Conversation
Forces the conventions Claude Code (and human contributors) follow when working with this repo. Soft-enforced everywhere; would also be hard- enforced via branch protection if the repo were public or on GitHub Pro. Tooling: - package.json: pinned eslint ^9.18 and globals ^15.14 as devDependencies with three scripts — `npm run syntax`, `npm run lint`, `npm run check:versions`, plus an `npm run check` aggregator. - eslint.config.js: flat config with three runtime contexts (service worker, content scripts, extension pages) each getting its own globals block. pasteIntoSalla teached as a known global for popup.js since it lives in the page world after executeScript injection. - .editorconfig: utf-8, lf, 2-space indent, trim trailing whitespace. - .github/scripts/check-version-stamps.mjs: hard-fails CI when manifest.json `version` drifts from the build stamps in background.js and content_copy.js. (Already caught a real drift on first run — content_copy.js was stuck at 5.4.0 while manifest had moved to 5.4.9.) CI pipeline (.github/workflows/ci.yml) runs on push + PR with four jobs: 1. Syntax — node --check on every JS file 2. Lint — eslint . 3. Versions — manifest.json must match both build stamps 4. Manifest — manifest.json must parse as JSON GitHub plumbing: - .github/CODEOWNERS: auto-requests review from @OutQio on every PR affecting code or repo plumbing. - .github/dependabot.yml: weekly npm + monthly actions updates, labeled "dependencies" + "chore"/"ci", commit prefix follows Conventional Commits. - .github/ISSUE_TEMPLATE/{bug_report,feature_request,config}.yml: forces reporters to include build stamps + filtered console output. - .github/PULL_REQUEST_TEMPLATE.md: pre-merge checklist (already shipped in v5.4.9 commit, kept as-is). Documentation: - CONTRIBUTING.md: branching model, commit message format (Conventional Commits + Claude trailer), required pre-merge checks, version-bump rule, local development steps, three live test workflows, sensitive- material reminder, comment-tone guide. - SECURITY.md: vulnerability reporting flow (private advisory or email), scope, what counts as a vuln vs. what doesn't. - CLAUDE.md: added a "Forced GitHub interaction rules" section listing the exact `git push origin main:staging` / `gh pr create` / `gh pr merge` sequence Claude should follow when the user says "push to GitHub", plus branching model, commit format, and the never-amend / never-force-push invariants. Lint clean-up while wiring it up: - content_copy.js build stamp bumped 5.4.0 → 5.4.9 (drift caught by check:versions on first run). - paste_salla.js: eslint-disable-next-line comment on `pasteIntoSalla` (it's only "unused" from ESLint's POV — popup.js calls it via chrome.scripting.executeScript in the page world). - package.json gets `"type": "module"` so eslint.config.js loads as ESM cleanly. Branch protection NOT enabled on `main` because the repo is private and GitHub requires Pro/Team for branch protection on private repos. The contributing rules + CI + CODEOWNERS provide soft enforcement; making the repo public (or upgrading to Pro) would let us turn on hard enforcement via the documented `gh api` PUT call. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Forces the conventions Claude Code (and human contributors) follow when
working with this repo, with a CI pipeline that runs on every PR.
CI workflow (
.github/workflows/ci.yml)Four parallel jobs on every push + PR:
node --checkon every JS fileeslint .against the flat config tuned for SW + content scripts + extension pagesmanifest.jsonversionmust match both build stampsmanifest.jsonmust parse as JSONTooling
package.json: eslint ^9.18 + globals ^15.14 as devDependencies;npm run checkruns the full batteryeslint.config.js: flat config with three globals contexts (worker, content script, extension page).editorconfig: utf-8 / lf / 2-space indent.github/scripts/check-version-stamps.mjs: hard-fails CI when the version drifts (caught a real drift on first run — content_copy.js was stuck at 5.4.0 while manifest had moved to 5.4.9)Docs
CONTRIBUTING.md: branching model, Conventional Commits format, required pre-merge checks, version-bump rule, local dev, comment-tone guideSECURITY.md: vulnerability reporting flow, scope, what counts as a vulnCLAUDE.md(updated): new "Forced GitHub interaction rules" section listing the exactgit push origin main:staging/gh pr create/gh pr mergesequence Claude should follow when the user says "push to GitHub"GitHub plumbing
.github/CODEOWNERS— auto-review requests.github/dependabot.yml— weekly npm + monthly actions updates.github/ISSUE_TEMPLATE/*— bug + feature templates that force reporters to include build stamps + filtered console outputBranch protection
Not enabled because the repo is private and GitHub gates branch protection on Pro/Team for private repos. Soft enforcement (CI + CODEOWNERS + CONTRIBUTING.md + PR template) covers the gap. To enable hard enforcement, either make the repo public or upgrade to Pro and re-run the documented
gh apicall.Test plan
npm run checkpasses locally (syntax + lint + version stamps)gh repo viewshows the new topics + descriptiongh repo view --jsonconfirms metadata persisted🤖 Generated with Claude Code