Create neuralegion.yml

[Dargon789]

Summary by Sourcery

CI:

• Introduce a NeuraLegion Nexploit scanning workflow triggered on pushes, pull requests, and a weekly cron schedule against the configured target URL.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[sourcery-ai]

Reviewer's Guide

Adds a new GitHub Actions workflow to run a NeuraLegion (Nexploit) DAST security scan on pushes, pull requests, and a weekly cron schedule against a specified target URL using a NeuraLegion API token secret.

Sequence diagram for NeuraLegion DAST scan workflow execution

sequenceDiagram
    actor Developer
    participant GitHubRepo
    participant GitHubActions
    participant Workflow_neuralegion
    participant Job_neuralegion_scan
    participant Action_checkout
    participant Action_run_scan
    participant Nexploit_API
    participant Target_Application

    Developer->>GitHubRepo: Push or open pull request to master
    GitHubRepo->>GitHubActions: Emit push/pull_request event
    GitHubActions->>Workflow_neuralegion: Trigger workflow neuralegion.yml
    Workflow_neuralegion->>Job_neuralegion_scan: Start job on ubuntu-18.04
    Job_neuralegion_scan->>Action_checkout: Run actions/checkout@v4
    Action_checkout-->>Job_neuralegion_scan: Repository code checked out

    Job_neuralegion_scan->>Action_run_scan: Run NeuraLegion/run-scan with NEURALEGION_TOKEN
    Action_run_scan->>Nexploit_API: Authenticate using api_token
    Action_run_scan->>Nexploit_API: Request new scan with discovery_types=crawler and crawler_urls
    Nexploit_API-->>Action_run_scan: Respond with scan id and url

    Nexploit_API->>Target_Application: Perform DAST scan via crawler
    Target_Application-->>Nexploit_API: Application responses during scan

    Nexploit_API-->>Action_run_scan: Update scan status and findings
    Action_run_scan-->>Job_neuralegion_scan: Expose outputs url, id
    Job_neuralegion_scan-->>GitHubActions: Job completes with scan metadata
    GitHubActions-->>Developer: Workflow run visible with scan outputs

Loading

File-Level Changes

Change	Details	Files
Introduce a NeuraLegion/Nexploit DAST GitHub Actions workflow that runs on master pushes, pull requests, and a weekly cron schedule.	Create a new workflow definition named "NeuraLegion" under .github/workflows. Configure triggers for push and pull_request events on the master branch plus a scheduled cron run. Define a neuralegion_scan job running on ubuntu-18.04 that checks out the repo and invokes the NeuraLegion/run-scan GitHub Action. Pass the NEURALEGION_TOKEN secret as api_token and configure a crawler-based discovery scan against https://brokencrystals.com with the scan name including the Git commit SHA.	.github/workflows/neuralegion.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
sequence-js-docs	Ready	Preview, Comment	Feb 19, 2026 7:27pm
sequence-js-web	Ready	Preview, Comment	Feb 19, 2026 7:27pm
sequence.js	Ready	Preview, Comment	Feb 19, 2026 7:27pm
wagmi-project	Ready	Preview, Comment	Feb 19, 2026 7:27pm

[sourcery-ai]

Hey - I've left some high level feedback:

• Consider updating runs-on: ubuntu-18.04 to ubuntu-latest (or a currently supported version) since 18.04 is deprecated and may eventually stop receiving updates/support in GitHub Actions.
• The workflow currently runs the NeuraLegion scan on every push and pull request to master; you may want to scope triggers (e.g., to certain paths, labels, or only PRs) to avoid unnecessary long-running or costly scans.
• The hard-coded crawler_urls value points to https://brokencrystals.com; consider making the target URL configurable via repository/environment secrets or variables to avoid accidentally scanning the wrong environment.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider updating `runs-on: ubuntu-18.04` to `ubuntu-latest` (or a currently supported version) since 18.04 is deprecated and may eventually stop receiving updates/support in GitHub Actions.
- The workflow currently runs the NeuraLegion scan on every push and pull request to `master`; you may want to scope triggers (e.g., to certain paths, labels, or only PRs) to avoid unnecessary long-running or costly scans.
- The hard-coded `crawler_urls` value points to `https://brokencrystals.com`; consider making the target URL configurable via repository/environment secrets or variables to avoid accidentally scanning the wrong environment.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
🔚	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.