docs(057): in-proxy profiles plan + tasks (Related #55) (#621) #291

	name: CodeQL Analysis

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	schedule:
	# Weekly scan — Tuesday 03:17 UTC (off-peak, avoids Monday congestion)
	- cron: '17 3 * * 2'

	permissions:
	security-events: write
	packages: read
	actions: read
	contents: read

	jobs:
	analyze:
	name: Analyze (${{ matrix.language }})
	runs-on: ubuntu-latest

	strategy:
	fail-fast: false
	matrix:
	include:
	- language: go
	# build-mode: autobuild — CodeQL 2.25.x does not support
	# build-mode:none for Go; autobuild runs `go build ./...` which
	# is sufficient because the standard module builds cleanly on
	# ubuntu-latest (verified by the Build CI job).
	build-mode: autobuild
	- language: javascript-typescript
	# build-mode: none — default for JS/TS; no compilation needed.
	build-mode: none

	steps:
	- name: Checkout repository
	uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

	- name: Initialize CodeQL
	uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
	with:
	languages: ${{ matrix.language }}
	build-mode: ${{ matrix.build-mode }}

	- name: Autobuild
	if: matrix.build-mode == 'autobuild'
	uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
	with:
	category: /language:${{ matrix.language }}

Provide feedback