name: openclaw-codeql-session-diagnostics-boundary-critical-quality

disable-default-queries: true

queries:
  - uses: security-and-quality

query-filters:
  - include:
      problem.severity:
        - error
  - exclude:
      tags:
        - security

paths:
  - src/auto-reply/reply/queue
  - src/auto-reply/reply/post-compaction-context.ts
  - src/auto-reply/reply/startup-context.ts
  - src/infra/diagnostic-*.ts
  - src/infra/diagnostics-timeline.ts
  - src/infra/session-delivery-queue*.ts
  - src/infra/outbound/base-session-key.ts
  - src/infra/outbound/delivery-queue*.ts
  - src/infra/outbound/outbound-session.ts
  - src/infra/outbound/session-binding*.ts
  - src/infra/outbound/session-context.ts
  - src/infra/outbound/targets-session.ts
  - src/logging/diagnostic*.ts
  - src/commands/doctor-session-*.ts
  - src/commands/session-store-targets.ts
  - src/commands/sessions*.ts

paths-ignore:
  - "**/node_modules"
  - "**/coverage"
  - "**/*.generated.ts"
  - "**/*.bundle.js"
  - "**/*-runtime.js"
  - "**/*.test.ts"
  - "**/*.test.tsx"
  - "**/*.e2e.test.ts"
  - "**/*.e2e.test.tsx"
  - "**/*test-support*"
  - "**/*test-helper*"
  - "**/*mock*"
  - "**/*fixture*"
  - "**/*bench*"