LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-05-08 16:56:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
38,653 Commits 1,503 Branches 175 Tags
d25cfda54c053cdc4b2faab60e050783aa8ea430
Commit Graph

198 Commits

Author SHA1 Message Date
Vincent Koc
8aed80d2fa chore(ci): add CodeQL PR security guard 
Runs the narrow CodeQL critical-security matrix on non-draft pull requests for code and workflow security-boundary changes.
 2026-04-29 19:19:45 -07:00
Vincent Koc
845dd2a7d5 chore(ci): add provider runtime CodeQL quality shard 
Adds a focused non-security CodeQL quality shard for provider runtime and model catalog contracts.
 2026-04-29 16:15:38 -07:00
Vincent Koc
847d8fa0e1 chore(ci): add Plugin SDK reply CodeQL quality shard 
Adds a focused non-security CodeQL quality shard for Plugin SDK reply/session delivery runtime contracts.
 2026-04-29 15:56:41 -07:00
Vincent Koc
8f50920c45 chore(ci): add session diagnostics CodeQL quality shard 
Adds a focused non-security CodeQL quality shard for session diagnostics, delivery queues, and related diagnostic contracts.
 2026-04-29 15:29:03 -07:00
Vincent Koc
6717f8b334 chore(ci): add plugin trust CodeQL shard 
Adds the plugin trust-boundary CodeQL security shard on Blacksmith and documents the rollout scope.
 2026-04-29 15:02:06 -07:00
Vincent Koc
71ab341f46 chore(ci): rename CodeQL auth security shard 
Renames the default auth/secrets CodeQL security category from the generic javascript-typescript label to core-auth-secrets.

Proof:
- Branch CodeQL security run https://github.com/openclaw/openclaw/actions/runs/25134871512 passed on 1d9f727bfd.
- Core auth/secrets analysis 1200412263 returned 0 results.
- Branch open CodeQL alerts: none.
- Workflow Sanity, Blacksmith Testbox, Blacksmith Build Artifacts Testbox, and OpenGrep PR Diff passed.

Scope is label/config only: same paths, query pack, filters, timeout, and runner.
 2026-04-29 14:32:34 -07:00
Peter Steinberger
21e2168b8f ci: shard install smoke release checks 2026-04-29 22:25:55 +01:00
Vincent Koc
cd6efd1a42 chore(ci): add MCP process CodeQL shard 
Adds the focused MCP/process/tool-execution CodeQL security shard and documents it in CI docs.

Proof:
- Branch CodeQL security run https://github.com/openclaw/openclaw/actions/runs/25132942030 passed on 9d8ca2bae7.
- New mcp-process-tool-boundary analysis 1200250367 returned 0 results.
- Branch open CodeQL alerts: none.
- Workflow Sanity, Blacksmith Testbox, Blacksmith Build Artifacts Testbox, and OpenGrep PR Diff passed.
 2026-04-29 13:48:53 -07:00
Vincent Koc
c9156cd9a8 chore(ci): add network SSRF CodeQL shard 
Adds a narrow critical-security CodeQL shard for the network/SSRF boundary and documents the new category.
 2026-04-29 13:08:46 -07:00
Mason Huang
7108414009 ci: add codeql quality profile input (#74348) 
* ci: add codeql quality profile input

* ci: gate codeql quality profiles

* ci: ignore spec files in codeql shard
 2026-04-29 22:39:54 +08:00
Mason Huang
dda765c445 ci: add plugin sdk package contract codeql quality shard (#74342) 2026-04-29 21:33:11 +08:00
Peter Steinberger
1446069707 ci: speed up release live smoke retries 2026-04-29 12:33:52 +01:00
Peter Steinberger
427d5d4f69 ci: guard unused dead-code files 2026-04-29 11:35:34 +01:00
Peter Steinberger
6cea276976 ci: shard release docker plugin validation 2026-04-29 11:33:24 +01:00
Peter Steinberger
422d139ba0 refactor: simplify e2e fixture helpers 2026-04-29 10:08:34 +01:00
Peter Steinberger
72cf700fbf ci: add Knip dependency check 
Add a dependency-only Knip CI shard, keep full unused-file mode manual, and scope pnpm's release-age override to the latest Knip dlx install.
 2026-04-29 09:10:48 +01:00
Vincent Koc
b85cf280c7 fix(ci): gate plugin prerelease docker suite 2026-04-29 01:06:57 -07:00
Peter Steinberger
a0fd105e5e ci: split plugin prerelease validation 2026-04-29 08:21:12 +01:00
Vincent Koc
6a3310bbda chore(ci): add memory CodeQL quality shard 
Adds a narrow CodeQL Critical Quality shard for the memory host/runtime boundary.
 2026-04-29 00:18:30 -07:00
Peter Steinberger
6a4c866b6a ci: speed up broad validation setup 2026-04-29 07:36:55 +01:00
Vincent Koc
1d87d757e9 ci: add mcp process codeql quality shard 2026-04-28 23:36:34 -07:00
Vincent Koc
6186ed2c07 ci: rename codeql quality baseline shard 2026-04-28 22:52:55 -07:00
Peter Steinberger
996c9d71e9 ci(test): reserve plugin prerelease for release validation 2026-04-29 06:20:38 +01:00
Vincent Koc
2f04731a48 ci: shard web media codeql quality 2026-04-28 22:18:21 -07:00
Vincent Koc
0a8a255733 ci: restrict plugin prerelease suite to mega runs 2026-04-28 21:50:16 -07:00
Peter Steinberger
806a0119f3 ci(release): reuse live test Docker image 2026-04-29 05:25:42 +01:00
Vincent Koc
e53c45ba94 ci: shard control ui codeql quality 
Adds a narrow CodeQL Critical Quality shard for the Control UI/control-plane surface and fixes the custom-theme font-family ReDoS finding discovered by the new shard.
 2026-04-28 20:24:19 -07:00
Peter Steinberger
3dc6e408b9 ci(release): isolate channel live qa from provider latency 2026-04-29 04:22:01 +01:00
Peter Steinberger
ba0f2e948f ci: preinstall ffmpeg for live media checks 2026-04-29 03:48:33 +01:00
Vincent Koc
09e2cf1103 ci: right-size codeql quality runners 
Run CodeQL Critical Quality on 4 vCPU Blacksmith runners.
 2026-04-28 19:26:45 -07:00
Vincent Koc
9c9dcd4d5d ci: shard agent runtime codeql quality 
Add the agent runtime boundary to the CodeQL Critical Quality workflow.
 2026-04-28 16:18:33 -07:00
Vincent Koc
3ae69498e2 ci: shard channel codeql security 
Add a narrow channel-runtime CodeQL critical-security shard and document it.
 2026-04-28 12:46:44 -07:00
Vincent Koc
bb0461b682 ci: shard channel codeql quality 
Add a narrow channel-runtime CodeQL critical-quality shard and document it.
 2026-04-28 11:52:54 -07:00
Vincent Koc
e476523082 ci: shard gateway codeql quality 
Add a narrow gateway/runtime CodeQL critical-quality shard and document it.
 2026-04-28 11:16:48 -07:00
Vincent Koc
e10f493160 ci: shard config codeql quality 
Split config quality CodeQL results into a separate category while keeping the default quality bucket narrow.
 2026-04-28 04:00:14 -07:00
Vincent Koc
77192572f6 ci: split macos codeql shard 
Split the slow macOS CodeQL job into its own weekly/manual workflow and keep the daily CodeQL default on the fast JS/Actions security path.
 2026-04-28 03:14:07 -07:00
Vincent Koc
5820a48fca ci: add plugin boundary codeql quality shard (#73447) 2026-04-28 02:30:33 -07:00
Vincent Koc
b6a21cde34 ci: schedule android codeql shard (#73430) 2026-04-28 01:54:57 -07:00
Peter Steinberger
67b16a4a6d fix: centralize source reply delivery mode 2026-04-28 09:14:19 +01:00
Vincent Koc
dbab162abd ci: split codeql quality workflow (#73404) 2026-04-28 01:04:59 -07:00
Peter Steinberger
a811e164e3 ci: speed up full release validation 2026-04-28 09:02:57 +01:00
Peter Steinberger
f5a7632ffc ci: allow legacy package stamp warnings 2026-04-28 08:31:16 +01:00
Peter Steinberger
e5452a9c57 ci: speed up release validation 2026-04-28 03:52:05 +01:00
Peter Steinberger
b90f29d313 ci: split native live release shards 2026-04-28 00:49:10 +01:00
Peter Steinberger
f1edd601bc ci: split release qa parity lanes 2026-04-28 00:05:33 +01:00
Peter Steinberger
39e3d8d31d ci: shard release validation reruns 2026-04-27 23:38:13 +01:00
Peter Steinberger
54e13d4910 ci: split release validation slow shards 2026-04-27 20:30:17 +01:00
Vincent Koc
e864fd39cc fix(ci): narrow CodeQL critical scan (#72982) 2026-04-27 11:42:42 -07:00
Peter Steinberger
2243a68a1d ci: shard release live validation 2026-04-27 14:24:10 +01:00
Peter Steinberger
fd4b59a906 ci: keep release checks compatible with stable refs 2026-04-27 13:59:49 +01:00