Notify: @elastic/observablt-ci

Recent code changes introduced documentation drift in security routing behavior.

Changes Requiring Documentation Updates

1. Security-fixer trigger behavior now supports either label order, but docs still describe only one order

Commit(s): c57dd73 ("fix(ci): trigger security-fixer regardless of label order")

What changed:

• Ingress now routes security-fixer when either:
  1. oblt-aw/ai/fix-ready is applied and a oblt-aw/triage/security-* label already exists, or
  2. a oblt-aw/triage/security-* label is applied and oblt-aw/ai/fix-ready already exists.
• Source evidence: .github/workflows/oblt-aw-ingress.yml lines 171-174.

Documentation impact:

• docs/workflows/oblt-aw-ingress.md still documents only the fix-ready-applied case (line 168).
• docs/routing/security-routing.md still states fix-ready is the triggering label (lines 21, 41-42).

Suggested Actions

• Update docs/workflows/oblt-aw-ingress.md (Security section) to document both valid trigger orders for security-fixer.
• Update docs/routing/security-routing.md (Usage and Trigger Conditions → Fixer) to match ingress logic from .github/workflows/oblt-aw-ingress.yml:171-174.
• Remove wording in docs/routing/security-routing.md that implies issue routes follow the exact same label pattern as resource-not-accessible-by-integration-* when security-fixer logic differs.

What is this? | From workflow: Observability Agentic Workflow Entrypoint

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

• expires on May 8, 2026, 7:14 AM UTC