jekyll-theme-zer0 1.13.1 → 1.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ad83858a690a41ecdcffeb9d1666bdb477c74f5dc0e203bc0059a56e7ed68a2
-  data.tar.gz: 88b906b270107cc25861394ff63b9772b9b1758c39315a2758bbe45f42ec00cc
+  metadata.gz: 4cfcaf3d689c47878154509eba7578f52610d2d2b93ac70b1c0f1cc0ec2ce2b2
+  data.tar.gz: 6020f74226767a325b0591a7aebeb8140b9c6fe43dc7d597e0dadd483e26c7d6
 SHA512:
-  metadata.gz: a24b1b809afaff0913078bbdbf5ba74799c757d330203ef54f0bccc21e8d4fe82920430ce3d981a540bcea0ac89f8e31b1284eb92db60d0f89c3986b16891126
-  data.tar.gz: 01dd7a1a0ae1ab4f82936db64ecd509280c76714e80ae55be46c0f67dbca6c59efd5f7590960d11f46237380b6b680873f816e6bb72845d7726c24137b57e4c6
+  metadata.gz: e7e010b9a63a86c6dccc37662ac33ab0b908bc2a9e08cce8d54155750088f0cf5491fbc2f62114d312402a6add238009ab651ff986343a1c837f0433811e6e88
+  data.tar.gz: 50ff58b6a81b804e1cc906fa91df6b855b72115da6ffaf8a9dc3aa8545f086fa8ca1c343181ad6ab4c5f89e9557afc53225eaba9a98f5ecc05fd714fbb779cb3

data/CHANGELOG.md

@@ -5,6 +5,23 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.14.0] - 2026-06-11
+
+### Changed
+- Version bump: minor release
+
+### Commits in this release
+- 5de341aa feat(security): sanitize sensitive config lines in admin config-page DOM (T-009) (#140)
+- 42468785 chore(deps): update Ruby gem dependencies (#129)
+- 89e21988 Improve LinkedIn share flow with cleaned article summary (#99)
+
+### Security
+- **Admin config page (T-009 hardening)**: added a pure-Liquid line-redaction layer for the hidden `<pre id="cfg-full-yaml">` element — the `sanitize_config_yaml` plugin filter shipped in 1.13.1 does not run on GitHub Pages builds (safe mode ignores custom plugins, and the unknown filter is a silent no-op), so Pages-built sites were still injecting raw config; the Liquid layer protects every build path, with the plugin filter kept as defense-in-depth
+
+### Fixed
+- **Workflow lint (T-017)**: `version-bump.yml` now passes the repo yamllint config (trailing spaces, bracket spacing, sequence indentation) — these pre-existing violations failed the `auto-version` integration suite on every code PR once the T-012 gate went live; YAML verified semantically identical before/after
+- **Changelog tooling**: `update_changelog_file` normalizes trailing newlines on the entry, guaranteeing exactly one blank line before the next release block even when callers pass entries via command substitution (review feedback on the T-012 PR)
+
 ## [1.13.1] - 2026-06-11
 
 ### Changed

data/README.md

@@ -2,7 +2,7 @@
 title: zer0-mistakes
 sub-title: AI-Native Jekyll Theme
 description: AI-native Jekyll theme for GitHub Pages — Docker-first development, AI-powered installation, multi-agent integration (Copilot, Codex, Cursor, Claude), AI preview-image generation, and AIEO content optimization with Bootstrap 5.3.
-version: 1.13.1
+version: 1.14.0
 layout: landing
 tags:
   - jekyll
@@ -20,7 +20,7 @@ categories:
   - bootstrap
   - ai-tooling
 created: 2024-02-10T23:51:11.480Z
-lastmod: 2026-06-11T21:37:24.000Z
+lastmod: 2026-06-11T22:23:48.000Z
 draft: false
 permalink: /
 slug: zer0
@@ -830,10 +830,10 @@ gantt
     v1.9 Installer v2 & Site Scraper :done, 2026-05, 2026-05
     v1.10 Roadmap Validation     :done, 2026-06, 2026-06
     v1.11 Continuous-Evolution Loop :done, 2026-06, 2026-06
+    v1.12 Headless Endpoints     :done, 2026-06, 2026-06
     section Current
-    v1.12 Headless Endpoints     :active, 2026-06, 2026-06
+    v1.13 Zer0-Mistake Quality Framework :active, 2026-06, 2026-08
     section Future
-    v1.13 Zer0-Mistake Quality Framework :2026-06, 2026-08
     v2.0 CMS Integration         :2026-06, 2026-08
     v2.1 i18n Support            :2026-08, 2026-10
     v2.2 Advanced Analytics      :2026-10, 2026-12
@@ -864,8 +864,8 @@ gantt
 | **v1.9** | ✅ Completed | May 2026 | Modular installer v2 with deploy plugins, AI wizard pipeline, and a site scraper. |
 | **v1.10** | ✅ Completed | Jun 2026 | Roadmap integrity validation and catch-up milestones so the roadmap tracks the shipped gem. |
 | **v1.11** | ✅ Completed | Jun 2026 | Self-sustaining backlog loop so AI agents keep improving the repo between human sessions. |
-| **v1.12** | 🚧 In Progress | Current (1.12.x) | Machine-readable site endpoints for downstream sites and AI agents. |
-| **v1.13** | 🗓 Planned | Q3 2026 | Close the gap between the repo's quality gates and what CI actually enforces — no mistake lands green. |
+| **v1.12** | ✅ Completed | Jun 2026 | Machine-readable site endpoints for downstream sites and AI agents. |
+| **v1.13** | 🚧 In Progress | Current (1.13.x) | Close the gap between the repo's quality gates and what CI actually enforces — no mistake lands green. |
 | **v2.0** | 🗓 Planned | Q3 2026 | Headless CMS integration with a content API and admin dashboard. |
 | **v2.1** | 🗓 Planned | Q4 2026 | Multi-language content support with locale-aware routing. |
 | **v2.2** | 🗓 Planned | Q4 2026 | Visual theme customizer, A/B testing, and conversion funnels. |
@@ -909,7 +909,7 @@ git push origin feature/awesome-feature
 
 | Metric | Value |
 |--------|-------|
-| **Current Version** | 1.13.1 ([RubyGems](https://rubygems.org/gems/jekyll-theme-zer0), [CHANGELOG](/CHANGELOG)) |
+| **Current Version** | 1.14.0 ([RubyGems](https://rubygems.org/gems/jekyll-theme-zer0), [CHANGELOG](/CHANGELOG)) |
 | **Documented Features** | 43 ([Feature Registry](https://github.com/bamr87/zer0-mistakes/blob/main/_data/features.yml)) |
 | **Setup Time** | 2-5 minutes ([install.sh benchmarks](https://github.com/bamr87/zer0-mistakes/blob/main/install.sh)) |
 | **Documentation Pages** | 70+ ([browse docs](https://zer0-mistakes.com/pages/)) |
@@ -964,6 +964,6 @@ And these AI partners that make zer0-mistakes truly AI-native:
 
 **Built with ❤️ — and a little help from our AI partners — for the Jekyll community**
 
-**v1.13.1** • [Changelog](CHANGELOG.md) • [License](LICENSE) • [Contributing](CONTRIBUTING.md) • [AI Agent Guide](AGENTS.md)
+**v1.14.0** • [Changelog](CHANGELOG.md) • [License](LICENSE) • [Contributing](CONTRIBUTING.md) • [AI Agent Guide](AGENTS.md)
 
 

data/_data/backlog.yml

@@ -56,7 +56,7 @@
 meta:
   title: "zer0-mistakes Backlog"
   updated: 2026-06-11
-  next_id: 18
+  next_id: 19
 
 tasks:
   # --- Housekeeping (seeded so the loop has work on day one) ------------------
@@ -225,6 +225,9 @@ tasks:
       (`api_key`, `token`, PostHog `phc_*` keys, etc.) they are exposed in the page
       DOM. A regression test in `test/visual/security.spec.js` is frozen as
       `test.fixme` until a sanitisation pass is in place.
+      Done 2026-06-11: pure-Liquid line filter redacts matching lines before
+      DOM injection (GitHub Pages safe — no custom plugin); regression test
+      promoted to a live `test()`; visible Raw-YAML tab untouched.
     acceptance:
       - "The Liquid/Ruby that populates `<pre id=\"cfg-full-yaml\">` strips or masks keys matching `api_key`, `secret`, `password`, `token`, and `phc_` prefix before DOM injection."
       - "The `test.fixme` in `test/visual/security.spec.js` is promoted to a live `test()` and passes in CI."
@@ -405,7 +408,7 @@ tasks:
 
   - id: T-017
     title: "Fix yamllint violations in .github/workflows/version-bump.yml"
-    status: open
+    status: done
     priority: P2
     area: lint
     risk: low
@@ -417,6 +420,9 @@ tasks:
       integration test (which runs yamllint) to fail in CI on every PR. Discovered
       while babysitting PR #141 — the file was unchanged by that PR, confirming
       the failures are pre-existing.
+      Done 2026-06-11: full cleanup (trailing spaces, brackets, sequence
+      indentation) landed with the T-009 PR; YAML verified semantically
+      identical and yamllint exits 0 with the repo config.
     acceptance:
       - "`yamllint -c .github/config/.yamllint.yml .github/workflows/version-bump.yml` exits 0."
       - "`./scripts/test/integration/auto-version` passes the 'version-bump workflow syntax' check."
@@ -425,3 +431,26 @@ tasks:
     created: 2026-06-11
     updated: 2026-06-11
 
+  - id: T-018
+    title: "Admin config page displays a stale copy of _config.yml — keep it in sync safely"
+    status: open
+    priority: P2
+    area: feat
+    risk: standard
+    effort: M
+    source: audit
+    summary: >-
+      `pages/_about/settings/config.md` renders `pages/_about/settings/_config.yml`
+      via `include_relative` (Liquid cannot reach the repo root), and that copy
+      has drifted from the live `_config.yml` (it predates, e.g., the PostHog
+      analytics block). Found while implementing T-009. Caution: a naive
+      refresh would inject the live `phc_` api_key into the *visible* Raw-YAML
+      tab — any sync mechanism must sanitize the visible tab the same way
+      T-009 sanitizes the hidden copy element, or redact at sync time.
+    acceptance:
+      - "The config shown at /about/config/ matches the live `_config.yml` (automated sync step or build-time check that fails on drift)."
+      - "The visible Raw-YAML tab applies the same sensitive-line redaction as the hidden `cfg-full-yaml` element."
+      - "`test/visual/security.spec.js` raw-tab test passes without its silent skip path (locator matches the actual `code#cfg-raw-yaml` element)."
+    links: { issue: null, pr: null, roadmap: "1.13" }
+    created: 2026-06-11
+    updated: 2026-06-11

data/_data/roadmap.yml

@@ -60,7 +60,7 @@
 meta:
   title: "zer0-mistakes Roadmap"
   tagline: "Past releases, current focus, and future plans for the zer0-mistakes Jekyll theme."
-  updated: 2026-06-10
+  updated: 2026-06-11
 
 milestones:
   # --- Completed -------------------------------------------------------------
@@ -313,30 +313,28 @@ milestones:
       - "`/repo-audit` and `/backlog-implement` agent routines"
       - "Documentation maintenance system and consolidation"
 
-  # --- Current ---------------------------------------------------------------
-
   - version: "1.12"
     title: "Headless Endpoints"
-    status: active
-    section: Current
+    status: completed
+    section: Completed
     start: 2026-06
     end: 2026-06
-    target: "Current (1.12.x)"
+    released: 2026-06-03
     summary: "Machine-readable site endpoints for downstream sites and AI agents."
     features:
       - "Auto-generated `/search.json` endpoint for downstream sites"
       - "Auto-generated `/sitemap/` endpoint"
       - "Ruby gem and Mermaid dependency updates"
 
-  # --- Future ----------------------------------------------------------------
+  # --- Current ---------------------------------------------------------------
 
   - version: "1.13"
     title: "Zer0-Mistake Quality Framework"
-    status: planned
-    section: Future
+    status: active
+    section: Current
     start: 2026-06
     end: 2026-08
-    target: "Q3 2026"
+    target: "Current (1.13.x)"
     summary: "Close the gap between the repo's quality gates and what CI actually enforces — no mistake lands green."
     features:
       - "CI gate parity — PRs run the full canonical test entrypoint (lib unit, theme, integration, installer e2e), not a subset"

data/_includes/components/js-cdn.html

@@ -32,6 +32,9 @@
 <!-- Search modal controller -->
 <script src="{{ '/assets/js/search-modal.js' | relative_url }}"></script>
 
+<!-- Share helpers -->
+<script src="{{ '/assets/js/share-actions.js' | relative_url }}"></script>
+
 <!-- fffuel-style background customizer (skin switching, toggle, opacity) -->
 <script src="{{ '/assets/js/background-customizer.js' | relative_url }}"></script>
 

data/_includes/content/intro.html

@@ -46,6 +46,9 @@
 {% assign file_path = page_dir | append: "/" | append: page.path %}
 {% assign repo_parts = site.repository | split: "/" %}
 {% assign repo_owner = repo_parts[0] %}
+{% assign page_absolute_url = page.url | absolute_url %}
+{% assign linkedin_share_title = page.title | default: site.title | strip_html | strip_newlines | strip %}
+{% assign linkedin_share_description = page.description | default: page.excerpt | default: site.description | strip_html | strip_newlines | strip %}
 
 {% comment %}
   Resolve author display name and optional profile URL from page front matter,
@@ -233,12 +236,19 @@
       </button>
       <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="shareDropdownBottom">
         <li>
-          <a class="dropdown-item" href="https://reddit.com/submit?url={{ site.url | append: page.url | url_encode }}&amp;title={{ page.title | url_encode }}" target="_blank">
+          <a class="dropdown-item" href="https://reddit.com/submit?url={{ page_absolute_url | uri_escape }}&amp;title={{ page.title | uri_escape }}" target="_blank" rel="noopener noreferrer">
             <i class="bi bi-reddit me-2"></i>Share on Reddit
           </a>
         </li>
         <li>
-          <a class="dropdown-item" href="https://www.linkedin.com/sharing/share-offsite/?url={{ site.url | append: page.url | url_encode }}" target="_blank">
+          <a class="dropdown-item js-linkedin-share"
+             href="https://www.linkedin.com/sharing/share-offsite/?url={{ page_absolute_url | uri_escape }}"
+             target="_blank"
+             rel="noopener noreferrer"
+             title="Copies a cleaned article summary to your clipboard, then opens LinkedIn sharing"
+             data-share-url="{{ page_absolute_url | escape }}"
+             data-share-title="{{ linkedin_share_title | escape }}"
+             data-share-description="{{ linkedin_share_description | escape }}">
             <i class="bi bi-linkedin me-2"></i>Share on LinkedIn
           </a>
         </li>
@@ -332,4 +342,4 @@
       </div>
     </div>
   </div>
-</div>
+</div>

data/_layouts/note.html

@@ -1,6 +1,9 @@
 ---
 layout: default
 ---
+{% assign page_absolute_url = page.url | absolute_url %}
+{% assign linkedin_share_title = page.title | default: site.title | strip_html | strip_newlines | strip %}
+{% assign linkedin_share_description = page.description | default: page.excerpt | default: site.description | strip_html | strip_newlines | strip %}
 <!--
   ===================================================================
   NOTE LAYOUT - Quick Notes and Reference Display
@@ -153,11 +156,17 @@ layout: default
              class="btn btn-outline-primary btn-sm" target="_blank" rel="noopener noreferrer" aria-label="Share on X">
             <i class="bi bi-twitter-x"></i> X
           </a>
-          <a href="https://www.linkedin.com/sharing/share-offsite/?url={{ site.url | append: page.url | uri_escape }}" 
-             class="btn btn-outline-primary btn-sm" target="_blank" rel="noopener noreferrer">
+          <a href="https://www.linkedin.com/sharing/share-offsite/?url={{ page_absolute_url | uri_escape }}"
+             class="btn btn-outline-primary btn-sm js-linkedin-share"
+             data-share-url="{{ page_absolute_url | escape }}"
+             data-share-title="{{ linkedin_share_title | escape }}"
+             data-share-description="{{ linkedin_share_description | escape }}"
+             title="Copies a cleaned article summary to your clipboard, then opens LinkedIn sharing"
+             target="_blank" rel="noopener noreferrer">
             <i class="bi bi-linkedin"></i> LinkedIn
           </a>
-          <a href="mailto:?subject={{ page.title | uri_escape }}&body={{ site.url | append: page.url | uri_escape }}" 
+          <a href="mailto:?subject={{ page.title | uri_escape }}&body={{ page_absolute_url | uri_escape }}"
+             title="Share this note by email"
              class="btn btn-outline-primary btn-sm">
             <i class="bi bi-envelope"></i> Email
           </a>

data/assets/js/share-actions.js

@@ -0,0 +1,156 @@
+(function () {
+  'use strict';
+
+  function normalizeWhitespace(text) {
+    return (text || '').replace(/\s+/g, ' ').trim();
+  }
+
+  function dedupeSections(sections) {
+    return sections.filter((section, index) => {
+      if (!section) return false;
+      const normalized = section.toLowerCase();
+      return !sections.slice(0, index).some((previous) => previous && previous.toLowerCase() === normalized);
+    });
+  }
+
+  function truncateToSentence(text, maxLength) {
+    if (text.length <= maxLength) return text;
+
+    const trimmed = text.slice(0, maxLength);
+    const sentenceBreak = Math.max(
+      trimmed.lastIndexOf('. '),
+      trimmed.lastIndexOf('! '),
+      trimmed.lastIndexOf('? ')
+    );
+
+    if (sentenceBreak > Math.floor(maxLength * 0.6)) {
+      return trimmed.slice(0, sentenceBreak + 1).trim();
+    }
+
+    const lastSpace = trimmed.lastIndexOf(' ');
+    const endIndex = lastSpace > 0 ? lastSpace : maxLength;
+    return `${trimmed.slice(0, endIndex).trim()}…`;
+  }
+
+  function getShareContentRoot() {
+    return document.querySelector('[itemprop="articleBody"]')
+      || document.querySelector('.bd-content')
+      || document.querySelector('main')
+      || document.body;
+  }
+
+  function extractCleanExcerpt(description) {
+    const contentRoot = getShareContentRoot();
+    const normalizedDescription = normalizeWhitespace(description).toLowerCase();
+    const paragraphTexts = Array.from(contentRoot.querySelectorAll('p'))
+      .map((paragraph) => normalizeWhitespace(paragraph.textContent))
+      .filter((paragraph) => paragraph.length > 40)
+      .filter((paragraph) => {
+        const normalizedParagraph = paragraph.toLowerCase();
+        return !normalizedDescription
+          || (normalizedParagraph !== normalizedDescription && !normalizedParagraph.includes(normalizedDescription));
+      });
+
+    const combinedParagraphs = paragraphTexts.slice(0, 4).join(' ');
+    const fallbackText = normalizeWhitespace(contentRoot.textContent);
+    const candidateText = combinedParagraphs || fallbackText;
+
+    return truncateToSentence(candidateText, 420);
+  }
+
+  function buildLinkedInShareText(anchor) {
+    const title = normalizeWhitespace(anchor.dataset.shareTitle || document.title);
+    const description = normalizeWhitespace(
+      anchor.dataset.shareDescription
+      || document.querySelector('meta[name="description"]')?.getAttribute('content')
+      || ''
+    );
+    const excerpt = extractCleanExcerpt(description);
+    const url = normalizeWhitespace(anchor.dataset.shareUrl || window.location.href);
+
+    return dedupeSections([title, description, excerpt, url]).join('\n\n');
+  }
+
+  async function copyShareText(text) {
+    if (!navigator.clipboard || typeof navigator.clipboard.writeText !== 'function') {
+      return false;
+    }
+
+    try {
+      await navigator.clipboard.writeText(text);
+      return true;
+    } catch (error) {
+      console.warn('LinkedIn share copy failed:', error);
+      return false;
+    }
+  }
+
+  function openShareWindow(href) {
+    return window.open(href || 'about:blank', '_blank', 'noopener,noreferrer');
+  }
+
+  function notify(message, type) {
+    const notification = document.createElement('div');
+    notification.className = `alert alert-${type || 'info'} shadow position-fixed top-0 end-0 m-3`;
+    notification.style.zIndex = '1085';
+    notification.setAttribute('role', 'status');
+    notification.textContent = message;
+    document.body.appendChild(notification);
+
+    window.setTimeout(() => {
+      notification.remove();
+    }, 4000);
+  }
+
+  function bindLinkedInShare(anchor) {
+    if (anchor.dataset.linkedinShareBound === 'true') return;
+
+    anchor.dataset.linkedinShareBound = 'true';
+    anchor.addEventListener('click', async function (event) {
+      event.preventDefault();
+
+      const shareWindow = openShareWindow('', '_blank');
+
+      const shareText = buildLinkedInShareText(anchor);
+      const copied = await copyShareText(shareText);
+
+      if (shareWindow) {
+        shareWindow.location = anchor.href;
+      } else {
+        window.location.assign(anchor.href);
+      }
+
+      if (copied) {
+        notify('A cleaned LinkedIn-ready summary was copied to your clipboard. Paste it on LinkedIn after the share page opens.', 'info');
+      } else {
+        notify('LinkedIn opened, but clipboard access was unavailable. Copy the summary manually if needed.', 'warning');
+      }
+    });
+  }
+
+  function bindCopyButton(button) {
+    if (button.dataset.copyBound === 'true') return;
+
+    button.dataset.copyBound = 'true';
+    button.addEventListener('click', async function () {
+      const copied = await copyShareText(button.dataset.copyText || '');
+
+      if (copied) {
+        notify(button.dataset.copySuccess || 'Copied to clipboard.', 'success');
+      } else {
+        notify('Clipboard access was unavailable.', 'warning');
+      }
+    });
+  }
+
+  function initLinkedInShareButtons() {
+    document.querySelectorAll('.js-linkedin-share').forEach(bindLinkedInShare);
+    document.querySelectorAll('.js-copy-share-link').forEach(bindCopyButton);
+  }
+
+  if (document.readyState === 'loading') {
+    document.addEventListener('DOMContentLoaded', initLinkedInShareButtons);
+  } else {
+    initLinkedInShareButtons();
+  }
+})();

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jekyll-theme-zer0
 version: !ruby/object:Gem::Version
-  version: 1.13.1
+  version: 1.14.0
 platform: ruby
 authors:
 - Amr Abdel
@@ -306,6 +306,7 @@ files:
 - assets/js/posts-pagination.js
 - assets/js/search-modal.js
 - assets/js/setup-wizard.js
+- assets/js/share-actions.js
 - assets/js/side-bar-folders.js
 - assets/js/skin-editor.js
 - assets/js/stats.js