jekyll-theme-zer0 1.19.1 → 1.20.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eee5e695e786a8beae6a6a98fe23447c7d93efc282ff035b2a8ceb1b7a645dc2
-  data.tar.gz: 4eaec3a38a92a070546da29b0f68e5ca1c88ca2bde5b4cb39099f1f5029628e4
+  metadata.gz: 2871e1d0cd0522e37b6bac85065edfe6767fc749c39a0ac257fec51dbff97691
+  data.tar.gz: 12d1d870ed1115cd2044446c66b318f4d6e6c65b1ca3a59493353e5a9d6402a9
 SHA512:
-  metadata.gz: faae528fee5ced31d52aaacc0d68868613abe1fdfe79286e2c80aca63eff2c6513f9cb0920f795251348a6e2171ca9dc7d3eae55062ca89fe20c01ed4d5060e4
-  data.tar.gz: 6e67acd65dc9bcc7bdd86fafb65c1262a09494de52ca86f9593030cdd48331981de7bbe9324e27e36505d49017a6623653cd56b2cc26ff0fd2989819fbc0d780
+  metadata.gz: 25198dd08404a6ae41724e8e172ce38f832f19b34efd83761cff86ba033c5952e2d315dad70c75b343cb0c94e216c1d5755a0c53048252a2bd7a1c1a61ac590b
+  data.tar.gz: 49d28d829375c95f39986c6e19ff37d524e06f00ae7c388b743e6cd073a35f9c4717aa47f877bb8802d7c5f12fc1f2dd2d618c12785a6342f8a2164774fe6576

data/CHANGELOG.md

@@ -5,6 +5,401 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.20.2](https://github.com/bamr87/zer0-mistakes/compare/v1.20.1...v1.20.2) (2026-06-25)
+
+
+### Bug Fixes
+
+* **navigation:** stop fixed navbar being cut off by page overflow ([#215](https://github.com/bamr87/zer0-mistakes/issues/215)) ([8c32563](https://github.com/bamr87/zer0-mistakes/commit/8c325633ab7f82f96fa5605716d995fc84935af9))
+* **release:** re-sync Gemfile.lock and package-lock.json to 1.20.1 ([#216](https://github.com/bamr87/zer0-mistakes/issues/216)) ([294575b](https://github.com/bamr87/zer0-mistakes/commit/294575b6b70c1a2ee7f08e839457dcd30625043b))
+
+## [1.20.1](https://github.com/bamr87/zer0-mistakes/compare/v1.20.0...v1.20.1) (2026-06-24)
+
+
+### Bug Fixes
+
+* harden remote-theme consumer experience + vendor cytoscape ([#205](https://github.com/bamr87/zer0-mistakes/issues/205)) ([c6b0312](https://github.com/bamr87/zer0-mistakes/commit/c6b0312312842c9bf88fccd81472483fb4d15284))
+* **layouts:** render hero image for breaking posts, not just featured ([#189](https://github.com/bamr87/zer0-mistakes/issues/189)) ([4473a07](https://github.com/bamr87/zer0-mistakes/commit/4473a072fcc5d1018a196f8be94af5e0ba31620a))
+
+## [1.20.0](https://github.com/bamr87/zer0-mistakes/compare/v1.19.0...v1.20.0) (2026-06-22)
+
+
+### Features
+
+* **authors:** unified author profiles & About-the-Author across collections ([#193](https://github.com/bamr87/zer0-mistakes/issues/193)) ([a6db304](https://github.com/bamr87/zer0-mistakes/commit/a6db30422a5bce69a55acaba2989b461d781e013))
+* **scripts:** add dependency-free preview-image pixelator ([#178](https://github.com/bamr87/zer0-mistakes/issues/178)) ([ada91ee](https://github.com/bamr87/zer0-mistakes/commit/ada91ee255d790ea94063419afc8ff9621fe06b0))
+
+
+### Bug Fixes
+
+* **chat-proxy:** identify as Claude Code for subscription OAuth tokens ([#185](https://github.com/bamr87/zer0-mistakes/issues/185)) ([8924efd](https://github.com/bamr87/zer0-mistakes/commit/8924efd167f3cddf866df2225c069470d0f8f13a))
+* **config:** restore remote_theme contract + add missing lastmod (unblocks CI) ([#174](https://github.com/bamr87/zer0-mistakes/issues/174)) ([b995115](https://github.com/bamr87/zer0-mistakes/commit/b995115a4ffb745704f1111539085a610ba94053))
+* **config:** restore zer0-mistakes.com site identity + CNAME (site was down) ([#176](https://github.com/bamr87/zer0-mistakes/issues/176)) ([9ef8ff8](https://github.com/bamr87/zer0-mistakes/commit/9ef8ff8335e0a9f394da1ec342f388d31470eb22))
+
+
+### Performance Improvements
+
+* slim Docker build, cache page-invariant chrome, drop dead vendor weight ([#186](https://github.com/bamr87/zer0-mistakes/issues/186)) ([28ba4eb](https://github.com/bamr87/zer0-mistakes/commit/28ba4eb0948b60cee94415865f66dd4a9a58391d))
+
+
+### Reverts
+
+* remove Year of AI / org content-hub pivot, restore theme landing page ([#180](https://github.com/bamr87/zer0-mistakes/issues/180)) ([3960f65](https://github.com/bamr87/zer0-mistakes/commit/3960f65b1af4c750216deda0d032a309b0f93b78))
+
+## [Unreleased]
+
+### Added
+- **Visual-evidence standard + reusable evidence kit.** UI/behavioural changes
+  now ship a regression test **and** before/after visual evidence, surfaced in
+  release notes and enforced in CI:
+  - `test/visual/evidence-kit.mjs` — a config-driven generator that drives the
+    live site across a viewport matrix + configurations, measures page overflow
+    in before/after states, composes labelled montages (Playwright, no
+    ImageMagick), and writes `metrics.json` + a CHANGELOG snippet.
+  - `.github/skills/visual-evidence/SKILL.md` + `visual-evidence.instructions.md`
+    codify the standard (and how to file issues a fix uncovers into the backlog
+    loop). Indexed from `AGENTS.md`, `CLAUDE.md`, and the instructions README.
+  - `.github/workflows/evidence-gate.yml` — a required check that fails a UI PR
+    missing the test/evidence (opt-out label `skip-evidence`).
+  - **Autonomy policy extended** (`continuous-evolution.md`,
+    `backlog-implement.prompt.md`, `auto-merge.yml`): a `risk: low` **fix** that
+    ships tests + evidence is now auto-merge-eligible alongside docs/deps/lint.
+
+### Fixed
+- **Navbar no longer appears "cut off" at certain widths.** The root cause was
+  page-level horizontal overflow, not the navbar itself: because the header is
+  `position: fixed`, any element that pushed the page wider than the viewport
+  (a wide markdown table, a long inline-code token, an unwrapped Bootstrap
+  `.row`) created a sideways scrollbar and left the navbar's right edge
+  uncovered. Fixes:
+  - Wide content tables now scroll **inside** their `.content-table-wrapper`
+    card (`overflow-x: auto`) instead of overflowing the page — the wrapper that
+    `table-copy.js` injects previously had `overflow: visible`, which also
+    bypassed the existing mobile responsive-table fallback.
+  - Long unbroken inline-code tokens wrap in content areas instead of forcing a
+    horizontal scrollbar.
+  - A theme-wide `html { overflow-x: clip }` safety net guarantees no stray
+    element can make the fixed navbar look cut off. `clip` is used instead of
+    `hidden` so `position: sticky` (docs sidebar / TOC) keeps working; wide
+    content keeps its own local scroll so nothing is hidden.
+  - The mobile menu/settings offcanvas width is clamped (`min(21rem, 86vw)`) so
+    the slide-in panel and its close button always fit narrow phones, instead of
+    Bootstrap's fixed 400px overflowing the viewport.
+- **Giscus comments were silently disabled** ([#201](https://github.com/bamr87/zer0-mistakes/issues/201)).
+  `_config.yml` defined the comment block under the misspelled key `gisgus:`
+  while every template reads `site.giscus`, so comments never rendered. Renamed
+  the key to `giscus:`. Fixing this also surfaced and fixed a latent
+  include-path error in `_includes/content/giscus.html` (a literal
+  `include giscus.html` Liquid tag inside an HTML doc comment) that only fired
+  once comments were enabled.
+- **Theme chrome no longer injects internal links that 404 for remote-theme
+  Pages consumers** ([#204](https://github.com/bamr87/zer0-mistakes/issues/204)).
+  Tag badges (`article`/`note`/`notebook`), the breadcrumb collection-root crumb,
+  the local-graph "Full graph" link, and author byline profile links are now
+  **existence-gated** — they render as plain text when the target page isn't in
+  the build instead of linking to a 404. The post category base is configurable
+  via `category_base` (default `/news`); the tags page via `tags_page` (default
+  `/tags/`); the full-graph page via `obsidian_graph_url`.
+
+### Changed
+- **Vendored cytoscape.js** ([#152](https://github.com/bamr87/zer0-mistakes/issues/152)),
+  the last runtime CDN dependency in the theme. `cytoscape@3.30.0` is committed
+  under `assets/vendor/cytoscape/` (matching the Bootstrap/Icons/Mermaid
+  pattern) and loaded locally by the Obsidian local-graph FAB and full-graph
+  page, so the graph works under strict CSP and offline. Added to
+  `vendor-manifest.json`.
+
+### Added
+- **Dev-mode navbar fit warnings.** On local/dev hosts only, the navbar module
+  logs an actionable `console.warn` when the inline menubar has more top-level
+  items than fit the bar, or when page content overflows the viewport (the usual
+  "navbar looks cut off" cause) — naming the widest offending element. Silent on
+  deployed sites.
+- **Quickstart documentation hub + fork/remote-theme guide (#126).** Fleshes out
+  `pages/_docs/quickstart/` (previously only `bare-minimum.md`): a new
+  `index.md` hub that links the available quickstart paths (bare-minimum,
+  fork-and-deploy, and the step-by-step series), and a full
+  `fork-and-deploy.md` guide covering the standard fork or remote-theme GitHub
+  Pages workflow end to end (choose model → setup → local preview → enable Pages
+  → verify → troubleshoot). Both pages carry annotated screenshots under
+  `assets/images/docs/quickstart/` and score 🟢 excellent in the content
+  reviewer.
+- **Remote-theme consumer checklist doc**
+  ([#203](https://github.com/bamr87/zer0-mistakes/issues/203),
+  [#202](https://github.com/bamr87/zer0-mistakes/issues/202)). New
+  `pages/_docs/deployment/remote-theme-checklist.md` documenting what
+  `remote_theme` does not deliver on GitHub Pages (config, data, plugins) and how
+  to fill each gap — including the hand-authored `/search.json` + `/sitemap/`
+  files that the plugin-only generator can't produce in Pages safe mode.
+- **Contributor workflow guardrails.** New `change-workflow` skill
+  (`.github/skills/change-workflow/SKILL.md`) codifying the branch → commit → PR
+  flow for any change (branch-first, one concern per PR, stage-by-path,
+  worktrees for parallel work, splitting a messy working tree). Paired with
+  expanded `version-control.instructions.md` rules — working-tree/branch
+  discipline, the `version.rb` ↔ `Gemfile.lock` invariant, and keeping generated
+  artifacts out of feature PRs — and indexed from `AGENTS.md`, `CLAUDE.md`, and
+  `.github/instructions/README.md`.
+### Tests
+- **Navbar responsiveness regression suite.** New
+  `test/visual/navbar-responsive.spec.js` (smoke tier) sweeps a 16-width matrix
+  (320 → 1920px) asserting no page-level horizontal overflow, the fixed header
+  spans the full viewport, the search/settings cluster stays on-screen, the
+  brand renders, and the inline menubar never clips its items. Adds offcanvas-,
+  dropdown-, long-title-, and many-items- fit checks, plus a reusable
+  `measureNavbarLayout()` fixture (overflow detection is element-level so it
+  still catches regressions the `overflow-x: clip` net would otherwise hide).
+- **Unit tests for the `content-review.rb` scoring engine (#166).** New
+  `scripts/test/lib/test_content_review.sh` drives the deterministic content
+  reviewer against synthetic Markdown fixtures using the real production config
+  and schema: asserts a well-formed docs page scores ≥ 80, that removing the
+  required `description` lowers the score and reports the issue, that a closing
+  bare ` ``` ` after a language-tagged fence is not flagged (the v1.18.1
+  regression), and that `--strict` exits non-zero when a file is below the fail
+  threshold (while warn mode exits 0). Runs under `LC_ALL=C` for
+  locale-independence parity with the T-015 guard.
+- **Playwright smoke specs for the search modal and AI chat widget (#167,
+  #168).** New `test/visual/search.spec.js` covers the site-wide search modal
+  (ZER0-032): the `/` shortcut opens it and focuses the input, Escape closes it,
+  a query populates results from `/search.json`, and opening search closes the
+  Settings offcanvas without stacking backdrops. New `test/visual/ai-chat.spec.js`
+  covers the AI chat widget (ZER0-060): the render guard's positive path (FAB +
+  config present), and the FAB ⇄ panel toggle via click, close button, and
+  Escape — all client-side, no AI backend. Note: the smoke build
+  (`_config.yml,_config_dev.yml`) sets `ai_chat.proxy_ready: true`, so the widget
+  renders in the test environment; the specs assert that real behavior.
+- **CI coverage for the installer wizard and upgrade path (#147).** New
+  `test/test_install_wizard_upgrade.sh` (auto-discovered by the
+  `test_install_*.sh` glob in CI) covers two previously-untested libraries:
+  it drives the non-AI wizard prompt helpers (`_wiz_prompt`, `_wiz_confirm`,
+  `_wiz_choose`) non-interactively with piped answers — defaults, typed input,
+  yes/no confirmation, numbered/by-name menu selection, out-of-range fallback —
+  and exercises `upgrade.sh` end to end: version detection (marker, `_config.yml`
+  fallback, unknown), a detect→migrate→verify run across a version gap, the
+  dry-run (no-write) branch, and the already-current no-op branch.
+- **Unit tests for `sanitize_config_filter.rb` (T-023).** Added 12 Minitest
+  specs to `test/test_plugins.rb` covering both regex paths of the
+  security-critical Liquid filter: `SENSITIVE_KEY_RE` matches `api_key`,
+  `apikey`, `secret`, `password`, and `token` (case-insensitive); `PHC_VALUE_RE`
+  catches PostHog project keys; mixed multi-line input produces correct partial
+  redaction; and edge cases (`nil`, empty string) return without error.
+### Added
+- **Author profiles ("About the Author") across all collections.** A single,
+  layered author system replaces the three divergent ad-hoc treatments that
+  existed before:
+  - `components/author-card.html` is now the canonical rendering primitive
+    (`inline` / `compact` / `full`), with avatars, profile links, schema.org
+    `Person` microdata, and expertise chips.
+  - New `components/author-bio.html` renders the shared "About the Author"
+    section (used by the `article`, `note`, and `notebook` layouts), gated by
+    the previously-unused `author_profile` front-matter flag.
+  - New `author` / `authors` layouts add per-author profile pages at
+    `/authors/:key/` (content aggregated across **every** collection) and an
+    `/authors/` directory index, linked from the navbar (under **About**) and
+    the footer quick links. Each profile is **interactive**: a hero with
+    bio/blurb, an at-a-glance stats dashboard that doubles as type filters
+    (Posts / Docs / Notes / …), free-text search over titles + tags, sort
+    (newest / oldest / A–Z), a clickable topic/tag cloud, a live result count,
+    and deep-linkable filters via the URL hash — powered by the new
+    progressive-enhancement `assets/js/author-profile.js` (with JS off it falls
+    back to a full, crawlable grid). Emits `schema.org/CollectionPage` +
+    `ItemList` structured data.
+  - New `_plugins/author_pages_generator.rb` auto-generates those pages for
+    each `_data/authors.yml` entry (opt out per author with `profile: false`,
+    or globally with `authors.generate_pages: false`); profiles for this site's
+    authors are also committed under `/authors/` so they build under GitHub
+    Pages safe mode, mirroring the committed `search.json` / `sitemap` pattern.
+  - New `_sass/components/_author.scss` styling (dark-mode safe, token-driven).
+  - `_data/authors.yml` documents the new `tagline`, `location`, `expertise`,
+    and `profile` fields.
+  - **AI author personas.** An author can be flagged `ai: true` with a `persona`
+    block (archetype / voice / signature_moves / avoids / disclosure + custom
+    `topics`); the theme then renders an "AI" badge on every byline and card and
+    a visible authorship disclosure on the profile hero and the
+    About-the-Author box. Ships two examples — **Cassandra** (a paranoid AI
+    Security Analyst who catastrophizes trivial gaps) and **Vega** (an
+    enthusiastic AI Data Analyst who over-models trivial data) — each with a
+    profile page, an SVG avatar, and example in-voice posts, plus a reusable
+    `.github/prompts/ai-author.prompt.md` template for writing as a persona.
+  - **Per-author preview art styles.** An author entry can carry a `preview:`
+    block (`style`, `style_modifiers`, and — for the Bash generator — `size`,
+    `quality`, `model`). When a post sets `author: <that key>`, the AI
+    preview-image generator uses those settings **instead of** the site-wide
+    `preview_images` config for that post's banner, so each AI persona gets a
+    recognisable look (Cassandra → ominous security-ops noir, Vega → vibrant
+    data-viz). Resolved per file by both
+    `scripts/features/generate-preview-images` and
+    `scripts/lib/preview_generator.py`; posts by non-AI authors are unaffected.
+    Precedence — Bash generator: author `preview:` › `IMAGE_STYLE` env ›
+    `_config.yml` › defaults; Python generator: author `preview:` › `--style`
+    flag › default (it does not read `_config.yml`).
+    The two shipped personas were given deliberately divergent styles
+    (Cassandra → hand-inked **noir graphic novel**; Vega → glossy **isometric 3D
+    infographic**) and their four example posts now carry real generated banners
+    — downscaled to ~1200px JPEGs (~300 KB) — replacing the placeholder SVGs.
+  - **Guest author page is now a contribution guide.** `/authors/guest/`
+    doubles as the contributor onboarding page — how to submit an article (paths,
+    front-matter template, local preview, PR + review), how to become a credited
+    author (add yourself to `_data/authors.yml`, use your key, profile stub for
+    safe mode), and AI-authorship disclosure. The `author` layout now renders a
+    page's Markdown body (in a `.author-page-body` section) and suppresses the
+    generic "no content" empty state when a body is present, so any profile page
+    can carry custom content.
+  - **Avatars can be full URLs (incl. GitHub) or auto-derived from a handle.**
+    An author's `avatar` may now be a full URL — e.g. a GitHub avatar
+    (`https://avatars.githubusercontent.com/u/<id>?v=4`) — used as-is; relative
+    paths still resolve under the assets folder. If `avatar` is omitted but
+    `github` is set, the avatar falls back to `https://github.com/<handle>.png`.
+    Resolution is centralised in `components/author-avatar-url.html` and shared by
+    the byline, bio card, profile hero, and E-E-A-T blocks. The Guest profile
+    demonstrates the handle-only path (its avatar comes from `github: amr-bash`),
+    and bamr87 uses an explicit GitHub avatar URL.
+
+### Performance
+- **Docker dev image cut from ~4GB to ~1.7GB and cold build from ~193s to ~82s**
+  (native arm64; far worse under the old emulated build). The `dev-test` stage
+  no longer installs `@mermaid-js/mermaid-cli` (its only reference in the whole
+  repo was its own install line — Mermaid renders client-side from the vendored
+  `mermaid.min.js`, never via `mmdc`, and it dragged in a ~300MB headless
+  Chromium), ImageMagick, libvips, or Node/npm (all unused in-container; the
+  `package.json` scripts run on the host). Kept Python + Jupyter/nbconvert for
+  the notebook tooling. Dropped the redundant second `bundle install` (the
+  `base` stage already installs all gem groups), removed the `platform:
+  linux/amd64` pin from `docker-compose.yml` (it forced QEMU emulation on Apple
+  Silicon), removed the per-start `generate_statistics.sh` regeneration from the
+  compose command, and simplified the production runtime stage (the static-file
+  `ruby -run -e httpd` server needs no Gemfile or `bundle install`).
+- **Jekyll build ~16.4s → ~12s** by wrapping page-invariant chrome in
+  `include_cached` (the `jekyll-include-cache` plugin was a dependency but went
+  unused): `core/footer.html`, `components/{cookie-consent,nanobar,svg,
+  search-modal,shortcuts-modal,setup-banner,background-settings}.html`, and
+  `components/js-cdn.html`. The footer alone was **3.9s** of the build — it ran
+  `where`-scans over every collection on all 172 page renders to auto-detect
+  quick links, despite output that depends only on site config. Its
+  page-front-matter-dependent tail (TOC/local-graph FABs) moved to
+  `core/footer-fabs.html` so the body stays cacheable; the FABs are
+  `position:fixed` with explicit z-index, so the output is visually identical.
+  `root.html` self-time dropped 9.1s → 4.4s.
+- **Production CSS now minified** (`sass: style: compressed`, `sourcemap:
+  never`); `main.css` ~182KB → ~158KB render-blocking. `_config_dev.yml` keeps
+  `expanded` + sourcemaps for local debugging.
+- **Content statistics no longer regenerate on every build.**
+  `content_statistics.auto_generate` now defaults to `false`; templates read the
+  committed `_data/content_statistics.yml` directly. The generator hook had been
+  re-scanning all content on every `jekyll build` (~12× per CI run) and dirtying
+  a tracked file. Refresh on demand with `rake stats:generate`.
+
+### Removed
+- **Dead vendored libraries (~1.1MB).** Deleted `assets/vendor/font-awesome`
+  (1.0MB) and `assets/vendor/jquery` (88KB), their `vendor-manifest.json`
+  entries, and the misleading "jQuery" `powered_by` credit. Font Awesome was
+  loaded only by `components/mermaid.html` (no theme diagram uses `fa:` icons) —
+  that 1.0MB render-blocking stylesheet no longer loads on Mermaid pages. jQuery
+  was already removed from page loads (Bootstrap 5 dropped it). **Forks** that
+  relied on Font Awesome icons inside Mermaid diagrams must re-add the
+  stylesheet.
+
+### Changed
+- **CSS Grid tutorial now ships live, in-browser demos.** Expanded
+  `pages/_posts/tutorial/2025-01-23-css-grid-mastery.md` so every concept renders
+  a real grid next to its code — basic tracks, `fr`/`minmax()`, `auto-fit` vs
+  `auto-fill`, line spanning, named areas, an interactive column playground, and
+  card / holy-grail / magazine / alignment / dense-packing layouts (theme-aware,
+  responsive, keyboard-accessible). Added bidirectional "Related Reading" links
+  between the tutorial and the card-grid / accessible-forms posts, plus references
+  to it from the Bootstrap, Layouts, and Styles docs.
+- **Bylines now use the shared author component.** The `article`, `note`,
+  `notebook`, `news`, and `section` layouts plus `components/post-card.html`
+  previously printed `{{ page.author }}` as bare text; they now render
+  `components/author-card.html` (`inline`), so a known author key resolves to a
+  display name, avatar, and a link to their profile page. The inline
+  "About the Author" block that was hard-coded in `_layouts/article.html` was
+  removed in favor of `components/author-bio.html`.
+- **Author bylines and the "About the Author" section now link to the profile
+  even when front matter uses the display name.** Previously only a direct
+  `_data/authors.yml` key (e.g. `author: default`) resolved to a profile link;
+  posts/notes written as `author: "Zer0-Mistakes Team"` (the display name) fell
+  back to an unlinked card. `components/author-card.html` and
+  `components/author-bio.html` now resolve the author by key **or** by matching
+  `name` / `display_name`, so the inline byline, the full card name, and the
+  "More from …" link all point at `/authors/<key>/`. Non-matching strings
+  (template placeholders, name variants) stay unlinked as before.
+- **Committed author pages moved to `pages/_about/authors/`** (into the `about`
+  collection), co-located with the rest of the About section instead of a
+  top-level `/authors/` source directory. URLs are unchanged (explicit
+  `/authors/:key/` permalinks), and `author_pages_generator.rb`'s dedup now also
+  checks collection documents so no duplicate pages are generated.
+- **Design framework (SCSS) refactor — structure only, no visual change.**
+  Decomposed the 1,131-line `_sass/custom.scss` monolith into a thin back-compat
+  barrel plus five focused partials (`layouts/_global-chrome`, `core/_toc`,
+  `core/_sidebar-extras`, `components/_ui-enhancements`, `components/_notes-index`);
+  split the code-example chrome out of `core/_docs-layout.scss` into
+  `core/_docs-code-examples.scss`; extracted `components/_search-modal.scss`;
+  consolidated the navbar fixed/grid layout into `core/_navbar.scss`; lifted the
+  stylesheet assembly order into `assets/css/main.scss` as the single manifest;
+  removed two redundant duplicate rules (a second `.btn { position; overflow }`
+  and a duplicate global `prefers-reduced-motion` reset); and deleted 141 lines
+  of dead legacy Sass variables from `core/_variables.scss`. The compiled
+  `assets/css/main.css` is verified **semantically identical** (only the two
+  redundant duplicates and some emitted comments were removed) — no tokens,
+  selectors, or declaration values changed.
+- **Automation no longer pushes directly to `main`.** The roadmap→README sync
+  (`sync.yml`) and Jupyter notebook conversion (`convert-notebooks.yml`) now
+  open pull requests via `peter-evans/create-pull-request` (labelled
+  `automated`, assigned for review) instead of committing straight to `main` —
+  prerequisite for enabling branch protection. Mirrors the existing
+  `update-dependencies.yml` pattern. (PRs opened by `GITHUB_TOKEN` don't
+  auto-trigger CI; close/reopen to run checks, or merge directly.)
+
+### Fixed
+- **`Gemfile.lock` re-synced to `version.rb` (1.19.1 → 1.19.0)** and guarded
+  against future drift. The `validate_version_consistency` check
+  (`scripts/bin/validate`) now also compares the gem version pinned in
+  `Gemfile.lock`, and a new always-running `Version ↔ Gemfile.lock consistency`
+  step in CI's `quality-checks` job fails any PR where the two disagree — the
+  exact drift that left the lock at 1.19.1 while `version.rb` said 1.19.0.
+
+## [1.19.0](https://github.com/bamr87/zer0-mistakes/compare/v1.18.1...v1.19.0) (2026-06-16)
+
+
+### Features
+
+* **chat:** rebuild AI assistant on Claude API with GitHub issue/PR tools + OAuth connector ([#151](https://github.com/bamr87/zer0-mistakes/issues/151)) ([02e81af](https://github.com/bamr87/zer0-mistakes/commit/02e81afbdc02643f4bc78af5e18792cd1b9c2213))
+* **home:** opt-out flags for RSS link and visible title ([#157](https://github.com/bamr87/zer0-mistakes/issues/157)) ([7597351](https://github.com/bamr87/zer0-mistakes/commit/7597351addd720fb4ff08b1170a1f0ef25fb3d75))
+
+
+### Bug Fixes
+
+* **analytics:** only load GA/GTM in production and skip dev hostnames ([#160](https://github.com/bamr87/zer0-mistakes/issues/160)) ([12d701e](https://github.com/bamr87/zer0-mistakes/commit/12d701e88ee2c76659869ccc948b2b550bb855d0))
+* **config:** restore remote_theme contract + add missing lastmod (unblocks CI) ([#174](https://github.com/bamr87/zer0-mistakes/issues/174)) ([b995115](https://github.com/bamr87/zer0-mistakes/commit/b995115a4ffb745704f1111539085a610ba94053))
+* **config:** restore zer0-mistakes.com site identity + CNAME (site was down) ([#176](https://github.com/bamr87/zer0-mistakes/issues/176)) ([9ef8ff8](https://github.com/bamr87/zer0-mistakes/commit/9ef8ff8335e0a9f394da1ec342f388d31470eb22))
+
+### Added
+- **Preview-image pixelator (`scripts/features/pixelate-preview-images`).** A
+  dependency-free (Python stdlib only — no ImageMagick/Pillow/pngquant) utility
+  that pixelates and palette-quantizes the AI-generated preview banners into
+  indexed PNG-8, shrinking them ~90% (e.g. 2.7&nbsp;MB → ~230&nbsp;KB) while
+  preserving the retro 8-bit aesthetic. A dry-run across all 146 banners reports
+  283&nbsp;MB → 28&nbsp;MB. Includes a conventions-friendly bash wrapper (config
+  default path, parallel `--jobs`, `--dry-run`), the `pixelate_images.py` engine
+  with `--selftest`, and a `scripts/test/lib/test_pixelate_images.sh` suite wired
+  into the library test runner. Non-PNG / 16-bit / interlaced inputs are skipped
+  gracefully.
+
+### Removed
+- **Revert the "Year of AI" / federated content-hub pivot (PR #173).** Restored
+  the original `zer0-mistakes` theme landing page: re-published `README.md` as
+  the site homepage at `/` (dropped `published: false`) and removed the
+  `Year of AI` hub homepage (`pages/home.md`), the `/hub/` dashboard
+  (`pages/hub.md`), the hub registry/metadata (`_data/hub.yml`,
+  `_data/hub_index.yml`, `_data/navigation/hub.yml`), the hub tooling
+  (`scripts/lib/hub.rb`, `scripts/sync-hub-metadata.{rb,sh}`,
+  `scripts/provision-org-sites.{rb,sh}`, `templates/org-site/*`), the daily
+  `hub-sync` workflow, the `content-hub` system doc, and the `Hub` navbar entry.
+  Feature `ZER0-061` was dropped from the features data. `_config.yml`/`CNAME`
+  were already restored to the `zer0-mistakes.com` identity by PRs #174/#176.
+
+### Changed
+- **Roadmap catch-up (T-022)**: recorded shipped milestones v1.14–v1.18 as `completed` in `_data/roadmap.yml` and advanced the active milestone to v1.19 so the roadmap tracks the gem version; README gantt diagram regenerated.
 ## [1.19.1] - 2026-06-16
 
 ### Changed

data/README.md

@@ -4,10 +4,6 @@ sub-title: AI-Native Jekyll Theme
 description: AI-native Jekyll theme for GitHub Pages — Docker-first development, AI-powered installation, multi-agent integration (Copilot, Codex, Cursor, Claude), AI preview-image generation, and AIEO content optimization with Bootstrap 5.3.
 version: 1.19.1
 layout: landing
-# This repo now serves as the year-of-ai organization root site; the homepage
-# lives in pages/home.md. README stays as the repository README on GitHub but
-# is not published as a site page.
-published: false
 tags:
   - jekyll
   - docker
@@ -761,15 +757,18 @@ All workflows live under [`.github/workflows/`](.github/workflows/).
 
 | # | Workflow | File | Trigger | Purpose |
 |---|----------|------|---------|---------|
-| 1 | **Comprehensive CI Pipeline** | [`ci.yml`](.github/workflows/ci.yml) | push / PR / dispatch | Detect changes → fast checks → quality control → matrix test suite (Ruby 3.3) → integration tests → build & validate |
-| 2 | **TEST (Latest Dependencies)** | [`test-latest.yml`](.github/workflows/test-latest.yml) | scheduled / dispatch | Zero-pin Docker build with bleeding-edge gems; promotes only passing images |
-| 3 | **Update Dependencies** | [`update-dependencies.yml`](.github/workflows/update-dependencies.yml) | weekly schedule | Refreshes `Gemfile.lock` to latest compatible versions and opens an automated PR |
-| 4 | **CodeQL Security Scanning** | [`codeql.yml`](.github/workflows/codeql.yml) | push / PR on code paths | Static security analysis across Ruby, JavaScript, TypeScript, Python, YAML, plugins, scripts |
-| 5 | **Version Bump** | [`version-bump.yml`](.github/workflows/version-bump.yml) | push to main / dispatch | Analyzes conventional commits, determines MAJOR/MINOR/PATCH bump, updates `version.rb` + CHANGELOG, creates tag |
-| 6 | **Release (Gem + GitHub)** | [`release.yml`](.github/workflows/release.yml) | tag `v*` / dispatch | Pre-release validation → build assets → publish to [RubyGems](https://rubygems.org/gems/jekyll-theme-zer0) → create GitHub Release |
+| 1 | **Comprehensive CI Pipeline** | [`ci.yml`](.github/workflows/ci.yml) | push / PR / dispatch | Detect changes → fast checks → quality control → matrix test suite → integration tests → build & validate |
+| 2 | **TEST (Latest Dependencies)** | [`test-latest.yml`](.github/workflows/test-latest.yml) | daily schedule / push / PR / dispatch | Zero-pin Docker build with bleeding-edge gems; tests then promotes passing images to Docker Hub |
+| 3 | **Release** | [`release.yml`](.github/workflows/release.yml) | push to `main` | release-please opens a release PR from Conventional Commits; merging it tags `vX.Y.Z` and publishes the gem to [RubyGems](https://rubygems.org/gems/jekyll-theme-zer0) |
+| 4 | **Update Dependencies** | [`update-dependencies.yml`](.github/workflows/update-dependencies.yml) | weekly schedule | Refreshes `Gemfile.lock` to latest compatible versions and opens an automated PR |
+| 5 | **CodeQL Security Scanning** | [`codeql.yml`](.github/workflows/codeql.yml) | push / PR on code paths + weekly | Static security analysis across Ruby, JavaScript/TypeScript, Python, Actions, and YAML |
+| 6 | **Content & Docs Review** | [`ai-content-review.yml`](.github/workflows/ai-content-review.yml) | PR on docs/content | Deterministic SEO/quality review + optional Claude agent + docs front matter, internal-link, and markdownlint checks |
 | 7 | **Convert Jupyter Notebooks** | [`convert-notebooks.yml`](.github/workflows/convert-notebooks.yml) | push to `pages/_notebooks/**.ipynb` | Auto-converts `.ipynb` → Jekyll-friendly Markdown with extracted images |
-| 8 | **Roadmap Sync** | [`roadmap-sync.yml`](.github/workflows/roadmap-sync.yml) | push affecting `_data/roadmap.yml` | Regenerates the README roadmap section from data; fails PRs with stale README |
-| 9 | **New Site Setup** | [`setup-template.yml`](.github/workflows/setup-template.yml) | first push after template/fork | Creates a PR with prefilled `_config.yml` so a new site is ready to merge & go |
+| 8 | **Sync** | [`sync.yml`](.github/workflows/sync.yml) | push affecting `_data/backlog.yml` or `_data/roadmap.yml` | Mirrors the backlog to GitHub Issues and regenerates the README roadmap section |
+| 9 | **Install Matrix** | [`install-matrix.yml`](.github/workflows/install-matrix.yml) | PR on installer paths + weekly | Installer e2e across OS × Ruby, the `curl \| bash` bootstrap, and the `install doctor` diagnostic |
+| 10 | **Deploy chat proxy** | [`deploy-chat-proxy.yml`](.github/workflows/deploy-chat-proxy.yml) | push to chat-proxy worker files | Deploys the AI chat proxy Worker to Cloudflare |
+| 11 | **Auto-merge low-risk PRs** | [`auto-merge.yml`](.github/workflows/auto-merge.yml) | PR labeled `auto-merge` | Enables GitHub native auto-merge once required checks pass |
+| 12 | **Lint workflows** | [`lint-workflows.yml`](.github/workflows/lint-workflows.yml) | PR/push on `.github/**` | actionlint gate on the workflow + composite-action definitions |
 
 > 💡 GitHub Pages adds an additional managed `pages-build-deployment` run on every push to `main`.
 
@@ -784,8 +783,8 @@ gh run list --repo bamr87/zer0-mistakes --limit 10
 # Manually dispatch a release
 gh workflow run release.yml --ref main -f tag=v0.22.21
 
-# Trigger an automatic version bump on demand
-gh workflow run version-bump.yml --ref main
+# Re-sync the backlog issues / README roadmap from _data on demand
+gh workflow run sync.yml --ref main
 
 # Re-run the most recent failed CI run
 gh run rerun --failed --repo bamr87/zer0-mistakes
@@ -798,10 +797,9 @@ gh run watch --repo bamr87/zer0-mistakes
 
 When you fork the theme as a starter, the workflows come with you. To make them safe and useful in your fork:
 
-1. **Add `RUBYGEMS_API_KEY`** in `Settings → Secrets and variables → Actions` if you plan to publish your own gem; otherwise disable [`release.yml`](.github/workflows/release.yml).
+1. **Configure gem publishing** if you plan to publish your own gem (`release.yml` uses [`bamr87/.github`](https://github.com/bamr87/.github) reusable workflows); otherwise disable [`release.yml`](.github/workflows/release.yml).
 2. **Tune triggers** in [`update-dependencies.yml`](.github/workflows/update-dependencies.yml) (default: weekly).
-3. **Disable** [`setup-template.yml`](.github/workflows/setup-template.yml) after the first run — it's a one-shot bootstrap.
-4. **GitHub Pages** is auto-enabled when you push to `main` if your repo is `<username>.github.io`.
+3. **GitHub Pages** is auto-enabled when you push to `main` if your repo is `<username>.github.io`.
 
 ---
 
@@ -836,8 +834,13 @@ gantt
     v1.11 Continuous-Evolution Loop :done, 2026-06, 2026-06
     v1.12 Headless Endpoints     :done, 2026-06, 2026-06
     v1.13 Quality Framework — First Wave :done, 2026-06, 2026-06
+    v1.14 Zer0-Mistake Quality Framework :done, 2026-06, 2026-06
+    v1.15 Quality Framework Batch :done, 2026-06, 2026-06
+    v1.16 AI Chat + Consumer Audit :done, 2026-06, 2026-06
+    v1.17 A11y, Mermaid & Migration Tests :done, 2026-06, 2026-06
+    v1.18 AI Content Reviewer    :done, 2026-06, 2026-06
     section Current
-    v1.14 Zer0-Mistake Quality Framework :active, 2026-06, 2026-08
+    v1.19 Site Hardening & Polish :active, 2026-06, 2026-08
     section Future
     v2.0 CMS Integration         :2026-06, 2026-08
     v2.1 i18n Support            :2026-08, 2026-10
@@ -871,7 +874,12 @@ gantt
 | **v1.11** | ✅ Completed | Jun 2026 | Self-sustaining backlog loop so AI agents keep improving the repo between human sessions. |
 | **v1.12** | ✅ Completed | Jun 2026 | Machine-readable site endpoints for downstream sites and AI agents. |
 | **v1.13** | ✅ Completed | Jun 2026 | First shipped wave of the Zer0-Mistake Quality Framework: CI gate parity and DOM sanitization. |
-| **v1.14** | 🚧 In Progress | Current (1.14.x) | Close the gap between the repo's quality gates and what CI actually enforces — no mistake lands green. |
+| **v1.14** | ✅ Completed | Jun 2026 | Second wave of the Zer0-Mistake Quality Framework: DOM sanitization hardening and workflow lint cleanup. |
+| **v1.15** | ✅ Completed | Jun 2026 | Quality framework batch: docs lint baseline, locale guard, strict site_generation, contribution templates, and YAML export fix. |
+| **v1.16** | ✅ Completed | Jun 2026 | AI chat widget (ZER0-060) and consumer audit tooling; render guard bug fixed. |
+| **v1.17** | ✅ Completed | Jun 2026 | Plugin unit specs, coverage baseline, config-page sync, WCAG 2.1 AA fixes, Mermaid on 12 more pages, and migration tests. |
+| **v1.18** | ✅ Completed | Jun 2026 | Two-tier AI content reviewer framework and chat GitHub action tools (issue/PR creation via Claude tool use). |
+| **v1.19** | 🚧 In Progress | Current (1.19.x) | Production config hardening, analytics privacy fix, landing-page opt-out flags, and a documentation freshness sweep. |
 | **v2.0** | 🗓 Planned | Q3 2026 | Headless CMS integration with a content API and admin dashboard. |
 | **v2.1** | 🗓 Planned | Q4 2026 | Multi-language content support with locale-aware routing. |
 | **v2.2** | 🗓 Planned | Q4 2026 | Visual theme customizer, A/B testing, and conversion funnels. |