Skip to content

Further AGENTS.md compliance improvements (Accessibility tests, Secret scanning, Strict linting)#2

Open
metyatech wants to merge 2 commits intomainfrom
compliance-fix
Open

Further AGENTS.md compliance improvements (Accessibility tests, Secret scanning, Strict linting)#2
metyatech wants to merge 2 commits intomainfrom
compliance-fix

Conversation

@metyatech
Copy link
Owner

@metyatech metyatech commented Mar 7, 2026

This PR builds upon PR #1 to bring the repository into full compliance with AGENTS.md rules.

Changes:

  • CI Enhancements:
    • Updated ESLint to treat warnings as errors (--max-warnings 0).
    • Forced legacy ESLint config mode to avoid interference from parent directory flat configs.
    • Added Secret Scanning via Gitleaks to the CI workflow.
  • Accessibility:
    • Introduced automated visual accessibility checks for the Web GUI using \�itest-axe\ and \jsdom.
  • Documentation:
    • Added Semantic Versioning (SemVer) policy to \README.md.
  • Dependencies:
    • Added \�itest-axe, \jsdom, \cross-env, and \compose-agentsmd\ to devDependencies.

Verification:

  • All tests passed, including the new accessibility test.

  • pm run verify\ passes successfully.
  • Dependency vulnerabilities fixed via
    pm audit fix.

Copilot AI review requested due to automatic review settings March 7, 2026 04:32
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 7, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@metyatech metyatech self-assigned this Mar 7, 2026
@metyatech
Copy link
Owner Author

metyatech commented Mar 7, 2026

Agent runner idle completed.

Repo: metyatech/thread-inbox
Engine: gemini-flash
Notify: @metyatech

Summary:
(missing)

Copilot AI reviewed Mar 7, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR continues the repository’s AGENTS.md compliance work by tightening CI/linting gates, adding security/secret scanning, and introducing an automated accessibility check for the Web UI, along with a small documentation update.

Changes:

  • Enforce stricter linting (warnings treated as errors) and force legacy ESLint config mode.
  • Add automated accessibility testing for public/index.html using vitest-axe in a jsdom environment.
  • Add Gitleaks secret scanning in CI and document a SemVer policy in the README.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
src/__tests__/accessibility.test.ts Adds a Vitest + jsdom + axe-core accessibility check for the Web UI HTML.
package.json Updates lint commands to be stricter; adds devDependencies for axe/jsdom/lint tooling.
package-lock.json Locks new dependencies and transitive updates.
README.md Adds a SemVer/versioning policy section.
AGENTS.md Regenerated/updated rules content for compliance.
.github/workflows/ci.yml Adds a new secret-scanning job using Gitleaks.
.eslintrc.cjs Marks ESLint config as root-level to avoid parent config interference.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/__tests__/accessibility.test.ts
Comment on lines +17 to +20
// Inject a basic document into jsdom
document.body.innerHTML = html;

const results = await axe(document.body);
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

public/index.html is a complete HTML document (doctype/html/head/body). Assigning that entire string to document.body.innerHTML nests an <html> element inside <body>, drops document-level attributes (e.g., <html lang>), and can lead to inaccurate/unstable axe results. Consider loading the HTML into the full jsdom document (e.g., via document.open()/write()/close() or constructing a dedicated JSDOM instance) and run axe against document/document.documentElement instead of document.body.

Suggested change
// Inject a basic document into jsdom
document.body.innerHTML = html;
const results = await axe(document.body);
// Load the full HTML document into jsdom
document.open();
document.write(html);
document.close();
const results = await axe(document);

Copilot uses AI. Check for mistakes.
package.json
Comment on lines +52 to 54
"compose-agentsmd": "^3.5.1",
"cross-env": "^10.1.0",
"eslint": "^8.57.0",
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New devDependencies compose-agentsmd and cross-env require Node >=20 (per their engines), but this package declares engines.node as ">=18". This can break local installs/tests for contributors using Node 18 (or CI if the Node version changes). Either bump this repo’s Node engine requirement/docs to >=20, or pin/downgrade these devDependencies to versions that still support Node 18.

Copilot uses AI. Check for mistakes.
README.md
Comment on lines +246 to +247
- **Minor** (0.x.0): New features, commands, or significant enhancements that are backward compatible.
- **Patch** (0.0.x): Bug fixes, documentation updates, and minor internal improvements.
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SemVer examples for Minor and Patch are incorrect: Minor should be x.y.0 (not 0.x.0) and Patch should be x.y.z (not 0.0.x). As written, this can confuse readers about the project’s versioning policy.

Suggested change
- **Minor** (0.x.0): New features, commands, or significant enhancements that are backward compatible.
- **Patch** (0.0.x): Bug fixes, documentation updates, and minor internal improvements.
- **Minor** (x.y.0): New features, commands, or significant enhancements that are backward compatible.
- **Patch** (x.y.z): Bug fixes, documentation updates, and minor internal improvements.

Copilot uses AI. Check for mistakes.
AGENTS.md
Source: github:metyatech/agent-rules@HEAD/rules/global/autonomous-operations.md

# Autonomous operations
# Autonomous operations
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This header line appears to include a leading BOM/zero-width character before # (it renders as #). That can break Markdown tooling/rendering and creates noisy diffs. Please remove the hidden character and ensure the generator emits clean UTF-8 without embedded BOM characters.

Suggested change
# Autonomous operations
# Autonomous operations

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@metyatech metyatech

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@metyatech