fix: pre-presentation cleanup — auth, README accuracy, privacy, CI#3
Merged
Conversation
…d privacy, CI, gitignore
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Full pre-presentation audit fixes. Every change is verified against actual code — nothing assumed.
🔴 Critical fixes
src/middleware.ts— created (auth was completely broken)src/proxy.tshad the auth guard and security headers, but Next.js never loaded it because there was nomiddleware.ts. The dashboard,/import, and all edit routes were publicly accessible without login. Security headers (X-Frame-Options,HSTS, etc.) were not applied to any response. One-line re-export wires it correctly.CLAUDE.md— client data stripped (was public)The previous
CLAUDE.mdexposed: DesignShopp as a PE client, n8n instance URL, client project names (CMCA, Tornatech, CUAL), workflow IDs, and internal file paths. All n8n/client sections removed. Stack section updated to match reality. Rule 7 corrected (was wrong aboutproxy.tsvsmiddleware.ts).🟡 Accuracy fixes
README.md— 4 Tiptap references removedTiptap had 0 hits in a full repo search — it is not installed and not used anywhere. Four occurrences updated to "Custom block editor" / "Block editor": architecture diagram, Stack table, Features table, screenshot caption. Also added
middleware.tsto the Project Structure tree.🟢 Polish
.github/workflows/ci.yml— createdRuns
npm ci && npm teston every push and PR to main. Backs up the "40 tests, ~330ms" README claim with a live green badge..gitignore—docs/superpowers/addedPrevents AI planning artifacts from being re-committed to the public repo.
One manual step after merging
The
docs/superpowers/files are already-tracked and need to be removed from git history locally:git rm -r --cached docs/superpowers/ git commit -m "chore: untrack internal AI planning artifacts" git pushFiles changed
src/middleware.ts— new (1 line)CLAUDE.md— stripped to project rules onlyREADME.md— 4 Tiptap → block editor replacements.gitignore—docs/superpowers/added.github/workflows/ci.yml— new CI workflow