gui.do
commits
Adds a "Task" issue type with category dropdown (Website, Content & Copy,
Email & Comms, Legal & Grants, Design, Infrastructure, Other) for tracking
operational and business tasks that don't fit bug/feature/question types.
Also updates .gitignore to allow .github/ISSUE_TEMPLATE/.
chore(hooks): add main branch protection and pre-push CI checks
Block direct commits to main via pre-commit guard and run lint,
typecheck, build, and test before allowing push.
fix: standardize auto-add workflow, use PROJECT_BOARD_TOKEN
Co-authored-by: gxjansen <487722+gxjansen@users.noreply.github.com>
Co-authored-by: gxjansen <487722+gxjansen@users.noreply.github.com>
Package renamed from @singi-labs/lexicons to @singi-labs/barazo-lexicons.
Turbopack's transpilePackages still type-checks plugin source during
the Next.js build. In Docker's pnpm strict isolation, @types/react
from barazo-web isn't accessible to the plugin package. Adding as
devDependencies ensures React types are installed for plugin-signatures.
Fixes Docker build failure: "Could not find a declaration file for
module 'react'"
Co-authored-by: gxjansen <487722+gxjansen@users.noreply.github.com>
Co-authored-by: gxjansen <487722+gxjansen@users.noreply.github.com>
Change "barazo-plugins" to "barazo-plugins/packages/*" so pnpm
discovers individual plugin packages (like @barazo/plugin-signatures)
as workspace members. The previous entry only matched the monorepo
root package, causing pnpm --filter to silently skip plugin builds
in Docker.
The lockfile still referenced @barazo-forum/lexicons after the org rename,
causing pnpm deploy to bundle the wrong package name. The API container
couldn't find @singi-labs/lexicons at runtime, resulting in a crash loop
and 502 on staging.
pnpm deploy fails with ERR_PNPM_LOCKFILE_MISSING_DEPENDENCY when
resolving link: dependencies across workspace members. The
forceLegacyDeploy flag uses the legacy deploy algorithm that handles
this correctly.
* fix(deps): regenerate lockfile with latest sub-repo dependencies
* fix(ci): use PR-based flow for lockfile sync to respect branch protection
The sync-lockfile workflow was pushing directly to main, which fails
because branch protection requires pull requests. Switch to creating a
PR via peter-evans/create-pull-request and auto-merging it. The merged
push to main triggers deploy-staging.yml, so the direct deploy dispatch
is now only needed when a sub-repo triggers a sync but the lockfile
has not changed.
The sync-lockfile workflow now:
- Accepts deploy refs (trigger_repo, api_ref, web_ref) from the
dispatch payload and forwards them to the deploy workflow
- Always triggers a deploy when dispatched by a sub-repo PR merge,
even when the lockfile hasn't changed (code-only changes)
- Still only deploys on schedule/manual when the lockfile changed
This is the counterpart to the sub-repo changes that remove the
direct deploy dispatch and route everything through lockfile sync
first, eliminating the race condition where deploys started with
a stale lockfile.
* fix(deps): sync lockfile with pino@10.3.1 from barazo-api
PR #109 (backfill script) added pino to barazo-api/package.json but the
workspace lockfile wasn't regenerated. The 6h sync-lockfile cron ran 4
minutes before the merge, so it missed the change.
* ci(sync-lockfile): trigger on sub-repo dispatch, re-deploy on fix
- Reduce cron from 6h to 1h as fallback
- Trigger staging re-deploy when lockfile drift is fixed, so deploys
self-heal automatically
- Remove unused pull-requests permission
Dependabot updates package.json in sub-repos (barazo-api, barazo-web,
barazo-lexicons) but has no visibility into the workspace root lockfile.
This causes pnpm install --frozen-lockfile to fail in the deploy
workflow's Docker build.
Adds a scheduled workflow (every 6h) that fetches the latest
package.json from each sub-repo, regenerates the lockfile, and
auto-commits if it changed.
Dependabot updated package versions in barazo-api (PR #99) but
the workspace root lockfile was not regenerated, causing
pnpm install --frozen-lockfile to fail in the Docker build and
blocking all staging deploys.
The workspace-level minimatch>=10.2.1 override forced ESM minimatch
v10 into jsx-a11y, which expects CJS v3. This broke the pre-commit
hook on any file with label elements.
Previous lockfile only included root workspace deps, missing all
sub-package dependencies (barazo-api, barazo-web, barazo-lexicons).
This caused --frozen-lockfile to fail in Docker builds.
The lockfile had drifted significantly from the resolved dependency
versions, causing --frozen-lockfile to fail in Docker builds during
staging deployments.
Add docs (CC BY-SA 4.0 + MIT) and correct website to Proprietary.
The shared coding standard #9 (WCAG 2.2 AA, semantic HTML, keyboard
navigable) was inapplicable to barazo-api -- a REST API has no HTML
or keyboard navigation. Remove from shared.md and add an
API-appropriate "accessible error responses" standard to
barazo-api.md. Frontend repos already cover accessibility in their
own specific standards sections.
Brand alignment audit: update tagline to "Open-source forum software...
member-owned data, no lock-in." This is the source file that syncs to
all repo AGENTS.md files via GitHub Action.
Automatically pushes to tangled.org on every merge to main,
making Barazo visible in the AT Protocol developer ecosystem.
* chore(workspace): unify DX configs and fix lockfile drift
- Update catalog: typescript-eslint ^8.55.0 -> ^8.56.0
- Add type: module to root package.json (fixes ESM config warnings)
- Unify commitlint: add a11y + security types, subject-case: [0]
- Remove empty plugins array from prettier config
- Regenerate lockfile to resolve drift
* chore(ci): add minimatch override and update lockfile
Move minimatch>=10.2.1 override to workspace root (was ineffective
in barazo-api sub-package). Update lockfile after barazo-api switched
typescript-eslint to catalog: protocol.
- Update catalog: typescript-eslint ^8.55.0 -> ^8.56.0
- Add type: module to root package.json (fixes ESM config warnings)
- Unify commitlint: add a11y + security types, subject-case: [0]
- Remove empty plugins array from prettier config
- Regenerate lockfile to resolve drift
fix(workspace): pin eslint 9.x at root to prevent peer mismatch
typescript-eslint at the workspace root was auto-installing eslint 10
as a peer dependency, causing lint-staged in sub-repos to load
eslint-10-keyed typescript-eslint plugins. Adding eslint from the
catalog (^9.39.2) ensures consistent resolution across the workspace.
fix(dx): standardize port mapping and clean up dev environment
Lockfile was stale after barazo-api bumped eslint (^10.0.0),
@atproto/oauth-client-node (^0.3.17), and typescript-eslint (^8.56.0).
API consistently on port 3000, Web on 3001 across all configs.
Remove duplicate docker-compose.dev.yml (barazo-deploy has the
canonical version). Remove broken dev:seed script. Complete the
workspace .env.example with all API variables grouped by service.
Regenerated workspace lockfile to include the new devDependencies
(prettier, lint-staged, husky, commitlint) now on main in all
sub-repos after P2.9 developer experience PRs were merged.
* chore(workspace): add prettier and lint-staged to pnpm catalog
Add prettier ^3.8.1 and lint-staged ^16.2.7 to the pnpm catalog for
consistent version management across all workspace packages. Add both
as workspace root devDependencies using catalog: references.
* chore(workspace): add prettier config and prettierignore
Add workspace-level prettier.config.mjs matching the existing barazo-web
config (semi: false, singleQuote, tabWidth: 2, trailingComma: es5,
printWidth: 100). Add .prettierignore to exclude generated files, dist,
node_modules, lockfiles, and build artifacts.
* chore(workspace): fix husky hooks and add lint-staged config
Fix pre-commit hook: replace broken `npm test` with `pnpm exec lint-staged`.
Add missing commit-msg hook to enforce conventional commits via commitlint.
Add workspace-level lint-staged config for root config files (md, yml,
yaml, json).
* chore(workspace): add devcontainer for Codespaces and Dev Containers
Add .devcontainer/devcontainer.json with Node.js 24 (typescript-node
base image), Docker-in-Docker for test containers, port forwarding for
web (3000), API (3100), PostgreSQL (5432), and Valkey (6379). Includes
VS Code extensions and auto-install via corepack + pnpm.
* chore(workspace): add VS Code workspace settings
Add recommended VS Code extensions (ESLint, Prettier, Tailwind CSS,
Vitest Explorer) and workspace settings with Prettier as default
formatter, format-on-save, ESLint auto-fix, and common file excludes.
* fix(workspace): regenerate lockfile for sub-repo main branches
The workspace lockfile was generated with local sub-repo changes
that haven't been merged to main yet. Regenerated to match the
current main branch state of all sub-repos.
Source of truth for per-repo AGENTS.md files. Build script
concatenates shared base + repo-specific content into complete
self-contained AGENTS.md files for each sub-repo.
Weekly scheduled workflow (Monday 08:00 UTC) that runs pnpm outdated
across all workspace members and reports results. On PRs that change
dependency files, posts a sticky comment. On schedule/dispatch, creates
or updates a tracking issue labeled "dependencies".
Implements the deferred CI check from the dependency audit.
* fix(deps): add inject-workspace-packages for pnpm deploy compatibility
* fix(deps): regenerate lockfile with inject-workspace-packages
The lockfile was generated with link-workspace-packages=true only.
Adding inject-workspace-packages=true (needed for pnpm deploy in
Docker builds) changes how workspace dependencies are tracked,
requiring lockfile regeneration.
Regenerated from workspace root to include:
- @atproto/tap ^0.2.3 -> ^0.2.4
- @scalar/fastify-api-reference ^1.44.18 -> ^1.44.20
- @sentry/node ^9.27.0 -> ^10.39.0
- @testcontainers/postgresql ^10.23.0 -> ^11.11.0
- drizzle-kit ^0.31.4 -> ^0.31.9
- testcontainers ^10.23.0 -> ^11.11.0
Fires repository_dispatch to barazo-deploy when workspace root
files change (lockfile, catalogs, package.json), ensuring staging
builds always use the latest dependency resolution.
Define shared dependency versions in pnpm-workspace.yaml catalog section
and update root package.json to use catalog: references. Prevents version
drift across workspace packages (e.g., zod v3 in web vs v4 in api).
Turbopack's transpilePackages still type-checks plugin source during
the Next.js build. In Docker's pnpm strict isolation, @types/react
from barazo-web isn't accessible to the plugin package. Adding as
devDependencies ensures React types are installed for plugin-signatures.
Fixes Docker build failure: "Could not find a declaration file for
module 'react'"
* fix(deps): regenerate lockfile with latest sub-repo dependencies
* fix(ci): use PR-based flow for lockfile sync to respect branch protection
The sync-lockfile workflow was pushing directly to main, which fails
because branch protection requires pull requests. Switch to creating a
PR via peter-evans/create-pull-request and auto-merging it. The merged
push to main triggers deploy-staging.yml, so the direct deploy dispatch
is now only needed when a sub-repo triggers a sync but the lockfile
has not changed.
The sync-lockfile workflow now:
- Accepts deploy refs (trigger_repo, api_ref, web_ref) from the
dispatch payload and forwards them to the deploy workflow
- Always triggers a deploy when dispatched by a sub-repo PR merge,
even when the lockfile hasn't changed (code-only changes)
- Still only deploys on schedule/manual when the lockfile changed
This is the counterpart to the sub-repo changes that remove the
direct deploy dispatch and route everything through lockfile sync
first, eliminating the race condition where deploys started with
a stale lockfile.
* fix(deps): sync lockfile with pino@10.3.1 from barazo-api
PR #109 (backfill script) added pino to barazo-api/package.json but the
workspace lockfile wasn't regenerated. The 6h sync-lockfile cron ran 4
minutes before the merge, so it missed the change.
* ci(sync-lockfile): trigger on sub-repo dispatch, re-deploy on fix
- Reduce cron from 6h to 1h as fallback
- Trigger staging re-deploy when lockfile drift is fixed, so deploys
self-heal automatically
- Remove unused pull-requests permission
Dependabot updates package.json in sub-repos (barazo-api, barazo-web,
barazo-lexicons) but has no visibility into the workspace root lockfile.
This causes pnpm install --frozen-lockfile to fail in the deploy
workflow's Docker build.
Adds a scheduled workflow (every 6h) that fetches the latest
package.json from each sub-repo, regenerates the lockfile, and
auto-commits if it changed.
The shared coding standard #9 (WCAG 2.2 AA, semantic HTML, keyboard
navigable) was inapplicable to barazo-api -- a REST API has no HTML
or keyboard navigation. Remove from shared.md and add an
API-appropriate "accessible error responses" standard to
barazo-api.md. Frontend repos already cover accessibility in their
own specific standards sections.
* chore(workspace): unify DX configs and fix lockfile drift
- Update catalog: typescript-eslint ^8.55.0 -> ^8.56.0
- Add type: module to root package.json (fixes ESM config warnings)
- Unify commitlint: add a11y + security types, subject-case: [0]
- Remove empty plugins array from prettier config
- Regenerate lockfile to resolve drift
* chore(ci): add minimatch override and update lockfile
Move minimatch>=10.2.1 override to workspace root (was ineffective
in barazo-api sub-package). Update lockfile after barazo-api switched
typescript-eslint to catalog: protocol.
* chore(workspace): add prettier and lint-staged to pnpm catalog
Add prettier ^3.8.1 and lint-staged ^16.2.7 to the pnpm catalog for
consistent version management across all workspace packages. Add both
as workspace root devDependencies using catalog: references.
* chore(workspace): add prettier config and prettierignore
Add workspace-level prettier.config.mjs matching the existing barazo-web
config (semi: false, singleQuote, tabWidth: 2, trailingComma: es5,
printWidth: 100). Add .prettierignore to exclude generated files, dist,
node_modules, lockfiles, and build artifacts.
* chore(workspace): fix husky hooks and add lint-staged config
Fix pre-commit hook: replace broken `npm test` with `pnpm exec lint-staged`.
Add missing commit-msg hook to enforce conventional commits via commitlint.
Add workspace-level lint-staged config for root config files (md, yml,
yaml, json).
* chore(workspace): add devcontainer for Codespaces and Dev Containers
Add .devcontainer/devcontainer.json with Node.js 24 (typescript-node
base image), Docker-in-Docker for test containers, port forwarding for
web (3000), API (3100), PostgreSQL (5432), and Valkey (6379). Includes
VS Code extensions and auto-install via corepack + pnpm.
* chore(workspace): add VS Code workspace settings
Add recommended VS Code extensions (ESLint, Prettier, Tailwind CSS,
Vitest Explorer) and workspace settings with Prettier as default
formatter, format-on-save, ESLint auto-fix, and common file excludes.
* fix(workspace): regenerate lockfile for sub-repo main branches
The workspace lockfile was generated with local sub-repo changes
that haven't been merged to main yet. Regenerated to match the
current main branch state of all sub-repos.
Weekly scheduled workflow (Monday 08:00 UTC) that runs pnpm outdated
across all workspace members and reports results. On PRs that change
dependency files, posts a sticky comment. On schedule/dispatch, creates
or updates a tracking issue labeled "dependencies".
Implements the deferred CI check from the dependency audit.
* fix(deps): add inject-workspace-packages for pnpm deploy compatibility
* fix(deps): regenerate lockfile with inject-workspace-packages
The lockfile was generated with link-workspace-packages=true only.
Adding inject-workspace-packages=true (needed for pnpm deploy in
Docker builds) changes how workspace dependencies are tracked,
requiring lockfile regeneration.