Update (2026-02-28): Latest full-repository scan baseline is documented in /docs/MAJOR_SCAN_2026-02-28.md; deployment/rollout actions are tracked in /docs/DEPLOYMENT_RUNBOOK.md.
This document helps you keep track of the non-human contributors and automation tools installed in this repository.
These tools are currently configured and running.
| Bot Name | Role | Related Files |
|---|---|---|
| Release Drafter | Changelog Manager Automatically categorizes merged PRs and drafts GitHub releases with professional release notes. |
• .github/release-drafter.yml• .github/workflows/release-drafter.yml |
| Renovate | Dependency Manager Monitors package.json for outdated packages and opens PRs to update them. Smarter than Dependabot for monorepos. |
• renovate.json |
| Dependabot | Dependency Manager Automated dependency updates (GitHub native). |
• .github/dependabot.yml |
| CodeQL | Security Guardian Scans JavaScript/TypeScript code for vulnerabilities (XSS, SQLi, etc.) on every push. |
• .github/workflows/codeql.yml |
| Husky + Commitlint | Gatekeeper Runs locally to prevent bad commit messages. Ensures history stays clean for Release Drafter. |
• .husky/• commitlint.config.js |
| Codecov | Coverage Reporter Posts code coverage reports on PRs, tracks coverage trends, and can block merges if coverage drops. |
• .github/workflows/codecov.yml |
| Socket.dev | Supply-Chain Security Scans npm dependencies for malicious packages, typosquats, and supply-chain attacks on every PR. |
• .github/workflows/socket-security.yml |
| GitGuardian | Secret Leak Detection Scans every push and PR for leaked secrets (API keys, tokens, passwords) before they reach production. |
• .github/workflows/gitguardian.yml |
| Oracle Backend CI | Backend Quality Gate Runs Oracle backend tests, migration bootstrap checks (SQLite + Postgres), gosec, and govulncheck. |
• .github/workflows/oracle-backend-ci.yml |