spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-10 12:20:07 +00:00

History

L 56ba47109c feat: add security review team for PR review (#543 ) (#730 ) * feat: add security review team for PR review (#543) Adds a security team that automatically reviews every PR for security issues (injection, credential leaks, unsafe patterns, macOS compat) and sends Slack notifications to #spawn when concerns are found. - security.sh: dual-mode cycle script (PR review + scheduled scan) - security.yml: GitHub Actions workflow on pull_request events - start-security.sh: gitignored wrapper with secrets (deployed) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: expand security team with hygiene, scan modes + auto-merge clean PRs - PR mode: 2-agent team (code-reviewer + test-verifier) reviews PRs. If zero findings, auto-approves AND merges. If concerns, requests changes and sends Slack notification to #spawn. - Hygiene mode (every 6h): pr-triager + branch-cleaner close stale PRs, file follow-up issues, delete orphan branches. - Scan mode (daily): shell-auditor + code-auditor + drift-detector perform full repo security audit, file GitHub issues for findings. - All modes use Claude Code agent teams (TeamCreate, parallel teammates via Task tool, SendMessage coordination, TaskList monitoring). - Workflow updated with schedule triggers and workflow_dispatch inputs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: upgrade all security auditor agents to Opus model All security-critical roles (code-reviewer, pr-triager, shell-auditor, code-auditor) now use Opus. Helper roles (test-verifier, branch-cleaner, drift-detector) remain on Haiku. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: auto-merge PRs with MEDIUM/LOW or no findings Only CRITICAL/HIGH findings block a PR. MEDIUM/LOW are informational notes included in the approving review — PR still gets merged. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Sprite <noreply@sprites.dev> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-02-12 14:04:38 -08:00
..
ISSUE_TEMPLATE	chore: Improve issue templates and add CLI feature request	2026-02-11 16:34:01 +00:00
workflows	feat: add security review team for PR review (#543 ) (#730 )	2026-02-12 14:04:38 -08:00

feat: add security review team for PR review (#543 ) (#730 )

* feat: add security review team for PR review (#543)

Adds a security team that automatically reviews every PR for security
issues (injection, credential leaks, unsafe patterns, macOS compat)
and sends Slack notifications to #spawn when concerns are found.

- security.sh: dual-mode cycle script (PR review + scheduled scan)
- security.yml: GitHub Actions workflow on pull_request events
- start-security.sh: gitignored wrapper with secrets (deployed)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: expand security team with hygiene, scan modes + auto-merge clean PRs

- PR mode: 2-agent team (code-reviewer + test-verifier) reviews PRs.
  If zero findings, auto-approves AND merges. If concerns, requests
  changes and sends Slack notification to #spawn.
- Hygiene mode (every 6h): pr-triager + branch-cleaner close stale PRs,
  file follow-up issues, delete orphan branches.
- Scan mode (daily): shell-auditor + code-auditor + drift-detector
  perform full repo security audit, file GitHub issues for findings.
- All modes use Claude Code agent teams (TeamCreate, parallel teammates
  via Task tool, SendMessage coordination, TaskList monitoring).
- Workflow updated with schedule triggers and workflow_dispatch inputs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: upgrade all security auditor agents to Opus model

All security-critical roles (code-reviewer, pr-triager, shell-auditor,
code-auditor) now use Opus. Helper roles (test-verifier, branch-cleaner,
drift-detector) remain on Haiku.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: auto-merge PRs with MEDIUM/LOW or no findings

Only CRITICAL/HIGH findings block a PR. MEDIUM/LOW are informational
notes included in the approving review — PR still gets merged.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Sprite <noreply@sprites.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-02-12 14:04:38 -08:00

ISSUE_TEMPLATE

chore: Improve issue templates and add CLI feature request

2026-02-11 16:34:01 +00:00

workflows

feat: add security review team for PR review (#543 ) (#730 )

2026-02-12 14:04:38 -08:00