LOADING…
0%
Complete changelog

Commit

CI: gate the frontend; add audit step, job timeouts; ADRs for deferred decisions

Commit details

Commit notes

- New required frontend job: svelte-check + unit tests + production build. Vite builds don't typecheck, so type breakage previously merged green and surfaced only on the Netlify deploy. - bun audit runs report-only in the test job; promote to blocking after the residual moderate/low findings are triaged. - timeout-minutes on every job (hung DB tests previously burned the 360-minute default); push triggers scoped to main (PRs already cover branches, halving duplicate runs). - ADR 0001 records the refresh-token storage decision (localStorage + CSP over httpOnly cookie, with revisit triggers); ADR 0002 records the single-OWNER_EMAIL admin model. RAILWAY.md now explains what the sync-lock script is for and when not to use it.

[private session redacted]

Files changed
4
Lines added
+131
Lines removed
−1
This page is a permanent record of commit cc274020.