fix(styles): remediate all stylelint violations and gate token usage in CI#1847
Conversation
…in CI Stylelint was defined but never executed anywhere (not in npm run lint, not in CI), leaving 370 latent violations across client/src/**/*.css and *.module.css. This fixes all of them and wires stylelint into both local and CI gates so the rules actually enforce design-token usage going forward, as CLAUDE.md already claimed they did. - Add missing `color-function-alias-notation: null` to the tokens.css stylelint override (resolves 116 violations in tokens.css alone). - Add ~20 new semantic tokens (--z-raised, --color-warning-badge-bg, --color-tooltip-*, --color-photo-*, --shadow-text-overlay) extracted 1:1 from previously-hardcoded values — no visual changes. - Fix a real bug found during remediation: InvoiceBudgetLinesSection used `@extend .td;` (SCSS syntax) six times in a plain CSS Module, which is a silent no-op — six table cells were never receiving their intended padding. Replaced with the actual declaration. - Remove dead/duplicate CSS selectors (HouseholdItemDetailPage had a legacy pre-token block fully shadowed by a later tokenized reimplementation of the same selectors; CostBreakdownTable had two more). - Replace deprecated `clip`/`page-break-*` properties, modernize `:not()` chains, replace hardcoded font-weight/z-index literals with scale tokens, and move an inline style to a CSS Module class. - Chain stylelint into `npm run lint`/`lint:fix`; add a dedicated `Stylelint` step to the CI `static-analysis` job (intentionally not `npm run lint`, since ESLint's pre-existing 8 errors/50 warnings are out of scope for this PR and would break CI immediately). Fixes #1815 Co-Authored-By: Claude dev-team-lead (Sonnet 4.6) <noreply@anthropic.com> Co-Authored-By: Claude frontend-developer (Haiku 4.5) <noreply@anthropic.com> Co-Authored-By: Claude qa-integration-tester (Sonnet 4.5) <noreply@anthropic.com>
|
[security-engineer] Security review of PR #1847 (fix/1815-stylelint-enforcement) Scope reviewed: CI workflow change (
package.json: CSS/token changes: All ~50 CSS diffs replace hardcoded hex/rgba/z-index/font-weight literals with TSX change ( Findings: None. No SQL/command/XSS injection vectors, no auth/authorization surface touched, no new dependencies, no secrets exposure, no CI script-injection pattern. VERDICT: APPROVED |
|
@/tmp/pr1847-review.md |
|
[product-architect] Architecture review — APPROVED (2 medium notes for follow-up, non-blocking) Reviewed Verified soundCI gating design — Correct sequencing. The Token-system additions — Good architectural fit:
@extend bug fix — Correct. CLAUDE.md accuracy — Claims now match reality: job name Medium findings (recommend follow-up, not blocking)M1 — Undocumented M2 — Neither finding blocks merge to beta — both are appropriately caught by downstream UX/E2E review. Nice, disciplined sweep overall. |
|
🎉 This PR is included in version 2.13.0-beta.16 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Summary
.stylelintrc.json+npm run stylelintscript) but never invoked anywhere — not innpm run lint, not in CI. This left 370 latent violations acrossclient/src/**/*.cssand*.module.css.color-function-alias-notation: nulloverride fortokens.css(resolves 116 violations there alone), extracts ~20 new semantic tokens 1:1 from previously-hardcoded values (zero visual change), and remediates every remaining violation: deprecatedclip/page-break-*properties,:not()chain modernization, font-weight/z-index literals → scale tokens, duplicate selectors, and one inline style moved to a CSS Module class.InvoiceBudgetLinesSection.module.cssused@extend .td;(SCSS syntax) six times inside a plain CSS Module — this project has no Sass, so it was a silent no-op and six table cells never received their intended padding. Replaced with the actual declaration.stylelintintonpm run lint/lint:fixand adds a dedicatedStylelintstep to the CIstatic-analysisjob. Deliberately does not route throughnpm run lintin CI, since ESLint has 8 pre-existing errors / 50 warnings out of scope for this PR that would otherwise break CI immediately — that cleanup is left for a follow-up issue.Fixes #1815
Test plan
npx stylelint "client/src/**/*.css" "client/src/**/*.module.css"— 0 errors, 0 warnings (independently re-verified during review)npm run stylelint(as CI will invoke it) — cleanCo-Authored-By: Claude dev-team-lead (Sonnet 4.6) noreply@anthropic.com