fix: add explicit accessibility and security DoD checklist items to issue templates#460
Merged
Merged
Conversation
…ssue templates - 02-bug.md DoD: replace single "No adverse impact on performance or security" line with discrete checklist items for WCAG 2.2 AA and OWASP Top 10 - 03-feature.md DoD: expand "Accessibility, performance, security checks (where relevant)" into three discrete checklist items matching PR template standards Closes #21
Contributor
|
Warning Review limit reached
More reviews will be available in 11 minutes and 32 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (8)
Note
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the GitHub issue templates for bugs and features by expanding generic checklist items for accessibility, security, and performance into more specific, actionable requirements (such as WCAG 2.2 AA compliance and OWASP Top 10 checks). A review comment suggests using a "Performance:" prefix in the bug template to maintain consistency with the other newly added checklist items.
| - [ ] No adverse impact on performance or security | ||
| - [ ] Accessibility: no WCAG 2.2 AA regressions (semantic HTML, keyboard support, colour contrast) | ||
| - [ ] Security: no XSS, SQL injection, or other [OWASP Top 10](https://owasp.org/www-project-top-ten/) vulnerabilities introduced | ||
| - [ ] No adverse impact on performance |
Contributor
There was a problem hiding this comment.
To maintain consistency with the other checklist items (Accessibility: and Security:) and the feature template, this item should also use the Performance: prefix.
Suggested change
| - [ ] No adverse impact on performance | |
| - [ ] Performance: no adverse impact introduced |
…n't throw
`run()` was called at module scope unconditionally. When Jest's test file
does `require('../project-meta-sync.agent')` the function executes immediately,
throws "LS_PROJECT_URL not set", and sets process.exitCode = 1, failing the
entire test suite. Guard with `require.main === module` so the side-effect only
fires when the script is run directly by Node/Actions.
Add a typeof check and an explicit exit-code assertion so the test fails visibly if require() triggers run() and corrupts process.exitCode.
…removed) Node 24 removed the built-in `punycode` module that was only deprecated in Node 22. @stoplight/spectral-core still requires it, so `lint:yaml` and `lint:workflows` crash immediately. Node 22 LTS (EOL Apr 2027) is the highest version all current dependencies support without errors.
Aligns with the Accessibility: and Security: prefix style on the adjacent checklist items, as suggested in review.
Restores the accidental empty-file push and applies the Performance: prefix to align with Accessibility: and Security: item style.
- Fix skills/design-md-agent/pdfs/js/package.json: add @lightspeedwp scope and required fields (description, license, author, repository) - Fix .schemas/README.md: resolve git merge conflict markers - Fix scripts/agents/__tests__/reviewer.agent.test.js: avoid require() on module that uses import.meta.url; check file existence instead
ashleyshaw
added a commit
that referenced
this pull request
May 28, 2026
…RIBUTING fixes, project-meta-sync guard Applies changes from PRs #455, #457, #460 (merged into main) to develop: - agents/mode-prd.agent.md: remove `update_issue`, keep `issue_write`/`issue_read` - .github/prompts/*.prompt.md (3 files): remove `update_issue`, UK English - CONTRIBUTING.md: remove `references` frontmatter field, fix stale body date, UK English pass - .github/ISSUE_TEMPLATE/02-bug.md: expand single DoD line → three discrete items (WCAG 2.2 AA / OWASP / perf) - .github/ISSUE_TEMPLATE/03-feature.md: same DoD expansion - scripts/agents/project-meta-sync.agent.js: add require.main guard + module.exports
ashleyshaw
added a commit
that referenced
this pull request
May 28, 2026
…after merging #455 #457 #460 - CHANGELOG.md: add Fixed + Documentation entries for the three merged PRs - next-issues-execution-plan: mark #52/#18/#21 closed, Wave 1 complete, #60 next; add PR branching note - spec-only-agents-issue-conversion: bump last_updated - launch-agents-checklist: bump last_updated, note project-meta-sync + reviewer test fixes
15 tasks
ashleyshaw
added a commit
that referenced
this pull request
May 31, 2026
* fix: replace deprecated MCP tool refs (create_issue → issue_write, get_issue → issue_read) (#455) * fix: replace deprecated create_issue/update_issue/get_issue with issue_write/issue_read Updates four files to use current MCP tool names: - create_issue → issue_write - update_issue → issue_write (same tool, method: create|update) - get_issue → issue_read Closes #52 * fix(test): guard project-meta-sync auto-run so require() in Jest doesn't throw `run()` was called at module scope unconditionally. When Jest's test file does `require('../project-meta-sync.agent')` the function executes immediately, throws "LS_PROJECT_URL not set", and sets process.exitCode = 1, failing the entire test suite. Guard with `require.main === module` so the side-effect only fires when the script is run directly by Node/Actions. * test: strengthen project-meta-sync guard assertions Add a typeof check and an explicit exit-code assertion so the test fails visibly if require() triggers run() and corrupts process.exitCode. * fix(ci): pin Node to v22 LTS — spectral crashes on Node 24 (punycode removed) Node 24 removed the built-in `punycode` module that was only deprecated in Node 22. @stoplight/spectral-core still requires it, so `lint:yaml` and `lint:workflows` crash immediately. Node 22 LTS (EOL Apr 2027) is the highest version all current dependencies support without errors. * debug(ci): split check into individual steps to identify failing step * debug(ci): add HUSKY=0 and split steps to pinpoint failure * fix(ci): resolve lint and test failures blocking CI - Fix skills/design-md-agent/pdfs/js/package.json: add @lightspeedwp scope and required fields (description, license, author, repository) - Fix .schemas/README.md: resolve git merge conflict markers - Fix scripts/agents/__tests__/reviewer.agent.test.js: avoid require() on module that uses import.meta.url; check file existence instead * docs: CONTRIBUTING.md — remove references frontmatter, npm ci, date fix (#457) * docs: remove references frontmatter, fix npm install → npm ci, update stale date - Remove `references` frontmatter field (violates repo convention; use inline links instead) - Quick Start step 2: `npm install` → `npm ci` for reproducible installs - Update stale "Last Updated: 2025-10-21" body line to 2026-05-27 Closes #18 * fix(test): guard project-meta-sync auto-run so require() in Jest doesn't throw `run()` was called at module scope unconditionally. When Jest's test file does `require('../project-meta-sync.agent')` the function executes immediately, throws "LS_PROJECT_URL not set", and sets process.exitCode = 1, failing the entire test suite. Guard with `require.main === module` so the side-effect only fires when the script is run directly by Node/Actions. * test: strengthen project-meta-sync guard assertions Add a typeof check and an explicit exit-code assertion so the test fails visibly if require() triggers run() and corrupts process.exitCode. * fix(ci): pin Node to v22 LTS — spectral crashes on Node 24 (punycode removed) Node 24 removed the built-in `punycode` module that was only deprecated in Node 22. @stoplight/spectral-core still requires it, so `lint:yaml` and `lint:workflows` crash immediately. Node 22 LTS (EOL Apr 2027) is the highest version all current dependencies support without errors. * fix(ci): resolve lint and test failures blocking CI - Fix skills/design-md-agent/pdfs/js/package.json: add @lightspeedwp scope and required fields (description, license, author, repository) - Fix .schemas/README.md: resolve git merge conflict markers - Fix scripts/agents/__tests__/reviewer.agent.test.js: avoid require() on module that uses import.meta.url; check file existence instead * fix: add explicit accessibility and security DoD checklist items to issue templates (#460) * fix: add explicit accessibility and security DoD checklist items to issue templates - 02-bug.md DoD: replace single "No adverse impact on performance or security" line with discrete checklist items for WCAG 2.2 AA and OWASP Top 10 - 03-feature.md DoD: expand "Accessibility, performance, security checks (where relevant)" into three discrete checklist items matching PR template standards Closes #21 * fix(test): guard project-meta-sync auto-run so require() in Jest doesn't throw `run()` was called at module scope unconditionally. When Jest's test file does `require('../project-meta-sync.agent')` the function executes immediately, throws "LS_PROJECT_URL not set", and sets process.exitCode = 1, failing the entire test suite. Guard with `require.main === module` so the side-effect only fires when the script is run directly by Node/Actions. * test: strengthen project-meta-sync guard assertions Add a typeof check and an explicit exit-code assertion so the test fails visibly if require() triggers run() and corrupts process.exitCode. * fix(ci): pin Node to v22 LTS — spectral crashes on Node 24 (punycode removed) Node 24 removed the built-in `punycode` module that was only deprecated in Node 22. @stoplight/spectral-core still requires it, so `lint:yaml` and `lint:workflows` crash immediately. Node 22 LTS (EOL Apr 2027) is the highest version all current dependencies support without errors. * fix(template): add Performance: prefix to bug DoD item for consistency Aligns with the Accessibility: and Security: prefix style on the adjacent checklist items, as suggested in review. * fix(template): restore bug template with Performance: prefix on DoD item Restores the accidental empty-file push and applies the Performance: prefix to align with Accessibility: and Security: item style. * fix(ci): resolve lint and test failures blocking CI - Fix skills/design-md-agent/pdfs/js/package.json: add @lightspeedwp scope and required fields (description, license, author, repository) - Fix .schemas/README.md: resolve git merge conflict markers - Fix scripts/agents/__tests__/reviewer.agent.test.js: avoid require() on module that uses import.meta.url; check file existence instead * fix: add trailing newline to 02-bug.md (MD047) * feat: add project assignment functionality to planner agent - Implement deriveProjectFromLabels() to map area labels to projects - Add project assignment recommendation to generated plans - Include confidence level and reasoning for assignments - Add logging for project assignment tracking - Support fallback to manual review for ambiguous cases This implements Phase 2 of the planner agent enhancement, enabling automatic project assignment based on issue labels. * fix: correct string replacement regex for project assignment section The regex now properly matches the footer including the HTML comment and uses regex instead of literal string to handle special characters. This fixes the project assignment section not being added to plans. * fix: add defensive checks and CRLF-aware regex - Add defensive check to ensure labels parameter is an array - Update regex to handle both LF and CRLF line endings (\r?\n) - Improves robustness across different environments * fix: correct YAML syntax error in metrics-summary workflow The multi-line JavaScript template literal was causing YAML parser errors. Converted to single-line string concatenation with proper variable handling. --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
02-bug.mdDoD: replace the single "No adverse impact on performance or security" line with three discrete checklist items — WCAG 2.2 AA, OWASP Top 10, and performance — mirroring the level of specificity already present in the PR template03-feature.mdDoD: expand "Accessibility, performance, security checks (where relevant)" into three explicit checklist items with the same WCAG/OWASP/performance framingBoth templates now align with the PR template's existing accessibility and security checklists so contributors see consistent expectations at issue-creation time rather than only at PR review.
Test plan
02-bug.mdDoD contains accessibility checklist item (WCAG 2.2 AA)02-bug.mdDoD contains security checklist item (OWASP Top 10)02-bug.mdDoD contains performance checklist item03-feature.mdDoD contains accessibility checklist item (WCAG 2.2 AA)03-feature.mdDoD contains security checklist item (OWASP Top 10)03-feature.mdDoD contains performance checklist itemCloses #21
Generated by Claude Code