feat: add expected patterns matching and update docs infrastructure

.coderabbit.yaml

@@ -1,32 +1,67 @@
 language: en-US
-tone_instructions: ''
+tone_instructions: Be concise and technical. Focus on critical issues first (bugs, security, accessibility), then suggestions. Prioritize actionable feedback over observations.
 early_access: false
 enable_free_tier: true
 reviews:
     profile: assertive
     request_changes_workflow: false
-    high_level_summary: true
+    # Disable GitHub PR comments - we use Claude Code locally for reviews
+    high_level_summary: false
     high_level_summary_placeholder: '@coderabbitai summary'
     high_level_summary_in_walkthrough: false
+    # Disable auto-title - we craft conventional commits manually
     auto_title_placeholder: '@coderabbitai'
     auto_title_instructions: ''
-    review_status: true
-    commit_status: true
+    # Disable status checks - we use trunk locally
+    review_status: false
+    commit_status: false
     fail_commit_status: false
-    collapse_walkthrough: false
-    changed_files_summary: true
-    sequence_diagrams: true
-    assess_linked_issues: true
-    related_issues: true
-    related_prs: true
-    suggested_labels: true
+    collapse_walkthrough: true
+    changed_files_summary: false
+    sequence_diagrams: false
+    assess_linked_issues: false
+    related_issues: false
+    related_prs: false
+    suggested_labels: false
     auto_apply_labels: false
-    suggested_reviewers: true
+    suggested_reviewers: false
     auto_assign_reviewers: false
-    poem: true
-    labeling_instructions: []
+    poem: false
+    labeling_instructions:
+        - label: bug
+          instructions: Apply to any code that fixes incorrect behavior or errors
+        - label: enhancement
+          instructions: Apply to new features or improvements to existing features
+        - label: docs
+          instructions: Apply to documentation updates or improvements
+        - label: test
+          instructions: Apply to test additions or improvements
+        - label: refactor
+          instructions: Apply to code restructuring without behavior changes
+        - label: performance
+          instructions: Apply to performance improvements or optimizations
+        - label: security
+          instructions: Apply to security fixes or improvements
+        - label: animation
+          instructions: Apply to changes to animation logic or Motion integration
+        - label: accessibility
+          instructions: Apply to accessibility improvements (a11y, keyboard, screen readers)
+        - label: breaking-change
+          instructions: Apply to changes that break backward compatibility
     path_filters: []
-    path_instructions: []
+    path_instructions:
+        - path: src/lib/utils/**/*.ts
+          instructions: Ensure all exported functions use arrow function syntax (const fn = () => {}). All functions must have comprehensive JSDoc comments with @param, @returns, and @example tags. Verify type safety and check for potential ReDoS vulnerabilities in regex patterns.
+        - path: src/lib/**/*.svelte
+          instructions: Review Svelte 5 runes usage ($state, $derived, $effect). Ensure proper cleanup in $effect blocks. Check for memory leaks and performance issues. Verify SSR compatibility.
+        - path: '**/*.spec.ts'
+          instructions: Ensure tests are comprehensive with good coverage of edge cases, error paths, and accessibility. Tests should be well-named and describe the expected behavior clearly.
+        - path: docs/**/*
+          instructions: Verify examples are correct, runnable, and match current API. Check for broken links and ensure code examples follow project conventions.
+        - path: tests/**/*.ts
+          instructions: Ensure e2e tests are reliable, avoid flakiness, and test real user scenarios. Verify proper waits and assertions.
+        - path: docs/e2e/**/*.ts
+          instructions: Ensure e2e tests are reliable, avoid flakiness, and test real user scenarios. Verify proper waits and assertions.
     abort_on_close: true
     disable_cache: false
     auto_review:
@@ -38,103 +73,98 @@ reviews:
         base_branches: []
     finishing_touches:
         docstrings:
-            enabled: true
+            enabled: false
         unit_tests:
-            enabled: true
+            enabled: false
     tools:
         ast-grep:
             rule_dirs: []
             util_dirs: []
             essential_rules: true
             packages: []
         shellcheck:
-            enabled: true
+            enabled: false # Not needed for TS/Svelte project
         ruff:
-            enabled: true
+            enabled: false # Python linter - not needed
         markdownlint:
             enabled: true
         github-checks:
             enabled: true
             timeout_ms: 90000
         languagetool:
-            enabled: true
-            enabled_rules: []
-            disabled_rules: []
-            enabled_categories: []
-            disabled_categories: []
-            enabled_only: false
-            level: default
+            enabled: false
         biome:
-            enabled: true
+            enabled: true # Good for TypeScript/JavaScript
         hadolint:
-            enabled: true
+            enabled: false # Docker linter - not needed
         swiftlint:
-            enabled: true
+            enabled: false # Swift linter - not needed
         phpstan:
-            enabled: true
+            enabled: false # PHP linter - not needed
             level: default
         golangci-lint:
-            enabled: true
+            enabled: false # Go linter - not needed
         yamllint:
             enabled: true
         gitleaks:
-            enabled: true
+            enabled: true # Security - keep enabled
         checkov:
-            enabled: true
+            enabled: false # Infrastructure security - not needed
         detekt:
-            enabled: true
+            enabled: false # Kotlin linter - not needed
         eslint:
-            enabled: true
+            enabled: true # Essential for TypeScript/JavaScript
         rubocop:
-            enabled: true
+            enabled: false # Ruby linter - not needed
         buf:
-            enabled: true
+            enabled: false # Protobuf linter - not needed
         regal:
-            enabled: true
+            enabled: false # Rego linter - not needed
         actionlint:
-            enabled: true
+            enabled: true # Useful for GitHub Actions
         pmd:
-            enabled: true
+            enabled: false # Java linter - not needed
         cppcheck:
-            enabled: true
+            enabled: false # C/C++ linter - not needed
         semgrep:
-            enabled: true
+            enabled: true # Security patterns - useful
         circleci:
-            enabled: true
+            enabled: false # Not using CircleCI
         sqlfluff:
-            enabled: true
+            enabled: false # SQL linter - not needed
         prismaLint:
-            enabled: true
+            enabled: false # Prisma ORM - not needed
         oxc:
-            enabled: true
+            enabled: true # Fast JavaScript/TypeScript linter
         shopifyThemeCheck:
-            enabled: true
+            enabled: false # Shopify themes - not needed
 chat:
-    auto_reply: true
+    # Disable auto-reply - we interact via Claude Code, not GitHub comments
+    auto_reply: false
     integrations:
         jira:
-            usage: auto
+            usage: disabled
         linear:
-            usage: auto
+            usage: disabled
 knowledge_base:
     opt_out: false
     web_search:
-        enabled: true
+        enabled: false
     learnings:
-        scope: auto
+        scope: local
     issues:
-        scope: auto
+        scope: local
     jira:
-        usage: auto
+        usage: disabled
         project_keys: []
     linear:
-        usage: auto
+        usage: disabled
         team_keys: []
     pull_requests:
-        scope: auto
+        scope: local
+# Code generation disabled - we write docs and tests via Claude Code
 code_generation:
     docstrings:
-        language: en-US
-        path_instructions: []
+        enabled: false
     unit_tests:
-        path_instructions: []
+        enabled: false

.github/workflows/cache-cleanup.yml

@@ -10,7 +10,7 @@ on:
 
 jobs:
     cleanup:
-        runs-on: ubuntu-latest
+        runs-on: blacksmith-2vcpu-ubuntu-2404 # trunk-ignore(actionlint/runner-label)
         steps:
             - name: Cleanup
               env:

.github/workflows/cloudflare-pages.yml

@@ -11,34 +11,72 @@ on:
             - .github/workflows/cloudflare-pages.yml
         branches:
             - main
+    workflow_dispatch:
+        # trunk-ignore(checkov/CKV_GHA_7)
+        inputs: {}
 
 jobs:
     deploy:
-        runs-on: ubuntu-latest
+        runs-on: blacksmith-2vcpu-ubuntu-2404 # trunk-ignore(actionlint/runner-label)
         name: Deploy
         steps:
             - name: Checkout
-              uses: actions/checkout@v4
+              uses: actions/checkout@v6 # zizmor: ignore[unpinned-uses]
               with:
                   persist-credentials: false
 
-            - name: Use Node.js - 22
-              uses: actions/setup-node@v4
+            - uses: pnpm/action-setup@v4 # zizmor: ignore[unpinned-uses]
               with:
-                  node-version: 22
+                  version: 10
+
+            - name: Use Node.js - 24
+              uses: actions/setup-node@v6 # zizmor: ignore[unpinned-uses]
+              with:
+                  node-version: 24
 
             - name: Install Root Dependencies
-              run: npm ci
+              run: pnpm install --frozen-lockfile
 
             - name: Build Package
-              run: npm run build
+              run: pnpm run build
+
+            - name: Generate sitemap manifest
+              working-directory: docs
+              run: pnpm run sitemap:manifest
 
             - name: Deploy Docs
               working-directory: docs
               env:
                   SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
                   CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
                   CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+                  # WRANGLER_LOG_SANITIZE: 'false'
+                  # WRANGLER_LOG_LEVEL: debug
               run: |
-                  npm ci
-                  npm run deploy
+                  set -euxo pipefail
+                  # Ensure log dir exists (wrangler writes here by default)
+                  mkdir -p "${HOME}/.config/.wrangler/logs"
+                  # Run deploy and capture exit code while letting us continue to upload logs
+                  set +e
+                  pnpm run deploy
+                  DEPLOY_EXIT=$?
+                  set -e
+                  echo "Wrangler logs at: ${HOME}/.config/.wrangler/logs"
+                  # Print last 200 lines of the latest wrangler log to job output
+                  ls -lt "${HOME}/.config/.wrangler/logs" | head -n 5 || true
+                  LATEST_LOG=$(ls -1t "${HOME}/.config/.wrangler/logs"/*.log 2>/dev/null | head -n 1 || true)
+                  if [ -n "${LATEST_LOG}" ]; then
+                    echo "::group::Wrangler log (tail)"
+                    tail -n 200 "${LATEST_LOG}" || true
+                    echo "::endgroup::"
+                  fi
+                  # Exit with original deploy status so the job fails if deploy failed
+                  exit ${DEPLOY_EXIT}
+
+            - name: Upload Wrangler logs
+              if: always()
+              uses: actions/upload-artifact@v4 # zizmor: ignore[unpinned-uses]
+              with:
+                  name: wrangler-logs
+                  path: ~/.config/.wrangler/logs/*.log
+                  retention-days: 7

.github/workflows/codeql.yml

@@ -16,19 +16,19 @@ on:
 jobs:
     analyze:
         name: Analyze
-        runs-on: ubuntu-latest
+        runs-on: blacksmith-2vcpu-ubuntu-2404 # trunk-ignore(actionlint/runner-label)
         if: github.event_name == 'push' || github.event_name == 'schedule' || github.event.pull_request.head.repo.full_name != github.repository
 
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@v6 # zizmor: ignore[unpinned-uses]
               with:
                   persist-credentials: false
                   fetch-depth: 0
 
             - name: Initialize CodeQL
-              uses: github/codeql-action/init@v3
+              uses: github/codeql-action/init@v3 # zizmor: ignore[unpinned-uses]
               with:
                   languages: javascript
 
             - name: Perform CodeQL Analysis
-              uses: github/codeql-action/analyze@v3
+              uses: github/codeql-action/analyze@v3 # zizmor: ignore[unpinned-uses]