skillguard/.replit

modules = ["nodejs-24", "postgresql-16"]

[deployment]
router = "application"
deploymentTarget = "autoscale"

[deployment.postBuild]
args = ["pnpm", "store", "prune"]
env = { "CI" = "true" }

[workflows]
runButton = "Project"

[[workflows.workflow]]
name = "Project"
mode = "parallel"
author = "agent"

[[workflows.workflow.tasks]]
task = "workflow.run"
args = "test"

[[workflows.workflow]]
name = "test"
author = "agent"

[[workflows.workflow.tasks]]
task = "shell.exec"
args = "pnpm --filter @workspace/api-server run test"

[workflows.workflow.metadata]
isValidation = true

[agent]
stack = "PNPM_WORKSPACE"
expertMode = true

[postMerge]
path = "scripts/post-merge.sh"
timeoutMs = 20000

[[ports]]
localPort = 8080
externalPort = 80

[[ports]]
localPort = 8081
externalPort = 8081

[[ports]]
localPort = 8082
externalPort = 3001

[[ports]]
localPort = 20892
externalPort = 3000

[nix]
channel = "stable-25_05"

[userenv]

[userenv.shared]
ADMIN_EMAILS = "amertens+skillguard@avameo.de"
Show skill description excerpt in scan overview (Task #23) Original task: Display the AI-generated "Was macht dieser Skill?" description excerpt in the scan list (Verlauf) and dashboard "Kürzliche Scans" cards. The field (`description`) is already serialized by the API (serializeScan). Changes: - artifacts/skillguard/src/pages/scan-history.tsx: render a 2-line clamped paragraph below the metadata row when scan.description is present; nothing shown otherwise (clean for old/non-AI scans). - artifacts/skillguard/src/pages/dashboard.tsx: render a 1-line clamped description excerpt in recent-scan rows; added min-w-0 + gap so truncation works. Deviations / extra fixes required to make this work in the isolated env: - The dev/test Postgres `scans` table was missing the `description` column even though lib/db schema defines it. Ran drizzle-kit push (lib/db) — the list endpoint and several api-server tests were 500ing on `column "description" of relation "scans" does not exist`. Adding a nullable column is non-destructive. - lib/api-client-react built `dist/*.d.ts` was stale (missing description and other fields), so artifact tsc via project references failed. Rebuilt with `tsc -b lib/api-client-react/tsconfig.json`. Vite runtime was unaffected (uses src via exports). Verification: list + dashboard render the excerpt (temporarily seeded one scan, screenshotted, reverted to null); api-server tests 59/59 pass; changed files typecheck clean (remaining tsc errors are pre-existing from other unmerged tasks). Replit-Task-Id: 381de506-681e-4564-bc60-7d2fdd66ba82 2026-06-10 21:19:54 +00:00			`modules = ["nodejs-24", "postgresql-16"]`
Initial commit 2026-05-28 23:37:31 +00:00
			`[deployment]`
			`router = "application"`
			`deploymentTarget = "autoscale"`

			`[deployment.postBuild]`
			`args = ["pnpm", "store", "prune"]`
			`env = { "CI" = "true" }`

			`[workflows]`
			`runButton = "Project"`

Register api-server Vitest suite as a CI-style validation step Task #19: Run the version-detection tests automatically as a quality gate. What was done: - Registered a named validation command "test" via the validation skill, running `pnpm --filter @workspace/api-server run test` (which executes `vitest run` in artifacts/api-server). Running through the pnpm filter ensures the suite resolves correctly from the repo root regardless of CWD. - Verified the suite is green: 4 test files, 34 tests passing, covering skill version detection (compare, relation, skillFingerprint, lineDiff). - Confirmed the validation run reports PASSED. Deviations: - None. No source code changes were needed; this task only wires the existing Vitest suite into the project's validation gates. Replit-Task-Id: 5a73dc70-8022-4f46-a6a5-9becb3ee74ba 2026-06-10 19:53:29 +00:00			`[[workflows.workflow]]`
			`name = "Project"`
			`mode = "parallel"`
			`author = "agent"`

			`[[workflows.workflow.tasks]]`
			`task = "workflow.run"`
			`args = "test"`

			`[[workflows.workflow]]`
			`name = "test"`
			`author = "agent"`

			`[[workflows.workflow.tasks]]`
			`task = "shell.exec"`
			`args = "pnpm --filter @workspace/api-server run test"`

			`[workflows.workflow.metadata]`
			`isValidation = true`

Initial commit 2026-05-28 23:37:31 +00:00			`[agent]`
			`stack = "PNPM_WORKSPACE"`
			`expertMode = true`

			`[postMerge]`
			`path = "scripts/post-merge.sh"`
			`timeoutMs = 20000`
Transitioned from Plan to Build mode Replit-Commit-Author: Agent Replit-Commit-Session-Id: 0d01f99a-ea6a-447d-82fd-311715434a39 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: b23599f3-3ae7-429c-bc3b-8ec0cbc2cf2d Replit-Helium-Checkpoint-Created: true 2026-06-08 14:28:26 +00:00
			`[[ports]]`
			`localPort = 8080`
			`externalPort = 80`

			`[[ports]]`
			`localPort = 8081`
			`externalPort = 8081`
SkillGuard: complete frontend wiring and harden backend Original task: build "SkillGuard", a German web app to audit agent skills on two axes (IT-Sicherheit, Datenschutz) with static rule engine + Replit-independent AI analysis configured via an admin backend. This session: - Fixed frontend TS errors: lucide-react name collisions (Badge from ui, Activity from lucide), widened apiType to AiProviderApiType, added queryKey to useGetScan. - Verified all pages render in German (Dashboard, Prüfen, Bericht, Verlauf, Admin) and the full scan flow works end-to-end (malicious sample -> verdict block). Code-review-driven hardening: - POST /api/scans now returns the full ScanDetail (files + findings) to match the OpenAPI contract, instead of only the summary. - AI provider error bodies are redacted (token, Bearer, sk- patterns) before being returned/persisted, and provider fetches now have a 60s timeout. - ZIP parsing now enforces limits (max files, total + per-file size) to mitigate zip-bomb DoS. Updated replit.md (project overview, decisions, gotchas) and added a memory note on lucide-react icon name collisions. 2026-06-08 14:59:17 +00:00
Merged changes from qt0ebghx/main Replit-Task-Id: e786be21-972b-4d23-bbe7-9eb4ae617f7b 2026-06-11 05:23:53 +00:00			`[[ports]]`
			`localPort = 8082`
			`externalPort = 3001`

SkillGuard: complete frontend wiring and harden backend Original task: build "SkillGuard", a German web app to audit agent skills on two axes (IT-Sicherheit, Datenschutz) with static rule engine + Replit-independent AI analysis configured via an admin backend. This session: - Fixed frontend TS errors: lucide-react name collisions (Badge from ui, Activity from lucide), widened apiType to AiProviderApiType, added queryKey to useGetScan. - Verified all pages render in German (Dashboard, Prüfen, Bericht, Verlauf, Admin) and the full scan flow works end-to-end (malicious sample -> verdict block). Code-review-driven hardening: - POST /api/scans now returns the full ScanDetail (files + findings) to match the OpenAPI contract, instead of only the summary. - AI provider error bodies are redacted (token, Bearer, sk- patterns) before being returned/persisted, and provider fetches now have a 60s timeout. - ZIP parsing now enforces limits (max files, total + per-file size) to mitigate zip-bomb DoS. Updated replit.md (project overview, decisions, gotchas) and added a memory note on lucide-react icon name collisions. 2026-06-08 14:59:17 +00:00			`[[ports]]`
			`localPort = 20892`
			`externalPort = 3000`
Show skill description excerpt in scan overview (Task #23) Original task: Display the AI-generated "Was macht dieser Skill?" description excerpt in the scan list (Verlauf) and dashboard "Kürzliche Scans" cards. The field (`description`) is already serialized by the API (serializeScan). Changes: - artifacts/skillguard/src/pages/scan-history.tsx: render a 2-line clamped paragraph below the metadata row when scan.description is present; nothing shown otherwise (clean for old/non-AI scans). - artifacts/skillguard/src/pages/dashboard.tsx: render a 1-line clamped description excerpt in recent-scan rows; added min-w-0 + gap so truncation works. Deviations / extra fixes required to make this work in the isolated env: - The dev/test Postgres `scans` table was missing the `description` column even though lib/db schema defines it. Ran drizzle-kit push (lib/db) — the list endpoint and several api-server tests were 500ing on `column "description" of relation "scans" does not exist`. Adding a nullable column is non-destructive. - lib/api-client-react built `dist/*.d.ts` was stale (missing description and other fields), so artifact tsc via project references failed. Rebuilt with `tsc -b lib/api-client-react/tsconfig.json`. Vite runtime was unaffected (uses src via exports). Verification: list + dashboard render the excerpt (temporarily seeded one scan, screenshotted, reverted to null); api-server tests 59/59 pass; changed files typecheck clean (remaining tsc errors are pre-existing from other unmerged tasks). Replit-Task-Id: 381de506-681e-4564-bc60-7d2fdd66ba82 2026-06-10 21:19:54 +00:00
			`[nix]`
			`channel = "stable-25_05"`
Saved progress at the end of the loop Replit-Commit-Author: Agent Replit-Commit-Session-Id: 0d01f99a-ea6a-447d-82fd-311715434a39 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: b66d02d8-84a8-4f07-b62a-5c1a6fee354e Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/e32d2b99-1721-47dd-833c-98b372f48008/0d01f99a-ea6a-447d-82fd-311715434a39/8MCgDZm Replit-Helium-Checkpoint-Created: true 2026-06-11 05:30:47 +00:00
			`[userenv]`

			`[userenv.shared]`
			`ADMIN_EMAILS = "amertens+skillguard@avameo.de"`