July 3, 2026
ShipSignal readiness gate
Version updated for https://github.com/jpaul67/ShipSignal to version v0.8.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Added README hero image + social-preview card GitHub Action: sticky PR comments (pr-comment input) — score, grade, top 3 fixes, kept updated in place; degrades safely on fork PRs Fixed Security hardening: argument-injection fix in gitinfo.clone, least-privilege GITHUB_TOKEN, all third-party Actions pinned to commit SHAs + Dependabot, secret scanning + branch protection enabled CI: full-history checkout fixes a PR-merge-commit misclassification in the self-scan dogfood tests Full details: CHANGELOG.md
July 3, 2026
probelock gate
Version updated for https://github.com/kelkalot/probelock to version v0.2.0.
This action is used across all versions by ? repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed Add ingest pipeline and trace-mined probes by @kelkalot in https://github.com/kelkalot/probelock/pull/1 New Contributors @kelkalot made their first contribution in https://github.com/kelkalot/probelock/pull/1 Full Changelog: https://github.com/kelkalot/probelock/compare/v0.1.0...v0.2.0
July 3, 2026
Repository Languages and CodeQL Support Map
Version updated for https://github.com/lfventura/list-repository-languages to version v3.3.0.
This action is used across all versions by 7 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed What’s Changed feat: force_languages input by @lfventura in https://github.com/lfventura/list-repository-languages/pull/8 Full Changelog: https://github.com/lfventura/list-repository-languages/compare/v3.2.1...v3.3.0
July 3, 2026
MCIX Overlay Apply
Version updated for https://github.com/MettleCI/mcix-overlay-apply to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-overlay-apply/compare/v0.0.36...v0.0.37
July 3, 2026
MCIX System Version
Version updated for https://github.com/MettleCI/mcix-system-version to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-system-version/compare/v0.0.27...v0.0.37
July 3, 2026
MCIX Unit-Test Execute
Version updated for https://github.com/MettleCI/mcix-unit-test-execute to version v0.0.37.
This action is used across all versions by ? repositories. Action Type This is a Docker action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Full Changelog: https://github.com/MettleCI/mcix-unit-test-execute/compare/v0.0.27...v0.0.37
July 3, 2026
hestia-cache
Version updated for https://github.com/Mic92/hestia to version v1.0.4.
This action is used across all versions by 8 repositories. Action Type This is a Node action using Node version 24.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Usage - uses: Mic92/hestia@v1.0.4 with: version: v1.0.4 What’s Changed gha: retry finalize when the uploaded entry is not yet visible by @Mic92 in https://github.com/Mic92/hestia/pull/86 Full Changelog: https://github.com/Mic92/hestia/compare/v1.0.3...v1.0.4
July 3, 2026
Agent Done Or Not
Version updated for https://github.com/mohamedzhioua/agent-done-or-not to version v0.10.1.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed v0.10.1 — Marketplace branding + cleanup A packaging/metadata patch on top of v0.10.0. No engine behavior change — receipts, mode: verify, and the gates are identical.
What changed Marketplace branding on the composite Action (branding.icon: check-circle, color: green) so it can be listed on the GitHub Marketplace with an icon. Removed a now-unreachable inner mode != assert guard in the assert step (already gated by the step if: and the reject-unsupported-mode step). @v0 references in the docs now resolve via a moving v0 major tag that tracks the latest v0.x release. For the security-critical mode: verify gate, keep pinning an exact tag (e.g. @v0.10.1) as the README recommends. Verify quick reference - uses: actions/checkout@v4 # set up your runtime + deps here (setup-node, npm ci, …) - uses: mohamedzhioua/agent-done-or-not@v0.10.1 with: mode: verify checks: | test: npm test build: npm run build Full history in CHANGELOG.md.
July 3, 2026
Agent Security Harness
Version updated for https://github.com/msaleme/red-team-blue-team-agent-fabric to version v4.8.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Promotes the funding-instrument checks that were a single dimension of the AP2 harness (AP2-015) into a first-class module — the tokenized card credential (Visa Trusted Agent Protocol / Mastercard Agentic Tokens) that sits inside an AP2 Payment Mandate as the instrument that actually moves money.
July 3, 2026
Polygraph MCP gate
Version updated for https://github.com/polygraphso/litmus to version litmus-v0.24.0.
This action is used across all versions by 0 repositories. Action Type This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
What’s Changed Methodology litmus-v12 — two false-positive fixes so a server’s correct, defensive behavior is no longer graded as a fault.
C-04 (probe 3.2): a validation error that quotes the rejected input back (e.g. Pydantic input_value='…') is a safe rejection, not server-generated amplification — no longer a false D. (#85) C-02 (probe 2.1): a mutation verb under a negation (“Cannot create or revoke keys”) no longer reads as a permission-mislabel lie; clause-scoped, so a real “Deletes… Cannot be undone.” still trips. (#85) methodologyVersion moves litmus-v11 → litmus-v12 (a string, so older attestations coexist). Release bump in #86. Both fixes are covered by regression tests reproduced from real servers.