chore(ci): add MCP process CodeQL shard · openclaw/openclaw@cd6efd1
vincentkoc
·
2026-04-30
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -267,6 +267,11 @@ JS/TS category. The network-ssrf-boundary job scans core SSRF, IP parsing,
|
267 | 267 | network guard, web-fetch, and Plugin SDK SSRF policy surfaces under the |
268 | 268 | `/codeql-critical-security/network-ssrf-boundary` category so network trust |
269 | 269 | boundary signal stays separate from the broader JS/TS security baseline. |
| 270 | +The mcp-process-tool-boundary job scans MCP servers, process execution helpers, |
| 271 | +outbound delivery, and agent tool-execution gates under the |
| 272 | +`/codeql-critical-security/mcp-process-tool-boundary` category so command and |
| 273 | +tool boundary signal stays separate from both the general JS/TS baseline and |
| 274 | +the non-security MCP/process quality shard. |
270 | 275 | |
271 | 276 | The `CodeQL Android Critical Security` workflow is the scheduled Android |
272 | 277 | security shard. It builds the Android app manually for CodeQL on the smallest |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。