caused the critical CI failures above.
Action required: Re-enable and fix Dependabot automation — the disabled workflows are contributing to unreviewed dependency PRs breaking CI.
ℹ️ Info
| Check | Status |
|---|---|
| Issue spike (>5 in 6h) | ✅ No spike — 0 new human-authored issues in window |
| Review backlog (>10/reviewer) | ✅ Within threshold |
| CI Health Report | 📋 Published today at 05:14 UTC — see issue #260 for full per-repo breakdown |
| New findings since #259 | atlatl-spec escalated to Critical (84h+); all other items unchanged |
Summary
| Severity | Count | Repos | Delta from #259 |
|---|---|---|---|
| 🔴 Critical | 3 | atlatl, daedalus, atlatl-spec |
atlatl-spec escalated ↑ |
| 🟠 Warning | 2 | github-project-manager, rlm-rs |
rlm-rs partial recovery |
| 🟡 Warning (infra) | 1 | .github |
Unchanged |
| ✅ Healthy | 16 | All remaining managed repos | — |
Shared root causes to batch-fix:
sigstore/cosign-installerv4.1.0 → affectsdaedalus,atlatl(fix both together)github/gh-aw0.56.2 breaking change → affectsgithub-project-manager,rlm-rs@redocly/cli2.20.4 breaking change →atlatl-spec(API docs offline 84h+, highest urgency)
Generated by smart-alerts workflow · 2026-03-14T10:00 UTC
Generated by Smart Alerts · ◷