6dae4fe428
All checks were successful
CI / Unit & Component Tests (push) Successful in 3m51s
CI / OCR Service Tests (push) Successful in 23s
CI / Unit & Component Tests (pull_request) Successful in 4m43s
CI / Backend Unit Tests (push) Successful in 5m6s
CI / fail2ban Regex (push) Successful in 48s
CI / OCR Service Tests (pull_request) Successful in 23s
CI / Backend Unit Tests (pull_request) Successful in 5m10s
CI / Semgrep Security Scan (push) Successful in 23s
CI / fail2ban Regex (pull_request) Successful in 47s
CI / Compose Bucket Idempotency (push) Successful in 1m5s
CI / Semgrep Security Scan (pull_request) Successful in 23s
CI / Compose Bucket Idempotency (pull_request) Successful in 1m6s
SDD Gate / RTM Check (pull_request) Successful in 13s
SDD Gate / Contract Validate (pull_request) Successful in 24s
SDD Gate / Constitution Impact (pull_request) Successful in 17s
The npm-audit job filed its tracking issue via `curl -sf`, which collapses every HTTP >=400 into a bare "exit 22". When the NIGHTLY_AUDIT_TOKEN secret is missing, expired, or under-scoped, the step failed with an opaque `exitcode '22'` and no hint at the cause (run #6707). Route all five API calls through an `api()` helper that reads the HTTP status and, on >=400, emits an actionable `::error::` naming the status and the token secret before failing — without ever echoing the token value. Extend the in-workflow self-test (mocked curl) to cover both the success and HTTP-error paths. Closes #839 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
16 KiB
16 KiB