@@ -294,9 +294,9 @@ The `CodeQL Critical Quality` workflow is the matching non-security shard. It
|
294 | 294 | runs only error-severity, non-security JavaScript/TypeScript quality queries |
295 | 295 | over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its |
296 | 296 | manual dispatch accepts |
297 | | -`profile=all|plugin-sdk-package-contract|session-diagnostics-boundary`; the |
298 | | -narrow profiles are teaching/iteration hooks for running one quality shard in |
299 | | -isolation without dispatching the rest of the workflow. |
| 297 | +`profile=all|plugin-sdk-package-contract|plugin-sdk-reply-runtime|session-diagnostics-boundary`; |
| 298 | +the narrow profiles are teaching/iteration hooks for running one quality shard |
| 299 | +in isolation without dispatching the rest of the workflow. |
300 | 300 | Its |
301 | 301 | core-auth-secrets job scans auth, secrets, sandbox, cron, and gateway security |
302 | 302 | boundary code under the separate `/codeql-critical-quality/core-auth-secrets` |
@@ -321,6 +321,10 @@ category. The session-diagnostics-boundary job scans reply queue internals,
|
321 | 321 | session delivery queues, outbound session binding/delivery helpers, diagnostic |
322 | 322 | event/log bundle surfaces, and session doctor CLI contracts under the separate |
323 | 323 | `/codeql-critical-quality/session-diagnostics-boundary` category. The |
| 324 | +plugin-sdk-reply-runtime job scans Plugin SDK inbound reply dispatch, reply |
| 325 | +payload/chunking/runtime helpers, channel reply options, delivery queues, and |
| 326 | +session/thread binding helpers under the separate |
| 327 | +`/codeql-critical-quality/plugin-sdk-reply-runtime` category. The |
324 | 328 | ui-control-plane job scans Control UI bootstrap, local persistence, gateway |
325 | 329 | control flows, and task control-plane runtime contracts under the separate |
326 | 330 | `/codeql-critical-quality/ui-control-plane` category. The |
|