chore(ci): add zizmor workflow for github actions security analysis

[jdx]

Adds zizmor to audit GitHub Actions workflows for security issues. Runs on push to main and on PRs that change .github/workflows/**. Fails CI on any finding.

🤖 Generated with Claude Code

---

Note

Medium Risk
Medium risk because it introduces a new required-style workflow check that can fail CI and adjusts GitHub Actions permissions/caching annotations, potentially impacting pipeline behavior.

Overview
Adds a new .github/workflows/zizmor.yml workflow that runs zizmor on pushes to main and on PRs that change workflow files, using minimal contents: read permissions and persist-credentials: false.

Updates existing CI workflows to align with the security audit: tightens test.yml permissions to contents: read, refactors the composite fetch-token action to pass the secret via an env var, and adds inline zizmor suppressions to specific cache steps (read-only or scoped keys) to address cache-poisoning warnings.

^{Reviewed by Cursor Bugbot for commit ba31bd8. Bugbot is set up for automated code reviews on this repo. Configure here.}

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[greptile-apps]

Greptile Summary

Adds a zizmor GitHub Actions security audit workflow and hardens existing workflows to pass the audit. The changes touch only CI/workflow configuration — no product code is affected.

• New zizmor.yml: Runs zizmorcore/zizmor-action on pushes to main and on PRs touching .github/workflows/**; uses advanced-security: false (no SARIF upload needed) and min-severity: high to gate only on high-severity findings.
• fetch-token/action.yml: Replaces direct secret interpolation in a shell script with an env block, preventing the API secret from appearing in process listings.
• test.yml, test-plugins.yml, test-vfox.yml: Drops the unused pull-requests: write permission from test.yml and annotates Rust/tool cache steps with targeted zizmor: ignore[cache-poisoning] comments where the justification (read-only or hash-scoped) is sound.

Confidence Score: 5/5

Safe to merge — all changes are CI-only hardening with no product code touched.

Every change is a security improvement or an accurately justified noise-suppression annotation. The pull-requests: write permission that was removed had no corresponding steps that needed it, so its removal is clean. The one gap (trigger paths not covering .github/actions/**) is a minor coverage hole, not a regression.

zizmor.yml — the pull_request path filter only covers .github/workflows/**, so composite-action-only changes won't trigger the audit.

Important Files Changed

Filename	Overview
.github/workflows/zizmor.yml	New workflow auditing GitHub Actions for security issues; advanced-security: false correctly avoids needing security-events: write; trigger paths omit .github/actions/**
.github/actions/fetch-token/action.yml	Security hardening: secret interpolated directly in shell script replaced with an env var, preventing secret exposure in process listings
.github/workflows/test.yml	Drops unused pull-requests: write permission (no PR-comment steps exist), adds zizmor: ignore annotations on Rust cache steps with clear justifications
.github/workflows/test-plugins.yml	Adds zizmor: ignore[cache-poisoning] to the read-only Rust cache step; justification (save-if: false) is accurate
.github/workflows/test-vfox.yml	Adds zizmor: ignore[cache-poisoning] to the tool-install cache step; justification (hash-scoped key) is accurate

_{Reviews (5): Last reviewed commit: "style(ci): prettier fixup on zizmor.yml" | Re-trigger Greptile}

[github-actions]

Hyperfine Performance

mise x -- echo

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.5.6 x -- echo	19.7 ± 1.0	17.6	23.8	1.00
mise x -- echo	20.6 ± 2.5	18.3	36.8	1.05 ± 0.14

mise env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.5.6 env	19.2 ± 0.9	17.4	24.6	1.00
mise env	19.7 ± 1.2	17.7	25.9	1.03 ± 0.08

mise hook-env

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.5.6 hook-env	20.5 ± 1.2	18.6	29.1	1.00
mise hook-env	20.7 ± 1.0	18.8	25.0	1.01 ± 0.07

mise ls

Command	Mean [ms]	Min [ms]	Max [ms]	Relative
mise-2026.5.6 ls	16.7 ± 0.9	14.9	22.6	1.00
mise ls	17.0 ± 0.9	15.3	22.6	1.02 ± 0.08

xtasks/test/perf

Command	mise-2026.5.6	mise	Variance
install (cached)	126ms	127ms	+0%
ls (cached)	58ms	58ms	+0%
bin-paths (cached)	62ms	63ms	-1%
task-ls (cached)	501ms	490ms	+2%

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit f64b1c7. Configure here.}

[cursor]

Zizmor PR trigger misses composite action file changes

Low Severity

The pull_request path filter only includes '.github/workflows/**', but this PR itself fixes a security issue in .github/actions/fetch-token/action.yml — a composite action that zizmor also audits. PRs that only modify files under .github/actions/** won't trigger the zizmor check, so security regressions in composite actions won't be caught until they land on main.

 

^{Reviewed by Cursor Bugbot for commit f64b1c7. Configure here.}