Skip to content

chore: Tier 1+2 mitigations — ESLint, Prettier, Hooks, CI, CodeQL#7

Merged
raifdmueller merged 5 commits intomainfrom
feature/tier1-tier2-mitigations
Feb 11, 2026
Merged

chore: Tier 1+2 mitigations — ESLint, Prettier, Hooks, CI, CodeQL#7
raifdmueller merged 5 commits intomainfrom
feature/tier1-tier2-mitigations

Conversation

@raifdmueller
Copy link
Contributor

@raifdmueller raifdmueller commented Feb 11, 2026

Summary

Implements Tier 1 and Tier 2 mitigation measures identified by /risk-mitigate:

Tier 1 — Automated Gates:

  • ESLint 9 (flat config) + Prettier with React plugin support
  • Pre-commit hooks via husky + lint-staged
  • CI workflow (ci.yml) with lint, format check, npm audit, and build
  • All source files formatted

Tier 2 — Extended Assurance:

  • CodeQL SAST workflow (weekly + on push/PR)

Status update: CLAUDE.md mitigation table updated — 6/10 measures now active (was 1/10).

Closes #2, Closes #3

Test plan

  • npx eslint src/ — 0 errors
  • npx prettier --check src/ — all files pass
  • npm run build — succeeds
  • Pre-commit hook fires on commit
  • CI workflow passes on GitHub Actions
  • CodeQL workflow passes on GitHub Actions

🤖 Generated with Claude Code

raifdmueller and others added 5 commits February 11, 2026 20:37
@raifdmueller @claude
chore: set up ESLint + Prettier for JS/JSX
1b9e60e 
ESLint 9 with flat config, React Hooks plugin, React Refresh plugin,
and Prettier integration. All source files formatted.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@raifdmueller @claude
chore: set up pre-commit hooks with husky + lint-staged
6d83660 
Runs ESLint --fix and Prettier --write on staged JS/JSX files,
and Prettier on CSS/JSON/MD files before each commit.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@raifdmueller @claude
chore: add CI workflow with lint, format check, dependency audit, and…
ec68131 
… build

GitHub Actions workflow that runs ESLint, Prettier check, npm audit
(high severity), and production build on push/PR to main.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@raifdmueller @claude
chore: add CodeQL SAST workflow for security analysis
7dcc0e1 
Runs GitHub CodeQL on push/PR to main and weekly (Monday 6am UTC).
Scans JavaScript for security vulnerabilities.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@raifdmueller @claude
docs: update mitigation status in CLAUDE.md
b229d2a 
Updated by /risk-mitigate: ESLint, Prettier, pre-commit hooks,
dependency audit, CI workflow, and CodeQL SAST now set up.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-advanced-security
Copy link

github-advanced-security bot commented Feb 11, 2026

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@claude
Copy link

claude bot commented Feb 11, 2026

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

@raifdmueller raifdmueller merged commit 17cb774 into main Feb 11, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Skill: /risk-mitigate — Mitigationsmaßnahmen umsetzen Skill: /risk-assess — Interaktive Risikobewertung mit automatischer Repo-Analyse

1 participant

@raifdmueller