B1: formalize Hermes provider bridge contract #55

	name: Security Scans

	on:
	pull_request:
	push:
	branches:
	- main
	schedule:
	- cron: "23 3 * * 1"

	permissions:
	contents: read

	jobs:
	secrets:
	name: Secrets Scan (Gitleaks)
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Run gitleaks
	uses: gitleaks/gitleaks-action@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	codeql:
	name: CodeQL (${{ matrix.language }})
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	strategy:
	fail-fast: false
	matrix:
	language:
	- python
	- javascript
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: ${{ matrix.language }}

	- name: Autobuild
	uses: github/codeql-action/autobuild@v3

	- name: Analyze
	uses: github/codeql-action/analyze@v3

Provide feedback