Skip to content

Fix 10 project review issues: git data, ESLint, validation, security, CI, docs#5

Merged
Jeremy8776 merged 3 commits into
masterfrom
fix/project-review-issues
May 20, 2026
Merged

Fix 10 project review issues: git data, ESLint, validation, security, CI, docs#5
Jeremy8776 merged 3 commits into
masterfrom
fix/project-review-issues

Conversation

@James-Chapman
Copy link
Copy Markdown
Collaborator

@James-Chapman James-Chapman commented May 20, 2026

Summary

  • Remove runtime data from git: data/memory.json, projects.json, rules.json, skill-states.json now git-ignored; .gitkeep preserves the directory; ensureDefaultData() seeds defaults at startup
  • Add test gate to release workflow: runs npm run check && npm run smoke before building
  • ESLint enforcement on router.js & compiler.js: moved off ignore list, fixed lint violations (unused vars, type checks, escape false positive)
  • Sanitize 8 error returns in router.js: generic messages to clients, real errors logged to console
  • Input validation on 4 endpoints: POST /api/modes/apply, POST /api/compile/preview, POST /api/projects, PATCH /api/projects/:slug
  • Rate-limit auth token generation: 60s cooldown, 429 on repeat
  • Cap concurrent ingest jobs at 5: 429 when at capacity
  • Add 6 smoke tests to CI: test:compiler, test:skills, test:rule-files, test:config, test:http, test:api-endpoints
  • Create .env.example: documents all env vars grouped by concern
  • Update bench/README.md: add directory-level intro and file table
  • Fix compiler rulesOverride: buildContext now applies opts.rulesOverride; normalizeRules ensures all priority keys (hard/soft/style) present in output

Test plan

  • npm run check passes (lint + typecheck + format)
  • npm run smoke passes
  • npm run test:compiler passes
  • npm run test:skills passes
  • npm run test:rule-files passes
  • npm run test:config passes
  • npm run test:http passes
  • npm run test:api-endpoints passes (101/101)
  • git ls-files data/ shows only .gitkeep

🤖 Generated with Claude Code

James-Chapman and others added 3 commits May 20, 2026 10:33
@James-Chapman @claude
Fix 10 project review issues: git data, ESLint, validation, security,…
6311f05 
… CI, docs

- Remove runtime data files (memory.json, projects.json, rules.json, skill-states.json)
  from git tracking; add .gitignore entries and .gitkeep; seed defaults at startup
- Add test gate to release workflow (npm run check && npm run smoke)
- Move router.js and compiler.js off ESLint ignore list; fix resulting lint violations
- Sanitize 8 error-message returns in router.js (generic messages, log real errors)
- Add input validation for 4 endpoints (modes/apply, compile/preview, projects POST/PATCH)
- Rate-limit auth token generation (60s cooldown, 429 on repeat)
- Cap concurrent ingest jobs at 5 (429 when at capacity)
- Add 6 smoke tests to CI integration-tests job
- Create .env.example documenting all env vars
- Add directory-level intro to bench/README.md
- Fix compiler: apply rulesOverride in buildContext, ensure all priority keys
  present in normalizeRules output (hard/soft/style), support style priority

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@James-Chapman @claude
Fix http-smoke CORS test: use PORT from config instead of hardcoding …
e37ca04 
…3847

On CI the server may bind a different port (e.g. 3857), causing the
hardcoded localhost:3847 origin check to fail. Use the resolved PORT
value from config so the test matches the actual allowed origins.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@James-Chapman @claude
Fix http-smoke: use plain mock objects instead of ServerResponse
72ad952 
Node.js ServerResponse instances may not reliably allow setHeader
overrides across versions. Use simple mock objects that only implement
the interface cors/json need (setHeader, writeHead, end).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@James-Chapman James-Chapman requested a review from Jeremy8776 May 20, 2026 09:50
Jeremy8776
Jeremy8776 approved these changes May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@Jeremy8776 Jeremy8776 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. Validation passed locally (check, smoke, test:api-endpoints, test:compiler, test:rule-files, test:skills, test:config, test:http).

Follow-up note, not blocking this PR: server/lib/rule-files.js still stores rule files under app/data/rules instead of CE_ROOT/data/rules. That predates this PR, but it should be carried forward because it conflicts with the broader direction that runtime data should live outside git/app code.

@Jeremy8776 Jeremy8776 merged commit 5a39bff into master May 20, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Jeremy8776 Jeremy8776 Jeremy8776 approved these changes

Assignees

@Jeremy8776 Jeremy8776

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@James-Chapman @Jeremy8776