Daily Repo-Health Check, 2026-06-07

Session: daily-repo-health-check, 2026-06-07 (~10:35 UTC)

Importance: HIGH. One failing-CI-on-default item is present (severity is low / config-noise, flagged High per the any-red-item rule). Tasks: PENDING (5 approval items open). Run mode: hosted Cloudflare Worker + direct git/GitHub-API fallback, because the local runner exceeded the 40s sandbox ceiling on a full rebuild (the on-disk checkpoint is 7 days stale, which forces a from-scratch rebuild that cannot finish in-window). All 12 repos covered.

What was done

Pre-flight clean: preload spec resolved, all 4 skills resolvable, post-run-qa-reflection mirror byte-matches canonical (no drift). Vault 304 keys; GITHUB_TOKEN, SAIL_REPO_HEALTH_WORKER_TOKEN, NOTION_TOKEN, ANTHROPIC_API_KEY present. GitHub API and hosted Worker both HTTP 200.
Full scan across all 12 repos: branch / dirty / upstream / ahead-behind / HEAD via local git; workflow states, Actions secrets, dependabot-on-main, 24h CI runs, 24h commits, and the open-PR inventory via direct GitHub API.
Permanent checks: P1 (Notion-wiki NOTION_TOKEN) CLEAN / live-present; P2 (disabled workflows) CLEAN; P4 (dependabot coverage 11/11 git repos; sail-googleads has no GitHub repo) CLEAN; P5 (spec-vs-disk drift) CLEAN. No secrets_github_only drift (all 17 GitHub secret names map to vault keys).
One safe local cleanup executed with rollback manifest: archived 9 orphaned checkpoint .tmp.* partials from run-state/ to backups/2026-06-07/orphaned-checkpoint-tmp/. Real checkpoint left intact. No repo-level writes.
Wrote the canonical report and mirrored the QA block to the Codex QA queue.

Problems / findings

NEW RED: sail-hr Dependabot failed all 3 ecosystems on main today (08:21 UTC). Config-only root cause: dependabot.yml declares npm + pip + github-actions but main has no package.json / requirements.txt / pyproject.toml. Only failing CI on a default branch in 24h.
Backlog: 23 open PRs, including 9 now-redundant chore: add-dependabot-* PRs (the file already exists on every main) and 2 safe gitignore-PII PRs unmerged since 05-11.
Standing: sail-litify 315 dirty + sail-command-center 33 dirty (active Codex working trees, hands-off); Notion-wiki branch still has no upstream (P6); sail-hr main 1 commit ahead unpushed.
Infra: the local runner has now missed the ceiling 4 runs running; checkpoint 7 days stale. Hosted + supplement fallback is carrying the task reliably, but the local rebuild path needs a real fix.
Improvement vs 06-06: sail-litify upstream now resolves (P6 cleared for that repo); sail-seo took 5 healthy content commits on main.

Why the session ended

Completed the full daily run and produced the report, QA-queue mirror, and this export. Held all repo-level writes for approval per the guardrails.

Recommended next actions (all PENDING Sam approval; 4-way MC in the report)

sail-hr Dependabot: a config-only PR narrowing dependabot.yml to github-actions only.
Close the 9 redundant add-dependabot PRs + sail-seo #3 as superseded.
Merge the 2 gitignore-PII PRs (sail-cases #1, sail-hr #1).