gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
217 Commits 19 Branches 95 Tags
main
Commit Graph

85 Commits

Author SHA1 Message Date
davida-ps 9fd3059271 fix(traffic): require a traffic-capable PAT for the archive workflow (#265) 
* fix(traffic): use a traffic-capable PAT for the archive workflow

The daily Archive GitHub Traffic run has failed since creation: the
TRAFFIC_ARCHIVE_TOKEN secret was never provisioned, so the workflow fell
back to github.token, which GitHub categorically rejects on traffic
endpoints (403 "Resource not accessible by integration").

- Fall back to the existing POLL_NVD_CVES_PAT automation token instead
  of github.token, keeping TRAFFIC_ARCHIVE_TOKEN as the preferred
  override once provisioned.
- Fail fast with an actionable error when no traffic-capable token is
  configured.
- Explain token requirements in the script's 401/403 errors.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(traffic): require dedicated TRAFFIC_ARCHIVE_TOKEN, drop expired PAT fallback

A live dispatch confirmed POLL_NVD_CVES_PAT is expired (401 Bad
credentials), so falling back to it only trades one daily failure for
another. Require the dedicated secret and fail fast with setup
instructions instead.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
 2026-06-11 08:25:56 +03:00
davida-ps 1b676fd42c fix(skills): scan staged payload with SkillSpector (#264) 
* fix(skills): scan staged payload with skillspector

* fix(skills): embed skillspector report in releases

* fix(skills): use body path for release notes
 2026-06-10 17:18:54 +03:00
davida-ps 59d54ed778 fix(skills): namespace ClawHub skill slugs (#263) 
* fix(release): map ClawHub publish slugs

* fix(release): share skill platform parsing
 2026-06-10 16:39:19 +03:00
Burak Bayır d99f324f72 feat(openclaw-traffic-guardian): add social action review scope (#261) 
* feat(openclaw-traffic-guardian): add social action review scope

* fix(openclaw-traffic-guardian): cover background repeats

* fix(openclaw-traffic-guardian): address policy review release gates

* docs(openclaw-traffic-guardian): credit policy review contributor

* docs(openclaw-traffic-guardian): inline contributor credit

* docs(openclaw-traffic-guardian): reference policy review spec

* ci(skills): allow unreleased version edits

* ci(skills): use directory name for release tag checks

---------

Co-authored-by: kriptoburak <kriptoburak@users.noreply.github.com>
Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-06-10 14:46:52 +03:00
davida-ps c1d1824f86 ci(skills): publish release trust packets + expand skill installer awareness (vercel) (#262) 
* ci(skills): publish release trust packets

* ci(skills): simulate beta tag releases

* ci(skills): match release version bump rules

* chore(skills): group agent skills for installer

* chore(skills): make clawtributor global

* chore(skills): bump all skills for trust release

* ci(skills): require npx install docs

* fix(skills): simulate prerelease tag versions

* fix(skills): aggregate trust artifact checksum failures

* fix(frontend): advertise npx skills suite install

* chore(frontend): drop ad hoc homepage copy test

* fix(ci): run skill release tooling tests
 2026-06-10 13:22:22 +03:00
davida-ps cb58e588c5 fix(workflow): filter dispatched codeql runs with jq (#260) 2026-06-10 11:23:30 +03:00
davida-ps cfe1b40cf2 feat(traffic): archive repository traffic metrics (#252) 
* feat(traffic): archive repository traffic metrics

* fix(traffic): address archive review feedback

* fix(traffic): keep archive output json-only

* test(traffic): centralize archive fixture dates
 2026-06-04 11:00:13 +03:00
dependabot[bot] babddfd3f2 chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (#245) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-27 14:39:47 +03:00
davida-ps 47a5696cb6 fix(workflow): wait for dispatched codeql run by sha and time (#248) 2026-05-27 10:03:29 +03:00
davida-ps 4dbac421ab feat(advisories): add provisional GHSA feed (#242) 
* feat(advisories): add provisional ghsa feed

* fix(workflows): include advisory signatures in checksums

* fix(workflows): mirror ghsa feed at release root

* feat(advisories): consolidate ghsa into agent feed

* ci(advisories): consolidate ghsa during nvd poll

* fix(advisories): retain unreplaced ghsa feed entries

* chore(skills): bump advisory feed consumers

* fix(release): resolve ts import closure dry run

* fix(release): preserve urls while stripping comments

* fix(release): ignore skill test-only changes

* fix(advisories): follow ghsa pagination links

* test(advisories): add nvd ghsa pipeline dry run
 2026-05-24 21:41:59 +03:00
David Abutbul 19c5113511 fix(attestation): include runtime libs in release sbom (#235) 
* fix(attestation): include runtime libs in release sbom

* ci: verify staged skill release import closure

* fix(release): include missing skill runtime sbom files

* fix(release): require files for import closure

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-05-17 00:40:12 +03:00
David Abutbul 1e48a955cc fix(release): exclude tests from skill payloads (#230) 
* fix(release): exclude tests from skill payloads

* fix(release): normalize test path filtering

* fix(release): prefer GitHub artifacts for non-OpenClaw installs

* fix(release): keep legacy ClawHub publishing

* fix(release): address skill packaging review feedback

* chore(skills): bump release versions

* feat(skills): surface recommended platforms

* docs(skills): add signed release verification

* fix(skills): normalize PR version bumps

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-05-14 14:38:58 +03:00
dependabot[bot] 0e503c3d5a chore(deps): bump github/codeql-action from 4.35.1 to 4.35.4 (#231) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...68bde559dea0fdcac2102bfdf6230c5f70eb485e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-12 10:11:49 +03:00
dependabot[bot] 9595dad58b chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#181) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.1.0 to 8.1.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-11 10:43:12 +03:00
davida-ps e4c1e07544 fix(skills-catalog): resolve platform metadata fallbacks (#229) 
* fix(skills-catalog): resolve platform metadata fallbacks

* fix(skills-catalog): harden platform metadata guards
 2026-05-10 16:07:31 +03:00
davida-ps dfe62457fb Include hermes-agent in NVD queries and export keywords to environment (#226) 
* fix(workflow): expand NVD Hermes coverage and keep keyword export

* fix(workflow): export concise nvd summary keywords
 2026-05-07 14:58:08 +03:00
dependabot[bot] 95f9d758ee chore(deps): bump actions/github-script from 8.0.0 to 9.0.0 (#180) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 13:06:01 +03:00
dependabot[bot] f6afc80aa2 chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#218) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 12:58:47 +03:00
dependabot[bot] 9462fe7e1b chore(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 (#219) 
Bumps [actions/configure-pages](https://github.com/actions/configure-pages) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/configure-pages/releases)
- [Commits](https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d)

---
updated-dependencies:
- dependency-name: actions/configure-pages
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 12:43:36 +03:00
dependabot[bot] e3337d0f33 chore(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#220) 
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](https://github.com/actions/upload-pages-artifact/compare/7b1f4a764d45c48632c6b24a0339c27f5614fb0b...fc324d3547104276b827a68afc52ff2a11cc49c9)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 11:13:41 +03:00
davida-ps 72663ab80b fix(codeql): ignore generated dist artifacts (#216) 2026-05-04 11:37:37 +03:00
dependabot[bot] d23f1f9612 chore(deps): bump aquasecurity/trivy-action (#184) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from e368e328979b113139d6f9068e03accaed98a518 to ed142fd0673e97e23eac54620cfb913e5ce36c25.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/e368e328979b113139d6f9068e03accaed98a518...ed142fd0673e97e23eac54620cfb913e5ce36c25)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 264c9c5e188ea085e7377fd77abd17bfbd4e5926
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 18:11:57 +03:00
dependabot[bot] ef6b5f63d4 chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#179) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 18:06:10 +03:00
dependabot[bot] 12afd15dd6 chore(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#182) 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 18:00:01 +03:00
David Abutbul b37162a33d feat(i18n): add multilingual wiki scaffolding, language switcher, and… (#212) 
* feat(i18n): add multilingual wiki scaffolding, language switcher, and translation QA pipeline

* docs(readme): adopt picoclaw-style multilingual link bar

* fix(i18n): repair localized index links and tighten partial-pair QA

* ci(i18n): fail on broken markdown links in README/wiki

* ci(i18n): add changed-files mode for markdown link checks

* i18n(de): use local Argos MT to fill untranslated German sections

* i18n(es,fr): fill untranslated sections via local Argos workflow

* i18n(ja): fill untranslated sections with scoped local Argos pass

* i18n(ko): fill untranslated sections with scoped local Argos pass

* fix(i18n): address review feedback

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-04-29 09:00:31 +03:00
David Abutbul 0d2e38ddfd Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs (#208) 
* Add Picoclaw guardian + posture-review skills at v0.0.1 with wiki docs

* fix(feed): add picoclaw to core platform taxonomy and filters

* fix(picoclaw): resolve eslint errors in new skills

* chore(nvd): include picoclaw in CVE polling and cleanup report

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
 2026-04-26 14:19:18 +03:00
davida-ps 1efb813ed4 fix(nvd): support full CVE rebuild without arg overflow (#204) 
* fix(nvd): add hermes query specs to feed polling

* fix(nvd): derive platform fallback from matched targets

* fix(nvd): avoid arg overflow on full cve rescan

* fix(feed): add other platform filter for nonstandard slugs

* refactor(feed): centralize advisory platform badge mapping

* fix(feed): share platform normalization and fix tab callback typing

* refactor(feed): simplify platform descriptor fallback
 2026-04-22 13:58:34 +03:00
davida-ps c54f09c3a4 fix(nvd): add hermes query specs to feed polling (#203) 
* fix(nvd): add hermes query specs to feed polling

* fix(nvd): derive platform fallback from matched targets
 2026-04-21 16:18:45 +03:00
davida-ps d0fe8c59c4 fix(release): guard duplicate clawhub versions and bump watchdog to 0.1.4 (#201) 2026-04-17 10:07:45 +03:00
davida-ps c72f366354 fix(ci): harden nvd/scorecard dependency guardrails (#177) 
* fix(ci): harden nvd/scorecard dependency guardrails

* fix(ci): upsert nvd advisory PRs and dedupe stale branches

* fix(ci): paginate NVD PR lookup and expand scorecard triggers
 2026-04-09 10:30:20 +03:00
dependabot[bot] 6c17509c80 chore(deps): bump actions/setup-python from 5.4.0 to 6.2.0 (#108) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.4.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5.4.0...a309ff8b426b58ec0e2a45f0f869d46889d02405)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-09 00:22:37 +03:00
dependabot[bot] eeb1a5d632 chore(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 (#135) 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.5.0 to 2.6.1.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...153bb8e04406b158c6c84fc1615b65b24149a1fe)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 23:58:19 +03:00
dependabot[bot] b39fe73e45 chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 (#159) 
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages) from 4.0.5 to 5.0.0.
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128)

---
updated-dependencies:
- dependency-name: actions/deploy-pages
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 23:53:52 +03:00
dependabot[bot] 7cafbd7d77 chore(deps): bump github/codeql-action from 4.32.4 to 4.35.1 (#160) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.4 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...c10b8064de6f491fea524254123dbe5e09572f13)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-08 23:50:56 +03:00
davida-ps 9827f08769 chore(clawsec-suite): add 0.1.5 changelog entry (#174) 
* chore(clawsec-suite): add 0.1.5 changelog release notes

* fix(ci): enforce release notes for bumped skills
 2026-04-08 23:35:16 +03:00
davida-ps b996cff4bd fix(clawsec-suite): use release metadata for heartbeat version check (#173) 
* fix(clawsec-suite): stop false heartbeat update alerts

* chore(deps): remediate npm audit vulnerabilities

* docs(heartbeats): harden release lookup and fallback behavior

* chore(skills): remove prompt-agent

* chore(clawsec-suite): bump version to 0.1.5

* fix(ci): skip removed skills in skill-release validation
 2026-04-08 23:18:58 +03:00
davida-ps f0f0f1db97 fix(clawsec-scanner): release 0.0.2 with real OpenClaw DAST harness (#128) 
* fix(clawsec-scanner): ship real openclaw dast harness in 0.0.2

* fix(clawsec-scanner): classify ts harness limits as info coverage

* docs(wiki): add clawsec-scanner module documentation

* docs(release): add clawsec-suite install guidance to quick install text

* docs(readme): clarify standalone installs and suite optionality

* docs(readme): remove standalone quick-install block

* docs(readme): rename skill section and clarify suite start point
 2026-03-10 19:27:22 +02:00
dependabot[bot] e715c8a625 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#120) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.2.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/6044e13b5dc448c55e2357c09f80417699197238...53b83947a5a98c8d113130e565377fae1a50d02f)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-10 16:51:09 +02:00
dependabot[bot] 0fcc6e6b6d chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#107) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-10 13:55:23 +02:00
davida-ps 83ce1d0bf5 fix(release): enforce changelog match for tagged skill releases (#118) 2026-03-09 21:30:52 +02:00
davida-ps 81c2e60513 fix(ci): temporary clawhub publish workaround for MIT-0 consent (#117) 
* fix(ci): patch clawhub publish payload for temporary MIT-0 consent workaround

* fix(ci): make clawhub publish patch self-contained for tag republish

* fix(clawsec-nanoclaw): harden signature verification boundaries

* chore(clawsec-nanoclaw): bump version to 0.0.3

* fix(clawsec-nanoclaw): normalize integrity policy and baseline paths
 2026-03-09 19:30:22 +02:00
davida-ps 79c303fa3f fix(ci): restore github token flow for skill release (#99) 2026-03-02 09:47:42 +02:00
davida-ps e0eae65586 refactor(ci): extract shared exploitability enrichment helper (#95) 
* refactor(ci): share exploitability enrichment script

* refactor(scripts): reuse shared exploitability enricher in local feed
 2026-03-01 21:50:10 +02:00
davida-ps 8ad38dfdc6 feat(ci): add full-scan rebuild mode to NVD polling (#96) 2026-03-01 20:00:42 +02:00
davida-ps 3c336021d7 fix(ci): use valid setup-python pin in advisory workflows (#92) 2026-03-01 18:54:32 +02:00
davida-ps 073e771b73 Exploitability Context for CVE Advisories (#89) 
* feat(advisories): add exploitability context for CVE advisories

* fix(ci): align exploitability workflow with signing model

* docs(skills): add patch release changelog entries

* chore(clawsec-feed): bump version to 0.0.5

* chore(clawsec-suite): bump version to 0.1.4

* fix(clawsec-nanoclaw): align exploitability handling and nanoclaw integration

* chore(clawsec-nanoclaw): bump version to 0.0.2

* refactor(scripts): share feed path and mirror sync helpers

* refactor(utils): unify cvss vector parsing flow

* refactor(clawsec-nanoclaw): centralize advisory risk evaluation

* docs(exploitability): refresh release metadata dates

* fix(review): align feed signing and advisory dedupe

* chore(clawsec-feed): bump version to 0.0.6

* chore(clawsec-nanoclaw): bump version to 0.0.3

* fix(backfill): limit signing to target feed only

* fix(review): keep skill runtime verify-only and dedupe matching

* chore(clawsec-nanoclaw): bump version to 0.0.4

* chore(skills): align versions with published tags

* feat(feed): enrich local population with exploitability analysis

* docs(exploitability): mark backfill as historical flow
 2026-03-01 18:43:24 +02:00
davida-ps e4ca378603 Codex/fix poll nvd pr auth (#86) 
* chore(gitignore): ignore auto-claude workspace dir

* fix(ci): restore github token auth for poll-nvd workflow
 2026-02-27 09:00:17 +02:00
davida-ps 7c0aa37a05 fix pipelines (#83) 2026-02-26 12:25:52 +02:00
davida-ps fefecaa60a feat(wiki): add full in-app wiki browser and llms index (#80) 
* feat(wiki): add full in-app wiki browser and llms index

* feat(wiki): auto-generate per-page llms exports

* vuln package

* fix(wiki): guard malformed route decoding

* fix(wiki): preserve markdown anchor fragments across page links

* refactor(markdown): share default render components

* fix(wiki): block unsafe markdown link schemes

* fix(wiki): block unsafe markdown image schemes

* docs(wiki): migrate root docs into wiki pages

* chore(wiki): de-track generated llms exports

* chore(wiki): ignore generated public wiki artifacts

* fix(wiki): align llms urls with per-page endpoint pattern

* fix(wiki): derive llms index from wiki index page

* refactor(markdown): share frontmatter and title helpers

* refactor(wiki): share route and llms path mapping

* ci(pages): add pr verify workflow and tighten deploy triggers
 2026-02-26 10:43:36 +02:00
davida-ps 8132c23f41 Codex/wiki sync revert working (#79) 
* fix(wiki-sync): restore known-good pat auth flow

* fix(wiki-sync): restore github token write flow
 2026-02-26 00:37:50 +02:00