From 377b4b522b49cacfa208e8a541e25c8a6c455c9d Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Wed, 29 Apr 2026 05:55:25 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@6186ed2c074be70928ca4351ca6fc2fb87e8a142 --- .openclaw-sync/source.json | 4 ++-- docs/ci.md | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index daa60406f..e4c237b2d 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "bd1d1f0f2bb243857908220b8f2fb25b09f58ad8", - "syncedAt": "2026-04-29T05:53:12.038Z" + "sha": "6186ed2c074be70928ca4351ca6fc2fb87e8a142", + "syncedAt": "2026-04-29T05:53:57.968Z" } diff --git a/docs/ci.md b/docs/ci.md index 66727c2f0..6ac911b7e 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -272,8 +272,9 @@ default workflow because the macOS build dominates runtime even when clean. The `CodeQL Critical Quality` workflow is the matching non-security shard. It runs only error-severity, non-security JavaScript/TypeScript quality queries over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its -baseline job scans the same auth, secrets, sandbox, cron, and gateway surface -as the security workflow. The config-boundary +core-auth-secrets job scans auth, secrets, sandbox, cron, and gateway security +boundary code under the separate `/codeql-critical-quality/core-auth-secrets` +category. The config-boundary job scans config schema, migration, normalization, and IO contracts under the separate `/codeql-critical-quality/config-boundary` category. The gateway-runtime-boundary job scans gateway protocol schemas and server method