From c3d529d0441e90fd959c66ada211d6d03cc2b1cd Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Tue, 28 Apr 2026 09:33:18 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@5820a48fcaca5a94aa6a20a87fc5f273b2208030 --- .openclaw-sync/source.json | 4 ++-- docs/ci.md | 14 ++++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 4c0ae5164..f32e8da2b 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "fac116cfa42682bf20636c1e165b513e19ca5240", - "syncedAt": "2026-04-28T09:19:13.832Z" + "sha": "5820a48fcaca5a94aa6a20a87fc5f273b2208030", + "syncedAt": "2026-04-28T09:31:41.559Z" } diff --git a/docs/ci.md b/docs/ci.md index 1f5fa9448..edde7c58a 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -240,12 +240,14 @@ under the `/codeql-critical-security/android` category. The `CodeQL Critical Quality` workflow is the matching non-security shard. It runs only error-severity, non-security JavaScript/TypeScript quality queries -over the same narrow auth, secrets, sandbox, cron, and gateway surface. Keep it -separate from the security workflow so quality findings can be scheduled, -measured, disabled, or expanded without obscuring security signal. Swift, -Python, UI, and bundled-plugin CodeQL expansion should be added back as scoped -or sharded follow-up work only after the narrow profiles have stable runtime and -signal. +over narrow high-value surfaces. Its baseline job scans the same auth, secrets, +sandbox, cron, and gateway surface as the security workflow. The plugin-boundary +job scans loader, registry, public-surface, and Plugin SDK entrypoint contracts +under a separate `/codeql-critical-quality/plugin-boundary` category. Keep the +workflow separate from security so quality findings can be scheduled, measured, +disabled, or expanded without obscuring security signal. Swift, Python, UI, and +bundled-plugin CodeQL expansion should be added back as scoped or sharded +follow-up work only after the narrow profiles have stable runtime and signal. The `Docs Agent` workflow is an event-driven Codex maintenance lane for keeping existing docs aligned with recently landed changes. It has no pure schedule: a