From aac3660db6ffadb59737fb36fa17e37686c470e1 Mon Sep 17 00:00:00 2001 From: metyatech Date: Wed, 18 Feb 2026 10:48:37 +0900 Subject: [PATCH] chore: bring repo into compliance with security and local rules standards This commit adds a security workflow with osv-scanner, includes the missing local release rules in the ruleset, adds keywords to package.json, and fixes dependency vulnerabilities. Note: AGENTS.md was not regenerated to avoid overlap with PR #8, and @types/diff was excluded for the same reason. --- .github/workflows/security.yml | 23 +++++++++++++++++++++++ AGENTS.md | 6 ++++++ CHANGELOG.md | 5 +++++ agent-ruleset.json | 23 ++++++++++++----------- package.json | 3 ++- 5 files changed, 48 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..1161531 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,23 @@ +name: Security + +on: + push: + branches: + - main + pull_request: + schedule: + - cron: "0 0 * * 1" # Weekly on Monday + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run OSV-Scanner + uses: google/osv-scanner-action/osv-scanner-action@v1 + with: + scan-args: |- + --recursive + ./ diff --git a/AGENTS.md b/AGENTS.md index 8f98268..ca1b00c 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -514,3 +514,9 @@ Source: agent-rules-local/compose-agentsmd-local.md # Compose-Agentsmd Local Overrides - For this repository only, generate AGENTS.md using `npm run compose` (do not run `compose-agentsmd` directly). + +Source: agent-rules-local/release.md + +# Distribution and release + +- After publishing this repository, update the globally installed CLI to the latest version. diff --git a/CHANGELOG.md b/CHANGELOG.md index a1bc866..9f51413 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ All notable changes to this project will be documented in this file. +## [Unreleased] +- Added `agent-rules-local/release.md` to the local ruleset to ensure distribution and release rules are included in `AGENTS.md`. +- Added a security workflow using `osv-scanner` for automated dependency vulnerability scanning. +- Added `metyatech` to `package.json` keywords. + ## 3.3.1 - 2026-02-18 - Updated `ajv` in `package-lock.json` to `8.18.0` via `npm audit fix` to remediate a moderate advisory. diff --git a/agent-ruleset.json b/agent-ruleset.json index 913d996..75a2d6e 100644 --- a/agent-ruleset.json +++ b/agent-ruleset.json @@ -1,12 +1,13 @@ { - "source": "github:metyatech/agent-rules", - "domains": [ - "cli", - "node", - "release" - ], - "extra": [ - "agent-rules-local/compose-agentsmd-local.md" - ], - "output": "AGENTS.md" -} + "source": "github:metyatech/agent-rules", + "domains": [ + "cli", + "node", + "release" + ], + "extra": [ + "agent-rules-local/compose-agentsmd-local.md", + "agent-rules-local/release.md" + ], + "output": "AGENTS.md" +} diff --git a/package.json b/package.json index b493de1..e343460 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,8 @@ "agentsmd", "rules", "cli", - "markdown" + "markdown", + "metyatech" ], "type": "module", "bin": {