Skip to content

Weekly Report 2026-06-01 #1756

Description

@clawgenti

Org Weekly Report: 2026-05-25 -- 2026-06-01

Generated for kagenti

Org-Wide Summary

Repo Merged PRs Open PRs Open Issues New Issues CI Pass Rate Status
kagenti 52 41 154 16 21/30 (70%) active
kagenti-extensions 11 20 17 5 15/30 (50%) active
kagenti-operator 6 19 10 3 22/30 (73%) active
plugins-adapter 5 3 8 0 25/30 (83%) active
automation 2 0 0 0 -- active
agent-skills 2 0 0 0 -- active
adk 2 8 11 3 19/30 (63%) active
agent-examples 1 59 8 2 9/30 (30%) active
agentic-control-plane 0 5 0 0 30/30 (100%) quiet
OpenShell 0 0 0 0 22/30 (73%) quiet
workload-harness 0 1 0 0 23/30 (77%) quiet
ecosystem-guide 0 2 0 0 30/30 (100%) quiet
.github 0 0 2 1 12/30 (40%) quiet
openshell-driver-openshift 0 0 0 0 15/16 (94%) quiet
openshell-credentials-keycloak 0 0 0 0 2/2 (100%) quiet
adk-starter 0 0 0 0 0/10 (0%) quiet
capture-the-flag 0 1 0 0 4/7 (57%) quiet
TOTAL 81 159 210 30

Action Items

# Action Repo Owner Priority
1 Merge approved #451 (IBAC bypass for MCP session-terminate DELETE) — approved, no blockers kagenti-extensions @huang195 P1
2 Merge approved #383 (SharedTrust controller) and #380 (Card Discovery Refinement) — both approved kagenti-operator operator team P1
3 Merge approved #438, #437, #436 (fastmcp, requests, uvicorn bumps by @esnible) — approved, will reduce dep PR backlog agent-examples maintainers P1
4 Review security PR #1727 (major dep bump, 3 updates) — dependabot security flag, 3 days open kagenti maintainers P0
5 Review security PR #1689 (ACP namespace authz + error sanitization) — draft but security-critical, 4 days open kagenti @Ladas / infra team P0
6 Review #452 (protocol classification refactor, SECURITY) — changes requested, address feedback kagenti-extensions @huang195 P1
7 Fix "E2E K8s 1.35.0 (Kind)" workflow — 2 failures this week, related to resource exhaustion (#1702) kagenti infra team P1
8 Fix "E2E OCP 4.20.21 (HyperShift)" workflow — 1 failure, investigate cluster stability kagenti infra team P2
9 Fix "Check links in site" workflow — 12 consecutive failures, correlates with broken link issues #1735#1742 .github docs team P2
10 Fix "Weekly Docker Build and Test" in adk-starter — 0/10 pass rate, all 10 runs failing adk-starter maintainers P2
11 Batch-merge or close 82 stale dependabot PRs across org — agent-examples alone has 52 awaiting review; consolidate with dependabot grouping agent-examples @evaline-ju / maintainers P2
12 Triage broken-link issues #1735#1742 — 8 broken links to kagenti-extensions paths, likely needs URL redirect or repo restructure kagenti docs team P2
13 Review #1693 (external skill registries, ties to #1691) — 4 days open, feature PR for 0.7.0 kagenti @eranra / maintainers P2
14 Review #1660 (A2A JSON-RPC invoke endpoint fix) — 7 days open, needed for agent card interop kagenti @jordigilh / maintainers P2
15 Resolve stale security PRs: #1680 (authbridge demo docs, 5d), #1588 (OCP registry guide, 16d SECURITY), #354 (fsnotify bump, 19d SECURITY) kagenti, kagenti-operator @mrsabath, @pdettori, operator team P2
16 Close or update stale PRs >30d with no activity: #1078 (72d), #1172 (53d), #938 (79d), #1271 (44d) kagenti maintainers P3
17 Batch k8s.io dependency bumps in kagenti-operator: #309, #311, #312, #313 (all 34d stale, v0.35→v0.36) kagenti-operator operator team P3
18 Merge stale Go grpc bumps in kagenti-extensions: #417, #418 (16d) — now tracked via #457/#458 kagenti-extensions maintainers P3
19 Address #384 (proxy-sidecar NO_PROXY too restrictive) — blocking K8s API + external endpoints for operator-managed pods kagenti-operator operator team P1
20 Plan OpenShell fork upgrade per #1695 (v0.0.36-kagenti.8 → upstream v0.0.49+) kagenti infra team P2

Cross-Repo Highlights

  • @huang195 contributed to kagenti, kagenti-extensions, kagenti-operator — 13 PRs merged

  • @evaline-ju contributed to agent-examples, kagenti — 2 PRs merged

  • @kellyaa contributed to kagenti, kagenti-extensions — 2 PRs merged

  • @Bobbins228 contributed to kagenti, kagenti-operator — 2 PRs merged

  • @rubambiza contributed to agent-skills, automation — 4 PRs merged

  • CI concern: agent-examples at 30% pass rate — failing: unknown

  • CI concern: .github at 40% pass rate — failing: Check links in site

  • CI concern: adk-starter at 0% pass rate — failing: Weekly Docker Build and Test

  • Security concern: unreviewed security-related PRs:

  • Dependabot wave: 82 dependabot PRs awaiting review across org. Consider batching.

  • kagenti saw massive activity (52 merged PRs)


kagenti

Merged PRs (52)

Top contributors: @pdettori (33), @eranra (3), @cwiklik (2), @moonlight16 (2), @Ladas (2)

# Title Author Merged
#1755 fix(helm): restart otel-collector on config change @pdettori 2026-06-01
#1754 fix(ocp-installer): prevent set -e exit on token creation... @pdettori 2026-06-01
#1753 fix(release): pin Chart.yaml version by default in releas... @pdettori 2026-06-01
#1751 fix(ci): use existing create-cluster.sh in release valida... @pdettori 2026-05-29
#1750 docs: add Rong Chang and update Varsha's maintainer respo... @mrsabath 2026-05-29
#1748 fix(openshell): use correct release URLs for agent-sandbo... @pdettori 2026-05-29
#1747 fix(ui): show real MCP Gateway status instead of hardcode... @pdettori 2026-05-29
#1746 fix(ui): show descriptive error on agent chat 403 @pdettori 2026-05-29
#1745 fix: disable MCP Inspector button when not installed @pdettori 2026-05-29
#1744 fix(ocp-installer): make MCP Gateway opt-in, add --with-m... @pdettori 2026-05-29
#1733 fix(ui): live-update build duration timer and progress bar @pdettori 2026-05-29
#1731 fix(installer): exclude Skills from --with-all (not until... @pdettori 2026-05-29
#1730 fix(ocp): use mlflow-integration role for OTel collector ... @pdettori 2026-05-29
#1728 fix(ocp): pass mlflow routeNamespace to kagenti chart in ... @pdettori 2026-05-29
#1726 fix(kind): remove stale UI password display from setup sc... @pdettori 2026-05-29
... +37 more

Open PRs (41)

Changes Requested (5)

# Title Author Days Notes
#1749 Feat: UI verbiage simplification and outbound tabl... @esnible 2
#1722 feat: disable MCP Inspector links when not installed @sdfanwx-hue 3
#1630 fix docs: correct feature flag endpoint path in CL... @YuuGR1337 10
#1172 fix: use DNS_PING for Keycloak JGroups cluster dis... @Ladas 53 stale (53d)
#1078 feat: Add automated zombie cleanup workflow for CI... @RyanJenkins99 72 stale (72d)

Needs Review (14)

# Title Author Days Notes
#1734 docs: reference operator NetworkReady condition fo... @Bobbins228 2
#1727 build(deps): Bump the major group across 1 directo... @app/dependabot 3 SECURITY
#1693 feat(skills): external skill registry references (... @eranra 4
#1692 refactor: remove MLflow CR creation and OTEL RBAC ... @Bobbins228 4
#1660 fix(backend): use agent card url for A2A JSON-RPC ... @jordigilh 7
#1595 build(deps): Bump the minor-and-patch group across... @app/dependabot 15 stale (15d)
#1594 build(deps): Bump nginx from 1.29-alpine to 1.31-a... @app/dependabot 15 stale (15d)
#1588 docs: add OpenShift internal container registry se... @pdettori 16 SECURITY, stale (16d)
... +6 more

Draft PRs (22)

22 drafts from @esnible, @Alan-Cha, @akram, @yoavkatz, @kevincogan, @mrsabath, @Ladas, @usize, @pdettori

CI Health

  • 21/30 (70%) passed
  • Failing: "E2E K8s 1.35.0 (Kind)" — 2 failure(s)
  • Failing: "E2E OCP 4.20.21 (HyperShift)" — 1 failure(s)

New Issues (16)

# Title Created
#1752 bug: MLFlow observability link redirects to /oidc/ui/user... 2026-05-30
#1742 🐛 Broken link in docs/ocp/openshift-install.md: https... 2026-05-29
#1741 🐛 Broken link in docs/identity-guide.md: https://gith... 2026-05-29
#1740 🐛 Broken link in docs/identity-guide.md: https://gith... 2026-05-29
#1739 🐛 Broken link in docs/gateway.md: https://gateway-api... 2026-05-29
#1738 🐛 Broken link in docs/components.md: https://github.c... 2026-05-29
#1737 🐛 Broken link in docs/components.md: https://github.c... 2026-05-29
#1736 🐛 Broken link in docs/authbridge-combined-sidecar.md:... 2026-05-29
#1735 🐛 Broken link in docs/authbridge-combined-sidecar.md:... 2026-05-29
#1702 ci: OpenShell Kind PoC hits resource exhaustion deploying... 2026-05-27
#1695 Upgrade OpenShell fork from v0.0.36-kagenti.8 to upstream... 2026-05-27
#1691 feat: external skill registries — fetch skills from remot... 2026-05-27
#1690 feature: End-to-End Observability in Kagenti 2026-05-27
#1679 AuthBridge demo docs: outdated paths, missing deploy step... 2026-05-26
#1669 🐛 Bugs around Openshell sandbox policy and normalization 2026-05-26
#1662 Weekly Report 2026-05-25 2026-05-25

kagenti-extensions

Merged PRs (11)

Top contributors: @huang195 (10), @kellyaa (1)

# Title Author Merged
#450 fix(ibac): Bypass transport-layer calls and let agents ta... @huang195 2026-05-30
#449 feat: Plugin catalog + abctl visibility & validation @huang195 2026-05-29
#448 feat(abctl): In-place pipeline editor with hot-reload @huang195 2026-05-29
#447 feat(abctl): Surface plugin runtime config in plugin-deta... @huang195 2026-05-29
#446 feat(abctl): Picker polish and post-#445 cleanup @huang195 2026-05-29
#445 feat(abctl): Add built-in Namespaces → Pods picker with a... @huang195 2026-05-28
#444 fix(ibac): Self-heal make demo-ibac on stale local images @huang195 2026-05-28
#443 fix(ibac): Guard nil Session and bypass MCP housekeeping @kellyaa 2026-05-28
#441 fix(mtls-demo): Patch namespace CM + align permissive acr... @huang195 2026-05-27
#440 feat(authbridge): Add envoy-sidecar mTLS demo @huang195 2026-05-27
#438 feat(authbridge): Allow empty pipeline plugin lists @huang195 2026-05-26

Open PRs (20)

Ready to Merge (1)

# Title Author Notes
#451 fix(ibac): Bypass MCP session-terminate DELETE as ... @huang195

Changes Requested (2)

# Title Author Days Notes
#452 refactor(plugins): Push protocol classification do... @huang195 1 SECURITY
#439 docs(weather-agent): fix installer secret namespac... @mrsabath 5 SECURITY

Needs Review (12)

# Title Author Days Notes
#454 broker plugin: Adding logs @davidhadas 0 SECURITY
#437 chore(deps): Bump docker/setup-buildx-action from ... @app/dependabot 6
#436 chore(deps): Bump docker/build-push-action from 7.... @app/dependabot 6
#435 chore(deps): Bump docker/login-action from 4.1.0 t... @app/dependabot 6
#434 chore(deps): Bump github/codeql-action from 4.35.3... @app/dependabot 6
#427 Adding an opa plugin @davidhadas 11 SECURITY
#418 chore(deps): Bump google.golang.org/grpc from 1.80... @app/dependabot 16 stale (16d)
#417 chore(deps): Bump google.golang.org/grpc from 1.80... @app/dependabot 16 stale (16d)
... +4 more

Draft PRs (5)

  • #382 — feat: Add CI/CD and documentation polish (Phase 4)
  • #381 — feat: Add webhook integration guide (Phase 3)
  • #380 — feat: Add vault-fetcher CLI tool (Phase 2)
  • #379 — feat: Add Vault integration library to authlib
  • #272 — feat(webhook): Add waypoint authentication mode as default

CI Health

  • 15/30 (50%) passed

New Issues (5)

# Title Created
#458 [dep-bump] Stale routine bump: google.golang.org/grpc in ... 2026-06-01
#457 [dep-bump] Stale routine bump: google.golang.org/grpc in ... 2026-06-01
#456 [dep-bump] Stale routine bump: github.com/fsnotify/fsnoti... 2026-06-01
#455 [dep-bump] Stale routine bump: github.com/charmbracelet/x... 2026-06-01
#453 feature: Add Logs to Token-Broker Plugin 2026-05-31

kagenti-operator

Merged PRs (6)

Top contributors: @huang195 (2), @rh-dnagornuks (1), @Bobbins228 (1), @rhuss (1), @cooktheryan (1)

# Title Author Merged
#382 ci: cross-compile Go builds instead of QEMU emulation @huang195 2026-05-27
#381 feat(webhook): Wire envoy-sidecar mTLS through pod mutato... @huang195 2026-05-27
#377 refactor(api): remove spec.trace from AgentRuntime CRD @rh-dnagornuks 2026-05-27
#376 feat: OTel collector bootstrap as operator startup Runnable @Bobbins228 2026-05-26
#372 Consolidate AgentCard Data Into AgentRuntime Status [Spec] @rhuss 2026-05-25
#332 Add OCI skill image mounting to AgentRuntime @cooktheryan 2026-05-26

Open PRs (19)

Ready to Merge (2)

# Title Author Notes
#383 feat: create SharedTrust controller for cert-manag... @r3v5
#380 Card Discovery Refinement Alignment [Spec + Impl] @rhuss

Changes Requested (1)

# Title Author Days Notes
#355 Feat: Implementing Sigstore-A2A verification for A... @DeanKelly751 19 SECURITY, stale (19d)

Needs Review (11)

# Title Author Days Notes
#388 WIP: replace spec.skills injection with passive sk... @cooktheryan 2
#387 feat: add OpenShift overlay with AuthBridge config... @Ygnas 2 SECURITY
#386 feat: detect and warn when OVN routingViaHost is n... @Bobbins228 2
#379 CI: grant pull-requests:read to pr-verifier caller @rh-dnagornuks 4 SECURITY
#375 chore(deps): Bump github/codeql-action from 4.35.3... @app/dependabot 7
#354 chore(deps): Bump github.com/fsnotify/fsnotify fro... @app/dependabot 19 SECURITY, stale (19d)
#347 chore(deps): Bump actions/dependency-review-action... @app/dependabot 21 stale (21d)
#313 chore(deps): Bump k8s.io/apiextensions-apiserver f... @app/dependabot 34 stale (34d)
... +3 more

Draft PRs (5)

  • #378 — feat: MLflow operand controller for CR lifecycle and OTEL RBAC
  • #349 — feat: SPIFFE-based Dynamic Client Registration (DCR)
  • #334 — docs: update SPIRE signing demo for Kind and OpenShift
  • #283 — Docs: add RFC for Sigstore integration for AgentCard supply chain verification
  • #259 — feat: Add waypoint mode with automatic gateway provisioning

CI Health

  • 22/30 (73%) passed

New Issues (3)

# Title Created
#389 Support HTTPS for agent card fetching (AgentCard sync fai... 2026-05-31
#385 feature: Per-agent egress scoping for AgentRuntime Networ... 2026-05-29
#384 proxy-sidecar: NO_PROXY too restrictive — breaks K8s API ... 2026-05-28

plugins-adapter

Merged PRs (5)

Top contributors: @app/dependabot (5)

# Title Author Merged
#138 chore(deps): bump docker/metadata-action from 6.0.0 to 6.1.0 @app/dependabot 2026-05-25
#137 chore(deps): bump docker/setup-buildx-action from 4.0.0 t... @app/dependabot 2026-05-25
#136 chore(deps): bump docker/build-push-action from 7.1.0 to ... @app/dependabot 2026-05-25
#135 chore(deps): bump docker/login-action from 4.1.0 to 4.2.0 @app/dependabot 2026-05-25
#134 chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 @app/dependabot 2026-05-25

Open PRs (3)

Needs Review (2)

# Title Author Days Notes
#133 chore(deps-dev): bump betterproto2-compiler from 0... @app/dependabot 13
#127 chore(deps): bump betterproto2 from 0.9.1 to 0.10.0 @app/dependabot 20 stale (20d)

Draft PRs (1)

  • #81 — feat: prompt pre fetch plugin call

CI Health

  • 25/30 (83%) passed
  • Failing: "docker in /. - Update #1382992491" — 1 failure(s)

automation

Merged PRs (2)

Top contributors: @rubambiza (2)

# Title Author Merged
#5 fix: Drop label requirement from dep-bump issue creation @rubambiza 2026-06-01
#4 feat: Add dependency bump scanner (Story 3, epic #1260) @rubambiza 2026-05-31

agent-skills

Merged PRs (2)

Top contributors: @rubambiza (2)

# Title Author Merged
#8 fix: Drop label requirement from dep-bump issue creation @rubambiza 2026-05-31
#7 feat: Add dependency bump scanner skill @rubambiza 2026-05-31

adk

Merged PRs (2)

Top contributors: @clawgenti (2)

# Title Author Merged
#246 docs: Remove broken discussions link from adk-py README @clawgenti 2026-05-28
#236 docs: Fix broken internal links (agent-integration → sdk) @clawgenti 2026-05-28

Open PRs (8)

Needs Review (7)

# Title Author Days Notes
#251 chore(deps): bump the github-actions group across ... @app/dependabot 2
#243 test: Resolve MemoryHub E2E URL from discovery end... @rdwj 19 SECURITY, stale (19d)
#238 chore(deps): bump the uv-security group across 3 d... @app/dependabot 20 SECURITY, stale (20d)
#232 CI: Add PR title verifier workflow @rubambiza 33 stale (33d)
#228 chore(deps): bump the uv group across 28 directori... @app/dependabot 39 SECURITY, stale (39d)
#226 chore(deps): bump uuid from 13.0.0 to 14.0.0 in /a... @app/dependabot 39 stale (39d)
#121 feat: replace custom ContextStore with A2A-native ... @jezekra1 66 stale (66d)

Draft PRs (1)

  • #73 — [DRAFT] feat(adk-ts): update A2A protocol schemas and types to v1 spec

CI Health

  • 19/30 (63%) passed
  • Failing: "CI" — 1 failure(s)

New Issues (3)

# Title Created
#254 [dep-bump] Stale high bump: uv-security group in adk 2026-05-31
#253 [dep-bump] Stale high bump: uv group in adk 2026-05-31
#252 [dep-bump] Stale high bump: uuid in adk 2026-05-31

agent-examples

Merged PRs (1)

Top contributors: @evaline-ju (1)

# Title Author Merged
#404 chore: dependabot dependency consolidation @evaline-ju 2026-05-28

Open PRs (59)

Ready to Merge (3)

# Title Author Notes
#438 chore(deps): Bump fastmcp from 3.2.4 to 3.3.0 acro... @esnible
#437 chore(deps): Bump requests from 2.34.1 to 2.34.2 a... @esnible
#436 chore(deps): Bump uvicorn from 0.46.0 to 0.47.0 ac... @esnible

Needs Review (52)

# Title Author Days Notes
#516 chore(deps): Update ag2[mcp,openai] requirement fr... @app/dependabot 2
#514 chore(deps): Bump a2a-sdk from 0.3.26 to 1.0.3 in ... @app/dependabot 3
#513 chore(deps): Bump marshmallow from 3.26.2 to 4.3.0... @app/dependabot 3
#512 chore(deps): Bump the minor-and-patch group in /a2... @app/dependabot 3
#511 chore(deps): Bump a2a-sdk from 0.3.16 to 1.0.3 in ... @app/dependabot 3
#510 chore(deps): Bump protobuf from 6.33.6 to 7.35.0 i... @app/dependabot 3
#509 chore(deps): Bump a2a-sdk from 0.3.26 to 1.0.3 in ... @app/dependabot 3
#508 chore(deps): Bump the minor-and-patch group in /a2... @app/dependabot 3 SECURITY
... +44 more

Draft PRs (4)

  • #184 — feat: add sandbox agent packaging — Dockerfile, pyproject, config
  • #183 — test: add sandbox agent test suite
  • #182 — feat: add sandbox agent core — reasoning, execution, graph
  • #126 — feat: add sandbox_agent with per-context workspace isolation

CI Health

  • 9/30 (30%) passed

New Issues (2)

# Title Created
#518 [dep-bump] Stale routine bump: Update a2a-sdk[http-server... 2026-05-31
#517 [dep-bump] Stale routine bump: docker/library/golang in a... 2026-05-31

agentic-control-plane

Open PRs (5)

Needs Review (5)

# Title Author Days Notes
#42 build(deps): Bump the minor-and-patch group across... @app/dependabot 2
#41 build(deps): Update uvicorn requirement from >=0.2... @app/dependabot 2
#40 build(deps): Update kubernetes requirement from >=... @app/dependabot 2 SECURITY
#36 build(deps): Update fastmcp requirement from >=0.2... @app/dependabot 16 SECURITY, stale (16d)
#34 CI: Add PR title verifier workflow @rubambiza 33 stale (33d)

CI Health

  • 30/30 (100%) passed

workload-harness

Open PRs (1)

Needs Review (1)

# Title Author Days Notes
#18 feat: IBAC integration via authbridge plugin pipeline @kellyaa 9

CI Health

  • 23/30 (77%) passed

ecosystem-guide

Open PRs (2)

Needs Review (2)

# Title Author Days Notes
#7 build(deps): bump the minor-and-patch group across... @app/dependabot 26 stale (26d)
#6 CI: Add PR title verifier workflow @rubambiza 33 stale (33d)

CI Health

  • 30/30 (100%) passed

.github

CI Health

  • 12/30 (40%) passed
  • Failing: "Check links in site" — 12 failure(s)

New Issues (1)

# Title Created
#73 Add Biweekly Kagenti Community Meeting Information 2026-05-27

capture-the-flag

Open PRs (1)

Needs Review (1)

# Title Author Days Notes
#3 CI: Add PR title verifier workflow @rubambiza 33 stale (33d)

CI Health

  • 4/7 (57%) passed
  • Failing: "PR Verifier" — 2 failure(s)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    Status
    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions