chore: dependency hygiene + contributor onboarding + docs/README truth-up#199
Merged
Conversation
PR F of the 1.24.0 hardening sequence. - README metric drift: sync-readme-metrics.mjs hard-coded the locale count to 11, so its regexes stopped matching after the 11→17 expansion and silently froze the key count. Locale count is now dynamic (counts locales/ dirs) and the regexes match any digit count → README reads 2786 keys × 17 locales; drift guard green; idempotent. - joi override: confirmed still required (wait-on@9 → joi; GHSA-q7cg-457f-vx79), documented the accepted-risk rationale in AUDIT.md; `pnpm audit --audit-level=high` clean. SBOM: evaluated @cyclonedx/cyclonedx-npm, deferred (Socket already runs in CI), decision recorded in AUDIT.md. - Docs truth-up: corrected the stale public/sw.js "must hand-sync APP_VERSION" note in CLAUDE.md (auto-synced via predev/prebuild); refreshed stale 5-locale / "2 594 keys × 11 locales" strings in CONTRIBUTING.md + .github/copilot-instructions.md to 17 locales. - Onboarding: added a "Do NOT run heavy suites locally" callout + Minimal Change Checklist to CONTRIBUTING.md, and mirrored the heavy-suite warning into copilot-instructions.md (whose old preflight wrongly told contributors to run test:run + build every commit — now aligned with the low-end CI-first policy). - AUDIT.md: v1.24.0 hardening-sequence quality-gate line + hygiene-pass section. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Summary
PR F of the Critical & Immediate hardening sequence — cleanup + truth-up ahead of the 1.24.0 release.
Changes
scripts/sync-readme-metrics.mjshard-coded the locale count to11, so its regexes stopped matching after the 11→17 locale expansion and silently froze the key count at a stale value. Locale count is now dynamic (countslocales/dirs) and the regexes match any digit count → README reads 2786 keys × 17 locales; drift guard green; re-run is idempotent.joioverride: confirmed still required (wait-on@9→joi; GHSA-q7cg-457f-vx79); accepted-risk rationale documented inAUDIT.md;pnpm audit --audit-level=highclean.@cyclonedx/cyclonedx-npm— deferred (Socket Security already runs every CI run with an SBOM dashboard); decision recorded inAUDIT.md.public/sw.js"must hand-syncAPP_VERSION" note inCLAUDE.md(it's auto-synced viapredev/prebuild); refreshed stale 5-locale / "2 594 keys × 11 locales" strings inCONTRIBUTING.md+.github/copilot-instructions.mdto 17 locales.CONTRIBUTING.md, and mirrored the heavy-suite warning into.github/copilot-instructions.md— whose old preflight wrongly told contributors to runtest:run+buildon every commit, now aligned with the low-end CI-first policy already inAGENTS.md.Verification
check-suppressions(52) ·lint·pnpm audit --audit-level=high(clean) · metrics script idempotent + drift-guard green. Docs-only + one build-script change; no app code touched.🤖 Generated with Claude Code
CodeAnt-AI Description
Refresh README metrics and contributor guidance
What Changed
Impact
✅ Fewer stale README stats✅ Clearer contributor setup✅ Less confusion about release version syncing💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.