vallum 0.8.10

Security boundary between AI coding agents and your shell — redacts secrets, neutralizes prompt injection, sanitizes untrusted terminal output, audits every command.
Documentation
name: Security audit
on:
  push:
    paths:
      - "**/Cargo.toml"
      - "**/Cargo.lock"
      - ".github/workflows/audit.yml"
  pull_request:
    paths:
      - "**/Cargo.toml"
      - "**/Cargo.lock"
  schedule:
    # Re-run weekly so newly published advisories are caught even when the
    # dependency set has not changed.
    - cron: "0 6 * * 1"
jobs:
  audit:
    runs-on: ubuntu-latest
    # rustsec/audit-check reports findings as a check run (and opens issues on
    # the scheduled run); without these write scopes it fails with
    # "Resource not accessible by integration" when posting results.
    permissions:
      contents: read
      checks: write
      issues: write
    steps:
      - uses: actions/checkout@v5
      - uses: rustsec/audit-check@v2.0.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}