From ae83bf141b6571d7736e537e721766f4c282775c Mon Sep 17 00:00:00 2001 From: roottool Date: Mon, 2 Mar 2026 03:17:31 +0900 Subject: [PATCH 1/2] docs(pr-template): fix MD036 and MD040 markdown lint warnings Replace bold emphasis used as subheadings with proper ### headings in the Security & API Stability and Testing sections (MD036). Add text language specifier to the fenced code block in the Automated Review section (MD040). Co-Authored-By: Claude Sonnet 4.6 --- .github/PULL_REQUEST_TEMPLATE.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index ee58b82..2b67684 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -37,32 +37,34 @@ ## Security & API Stability -**Security Impact** +### Security Impact - [ ] No impact on security (no changes to forbidden keys, prototype safety) - [ ] Reviewed against security rules in AGENTS.md - [ ] If security-related: Explain impact and mitigation -**API Contract** +### API Contract - [ ] No changes to public API (`parse` function signature, type definitions) - [ ] No breaking changes to `ParseResult`, `ParseIssue`, or `IssueCode` - [ ] If API change: Is this a breaking change? (Yes/No + explanation) -**Versioning** +### Versioning - [ ] Change is compatible with current v0.x versioning policy - [ ] If breaking change proposed: Justification for major version bump ## Testing -**Automated Checks** +### Automated Checks - [ ] TypeScript type checking passes (`bun run check:type:source`) - [ ] All tests pass (`bun run test`) - [ ] Build succeeds (`bun run build`) -**Additional Verification** (describe any manual testing, edge case verification, or integration testing) +### Additional Verification + +(describe any manual testing, edge case verification, or integration testing) @@ -70,7 +72,7 @@ **For Claude Code users**: You can use the boundary-validator skill for automated review: -``` +```text Review this code against boundary-validator rules ``` From f0412053223a7cd717ad1f138803a3e5254300f9 Mon Sep 17 00:00:00 2001 From: roottool Date: Mon, 2 Mar 2026 03:23:02 +0900 Subject: [PATCH 2/2] docs(pr-template): compact template from 79 to 36 lines - Remove blockquote explanation from Boundary Checklist - Flatten Security & API Stability subsections - Flatten Testing subsections and simplify manual testing note - Remove Automated Review section entirely Co-Authored-By: Claude Sonnet 4.6 --- .github/PULL_REQUEST_TEMPLATE.md | 69 ++++++-------------------------- 1 file changed, 13 insertions(+), 56 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 2b67684..333f78f 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -11,69 +11,26 @@ - [ ] Tests (adding or updating tests) - [ ] Tooling / CI (changes to build tools, CI configuration) -## Boundary Checklist (Required for Implementation Changes) - -> safe-formdata enforces a **strict trust boundary** for FormData. -> If any item below does **not** apply, this change likely does not belong here. -> -> **For documentation, tooling, or CI changes**: You may skip this section by checking the box below and explaining why. +## Boundary Checklist - [ ] **This is a non-implementation change** (Documentation, Tooling, or CI only) - - Reason: - -**For implementation changes, verify all items below:** +- [ ] **No interpretation** — Keys treated as opaque strings, no structural inference +- [ ] **No silent behavior** — No merging, overwriting, or implicit resolution +- [ ] **Boundary respected** — No validation, coercion, or business logic -- [ ] **No interpretation** - - Key names are treated as opaque strings - - No structural inference (`[]`, `.`, brackets, paths, etc.) -- [ ] **No silent behavior** - - No merging, overwriting, autofixing, or implicit resolution - - All boundary violations are reported explicitly -- [ ] **Boundary respected** - - No validation, coercion, schema, framework conventions, or business logic - -📘 Boundary rules & non-goals: - +📘 [AGENTS.md](https://github.com/roottool/safe-formdata/blob/main/AGENTS.md) ## Security & API Stability -### Security Impact - -- [ ] No impact on security (no changes to forbidden keys, prototype safety) -- [ ] Reviewed against security rules in AGENTS.md -- [ ] If security-related: Explain impact and mitigation - -### API Contract - -- [ ] No changes to public API (`parse` function signature, type definitions) -- [ ] No breaking changes to `ParseResult`, `ParseIssue`, or `IssueCode` -- [ ] If API change: Is this a breaking change? (Yes/No + explanation) - -### Versioning - -- [ ] Change is compatible with current v0.x versioning policy -- [ ] If breaking change proposed: Justification for major version bump +- [ ] No security impact (forbidden keys, prototype safety unaffected) +- [ ] No changes to public API (`parse`, `ParseResult`, `ParseIssue`, `IssueCode`) +- [ ] No breaking changes; or justified with version bump rationale +- [ ] Compatible with current v0.x versioning policy ## Testing -### Automated Checks - -- [ ] TypeScript type checking passes (`bun run check:type:source`) -- [ ] All tests pass (`bun run test`) -- [ ] Build succeeds (`bun run build`) - -### Additional Verification - -(describe any manual testing, edge case verification, or integration testing) - - - -## Automated Review (Optional) - -**For Claude Code users**: You can use the boundary-validator skill for automated review: - -```text -Review this code against boundary-validator rules -``` +- [ ] `bun run check:type:source` passes +- [ ] `bun run test` passes +- [ ] `bun run build` passes -**For other tools**: Reference [AGENTS.md](https://github.com/roottool/safe-formdata/blob/main/AGENTS.md) and [skills/boundary-validator](https://github.com/roottool/safe-formdata/tree/main/skills/boundary-validator) for design rules. +