tknatwork · tknatwork · Jun 10, 2026 · Jun 10, 2026 · Jun 10, 2026 · Jun 10, 2026
@@ -0,0 +1,21 @@
+# CodeQL configuration for Side-Kicks
+#
+# The repository ships a single-file Figma plugin: the analyzable source is
+# src/code.ts (TypeScript) and the inline script in ui.html. code.js is the
+# MINIFIED, checked-in build artifact (terser output) — CodeQL classifies it as
+# generated and skips it, which previously left "no source code seen" and failed
+# the run. Scope analysis to the real source and ignore build/output artifacts.
+
+name: "Side-Kicks CodeQL config"
+
+paths:
+  - variables-styles-extractor/src
+  - variables-styles-extractor/ui.html
+
+paths-ignore:
+  - "**/code.js"
+  - "**/*.min.js"
+  - "**/releases/**"
+  - "**/backup/**"
+  - "**/marketing-assets/**"
+  - "**/node_modules/**"
@@ -1,135 +1,19 @@
-# Copilot Instructions: Side-Kicks
+<!-- === SYSTEM PAIRING ===
+Consumed by: GitHub Copilot + all other AI builders (Claude Code, Cursor, Aider, Continue, Gemini CLI, Codex)
+Updated by: manual
+Pairs with: AGENTS.md, README.md
+Update trigger: AI-doc structure change
+Last verified: 2026-06-10
+Index: AGENTS.md
+=== END PAIRING === -->
 
-> ⚠️ PROTECTED FILE - DO NOT DELETE
-> This file must NEVER be deleted during cleanup or overhaul operations.
-> Instead, rewrite its contents to reflect the new direction.
+# Copilot Instructions — Side-Kicks
 
----
+This file is a thin redirect. The canonical AI-builder rules live elsewhere.
 
-## Folder Purpose
+**Read these, in order:**
 
-**Side-Kicks** is a multi-project workspace for Figma plugins and design tools. Each project is isolated in its own subfolder.
+1. **[`AGENTS.md`](../AGENTS.md)** — canonical workspace AI rules (what this repo is, project scope, security posture).
+2. When working inside the active project, read **[`variables-styles-extractor/AGENTS.md`](../variables-styles-extractor/AGENTS.md)** and its **`START_HERE.md`** boot check.
 
----
-
-## 🗑️ Bin Folder (Fail-Safe)
-
-Before deleting any file, move it to `../bin/` first:
-```bash
-# Instead of: rm file.md
-# Do: mv file.md ../../bin/
-```
-
----
-
-## Folder Structure
-
-```
-Side-Kicks/
-├── .github/
-│   ├── copilot-instructions.md      ← THIS FILE (folder rules)
-│   └── ISSUE_TEMPLATE/              ← Shared GitHub templates
-├── docs/
-│   ├── AI_CONTEXT.md                ← Folder context (PROTECTED)
-│   └── CHANGELOG.md                 ← Structure changes (PROTECTED)
-├── variables-styles-extractor/      ← PROJECT: Figma Plugin
-│   ├── AI_CONTEXT.md                ← Project context (PROTECTED)
-│   ├── CHANGELOG.md                 ← Project history (PROTECTED)
-│   ├── TASKS.md                     ← Task tracking (PROTECTED)
-│   ├── .github/copilot-instructions.md
-│   ├── docs/
-│   └── src/
-└── README.md
-```
-
----
-
-## ⚠️ CRITICAL RULES
-
-### Protected Files
-
-**Folder-Level** (never delete, rewrite instead):
-- `.github/copilot-instructions.md` (this file)
-- `docs/AI_CONTEXT.md`
-- `docs/CHANGELOG.md`
-
-**Project-Level** (each project has its own):
-- `AI_CONTEXT.md`
-- `CHANGELOG.md`
-- `TASKS.md`
-- `.github/copilot-instructions.md`
-
-### Changelog Scope
-| Level | Tracks |
-|-------|--------|
-| `docs/CHANGELOG.md` | New projects, folder structure changes |
-| `[project]/CHANGELOG.md` | Code changes, releases within project |
-
-### Project Isolation
-- **Each project** lives in its own subfolder
-- **NEVER mix** files from different projects
-- **Stay scoped** - Identify which project before making changes
-
----
-
-## Current Projects
-
-### variables-styles-extractor/
-| Property | Value |
-|----------|-------|
-| **Purpose** | Figma plugin to export/import variables & styles |
-| **Status** | Active - Published on Figma Community |
-| **Context** | `variables-styles-extractor/AI_CONTEXT.md` |
-| **Tasks** | `variables-styles-extractor/TASKS.md` |
-
----
-
-## Project Template
-
-When creating a new project:
-
-```
-[project-name]/
-├── AI_CONTEXT.md       ← Project context (PROTECTED)
-├── CHANGELOG.md        ← Project history (PROTECTED)
-├── TASKS.md            ← Task tracking (PROTECTED)
-├── README.md           ← Public documentation
-├── .github/
-│   ├── copilot-instructions.md
-│   └── workflows/
-├── docs/               ← Additional documentation
-└── src/                ← Source code
-```
-
----
-
-## Guidelines for AI Assistants
-
-### DO:
-1. ✅ Identify which project you're working in first
-2. ✅ Read project's `AI_CONTEXT.md` before making changes
-3. ✅ Keep changes within that project's folder
-4. ✅ Update project's CHANGELOG when making changes
-5. ✅ Move files to `bin/` before deleting
-
-### DON'T:
-1. ❌ Delete protected files (rewrite instead)
-2. ❌ Mix files from different projects
-3. ❌ Touch `Portfolio/` folder (different workspace section)
-4. ❌ Delete files directly (use bin/ fail-safe)
-
----
-
-## Adding a New Project
-
-1. Create folder structure (see template)
-2. Create `AI_CONTEXT.md` with project context
-3. Create `CHANGELOG.md` with initial entry
-4. Create `TASKS.md` for task tracking
-5. Create `.github/copilot-instructions.md` with project rules
-6. Update folder's `docs/AI_CONTEXT.md` to list the project
-7. Log in folder's `docs/CHANGELOG.md`
-
----
-
-*Last Updated: 27 December 2025*
+This repo has one active project: **variables-styles-extractor** (a Figma plugin). The former nectar-design-toolkit and Design System Builder projects were removed.
@@ -4,10 +4,14 @@
 # Updates land as PRs targeting `main` with the `dependencies` label.
 # Branch protection still requires owner approval before merge — Dependabot
 # cannot self-merge unless explicitly granted, which is not configured here.
+#
+# The repository contains a single active project (variables-styles-extractor);
+# the former Design System Builder and nectar-design-toolkit projects were
+# removed, so their ecosystems are no longer configured here.
 
 version: 2
 updates:
-  # ── npm / pnpm package ecosystems ──────────────────────────────────────────
+  # ── npm / pnpm ─────────────────────────────────────────────────────────────
 
   # variables-styles-extractor — published Figma plugin
   - package-ecosystem: "npm"
@@ -27,85 +31,6 @@ updates:
       dev-dependencies:
         dependency-type: "development"
 
-  # Design System Builder — pnpm workspace (root lockfile covers all packages)
-  - package-ecosystem: "npm"
-    directory: "/Design System Builder"
-    schedule:
-      interval: "weekly"
-      day: "monday"
-    open-pull-requests-limit: 5
-    labels:
-      - "dependencies"
-      - "npm"
-      - "design-system-builder"
-    commit-message:
-      prefix: "chore(deps)"
-      include: "scope"
-    groups:
-      dev-dependencies:
-        dependency-type: "development"
-
-  # nectar-design-toolkit — each subproject ships its own package-lock.json
-  - package-ecosystem: "npm"
-    directory: "/nectar-design-toolkit/bridge-server"
-    schedule: { interval: "weekly", day: "monday" }
-    open-pull-requests-limit: 5
-    labels: ["dependencies", "npm", "nectar-design-toolkit"]
-    commit-message: { prefix: "chore(deps)", include: "scope" }
-    groups:
-      dev-dependencies:
-        dependency-type: "development"
-
-  - package-ecosystem: "npm"
-    directory: "/nectar-design-toolkit/figma-plugin"
-    schedule: { interval: "weekly", day: "monday" }
-    open-pull-requests-limit: 5
-    labels: ["dependencies", "npm", "nectar-design-toolkit"]
-    commit-message: { prefix: "chore(deps)", include: "scope" }
-    groups:
-      dev-dependencies:
-        dependency-type: "development"
-
-  - package-ecosystem: "npm"
-    directory: "/nectar-design-toolkit/mcp-server"
-    schedule: { interval: "weekly", day: "monday" }
-    open-pull-requests-limit: 5
-    labels: ["dependencies", "npm", "nectar-design-toolkit"]
-    commit-message: { prefix: "chore(deps)", include: "scope" }
-    groups:
-      dev-dependencies:
-        dependency-type: "development"
-
-  - package-ecosystem: "npm"
-    directory: "/nectar-design-toolkit/nds-builder"
-    schedule: { interval: "weekly", day: "monday" }
-    open-pull-requests-limit: 5
-    labels: ["dependencies", "npm", "nectar-design-toolkit"]
-    commit-message: { prefix: "chore(deps)", include: "scope" }
-    groups:
-      dev-dependencies:
-        dependency-type: "development"
-
-  - package-ecosystem: "npm"
-    directory: "/nectar-design-toolkit/nectar-style-generator"
-    schedule: { interval: "weekly", day: "monday" }
-    open-pull-requests-limit: 5
-    labels: ["dependencies", "npm", "nectar-design-toolkit"]
-    commit-message: { prefix: "chore(deps)", include: "scope" }
-    groups:
-      dev-dependencies:
-        dependency-type: "development"
-
-  - package-ecosystem: "npm"
-    directory: "/nectar-design-toolkit/orchestration-server"
-    schedule: { interval: "weekly", day: "monday" }
-    open-pull-requests-limit: 5
-    labels: ["dependencies", "npm", "nectar-design-toolkit"]
-    commit-message: { prefix: "chore(deps)", include: "scope" }
-    groups:
-      dev-dependencies:
-        dependency-type: "development"
-
   # ── GitHub Actions ─────────────────────────────────────────────────────────
 
   - package-ecosystem: "github-actions"

@@ -47,6 +47,9 @@ jobs:
           languages: ${{ matrix.language }}
           # Use security-extended for stronger ruleset (default is "security")
           queries: security-extended
+          # Scope analysis to real source (src/ + ui.html inline JS); the
+          # checked-in code.js is minified build output and is skipped.
+          config-file: ./.github/codeql/codeql-config.yml
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3

@@ -1,7 +1,7 @@
 <!-- === SYSTEM PAIRING ===
 Consumed by: All AI builders (Claude Code, Cursor, Copilot, Aider, Continue, Gemini CLI, Codex)
 Updated by: manual + commits referencing structural changes
-Pairs with: CLAUDE.md (pointer), docs/AI_CONTEXT.md (legacy folder context, protected),
+Pairs with: CLAUDE.md (pointer),
             per-project AGENTS.md (e.g. variables-styles-extractor/AGENTS.md)
 Update trigger: structural change (new project, new convention, security policy update)
 Last verified: 2026-05-22 (initial Portfolio-style AI structure)
@@ -18,15 +18,13 @@ Index: README.md → table of projects
 
 ## What this repo is
 
-A **multi-project workspace** for Figma plugins and design tooling. Each
-project lives in its own subfolder with an isolated lifecycle. Currently
-shipping:
+A workspace for Figma plugins and design tooling. It currently hosts a
+single active project (the former Nectar Design Toolkit and Design System
+Builder projects have been removed):
 
 | Project | Folder | Status |
 |---------|--------|--------|
 | Variables & Styles Extractor | [`variables-styles-extractor/`](variables-styles-extractor/) | Published on Figma Community ([1584331992332668732](https://www.figma.com/community/plugin/1584331992332668732/variables-and-styles-extractor)) |
-| Nectar Design Toolkit | [`nectar-design-toolkit/`](nectar-design-toolkit/) | Active development |
-| Design System Builder | [`Design System Builder/`](Design%20System%20Builder/) | Active development |
 
 ---
 
@@ -56,14 +54,12 @@ banned without explicit user permission.
 
 | You're editing | You may also touch | You must NOT touch |
 |----------------|--------------------|--------------------|
-| `variables-styles-extractor/**` | Root `README.md`, `.github/` if it's a security/CI change you've been asked for | Other project folders |
-| `nectar-design-toolkit/**` | Same | Other project folders |
-| `Design System Builder/**` | Same | Other project folders |
-| Workspace root files (this file, README, `.gcc/`) | Any project's README if cross-cutting | Per-project source unless explicitly asked |
+| `variables-styles-extractor/**` | Root `README.md`, `.github/` if it's a security/CI change you've been asked for | — |
+| Workspace root files (this file, README, `.gcc/`) | The project's README if cross-cutting | Per-project source unless explicitly asked |
 
-If a single change genuinely spans two project folders (e.g. extracting
-a shared utility), say so in the commit message and reference both
-projects.
+If a future change spans more than one project folder (e.g. extracting
+a shared utility once a second project exists), say so in the commit
+message and reference both projects.
 
 ---
 
@@ -87,7 +83,6 @@ path as part of the repo contract.
 | `.gcc/main.md` | Project registry |
 | `.gcc/memory.md` | Cross-session memory |
 | `.gcc/changelog.md` | Workspace structural changes |
-| `docs/AI_CONTEXT.md` | Legacy folder context (kept for tooling that hardcodes the path) |
 | `docs/CHANGELOG.md` | Workspace-level changelog |
 
 ### Per-project
@@ -98,7 +93,7 @@ Each project must keep, at its own root:
 - `LICENSE` (project license)
 - `.gcc/session-memory.md`, `.gcc/commit.md`, `.gcc/metadata.yaml`, `.gcc/main.md`, `.gcc/memory.md`, `.gcc/changelog.md`
 - `.github/copilot-instructions.md` (if the project predates AGENTS.md adoption)
-- `docs/AI_CONTEXT.md`, `docs/CHANGELOG.md` (legacy paths, kept for tooling)
+- `docs/CHANGELOG.md` (legacy path, kept for tooling)
 
 When a doc becomes a redirect (e.g. content moved from `docs/AGENTS.md`
 to project-root `AGENTS.md`), the redirect stays in place and points to