harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

docs(ci): define phase-1 actions source allowlist policy (#405)

Browse source
This commit is contained in:
Will Sarg 2026-02-16 12:26:10 -05:00 committed by GitHub
parent 40e592ffed
commit 90deb8fd5e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 65 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
AGENTS.md
View file

@ -250,6 +250,7 @@ Use these rules to keep the trait/factory architecture stable under growth.
- Include threat/risk notes and rollback strategy.
- Add/update tests or validation evidence for failure modes and boundaries.
- Keep observability useful but non-sensitive.
- For `.github/workflows/**` changes, include Actions allowlist impact in PR notes and update `docs/actions-source-policy.md` when sources change.
## 8) Validation Matrix
@ -378,6 +379,7 @@ Reference docs:
- `docs/pr-workflow.md`
- `docs/reviewer-playbook.md`
- `docs/ci-map.md`
- `docs/actions-source-policy.md`
## 10) Anti-Patterns (Do Not)