From f4203c4dd87e1a3777a3226febea463bceace66c Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Wed, 29 Apr 2026 14:42:37 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@71084140090f9ace1ab587a076d4a3d8f81ac1c8 --- .openclaw-sync/source.json | 4 ++-- docs/ci.md | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index f9dbd10f2..a1bf33eea 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "542821cd1e60e34caec7df84f8583007b5b98f63", - "syncedAt": "2026-04-29T14:31:21.958Z" + "sha": "71084140090f9ace1ab587a076d4a3d8f81ac1c8", + "syncedAt": "2026-04-29T14:40:59.313Z" } diff --git a/docs/ci.md b/docs/ci.md index 86211af77..38dae71b6 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -279,6 +279,10 @@ default workflow because the macOS build dominates runtime even when clean. The `CodeQL Critical Quality` workflow is the matching non-security shard. It runs only error-severity, non-security JavaScript/TypeScript quality queries over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its +manual dispatch accepts `profile=all|plugin-sdk-package-contract`; the narrow +profile is the first teaching/iteration hook for running one quality shard in +isolation without dispatching the rest of the workflow. +Its core-auth-secrets job scans auth, secrets, sandbox, cron, and gateway security boundary code under the separate `/codeql-critical-quality/core-auth-secrets` category. The config-boundary