diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ffbb088..70bfb505 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,17 +6,16 @@ - Treat GitHub `neutral` check-run conclusions as non-failing in the `require-ci-green-before-stop` policy (e.g. Socket Security: Pull Request Alerts when the head branch is from an outside contributor and Socket can't process it). Previously the policy treated anything other than `success` / `skipped` / `cancelled` as failing, producing false-positive Stop blocks on PRs whose only "non-green" check was an explicit `neutral` (#410). - Fix the `bump-platform-submodule.yml` workflow's first post-merge push, which failed with `fatal: could not read Username for 'https://github.com'`. The `persist-credentials: false` hardening from #394 left the cross-repo `git push`/`fetch` unauthenticated, and the inline `Authorization: bearer …` extraheader only authenticates GitHub's REST API — git-over-HTTPS smart-protocol expects Basic auth with `x-access-token:`. Switch to a base64-encoded Basic header (matching `actions/checkout`'s own internal extraheader format) so the push and the rebase-and-retry fetch in the loop both authenticate (#395). -### Docs -- Add `docs/.vale.ini` and a `Mintlify` Vocab accept-list to suppress noisy `Mintlify Validation (exosphere) - vale-spellcheck` CI failures. Disables `Vale.Spelling` on the 14 translated language subdirs (`ar/`, `de/`, …, `zh/`) and `i18n/`, since running an English dictionary over auto-translated content produces only noise; keeps spellcheck active on the canonical English `*.{md,mdx}` files with a project Vocab covering brand names (`failproofai`, `Claude`, `Codex`, …), CLI tooling (`npx`, `bunx`, `gcloud`, `systemctl`, …), and Claude Code event names (`PreToolUse`, `SessionStart`, …) (#410). - ### Features - Add a `bump-platform-submodule.yml` workflow that pushes a matching `failproofai/oss` gitlink bump to `FailproofAI/platform` `main` on every merge into this repo's `main`, so the monorepo's pinned submodule commit tracks upstream automatically. Uses a `PLATFORM_BUMP_TOKEN` repo secret (fine-grained PAT, contents: read & write on `FailproofAI/platform`) for cross-repo auth, a concurrency group to serialize back-to-back merges, and a rebase-and-retry loop to stay race-safe against humans pushing to platform `main` between checkout and push (#394). - Add a supply-chain security CI gate: OSV-Scanner (`.github/workflows/osv-scanner.yml`) scans the resolved `bun.lock` tree against OSV.dev (GitHub/npm advisories + the OpenSSF malicious-packages feed) on every PR (incl. Dependabot bumps), on pushes to `main`, and weekly, and **blocks on any known-vulnerable or malicious dependency**. Adds a Socket GitHub App behavioral early-warning layer, an `osv-scanner.toml` allow-list for unfixable advisories, a README supply-chain status badge, and a `SECURITY.md` policy/runbook. Remediates the 18 pre-existing transitive advisories surfaced by the new gate (brace-expansion, flatted, minimatch, picomatch, postcss, vite, ws) by refreshing `bun.lock` within range, with `overrides` pinning `postcss` to the patched 8.5.x line (Next.js pins the vulnerable 8.4.31) and holding `eslint-plugin-react-hooks` at main's 7.0.1 so the refresh doesn't also bump the linter (#391). - Stamp `product: "failproofai-oss"` on every PostHog event across all four telemetry channels — hooks/audit (`trackHookEvent`), server (`trackEvent`), web UI (`captureClientEvent`), and npm-lifecycle install/uninstall (`trackInstallEvent`) — so OSS events stay distinguishable from any future hosted surface. The value lives in a single `POSTHOG_PRODUCT` constant in `src/posthog-key.ts`, reused by the three TypeScript channels; the standalone `scripts/install-telemetry.mjs` inlines the same literal because it can't import the TS module at install time. Honors `FAILPROOFAI_TELEMETRY_DISABLED=1` like all other telemetry (#380). ### Docs +- Add `docs/.vale.ini` and a `Mintlify` Vocab accept-list to suppress noisy `Mintlify Validation (exosphere) - vale-spellcheck` CI failures. Disables `Vale.Spelling` on the 14 translated language subdirs (`ar/`, `de/`, …, `zh/`) and `i18n/`, since running an English dictionary over auto-translated content produces only noise; keeps spellcheck active on the canonical English `*.{md,mdx}` files with a project Vocab covering brand names (`failproofai`, `Claude`, `Codex`, …), CLI tooling (`npx`, `bunx`, `gcloud`, `systemctl`, …), and Claude Code event names (`PreToolUse`, `SessionStart`, …) (#410). - Update the README logo (EN + 14 translated READMEs) from `logo-wordmark.png` to the new `fa_updated_full.svg` wordmark served on befailproof.ai (#387). - Change the README supply-chain badge from the live OSV-Scanner workflow-status badge (`supply chain: passing`) to a static `supply chain: secure` badge, still linked to the workflow runs (#393). +- Add a Bitcount Prop Single font template under `templates/bitcount-font/` (next/font loader + framework-agnostic CSS with tunable knobs) capturing the befailproof.ai title treatment for reuse. Bundles a self-hosted static instance (`bitcount-prop-single.woff2`, wght 417 + ELSH 55 baked in) so the rounded-square shape renders consistently on every device, avoiding Google Fonts' CDN serving a static default-instance to mobile user-agents (where `font-variation-settings: "ELSH" 55` silently no-ops and the title renders as round dots) (#390). ## 0.0.11-beta.2 — 2026-05-21 diff --git a/templates/bitcount-font/README.md b/templates/bitcount-font/README.md new file mode 100644 index 00000000..adb4ef22 --- /dev/null +++ b/templates/bitcount-font/README.md @@ -0,0 +1,42 @@ +# Bitcount Prop Single — font template + +The title / wordmark treatment from **befailproof.ai**, packaged so you can drop +the exact same look into any project. + +**Fine-tuned instance:** `font-variation-settings: "wght" 417, "ELSH" 55` (slnt 0), +horizontally squished `scaleX(0.9)`, `letter-spacing: 0.08em`, lowercase. All four +are exposed as knobs in `bitcount.css`. + +## Files +- `bitcount.css` — the reusable `.bitcount-title` class + tunable `:root` knobs, plus a self-host `@font-face`. Framework-agnostic. +- `bitcount-prop-single.woff2` — self-hosted static instance with `wght 417` + `ELSH 55` baked in (no runtime variable-axis dependency, renders correctly on every device including phones). +- `fonts.ts.example` — Next.js `next/font/google` loader (rename to `fonts.ts`). Matches how befailproof.ai loads it. + +## Use it + +### Next.js +1. Rename `fonts.ts.example` → `fonts.ts`, import `bitcount` in your root layout, add `bitcount.variable` to ``. +2. Import `bitcount.css` and **delete its `@font-face` block** (next/font already provides `--font-bitcount`). +3. Add `class="bitcount-title"` to headings / wordmarks. + +### Anywhere else +1. Copy `bitcount.css` + the bundled `bitcount-prop-single.woff2` into your project (keep them in the same folder so the relative `url(...)` in `@font-face` resolves). +2. Import `bitcount.css`, add `class="bitcount-title"` to your headings / wordmarks. + +> **Why a bundled static woff2?** Google Fonts' CDN serves a static default-instance of Bitcount Prop Single to many mobile user-agents, so `font-variation-settings: "ELSH" 55` silently no-ops on phones and the title renders as round dots instead of rounded squares. Self-hosting an already-instanced woff2 avoids that. + +## Tuning knobs (`:root` in `bitcount.css`) +| Variable | Default | Effect | +|---|---|---| +| `--title-scale` | `0.9` | title size multiplier | +| `--title-squish` | `0.9` | horizontal `scaleX` squish | +| `--title-tracking` | `0.08em` | letter-spacing | + +To re-tune the glyph shape itself, change `"wght"` / `"ELSH"` in the +`font-variation-settings` of `.bitcount-title`. + +## Provenance +Recovered from the befailproof.ai web platform (PR #374). Axis values verified +against the final iteration of that work (earlier passes used wght 413/414 and +ELSH 51.4 before settling on **417 / 55**). The exact `--title-scale` application +and the fallback stack are reconstructed from the session — adapt to your project. diff --git a/templates/bitcount-font/bitcount-prop-single.woff2 b/templates/bitcount-font/bitcount-prop-single.woff2 new file mode 100644 index 00000000..edd36b64 Binary files /dev/null and b/templates/bitcount-font/bitcount-prop-single.woff2 differ diff --git a/templates/bitcount-font/bitcount.css b/templates/bitcount-font/bitcount.css new file mode 100644 index 00000000..f37e911b --- /dev/null +++ b/templates/bitcount-font/bitcount.css @@ -0,0 +1,49 @@ +/* ===================================================================== + Bitcount Prop Single — title / wordmark treatment + Source: befailproof.ai (recovered from web platform PR #374) + + Fine-tuned instance: wght 417, ELSH 55 (slnt default 0). ELSH is + Bitcount's "Element Shape" axis: 55 = rounded squares; the font's + default 0 = round dots. + + THIS FOLDER SHIPS A SELF-HOSTED STATIC INSTANCE + (bitcount-prop-single.woff2 — wght 417 + ELSH 55 baked in). That is the + reliable path: it renders the rounded-square shape on every device, + phones included, with no dependency on variable-axis support. + + Why not the Google Fonts CDN? Google serves a STATIC default-instance + file to many mobile user-agents, so `font-variation-settings: "ELSH" 55` + silently no-ops there and you get the default round dots. Self-hosting + (or next/font, which also self-hosts) avoids that. See fonts.ts.example. + ===================================================================== */ + +/* Self-hosted static instance — rounded squares baked in (no runtime axis needed). */ +@font-face { + font-family: "Bitcount Prop Single"; + src: url("./bitcount-prop-single.woff2") format("woff2"); + font-weight: 400; /* instanced at wght 417 */ + font-display: swap; +} + +:root { + --font-bitcount: "Bitcount Prop Single"; + --font-display: var(--font-bitcount), "VT323", ui-monospace, monospace; + + /* fine-tuned knobs from befailproof.ai. Shape/weight are baked into the + bundled woff2; these three control layout. */ + --title-scale: 0.9; /* title size multiplier */ + --title-squish: 0.9; /* horizontal scaleX squish */ + --title-tracking: 0.08em; /* letter-spacing */ +} + +.bitcount-title { + font-family: var(--font-display); + /* No-op on the bundled static font (shape is baked in); applies the same + instance if you swap in the VARIABLE font instead, e.g. via next/font. */ + font-variation-settings: "wght" 417, "ELSH" 55; + letter-spacing: var(--title-tracking); + text-transform: lowercase; + transform: scaleX(var(--title-squish)); + transform-origin: left center; + font-size: calc(1em * var(--title-scale)); +} diff --git a/templates/bitcount-font/fonts.ts.example b/templates/bitcount-font/fonts.ts.example new file mode 100644 index 00000000..04c7a3fb --- /dev/null +++ b/templates/bitcount-font/fonts.ts.example @@ -0,0 +1,23 @@ +// Bitcount Prop Single — Next.js loader (next/font/google). +// Rename to `fonts.ts`. Exposes the `--font-bitcount` CSS variable that +// bitcount.css consumes. `axes: ['ELSH']` opts into the Element Shape axis +// (wght is variable by default); the specific instance (wght 417, ELSH 55) +// is pinned in bitcount.css via font-variation-settings, not here. +// +// Shipped as `.ts.example` so this repo's tsc/eslint skip it. Rename on use. +import { Bitcount_Prop_Single } from 'next/font/google'; + +export const bitcount = Bitcount_Prop_Single({ + subsets: ['latin'], + axes: ['ELSH'], + variable: '--font-bitcount', + display: 'swap', +}); + +// In your root layout: +// import { bitcount } from './fonts'; +// export default function RootLayout({ children }: { children: React.ReactNode }) { +// return {children}; +// } +// +// Then anything with class="bitcount-title" picks up the tuned treatment.