Feat/monorepo#3
Merged
Merged
Conversation
- K1 (critical): escape '$' -> '$$' for compose-interpolated .env values (Basic Auth bcrypt hash + Neo4j password) in install.sh/ps1, so Docker Compose no longer corrupts them (verified: the container receives a valid bcrypt hash). Fixes D4 too. - O1: strip U+200B zero-width spaces (translation artifact) -> server lint green. - O2: downgrade eslint-plugin-react-hooks v7 (React Compiler) advisories to warn -> web lint green. - O3: web-entrypoint fails closed — a network-exposed instance without full Basic Auth won't start. - O4: broaden the CI OSS grep gate to scan root config files (docker-compose, .env.example, installers). - O5: install.ps1 restricts .env ACLs to the current user (chmod 600 parity). - Docs/ops: whitelist count 32->40, development.md next->vite build, drop dead THROTTLE_* env vars, add WARN_COND_001 to the conditional-codes table, fix install.ps1 reset hint, and add a server healthcheck so web waits for real readiness. Verified: pnpm build 2/2, pnpm lint exit 0, server test:unit 820/820, docker compose config + container env deliver the bcrypt hash intact, OSS grep gate clean.
- Language: replace "OSS" with self-host/source-available wording; drop absolute claims (structurally impossible, provably correct, zero hallucinations); add license/MDA/AI-tooling FAQ and "what the rules engine does NOT guarantee". - CI: remove the SaaS-scrub grep from the public workflow (kept as a local pre-push hook); add an English-only source gate with an ASCII-Turkish wordlist. - i18n cleanup: translate remaining Turkish comments, test names, fixtures and runtime strings; fix YOK->NONE machine-translation artifacts and broken doc comments in main.ts / patterns.repository.ts. - Fixes: install.ps1/start.ps1 hex ForegroundColor crash; bump deprecated model defaults (claude-sonnet-4-6, gemini-3.5-flash); replace hardcoded deepseek-v4-pro with the tier mechanism; readable model-unavailable error. - Hygiene: rename logo asset, drop unused GIFs and zxcvbn deps, soften SECURITY.md secrets claim, fail-closed NEO4J_PASSWORD, fix systemd paths, hide Neo4j password input, gate vite allowedHosts; BaseChatModel refactor. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Changes
Checks
pnpm buildpasses (web + server)pnpm --filter @solarch/server test:unitpasses (if the server changed).envfiles committed