Kazuki Yamada 5307a43158 chore(ci): harden similar-issues workflow with least-privilege split ...

decision(architecture): split into a read-only find job and a separate no-AI comment job, mirroring the triage workflow, so the step that reads issue content holds no write token and no shell access.
decision(find-tools): disable Bash/Edit/Write/MultiEdit/NotebookEdit/WebFetch/WebSearch/Task and return related issue numbers via --json-schema structured output. Pass the untrusted issue title to gh search after "--" so it cannot be parsed as an option.
decision(comment): build the comment from a fixed template, validate the model-chosen numbers against real repository issues, and render only the issue reference (#n) so no attacker-controlled text reaches the posted comment.

2026-05-25 23:50:43 +09:00

..

actions/repomix

chore(deps): update github-actions non-major dependencies

2026-05-16 07:14:22 +00:00

assets

Create github-like-sponsor-button.svg

2025-08-21 17:48:41 +02:00

instructions

feat(config): Reorganize agent rules and instructions

2025-06-22 23:12:19 +09:00

ISSUE_TEMPLATE

chore(deps): Drop Node.js 20, add Node.js 26 support

2026-05-09 18:49:37 +09:00

releases

docs(release): Add v1.14.0 release notes

2026-04-29 23:55:38 +09:00

scripts

style(perf-benchmark): Format regex with Biome

2026-03-29 21:15:31 +09:00

workflows

chore(ci): harden similar-issues workflow with least-privilege split

2026-05-25 23:50:43 +09:00

CODEOWNERS

chore: Add CODEOWNERS

2025-03-08 16:09:49 +09:00

copilot-instructions.md

chore(config): add GitHub Copilot instructions file

2025-07-12 00:52:11 +09:00

FUNDING.yml

chore(sponsor): Add FUNDING.yml

2024-08-12 02:35:04 +09:00

pull_request_template.md

chore(github): Add PR template

2024-11-23 17:49:54 +09:00

renovate.json5

chore(renovate): Include pin and digest updates in github-actions group

2026-05-09 21:22:54 +09:00

zizmor.yml

fix(ci): Use persist-credentials: false in store job checkout

2026-03-28 01:50:38 +09:00