diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 57375adbc..14b541c87 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "1476e24af39b2dc3efdb5bce70b9b2ff536c3b7c", - "syncedAt": "2026-04-29T05:16:23.995Z" + "sha": "2f04731a48ec99f052356e47bea7a4642a295673", + "syncedAt": "2026-04-29T05:19:27.863Z" } diff --git a/docs/ci.md b/docs/ci.md index d74e412ae..805427048 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -287,6 +287,9 @@ the separate `/codeql-critical-quality/agent-runtime-boundary` category. The ui-control-plane job scans Control UI bootstrap, local persistence, gateway control flows, and task control-plane runtime contracts under the separate `/codeql-critical-quality/ui-control-plane` category. The +web-media-runtime-boundary job scans core web fetch/search, media IO, media +understanding, image-generation, and media-generation runtime contracts under +the separate `/codeql-critical-quality/web-media-runtime-boundary` category. The plugin-boundary job scans loader, registry, public-surface, and Plugin SDK entrypoint contracts under a separate `/codeql-critical-quality/plugin-boundary` category. Keep the workflow separate from security so quality findings can be