Single-session CI hardening campaign. Took main from 2 required CI gates to 10 across 9 sequential PRs (#763 through #772), with underlying violations fixed in-PR — no report-only crutch left in the pipeline.
10 blocking required gates on main
| Gate | Source |
|---|---|
validate
| pre-existing (now includes widened-test-loop matrix) |
marketplace-validation
| pre-existing |
eslint-check
| PR A (#764) |
format-check (prettier)
| PR A (#764) |
ruff-check
| PR B (#765) |
ruff-format-check
| PR B (#765) |
shellcheck-skills
| PR E (#768) |
typescript-coverage-audit
| PR F (#769) |
skill-codeblock-syntax
| PR H (#771) |
markdownlint
| PR I (#772) |
Cleanup totals
- 974 Python errors → 0 (ruff + ruff-format across plugins, scripts, freshie)
- 223 shellcheck issues → 0 (47 mis-extensioned
.sh→.pyrenames + 11 real bug fixes) - ~60,000 markdownlint errors → 0 across 10,468 markdown files (bulk + targeted cleanup)
- 97 codeblock-syntax mislabels → 0 (mostly CLI usage with
<placeholder>brackets relabeled totext) - 9 plugin-test failures → 0 in
widened-test-loop(web-to-github-issuerefactor) - 9 TypeScript packages without typecheck → 0 (
tsc --noEmitscript added) - ~970 MB tracked content + ~1.2 MB working-tree cruft removed (
backups/,functions/,planned-skills/,archive/, dead Firebase/Docker artifacts) - Human-triggered auto-merge disabled at repo level — only dependabot bumps auto-merge
New repo-root configs
ruff.toml— Python lint policy (E4/E7/E9/F, ignore E402/E741).shellcheckrc— shell lint policy (disable SC1090/SC1091/SC2155/SC2034).markdownlint-cli2.jsonc— markdown lint policy for 10k+ md files
Forcing-function preserved
The REPORT-ONLY-UNTIL: YYYY-MM-DD deadline-enforcer (PR #757) stays wired for future report-only intros. It's a tool, not a permanent state. Currently zero report-only gates.
Beads closed
claude-lrhq (shellcheck), claude-6f4o (ts-coverage), claude-hy8p (codeblock-syntax), claude-d1gm (widened-test-loop), 4 markdownlint cleanup beads.
Full per-PR breakdown in CHANGELOG.md.