Commit
CI: gate the frontend; add audit step, job timeouts; ADRs for deferred decisions
Commit details
Commit notes
- New required frontend job: svelte-check + unit tests + production build. Vite builds don't typecheck, so type breakage previously merged green and surfaced only on the Netlify deploy. - bun audit runs report-only in the test job; promote to blocking after the residual moderate/low findings are triaged. - timeout-minutes on every job (hung DB tests previously burned the 360-minute default); push triggers scoped to main (PRs already cover branches, halving duplicate runs). - ADR 0001 records the refresh-token storage decision (localStorage + CSP over httpOnly cookie, with revisit triggers); ADR 0002 records the single-OWNER_EMAIL admin model. RAILWAY.md now explains what the sync-lock script is for and when not to use it.
[private session redacted]
- Files changed
- 4
- Lines added
- +131
- Lines removed
- −1