Release Dev#382
Merged
Merged
Conversation
Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
* fix(deploy): migrate from R2 to Cloudflare Pages * fix(deploy): use env vars for deployment variables --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
…on (#341) * feat(hooks): add @stackwright/hooks-registry for cross-module singleton - Create new @stackwright/hooks-registry package using Symbol.for() pattern - Update @stackwright/scaffold-core to re-export from shared registry - Fix fallback:'blocking' + output:'export' incompatibility in template - Update E2E config to serve static out/ directory Fixes module isolation where Pro packages' hooks weren't visible to CLI. * fix(hooks): add resetForTesting export and improve singleton tests * fix: address lint warnings for PR #341 * chore: update visual regression baselines and SBOM files * fix(deps): pin undici to ^7.0.0 for jsdom compatibility --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
* feat(hooks): add @stackwright/hooks-registry for cross-module singleton - Create new @stackwright/hooks-registry package using Symbol.for() pattern - Update @stackwright/scaffold-core to re-export from shared registry - Fix fallback:'blocking' + output:'export' incompatibility in template - Update E2E config to serve static out/ directory Fixes module isolation where Pro packages' hooks weren't visible to CLI. * fix(hooks): add resetForTesting export and improve singleton tests * fix: address lint warnings for PR #341 * chore: update visual regression baselines and SBOM files * fix(deps): pin undici to ^7.0.0 for jsdom compatibility * docs: add ADR 006 for shared validation module (fixes #338) --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
…345) * feat(security): add secrets scanning and plugin security guidelines (fixes #244, #246) * fix(security): use gitleaks v1 (MIT) and fix workflow configuration * refactor(security): use gitleaks CLI instead of GitHub Action - Replace gitleaks-action with direct CLI invocation - CLI is MIT licensed, no license key required - Exit code 1 = leaks found (fails CI), 0 = clean (passes) - Add Go setup step to install gitleaks v9 * fix(security): use --filter for pnpm audit to avoid workspace conflicts --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
* fix(security): add configSchema field to PrebuildPlugin interface This commit addresses security issue #242 by adding schema validation for integration configs in the Stackwright prebuild pipeline. Changes: - Add configSchema field to PrebuildPlugin interface in packages/types - Add validateIntegrationConfig() and validateIntegrations() functions to packages/build-scripts/src/prebuild.ts - Integrate validation into the prebuild pipeline after env var resolution - Add comprehensive tests for plugin config schema validation Security benefits: - Prevents prototype pollution attacks (__proto__, constructor) - Validates plugin-specific configuration options - Enforces type safety for integration configs The validation is opt-in for plugins - they declare a configSchema if they want their integration configs validated. Existing plugins without a configSchema continue to work as before (with a warning in development). fixes #242 * fix: add plugin config schema validation (#242) --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
…363) - Delete ROADMAP.md (roadmap lives in GitHub Issues; use `pnpm stackwright -- board`) - Update 3 stale ROADMAP.md references in CONTRIBUTING.md - Fix duplicate/truncated paragraph at end of PHILOSOPHY.md - Update PHILOSOPHY.md intro to point to GitHub Issues instead of ROADMAP.md - Delete docs/archive/ (6 completed-work summaries; preserved in git history) - Delete orphaned docs/sbom-ci-workflow.md (no inbound refs, CI already covers it) - Rename docs/security-model-for-docs.md → docs/SECURITY-MODEL.md - Update inbound links to SECURITY-MODEL.md in docs/PLUGIN_SECURITY.md Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
* static export fixes (#335) * fix(deploy): enable static export for R2 bucket hosting (#332) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * fix(deploy): add trailing slash support for R2 static hosting (#334) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * release CI security fixes (#348) * fix(deploy): enable static export for R2 bucket hosting (#332) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * fix(deploy): add trailing slash support for R2 static hosting (#334) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * fix(deploy): migrate from R2 to Cloudflare Pages (#336) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * Fix/cloudflare pages (#337) * fix(deploy): migrate from R2 to Cloudflare Pages * fix(deploy): use env vars for deployment variables --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * feat(hooks): add @stackwright/hooks-registry for cross-module singleton (#341) * feat(hooks): add @stackwright/hooks-registry for cross-module singleton - Create new @stackwright/hooks-registry package using Symbol.for() pattern - Update @stackwright/scaffold-core to re-export from shared registry - Fix fallback:'blocking' + output:'export' incompatibility in template - Update E2E config to serve static out/ directory Fixes module isolation where Pro packages' hooks weren't visible to CLI. * fix(hooks): add resetForTesting export and improve singleton tests * fix: address lint warnings for PR #341 * chore: update visual regression baselines and SBOM files * fix(deps): pin undici to ^7.0.0 for jsdom compatibility --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * docs: document shared validation module architecture (fixes #338) (#342) * feat(hooks): add @stackwright/hooks-registry for cross-module singleton - Create new @stackwright/hooks-registry package using Symbol.for() pattern - Update @stackwright/scaffold-core to re-export from shared registry - Fix fallback:'blocking' + output:'export' incompatibility in template - Update E2E config to serve static out/ directory Fixes module isolation where Pro packages' hooks weren't visible to CLI. * fix(hooks): add resetForTesting export and improve singleton tests * fix: address lint warnings for PR #341 * chore: update visual regression baselines and SBOM files * fix(deps): pin undici to ^7.0.0 for jsdom compatibility * docs: add ADR 006 for shared validation module (fixes #338) --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * fix(core): resolve theme tokens in icon color prop (fixes #339) (#343) * fix(core): resolve theme tokens in icon color prop (fixes #339) * chore: add changeset for #339 fix * fix(core): map background token to --sw-color-bg (fixes #343 review) --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * feat(security): add secrets scanning and plugin security guidelines (#345) * feat(security): add secrets scanning and plugin security guidelines (fixes #244, #246) * fix(security): use gitleaks v1 (MIT) and fix workflow configuration * refactor(security): use gitleaks CLI instead of GitHub Action - Replace gitleaks-action with direct CLI invocation - CLI is MIT licensed, no license key required - Exit code 1 = leaks found (fails CI), 0 = clean (passes) - Add Go setup step to install gitleaks v9 * fix(security): use --filter for pnpm audit to avoid workspace conflicts --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * feat(types,build-scripts): add env var resolution for integration secrets (#245) * chore: add changeset for #245 * feat(types,build-scripts): env var resolution for integration secrets (#245) (#347) * feat(types,build-scripts): add env var resolution for integration secrets (#245) * chore: add changeset for #245 --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: consolidate dependabot dependency updates * chore: apply review fixes to dependabot batch update * chore: add changeset for dependabot dependency consolidation * fix(ci): delete lockfile before pnpm install on PRs to ensure fresh generation * fix(ci): add lockfile diagnostics to debug broken lockfile issue * fix(ci): clear stale pnpm store on PR runs to prevent broken lockfile generation * ci: add detailed lockfile diagnostics after pnpm install * ci: add comprehensive lockfile content analysis after pnpm install * fix(ci): revert pnpm/action-setup to @v4 to fix ERR_PNPM_BROKEN_LOCKFILE on audit pnpm/action-setup@v6 sets up the pnpm environment in a way that causes pnpm audit to fail with ERR_PNPM_BROKEN_LOCKFILE even on valid lockfiles. The dev branch uses @v4 which works correctly with pnpm@10.30.3. Reverting to @v4 restores parity with dev and unblocks CI. * ci: remove duplicate audit from lint-and-format, bump pnpm to 10.33.0 --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
…oggle icon (#366) Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Bumps [@changesets/cli](https://github.com/changesets/changesets) from 2.30.0 to 2.31.0. - [Release notes](https://github.com/changesets/changesets/releases) - [Commits](https://github.com/changesets/changesets/compare/@changesets/cli@2.30.0...@changesets/cli@2.31.0) --- updated-dependencies: - dependency-name: "@changesets/cli" dependency-version: 2.31.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
… mapping-key normalization (#381) * feat(cli): add --content flag to page add for inline YAML (#188) * feat(types,build-scripts): add plugin content schema extension and YAML normalization - Add `contentItemSchemas` and `knownContentTypeKeys` to PrebuildPlugin interface - Add `buildExtendedPageContentSchema()` to @stackwright/types for merging OSS and plugin schemas - Add `ValidatePageContentOptions` to validatePageContent() for plugin-aware validation - Add content format normalization in runPrebuild: YAML mapping-key-as-type format ({ page_header: { title } }) is auto-normalized to OSS type-field format ({ type: 'page_header', title }) before validation and processing - Plugin contentItemSchemas and knownContentTypeKeys are now collected and applied during page validation, enabling pro content types to pass schema validation --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
…hangesets/cli-2.31.0 chore(deps-dev): bump @changesets/cli from 2.30.0 to 2.31.0
# Conflicts: # .github/workflows/security.yml # docs/PLUGIN_SECURITY.md # examples/stackwright-docs/build-manifest.json # examples/stackwright-docs/cyclonedx.json # examples/stackwright-docs/spdx.json # examples/stackwright-docs/spdx.spdx # packages/build-scripts/src/prebuild.ts # packages/cli/src/utils/template-processor.ts # packages/types/src/types/validation.ts # packages/types/test/integration-security.test.ts # pnpm-lock.yaml
perasperaactual
had a problem deploying
to
development
GitHub Actions
Failure
Contributor
🧪 Coverage Report\n\n### Overall Coverage\n\n| Metric | Coverage |\n|--------|----------|\n| Lines |
|
Contributor
⚡ Performance Benchmark Results✅ Build Time Benchmarks: PASSED❌ Bundle Size Benchmarks: FAILED❌ Runtime Vitals Benchmarks: FAILED📝 Note: Detailed results are available in the job logs. 🎯 Performance Budgets:
Updated: 2026-04-27T18:11:41.188Z |
Contributor
✅ Visual Regression Test ResultsStatus: ✅ All visual tests passed! All screenshots match the baseline. No visual regressions detected! 🎉 |
Contributor
♿ Accessibility Test ResultsOverall Status: ✅ 0/0 tests passed 🦮 WCAG 2.1 AA ComplianceNo WCAG test results available ⌨️ Keyboard NavigationNo keyboard navigation test results available 📊 Detailed ReportDownload the full HTML accessibility report from the workflow artifacts for:
🔍 Testing ChecklistOur accessibility tests verify:
Powered by @axe-core/playwright and Playwright |
Contributor
🧪 Coverage Report\n\n### Overall Coverage\n\n| Metric | Coverage |\n|--------|----------|\n| Lines |
|
Contributor
✅ Visual Regression Test ResultsStatus: ✅ All visual tests passed! All screenshots match the baseline. No visual regressions detected! 🎉 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.