[agent-suggestions] Agent suggestions - 2026-04-20

[github-actions]

Agent Suggestions

Date: 2026-04-20

1. Dependency Churn Triage Advisor

Trigger:

• Daily or weekly schedule
• Optional workflow_dispatch
• Optional pull_request for bot-authored dependency PRs (opened, synchronize, reopened)

Purpose:
Create a queue-level dependency maintenance triage workflow that ranks and groups bot dependency PRs (Dependabot/Renovate), detects superseded/outdated updates, and posts a prioritized digest so maintainers can merge in the safest order with less manual review overhead.

Proposed safe outputs:

• create-issue (or update one canonical digest issue) with grouped dependency PR queue + priority order
• add-comment on affected dependency PRs with triage recommendation (merge now / wait / superseded)
• noop when no actionable dependency churn exists

Evidence:

• Existing workflow is per-PR only and narrowly triggered:
  • .github/workflows/dependency-review.yml#L2-L4 (pull_request only on opened, reopened)
• This repo currently has open dependency PR activity:
  • build(deps-dev): bump vitest from 3.2.4 to 4.1.0 in /peek #2476
• Downstream repos show recurring bot dependency PR churn in the last 30 days:
  • build(deps): bump the aws-sdks group across 1 directory with 30 updates beats#50210
  • build(deps): bump the gcp-sdks group across 1 directory with 9 updates beats#48139
  • build(deps): bump https://github.com/pre-commit/pre-commit-hooks from v4.4.0 to 6.0.0 beats#50160
  • build(deps): bump github.com/microsoft/wmi from 0.38.3 to 0.42.0 in the windows group across 1 directory beats#50161
  • build(deps): bump github.com/go-resty/resty/v2 from 2.17.1 to 2.17.2 in the meraki group across 1 directory beats#50162
  • build(deps): bump go.mongodb.org/mongo-driver from 1.17.6 to 1.17.9 beats#50163
  • build(deps): bump github.com/godror/godror from 0.49.4 to 0.50.0 beats#50164
  • build(deps): bump github.com/vmware/govmomi from 0.52.0 to 0.53.0 beats#50165
  • build(deps): bump github.com/elastic/go-docappender/v2 from 2.12.1 to 2.14.0 elastic-agent#13524
  • build(deps): bump updatecli/updatecli-action from 3.0.0 to 3.1.1 integrations#18371
  • build(deps): bump actions/github-script from 8 to 9 integrations#18372

Why not covered already:

• Open suggestion issues are focused on failure/no-op deduplication and recovery, not dependency queue triage:
  • [agent-suggestions] Agent suggestions - 2026-03-09 #2235
  • [agent-suggestions] Agent suggestions - 2026-03-16 #2490
  • [agent-suggestions] Agent suggestions - 2026-04-13 #2920
• Existing dependency-review.yml evaluates single PRs; it does not optimize dependency backlog across multiple concurrent bot PRs.

Duplicate Checks

• Open workflow/automation issues:
  • https://github.com/search?q=repo:elastic%2Fai-github-actions-playground+is:issue+is:open+%28agent+OR+workflow+OR+automation%29&type=issues
• Open workflow/automation PRs:
  • https://github.com/search?q=repo:elastic%2Fai-github-actions-playground+is:pr+is:open+%28agent+OR+workflow%29&type=pullrequests
• Existing [agent-suggestions] issues reviewed:
  • https://github.com/search?q=repo:elastic%2Fai-github-actions-playground+is:issue+in:title+%22%5Bagent-suggestions%5D%22&type=issues
• Prior findings file reviewed: /tmp/previous-findings.json

Downstream Signals

• elastic/beats: multiple simultaneous open dependency bot PRs (links above)
• elastic/elastic-agent: active dependency bot PR stream
• elastic/integrations: recent dependency bot PR cadence

Suggested Next Steps

• Prototype dependency-churn-triage.yml in report-only mode and publish one weekly digest issue.
• Add confidence scoring for superseded PR detection and merge-order recommendation.
• After validation, enable per-PR advisory comments with explicit action labels.

Note

🔒 Integrity filter blocked 156 items

The following items were blocked because they don't meet the GitHub integrity level.

• #12227 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13632 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13678 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13157 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13542 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13378 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13544 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13229 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18433 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13507 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18520 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13687 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18262 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13686 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #13685 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18514 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• ... and 140 more items

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: Agent Suggestions

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

• expires on Apr 27, 2026, 12:51 PM UTC