You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Report Period: 2026-03-16 to 2026-03-23 | Overall Health: GOOD | Velocity: High
Workflow
Health Score
Success Rate
Avg Duration
Status
CI (ci.yml)
100 β
100% (no-op placeholder)
<1m
β Excellent
Rust CI (rust-ci.yml)
90 β
~95%
~10m
β Excellent
Rust Release (rust-release.yml)
85 β
~90% (partial artifacts)
~16m
β Good
Docs (docs.yml)
95 β
~100%
~3m
β Excellent
Security (security.yml)
65 β οΈ
Unknown (stale targets)
~15m
β οΈ Needs Attention
Dependency Review
80
Scheduled
N/A
β Good
Overall Health Score: 86/100 β GOOD
π΄ Critical Issues
None detected this week. All merged PRs passed CI before merge. The Rust Release critical failure (0% success, weeks of 2026-03-02 to 2026-03-09) has been resolved β the release pipeline ran 10/10 successfully during 2026-03-09 to 2026-03-16.
β οΈ Warnings
1. Incomplete Release Artifacts β Linux Python Wheels Missing (Ongoing)
Only ~30% of releases have complete artifact sets. Binary tarballs are always complete; the issue is specific to manylinux wheel build jobs.
Current release v2.6.24: Has macOS binaries and macOS wheels, but missing Linux wheels (azlin_rs-*-manylinux*.whl)
Pattern: Linux wheels (manylinux x86_64 + aarch64) are absent in 7/10 recent releases
Impact: pip install azlin-rs --find-links (releases) fails silently on Linux
Recommendation: Fix rust-release.yml manylinux wheel build job β investigate rust/Cargo.toml PyO3 config (crate-type = ["cdylib"]) or the PyO3/maturin-action@v1 job configuration for Linux targets
2. Security Workflow β Stale Scan Target (Ongoing)
security.yml still targets Python source (src/), but Python was retired in PR #818. The Bandit/Safety scans are now effectively no-ops.
Impact: Security scans are not covering Rust code at all
Risk: Undetected vulnerabilities in the active Rust codebase
Recommendation: Update security.yml to add cargo audit / cargo deny for Rust dependency auditing; remove or disable the Python Bandit/Safety steps
3. Open Security Bug β Tarfile Extraction Without Filter
Issue #876 remains open: tarfile.extract() without filter='data' in /src/azlin/rust_bridge.py:133-137 is vulnerable to path traversal attacks (a known Python security advisory).
Commit 061a92c (2026-03-21, PR #889) fixed the trivy-action missing v prefix (@0.28.0 β @v0.35.0). This was causing "Unable to resolve action" errors on every PR. Resolved β
5. Smart-Orchestrator Infrastructure Failure
Issue #882 (filed 2026-03-19) documents a classify-and-decompose producing 0 workstreams for the agentic CI infrastructure. This is a recurring pattern (previously seen in issue #871).
Trend: Strong recovery over 6 weeks. The project has moved from 57% (critical) to 86% (good) overall CI health. Key milestones: ANTHROPIC_API_KEY secret added (early March), Rust CI Clippy failures resolved (March 13), Rust Release fixed (March 9-13), trivy-action fixed (March 21).
π― Recommendations
High Priority
[P0] Fix manylinux wheel build in rust-release.yml β 70% of releases are missing Linux Python wheels. This breaks pip install on Linux. Check PyO3/maturin-action@v1 configuration and rust/Cargo.toml for crate-type = ["cdylib"].
[P2] Add VM info caching for azlin connect β vm_manager.get_vm() is uncached, adding 500msβ1.5s to every connect. File: rust/crates/azlin/src/cmd_connect.rs:82.
[P2] Parallelize list command β azlin list bastion + tmux collection could use tokio::join!. File: rust/crates/azlin/src/cmd_list.rs:178β222.
π Workflow Health Summary
Report Period: 2026-03-16 to 2026-03-23 | Overall Health: GOOD | Velocity: High
ci.yml)rust-ci.yml)rust-release.yml)docs.yml)security.yml)Overall Health Score: 86/100 β GOOD
π΄ Critical Issues
None detected this week. All merged PRs passed CI before merge. The Rust Release critical failure (0% success, weeks of 2026-03-02 to 2026-03-09) has been resolved β the release pipeline ran 10/10 successfully during 2026-03-09 to 2026-03-16.
1. Incomplete Release Artifacts β Linux Python Wheels Missing (Ongoing)
Only ~30% of releases have complete artifact sets. Binary tarballs are always complete; the issue is specific to manylinux wheel build jobs.
azlin_rs-*-manylinux*.whl)pip install azlin-rs --find-links (releases)fails silently on Linuxrust-release.ymlmanylinux wheel build job β investigaterust/Cargo.tomlPyO3 config (crate-type = ["cdylib"]) or thePyO3/maturin-action@v1job configuration for Linux targets2. Security Workflow β Stale Scan Target (Ongoing)
security.ymlstill targets Python source (src/), but Python was retired in PR #818. The Bandit/Safety scans are now effectively no-ops.security.ymlto addcargo audit/cargo denyfor Rust dependency auditing; remove or disable the Python Bandit/Safety stepsrust_bridge.py) would not be caught by CI currently3. Open Security Bug β Tarfile Extraction Without Filter
Issue #876 remains open:
tarfile.extract()withoutfilter='data'in/src/azlin/rust_bridge.py:133-137is vulnerable to path traversal attacks (a known Python security advisory).4. Trivy Action Version β Recently Fixed
Commit
061a92c(2026-03-21, PR #889) fixed thetrivy-actionmissingvprefix (@0.28.0β@v0.35.0). This was causing "Unable to resolve action" errors on every PR. Resolved β5. Smart-Orchestrator Infrastructure Failure
Issue #882 (filed 2026-03-19) documents a
classify-and-decomposeproducing 0 workstreams for the agentic CI infrastructure. This is a recurring pattern (previously seen in issue #871).π Trends (Week-over-Week)
8-Week Historical Health Trajectory
Trend: Strong recovery over 6 weeks. The project has moved from 57% (critical) to 86% (good) overall CI health. Key milestones: ANTHROPIC_API_KEY secret added (early March), Rust CI Clippy failures resolved (March 13), Rust Release fixed (March 9-13), trivy-action fixed (March 21).
π― Recommendations
High Priority
[P0] Fix manylinux wheel build in
rust-release.ymlβ 70% of releases are missing Linux Python wheels. This breakspip installon Linux. CheckPyO3/maturin-action@v1configuration andrust/Cargo.tomlforcrate-type = ["cdylib"].[P0] Merge PR fix(security): harden tar extraction in rust_bridge against path traversal (#876)Β #885 β Fix tarfile path traversal vulnerability in
rust_bridge.py(Issue bug: tarfile extraction without filter='data' in rust_bridge.pyΒ #876). Security bug has been open since 2026-03-19.Medium Priority
[P1] Update
security.ymlto scan Rust code β Addcargo auditand/orcargo denyto catch supply chain vulnerabilities in Rust dependencies. Remove Python-only Bandit/Safety scans (targeting retired code).[P1] Resolve smart-orchestrator failure (Issue smart-orchestrator infrastructure failure: zero workstreams on 2026-03-19 bug-fix requestΒ #882) β
classify-and-decomposeproduces 0 workstreams, blocking agentic CI workflows.[P1] Merge PR fix(quality): eliminate silent failures in cli_documentation scripts (#878 #879 #880)Β #886 β Fix error-swallowing patterns in documentation scripts (Issue bug: error-swallowing pattern in documentation scriptsΒ #878, MEDIUM severity).
Low Priority
[P2] Add VM info caching for
azlin connectβvm_manager.get_vm()is uncached, adding 500msβ1.5s to every connect. File:rust/crates/azlin/src/cmd_connect.rs:82.[P2] Parallelize list command β
azlin listbastion + tmux collection could usetokio::join!. File:rust/crates/azlin/src/cmd_list.rs:178β222.[P2] Close stale PRs β PRs fix: azlin list --with-health shows proper health metricsΒ #850, fix: azlin list --with-health shows actual health metrics instead of uptimeΒ #852, fix: azlin list --with-health shows real health metrics (#849)Β #853 are superseded by merged PR fix: azlin list --with-health shows real health metrics (#849)Β #851.
[P3] Close stale branches β 30+ open branches, many appear inactive (e.g.,
docs/v0.3.1,docs/update-readme-v0.3.2,feat/azure-cli-wsl2-detection).π Activity Summary
π¦ Current Release Status
Latest release:
v2.6.24-rust.f347cc8(2026-03-22)Generated by CI/CD Workflow Health Monitor | Previous reports: #854 (2026-03-16), #791 (2026-03-09), #741 (2026-03-02), #674 (2026-02-23)