No successful run was found on main (c90e71f) during the generation of this report, so 85e6e8a was used instead as the comparison base. There might be some changes unrelated to this pull request in this report.
Benchmarks
13 archived benchmarks were run. If they were deleted in another branch, consider rebasing to remove them from the report. .
chore(ci): Refactor binary size workflow to use secure workflow_run pattern
Split the binary size check into two workflows following GitHub Security Lab
best practices to prevent privilege escalation attacks:
1. binary-size.yml: Runs on pull_request trigger with read-only permissions.
Builds the PR code and uploads size report as artifact.
2. binary-size-comment.yml: Runs on workflow_run trigger with write permissions.
Downloads artifact and posts comment to PR without executing PR code.
This separation ensures untrusted PR code never executes with write permissions
or access to secrets, mitigating potential security risks from malicious PRs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>