[Alert] Smart Alerts β 2026-03-18 06:36 UTC (Run 23232290898)Β #340
Description
Scan time: 2026-03-18T06:36 UTC | Previous alert: #337 (2026-03-18 00:55 UTC, ~5.7h ago)
π΄ CRITICAL β Security (DAY 5+, ESCALATING β ZERO RESPONSE, 18+ ALERT CYCLES)
subcog: AWS Access Key Still Publicly Exposed (~100 hours)
| Field | Value |
|---|---|
| Repo | subcog (public) |
| Issue | subcog#153 |
| File | src/security/mod.rs @ commit ad6f61a6 |
| First detected | 2026-03-14T02:27 UTC |
| Age | ~100 hours (+6h since last alert) |
| Response | β Zero β 0 comments, issue still open, no commits, no remediations across 18+ alert cycles |
This is now Day 5+ of an active public credential exposure. No remediation has occurred across 18+ automated alert cycles.
Immediate actions required (in order):
- Revoke the AWS Access Key at console.aws.amazon.com β do this first, takes 30 seconds
- Remove the key from
src/security/mod.rsand push a fix commit - Purge from git history:
git filter-repo --path src/security/mod.rs --invert-pathsor BFG Repo Cleaner - Rotate all services depending on those credentials
- Close subcog#153 with a remediation note
π΄ Critical β CI Failures (6 workflows, 5 repos) β ONGOING, UNCHANGED
All 6 CI failures from #337 remain unresolved. A new CI Health Report (#339) generated at ~05:24 UTC today confirms all failures are still active. github-project-manager PR #4 still open β not merged.
| Repo | Workflow | Age | Root Cause | Action |
|---|---|---|---|---|
vscode-git-adr |
CI | ~20d |
actions/upload-artifact v6βv7 breaking change |
Update workflow to v7 API |
sdlc-quality |
CI | ~17d | Broken since chore: update dependabot configuration (2026-03-01) |
Investigate config change |
atlatl-spec |
Validate Specification | ~17d | Invalid <br/> in Mermaid sequence diagram |
Fix diagram syntax |
atlatl |
CI Checks | ~13d | Clippy 1.94 strict lints + broken doc links | Fix lints manually |
atlatl |
Pipeline | ~12d | ONNX Runtime prebuilt targets dropped | Review CI matrix |
github-project-manager |
Agentic Maintenance | ~7d | github/gh-aw bump |
Merge PR #4 (gh-aw 0.58.3, ready now) |
β‘ Quick win (5 min): Merge github-project-manager PR #4 β clears one CI failure immediately.
β Checks Within Threshold
| Check | Status |
|---|---|
| Issue spike (>5 new in 6h window) | β 2 automated issues only (CI health report + prior smart alert) β below threshold |
| Review backlog (>10/reviewer) | β Open PRs well within threshold |
| Stale critical/high labeled items | β No new labeled critical/high items (security tracked above) |
| New CI failures (default branch) | β None new this cycle |
Summary
| Severity | Count | Delta from #337 |
|---|---|---|
| π΄ Critical (security) | 1 | +6h exposure β now ~100h total, Day 5+, 18+ alert cycles with ZERO response |
| π΄ Critical (CI β ongoing) | 6 workflows / 5 repos | No change β PR #4 still unmerged, CI Health Report #339 confirms |
| π‘ Open PRs | β₯4 awaiting review | No change |
| β Healthy | 15 repos | β |
Top priorities:
- π¨ Revoke
subcogAWS credentials IMMEDIATELY β Day 5+, zero response across 18+ alert cycles - β
Merge
github-project-managerPR #4 (5 minutes, clears one CI failure) - π§ Fix
vscode-git-adrCI (oldest at ~20d βupload-artifactv6βv7 API update) - π§ Fix
sdlc-qualityCI (~17d β investigate dependabot config from 2026-03-01)
gh-aw-workflow-id: smart-alerts
Generated by Smart Alerts Β· β·
Generated by Smart Alerts Β· β·