fix: BASE_DIR detection checks for actual files in documents/ (not ju… #17

	name: Security

	on:
	push:
	branches: [master]
	schedule:
	- cron: "0 6 * * 1"

	permissions:
	security-events: write
	contents: read

	jobs:
	codeql:
	name: CodeQL Analysis
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: github/codeql-action/init@v3
	with:
	languages: python
	- uses: github/codeql-action/analyze@v3

	dependency-audit:
	name: Dependency Audit
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-python@v6
	with:
	python-version: "3.12"
	- name: Install and audit
	run: \|
	pip install pip-audit
	pip install -r requirements.txt
	pip-audit \|\| echo "::warning::Dependency vulnerabilities found (see above)"

Provide feedback