[Sync] Update project files from source repository (b318071) (#172)

mrz1836 · web-flow · commit e69d44f379f0 · 2025-12-23T15:30:05.000-05:00
diff --git a/.github/.env.base b/.github/.env.base
@@ -235,7 +235,7 @@ REDIS_CACHE_FORCE_PULL=false           # Force pull Redis images even when cache
 # 🪄 MAGE-X CONFIGURATION
 # ================================================================================================
 
-MAGE_X_VERSION=v1.12.2                                        # https://github.com/mrz1836/mage-x/releases
+MAGE_X_VERSION=v1.13.0                                        # https://github.com/mrz1836/mage-x/releases
 MAGE_X_USE_LOCAL=false                                        # Use local version for development
 MAGE_X_CI_SKIP_STEP_SUMMARY=true                              # Skip duplicate test results in step summary (already in test validation summary)
 MAGE_X_AUTO_DISCOVER_BUILD_TAGS=true                          # Enable auto-discovery of build tags
@@ -290,14 +290,14 @@ GITLEAKS_NOTIFY_USER_LIST=@mrz1836
 # Empty = use default config
 GITLEAKS_CONFIG_FILE=
 
-# Nancy CVE Exclusions (known acceptable vulnerabilities)
-NANCY_EXCLUDES=CVE-2024-38513,CVE-2023-45142
+# Nancy CVE Exclusions (known acceptable vulnerabilities) (these are fake examples)
+NANCY_EXCLUDES=CVE-9999-12345,CVE-9999-43210
 
-# Govulncheck/Magex CVE Exclusions (known acceptable vulnerabilities)
-# Format: comma-separated CVE IDs (e.g., CVE-2024-38513,CVE-2023-45142)
+# Govulncheck/Magex CVE Exclusions (known acceptable vulnerabilities) (these are fake examples)
+# Format: comma-separated CVE IDs (e.g., CVE-9999-12345,CVE-9999-43210)
 # Used by: magex deps:audit (govulncheck) (env or param)
-# Can also be passed via: magex deps:audit exclude=CVE-2024-38513
-MAGE_X_CVE_EXCLUDES=CVE-2024-38513,CVE-2023-45142
+# Can also be passed via: magex deps:audit exclude=CVE-9999-12345
+MAGE_X_CVE_EXCLUDES=CVE-9999-12345,CVE-9999-43210
 
 # OSS Index Authentication for Nancy (optional)
 # Username (email) for OSS Index authentication - reduces rate limits and provides better vulnerability data
@@ -489,7 +489,7 @@ GO_BROADCAST_AI_PROVIDER=anthropic
 GO_BROADCAST_AI_MODEL=
 
 # Generation parameters
-GO_BROADCAST_AI_MAX_TOKENS=2000
+GO_BROADCAST_AI_MAX_TOKENS=5000
 GO_BROADCAST_AI_TIMEOUT=30
 GO_BROADCAST_AI_TEMPERATURE=0.3
 
@@ -506,3 +506,6 @@ GO_BROADCAST_AI_CACHE_MAX_SIZE=1000
 GO_BROADCAST_AI_RETRY_MAX_ATTEMPTS=3
 GO_BROADCAST_AI_RETRY_INITIAL_DELAY=1
 GO_BROADCAST_AI_RETRY_MAX_DELAY=10
+
+# Diff Debugging
+# GO_BROADCAST_DEBUG_DIFF_PATH=/tmp/debug-diff.txt
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -52,6 +52,8 @@ jobs:
   load-env:
     name: 🌍 Load Environment Variables
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # Required: Read repository content for sparse checkout
     # Only run on Dependabot PRs
     if: github.event.pull_request.user.login == 'dependabot[bot]'
     outputs:
diff --git a/.github/workflows/stale-check.yml b/.github/workflows/stale-check.yml
@@ -44,6 +44,8 @@ jobs:
   load-env:
     name: 🌍 Load Environment Variables
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # Required: Read repository content for sparse checkout
     outputs:
       env-json: ${{ steps.load-env.outputs.env-json }}
     steps:
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
@@ -56,6 +56,8 @@ jobs:
   load-env:
     name: 🌍 Load Environment Variables
     runs-on: ubuntu-latest
+    permissions:
+      contents: read # Required: Read repository content for sparse checkout
     outputs:
       env-json: ${{ steps.load-env.outputs.env-json }}
       labels-file: ${{ steps.extract-config.outputs.labels-file }}
