🔄 synced file(s) with OrrisTech/.github

[iamzifei]

synced local file(s) with OrrisTech/.github.

This PR was automatically created by the org file sync workflow. It syncs the latest org standard files from the .github repo. Review the changes and merge when ready.

Changed files

• created local .claude/org-rules.md from remote sync/.claude/org-rules.md
• created local .github/pull_request_template.md from remote sync/.github/pull_request_template.md
• created local .github/workflows/ci.yml from remote sync/.github/workflows/ci.yml
• created local lefthook.yml from remote sync/lefthook.yml
• created local .vscode/settings.json from remote sync/.vscode/settings.json

---

This PR was created automatically by the repo-file-sync-action workflow run #22209578770

[Copilot]

Pull request overview

Syncs organization-standard repository configuration files from OrrisTech/.github into this repo to standardize CI, local tooling, and contributor workflow expectations.

Changes:

• Adds a thin GitHub Actions CI workflow that delegates to reusable org workflows.
• Introduces a Lefthook pre-commit configuration for linting, typechecking, and running related tests.
• Adds shared contributor-facing templates/settings (PR template, VS Code settings, Claude org rules).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
lefthook.yml	Adds pre-commit hooks intended to run lint, TypeScript checks, and related tests on staged files.
.vscode/settings.json	Establishes default editor/formatting, ESLint, TypeScript, and Tailwind IntelliSense settings.
.github/workflows/ci.yml	Adds a caller CI workflow that runs org-provided reusable workflows.
.github/pull_request_template.md	Adds a standardized PR template/checklist for contributions.
.claude/org-rules.md	Adds org-wide Claude Code rules for checks, testing, React, docs, UI/SEO, and security standards.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The typecheck hook only runs when tsconfig.json exists at the repo root, but this repo’s TypeScript projects use per-workspace tsconfigs (e.g. gateway/tsconfig.json, desktop/tsconfig.json, shared/tsconfig.json). As written, typecheck will always exit early and never run. Update the hook to run tsc for each workspace (or detect tsconfig files in subdirectories) so commits are actually type-checked.

Suggested change

	# Run TypeScript type checking (no emit) -- only if tsconfig exists
	glob: "*.{ts,tsx}"
	run: |
	if [ ! -f tsconfig.json ]; then exit 0; fi
	if [ -f pnpm-lock.yaml ]; then
	pnpm exec tsc --noEmit
	elif [ -f bun.lockb ] || [ -f bun.lock ]; then
	bunx tsc --noEmit
	else
	npx tsc --noEmit
	fi
	# Run TypeScript type checking (no emit) for all workspace tsconfig files
	glob: "*.{ts,tsx}"
	run: |
	# Find all tsconfig.json files (e.g., gateway/tsconfig.json, desktop/tsconfig.json, shared/tsconfig.json)
	configs=$(find . -type d -name node_modules -prune -o -type f -name "tsconfig.json" -print)
	# If no TypeScript projects are present, skip typechecking
	if [ -z "$configs" ]; then
	exit 0
	fi
	if [ -f pnpm-lock.yaml ]; then
	cmd_prefix="pnpm exec tsc --noEmit -p"
	elif [ -f bun.lockb ] || [ -f bun.lock ]; then
	cmd_prefix="bunx tsc --noEmit -p"
	else
	cmd_prefix="npx tsc --noEmit -p"
	fi
	# Run typechecking for each discovered tsconfig.json
	status=0
	for config in $configs; do
	echo "Typechecking with $config"
	if ! $cmd_prefix "$config"; then
	status=1
	fi
	done
	exit $status

[Copilot]

These reusable workflows are referenced with @main. To avoid unexpected CI behavior changes (and reduce supply-chain risk), pin the uses: references to an immutable tag or commit SHA (or a dedicated release branch) and update intentionally when needed.

Suggested change

	uses: OrrisTech/.github/.github/workflows/ci-lint-typecheck.yml@main
	secrets: inherit
	test:
	name: Test
	uses: OrrisTech/.github/.github/workflows/ci-test.yml@main
	secrets: inherit
	build:
	name: Build
	needs: [lint-typecheck]
	uses: OrrisTech/.github/.github/workflows/ci-build.yml@main
	secrets: inherit
	security:
	name: Security Audit
	uses: OrrisTech/.github/.github/workflows/ci-security.yml@main
	secrets: inherit
	react-doctor:
	name: React Doctor
	if: github.event_name == 'pull_request'
	uses: OrrisTech/.github/.github/workflows/ci-react-doctor.yml@main
	uses: OrrisTech/.github/.github/workflows/ci-lint-typecheck.yml@ci-v1
	secrets: inherit
	test:
	name: Test
	uses: OrrisTech/.github/.github/workflows/ci-test.yml@ci-v1
	secrets: inherit
	build:
	name: Build
	needs: [lint-typecheck]
	uses: OrrisTech/.github/.github/workflows/ci-build.yml@ci-v1
	secrets: inherit
	security:
	name: Security Audit
	uses: OrrisTech/.github/.github/workflows/ci-security.yml@ci-v1
	secrets: inherit
	react-doctor:
	name: React Doctor
	if: github.event_name == 'pull_request'
	uses: OrrisTech/.github/.github/workflows/ci-react-doctor.yml@ci-v1

[Copilot]

The lint-staged command unconditionally suppresses errors/output (2>/dev/null) and ends with || true, so commits will succeed even when ESLint/Biome reports real lint failures. Consider only skipping when the tool is not installed (e.g., check config/command existence first) and otherwise let the hook fail (and avoid discarding stderr) so lint issues are visible and block the commit as intended.

Suggested change

	pnpm exec eslint --fix {staged_files} 2>/dev/null || pnpm exec biome check --write {staged_files} 2>/dev/null || true
	elif [ -f bun.lockb ] || [ -f bun.lock ]; then
	bunx eslint --fix {staged_files} 2>/dev/null || bunx biome check --write {staged_files} 2>/dev/null || true
	else
	npx eslint --fix {staged_files} 2>/dev/null || npx biome check --write {staged_files} 2>/dev/null || true
	if pnpm exec eslint --version >/dev/null 2>&1; then
	pnpm exec eslint --fix {staged_files}
	elif pnpm exec biome --version >/dev/null 2>&1; then
	pnpm exec biome check --write {staged_files}
	else
	echo "Warning: neither ESLint nor Biome is installed (pnpm); skipping lint for staged files."
	exit 0
	fi
	elif [ -f bun.lockb ] || [ -f bun.lock ]; then
	if bunx eslint --version >/dev/null 2>&1; then
	bunx eslint --fix {staged_files}
	elif bunx biome --version >/dev/null 2>&1; then
	bunx biome check --write {staged_files}
	else
	echo "Warning: neither ESLint nor Biome is installed (bun); skipping lint for staged files."
	exit 0
	fi
	else
	if npx eslint --version >/dev/null 2>&1; then
	npx eslint --fix {staged_files}
	elif npx biome --version >/dev/null 2>&1; then
	npx biome check --write {staged_files}
	else
	echo "Warning: neither ESLint nor Biome is installed (npx); skipping lint for staged files."
	exit 0
	fi

[github-actions]

React Doctor Report

Click to expand results

npm warn exec The following package was not found and will be installed: react-doctor@0.0.28
react-doctor v0.0.28

�[2mScanning /home/runner/work/clawface/clawface...�[22m


�[31mSomething went wrong. Please check the error below for more details.�[39m
�[31mIf the problem persists, please open an issue on GitHub.�[39m
�[31m�[39m
�[31mNo React dependency found in package.json�[39m

Powered by react-doctor