ci: shard channel codeql quality

Add a narrow channel-runtime CodeQL critical-quality shard and document it.
2026-05-06 10:50:44 +00:00 · 2026-04-28 11:52:54 -07:00
parent 6d542ebcee
commit bb0461b682
3 changed files with 56 additions and 0 deletions
--- a/docs/ci.md
+++ b/docs/ci.md
@@ -252,6 +252,8 @@ separate `/codeql-critical-quality/config-boundary` category. The
 gateway-runtime-boundary job scans gateway protocol schemas and server method
 contracts under the separate
 `/codeql-critical-quality/gateway-runtime-boundary` category. The
+channel-runtime-boundary job scans core channel implementation contracts under
+the separate `/codeql-critical-quality/channel-runtime-boundary` category. The
 plugin-boundary job scans loader, registry, public-surface, and Plugin SDK
 entrypoint contracts under a separate `/codeql-critical-quality/plugin-boundary`
 category. Keep the workflow separate from security so quality findings can be