The Cloudflare worker deploy workflow was printing secret-derived config into CI logs and doing unnecessary root installs. Tighten the workflow to use read-only permissions, secure file writes, and per-worker dependency installs, then add a staged TypeScript migration plan so the repo-wide conversion has explicit CI-safe ordering.
Constraint: Must keep the current Cloudflare deploy path working while removing secret exposure from logs
Rejected: Leave the workflow as-is and document the risk | known secret leakage in CI is an immediate operational defect
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep worker deploy inputs secret-only and validate repo-wide TypeScript work in bounded slices, not one bulk migration
Tested: ruby YAML parse of .github/workflows/deploy-cloudflare-workers.yml; git diff --check; npm ci --prefix doesitarm-default --ignore-scripts --no-audit --no-fund; npm ci --prefix workers/analytics --ignore-scripts --no-audit --no-fund
Not-tested: Full GitHub Actions execution after commit
This adds a repo-local plan for the public discoverability and dataset work so
future implementation can proceed in small, reviewable stages. The rollout is
ordered by ease of implementation and each stage begins with a research pass to
re-check current crawler, schema, and search guidance before code changes land.
Constraint: User requested an ease-first rollout with research checkpoints at every stage
Rejected: Leverage-first ordering | larger evidence-page rewrite would delay smaller foundational wins
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Re-check external docs at the start of each stage before implementing because crawler and structured-data guidance can shift
Tested: git diff --cached --check; manual review of staged plan content
Not-tested: pnpm build; pnpm test (docs-only plan change)
The previous verbiage fallback loaded package.json via createRequire(), which broke Astro/Netlify prerender bundling because the relative package.json path is not available inside the generated chunk layout. Replace it with static fallback strings so the app-test text stays populated without depending on runtime file access.
Constraint: Must restore Netlify production builds immediately
Rejected: Revert the verbiage fix entirely | would reintroduce the blank app-test subtitle in production
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep public runtime fallbacks bundle-safe; do not require repo files from prerender/runtime chunks
Tested: pnpm run typecheck (workspace); GitHub Actions failure analysis for netlify-build
Not-tested: Full redeploy completion at commit time
Capture the next discovery, security, compatibility-data, and dual-deploy planning work, and ignore local Vercel/env state that should not be committed. This keeps the operational research with the repo while avoiding accidental local-config churn.
Constraint: Must not alter production runtime behavior
Rejected: Fold research notes into the runtime fix commit | obscures the user-facing app-test correction with planning-only material
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep .omx local state untracked even when committing broad workspace updates
Tested: Document review only
Not-tested: No runtime verification required for docs and ignore rules
The app-test page could render blank processor/mac verbiage when pnpm did not supply npm_package_config_verbiage_* in the runtime environment. Fall back to package.json config and the page-level computed value so the subtitle and description stay populated in builds and production.
Constraint: Must not change scanner behavior or app-test submission flow
Rejected: Patch only the Vue page text | leaves the public runtime config inconsistent for other consumers
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep publicRuntimeConfig resilient to missing npm_package_config_* env values until the config source is normalized repo-wide
Tested: pnpm run typecheck (workspace); node --input-type=module import of publicRuntimeConfig (workspace)
Not-tested: Full browser rerun for this exact commit beyond the already-green production smoke suite
Move the worker scanner surface into TypeScript, add a direct worker regression, and make the version=2 app-test path populate the same visible result data and final status as the legacy scanner. This keeps the refactor bounded while making the worker route safe to exercise.
Constraint: Must preserve the existing Apple Silicon app-test behavior while changing the worker internals
Rejected: Flip production to the worker path immediately | still needs the normal deploy path and broader production soak
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Keep the version=2 adapter using the shared finishFileScan path until the legacy scanner can be removed entirely
Tested: pnpm run typecheck; pnpm exec vitest run test/scanner/client.test.ts; pnpm run test:browser (original workspace); netlify build --context deploy-preview (original workspace)
Not-tested: Browser suite from the clean clone environment (local Astro dev server startup timed out there)
Add a typed Playwright harness for Pagefind and the Apple Silicon app-test flow so scanner work has browser-level protection. Keep the rollout plan in the same stack so the TypeScript conversion stays staged and reviewable.
Constraint: Must not change production runtime behavior in this commit
Rejected: Leave the old JS browser test and add a second harness | duplicates setup and leaves the targeted browser script broken
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep browser-only helpers under test/playwright/support until the runtime scanner surface is fully typed
Tested: pnpm run typecheck; pnpm run test:browser; pnpm run test:browser:pagefind
Not-tested: Live browser checks against doesitarm.com
Keep the Pagefind bootstrap path from rewriting the remote sitemap
payload locally when the static JSON file is absent. GitHub-hosted runs
only need the fetched data in memory, and stringifying the 385 MB payload
was exhausting Node during netlify-build.
Cover the Native Support filter with a Playwright-backed Vitest case
that can boot the local dev server or attach to a deployed URL so the
same regression can gate post-deploy verification.
Resolve the Pagefind browser loader in Vite dev and cap filter-only
result hydration so broad filters render promptly instead of stalling
behind thousands of fragment fetches.
Add Pagefind indexing and browser search adapters behind a provider switch.
This lets prebuild generate either Stork or Pagefind search artifacts and lets the existing search UI run against Pagefind while preserving scoped filters, excerpts, and result metadata.
Share filter parsing and provider mapping logic between Stork and upcoming search adapters.
This keeps the existing Stork API stable while adding Pagefind-oriented filter serialization under test.
Capture user-visible parity requirements for a future Pagefind migration.
This keeps the earlier viability memo focused on engine fit and documents the recommended adapter approach, carry-over patterns, and remaining prototype risks around ranking and title highlighting.
The generic
> doesitarm@1.0.0 test /Users/athena/Code/doesitarm
> vitest run
Running Astro Config File
RUN v4.1.0 /Users/athena/Code/doesitarm
Test Files 7 passed (7)
Tests 20 passed | 3 todo (23)
Start at 13:00:20
Duration 1.76s (transform 317ms, setup 138ms, import 1.23s, tests 2.55s, environment 2ms) entrypoint assumes artifacts that only exist after the repo's full Netlify-style build. Run the real end-to-end Netlify build in GitHub Actions instead so the hosted Node 24 check matches the supported build surface.
Install pnpm before enabling setup-node's pnpm cache in the Cloudflare deploy job, and make the Node 24 check workflow self-contained by providing the public build URLs directly.
These fixes address the first GitHub-hosted failures that surfaced after the Node 24 migration push without changing the application runtime.
Align local version markers and GitHub Actions with Node 24, switch the default test entrypoint to the maintained Vitest runner, and replace pnpm-incompatible npm helpers in repo scripts.
This also removes the obsolete AVA plus esm path and excludes disabled test fixtures from generic Vitest discovery so CI reflects the supported test surface.
Clean list-specific JSON endpoint directories before rewriting them so local and deploy-style API builds do not fail on leftover files from older runs.
Keep the count check, but count only generated JSON outputs so the verification reflects the actual endpoint set.
Switch Stork downloads to artifacts that match current runtimes and fix the runtime detection path that Node 22 changed.
This keeps the existing Stork pipeline working on Netlify's Noble image and on Apple Silicon development machines.
