From 0d036177959014bd872e16f3152712b4e7242cc3 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 18:23:49 +0200 Subject: [PATCH 01/11] ci/docs: enforce fail-closed PR build and document required checks Signed-off-by: PythonWoods-Dev --- .github/workflows/ci.yml | 15 ------- docs/how-to/configure-ci-cd.mdx | 39 +++++++++++++++++++ .../current/how-to/configure-ci-cd.mdx | 39 +++++++++++++++++++ 3 files changed, 78 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3f2e7b3..23b2036 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,21 +5,6 @@ name: Zenzic Docs CI on: pull_request: - paths: - - 'docs/**' - - 'i18n/**' - - 'src/**' - - 'static/**' - - 'scripts/**' - - 'docusaurus.config.ts' - - 'sidebars.ts' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '.zenzic.toml' - - '.github/workflows/ci.yml' - - '.pre-commit-config.yaml' - - '.pre-commit-hooks.yaml' push: branches: - main diff --git a/docs/how-to/configure-ci-cd.mdx b/docs/how-to/configure-ci-cd.mdx index 6c103d2..d96fb9c 100644 --- a/docs/how-to/configure-ci-cd.mdx +++ b/docs/how-to/configure-ci-cd.mdx @@ -371,6 +371,45 @@ When a score regression is detected, the workflow receives a non-zero diff verdi --- +## GitHub Branch Protection: Required Checks {#branch-protection-required-checks} + +Protect `main` and enable **Require status checks to pass before merging**. + +### Operational Profile: `zenzic-doc` + +Required checks: +- `Build` +- `Audit` +- `Lint PR Title` +- `Check DCO` + +Operational rule: +- The `Build` check must run on **every** pull request. +- Do not use `paths` filters on the `pull_request` trigger in `.github/workflows/ci.yml` for `zenzic-doc`. +- Keep `paths` filters on `push` to `main` if you want to optimize post-merge CI minutes. + +Rationale: +- `Build` is the structural integrity gate for MDX and site compilation. +- If `Build` is required but skipped on PR, merge can be blocked in expected/pending state. +- If `Build` is not required, a fatal docs regression can merge and break the live site. + +### Operational Profile: `zenzic` (core) + +Recommended required checks: +- `Audit (ubuntu-latest, 3.10)` +- `Audit (ubuntu-latest, 3.14)` +- `Lint PR Title` +- `Check DCO` + +Why these checks: +- `Audit` enforces tests, quality gate, and badge freshness in CI. +- `Lint PR Title` enforces the PR title convention. +- `Check DCO` enforces `Signed-off-by` for every commit. + +Important: every required check must run on `pull_request`. If a required workflow is skipped (for example due to path filters), the PR can remain blocked in expected/pending state. + +--- + ## Audit Mode in CI — Sovereign Audit {#audit-mode} The `audit: "true"` input forces a sovereign audit: all active `zenzic:ignore` inline comments and all `governance.per_file_ignores` entries are bypassed. Every finding that would normally be hidden by a suppression is surfaced. diff --git a/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx b/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx index bebb959..68a2f2c 100644 --- a/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx +++ b/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx @@ -371,6 +371,45 @@ Quando viene rilevata una regressione del punteggio, il workflow riceve un verde --- +## Branch Protection GitHub: Required Checks {#branch-protection-required-checks} + +Proteggi `main` e abilita **Require status checks to pass before merging**. + +### Profilo Operativo: `zenzic-doc` + +Controlli obbligatori: +- `Build` +- `Audit` +- `Lint PR Title` +- `Check DCO` + +Regola operativa: +- Il check `Build` deve girare su **ogni** pull request. +- Non usare filtri `paths` nel trigger `pull_request` in `.github/workflows/ci.yml` per `zenzic-doc`. +- Mantieni i filtri `paths` sul `push` verso `main` se vuoi ottimizzare i minuti CI post-merge. + +Razionale: +- `Build` è il gate di integrità strutturale per MDX e compilazione del sito. +- Se `Build` è obbligatorio ma viene saltato su PR, il merge può restare bloccato in stato expected/pending. +- Se `Build` non è obbligatorio, una regressione documentale fatale può entrare in merge e rompere il sito live. + +### Profilo Operativo: `zenzic` (core) + +Controlli obbligatori consigliati: +- `Audit (ubuntu-latest, 3.10)` +- `Audit (ubuntu-latest, 3.14)` +- `Lint PR Title` +- `Check DCO` + +Perché questi check: +- `Audit` applica test, quality gate e badge freshness in CI. +- `Lint PR Title` applica la convenzione del titolo PR. +- `Check DCO` applica il `Signed-off-by` su ogni commit. + +Importante: ogni check obbligatorio deve girare su `pull_request`. Se un workflow obbligatorio viene saltato (ad esempio per path filter), la PR può restare bloccata in stato expected/pending. + +--- + ## Modalità Audit in CI — Sovereign Audit {#audit-mode} L'input `audit: "true"` forza un sovereign audit: tutti i commenti `zenzic:ignore` inline attivi e tutte le voci `governance.per_file_ignores` vengono bypassati. Ogni finding che normalmente sarebbe nascosto da una soppressione viene portato in superficie. From 881e0b3e563c319f64b0bd98c0f0dfd42ccd9d9c Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 18:27:43 +0200 Subject: [PATCH 02/11] docs(changelog): record fail-closed build gate updates Signed-off-by: PythonWoods-Dev --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0bd2dc5..19857c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,10 @@ Versions track the Zenzic Core release line under the Branch Parity Rule. ## [Unreleased] -No changes yet. +### Changed + +- **Fail-closed PR build gate:** Removed `pull_request.paths` filters from `.github/workflows/ci.yml` so the `Build` check runs on every PR and can safely be required in branch protection. +- **Operational policy docs:** Added explicit branch-protection required-checks guidance (EN + IT) for `zenzic-doc` and `zenzic` in CI/CD integration documentation. --- From cad6dd814c1830925caebc6614b10d34b1b60b5d Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 18:35:56 +0200 Subject: [PATCH 03/11] blog: publish 'Auditing the Auditors' case study and register new tags Signed-off-by: PythonWoods-Dev --- blog/2026-06-09-auditing-the-auditors.mdx | 159 ++++++++++++++++++++++ blog/tags.yml | 20 +++ 2 files changed, 179 insertions(+) create mode 100644 blog/2026-06-09-auditing-the-auditors.mdx diff --git a/blog/2026-06-09-auditing-the-auditors.mdx b/blog/2026-06-09-auditing-the-auditors.mdx new file mode 100644 index 0000000..fff2d96 --- /dev/null +++ b/blog/2026-06-09-auditing-the-auditors.mdx @@ -0,0 +1,159 @@ +--- +slug: auditing-the-auditors-ast-based-documentation-analysis +title: "Auditing the Auditors: Finding Documentation Defects with AST-Based Analysis" +authors: [pythonwoods] +tags: [architecture, docs-as-code, ci-cd, parsing, case-study] +date: 2026-06-09 +--- + +{/* SPDX-FileCopyrightText: 2026 PythonWoods */} +{/* SPDX-License-Identifier: Apache-2.0 */} + +To validate the parser and snippet-analysis capabilities of Zenzic, we needed a production-grade documentation corpus. We selected the official documentation repository of Zensical, a mature and actively maintained static site generator. + +The expectation was straightforward: a well-maintained documentation codebase should produce few, if any, actionable findings. + +Instead, the scan surfaced a small set of defects that had survived normal review processes. None were catastrophic, but all had user-facing consequences ranging from copy-paste failures to broken navigation and accessibility regressions. + +This article examines the findings and explores why documentation quality often requires deeper analysis than conventional Markdown validation. + +{/* truncate */} + +## The Findings + +The scan identified three categories of issues. + +| Category | Example | User Impact | +| --------------------- | --------------------------------------------------- | --------------------------------------------- | +| TOML syntax errors | Invalid key-value syntax inside a fenced TOML block | Configuration examples fail when copied | +| Broken internal links | References to moved or renamed documentation pages | Users encounter 404 pages | +| Accessibility defects | Inline HTML images missing `alt` attributes | Reduced accessibility for screen-reader users | + +### 1. TOML Syntax Errors in Fenced Code Blocks + +Documentation frequently contains configuration examples intended to be copied directly into production environments. + +One fenced code block declared as `toml` contained the following snippet: + +```toml +[project.extra.annotate] +json: [".s2"] +``` + +This is not valid TOML syntax. Key-value assignments require an equal sign (`=`), not a colon (`:`). + +The correct form is: + +```toml +[project.extra.annotate] +json = [".s2"] +``` + +A user copying the original example would encounter a parser error despite following the documentation exactly. + +From a documentation-quality perspective, this is equivalent to a failing code sample. + +### 2. Broken Internal References + +The scan also identified internal links targeting documentation pages or anchors that no longer existed. + +These issues are easy to introduce during routine refactoring: + +- pages are renamed; +- sections are reorganized; +- navigation structures evolve; +- historical references remain unchanged. + +The result is documentation drift: links continue to look valid in source files while leading readers to non-existent destinations. + +Unlike spelling mistakes, broken references directly interrupt a user's ability to follow a workflow or understand a concept. + +### 3. Accessibility Gaps in Inline HTML + +Markdown tooling often enforces accessibility rules for standard image syntax: + +```md +![Description](image.png) +``` + +However, documentation repositories frequently mix Markdown and raw HTML. + +The scan detected inline `` elements that lacked `alt` attributes. + +For sighted users, the omission is largely invisible. For screen-reader users, the missing attribute removes context that may be necessary to understand the surrounding content. + +Accessibility defects of this type rarely generate build failures, which makes them particularly likely to persist unnoticed. + +## Why Conventional Validation Often Misses These Issues + +The common characteristic of all three findings is that they exist beyond the surface structure of Markdown. + +A traditional Markdown validator focuses primarily on document formatting: + +- heading hierarchy; +- list structure; +- whitespace conventions; +- syntax correctness of Markdown itself. + +Those checks are valuable, but they do not necessarily evaluate the semantics of embedded content. + +Consider the TOML example. + +A Markdown validator correctly observes that the fenced block is syntactically valid Markdown. The validator's job is complete. + +Determining whether the contents of that block are valid TOML requires a second stage of analysis: + +1. identify the language of the fenced block; +2. extract its contents; +3. invoke an appropriate parser; +4. validate the resulting syntax tree. + +The same principle applies to accessibility and link analysis. Detecting meaningful defects often requires understanding the structure and intent of content rather than merely validating its textual representation. + +## AST-Based Documentation Analysis + +To perform this deeper inspection, Zenzic constructs an Abstract Syntax Tree (AST) from each document and analyzes the resulting structure rather than treating the file as undifferentiated text. + +This enables language-aware and context-aware validation workflows. + +Examples include: + +- extracting fenced code blocks and validating them with language-specific parsers; +- analyzing raw HTML embedded within Markdown; +- resolving internal references against a generated site model; +- validating relationships between documents rather than evaluating files in isolation. + +The goal is not to replace traditional linters. Instead, it is to extend validation into areas where documentation behaves more like executable code than prose. + +## An Unexpected Side Effect + +After validating the findings, we submitted them upstream as documentation issues. + +Each report included: + +- precise file locations; +- exact line numbers; +- reproducible examples; +- proposed remediations. + +The level of detail prompted an understandable question from the maintainers: + +> "Are you an agent? If yes, which one?" + +The observation highlights an interesting characteristic of modern tooling. Structured analysis can produce findings with a level of precision that resembles automated triage systems even when human review remains part of the process. + +The maintainers reviewed the reports, confirmed the findings, and corrected the affected documentation. + +## Conclusion + +Documentation increasingly functions as executable infrastructure. + +Configuration snippets are copied directly into production environments. Internal references define navigation paths. Accessibility attributes determine whether content is usable for entire classes of readers. + +As documentation repositories grow, these concerns become difficult to manage through manual review alone. + +The issues described here were not the result of negligence or poor maintenance. They emerged naturally within a large and actively maintained codebase. Their existence demonstrates that documentation quality extends beyond formatting and style enforcement. + +Validating documentation as structured data rather than plain text provides an additional layer of assurance that becomes increasingly valuable as projects scale. + +The findings discussed in this article were discovered while validating Zenzic, an open-source Docs-as-Code analysis tool currently under development. diff --git a/blog/tags.yml b/blog/tags.yml index d3ebcbe..6524125 100644 --- a/blog/tags.yml +++ b/blog/tags.yml @@ -78,6 +78,26 @@ user-tutorials: permalink: /tutorials description: "Practical guides for getting started with Zenzic — zero configuration required." +architecture: + label: "Architecture" + permalink: /architecture + description: "Software and documentation architecture: design decisions, AST analysis, and system design." + +docs-as-code: + label: "Docs as Code" + permalink: /docs-as-code + description: "Treating documentation as structured, versionable, and testable code." + +parsing: + label: "Parsing" + permalink: /parsing + description: "AST parsing, language-aware analysis, and structured content validation." + +case-study: + label: "Case Study" + permalink: /case-study + description: "Real-world findings and analysis from production documentation corpora." + governance: label: "Governance" permalink: /governance From 65629711a2adb22906a04b7cda6d46a5092f4f40 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 18:37:37 +0200 Subject: [PATCH 04/11] fix(blog): remove duplicate architecture tag from tags.yml Signed-off-by: PythonWoods-Dev --- blog/tags.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/blog/tags.yml b/blog/tags.yml index 6524125..b8467ba 100644 --- a/blog/tags.yml +++ b/blog/tags.yml @@ -78,11 +78,6 @@ user-tutorials: permalink: /tutorials description: "Practical guides for getting started with Zenzic — zero configuration required." -architecture: - label: "Architecture" - permalink: /architecture - description: "Software and documentation architecture: design decisions, AST analysis, and system design." - docs-as-code: label: "Docs as Code" permalink: /docs-as-code From 14286d9cf626ba805bf8b29456db39b5148647ac Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 18:42:22 +0200 Subject: [PATCH 05/11] =?UTF-8?q?blog:=20polish=20'Auditing=20the=20Audito?= =?UTF-8?q?rs'=20=E2=80=94=20link=20issues/PR,=20rename=20section=20to=20T?= =?UTF-8?q?he=20Agent=20Incident?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: PythonWoods-Dev --- blog/2026-06-09-auditing-the-auditors.mdx | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/blog/2026-06-09-auditing-the-auditors.mdx b/blog/2026-06-09-auditing-the-auditors.mdx index fff2d96..6e8b217 100644 --- a/blog/2026-06-09-auditing-the-auditors.mdx +++ b/blog/2026-06-09-auditing-the-auditors.mdx @@ -125,24 +125,21 @@ Examples include: The goal is not to replace traditional linters. Instead, it is to extend validation into areas where documentation behaves more like executable code than prose. -## An Unexpected Side Effect +## The Agent Incident -After validating the findings, we submitted them upstream as documentation issues. +We compiled these findings and submitted them to the upstream issue tracker +([#131](https://github.com/zensical/docs/issues/131), +[#132](https://github.com/zensical/docs/issues/132), +[#133](https://github.com/zensical/docs/issues/133), +[#134](https://github.com/zensical/docs/issues/134)). -Each report included: +Because the AST parser outputs highly structured data—providing exact file paths, line numbers, and standard diagnostic codes—the precision of the reports triggered the maintainers' spam radar. Their immediate response was: -- precise file locations; -- exact line numbers; -- reproducible examples; -- proposed remediations. +> *"Are you an agent? If yes, which one?"* -The level of detail prompted an understandable question from the maintainers: +It is an interesting side-effect of automation: generating a report so mathematically precise that it is assumed to be machine-generated. We clarified that while the data was extracted via CLI, the triage was strictly human-in-the-loop. -> "Are you an agent? If yes, which one?" - -The observation highlights an interesting characteristic of modern tooling. Structured analysis can produce findings with a level of precision that resembles automated triage systems even when human review remains part of the process. - -The maintainers reviewed the reports, confirmed the findings, and corrected the affected documentation. +The maintainers reviewed the reports, validated them as accurate, and immediately patched their codebase (resolved in [#135](https://github.com/zensical/docs/pull/135)). ## Conclusion From f2f7b422da89adbc55fdb558ae40d83a99cf93c2 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 18:49:40 +0200 Subject: [PATCH 06/11] release: bump version to 0.10.4 Signed-off-by: PythonWoods-Dev --- .bumpversion.toml | 2 +- README.it.md | 2 +- README.md | 2 +- RELEASE.md | 8 ++++---- docs/how-to/configure-ci-cd.mdx | 14 +++++++------- docusaurus.config.ts | 4 ++-- i18n/en/code.json | 2 +- i18n/it/code.json | 2 +- .../it/docusaurus-plugin-content-docs/current.json | 2 +- .../current/how-to/configure-ci-cd.mdx | 14 +++++++------- package-lock.json | 4 ++-- package.json | 2 +- src/components/Homepage/Features.tsx | 2 +- src/components/Homepage/Hero.tsx | 2 +- static/assets/brand/zenzic-brand-system.html | 4 ++-- 15 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.bumpversion.toml b/.bumpversion.toml index a0cac14..2188285 100644 --- a/.bumpversion.toml +++ b/.bumpversion.toml @@ -2,7 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 [tool.bumpversion] -current_version = "0.10.3" +current_version = "0.10.4" parse = "(?P\\d+)\\.(?P\\d+)\\.(?P\\d+)" serialize = ["{major}.{minor}.{patch}"] diff --git a/README.it.md b/README.it.md index 67f12a7..aba6d55 100644 --- a/README.it.md +++ b/README.it.md @@ -23,7 +23,7 @@ SPDX-License-Identifier: Apache-2.0 [![REUSE 3.x compliant](https://img.shields.io/badge/REUSE-3.x%20compliant-0d9488?style=flat-square)](https://reuse.software/) [![License](https://img.shields.io/badge/license-Apache--2.0-0d9488?style=flat-square)](LICENSE) [![Documentation: Diátaxis](https://img.shields.io/badge/Docs-Di%C3%A1taxis-brightgreen?style=flat-square)](https://diataxis.fr/) -[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.3-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) +[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.4-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) --- diff --git a/README.md b/README.md index eb27d02..663dc8d 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ SPDX-License-Identifier: Apache-2.0 [![REUSE 3.x compliant](https://img.shields.io/badge/REUSE-3.x%20compliant-0d9488?style=flat-square)](https://reuse.software/) [![License](https://img.shields.io/badge/license-Apache--2.0-0d9488?style=flat-square)](LICENSE) [![Documentation: Diátaxis](https://img.shields.io/badge/Docs-Di%C3%A1taxis-brightgreen?style=flat-square)](https://diataxis.fr/) -[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.3-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) +[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.4-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) --- diff --git a/RELEASE.md b/RELEASE.md index d537c8c..c78ab10 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -8,9 +8,9 @@ | Field | Value | | :------- | :--------- | -| Version | v0.10.3 | +| Version | v0.10.4 | | Codename | Magnetite | -| Date | 2026-06-08 | +| Date | 2026-06-09 | | Status | Stable | ## Release Checklist @@ -47,11 +47,11 @@ git checkout main git pull origin main # 3. Tag the main branch and push -git tag v0.10.3 +git tag v0.10.4 git push origin main --tags ``` -- [ ] Create GitHub Release from the tag, using the `## v0.10.3` CHANGELOG section as the release body. +- [ ] Create GitHub Release from the tag, using the `## v0.10.4` CHANGELOG section as the release body. ## Changelog Reference diff --git a/docs/how-to/configure-ci-cd.mdx b/docs/how-to/configure-ci-cd.mdx index d96fb9c..b69d262 100644 --- a/docs/how-to/configure-ci-cd.mdx +++ b/docs/how-to/configure-ci-cd.mdx @@ -199,7 +199,7 @@ jobs: uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" # pin to a stable release + version: "0.10.4" # pin to a stable release format: sarif # emit SARIF for Code Scanning upload-sarif: "true" fail-on-error: "true" @@ -254,7 +254,7 @@ Slack notifications without re-parsing the SARIF file: id: zenzic uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" - name: Post finding count @@ -271,7 +271,7 @@ By setting `ci: "true"`, the action natively injects the `--ci` flag under the h - name: Zenzic Progressive Gate uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" ci: "true" # Native inline PR annotations (no SARIF required) only: "Z101,Z201" # Gate ONLY fails on broken links and leaked secrets fail-on-error: "true" @@ -320,7 +320,7 @@ jobs: - name: Run Zenzic and save baseline uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" format: json # triggers .zenzic-score.json snapshot upload-sarif: "false" @@ -352,7 +352,7 @@ jobs: uses: PythonWoods/zenzic-action@ id: zenzic with: - version: "0.10.3" + version: "0.10.4" format: sarif upload-sarif: "true" diff-base: ".zenzic-baseline/.zenzic-score.json" @@ -439,7 +439,7 @@ jobs: - name: Sovereign Audit (suppressions bypassed) uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" format: sarif upload-sarif: "true" audit: "true" # bypass all zenzic:ignore and per_file_ignores @@ -458,7 +458,7 @@ The `guard-scan: "true"` input runs `zenzic guard scan` as a standalone step **b - name: Run Zenzic Documentation Quality Gate uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" guard-scan: "true" # zenzic guard scan runs before check all format: sarif upload-sarif: "true" diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 7243027..c1fa47c 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -75,7 +75,7 @@ const config: Config = { lastVersion: 'current', versions: { current: { - label: '0.10.3', + label: '0.10.4', badge: false, banner: 'none', }, @@ -239,7 +239,7 @@ const config: Config = { ], }, ], - copyright: `© ${new Date().getFullYear()} PythonWoods · Zenzic v0.10.3 · Engineered with precision by PythonWoods in Italy 🇮🇹`, + copyright: `© ${new Date().getFullYear()} PythonWoods · Zenzic v0.10.4 · Engineered with precision by PythonWoods in Italy 🇮🇹`, }, prism: { theme: prismThemes.github, diff --git a/i18n/en/code.json b/i18n/en/code.json index 5c5e791..20065b3 100644 --- a/i18n/en/code.json +++ b/i18n/en/code.json @@ -43,7 +43,7 @@ "message": "Brand obsolescence" }, "homepage.hero.badge": { - "message": "v0.10.3", + "message": "v0.10.4", "description": "Wait release version badge" }, "enterprise.section.sub": { diff --git a/i18n/it/code.json b/i18n/it/code.json index 1953216..6a5579a 100644 --- a/i18n/it/code.json +++ b/i18n/it/code.json @@ -379,7 +379,7 @@ "message": "Marchio obsoleto" }, "homepage.hero.badge": { - "message": "v0.10.3", + "message": "v0.10.4", "description": "Wait release version badge" }, "homepage.hero.title": { diff --git a/i18n/it/docusaurus-plugin-content-docs/current.json b/i18n/it/docusaurus-plugin-content-docs/current.json index 07f17f3..df86832 100644 --- a/i18n/it/docusaurus-plugin-content-docs/current.json +++ b/i18n/it/docusaurus-plugin-content-docs/current.json @@ -1,6 +1,6 @@ { "version.label": { - "message": "0.10.3", + "message": "0.10.4", "description": "The label for version current" }, "sidebar.tutorialSidebar.category.User Guide": { diff --git a/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx b/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx index 68a2f2c..b2a8e61 100644 --- a/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx +++ b/i18n/it/docusaurus-plugin-content-docs/current/how-to/configure-ci-cd.mdx @@ -199,7 +199,7 @@ jobs: uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" # fissa a una release stabile + version: "0.10.4" # fissa a una release stabile format: sarif # emetti SARIF per Code Scanning upload-sarif: "true" fail-on-error: "true" @@ -254,7 +254,7 @@ o notifiche Slack senza dover rileggere il file SARIF: id: zenzic uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" - name: Mostra conteggio finding @@ -271,7 +271,7 @@ Impostando `ci: "true"`, l'action inietta nativamente il flag `--ci` sotto il co - name: Zenzic Progressive Gate uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" ci: "true" # Annotazioni PR native (non richiede SARIF) only: "Z101,Z201" # Il Gate fallisce SOLO per link rotti e segreti esposti fail-on-error: "true" @@ -320,7 +320,7 @@ jobs: - name: Esegui Zenzic e salva il baseline uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" format: json # genera lo snapshot .zenzic-score.json upload-sarif: "false" @@ -352,7 +352,7 @@ jobs: uses: PythonWoods/zenzic-action@ id: zenzic with: - version: "0.10.3" + version: "0.10.4" format: sarif upload-sarif: "true" diff-base: ".zenzic-baseline/.zenzic-score.json" @@ -439,7 +439,7 @@ jobs: - name: Sovereign Audit (soppressioni bypassate) uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" format: sarif upload-sarif: "true" audit: "true" # bypassa tutti i zenzic:ignore e per_file_ignores @@ -458,7 +458,7 @@ L'input `guard-scan: "true"` esegue `zenzic guard scan` come step standalone **p - name: Run Zenzic Documentation Quality Gate uses: PythonWoods/zenzic-action@ with: - version: "0.10.3" + version: "0.10.4" guard-scan: "true" # zenzic guard scan viene eseguito prima di check all format: sarif upload-sarif: "true" diff --git a/package-lock.json b/package-lock.json index 78d0b34..656698e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "zenzic-doc", - "version": "0.10.3", + "version": "0.10.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "zenzic-doc", - "version": "0.10.3", + "version": "0.10.4", "dependencies": { "@docusaurus/core": "3.10.1", "@docusaurus/faster": "3.10.1", diff --git a/package.json b/package.json index fa61f1b..9f83a3f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "zenzic-doc", - "version": "0.10.3", + "version": "0.10.4", "private": true, "scripts": { "docusaurus": "docusaurus", diff --git a/src/components/Homepage/Features.tsx b/src/components/Homepage/Features.tsx index 323c6e0..cebc4d9 100644 --- a/src/components/Homepage/Features.tsx +++ b/src/components/Homepage/Features.tsx @@ -18,7 +18,7 @@ function TerminalPreview(): React.JSX.Element { - zenzic check all · v0.10.3 + zenzic check all · v0.10.4 {/* Output body */} diff --git a/src/components/Homepage/Hero.tsx b/src/components/Homepage/Hero.tsx index 1394cab..63324e8 100644 --- a/src/components/Homepage/Hero.tsx +++ b/src/components/Homepage/Hero.tsx @@ -39,7 +39,7 @@ export default function Hero(): React.JSX.Element {
- v0.10.3 + v0.10.4

diff --git a/static/assets/brand/zenzic-brand-system.html b/static/assets/brand/zenzic-brand-system.html index 8fd4183..afc07d4 100644 --- a/static/assets/brand/zenzic-brand-system.html +++ b/static/assets/brand/zenzic-brand-system.html @@ -549,7 +549,7 @@

Code / UI · JetBrains Mono

-

Markdown static analyzer & credential scanner
uvx zenzic check all ./docs
v0.10.3 · exit 0

+

Markdown static analyzer & credential scanner
uvx zenzic check all ./docs
v0.10.4 · exit 0

@@ -711,7 +711,7 @@

CLI Output — Color Mapping

- ▮ ZENZIC v0.10.3
+ ▮ ZENZIC v0.10.4
✨ All statically-detectable links, credentials, and references verified.
⚠ WARNING docs/guide.md:14
✗ ERROR docs/api.md:88
From ba22a29dde414dee15782e0e5d2405d4f70d0fd7 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 19:24:48 +0200 Subject: [PATCH 07/11] fix(deps): bump GHA actions and npm packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GHA (PR #84, #85): - actions/checkout SHA → v6.0.3 (df4cb1c) - github/codeql-action → 4.36.2 (8aad20d) npm (PR #83, #86, #87): - react 19.2.6 → 19.2.7 - react-dom 19.2.6 → 19.2.7 - @types/react 19.2.15 → 19.2.17 - typescript-eslint 8.59.4 → 8.61.0 - @types/node 25.9.1 → 25.9.2 Signed-off-by: PythonWoods-Dev --- .github/workflows/ci.yml | 2 +- .github/workflows/codeql.yml | 8 +- .github/workflows/compliance.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/npm-audit.yml | 2 +- .github/workflows/release-docs.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/security-posture.yml | 2 +- .github/workflows/zenzic.yml | 2 +- package-lock.json | 160 ++++++++++++------------ package.json | 10 +- 11 files changed, 97 insertions(+), 97 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 23b2036..5cfbb02 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2f95911..57638c5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -39,15 +39,15 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Initialize CodeQL - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 + uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 + uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 + uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3 diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml index 963099f..1391ae5 100644 --- a/.github/workflows/compliance.yml +++ b/.github/workflows/compliance.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1704ce9..3e43d69 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -26,7 +26,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Dependency Review uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 1c582a0..91bd3b5 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 diff --git a/.github/workflows/release-docs.yml b/.github/workflows/release-docs.yml index f60e35b..e0e4578 100644 --- a/.github/workflows/release-docs.yml +++ b/.github/workflows/release-docs.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c649d87..75ba64a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 diff --git a/.github/workflows/security-posture.yml b/.github/workflows/security-posture.yml index c43d9b9..757874e 100644 --- a/.github/workflows/security-posture.yml +++ b/.github/workflows/security-posture.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Check for SECURITY.md run: | diff --git a/.github/workflows/zenzic.yml b/.github/workflows/zenzic.yml index 036e790..9c0fcc0 100644 --- a/.github/workflows/zenzic.yml +++ b/.github/workflows/zenzic.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Run Zenzic Quality Gate uses: PythonWoods/zenzic-action@v1 diff --git a/package-lock.json b/package-lock.json index 656698e..7b56485 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6,7 +6,7 @@ "packages": { "": { "name": "zenzic-doc", - "version": "0.10.4", + "version": "0.10.4", "dependencies": { "@docusaurus/core": "3.10.1", "@docusaurus/faster": "3.10.1", @@ -17,8 +17,8 @@ "fast-uri": "^3.1.2", "lucide-react": "^1.16.0", "prism-react-renderer": "^2.3.0", - "react": "^19.2.6", - "react-dom": "^19.2.6", + "react": "^19.2.7", + "react-dom": "^19.2.7", "rehype-katex": "^7.0.1", "remark-math": "^6.0.0", "tailwindcss": "^4.3.0" @@ -28,8 +28,8 @@ "@docusaurus/tsconfig": "3.10.1", "@docusaurus/types": "3.10.1", "@eslint/js": "^9.39.1", - "@types/node": "^25.9.1", - "@types/react": "^19.2.15", + "@types/node": "^25.9.2", + "@types/react": "^19.2.17", "autoprefixer": "^10.5.0", "eslint": "^9.39.1", "eslint-plugin-react": "^7.37.5", @@ -37,7 +37,7 @@ "markdownlint-cli2": "^0.22.1", "postcss": "^8.5.15", "typescript": "~6.0.3", - "typescript-eslint": "^8.59.4" + "typescript-eslint": "^8.61.0" }, "engines": { "node": ">=20.0" @@ -6779,9 +6779,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "25.9.1", - "resolved": "https://registry.npmjs.org/@types/node/-/node-25.9.1.tgz", - "integrity": "sha512-xfrlY7UD5rMJk3ZVJP8BNzS28J36YJg+xp+LPXV1TdWxr8uMH5A860QNxYDGQe/ylDSgjxE52Q9VnO7p75tJxg==", + "version": "25.9.2", + "resolved": "https://registry.npmjs.org/@types/node/-/node-25.9.2.tgz", + "integrity": "sha512-G05zqtJhcDLb8uslf5EjCxXg9G1KQxiV8OS0R26IC//Eoyitzqe8z37I7cqvnZlrlSfgocQRfSn/AHBZJJFyGw==", "license": "MIT", "dependencies": { "undici-types": ">=7.24.0 <7.24.7" @@ -6806,9 +6806,9 @@ "license": "MIT" }, "node_modules/@types/react": { - "version": "19.2.15", - "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.15.tgz", - "integrity": "sha512-eRwcGNHve+E8qtEQSSRl6urh+rFop4v8gm6O8rGv25CodbvFdLjA1vVQ1KkiFE0w0UPOnb8tDiFKL5lp0rtY5Q==", + "version": "19.2.17", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.17.tgz", + "integrity": "sha512-MXfmqaVPEVgkBT/aY0aGCkRWWtByiYQXo3xdQ8r5RzuFrPiRn8Gar2tQdXSUQ2GKV3bkXckek89V8wQBY2Q/Aw==", "license": "MIT", "dependencies": { "csstype": "^3.2.2" @@ -6940,17 +6940,17 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.60.0.tgz", - "integrity": "sha512-QYb/sa74/s7OKMbACMjrYnGspj9Hs5YI5aaffSL65UfeBUzVzBJfVo3oWSpbzPurvm7yaCCo2Lk7lVj610HqKw==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.61.0.tgz", + "integrity": "sha512-bFNvl9ZczlVb+wR2Akszf3gHfKVj/8WanXaGJ3UstTA7brNKg0cNdk6X1Psu5V7MZ2oQtzZKOEzIUehaoxbDGw==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.12.2", - "@typescript-eslint/scope-manager": "8.60.0", - "@typescript-eslint/type-utils": "8.60.0", - "@typescript-eslint/utils": "8.60.0", - "@typescript-eslint/visitor-keys": "8.60.0", + "@typescript-eslint/scope-manager": "8.61.0", + "@typescript-eslint/type-utils": "8.61.0", + "@typescript-eslint/utils": "8.61.0", + "@typescript-eslint/visitor-keys": "8.61.0", "ignore": "^7.0.5", "natural-compare": "^1.4.0", "ts-api-utils": "^2.5.0" @@ -6963,7 +6963,7 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.60.0", + "@typescript-eslint/parser": "^8.61.0", "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", "typescript": ">=4.8.4 <6.1.0" } @@ -6979,16 +6979,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.60.0.tgz", - "integrity": "sha512-fcqpj/MyK4sxDPcbe7STNPbpQL4RLZOPWuaTmwZYuc+hJKzRf58yRxfhqGpc6PIq9ZyfSBpfHgmUHmHs0KwHwg==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.61.0.tgz", + "integrity": "sha512-5B7PfA2e1NQGCnDHd/0lW7W3gvp3d59Ryw54FYO8Uswxo9f6ikw3AZV+Xj/TvpImmpsiYyUqAfhC6kJID1jF6w==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.60.0", - "@typescript-eslint/types": "8.60.0", - "@typescript-eslint/typescript-estree": "8.60.0", - "@typescript-eslint/visitor-keys": "8.60.0", + "@typescript-eslint/scope-manager": "8.61.0", + "@typescript-eslint/types": "8.61.0", + "@typescript-eslint/typescript-estree": "8.61.0", + "@typescript-eslint/visitor-keys": "8.61.0", "debug": "^4.4.3" }, "engines": { @@ -7004,14 +7004,14 @@ } }, "node_modules/@typescript-eslint/project-service": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.60.0.tgz", - "integrity": "sha512-aZu74NNKJeUWqCjDddzdiKaS82dgYgV/vmf+Ui3ZdZejmgfXR/q+pRumgobnQ2cCJTgGTWp4ypiwsuofFubavg==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.61.0.tgz", + "integrity": "sha512-DV42F7MLJO6Rax7SK1yg43tcnEfGUrurSpSxKuVX+a3RCTzBlH3fuxprrOJXKCJGAaw82xXocikJ0uQaqwXgGA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/tsconfig-utils": "^8.60.0", - "@typescript-eslint/types": "^8.60.0", + "@typescript-eslint/tsconfig-utils": "^8.61.0", + "@typescript-eslint/types": "^8.61.0", "debug": "^4.4.3" }, "engines": { @@ -7026,14 +7026,14 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.60.0.tgz", - "integrity": "sha512-pFzqhllJMs+jghLQWzV00ds39xLzuyqPSev5pd8f4Ir0rtKR3ZLUB4/4dhjOFighWb9larvtfJvqL+4yKDI3Xw==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.61.0.tgz", + "integrity": "sha512-IWdXFHFSb6mlC3HPc7QsLDm5zYEbUla6trDEHf32D3/dnuUyXd87plScSNXSbm0/RxMvObpI17sv/EDTGrGZkA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.60.0", - "@typescript-eslint/visitor-keys": "8.60.0" + "@typescript-eslint/types": "8.61.0", + "@typescript-eslint/visitor-keys": "8.61.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -7044,9 +7044,9 @@ } }, "node_modules/@typescript-eslint/tsconfig-utils": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.60.0.tgz", - "integrity": "sha512-BZPR3RGYlAXnly6ymAxfkVn5rCbZzQNou0rxv3GfWZ8cTQp+hhVd73khbGLAd8k1TlAPLISH337M+tAgAnaJDQ==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.61.0.tgz", + "integrity": "sha512-O5Amvdv9ztMpxpf+vmFULGG78IE6Qwdr3bCGvqwG4nwc9H2qXkOYJJnRbRHyMkQTjv1d03olqwwwzHLMqpFePQ==", "dev": true, "license": "MIT", "engines": { @@ -7061,15 +7061,15 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.60.0.tgz", - "integrity": "sha512-SX46wEUtitCpq7AN38HkUU/+zvUpdKf7ephtWAFgckH8O7PQIyL5gvrhQgBLuEYgLfuKWOVvWVskMbuFHAz5xg==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.61.0.tgz", + "integrity": "sha512-TuBiQYIkd97yBfInHCTKVYMbX4kvEmpOEuixIuzCU9p8BGT1SfyyO0d0IfDMbPIHcjn/hWnusUX5e8v5Xg+X8A==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.60.0", - "@typescript-eslint/typescript-estree": "8.60.0", - "@typescript-eslint/utils": "8.60.0", + "@typescript-eslint/types": "8.61.0", + "@typescript-eslint/typescript-estree": "8.61.0", + "@typescript-eslint/utils": "8.61.0", "debug": "^4.4.3", "ts-api-utils": "^2.5.0" }, @@ -7086,9 +7086,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.60.0.tgz", - "integrity": "sha512-AsE7x2XaAK+CVbeih0Fvbn+r1qHxtpLDJ3XUuFcIinT318T90yHMJC+Zgv+jUuDjQQd06HKwxnDu6sz1IcTilA==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.61.0.tgz", + "integrity": "sha512-9QTQpZ5Iin4CdIodfbDQFSeiSJKidgYJYug1P9CC2xWgUTvlmixViqDZNciMjwLBZyJnG4tGmPl97rVAFb1AJg==", "dev": true, "license": "MIT", "engines": { @@ -7100,16 +7100,16 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.60.0.tgz", - "integrity": "sha512-3AcZNBGMClm6CXDyo8kYvVGT/sx29sS0oBsIb9oZI2gunA4Vm2M3YHzRLPvsUBBsl+yB5FPtltq7gGH0iTlp9g==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.61.0.tgz", + "integrity": "sha512-42zatd5qSvvcV1JdDBCLxYRznvP4eIHpPoZXdkPFnAmanA4FuZ5dibSnCBggY8hQnqajPpoGjXFdZ7fIJKQnlA==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.60.0", - "@typescript-eslint/tsconfig-utils": "8.60.0", - "@typescript-eslint/types": "8.60.0", - "@typescript-eslint/visitor-keys": "8.60.0", + "@typescript-eslint/project-service": "8.61.0", + "@typescript-eslint/tsconfig-utils": "8.61.0", + "@typescript-eslint/types": "8.61.0", + "@typescript-eslint/visitor-keys": "8.61.0", "debug": "^4.4.3", "minimatch": "^10.2.2", "semver": "^7.7.3", @@ -7167,16 +7167,16 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.60.0.tgz", - "integrity": "sha512-HtXuPfrHTyBDkameWpl+vJb1Uevu2tznAyahM1Oc4AENidCLTPiZDWIo4GfcxNdC/RcfGcadzzkqbRG87dUrQA==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.61.0.tgz", + "integrity": "sha512-3bzFt7ImFMW/jVYwJamDoe/dMOdFLSC6pom6rRjdh4SZJEYupyMzem8e7vKZLclLfpHjlwSAXOUxtKxGXUiLqA==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.9.1", - "@typescript-eslint/scope-manager": "8.60.0", - "@typescript-eslint/types": "8.60.0", - "@typescript-eslint/typescript-estree": "8.60.0" + "@typescript-eslint/scope-manager": "8.61.0", + "@typescript-eslint/types": "8.61.0", + "@typescript-eslint/typescript-estree": "8.61.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -7191,13 +7191,13 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.60.0.tgz", - "integrity": "sha512-9WI52t8ZGLVGrPMBet25yAftqY/n95+zmoUUtJBBQTKDSKUu7OsPTroT2op7U9JatkoRccL0YkWDNMFfC4Sjxg==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.61.0.tgz", + "integrity": "sha512-QVLZu3ZPQEE+HICQyAMZ2yLQhxf0meY/wx6Hx14YcTNj13JB3qHlX3lJ02L3fLGHgERRH71kvYDwiXIguT3AjQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.60.0", + "@typescript-eslint/types": "8.61.0", "eslint-visitor-keys": "^5.0.0" }, "engines": { @@ -19348,24 +19348,24 @@ } }, "node_modules/react": { - "version": "19.2.6", - "resolved": "https://registry.npmjs.org/react/-/react-19.2.6.tgz", - "integrity": "sha512-sfWGGfavi0xr8Pg0sVsyHMAOziVYKgPLNrS7ig+ivMNb3wbCBw3KxtflsGBAwD3gYQlE/AEZsTLgToRrSCjb0Q==", + "version": "19.2.7", + "resolved": "https://registry.npmjs.org/react/-/react-19.2.7.tgz", + "integrity": "sha512-HNe9WslTbXmFK8o8cmwgAeJFSBvt1bPdHCVKtaaV+WlAN36mpT4hcRpwbf3fY56ar2oIXzsBpOAiIRHAdY0OlQ==", "license": "MIT", "engines": { "node": ">=0.10.0" } }, "node_modules/react-dom": { - "version": "19.2.6", - "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.6.tgz", - "integrity": "sha512-0prMI+hvBbPjsWnxDLxlCGyM8PN6UuWjEUCYmZhO67xIV9Xasa/r/vDnq+Xyq4Lo27g8QSbO5YzARu0D1Sps3g==", + "version": "19.2.7", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.7.tgz", + "integrity": "sha512-t0BRVXvbiE/o20Hfw669rLbMCDWtYZLvmJigy2f0MxsXF+71pxhR3xOkspmsO8h3ZlNzyibAmtCa3l4lYKk6gQ==", "license": "MIT", "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { - "react": "^19.2.6" + "react": "^19.2.7" } }, "node_modules/react-fast-compare": { @@ -21742,16 +21742,16 @@ } }, "node_modules/typescript-eslint": { - "version": "8.60.0", - "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.60.0.tgz", - "integrity": "sha512-9f65qWLZdAW9m1JaxBDUHcqRUfL8bkxxXL7XxEfI+F09q56PkBvIfCjLF3yInsDM/BBmwkqmCQdCZe/RYlIWEw==", + "version": "8.61.0", + "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.61.0.tgz", + "integrity": "sha512-8y31Rd0eGTrDKqhy6vT0HtzhN+YLjQizwX3aA3hPXP/ynSfnrBXcQY5IzsP9/DM7+klX4IUncZZjkchP0z+rUw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/eslint-plugin": "8.60.0", - "@typescript-eslint/parser": "8.60.0", - "@typescript-eslint/typescript-estree": "8.60.0", - "@typescript-eslint/utils": "8.60.0" + "@typescript-eslint/eslint-plugin": "8.61.0", + "@typescript-eslint/parser": "8.61.0", + "@typescript-eslint/typescript-estree": "8.61.0", + "@typescript-eslint/utils": "8.61.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" diff --git a/package.json b/package.json index 9f83a3f..c64b277 100644 --- a/package.json +++ b/package.json @@ -28,8 +28,8 @@ "fast-uri": "^3.1.2", "lucide-react": "^1.16.0", "prism-react-renderer": "^2.3.0", - "react": "^19.2.6", - "react-dom": "^19.2.6", + "react": "^19.2.7", + "react-dom": "^19.2.7", "rehype-katex": "^7.0.1", "remark-math": "^6.0.0", "tailwindcss": "^4.3.0" @@ -39,8 +39,8 @@ "@docusaurus/tsconfig": "3.10.1", "@docusaurus/types": "3.10.1", "@eslint/js": "^9.39.1", - "@types/node": "^25.9.1", - "@types/react": "^19.2.15", + "@types/node": "^25.9.2", + "@types/react": "^19.2.17", "autoprefixer": "^10.5.0", "eslint": "^9.39.1", "eslint-plugin-react": "^7.37.5", @@ -48,7 +48,7 @@ "markdownlint-cli2": "^0.22.1", "postcss": "^8.5.15", "typescript": "~6.0.3", - "typescript-eslint": "^8.59.4" + "typescript-eslint": "^8.61.0" }, "browserslist": { "production": [ From ec7b12a6462b00bc257e5a8e81f2a9dd8d4ca525 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 19:33:52 +0200 Subject: [PATCH 08/11] style(readme): add zenzic/doc wordmark, center all badges - New SVG wordmark: zenzic-wordmark-doc.svg + dark variant (teal #0d9488/#2dd4bf accent, matching zenzic-action pattern) - README.md + README.it.md: replace nav logo with new wordmark, restructure badges into

HTML block - Drop markdown-syntax badge lines and bare H1 heading; add markdownlint-disable MD033 MD041 MD060 Signed-off-by: PythonWoods-Dev --- README.it.md | 36 ++++++++++--------- README.md | 36 ++++++++++--------- .../brand/svg/zenzic-wordmark-doc-dark.svg | 35 ++++++++++++++++++ .../svg/zenzic-wordmark-doc-dark.svg.license | 3 ++ .../assets/brand/svg/zenzic-wordmark-doc.svg | 35 ++++++++++++++++++ .../brand/svg/zenzic-wordmark-doc.svg.license | 3 ++ 6 files changed, 114 insertions(+), 34 deletions(-) create mode 100644 static/assets/brand/svg/zenzic-wordmark-doc-dark.svg create mode 100644 static/assets/brand/svg/zenzic-wordmark-doc-dark.svg.license create mode 100644 static/assets/brand/svg/zenzic-wordmark-doc.svg create mode 100644 static/assets/brand/svg/zenzic-wordmark-doc.svg.license diff --git a/README.it.md b/README.it.md index aba6d55..9dcf700 100644 --- a/README.it.md +++ b/README.it.md @@ -2,28 +2,30 @@ SPDX-FileCopyrightText: 2026 PythonWoods SPDX-License-Identifier: Apache-2.0 --> + -

- -# Guida per Sviluppatori zenzic-doc - -[![ci-status](https://img.shields.io/github/actions/workflow/status/PythonWoods/zenzic-doc/ci.yml?branch=main&label=ci&style=flat-square)](https://github.com/PythonWoods/zenzic-doc/actions/workflows/ci.yml) - -[![zenzic-audit](https://img.shields.io/badge/%F0%9F%9B%A1%EF%B8%8F_zenzic--audit-passing-22c55e?style=flat-square)](https://zenzic.dev/it/docs/reference/scoring-algorithm) - -[![zenzic-score](https://img.shields.io/badge/%F0%9F%9B%A1%EF%B8%8F_zenzic--score-96_%2F_100-f59e0b?style=flat-square)](https://zenzic.dev/it/docs/reference/scoring-algorithm) -[![REUSE 3.x compliant](https://img.shields.io/badge/REUSE-3.x%20compliant-0d9488?style=flat-square)](https://reuse.software/) -[![License](https://img.shields.io/badge/license-Apache--2.0-0d9488?style=flat-square)](LICENSE) -[![Documentation: Diátaxis](https://img.shields.io/badge/Docs-Di%C3%A1taxis-brightgreen?style=flat-square)](https://diataxis.fr/) -[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.4-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) +

+ +

Il portale di documentazione Docusaurus ufficiale per Zenzic — costruito su Diátaxis, distribuito come sito unico con docs utente, docs sviluppatore e blog.

+ +

+ ci-status + + zenzic-audit + + zenzic-score + REUSE 3.x compliant + license + Documentation: Diátaxis + Zenzic +

--- diff --git a/README.md b/README.md index 663dc8d..850998a 100644 --- a/README.md +++ b/README.md @@ -2,28 +2,30 @@ SPDX-FileCopyrightText: 2026 PythonWoods SPDX-License-Identifier: Apache-2.0 --> + - - -# zenzic-doc Developer Guide - -[![ci-status](https://img.shields.io/github/actions/workflow/status/PythonWoods/zenzic-doc/ci.yml?branch=main&label=ci&style=flat-square)](https://github.com/PythonWoods/zenzic-doc/actions/workflows/ci.yml) - -[![zenzic-audit](https://img.shields.io/badge/%F0%9F%9B%A1%EF%B8%8F_zenzic--audit-passing-22c55e?style=flat-square)](https://zenzic.dev/docs/reference/scoring-algorithm) - -[![zenzic-score](https://img.shields.io/badge/%F0%9F%9B%A1%EF%B8%8F_zenzic--score-96_%2F_100-f59e0b?style=flat-square)](https://zenzic.dev/docs/reference/scoring-algorithm) -[![REUSE 3.x compliant](https://img.shields.io/badge/REUSE-3.x%20compliant-0d9488?style=flat-square)](https://reuse.software/) -[![License](https://img.shields.io/badge/license-Apache--2.0-0d9488?style=flat-square)](LICENSE) -[![Documentation: Diátaxis](https://img.shields.io/badge/Docs-Di%C3%A1taxis-brightgreen?style=flat-square)](https://diataxis.fr/) -[![Zenzic](https://img.shields.io/badge/Zenzic-v0.10.4-blue?style=flat-square)](https://github.com/PythonWoods/zenzic) +

+ +

The official Docusaurus documentation portal for Zenzic — built on Diátaxis, shipped as a single site with user docs, developer docs, and blog.

+ +

+ ci-status + + zenzic-audit + + zenzic-score + REUSE 3.x compliant + license + Documentation: Diátaxis + Zenzic +

--- diff --git a/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg b/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg new file mode 100644 index 0000000..887f9eb --- /dev/null +++ b/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + + + + + Zenzic + + + / + + + doc + + + THE OFFICIAL DOCUMENTATION PORTAL + diff --git a/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg.license b/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg.license new file mode 100644 index 0000000..73c93a8 --- /dev/null +++ b/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2026 PythonWoods + +SPDX-License-Identifier: Apache-2.0 diff --git a/static/assets/brand/svg/zenzic-wordmark-doc.svg b/static/assets/brand/svg/zenzic-wordmark-doc.svg new file mode 100644 index 0000000..e20e7fe --- /dev/null +++ b/static/assets/brand/svg/zenzic-wordmark-doc.svg @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + + + + + Zenzic + + + / + + + doc + + + THE OFFICIAL DOCUMENTATION PORTAL + diff --git a/static/assets/brand/svg/zenzic-wordmark-doc.svg.license b/static/assets/brand/svg/zenzic-wordmark-doc.svg.license new file mode 100644 index 0000000..73c93a8 --- /dev/null +++ b/static/assets/brand/svg/zenzic-wordmark-doc.svg.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2026 PythonWoods + +SPDX-License-Identifier: Apache-2.0 From a099aebfb9bdc64a686edceaf39b5b4674a02a64 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 19:35:22 +0200 Subject: [PATCH 09/11] fix(brand): align doc wordmark color to official palette Replace teal (#0d9488/#2dd4bf) with sky (#38bdf8/#7dd3fc), the second brand color used in the icon grid. Signed-off-by: PythonWoods-Dev --- static/assets/brand/svg/zenzic-wordmark-doc-dark.svg | 4 ++-- static/assets/brand/svg/zenzic-wordmark-doc.svg | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg b/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg index 887f9eb..120ea1e 100644 --- a/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg +++ b/static/assets/brand/svg/zenzic-wordmark-doc-dark.svg @@ -27,8 +27,8 @@ / - - doc + + doc THE OFFICIAL DOCUMENTATION PORTAL diff --git a/static/assets/brand/svg/zenzic-wordmark-doc.svg b/static/assets/brand/svg/zenzic-wordmark-doc.svg index e20e7fe..bf26734 100644 --- a/static/assets/brand/svg/zenzic-wordmark-doc.svg +++ b/static/assets/brand/svg/zenzic-wordmark-doc.svg @@ -27,8 +27,8 @@ / - - doc + + doc THE OFFICIAL DOCUMENTATION PORTAL From f250d37994fefb15a06446787e574b7bfa86785c Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 19:49:24 +0200 Subject: [PATCH 10/11] fix(ci): resolve NPM audit critical and quality gate Z109 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - package-lock.json: npm audit fix — shell-quote critical (GHSA-w7jw-789q-3m8p) - .zenzic.toml: suppress Z109 on architecture.mdx (EN+IT) github.com/google/re2 is a valid upstream repo; failure is a transient CI network connection error (6/10 suppression cap) - README.md + README.it.md: score badge updated 96 → 94 (2 new suppressions) Signed-off-by: PythonWoods-Dev --- .zenzic.toml | 4 ++++ README.it.md | 2 +- README.md | 2 +- package-lock.json | 6 +++--- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.zenzic.toml b/.zenzic.toml index b697208..c27b46e 100644 --- a/.zenzic.toml +++ b/.zenzic.toml @@ -127,6 +127,10 @@ i18n_parity = true "docs/tutorials/examples/z1xx-links/z107-circular-anchor.mdx" = ["Z107"] "docs/it/tutorials/examples/z1xx-links/z107-circular-anchor.mdx" = ["Z107"] +# Z109: github.com/google/re2 — valid upstream repo; transient connection error in CI network. +"docs/explanation/architecture.mdx" = ["Z109"] +"docs/it/explanation/architecture.mdx" = ["Z109"] + # "docs/legacy/**" = ["Z601"] # intentional brand refs → -1 pt # "docs/migration/*.md" = ["Z101"] # known broken links → -1 pt diff --git a/README.it.md b/README.it.md index 9dcf700..a9610ac 100644 --- a/README.it.md +++ b/README.it.md @@ -20,7 +20,7 @@ SPDX-License-Identifier: Apache-2.0 zenzic-audit - zenzic-score + zenzic-score REUSE 3.x compliant license Documentation: Diátaxis diff --git a/README.md b/README.md index 850998a..3f81790 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ SPDX-License-Identifier: Apache-2.0 zenzic-audit - zenzic-score + zenzic-score REUSE 3.x compliant license Documentation: Diátaxis diff --git a/package-lock.json b/package-lock.json index 7b56485..fb62e83 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20659,9 +20659,9 @@ } }, "node_modules/shell-quote": { - "version": "1.8.3", - "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz", - "integrity": "sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==", + "version": "1.8.4", + "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.4.tgz", + "integrity": "sha512-VsC6n6vz1ihYYyZZwX7YZSF5l5x36ca17OC+a69h94YqB7X6XLwf+5MOgynYir2SLFUbl8gIYvBo8K8RoNQ6bQ==", "license": "MIT", "engines": { "node": ">= 0.4" From 7971ad04c41b02d5fedf7db77d79a201324047c8 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Tue, 9 Jun 2026 20:08:31 +0200 Subject: [PATCH 11/11] docs(contributing): add SSH signing setup instructions Signed-off-by: PythonWoods-Dev --- CONTRIBUTING.it.md | 13 +++++++++++++ CONTRIBUTING.md | 13 +++++++++++++ 2 files changed, 26 insertions(+) diff --git a/CONTRIBUTING.it.md b/CONTRIBUTING.it.md index 7b7b7c7..655f95d 100644 --- a/CONTRIBUTING.it.md +++ b/CONTRIBUTING.it.md @@ -60,6 +60,19 @@ uvx pre-commit install # commit-stage: hygiene + typecheck + zenzi uvx pre-commit install -t pre-push # pre-push: 🛡️ Final Guard runs `just verify` ``` +Configura la firma SSH dei commit (obbligatoria — tutti i commit devono apparire come **Verified** su GitHub): + +```bash +# Configurazione globale una-tantum (salta se già configurata) +git config --global gpg.format ssh +git config --global user.signingkey ~/.ssh/id_ed25519.pub # adatta il percorso se necessario +git config --global commit.gpgsign true +``` + +Registra poi la tua chiave pubblica come **Signing Key** (non Authentication Key) su +. I commit firmati con una chiave non registrata +verranno rifiutati dal ruleset del branch. + --- ## Eseguire il Sito in Locale diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8114c97..46edbae 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -60,6 +60,19 @@ uvx pre-commit install # commit-stage: hygiene + typecheck + zenzi uvx pre-commit install -t pre-push # pre-push: 🛡️ Final Guard runs `just verify` ``` +Configure SSH commit signing (required — all commits must appear **Verified** on GitHub): + +```bash +# One-time global setup (skip if already configured) +git config --global gpg.format ssh +git config --global user.signingkey ~/.ssh/id_ed25519.pub # adjust path if different +git config --global commit.gpgsign true +``` + +Then register your public key as a **Signing Key** (not Authentication Key) at +. Commits signed with an unregistered key will +be rejected by the branch ruleset. + --- ## Running the Site Locally