Dev

.claude/settings.local.json

@@ -9,7 +9,8 @@
       "Bash(npm test:*)",
       "Bash(npm run build:*)",
       "Bash(npx vite build:*)",
-      "Bash(npx vite:*)"
+      "Bash(npx vite:*)",
+      "Bash(npx tsc:*)"
     ],
     "deny": []
   }

.github/SECURITY.md

@@ -0,0 +1,79 @@
+# Security Policy
+
+## Overview
+
+This is a web application deployed continuously from the main branch. We take security seriously and address vulnerabilities as soon as they are discovered.
+
+## Reporting a Vulnerability
+
+We take the security of our software seriously. If you believe you have found a security vulnerability, please report it to us as described below.
+
+### Please do NOT:
+- Open a public GitHub issue
+- Post on social media
+- Disclose the vulnerability publicly before we've had a chance to fix it
+
+### Please DO:
+- Email us at: [Create a security advisory](https://github.com/ntindle/gridfinity-space-optimizer/security/advisories/new)
+- Provide detailed steps to reproduce the issue
+- Include the impact of the issue
+- Suggest a fix if you have one
+
+### What to expect:
+- **Response Time**: We'll acknowledge receipt within 48 days
+- **Updates**: We'll provide updates at least every 72 days
+- **Fix Timeline**: We aim to release a fix within 7-14 days depending on complexity
+- **Disclosure**: We'll coordinate public disclosure with you
+
+## Security Measures
+
+### Code Security
+- All code is scanned using CodeQL and multiple SAST tools
+- Dependencies are regularly audited for vulnerabilities
+- Automated security checks on all pull requests
+
+### Dependency Management
+- Weekly automated dependency audits
+- Snyk monitoring for real-time vulnerability detection
+- Automated PR creation for security updates
+
+### Build Security
+- CI/CD pipelines run in isolated environments
+- No secrets stored in code
+- Environment variables used for sensitive configuration
+
+## Security Tools in Use
+
+- **CodeQL**: Semantic code analysis
+- **Semgrep**: Static analysis security scanner
+- **Snyk**: Dependency and container vulnerability scanning
+- **Trivy**: Comprehensive vulnerability scanner
+- **Gitleaks**: Secret detection in git repos
+- **TruffleHog**: Credential verification scanner
+- **npm audit**: Node.js dependency auditing
+
+## Best Practices for Contributors
+
+1. **Never commit secrets**: API keys, passwords, tokens
+2. **Validate input**: Always validate and sanitize user input
+3. **Use parameterized queries**: Prevent injection attacks
+4. **Implement proper authentication**: Use secure session management
+5. **Keep dependencies updated**: Regularly update packages
+6. **Follow secure coding guidelines**: OWASP Top 10
+
+## Automated Security Checks
+
+Every pull request undergoes:
+- Static Application Security Testing (SAST)
+- Dependency vulnerability scanning
+- Secret detection scanning
+- Code quality and security review
+- License compliance checking
+
+## Contact
+
+For security concerns, please use GitHub's security advisory feature or contact the maintainers directly through secure channels.
+
+---
+
+*This security policy is regularly reviewed and updated. Last update: Current*

.github/codecov.yml

@@ -0,0 +1,43 @@
+codecov:
+  require_ci_to_pass: true
+  notify:
+    wait_for_ci: true
+
+coverage:
+  precision: 2
+  round: down
+  range: "70...100"
+
+  status:
+    project:
+      default:
+        target: 70%
+        threshold: 2%
+    patch:
+      default:
+        target: 80%
+        threshold: 5%
+
+parsers:
+  javascript:
+    enable_partials: yes
+
+comment:
+  layout: "reach,diff,flags,tree"
+  behavior: default
+  require_changes: false
+  require_base: false
+  require_head: true
+
+ignore:
+  - "**/*.test.ts"
+  - "**/*.test.tsx"
+  - "**/test/**"
+  - "**/tests/**"
+  - "**/__tests__/**"
+  - "**/node_modules/**"
+  - "**/dist/**"
+  - "**/coverage/**"
+  - "vite.config.*"
+  - "tailwind.config.*"
+  - "postcss.config.*"

.github/dependabot.yml

@@ -0,0 +1,64 @@
+version: 2
+updates:
+  # Enable version updates for npm
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "04:00"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "ntindle"
+    labels:
+      - "dependencies"
+      - "npm"
+    commit-message:
+      prefix: "chore"
+      prefix-development: "chore"
+      include: "scope"
+    ignore:
+      # Ignore major version updates for these packages
+      - dependency-name: "react"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "react-dom"
+        update-types: ["version-update:semver-major"]
+    groups:
+      # Group all development dependencies together
+      dev-dependencies:
+        patterns:
+          - "*"
+        dependency-type: "development"
+      # Group all production dependencies together  
+      production-dependencies:
+        patterns:
+          - "*"
+        dependency-type: "production"
+      # Group ESLint and related packages
+      eslint:
+        patterns:
+          - "eslint*"
+          - "@typescript-eslint/*"
+      # Group testing packages
+      testing:
+        patterns:
+          - "vitest*"
+          - "@testing-library/*"
+      # Group Radix UI packages
+      radix-ui:
+        patterns:
+          - "@radix-ui/*"
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "04:00"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"

.github/workflows/accessibility.yml

@@ -0,0 +1,170 @@
+name: Accessibility Tests
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main, dev]
+
+jobs:
+  axe-accessibility:
+    name: Axe Accessibility Testing
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          npm ci
+          npm install --save-dev @axe-core/cli puppeteer
+
+      - name: Build application
+        run: npm run build
+
+      - name: Serve application
+        run: |
+          npx serve -s dist -p 3000 &
+          sleep 5
+
+      - name: Run Axe accessibility tests
+        run: |
+          npx axe http://localhost:3000 \
+            --dir ./axe-reports \
+            --save \
+            --timeout 30000 \
+            --tags wcag2a,wcag2aa,wcag21a,wcag21aa \
+            --show-errors
+        continue-on-error: true
+
+      - name: Generate accessibility report
+        if: always()
+        run: |
+          echo "## ♿ Accessibility Report" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [ -f "./axe-reports/index.json" ]; then
+            # Parse the JSON report and create summary
+            echo "### Axe-core Results" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+
+            # Check if there are violations
+            violations=$(cat ./axe-reports/index.json | grep -o '"violations":\[\]' || true)
+            if [ -n "$violations" ]; then
+              echo "✅ No accessibility violations found!" >> $GITHUB_STEP_SUMMARY
+            else
+              echo "⚠️ Accessibility issues detected. Check the detailed report." >> $GITHUB_STEP_SUMMARY
+            fi
+          else
+            echo "❌ Accessibility test failed to generate report" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "### Standards Tested" >> $GITHUB_STEP_SUMMARY
+          echo "- WCAG 2.0 Level A" >> $GITHUB_STEP_SUMMARY
+          echo "- WCAG 2.0 Level AA" >> $GITHUB_STEP_SUMMARY
+          echo "- WCAG 2.1 Level A" >> $GITHUB_STEP_SUMMARY
+          echo "- WCAG 2.1 Level AA" >> $GITHUB_STEP_SUMMARY
+
+      - name: Upload accessibility reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: accessibility-reports
+          path: axe-reports/
+          retention-days: 30
+
+  pa11y-accessibility:
+    name: Pa11y Accessibility Testing
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          npm ci
+          npm install --save-dev pa11y pa11y-ci
+
+      - name: Build application
+        run: npm run build
+
+      - name: Create Pa11y config
+        run: |
+          cat > .pa11yci.json << 'EOF'
+          {
+            "defaults": {
+              "timeout": 30000,
+              "wait": 1000,
+              "standard": "WCAG2AA",
+              "runners": ["axe", "htmlcs"],
+              "chromeLaunchConfig": {
+                "args": ["--no-sandbox", "--disable-setuid-sandbox"]
+              }
+            },
+            "urls": [
+              {
+                "url": "http://localhost:3000",
+                "actions": [
+                  "wait for element #root to be visible"
+                ]
+              }
+            ]
+          }
+          EOF
+
+      - name: Serve application
+        run: |
+          npx serve -s dist -p 3000 &
+          sleep 5
+
+      - name: Run Pa11y tests
+        run: npx pa11y-ci --config .pa11yci.json --json > pa11y-results.json
+        continue-on-error: true
+
+      - name: Upload Pa11y results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: pa11y-results
+          path: pa11y-results.json
+          retention-days: 30
+
+  color-contrast:
+    name: Color Contrast Testing
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check color contrast in CSS
+        run: |
+          echo "## 🎨 Color Contrast Report" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "Checking for potential color contrast issues..." >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          # Check for common low-contrast color combinations
+          if grep -r "color:.*#[89abcdef]{3,6}" src/ --include="*.css" --include="*.tsx" --include="*.ts"; then
+            echo "⚠️ Found potentially low-contrast color values" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "✅ No obvious low-contrast issues detected" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "Note: Full contrast testing is performed by Axe and Pa11y" >> $GITHUB_STEP_SUMMARY