vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-10 12:20:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
spawn/.github/workflows
History
L 56ba47109c
feat: add security review team for PR review (#543) (#730) 
* feat: add security review team for PR review (#543)

Adds a security team that automatically reviews every PR for security
issues (injection, credential leaks, unsafe patterns, macOS compat)
and sends Slack notifications to #spawn when concerns are found.

- security.sh: dual-mode cycle script (PR review + scheduled scan)
- security.yml: GitHub Actions workflow on pull_request events
- start-security.sh: gitignored wrapper with secrets (deployed)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat: expand security team with hygiene, scan modes + auto-merge clean PRs

- PR mode: 2-agent team (code-reviewer + test-verifier) reviews PRs.
  If zero findings, auto-approves AND merges. If concerns, requests
  changes and sends Slack notification to #spawn.
- Hygiene mode (every 6h): pr-triager + branch-cleaner close stale PRs,
  file follow-up issues, delete orphan branches.
- Scan mode (daily): shell-auditor + code-auditor + drift-detector
  perform full repo security audit, file GitHub issues for findings.
- All modes use Claude Code agent teams (TeamCreate, parallel teammates
  via Task tool, SendMessage coordination, TaskList monitoring).
- Workflow updated with schedule triggers and workflow_dispatch inputs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: upgrade all security auditor agents to Opus model

All security-critical roles (code-reviewer, pr-triager, shell-auditor,
code-auditor) now use Opus. Helper roles (test-verifier, branch-cleaner,
drift-detector) remain on Haiku.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: auto-merge PRs with MEDIUM/LOW or no findings

Only CRITICAL/HIGH findings block a PR. MEDIUM/LOW are informational
notes included in the approving review — PR still gets merged.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Sprite <noreply@sprites.dev>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-12 14:04:38 -08:00
..
cli-release.yml fix: download pre-built CLI from GitHub release when local build fails (#728) 2026-02-12 13:48:45 -08:00
discovery.yml fix: Force HTTP/1.1 for streaming to avoid HTTP/2 stream errors 2026-02-10 22:51:35 +00:00
lint.yml ci: add shellcheck linting infrastructure 2026-02-08 01:08:34 +00:00
qa.yml QA-Bot setup (#335) 2026-02-10 19:51:07 -08:00
refactor.yml fix: Force HTTP/1.1 for streaming to avoid HTTP/2 stream errors 2026-02-10 22:51:35 +00:00
security.yml feat: add security review team for PR review (#543) (#730) 2026-02-12 14:04:38 -08:00