diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..ab3c5558 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,24 @@ +# Dependency Review - blocks PRs that introduce known-vulnerable dependencies +name: Dependency Review + +on: + pull_request: + branches: [main] + +permissions: + contents: read + pull-requests: write + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Dependency Review + uses: actions/dependency-review-action@v4 + with: + fail-on-severity: high + comment-summary-in-pr: always + deny-licenses: GPL-3.0-only, AGPL-3.0-only diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..96d068bc --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,43 @@ +# Pre-commit hooks for Agent365-nodejs +# Install: pip install pre-commit && pre-commit install +# Run manually: pre-commit run --all-files + +repos: + # Gitleaks - detect secrets in code + - repo: https://github.com/gitleaks/gitleaks + rev: v8.18.4 + hooks: + - id: gitleaks + + # Whitespace fixes + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.6.0 + hooks: + - id: trailing-whitespace + args: [--markdown-linebreak-ext=md] + - id: end-of-file-fixer + - id: mixed-line-ending + args: [--fix=lf] + - id: check-merge-conflict + - id: check-yaml + args: [--allow-multiple-documents] + - id: check-json + + # Node.js/TypeScript specific + - repo: https://github.com/pre-commit/mirrors-eslint + rev: v9.39.1 + hooks: + - id: eslint + files: \.[jt]sx?$ + types: [file] + additional_dependencies: + - eslint@9.39.1 + - typescript + - "@typescript-eslint/parser" + - "@typescript-eslint/eslint-plugin" + + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v4.0.0-alpha.8 + hooks: + - id: prettier + types_or: [javascript, typescript, json, yaml, markdown]