mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-13 13:38:03 +03:00
davida-ps
9fd3059271
* fix(traffic): use a traffic-capable PAT for the archive workflow The daily Archive GitHub Traffic run has failed since creation: the TRAFFIC_ARCHIVE_TOKEN secret was never provisioned, so the workflow fell back to github.token, which GitHub categorically rejects on traffic endpoints (403 "Resource not accessible by integration"). - Fall back to the existing POLL_NVD_CVES_PAT automation token instead of github.token, keeping TRAFFIC_ARCHIVE_TOKEN as the preferred override once provisioned. - Fail fast with an actionable error when no traffic-capable token is configured. - Explain token requirements in the script's 401/403 errors. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * fix(traffic): require dedicated TRAFFIC_ARCHIVE_TOKEN, drop expired PAT fallback A live dispatch confirmed POLL_NVD_CVES_PAT is expired (401 Bad credentials), so falling back to it only trades one daily failure for another. Require the dedicated secret and fail fast with setup instructions instead. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>