nogoo9 / no-crd / 26614079157

70%

push

github

chore: bump version to 0.4.1 (#9)

* refactor: dynamically parse CLI options and resolve annotation keys from schemas

* refactor: delete src/config.ts and import config directly from folder

* docs: add ADR-007 for schema-driven configuration and unified annotation keys

* chore: bump version to 0.4.1

- Bump version to 0.4.1 in package.json, server.json, and src/ui/app.ts.
- Update CHANGELOG.md and docs/whats-new.md for release notes.
- Fix registry validation by ensuring mcpName is in package.json.
- Include OpenSSF Scorecard badge in README.md.
- Add OSSF Scorecard security analysis workflow.

* Add Semgrep workflow for code scanning (#10)

* ci: pin actions and disable credential persistence in semgrep workflow

- Pin actions/checkout to v4.2.2 SHA and add persist-credentials: false
- Pin github/codeql-action/upload-sarif to v3.28.6 SHA

* ci: fix incorrect action pin SHAs in scorecard and semgrep workflows

- Fix ossf/scorecard-action SHA typo (84ba46 → 80ba46)
- Replace fabricated codeql-action SHA with verified v3.36.0 commit SHA
- All SHAs verified against GitHub API

* ci: add /gha-security agent rule and workflow for workflow file changes

- New rule (.agents/rules/gha-security.md): triggers when .github/workflows/ files are modified
- New workflow (.agents/workflows/gha-security.md): verifies SHA-pinned actions via GitHub API and runs zizmor
- Updated GEMINI.md with the new rule and workflow entries

* docs: rewrite CONTRIBUTING.md for evolved project practices

- Document schema-driven configuration system and ANNOTATION_KEYS
- Add ADR authoring guidelines and link to existing ADRs
- Document AI agent skills, workflows, and rules
- Add GitHub Actions security policy (SHA pinning, zizmor)
- Update project structure, commands, and code style sections

---------

Co-authored-by: Antigravity Agent <agent@antigravity>

918 of 942 new or added lines in 29 files covered. (97.45%)

5022 of 7224 relevant lines covered (69.52%)

19.17 hits per line