|
| 1 | +# Intake: Repository Modernization & Automation |
| 2 | + |
| 3 | +**Date**: 2025-11-17 |
| 4 | +**Agent ID**: agent.prompt.audit-plan-implement.v1 |
| 5 | +**Branch**: `claude/audit-plan-implement-agent-019ADFMXn4ohXxgQN2W4cSwU` |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +## Task Summary |
| 10 | + |
| 11 | +1. **Fix bugs and remove legacy code** — Clean up ESLint errors, unused imports, and deprecated patterns |
| 12 | +2. **Update dependencies and enable self-updates** — Upgrade outdated packages, resolve security vulnerabilities, automate dependency management |
| 13 | +3. **Configure deployments** — Harden GitHub Pages workflow, add Vercel deployment configuration |
| 14 | +4. **Automate development cycle** — Add CI workflows for linting, testing, and quality gates |
| 15 | + |
| 16 | +--- |
| 17 | + |
| 18 | +## Assumptions & Locked Defaults |
| 19 | + |
| 20 | +### Stack (Confirmed) |
| 21 | +- **Language**: JavaScript (ES2024, ESM) |
| 22 | +- **Package Manager**: npm 9+ |
| 23 | +- **Build System**: Vite 5.4+ (upgrading to 7.2.2) |
| 24 | +- **Linter**: ESLint 8.x → 9.x |
| 25 | +- **Formatter**: Prettier |
| 26 | +- **Test Framework**: Browser-based tests via Vite server + Playwright (optional) |
| 27 | +- **CI Provider**: GitHub Actions |
| 28 | + |
| 29 | +### Deployment Targets |
| 30 | +- **GitHub Pages**: Already configured (`.github/workflows/deploy.yml`) |
| 31 | +- **Vercel**: To be added (zero-config Vite deployment) |
| 32 | + |
| 33 | +### Automation Scope |
| 34 | +- **Dependency updates**: Dependabot (weekly, auto-merge patches) |
| 35 | +- **Code quality**: Pre-commit hooks (lint, format) via Husky + lint-staged |
| 36 | +- **CI checks**: Lint, build, test on PR and push to main |
| 37 | + |
| 38 | +### Non-Functionals |
| 39 | +- **Performance**: Maintain existing build performance; no regressions |
| 40 | +- **Security**: Resolve all 7 vulnerabilities (5 moderate, 2 high) |
| 41 | +- **A11y**: No new requirements (existing standards maintained) |
| 42 | +- **i18n**: Not applicable |
| 43 | + |
| 44 | +--- |
| 45 | + |
| 46 | +## Definition of DONE |
| 47 | + |
| 48 | +### Acceptance Criteria |
| 49 | +1. ✅ **Zero ESLint errors** — Fix 6 existing errors (unused variables/imports) |
| 50 | +2. ✅ **Zero security vulnerabilities** — Update dependencies to resolve all 7 audit findings |
| 51 | +3. ✅ **Latest stable dependencies** — Upgrade to latest compatible versions (Three.js exception: validate breaking changes) |
| 52 | +4. ✅ **Self-updating dependencies** — Dependabot configured for automated PRs |
| 53 | +5. ✅ **GitHub Pages deployment** — Working workflow with optimized builds |
| 54 | +6. ✅ **Vercel deployment** — Working configuration (vercel.json + preview deployments) |
| 55 | +7. ✅ **Pre-commit automation** — Husky + lint-staged for format/lint on commit |
| 56 | +8. ✅ **CI quality gates** — GitHub Actions workflow: lint → build → test |
| 57 | +9. ✅ **All tests passing** — Existing browser tests execute successfully |
| 58 | +10. ✅ **Documentation updated** — README, CHANGELOG, ADR as needed |
| 59 | + |
| 60 | +### Out of Scope |
| 61 | +- Refactoring `lumaLabs/` standalone demos (minimal fixes only per AGENTS.md) |
| 62 | +- Major architectural changes (this is maintenance/tooling work) |
| 63 | +- New features (focus on stability and automation) |
| 64 | + |
| 65 | +--- |
| 66 | + |
| 67 | +## Known Constraints |
| 68 | + |
| 69 | +1. **Three.js version pinned to 0.157.0** → Latest is 0.181.1 (24 minor versions behind) |
| 70 | + - **Risk**: Breaking changes in r158-r181 (color space API, deprecated methods) |
| 71 | + - **Decision**: Audit breaking changes before upgrading; may defer to separate task |
| 72 | +2. **ESLint 8.x → 9.x migration** → Breaking changes in config format (flat config) |
| 73 | + - **Approach**: Migrate to ESLint 9 flat config during upgrade |
| 74 | +3. **vite-plugin-svg-icons** → Causes transitive vulnerabilities (braces, micromatch, postcss) |
| 75 | + - **Decision**: Evaluate alternatives or accept risk if SVG icons aren't critical |
| 76 | + |
| 77 | +--- |
| 78 | + |
| 79 | +## Deliverables |
| 80 | + |
| 81 | +- `_report/01_audit.md` — Dependency analysis, risk assessment, code quality report |
| 82 | +- `_report/02_plan.md` — Numbered task list with MVP/hardening phases |
| 83 | +- Updated `package.json` — Latest dependencies, new scripts |
| 84 | +- `.github/workflows/ci.yml` — Lint, build, test automation |
| 85 | +- `.github/workflows/deploy.yml` — Enhanced GitHub Pages deployment |
| 86 | +- `.github/dependabot.yml` — Automated dependency updates |
| 87 | +- `vercel.json` — Vercel deployment configuration |
| 88 | +- `.husky/` + `lint-staged.config.js` — Pre-commit automation |
| 89 | +- Updated `CHANGELOG.md` — Keep a Changelog format |
| 90 | +- `docs/adr/ADR-0001-*.md` — Architectural decision record for major changes |
| 91 | +- `HANDOFF.md` — Status, decisions, next steps |
| 92 | + |
| 93 | +--- |
| 94 | + |
| 95 | +## Next Steps |
| 96 | + |
| 97 | +1. **Audit** (Step 1) — Deep dive into codebase: map dependencies, identify legacy patterns, assess risks |
| 98 | +2. **Plan** (Step 2) — Break into 3–7 slices: MVP (quick wins), hardening (tests), docs, release |
| 99 | +3. **Implement** (Steps 3–4) — Execute plan with atomic commits |
| 100 | +4. **Document** (Step 5) — Update all docs |
| 101 | +5. **Release** (Step 6) — Conventional commits, PR, merge |
| 102 | +6. **Handoff** (Step 7) — Final report for continuity |
0 commit comments