Merge upstream main

Author: vilsonrodrigues

.github/codeql/codeql-config.yml

@@ -0,0 +1,8 @@
+name: "CodeQL Config"
+
+# Exclude example files from CodeQL analysis
+# Examples contain fake credentials for demonstration purposes
+paths-ignore:
+  - "examples/**"
+  - "**/test_*.py"
+  - "tests/**"

.github/labeler.yml

@@ -0,0 +1,45 @@
+# Configuration for labeler action
+# https://github.com/actions/labeler
+
+# SDK code
+sdk:
+  - changed-files:
+    - any-glob-to-any-file: 'src/msgtrace/sdk/**'
+
+# Core/Parser code
+core:
+  - changed-files:
+    - any-glob-to-any-file: 'src/msgtrace/core/**'
+
+# Tests
+tests:
+  - changed-files:
+    - any-glob-to-any-file: 'tests/**'
+
+# Documentation
+documentation:
+  - changed-files:
+    - any-glob-to-any-file:
+      - '**/*.md'
+      - 'docs/**'
+
+# CI/CD
+ci:
+  - changed-files:
+    - any-glob-to-any-file:
+      - '.github/workflows/**'
+      - '.github/dependabot.yml'
+      - '.github/labeler.yml'
+
+# Dependencies
+dependencies:
+  - changed-files:
+    - any-glob-to-any-file:
+      - 'pyproject.toml'
+      - 'uv.lock'
+      - '.pre-commit-config.yaml'
+
+# Examples
+examples:
+  - changed-files:
+    - any-glob-to-any-file: 'examples/**'

.github/workflows/codeql.yml

@@ -0,0 +1,38 @@
+name: CodeQL Security Scan
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    # Run every Monday at 3am UTC
+    - cron: "0 3 * * 1"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze Python Code
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: python
+          # Queries: security-extended includes more security checks
+          queries: security-extended
+          # Use custom config to exclude example files
+          config-file: ./.github/codeql/codeql-config.yml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:python"

.github/workflows/labeler.yml

@@ -0,0 +1,132 @@
+name: Label PRs
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  label:
+    # Disabled: fails on fork PRs due to token permissions
+    if: false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Label PR based on files
+        uses: actions/labeler@v6
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          configuration-path: .github/labeler.yml
+
+      - name: Label PR based on size
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const pr = context.payload.pull_request;
+            const additions = pr.additions;
+            const deletions = pr.deletions;
+            const totalChanges = additions + deletions;
+
+            // Remove existing size labels
+            const existingLabels = pr.labels.map(label => label.name);
+            const sizeLabels = ['size/XS', 'size/S', 'size/M', 'size/L', 'size/XL'];
+            const labelsToRemove = existingLabels.filter(label => sizeLabels.includes(label));
+
+            for (const label of labelsToRemove) {
+              await github.rest.issues.removeLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: pr.number,
+                name: label
+              });
+            }
+
+            // Determine size label
+            let sizeLabel;
+            if (totalChanges < 10) {
+              sizeLabel = 'size/XS';
+            } else if (totalChanges < 50) {
+              sizeLabel = 'size/S';
+            } else if (totalChanges < 200) {
+              sizeLabel = 'size/M';
+            } else if (totalChanges < 500) {
+              sizeLabel = 'size/L';
+            } else {
+              sizeLabel = 'size/XL';
+            }
+
+            // Add new size label
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: pr.number,
+              labels: [sizeLabel]
+            });
+
+            core.info(`Added label: ${sizeLabel} (${totalChanges} changes)`);
+
+      - name: Label PR based on title
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const pr = context.payload.pull_request;
+            const title = pr.title.toLowerCase();
+
+            const labels = [];
+
+            // Conventional commit prefixes (case-insensitive with [] or () brackets)
+            const patterns = {
+              feat: /^(feat|FEAT)[\[:(]/,
+              fix: /^(fix|FIX)[\[:(]/,
+              docs: /^(docs|DOCS)[\[:(]/,
+              test: /^(test|TEST|tests|TESTS)[\[:(]/,
+              chore: /^(chore|CHORE)[\[:(]/,
+              refactor: /^(refactor|REFACTOR)[\[:(]/,
+              perf: /^(perf|PERF)[\[:(]/,
+              style: /^(style|STYLE)[\[:(]/,
+              ci: /^(ci|CI)[\[:(]/,
+            };
+
+            if (patterns.feat.test(pr.title)) {
+              labels.push('enhancement');
+            } else if (patterns.fix.test(pr.title)) {
+              labels.push('bug');
+            } else if (patterns.docs.test(pr.title)) {
+              labels.push('documentation');
+            } else if (patterns.test.test(pr.title)) {
+              labels.push('tests');
+            } else if (patterns.chore.test(pr.title)) {
+              labels.push('maintenance');
+            } else if (patterns.refactor.test(pr.title)) {
+              labels.push('refactor');
+            } else if (patterns.perf.test(pr.title)) {
+              labels.push('performance');
+            } else if (patterns.ci.test(pr.title)) {
+              labels.push('ci');
+            }
+
+            // Keywords
+            if (title.includes('breaking') || title.includes('breaking change')) {
+              labels.push('breaking-change');
+            }
+
+            if (title.includes('security')) {
+              labels.push('security');
+            }
+
+            // Add labels
+            if (labels.length > 0) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: pr.number,
+                labels: labels
+              });
+
+              core.info(`Added labels: ${labels.join(', ')}`);
+            }