Skip to content

Auto: Content & Presence Updates (June-July 2026)#1

Open
ppradyoth wants to merge 16 commits into
mainfrom
auto/presence-updates
Open

Auto: Content & Presence Updates (June-July 2026)#1
ppradyoth wants to merge 16 commits into
mainfrom
auto/presence-updates

Conversation

@ppradyoth

@ppradyoth ppradyoth commented Jun 23, 2026

Copy link
Copy Markdown
Owner

Cumulative content & presence work for the June–July 2026 autonomous agent window. Do not merge until review.

Cumulative changelog

2026-07-08 run

  • New script: secret-scan.js — a zero-dependency Node scanner for hardcoded secrets in the working tree: the security check the doc linters aren't. Once a live key lands in git history it's public forever, and the fix is to rotate the key, not git rm it — so this catches it before the commit. Uses the same prefix-anchored patterns the heavyweight scanners (gitleaks, trufflehog) ship, so it recognizes real credential shapes: AWS AKIA…, GitHub ghp_/gho_/ghu_/ghs_/ghr_ + fine-grained github_pat_, Slack tokens + hooks.slack.com webhooks, Google AIza…, Stripe sk_live_/rk_live_, npm_…, and -----BEGIN … PRIVATE KEY----- blocks (reported as errors), plus lower-confidence JWT and generic high-entropy secret = "…" assignments (warnings, fail only under --strict). Shannon-entropy + a placeholder filter keep false positives down (AWS's own AKIAIOSFODNN7EXAMPLE and ${VAR} don't fire); every finding is redacted (ghp_…Vt6y (40 chars)) so the report never becomes the leak. Walks a tree skipping .git/node_modules/binaries/large files (NUL-byte binary sniff). Flags --strict/--json/--quiet; exit 0/1/2. Verified: 9 crafted positives flagged, 6 negatives excluded, all exit codes checked, dogfooded clean on the repo (23 files); token formats cross-checked against gitleaks' default ruleset via WebSearch. Ships with examples/git-pre-commit-secrets (scans only staged files) and README section 16 + ToC entry. A bug caught in review (a binary-sniff that used a space instead of a NUL byte, which would have skipped every file with a space) was found and fixed before commit. node -c + bash -n clean; README links resolve.

2026-07-07 run

  • New script: link-text-lint.js — lints link text for the accessibility/SEO gap a link checker can't see: a working link whose text says nothing. Four rules (empty/whitespace-text = errors; non-descriptive "click here"/"read more" + raw-URL-as-text = warnings). Markdown + HTML anchors; unwraps emphasis/inline-code; skips fenced + inline-code spans. A false-positive on code-styled link text was found via README dogfooding and fixed. Wired into check-docs.sh (default-ON, defect-only). README section 15.

2026-07-06 run

  • New script: whitespace-lint.js — lints (and idempotently --fixes) whitespace hygiene the content linters ignore (MD009/MD010/CRLF/final-newline/MD012). Fence-aware. Tested byte-exact incl. --fix via od -c. Wired into check-docs.sh. README section 14.

2026-07-05 run

  • New script: changelog-lint.js — lints a CHANGELOG.md against Keep a Changelog. Five error rules + three warnings. Auto-wired into check-docs.sh. README section 13.

2026-06-23 → 2026-07-04 runs

  • commit-lint.js (Conventional Commits), list-lint.js (MD004/029/005/007), the check-docs.sh one-command suite, image-alt-lint.js, code-fence-lint.js, table-fmt.js, heading-lint.js, frontmatter-lint.js, the examples/ folder (check-docs.sh + docs-check.yml + git-pre-commit), link-check.js, and markdown-toc.js.

Verification

  • All scripts run locally and tested before commit; zero runtime dependencies (pure Node built-ins).
  • This run: secret-scan.js exercised against crafted positives (every prefix rule + private-key + high-entropy assignment) and negatives (doc placeholders, short/low-entropy values), all three exit codes, and dogfooded clean over the repo; examples/git-pre-commit-secrets bash -n clean; README section 16 + ToC anchor resolve via link-check.js (25 links).

🤖 Generated with Claude Code

claude and others added 16 commits June 23, 2026 07:05
Zero-dependency Node script. Extracts headings (code-fence aware), builds
GitHub-compatible anchor slugs with duplicate disambiguation, prints to stdout
or injects an idempotent TOC block via --write. Documented in README.
Verifies the TOC is current without writing: exit 0 (up to date), 1 (stale),
2 (no markers). Documented in README. Tested across all three exit states.
- Detects relative file links pointing at missing paths
- Validates #anchors (same-file and cross-file) using GitHub's slug algorithm
- Ignores links in fenced code blocks and inline code spans
- Network-free by default; --external lists URLs without fetching
- CI-friendly exit codes (0 ok / 1 broken / 2 usage); --json output
- Documented in README with usage and feature list
…hecks

Concrete copy-paste artifacts wiring link-check.js (and opt-in markdown-toc.js
--check) into CI and git hooks. Tested on this repo. README section + note on
the marker false-positive caveat.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
Claude-Session: https://claude.ai/code/session_01YC1umQHkdcQLWnoF5GKE45
Zero-dependency, network-free Node linter for the --- frontmatter block:
required-key checks, YYYY-MM-DD date validation, boolean/list type checks,
duplicate-key and unterminated-block detection. Supports --dir recursion,
--json, --quiet, and CI exit codes (0/1/2). Practical YAML subset parser
(scalars, quoted strings, flow + block lists, booleans, numbers). Tested
against the blog-drafts repo plus crafted bad-input fixtures. README section
6 + TOC added; all links verified.
Was link-check only. Now runs the whole suite: link-check, code-fence-lint,
image-alt-lint, and frontmatter-lint (--allow-missing) ON by default (defect-only,
CI-safe); heading-lint and table-fmt --check opt-in (they flag deliberate style,
not bugs); markdown-toc stays opt-in via TOC_FILES. Each check toggleable via
CHECK_* env vars. Tested: default passes on this repo, strict (CHECK_HEADINGS=1
CHECK_TABLES=1) fails on the intentional duplicate sub-headings + unaligned table,
toggles work. Updated README + docs-check.yml to match.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
Claude-Session: https://claude.ai/code/session_01NdojMF6h7vP4khiEFhWwB1
Flags mixed bullet markers within one list (MD004), broken ordered
numbering that's neither all-1. nor a clean increment (MD029), and
odd-space list indentation (MD005/MD007, a non-failing warning). Tracks
and skips fenced code; scopes marker checks to a single list block so
separate lists using different markers are never cross-flagged. --json,
--quiet, per-rule toggles, --strict-indent; CI exit codes; require()able
via lintText. Tested on fixtures (each rule), false-positive guards, and
the repo's own docs. Wired into examples/check-docs.sh (ON by default,
CHECK_LISTS toggle) and documented as README section 11.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
Claude-Session: https://claude.ai/code/session_013kxtY7Uxk9sJZFdxU7ucAt
Lints commit messages against Conventional Commits: header grammar, type enum,
blank-line separator (errors) plus subject/body length and style (warnings).
Three input modes (message file, --stdin, --range A..B), hook-ready (strips git
cruft, skips merge autos), --json/--quiet, require()-able lintMessage/stripGitCruft.
Adds examples/git-commit-msg hook and README section 12 with a dogfood note.
Tested across 16 cases incl. FP guards; existing doc suite still clean.
Zero-dep Node linter — version-heading format, SemVer, ISO dates, change-group
names, duplicate/ordering/empty checks. Fenced-code aware, --json/--strict/require().
Wired into check-docs.sh as an auto-on per-file check when a CHANGELOG exists.
README section 13.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
Claude-Session: https://claude.ai/code/session_01VteDDVmV9aL5p8kSqdCxeC
The hygiene companion to the content lint family. Flags trailing whitespace
(MD009), hard tabs in indentation (MD010), CRLF/bare-CR line endings, a
missing/duplicated final newline, and over-long blank runs (MD012) — the
invisible diff noise the content linters ignore. Every rule is mechanical,
so --fix repairs all of them idempotently. Fenced-code aware; allows the
2-space Markdown hard break by default; works on any text file, not just MD.

Wired into examples/check-docs.sh as a default-ON, defect-only check and
documented as README section 14. Tested against crafted inputs: lint output,
exit codes 0/1/2, --fix byte-correctness, idempotency, CRLF, --no-md-breaks;
dogfooded clean on the repo's own docs.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
Claude-Session: https://claude.ai/code/session_017xACmT2TJTBxXtDgx1jpfK
Wired into check-docs.sh as a default-on defect-only check (empty/whitespace
link text fail; non-descriptive and raw-URL text warn). README section 15 + ToC.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
Claude-Session: https://claude.ai/code/session_012fBd8EPMktgYBViLUd7H3s
Scans the working tree for hardcoded credentials using prefix-anchored patterns
(AWS AKIA, GitHub ghp_/github_pat_, Slack tokens+webhooks, Google AIza, Stripe
sk_live, npm_, private-key blocks) reported as errors, plus lower-confidence JWT
and generic high-entropy assignment rules as warnings. Shannon-entropy + placeholder
filtering keeps false positives down (AKIAIOSFODNN7EXAMPLE and ${VAR} don't fire);
findings are redacted so the report never leaks the secret. Flags: --strict/--json/
--quiet; exit 0/1/2. Adds examples/git-pre-commit-secrets hook and README section 16.

Verified: 9 crafted positives flagged, 6 negatives excluded, all exit codes, dogfooded
clean on the repo (23 files). Patterns cross-checked against gitleaks' default ruleset.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
Claude-Session: https://claude.ai/code/session_015E3hofptrivNd5nE786hcM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants