-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathMakefile
More file actions
141 lines (100 loc) · 3.92 KB
/
Makefile
File metadata and controls
141 lines (100 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Harness Development Makefile
# Run `make help` to see available commands
.PHONY: all help install setup preflight worktree-ready verify-work codestyle hooks hooks-pre-commit hooks-commit-msg hooks-pre-push secrets-staged docs-style-changed related-tests semgrep-changed diagrams-check dev build lint docs-lint fmt typecheck test check audit secrets security clean reset ci diagrams env-check
# Default target
help: ## Show this help message
@echo 'Usage: make [target]'
@echo ''
@echo 'Targets:'
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf " %-15s %s\n", $$1, $$2}' $(MAKEFILE_LIST)
# === Setup ===
install: ## Install dependencies
pnpm install
setup: install hooks ## Full setup: install deps and configure git hooks
preflight: ## Run repository preflight checks (required local-memory gate by default)
@bash ./scripts/codex-preflight.sh
worktree-ready: ## Bootstrap a fresh git worktree before first push
@bash ./scripts/prepare-worktree.sh
verify-work: ## Run canonical repo-local verification wrapper
@bash ./scripts/verify-work.sh
codestyle: ## Run fail-closed codestyle validation
@bash ./scripts/validate-codestyle.sh
hooks: ## Setup git hooks
node scripts/setup-git-hooks.js
hooks-pre-commit: ## Run local pre-commit gates before creating a commit
pnpm lint
pnpm docs:lint
pnpm typecheck
$(MAKE) secrets-staged
$(MAKE) docs-style-changed
$(MAKE) related-tests
hooks-commit-msg: ## Validate commit message policy
@if [ -n "$$HOOK_COMMIT_MSG" ]; then \
tmp_file="$$(mktemp)"; \
trap 'rm -f "$$tmp_file"' EXIT; \
printf '%s\n' "$$HOOK_COMMIT_MSG" > "$$tmp_file"; \
node scripts/validate-commit-msg.js "$$tmp_file"; \
elif [ -n "$$HOOK_COMMIT_MSG_FILE" ]; then \
node scripts/validate-commit-msg.js "$$HOOK_COMMIT_MSG_FILE"; \
elif [ -n "$$MSG_FILE" ]; then \
node scripts/validate-commit-msg.js "$$MSG_FILE"; \
else \
echo "Error: set HOOK_COMMIT_MSG, HOOK_COMMIT_MSG_FILE, or MSG_FILE"; \
exit 1; \
fi
hooks-pre-push: ## Run local pre-push governance gates before pushing
@node ./scripts/check-doc-links.mjs
@bash ./scripts/check-diagram-freshness.sh
@bash ./scripts/check-environment.sh
$(MAKE) semgrep-changed
$(MAKE) codestyle
pnpm build
secrets-staged: ## Scan staged content for secrets before committing
pnpm run secrets:staged
docs-style-changed: ## Run Vale on staged authoritative docs only
pnpm run docs:style:changed
related-tests: ## Run Vitest related mode for staged src implementation files
pnpm run test:related
semgrep-changed: ## Run narrow Semgrep rules against changed src implementation files
pnpm run semgrep:changed
diagrams-check: ## Refresh architecture diagrams when sensitive paths change and fail on drift
@bash ./scripts/check-diagram-freshness.sh
# === Development ===
dev: ## Start development server
pnpm dev
build: ## Build for production
pnpm build
# === Quality ===
lint: ## Run linter
pnpm lint
docs-lint: ## Lint markdown/docs
pnpm docs:lint
fmt: ## Format code
pnpm fmt
typecheck: ## Run TypeScript type checking (excludes packages/effects: pre-existing TS errors)
pnpm -r --filter '!@design-studio/effects' run type-check
test: ## Run tests
pnpm test
check: ## Run all required quality gates
pnpm check
# === Security ===
audit: ## Run security audit
pnpm audit
secrets: ## Scan for secrets with gitleaks
@gitleaks detect --source . --verbose || (echo "Install gitleaks: brew install gitleaks" && exit 1)
security: audit secrets ## Run all security checks
# === Maintenance ===
clean: ## Clean build artifacts and caches
rm -rf dist coverage artifacts .test-traces* .traces
rm -rf node_modules/.cache
reset: clean ## Full reset: clean and reinstall
pnpm install
# === CI ===
ci: ## Run CI-equivalent local checks
pnpm check
# === Diagrams ===
diagrams: ## Generate architecture diagrams
@bash ./scripts/refresh-diagram-context.sh --force
# === Environment ===
env-check: ## Check environment policy envelope
@bash ./scripts/check-environment.sh