Skip to content

S-tier hardening: releases, coverage, security, docs, spec versioning#4

Merged
renezander030 merged 2 commits into
masterfrom
stier-tier1-2
Jun 16, 2026
Merged

S-tier hardening: releases, coverage, security, docs, spec versioning#4
renezander030 merged 2 commits into
masterfrom
stier-tier1-2

Conversation

@renezander030

Copy link
Copy Markdown
Owner

Implements the S-tier checklist across three tiers. Verified locally: 31/31 tests pass, coverage thresholds enforced, self-gate dogfood passes, JSON Schema validates every real spec, npm publish dry-run clean.

Tier 1 — ship-credibility

  • Tag-driven release.yml: npm publish --provenance + GitHub Release from the CHANGELOG section, with a tag↔package.json version guard
  • Coverage gate: npm run test:coverage (lines 85 / branch 70 / funcs 90)
  • Community health: CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, issue templates, PR template
  • README badges (CI / npm / license / node)

Tier 2 — trust & safety

  • dependabot.yml (npm + github-actions), codeql.yml
  • All GitHub Actions pinned to commit SHAs
  • test/e2e.test.ts — CLI covered as a real process; Node 18/20/22 CI matrix

Tier 3 — depth & durability

  • docs/: quickstart, spec-reference, recipes, architecture, compatibility
  • Optional version: field + SPEC_VERSION — degrades loudly, never silently misreads
  • schema/done.schema.json + yaml-language-server modeline; ships in the npm package
  • Documented exit-code contract

🤖 Generated with Claude Code

Tier 1 — tag-driven release workflow (npm publish --provenance + GitHub
Release from the CHANGELOG), coverage gate (npm run test:coverage),
CONTRIBUTING/CODE_OF_CONDUCT/SECURITY + issue & PR templates, README badges.

Tier 2 — Dependabot (npm + actions), CodeQL workflow, all Actions SHA-pinned,
end-to-end CLI tests (test/e2e.test.ts), Node 18/20/22 CI matrix.

Tier 3 — docs/ surface (quickstart, spec-reference, recipes, architecture,
compatibility), optional done.yaml `version:` field + SPEC_VERSION (warns
rather than silently misreading), JSON Schema + yaml-language-server modeline,
documented exit-code contract.

Self-gate dogfood passes; 31/31 tests green with coverage thresholds enforced.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

const lines = md.split("\n");

// Match "## 0.4.0" (optionally followed by a date/anything).
const startIdx = lines.findIndex((l) => new RegExp(`^##\\s+v?${version.replace(/\./g, "\\.")}\\b`).test(l));
const lines = md.split("\n");

// Match "## 0.4.0" (optionally followed by a date/anything).
const startIdx = lines.findIndex((l) => new RegExp(`^##\\s+v?${version.replace(/\./g, "\\.")}\\b`).test(l));
The matrix renamed the job to "test (node N)", which no longer matched the
branch-protection required context "test". Split into a primary `test` job
(node 20, the required context) plus a `compat` matrix (18, 22).

Remove .github/workflows/codeql.yml: the repo already runs CodeQL via default
code-scanning setup, and an advanced workflow conflicts with it (the failing
"CodeQL" check). Default setup already satisfies the security-scanning goal.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@renezander030 renezander030 merged commit 715ecda into master Jun 16, 2026
4 checks passed
@renezander030 renezander030 deleted the stier-tier1-2 branch June 16, 2026 11:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants