mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-04 12:43:33 +00:00
Summary: - The PR adds a `process-exec-boundary` CodeQL high-security shard, wires it into the CodeQL workflow, expands PR path triggers for process-owning plugin/script paths, and updates CI docs. - PR surface: Docs +1, Config +87. Total +88 across 3 files. - Reproducibility: not applicable. this is CI/security-scanner configuration rather than a runtime bug. The behavior is source-reviewable and the exact-head `Security High (process-exec-boundary)` check passed. Automerge notes: - No ClawSweeper repair was needed after automerge opt-in. Validation: - ClawSweeper review passed for head066d54b633. - Required merge gates passed before the squash merge. Prepared head SHA:066d54b633Review: https://github.com/openclaw/openclaw/pull/92667#issuecomment-4698545987 Co-authored-by: Mason Huang <masonxhuang@tencent.com> Approved-by: hxy91819