Skip to content
CI

docs: broaden positioning β€” agents for software teams, not just coding #19

Sign in to view logs

docs: broaden positioning β€” agents for software teams, not just coding

docs: broaden positioning β€” agents for software teams, not just coding #19

Workflow file for this run

.github/workflows/ci.yml at 41dfa09
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "22"
- name: Install slack-bridge dependencies
run: cd slack-bridge && npm ci
- name: Test β€” bridge security (71 tests)
run: cd slack-bridge && node --test security.test.mjs
- name: Test β€” tool-guard (60 tests)
run: cd pi/extensions && node --test tool-guard.test.mjs
- name: Test β€” extension scanner (15 tests)
run: cd bin && node --test scan-extensions.test.mjs
- name: Test β€” safe-bash wrapper (24 tests)
run: cd bin && bash hornet-safe-bash.test.sh
- name: Test β€” log redaction (11 tests)
run: cd bin && bash redact-logs.test.sh
# security-audit.sh checks live system state (running services, firewall,
# /proc mounts) that doesn't exist in CI. Run it locally instead:
# cd bin && bash security-audit.test.sh
secret-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install detect-secrets
run: pip install detect-secrets
- name: Check for new secrets
run: |
# Scan the repo and compare against the audited baseline.
# Fails if any NEW secrets are found that aren't in the baseline.
detect-secrets scan \
--baseline .secrets.baseline \
--exclude-files 'node_modules/.*' \
--exclude-files '\.git/.*' \
--exclude-files 'package-lock\.json'
# Verify no unaudited secrets remain
if detect-secrets audit --report --baseline .secrets.baseline 2>&1 | grep -q 'Unaudited'; then
echo "❌ Unaudited secrets found β€” run: detect-secrets audit .secrets.baseline"
exit 1
fi