Skip to content

chore(security): harden repo defaults and disclosure policy#13

Merged
hirotaka merged 1 commit into
mainfrom
chore/prelaunch-security-hardening
Apr 30, 2026
Merged

chore(security): harden repo defaults and disclosure policy#13
hirotaka merged 1 commit into
mainfrom
chore/prelaunch-security-hardening

Conversation

@hirotaka
Copy link
Copy Markdown
Contributor

@hirotaka hirotaka commented Apr 30, 2026

Summary

  • tighten CI default token permissions by setting workflow-level contents: read and add static generation to catch build-time regressions earlier
  • update repository hygiene by ignoring local tool artifacts (.playwright-cli/, .claude/settings.local.json)
  • refresh docs: clarify registry artifacts are generated at build time and point users to SECURITY.md
  • replace placeholder security policy with a concrete vulnerability reporting path and response SLA

Validation

  • pnpm lint (passes with existing vue/no-v-html warnings only)
  • pnpm registry:build
  • pnpm typecheck (known existing failure: vue-router/volar/sfc-route-blocks export path issue)

@hirotaka hirotaka requested a review from Copilot April 30, 2026 00:31
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Apr 30, 2026

Deploying shadcn-nuxt-ui with  Cloudflare Pages  Cloudflare Pages

Latest commit: f97a781
Status: ✅  Deploy successful!
Preview URL: https://921e22f4.shadcn-nuxt-ui.pages.dev
Branch Preview URL: https://chore-prelaunch-security-har.shadcn-nuxt-ui.pages.dev

View logs

Copilot AI reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens repository defaults (CI token permissions, gitignore hygiene) and improves security/disclosure documentation for the project.

Changes:

  • Adds workflow-level GITHUB_TOKEN permission scoping and introduces a static site generation step in CI.
  • Updates .gitignore to exclude local tool artifacts.
  • Refreshes documentation (README + SECURITY policy) to clarify registry generation and vulnerability reporting.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 3 comments.

File Description
SECURITY.md Replaces placeholder policy with supported-version guidance and a vulnerability reporting/SLA process.
README.md Clarifies registry artifacts are generated and adds a pointer to SECURITY.md.
.gitignore Ignores local tool artifacts and removes user-specific ignore entries.
.github/workflows/ci.yml Scopes token permissions and adds static generation to CI.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/ci.yml
Comment thread .github/workflows/ci.yml
Comment thread SECURITY.md
@hirotaka hirotaka merged commit fb54aa1 into main Apr 30, 2026
6 checks passed
@hirotaka hirotaka deleted the chore/prelaunch-security-hardening branch April 30, 2026 00:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hirotaka