cfxdevkit · cfxdevkit · May 18, 2026 · May 6, 2026 · May 7, 2026 · May 7, 2026
diff --git a/.changeset/cfxdevkit-core-cfxdevkit-llm-tools-changeset.md b/.changeset/cfxdevkit-core-cfxdevkit-llm-tools-changeset.md
@@ -0,0 +1,7 @@
+---
+"@cfxdevkit/core": minor
+"@cfxdevkit/llm-tools": minor
+---
+
+Added `test:coverage` script and V8 coverage configuration, improved `hexToBase32` and `base32ToHex` with new options, enhanced `defineChain`, `http`, `ws`, and `signerFromPrivateKey` with additional options and Core Space support, and added comprehensive tests for these features.
+Updated `docs-upkeep` to scan `.mdx` files and exclude GitNexus wiki content, refined `test-upkeep` CLI flags and behavior, added safety checks for test file generation, and improved help documentation.
diff --git a/.changeset/update-llm-release-ci-tools.md b/.changeset/update-llm-release-ci-tools.md
@@ -0,0 +1,5 @@
+---
+"@cfxdevkit/llm-tools": patch
+---
+
+Align local LLM commit automation with Changesets and add release, docs, and CI/CD readiness helpers.
diff --git a/.dockerignore b/.dockerignore
@@ -3,13 +3,19 @@
 .moon/cache
 .cfxdevkit
 .devcontainer/.cache
-
+.next
+**/.next
 node_modules
 **/node_modules
+artifacts
+coverage
+dist
+**/dist
+*.log
+infrastructure/ansible/inventory.local.ini
+infrastructure/ansible/vars/local.yml
 
 .pnpm-store
 .turbo
 .vite
-.vitest
-coverage
-*.log
+.vitest
diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml
@@ -0,0 +1,88 @@
+name: Build docs image
+
+on:
+  workflow_dispatch: {}
+  push:
+    branches:
+      - dev
+      - main
+    paths:
+      - repos/cfx-tools/packages/docs-site/**
+      - .github/workflows/build-docs.yml
+      - pnpm-lock.yaml
+
+permissions:
+  contents: read
+  packages: write
+
+concurrency:
+  group: build-docs-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build and push docs image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: '10.33.2'
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '24.15.0'
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Sync wiki content
+        run: node repos/cfx-tools/packages/docs-site/scripts/sync-wiki.mjs
+
+      - name: Derive image tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/docs-site
+          tags: |
+            type=raw,value=edge,enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=dev,enable=${{ github.ref == 'refs/heads/dev' }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=sha,format=short
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: repos/cfx-tools/packages/docs-site/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Write image digest artifact
+        run: echo '${{ steps.build.outputs.digest }}' > docs-image-digest.txt
+
+      - name: Upload image digest artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: docs-image-digest
+          path: docs-image-digest.txt
diff --git a/.github/workflows/changeset-release.yml b/.github/workflows/changeset-release.yml
@@ -0,0 +1,53 @@
+name: Changeset release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+concurrency:
+  group: changeset-release-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  release:
+    name: Version or publish packages
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: '10.33.2'
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '24.15.0'
+          cache: pnpm
+          registry-url: https://registry.npmjs.org
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Validate
+        run: pnpm run check && pnpm run build && pnpm run security:check
+
+      - name: Create release PR or publish
+        uses: changesets/action@v1
+        with:
+          version: pnpm exec changeset version
+          publish: node scripts/publish-packages.mjs
+          title: Version packages
+          commit: Version packages
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,15 +15,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: '10.33.2'
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '24.15.0'
           cache: pnpm

diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
@@ -0,0 +1,87 @@
+name: Deploy docs to VPS
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: Image tag to deploy
+        required: false
+        default: edge
+  workflow_run:
+    workflows:
+      - Build docs image
+    types:
+      - completed
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency:
+  group: deploy-docs
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    name: Deploy docs site
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: Deploy over SSH
+        uses: appleboy/ssh-action@v1
+        env:
+          DOCS_IMAGE_TAG: ${{ inputs.image_tag || 'edge' }}
+          GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
+          GHCR_USERNAME: ${{ vars.GHCR_USERNAME || 'cfxdevkit' }}
+        with:
+          host: ${{ secrets.VPS_HOST }}
+          username: deploy
+          key: ${{ secrets.VPS_SSH_KEY }}
+          envs: DOCS_IMAGE_TAG,GHCR_TOKEN,GHCR_USERNAME
+          script_stop: true
+          script: |
+            set -euo pipefail
+            cd /opt/apps/docs
+            if [ -n "${GHCR_TOKEN:-}" ]; then
+              echo "$GHCR_TOKEN" | docker login ghcr.io -u "$GHCR_USERNAME" --password-stdin
+            fi
+            if [ -n "${DOCS_IMAGE_TAG:-}" ]; then
+              sed -i "s#ghcr.io/cfxdevkit/framework/docs-site:.*#ghcr.io/cfxdevkit/framework/docs-site:${DOCS_IMAGE_TAG}#" docker-compose.yml
+            fi
+
+            # Capture current running image digest for rollback
+            PREVIOUS_DIGEST=$(docker inspect --format='{{.Id}}' cfxdevkit-docs-site 2>/dev/null || true)
+
+            docker compose pull
+
+            # Deploy with rollback on failure
+            if ! docker compose up -d --remove-orphans; then
+              echo "ERROR: docker compose up failed; attempting rollback" >&2
+              if [ -n "${PREVIOUS_DIGEST:-}" ]; then
+                docker tag "$PREVIOUS_DIGEST" ghcr.io/cfxdevkit/framework/docs-site:rollback
+                sed -i "s#ghcr.io/cfxdevkit/framework/docs-site:.*#ghcr.io/cfxdevkit/framework/docs-site:rollback#" docker-compose.yml
+                docker compose up -d --remove-orphans || true
+              fi
+              exit 1
+            fi
+
+            # Wait for healthcheck to pass (up to 60s)
+            for i in $(seq 1 12); do
+              STATUS=$(docker inspect --format='{{.State.Health.Status}}' cfxdevkit-docs-site 2>/dev/null || echo "none")
+              if [ "$STATUS" = "healthy" ] || [ "$STATUS" = "none" ]; then
+                break
+              fi
+              if [ "$STATUS" = "unhealthy" ]; then
+                echo "ERROR: container unhealthy after deploy; attempting rollback" >&2
+                if [ -n "${PREVIOUS_DIGEST:-}" ]; then
+                  docker tag "$PREVIOUS_DIGEST" ghcr.io/cfxdevkit/framework/docs-site:rollback
+                  sed -i "s#ghcr.io/cfxdevkit/framework/docs-site:.*#ghcr.io/cfxdevkit/framework/docs-site:rollback#" docker-compose.yml
+                  docker compose up -d --remove-orphans || true
+                fi
+                exit 1
+              fi
+              sleep 5
+            done
+
+            docker image prune -f
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,6 +1,6 @@
 name: Release
 
-'on':
+on:
   release:
     types:
       - published
@@ -21,15 +21,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: '10.33.2'
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '24.15.0'
           cache: pnpm
@@ -43,10 +43,8 @@ jobs:
 
       - name: Publish dry run
         if: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run }}
-        run: pnpm -r publish --provenance --access public --no-git-checks --dry-run
+        run: node scripts/publish-packages.mjs --dry-run
 
       - name: Publish
         if: ${{ github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && !inputs.dry_run) }}
-        run: pnpm -r publish --provenance --access public --no-git-checks
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: node scripts/publish-packages.mjs
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -18,15 +18,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: '10.33.2'
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '24.15.0'
           cache: pnpm
@@ -49,15 +49,15 @@ jobs:
       security-events: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: javascript-typescript
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Analyze
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
diff --git a/.gitignore b/.gitignore
@@ -37,6 +37,8 @@ Thumbs.db
 *.key
 *.keystore
 .cfxdevkit/
+infrastructure/ansible/inventory.local.ini
+infrastructure/ansible/vars/local.yml
 
 # Dev container runtime socket symlink (generated by detect-docker-socket.sh)
 .devcontainer/.docker.sock