scbe-code-scanning-ops

Operate GitHub code scanning and CodeQL remediation for SCBE repositories. Use when triaging code-scanning alerts, mapping alert classes to fix patterns, validating targeted regressions, or wiring dedicated CodeQL workflows and runbooks into the repo.

6 stars

Best use case

scbe-code-scanning-ops is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Operate GitHub code scanning and CodeQL remediation for SCBE repositories. Use when triaging code-scanning alerts, mapping alert classes to fix patterns, validating targeted regressions, or wiring dedicated CodeQL workflows and runbooks into the repo.

Teams using scbe-code-scanning-ops should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/scbe-code-scanning-ops/SKILL.md --create-dirs "https://raw.githubusercontent.com/issdandavis/SCBE-AETHERMOORE/main/skills/codex-mirror/scbe-code-scanning-ops/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/scbe-code-scanning-ops/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How scbe-code-scanning-ops Compares

Feature / Agentscbe-code-scanning-opsStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Operate GitHub code scanning and CodeQL remediation for SCBE repositories. Use when triaging code-scanning alerts, mapping alert classes to fix patterns, validating targeted regressions, or wiring dedicated CodeQL workflows and runbooks into the repo.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# SCBE Code Scanning Ops

Use this skill when GitHub code scanning or CodeQL becomes a real work lane instead of a vague security backlog.

Pair this skill with:
- `gh-fix-ci` when a PR or workflow run is already failing
- `scbe-github-sweep-sorter` when security alerts need to be split into owned lanes before implementation

## Quick Start

1. Fetch or load the alert surface.
   - Live GitHub: `python skills/codex-mirror/scbe-code-scanning-ops/scripts/inspect_code_scanning_alerts.py --repo issdandavis/SCBE-AETHERMOORE`
   - Offline snapshot: `python skills/codex-mirror/scbe-code-scanning-ops/scripts/inspect_code_scanning_alerts.py --alerts-file artifacts/security/code_scanning_alerts.json`
2. Read `references/solution-logic.md` for the fix class that matches the alert.
3. Patch the code and add at least one deterministic regression test.
4. Re-run targeted tests locally.
5. Push or open a PR, then let `.github/workflows/codeql-analysis.yml` rescan.

## Workflow

### 1. Collect

Get the live alerts first when possible. If GitHub returns `404`, treat that as one of:
- code scanning is not enabled for the repo
- the current token lacks the necessary security scope
- the authenticated account cannot read security alerts for that repo

Do not guess. Capture the error and continue with an offline alert snapshot if one exists.

### 2. Classify

Sort alerts by fix class, not just by file path.

Common classes in this repo:
- `incomplete-url-substring-sanitization`
- `bad-html-filtering-regexp`
- `uncontrolled-path-expression`
- `clear-text-logging-or-storage`
- `dom-text-reinterpreted-as-html`
- `missing-rate-limiting`
- `resource-exhaustion`
- `biased-crypto-random-mapping`

Use `references/solution-logic.md` for the concrete repair patterns.

### 3. Fix

Prefer structural fixes over suppressions.

Examples:
- Replace URL substring checks with parsed URL validation and normalized host allowlists.
- Replace HTML regex filtering with escaping or parser-driven logic.
- Replace dynamic path joins with fixed-root resolution and `relative_to` checks.
- Replace secret logging with redacted fingerprints.

### 4. Verify

Every code-scanning fix should add:
- one deterministic regression test for the bad input
- one boundary or allowed-input test proving the safe path still works

Keep verification targeted. Do not wait on the entire repo when the alert class is local.

### 5. Promote

The dedicated workflow is:
- `.github/workflows/codeql-analysis.yml`

The CodeQL config is:
- `.github/codeql/codeql-config.yml`

Use the workflow to keep code scanning separate from the broader `security-checks.yml` lane.

## Output Contract

Minimum triage output:

```json
{
  "repo": "issdandavis/SCBE-AETHERMOORE",
  "alert_count": 3,
  "rules": {
    "py/incomplete-url-substring-sanitization": 2,
    "js/bad-tag-filter": 1
  },
  "top_paths": [
    "src/aetherbrowser/page_analyzer.py",
    "src/browser/toolkit.py"
  ],
  "next_action": "patch URL validation helpers and rerun targeted tests"
}
```

## References

- `references/solution-logic.md`
- `references/workflow-lane.md`

## Scripts

- `scripts/inspect_code_scanning_alerts.py`

Related Skills

scbe-training-pair-authoring

6
from issdandavis/SCBE-AETHERMOORE

Create prompt and response and metadata training pairs from SCBE documents, repair traces, terminal sessions, and operational workflows using the repository's canonical dataset contract and provenance rules.

scbe-spin-conversation-engine

6
from issdandavis/SCBE-AETHERMOORE

Generate SFT training data via radial matrix conversation pivots with D&D-style combat research mode. Produces diverse, cost-effective training pairs with Sacred Tongue encoding, golden spiral problem distribution, and harmonic re-attunement.

scbe-research-training-bridge

6
from issdandavis/SCBE-AETHERMOORE

Stage arXiv evidence and Obsidian markdown into source-grounded Hugging Face training bundles for research, review, and later SFT runs.

scbe-document-management

6
from issdandavis/SCBE-AETHERMOORE

Consolidate overlapping docs, classify files by authority, and keep SCBE repo documents aligned with runtime truth. Use when the repo has drift between canonical docs, public docs, proposal notes, research branches, and generated evidence.

scbe-colab-bridge

6
from issdandavis/SCBE-AETHERMOORE

Control Google Colab notebooks from Claude Code via Chrome extension. Execute cells, run terminal commands, read outputs, and manage GPU compute remotely.

scbe-claim-to-code-evidence

6
from issdandavis/SCBE-AETHERMOORE

Map SCBE Notion technical claims, proof pages, and patent-facing architecture notes to concrete repository evidence such as code paths, tests, demos, and docs. Use when Codex needs to build a due-diligence packet, claim-to-code audit, implementation crosswalk, patent support note, or proof summary from local Notion exports and repo artifacts.

scbe-autonomous-worker-productizer

6
from issdandavis/SCBE-AETHERMOORE

Turn SCBE automation, autonomous worker, and revenue-system notes into concrete offers, workflow packs, pilot plans, or SaaS-facing product packets. Use when Codex needs to package Notion automation pages into buyer-ready offerings, n8n/Zapier workflow designs, flock-backed worker systems, or implementation roadmaps tied to existing SCBE repo surfaces.

scbe-world-anvil-lore-rag-7th-tongue

6
from issdandavis/SCBE-AETHERMOORE

Build and operate a lore-focused RAG system using World Anvil exports and SCBE docs, with deterministic Claude/Codex cross-talk packets for handoff. Use when users ask to structure lore canon retrieval, sync worldbuilding data, enforce citation-grounded generation, or coordinate a 7th Tongue overseer lane across multiple AI agents.

scbe-webtoon-book-conversion

6
from issdandavis/SCBE-AETHERMOORE

Convert The Six Tongues Protocol and related manuscript sections into webtoon/manhwa storyboard packets, episode roadmaps, panel expansion plans, and image-generation-ready prompt lanes. Use when extending the series storyboard, adapting book chapters into vertical scroll episodes, or keeping art generation tied to canon instead of drifting into generic fantasy panels.

scbe-voice-render-verification

6
from issdandavis/SCBE-AETHERMOORE

Govern and verify SCBE voice rendering work that maps Langues weighting into breath, phase, and Layer 14 audio-axis packets. Use when implementing or reviewing `scripts/voice_gen_hf.py`, emitting sidecar voice packets, validating canonical tongue ordering, tuning breath planning or phase timing, or keeping voice docs and code aligned with `docs/LANGUES_WEIGHTING_SYSTEM.md` and `docs/specs/SCBE_VOICE_EMOTIONAL_TIMBRE_SYSTEM.md`.

scbe-universal-synthesis

6
from issdandavis/SCBE-AETHERMOORE

Orchestrate all installed Codex skills through an auto-updating synthesis matrix with Sacred Tongues routing, emotion/intent metadata, and decodable lexicon packets tied to established SCBE characters. Use when the user asks for cross-skill coordination, auto skill updates, multi-skill routing, or Sacred Tongues intent mapping.

scbe-system-engine

6
from issdandavis/SCBE-AETHERMOORE

Coordinate SCBE-AETHERMOORE math, automation, and service connectors so multi-agent systems can execute work end-to-end. Use when tasks require SCBE dimensional validation, AI-to-AI workflows, browser automation planning, Hugging Face or GitHub/Linear/Notion/Zapier integration, or self-improving skill updates.