Skip to content

add detailed sitemap#119

Open
pinkycollie wants to merge 133 commits into
copilot/add-detailed-sitemapfrom
main
Open

add detailed sitemap#119
pinkycollie wants to merge 133 commits into
copilot/add-detailed-sitemapfrom
main

Conversation

@pinkycollie

Copy link
Copy Markdown
Owner

No description provided.

Copilot AI and others added 30 commits November 22, 2025 12:23
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
…amples

Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
- Add GitHub Actions CI/CD pipeline with testing, linting, and build jobs
- Add security scanning workflow with CodeQL and npm audit
- Add Dependabot configuration for automated dependency updates
- Add pre-commit hooks with Husky and lint-staged
- Create comprehensive ARCHITECTURE.md documentation
- Create CONTRIBUTING.md guide for contributors
- Add Terraform IaC templates and structure
- Enhance README with badges and improved documentation
- Add Prettier configuration for code formatting

Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
- Enhance Docker Compose with health checks and proper networking
- Add Dockerfile templates for all services
- Create Kubernetes manifests for production deployment
- Add accessibility testing workflow
- Create deployment documentation
- Enhance frontend with performance optimizations
- Add loading states and smooth scroll behavior

Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
- Fix Terraform availability zones to be region-agnostic
- Fix Docker Compose frontend URLs to use service names
- Update Docker commands to use docker compose (V2)
- Fix TypeScript CSS custom property typing
- Remove weak default secrets in docker-compose.yml
- Add validation for required environment variables
- Update terraform example with availability zones comment

Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
…ation

[WIP] Enhance workflows and architecture in DEAF-FIRST-PLATFORM
Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js) from 5.1.1 to 6.0.0.
- [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases)
- [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md)
- [Commits](kelektiv/node.bcrypt.js@v5.1.1...v6.0.0)

---
updated-dependencies:
- dependency-name: bcrypt
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 2.1.9 to 4.0.15.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.15/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.0.15
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.6.1 to 17.2.3.
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.2.3)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.2.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Remove XANO webhook secret from README
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
pinkycollie and others added 12 commits May 18, 2026 19:26
…ntain permissions'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Comment thread .github/workflows/api-tests.yml
Comment on lines +46 to +63
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3

- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '20.x'
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Validate all OpenAPI specifications
run: npm run validate:openapi

generate-sdks:
run: npm run validate:openapi

generate-sdks:
runs-on: ubuntu-latest
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
This workflow runs security checks on pull requests and pushes to main, including audits, banned imports, secret detection, and rate limiting checks.

Signed-off-by: Pinky Collie <199848471+pinkycollie@users.noreply.github.com>
Comment on lines +14 to +92
name: Security Audit and Dependency Scan
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Run npm audit
run: |
echo "Running npm audit..."
npm audit --audit-level=high
continue-on-error: false

- name: Check for banned imports in /api
run: |
echo "Checking for banned database imports in /api directory..."
if grep -r "import.*drizzle" ./api/ 2>/dev/null; then
echo "ERROR: Direct drizzle imports found in /api directory"
exit 1
fi
if grep -r "import.*pg\>" ./api/ 2>/dev/null; then
echo "ERROR: Direct pg imports found in /api directory"
exit 1
fi
if grep -r "from ['\"]drizzle" ./api/ 2>/dev/null; then
echo "ERROR: Direct drizzle imports found in /api directory"
exit 1
fi
echo "✓ No banned imports found in /api directory"

- name: Check for committed secrets
run: |
echo "Checking for accidentally committed secrets..."
# Check for common secret patterns
if grep -r "sk_live_" . --exclude-dir=node_modules --exclude-dir=.git 2>/dev/null; then
echo "ERROR: Stripe live secret key found in repository"
exit 1
fi
if grep -r "sk_test_" . --exclude-dir=node_modules --exclude-dir=.git --exclude=".env.example" 2>/dev/null; then
echo "WARNING: Stripe test secret key found - should be in environment variables"
fi
if grep -r "PRIVATE_KEY" . --exclude-dir=node_modules --exclude-dir=.git --exclude="*.md" 2>/dev/null | grep -v "PRIVATE_KEY_PATH"; then
echo "ERROR: Private key found in repository"
exit 1
fi
echo "✓ No obvious secrets found in repository"

- name: Check SECURITY.md exists
run: |
if [ ! -f "SECURITY.md" ]; then
echo "ERROR: SECURITY.md not found in repository root"
exit 1
fi
echo "✓ SECURITY.md exists"

- name: Check agents.md exists
run: |
if [ ! -f "agents.md" ]; then
echo "ERROR: agents.md not found in repository root"
exit 1
fi
echo "✓ agents.md exists"

- name: Verify TypeScript compilation
run: |
echo "Checking TypeScript compilation..."
npm run check || echo "TypeScript errors found - review before merge"
continue-on-error: true

api-security:
Comment on lines +93 to +126
name: API Security Checks
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Check API routes for content-type enforcement
run: |
echo "Checking API routes for proper content-type handling..."
# Check for HTML responses in API routes (potential security issue)
if grep -r "text/html\|<html\|<body" ./server/routes.ts ./server/api/ --exclude="*.test.*" 2>/dev/null; then
echo "WARNING: HTML content detected in API routes - API should return JSON only"
fi
echo "✓ API content-type check complete"

- name: Check for SQL injection vulnerabilities
run: |
echo "Checking for potential SQL injection patterns..."
if grep -r "db.query.*\${" ./server/ --exclude-dir=node_modules 2>/dev/null; then
echo "WARNING: Template literal found in db.query - verify parameterized queries are used"
fi
echo "✓ SQL injection check complete"

pii-detection:
Comment on lines +127 to +151
name: PII and Sensitive Data Detection
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Check for PII in test files
run: |
echo "Checking for real PII in test files..."
# Look for real SSN patterns (not test data)
if grep -r "[0-9]\{3\}-[0-9]\{2\}-[0-9]\{4\}" ./test* --exclude-dir=node_modules 2>/dev/null | grep -v "000-00-0000" | grep -v "123-45-6789"; then
echo "WARNING: Real SSN patterns found in tests - use synthetic data only"
fi
echo "✓ PII detection check complete"

- name: Check for hardcoded credentials
run: |
echo "Checking for hardcoded credentials..."
if grep -ri "password\s*=\s*['\"][^'\"]*['\"]" . --exclude-dir=node_modules --exclude-dir=.git --exclude="*.md" 2>/dev/null; then
echo "WARNING: Hardcoded passwords found - use environment variables"
fi
echo "✓ Credential check complete"

dependency-pinning:
Comment on lines +152 to +168
name: Verify Dependency Pinning
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Check for unpinned dependencies
run: |
echo "Checking package.json for unpinned dependencies..."
if grep -E '"\^|"~' package.json; then
echo "WARNING: Unpinned dependencies found in package.json"
echo "For production, consider using exact versions (remove ^ and ~)"
fi
echo "✓ Dependency pinning check complete"

rate-limit-check:
Comment on lines +169 to +186
name: Verify Rate Limiting
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Check for rate limiting implementation
run: |
echo "Checking for rate limiting in API routes..."
if ! grep -r "rateLimit\|rate-limit" ./server/ 2>/dev/null; then
echo "WARNING: No rate limiting implementation detected"
echo "Consider adding express-rate-limit or similar middleware"
else
echo "✓ Rate limiting implementation found"
fi

summary:
Comment on lines +187 to +208
name: Security Check Summary
runs-on: ubuntu-latest
needs: [security-audit, api-security, pii-detection, dependency-pinning, rate-limit-check]
if: always()

steps:
- name: Summary
run: |
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Security Hardening Checks Complete"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Review any warnings above and ensure:"
echo " ✓ No high/critical vulnerabilities in dependencies"
echo " ✓ No banned imports in /api directory"
echo " ✓ SECURITY.md and agents.md are present"
echo " ✓ No secrets committed to repository"
echo " ✓ API routes enforce proper content-types"
echo " ✓ Rate limiting is implemented"
echo ""
echo "For security concerns, contact: security@mbtq.dev"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
@github-advanced-security

Copy link
Copy Markdown
Contributor

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@github-advanced-security github-advanced-security AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@snyk-io

snyk-io Bot commented Jun 5, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
🔚 Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants