15da7a5778a8e46c01ab54311218c5d826ce3408
CI / commits (pull_request) Successful in 3m0s
CI / scan (pull_request) Successful in 3m19s
CI / check (pull_request) Successful in 4m17s
CI / a11y (pull_request) Successful in 2m32s
Docs site / build (pull_request) Successful in 4m0s
CI / perf (pull_request) Successful in 7m24s
pnpm audit was failing ci:audit at moderate severity: uuid@<11.1.1 — missing buffer bounds check in v3/v5/v6 when buf is provided (GHSA-w5hq-g745-h8pq). Path: . > @lhci/cli@0.15.1 > uuid@8.3.2 @lhci/cli pulls in uuid@8.3.2 (uses only uuid.v4()); the advisory flags the v3/v5/v6 code paths so our usage is technically not at risk, but the audit gate is set to moderate and any flagged advisory blocks CI per ADR-0015. The override matches the pattern already in use for axios / ajv / brace-expansion / esbuild / follow-redirects / ip-address / protobufjs / tmp / ws / yaml — force the transitive dep to a patched range. uuid@14 is the resolved version (latest), already in the tree via mermaid; consolidating everything onto a single major also removes the dedup warning. Compatibility: uuid@14 is ESM-only (`type: module` + conditional exports). @lhci/cli does `const uuid = require('uuid')` which works on Node >= 22.12 via the stable `require(esm)` capability. The workspace pins Node 24 (.nvmrc), so the CJS consumer is fine. Verified by loading @lhci/cli's node-runner module under the new resolution — no exception. Test plan: - pnpm ci:audit: clean ("No known vulnerabilities found"). - pnpm ci:check: 13 projects green.
Documentation index
This is the entry point to all project documentation. It is maintained automatically: any addition, rename, or removal of a .md file under docs/ must be reflected here in the same change.
Conventions
- Documentation is written in English.
- One topic per file. Group related files into a folder when there are three or more.
- Cross-reference with relative links so they keep working in GitHub, IDEs, and exported sites.
- For architectural decisions, do not add them here — they belong in decisions/ as MADR 4.0.0 ADRs.
Sections
Daily development
- development.md — repo layout, prerequisites, initial setup, daily commands, observability dev-loop (Jaeger UI, log ↔ trace correlation), dependency updates (Renovate), conventional commit cycle. Day-to-day reference for working on the project.
Architecture
- architecture.md — cross-cutting Mermaid diagrams: C4 system context, C4 containers, Nx module boundaries, CI/CD pipeline. Single-decision diagrams (auth sequence, ERD, etc.) live inline in their ADR.
Onboarding & environment
Setup guides for new contributors:
- setup/01-wsl-terminal-setup.md — modern WSL terminal (Zsh + Powerlevel10k + CLI tools)
- setup/02-dev-web-stack.md — Node via nvm, pnpm via corepack, Docker
- setup/03-angular-nx-monorepo.md — Angular + Nx monorepo bootstrap
Operations & runbooks
Empty — to be populated when we deploy.
Security, performance, accessibility
Empty — placeholders to be filled with rationale docs alongside their corresponding ADRs.
Description
Languages
TypeScript
85.3%
JavaScript
5.4%
SCSS
4.3%
HTML
3.9%
Shell
0.8%
Other
0.3%