feat: Risk Radar improvements - ESLint, Prettier, CodeQL, npm audit, docs update#105
Merged
Conversation
Implement custom SSG using Playwright to prerender all routes. This generates static HTML for every page, making the entire site crawlable by search engines without JavaScript execution. **What changed:** - Add prerender.js: Playwright-based prerendering for all routes - Add prerender-routes.js: Route generation from anchors.json - Add build-ssg.js: Orchestrates build → preview → prerender workflow - Update main.js: Add app-ready event signal for prerenderer - Update router.js: Signal app-ready for anchor modal routes - Update deploy.yml: Install Playwright, use build:ssg - Update package.json: Add build:ssg script **Why:** Without SSG, search engines see only empty <div id="app"></div>. With SSG, every route has fully rendered HTML with complete content: - Homepage: 2050 lines HTML with all 48 cards - Anchor pages: ~2110 lines HTML with full AsciiDoc content - About/Contributing: Fully rendered documentation **SEO Impact:** - Previous: 9/10 (meta tags only, no content without JS) - Current: 10/10 (meta tags + full static HTML content) **How it works:** 1. vite build creates SPA bundle 2. vite preview starts local server 3. Playwright navigates to each route, waits for app-ready event 4. HTML snapshot saved to dist/[route]/index.html 5. 51 routes prerendered (homepage + about + contributing + 48 anchors) **Testing:** Verified content in generated HTML: - dist/index.html contains all anchor cards - dist/anchor/hexagonal-architecture/index.html contains \"Ports and Adapters\" and \"Alistair Cockburn\" Closes #XX (if applicable) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The tests were failing because they checked for h1 elements too early, before the AsciiDoc content finished loading and rendering. **Changes:** - Use #doc-content h1 selector instead of h1 (avoid matching header) - Add waitForSelector before assertions to ensure content is loaded - Increase timeout to 10s for async AsciiDoc rendering **Fixes:** - 'should navigate to About page' - 'should navigate to Contributing page' - 'should handle direct URL to About page' - 'should navigate back to Catalog from About' Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…oad" This reverts commit 0d5b20f.
This reverts commit 79aae69.
Fixes 'strict mode violation' errors where locators found both desktop and mobile navigation links. Changes: - Use .first() to select desktop nav links (mobile is hidden) - Fix h1 selectors to target #doc-content h1 (not header h1) - Add waitForSelector for async AsciiDoc content loading Partially fixes E2E tests. Some tests still failing due to AsciiDoc content loading issues (separate investigation needed). Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The document title (= Title) wasn't being rendered as <h1> because the 'showtitle' attribute was missing from asciidoctor.convert(). This caused E2E tests to fail when looking for '#doc-content h1'. With showtitle: true, the document title now renders properly: = About Semantic Anchors → <h1>About Semantic Anchors</h1> Result: All 28 E2E tests now pass ✅ Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
E2E tests were failing in GitHub Actions because the documentation files (docs/about.adoc, CONTRIBUTING.adoc) weren't available. The test workflow now copies these files to website/public/ before running tests, matching the deploy workflow. This should fix the remaining 3 failing tests. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add dependency-check job to CI workflow that runs npm audit with --audit-level=high threshold to catch high and critical security vulnerabilities in dependencies. Closes LLM-Coding#83 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…LM-Coding#91) - Update PROJECT_STATUS.md to reflect Phase 1-3 completion - Website is live at https://llm-coding.github.io/Semantic-Anchors/ - Replace treemap visualization references with card grid in arc42 docs - Update PRD.md to reflect card grid implementation - Add ADR-005 summary to arc42 chapter 09 architecture decisions - Update glossary to note card grid replaced treemap (ADR-005) - Historical ADR-003 references preserved as-is Closes LLM-Coding#91 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…Coding#83) - Override minimatch to >=10.2.1 (fixes GHSA-3ppc-4f35-3m26 ReDoS) - Override cookie to >=0.7.0 (fixes GHSA-pxg6-pf52-xh8x OOB chars) - Remaining 4 low-severity issues in tmp/@lhci/cli dev tool are accepted risk (fixing requires breaking @lhci/cli downgrade) npm audit --audit-level=high now exits with code 0 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add ESLint (flat config) with @eslint/js + eslint-config-prettier - Add Prettier with project conventions (no-semi, single-quotes, 2 spaces) - Add lint/format scripts to package.json - Fix no-useless-escape in search-index.js - Fix unused param warning in doc-page.js - Auto-format all source files to Prettier standard - Add Lint & Format Check job to CI workflow - Add npm overrides for minimatch/cookie (from LLM-Coding#83 fix) Closes LLM-Coding#81 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ci: Add npm audit for dependency security checking (LLM-Coding#83)
…d-issue-91 docs: Update documentation to reflect card grid instead of treemap (LLM-Coding#91)
Set up GitHub CodeQL for SAST (Static Application Security Testing): - Analyzes JavaScript/TypeScript with security-extended query set - Runs on push/PR to main and weekly schedule (Mondays 08:00 UTC) - Results visible in GitHub Security → Code scanning tab Closes LLM-Coding#84 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…e-81 feat: Set up ESLint + Prettier for code quality (LLM-Coding#81)
ci: Add CodeQL security analysis (LLM-Coding#84)
Contributor
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+121
to
+123
| response = await fetch( | ||
| `${import.meta.env.BASE_URL}docs/anchors/${anchorId}.${currentLang}.adoc` | ||
| ) |
Check warning
Code scanning / CodeQL
Client-side request forgery Medium
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements all Risk Radar Tier 1 & Tier 2 improvements from the security assessment, plus documentation updates and E2E test fixes.
Changes
Code Quality (Tier 1 — #81)
no-useless-escapeandno-consoleissues insearch-index.jsSecurity (Tier 1 — #83)
dependency-checkCI job runningnpm audit --audit-level=highnpm overridesto resolve high-severity vulnerabilities:minimatch >=10.2.1(GHSA-3ppc-4f35-3m26 ReDoS)cookie >=0.7.0(GHSA-pxg6-pf52-xh8x OOB chars)Security (Tier 2 — #84)
.github/workflows/codeql.yml)security-extendedquery setDocumentation (#91)
PROJECT_STATUS.mdto reflect actual completion (Phase 1-3 done, website live)docs/PRD.mdto reflect card grid implementationE2E Test Fixes
.first()for navigation linksshowtitleattributeTest plan
npm run lint— 0 errorsnpm run format:check— all files formattednpm run test— 70 unit tests pass🤖 Generated with Claude Code