From 1003ed4292cdccfe37b45c544f52986679fc5321 Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Tue, 28 Apr 2026 18:19:26 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@e476523082a6fff3a0c3048077d2f0e52413fbf2 --- .openclaw-sync/source.json | 4 ++-- docs/ci.md | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 916373ffe..a6bbf1694 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "53d34e7cde7f28ce90625236c8f3b1643465b439", - "syncedAt": "2026-04-28T17:53:42.523Z" + "sha": "e476523082a6fff3a0c3048077d2f0e52413fbf2", + "syncedAt": "2026-04-28T18:17:50.101Z" } diff --git a/docs/ci.md b/docs/ci.md index d0c05afaa..8c4488dbd 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -249,6 +249,9 @@ over narrow high-value surfaces. Its baseline job scans the same auth, secrets, sandbox, cron, and gateway surface as the security workflow. The config-boundary job scans config schema, migration, normalization, and IO contracts under the separate `/codeql-critical-quality/config-boundary` category. The +gateway-runtime-boundary job scans gateway protocol schemas and server method +contracts under the separate +`/codeql-critical-quality/gateway-runtime-boundary` category. The plugin-boundary job scans loader, registry, public-surface, and Plugin SDK entrypoint contracts under a separate `/codeql-critical-quality/plugin-boundary` category. Keep the workflow separate from security so quality findings can be