From cd6efd1a42acbdbdff90f37f96f114323e701dfa Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Wed, 29 Apr 2026 13:48:53 -0700 Subject: [PATCH] chore(ci): add MCP process CodeQL shard Adds the focused MCP/process/tool-execution CodeQL security shard and documents it in CI docs. Proof: - Branch CodeQL security run https://github.com/openclaw/openclaw/actions/runs/25132942030 passed on 9d8ca2bae7ca9557a0d9a5331a5dd261d90d30c1. - New mcp-process-tool-boundary analysis 1200250367 returned 0 results. - Branch open CodeQL alerts: none. - Workflow Sanity, Blacksmith Testbox, Blacksmith Build Artifacts Testbox, and OpenGrep PR Diff passed. --- ...rocess-tool-boundary-critical-security.yml | 58 +++++++++++++++++++ .github/workflows/codeql.yml | 5 ++ docs/ci.md | 5 ++ 3 files changed, 68 insertions(+) create mode 100644 .github/codeql/codeql-mcp-process-tool-boundary-critical-security.yml diff --git a/.github/codeql/codeql-mcp-process-tool-boundary-critical-security.yml b/.github/codeql/codeql-mcp-process-tool-boundary-critical-security.yml new file mode 100644 index 00000000000..14268aeaf85 --- /dev/null +++ b/.github/codeql/codeql-mcp-process-tool-boundary-critical-security.yml @@ -0,0 +1,58 @@ +name: openclaw-codeql-mcp-process-tool-boundary-critical-security + +disable-default-queries: true + +queries: + - uses: security-extended + +query-filters: + - include: + precision: + - high + - very-high + - exclude: + problem.severity: + - recommendation + - warning + +paths: + - src/mcp + - src/process + - src/infra/outbound + - src/agents/bash-tools.exec*.ts + - src/agents/bash-tools.process*.ts + - src/agents/exec-*.ts + - src/agents/execution-contract.ts + - src/agents/openclaw-plugin-tools.ts + - src/agents/openclaw-tools.runtime.ts + - src/agents/openclaw-tools.registration.ts + - src/agents/pi-tool-definition-adapter.ts + - src/agents/pi-tools.abort.ts + - src/agents/pi-tools.before-tool-call*.ts + - src/agents/pi-tools.host-edit.ts + - src/agents/pi-tools-parameter-schema.ts + - src/agents/pi-embedded-runner/effective-tool-policy.ts + - src/agents/pi-embedded-runner/tool-name-allowlist.ts + - src/agents/pi-embedded-runner/tool-schema-runtime.ts + - src/agents/tools/gateway-tool.ts + - src/agents/tools/message-tool.ts + - src/agents/tools/sessions-send-tool.ts + - src/agents/tools/sessions-spawn-tool.ts + - src/agents/tools/subagents-tool.ts + - src/agents/tools/tool-runtime.helpers.ts + +paths-ignore: + - "**/node_modules" + - "**/coverage" + - "**/*.generated.ts" + - "**/*.bundle.js" + - "**/*-runtime.js" + - "**/*.test.ts" + - "**/*.test.tsx" + - "**/*.e2e.test.ts" + - "**/*.e2e.test.tsx" + - "**/*test-support*" + - "**/*test-helper*" + - "**/*mock*" + - "**/*fixture*" + - "**/*bench*" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5d53f212a91..6f9170444b3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -51,6 +51,11 @@ jobs: runs_on: blacksmith-4vcpu-ubuntu-2404 timeout_minutes: 25 config_file: ./.github/codeql/codeql-network-ssrf-boundary-critical-security.yml + - language: javascript-typescript + category: mcp-process-tool-boundary + runs_on: blacksmith-4vcpu-ubuntu-2404 + timeout_minutes: 25 + config_file: ./.github/codeql/codeql-mcp-process-tool-boundary-critical-security.yml - language: actions category: actions runs_on: blacksmith-8vcpu-ubuntu-2404 diff --git a/docs/ci.md b/docs/ci.md index 63dab5a3fb8..d1e98e675d1 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -267,6 +267,11 @@ JS/TS category. The network-ssrf-boundary job scans core SSRF, IP parsing, network guard, web-fetch, and Plugin SDK SSRF policy surfaces under the `/codeql-critical-security/network-ssrf-boundary` category so network trust boundary signal stays separate from the broader JS/TS security baseline. +The mcp-process-tool-boundary job scans MCP servers, process execution helpers, +outbound delivery, and agent tool-execution gates under the +`/codeql-critical-security/mcp-process-tool-boundary` category so command and +tool boundary signal stays separate from both the general JS/TS baseline and +the non-security MCP/process quality shard. The `CodeQL Android Critical Security` workflow is the scheduled Android security shard. It builds the Android app manually for CodeQL on the smallest