From 7b2a6339ad7d393cfe1911272d9b1b65cc8a183f Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Tue, 28 Apr 2026 23:21:07 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@9c9dcd4d5d7cc5dc5099c3f513937294beb09882 --- .openclaw-sync/source.json | 4 ++-- docs/ci.md | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 54e53f789..200436e77 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "490e6d6dc590515135abe2f318283a0e4e8c6546", - "syncedAt": "2026-04-28T22:51:56.068Z" + "sha": "9c9dcd4d5d7cc5dc5099c3f513937294beb09882", + "syncedAt": "2026-04-28T23:19:36.497Z" } diff --git a/docs/ci.md b/docs/ci.md index d0b32917f..0729759b7 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -259,6 +259,9 @@ contracts under the separate `/codeql-critical-quality/gateway-runtime-boundary` category. The channel-runtime-boundary job scans core channel implementation contracts under the separate `/codeql-critical-quality/channel-runtime-boundary` category. The +agent-runtime-boundary job scans command execution, model/provider dispatch, +auto-reply dispatch and queues, and ACP control-plane runtime contracts under +the separate `/codeql-critical-quality/agent-runtime-boundary` category. The plugin-boundary job scans loader, registry, public-surface, and Plugin SDK entrypoint contracts under a separate `/codeql-critical-quality/plugin-boundary` category. Keep the workflow separate from security so quality findings can be