@@ -293,8 +293,9 @@ default workflow because the macOS build dominates runtime even when clean.
|
293 | 293 | The `CodeQL Critical Quality` workflow is the matching non-security shard. It |
294 | 294 | runs only error-severity, non-security JavaScript/TypeScript quality queries |
295 | 295 | over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its |
296 | | -manual dispatch accepts `profile=all|plugin-sdk-package-contract`; the narrow |
297 | | -profile is the first teaching/iteration hook for running one quality shard in |
| 296 | +manual dispatch accepts |
| 297 | +`profile=all|plugin-sdk-package-contract|session-diagnostics-boundary`; the |
| 298 | +narrow profiles are teaching/iteration hooks for running one quality shard in |
298 | 299 | isolation without dispatching the rest of the workflow. |
299 | 300 | Its |
300 | 301 | core-auth-secrets job scans auth, secrets, sandbox, cron, and gateway security |
@@ -316,7 +317,10 @@ supervision helpers, and outbound delivery contracts under the separate
|
316 | 317 | memory-runtime-boundary job scans the memory host SDK, memory runtime facades, |
317 | 318 | memory Plugin SDK aliases, memory runtime activation glue, and memory doctor |
318 | 319 | commands under the separate `/codeql-critical-quality/memory-runtime-boundary` |
319 | | -category. The |
| 320 | +category. The session-diagnostics-boundary job scans reply queue internals, |
| 321 | +session delivery queues, outbound session binding/delivery helpers, diagnostic |
| 322 | +event/log bundle surfaces, and session doctor CLI contracts under the separate |
| 323 | +`/codeql-critical-quality/session-diagnostics-boundary` category. The |
320 | 324 | ui-control-plane job scans Control UI bootstrap, local persistence, gateway |
321 | 325 | control flows, and task control-plane runtime contracts under the separate |
322 | 326 | `/codeql-critical-quality/ui-control-plane` category. The |
|