@codyswann/lisa 1.0.0 → 1.0.5

package/typescript/copy-contents/.husky/pre-commit

@@ -92,5 +92,5 @@ fi
 
 # Run lint-staged for incremental lint and format checks
 echo "🚀 Running lint-staged..."
-$EXECUTOR lint-staged --config package.json
+$EXECUTOR lint-staged --config .lintstagedrc.json
 # END: AI GUARDRAILS

package/typescript/copy-contents/.husky/pre-push

@@ -1,4 +1,11 @@
-# BEGIN: AI GUARDRAILS 
+# BEGIN: AI GUARDRAILS
+
+# Skip pre-push checks in Claude Code remote environment
+# These checks run in CI/CD anyway, and remote environments have limited resources
+if [ "$CLAUDE_CODE_REMOTE" = "true" ]; then
+  echo "ℹ️  Skipping pre-push checks (running in Claude Code remote environment)"
+  exit 0
+fi
 
 # Detect package manager (check if tool is available before using it)
 # Priority: bun > yarn > npm (bun first since package.json engines prefer it)
@@ -65,61 +72,33 @@ elif [ "$PACKAGE_MANAGER" = "npm" ]; then
   echo "✅ No high or critical vulnerabilities found in production dependencies"
 
 elif [ "$PACKAGE_MANAGER" = "bun" ]; then
-  # Bun's 'bun pm scan' requires a configured scanner in bunfig.toml
-  # Fall back to npm audit which works with package.json
-  echo "   (using npm audit fallback for bun projects)"
+  # Excluding GHSA-5j98-mcp5-4vw2 (CVE-2025-64756): glob CLI command injection
+  # This vulnerability only affects the glob CLI (--cmd flag), not library usage
+  # We only use glob as a library through Babel and other tools - never invoke CLI
+
+  # Excluding GHSA-8qq5-rm4j-mr97: node-tar path sanitization vulnerability
+  # Nested dependency in @expo/cli - bun resolves to patched version but audit still flags it
+  # Risk: Low - only affects tar extraction with malicious filenames, not our use case
+  if ! bun audit --audit-level=high --ignore GHSA-5j98-mcp5-4vw2 --ignore GHSA-8qq5-rm4j-mr97; then
+    echo "⚠️ Security audit failed. Please fix high/critical vulnerabilities before pushing."
+    exit 1
+  fi
+  echo "✅ No high or critical vulnerabilities found in production dependencies"
+fi
 
-  # Check if jq is installed (required for filtering vulnerabilities)
-  if ! command -v jq >/dev/null 2>&1; then
-    echo ""
-    echo "⚠️  WARNING: jq is not installed - required for vulnerability filtering"
-    echo ""
-    echo "To install jq:"
-    echo "  macOS:    brew install jq"
-    echo "  Windows:  choco install jq  # or scoop install jq"
-    echo "  Linux:    apt-get install jq"
-    echo ""
-    echo "Continuing without security audit..."
+# Run dead code detection (knip) - only if script exists
+if jq -e '.scripts.knip' package.json >/dev/null 2>&1; then
+  echo "🗑️ Running dead code detection (knip)..."
+  $RUNNER knip
+  if [ $? -ne 0 ]; then
+    echo "❌ Dead code detected. Please remove unused exports/dependencies before pushing."
     echo ""
-  else
-    # npm audit requires a lockfile - generate temporary one if needed
-    TEMP_LOCKFILE=false
-    if [ ! -f "package-lock.json" ]; then
-      echo "   Generating temporary package-lock.json for audit..."
-      npm i --package-lock-only --ignore-scripts --legacy-peer-deps --silent 2>/dev/null
-      TEMP_LOCKFILE=true
-    fi
-
-    # Excluding GHSA-8qq5-rm4j-mr97: node-tar path sanitization vulnerability
-    # This is a nested dependency in @expo/cli that bun resolves to the patched version (7.5.3)
-    # npm audit generates its own lockfile and doesn't respect bun's resolutions
-    # Risk: None - bun.lock shows tar@7.5.3 is used, not the vulnerable version
-    VULN_COUNT=$(npm audit --omit=dev --json 2>/dev/null | jq '
-      .vulnerabilities | to_entries | map(select(
-        .value.severity == "high" or .value.severity == "critical"
-      )) | map(select(
-        .value.via | all(. | if type == "object" then (.url == "https://github.com/advisories/GHSA-8qq5-rm4j-mr97" | not) else true end)
-      )) | length
-    ')
-    if [ "$VULN_COUNT" -gt 0 ] 2>/dev/null; then
-      AUDIT_EXIT=1
-    else
-      AUDIT_EXIT=0
-    fi
-
-    # Clean up temporary lockfile
-    if [ "$TEMP_LOCKFILE" = "true" ]; then
-      rm -f package-lock.json
-    fi
-
-    if [ $AUDIT_EXIT -ne 0 ]; then
-      # Re-run to show the actual vulnerabilities (excluding the known one)
-      echo "⚠️ Security audit found high/critical vulnerabilities:"
-      npm audit --omit=dev 2>/dev/null | grep -v "GHSA-8qq5-rm4j-mr97" || true
-      exit 1
-    fi
-    echo "✅ No high or critical vulnerabilities found in production dependencies (excluding known false positives)"
+    echo "To auto-fix some issues, run: $RUNNER knip:fix"
+    exit 1
   fi
+  echo "✅ No dead code detected"
+else
+  echo "ℹ️  Skipping dead code detection (knip not configured)"
 fi
 
 # Run unit tests with coverage
@@ -139,72 +118,74 @@ if [ $? -ne 0 ]; then
 fi
 
 # Run Lighthouse CI performance audit (only if installed)
+# Disable Lighthouse beause it takes too long to run on push. Just let it run in ci/cd 
 # Check if lighthouse:check script exists in package.json
-if ! grep -q '"lighthouse:check"' package.json 2>/dev/null; then
-  echo ""
-  echo "ℹ️  Skipping Lighthouse CI audit (not configured for this project)"
-  echo ""
-else
-  # Check if Chrome is available (required for Lighthouse)
-  CHROME_AVAILABLE=false
-  if command -v google-chrome >/dev/null 2>&1 || \
-     command -v google-chrome-stable >/dev/null 2>&1 || \
-     command -v chromium >/dev/null 2>&1 || \
-     command -v chromium-browser >/dev/null 2>&1 || \
-     [ -x "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" ]; then
-    CHROME_AVAILABLE=true
-  fi
-
-  if [ "$CHROME_AVAILABLE" = "false" ]; then
-    echo ""
-    echo "⚠️  WARNING: Chrome/Chromium not found - skipping Lighthouse CI audit"
-    echo ""
-    echo "To enable Lighthouse performance audits, install Chrome:"
-    echo "  macOS:    brew install --cask google-chrome"
-    echo "  Linux:    apt-get install chromium-browser  # or google-chrome-stable"
-    echo "  Windows:  choco install googlechrome"
-    echo ""
-    echo "Continuing without Lighthouse audit..."
-    echo ""
-  else
-    echo "🔦 Building web export for Lighthouse..."
-    $RUNNER export:web
-    if [ $? -ne 0 ]; then
-      echo "❌ Web export failed. Please fix build errors before pushing."
-      exit 1
-    fi
-
-    echo "🔦 Running Lighthouse CI performance audit..."
-    LIGHTHOUSE_OUTPUT=$($RUNNER lighthouse:check 2>&1)
-    LIGHTHOUSE_EXIT=$?
-    echo "$LIGHTHOUSE_OUTPUT"
-
-    # Extract report URL from output
-    REPORT_URL=$(echo "$LIGHTHOUSE_OUTPUT" | grep -o 'https://storage.googleapis.com/[^ ]*\.html' | head -1)
-
-    if [ $LIGHTHOUSE_EXIT -ne 0 ]; then
-      echo ""
-      echo "❌ Lighthouse CI performance audit failed!"
-      echo ""
-      echo "Your changes caused performance regressions that exceed the allowed thresholds."
-      echo ""
-      if [ -n "$REPORT_URL" ]; then
-        echo "📊 View full report: $REPORT_URL"
-        echo ""
-      fi
-      echo "Common fixes:"
-      echo "  • Bundle size too large → Remove unused dependencies, add code splitting"
-      echo "  • LCP/FCP too slow → Optimize images, reduce render-blocking resources"
-      echo "  • CLS too high → Add explicit dimensions to images/containers"
-      echo "  • Too much unused JS → Implement lazy loading for non-critical code"
-      echo ""
-      echo "See lighthouserc.js for threshold details."
-      echo ""
-      exit 1
-    fi
-    echo "✅ Lighthouse CI performance audit passed"
-  fi
-fi
+# if ! grep -q '"lighthouse:check"' package.json 2>/dev/null; then
+#   echo ""
+#   echo "ℹ️  Skipping Lighthouse CI audit (not configured for this project)"
+#   echo ""
+# else
+#   # Check if Chrome is available (required for Lighthouse)
+#   CHROME_AVAILABLE=false
+#   if command -v google-chrome >/dev/null 2>&1 || \
+#      command -v google-chrome-stable >/dev/null 2>&1 || \
+#      command -v chromium >/dev/null 2>&1 || \
+#      command -v chromium-browser >/dev/null 2>&1 || \
+#      [ -x "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" ]; then
+#     CHROME_AVAILABLE=true
+#   fi
+
+
+#   if [ "$CHROME_AVAILABLE" = "false" ]; then
+#     echo ""
+#     echo "⚠️  WARNING: Chrome/Chromium not found - skipping Lighthouse CI audit"
+#     echo ""
+#     echo "To enable Lighthouse performance audits, install Chrome:"
+#     echo "  macOS:    brew install --cask google-chrome"
+#     echo "  Linux:    apt-get install chromium-browser  # or google-chrome-stable"
+#     echo "  Windows:  choco install googlechrome"
+#     echo ""
+#     echo "Continuing without Lighthouse audit..."
+#     echo ""
+#   else
+#     echo "🔦 Building web export for Lighthouse..."
+#     $RUNNER export:web
+#     if [ $? -ne 0 ]; then
+#       echo "❌ Web export failed. Please fix build errors before pushing."
+#       exit 1
+#     fi
+
+#     echo "🔦 Running Lighthouse CI performance audit..."
+#     LIGHTHOUSE_OUTPUT=$($RUNNER lighthouse:check 2>&1)
+#     LIGHTHOUSE_EXIT=$?
+#     echo "$LIGHTHOUSE_OUTPUT"
+
+#     # Extract report URL from output
+#     REPORT_URL=$(echo "$LIGHTHOUSE_OUTPUT" | grep -o 'https://storage.googleapis.com/[^ ]*\.html' | head -1)
+
+#     if [ $LIGHTHOUSE_EXIT -ne 0 ]; then
+#       echo ""
+#       echo "❌ Lighthouse CI performance audit failed!"
+#       echo ""
+#       echo "Your changes caused performance regressions that exceed the allowed thresholds."
+#       echo ""
+#       if [ -n "$REPORT_URL" ]; then
+#         echo "📊 View full report: $REPORT_URL"
+#         echo ""
+#       fi
+#       echo "Common fixes:"
+#       echo "  • Bundle size too large → Remove unused dependencies, add code splitting"
+#       echo "  • LCP/FCP too slow → Optimize images, reduce render-blocking resources"
+#       echo "  • CLS too high → Add explicit dimensions to images/containers"
+#       echo "  • Too much unused JS → Implement lazy loading for non-critical code"
+#       echo ""
+#       echo "See lighthouserc.js for threshold details."
+#       echo ""
+#       exit 1
+#     fi
+#     echo "✅ Lighthouse CI performance audit passed"
+#   fi
+# fi
 
 exit 0
 

package/typescript/copy-overwrite/.claude/hooks/format-on-edit.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
 
 # Hook script to format files with Prettier after Claude edits them
 # This script receives JSON input via stdin with tool information

package/typescript/copy-overwrite/.claude/hooks/install_pkgs.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
 
 # Only run package installation in remote (Claude Code web) environment
 # node_modules are gitignored, so they need to be installed remotely
@@ -34,16 +36,7 @@ npx playwright install chromium
 # Use sort to ensure deterministic selection of the latest version
 CHROME_PATH=$(find ~/.cache/ms-playwright -name "chrome" -type f 2>/dev/null | grep "chrome-linux" | sort | tail -n 1)
 if [ -n "$CHROME_PATH" ]; then
-  # Write to .claude/env.local for project-specific env (preferred)
-  ENV_LOCAL="$CLAUDE_PROJECT_DIR/.claude/env.local"
-  if [ -f "$ENV_LOCAL" ]; then
-    # Remove old CHROME_PATH entries and add new one
-    grep -v "^export CHROME_PATH=" "$ENV_LOCAL" > "$ENV_LOCAL.tmp" 2>/dev/null || true
-    mv "$ENV_LOCAL.tmp" "$ENV_LOCAL"
-  fi
-  echo "export CHROME_PATH=\"$CHROME_PATH\"" >> "$ENV_LOCAL"
-
-  # Also append to ~/.bashrc for shell sessions (idempotent)
+  # Append to ~/.bashrc for shell sessions (idempotent)
   if ! grep -q "export CHROME_PATH=" ~/.bashrc 2>/dev/null; then
     echo "export CHROME_PATH=\"$CHROME_PATH\"" >> ~/.bashrc
   else
@@ -53,7 +46,6 @@ if [ -n "$CHROME_PATH" ]; then
 
   export CHROME_PATH="$CHROME_PATH"
   echo "Chromium installed at: $CHROME_PATH"
-  echo "CHROME_PATH exported to: $ENV_LOCAL and ~/.bashrc"
 fi
 
 exit 0

package/typescript/copy-overwrite/.claude/hooks/lint-on-edit.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
 
 # Hook script to lint and auto-fix files with ESLint after Claude edits them
 # This script receives JSON input via stdin with tool information

package/typescript/copy-overwrite/.claude/hooks/sg-scan-on-edit.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
+
+# Hook script to run ast-grep scan after Claude edits files
+# This script receives JSON input via stdin with tool information
+# Reference: https://docs.claude.com/en/docs/claude-code/hooks
+# Note: This hook is BLOCKING - it returns non-zero exit codes so Claude must fix issues
+
+# Extract file path from JSON input
+FILE_PATH=$(cat | grep -o '"file_path":"[^"]*"' | head -1 | cut -d'"' -f4)
+
+if [ -z "$FILE_PATH" ] || [ ! -f "$FILE_PATH" ]; then
+    exit 0
+fi
+
+# Check if file type is supported (TypeScript, JavaScript)
+case "${FILE_PATH##*.}" in
+    ts|tsx|js|jsx|mjs|cjs) ;;
+    *) exit 0 ;;
+esac
+
+# Validate project directory
+if [ -z "${CLAUDE_PROJECT_DIR:-}" ]; then
+    exit 0
+fi
+
+# Check if file is in a source directory
+RELATIVE_PATH="${FILE_PATH#$CLAUDE_PROJECT_DIR/}"
+case "$RELATIVE_PATH" in
+    src/*|apps/*|libs/*|test/*|tests/*|features/*|components/*|hooks/*|screens/*|app/*|constants/*|utils/*|providers/*|stores/*) ;;
+    *) exit 0 ;;
+esac
+
+cd "$CLAUDE_PROJECT_DIR" || exit 0
+
+# Verify ast-grep configuration exists
+if [ ! -f "sgconfig.yml" ]; then
+    exit 0
+fi
+
+# Verify rules are defined
+RULE_COUNT=$(find ast-grep/rules -name "*.yml" -o -name "*.yaml" 2>/dev/null | grep -v ".gitkeep" | wc -l | tr -d ' ')
+if [ "$RULE_COUNT" -eq 0 ]; then
+    exit 0
+fi
+
+# Detect package manager
+if [ -f "bun.lockb" ] || [ -f "bun.lock" ]; then
+    PKG_MANAGER="bun"
+elif [ -f "pnpm-lock.yaml" ]; then
+    PKG_MANAGER="pnpm"
+elif [ -f "yarn.lock" ]; then
+    PKG_MANAGER="yarn"
+else
+    PKG_MANAGER="npm"
+fi
+
+# Run ast-grep scan
+echo "Running ast-grep scan on: $FILE_PATH"
+if OUTPUT=$($PKG_MANAGER run sg:scan "$FILE_PATH" 2>&1); then
+    echo "ast-grep: No issues found in $(basename "$FILE_PATH")"
+    exit 0
+else
+    echo "ast-grep found issues in: $FILE_PATH" >&2
+    echo "$OUTPUT" >&2
+    exit 1
+fi

package/typescript/copy-overwrite/.claude/settings.json

@@ -0,0 +1,79 @@
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "matcher": "startup",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/install_pkgs.sh",
+            "timeout": 480
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/format-on-edit.sh",
+            "timeout": 10
+          },
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/sg-scan-on-edit.sh",
+            "timeout": 30
+          }
+        ]
+      },
+      {
+        "matcher": "TaskCreate|TaskUpdate",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/sync-tasks.sh",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "Notification": [
+      {
+        "matcher": "permission_prompt|idle_prompt",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/notify-ntfy.sh",
+            "timeout": 5
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/notify-ntfy.sh",
+            "timeout": 5
+          }
+        ]
+      }
+    ]
+  },
+  "env": {
+    "BASH_DEFAULT_TIMEOUT_MS": "1800000",
+    "BASH_MAX_TIMEOUT_MS": "7200000"
+  },
+  "includeCoAuthoredBy": true,
+  "enabledPlugins": {
+    "typescript-lsp@claude-plugins-official": true,
+    "safety-net@cc-marketplace": true,
+    "code-simplifier@claude-plugins-official": true,
+    "code-review@claude-plugins-official": true,
+    "playwright@claude-plugins-official": true
+  }
+}

package/typescript/copy-overwrite/.claude/skills/jsdoc-best-practices/SKILL.md

@@ -312,6 +312,50 @@ const activeUsers = users.filter(u => u.active);
 const activeUsers = users.filter(u => u.active);
 ```
 
+## Escaping @ Symbols in JSDoc
+
+When documenting code that contains TypeScript/NestJS decorators (like `@Injectable()`, `@Processor('queue-name')`), JSDoc will interpret the `@` as a tag marker. This causes lint errors because JSDoc sees `@Processor('qpr-v2')` as a single unknown tag name (including the parentheses and arguments).
+
+**The problem:** Adding decorator names to `definedTags` doesn't help because JSDoc parses the entire string `@Processor('qpr-v2')` as the tag name, not just `@Processor`.
+
+### Solution 1: Backticks in Prose
+
+When mentioning decorators in description text, wrap them in backticks:
+
+```typescript
+/**
+ * Queue processor for QPR calculations
+ * @description Handles jobs from the `@Processor('qpr-v2')` queue
+ * @remarks Uses `@Injectable()` scope for request isolation
+ */
+```
+
+### Solution 2: Escape in @example Blocks
+
+In `@example` blocks, use fenced code blocks and escape `@` as `\@`:
+
+```typescript
+/**
+ * Creates a queue processor
+ * @example
+ * ```typescript
+ * \@Processor('my-queue')
+ * export class MyProcessor {
+ *   \@Process()
+ *   async handle(job: Job) { ... }
+ * }
+ * ```
+ */
+```
+
+### Quick Reference for Escaping
+
+| Context | Approach | Example |
+|---------|----------|---------|
+| Prose/description | Wrap in backticks | `` `@Injectable()` `` |
+| @example block | Escape with backslash | `\@Processor('name')` |
+| Code comments | No escaping needed | `// Uses @Injectable` |
+
 ## Quick Reference
 
 ### Required Structure for Services

package/typescript/copy-overwrite/.github/README.md

@@ -280,6 +280,55 @@ sonar.organization=your-org
 
 ---
 
+#### DEPLOY_KEY
+**Purpose**: Push version bumps and releases to protected branches
+
+GitHub Actions workflows cannot push directly to protected branches using the default `GITHUB_TOKEN`. A deploy key (SSH key) with write access bypasses branch protection rules for automated releases.
+
+**How to set it up**:
+
+1. **Generate an SSH key pair locally**:
+   ```bash
+   # Generate a new SSH key (no passphrase for CI use)
+   ssh-keygen -t ed25519 -C "github-actions-deploy-key" -f deploy_key -N ""
+
+   # This creates two files:
+   # - deploy_key (private key - goes to GitHub Secrets)
+   # - deploy_key.pub (public key - goes to Deploy Keys)
+   ```
+
+2. **Add the public key to GitHub Deploy Keys**:
+   - Go to your repository **Settings** > **Deploy keys**
+   - Click **Add deploy key**
+   - Title: `GitHub Actions Deploy Key`
+   - Key: Paste contents of `deploy_key.pub`
+   - **Check "Allow write access"** (required for pushing)
+   - Click **Add key**
+
+3. **Add the private key as a repository secret**:
+   ```bash
+   # Using GitHub CLI
+   gh secret set DEPLOY_KEY < deploy_key
+
+   # Or manually:
+   # Go to Settings > Secrets and variables > Actions
+   # Click "New repository secret"
+   # Name: DEPLOY_KEY
+   # Value: Paste entire contents of deploy_key file (including BEGIN/END lines)
+   ```
+
+4. **Clean up local keys**:
+   ```bash
+   # Delete the local key files after setup
+   rm deploy_key deploy_key.pub
+   ```
+
+**Required for**: Automated releases pushing to protected branches (main, staging, dev)
+
+**Note**: If your branch protection rules require signed commits, you'll also need to set up GPG signing (see Release Signing Secrets below).
+
+---
+
 ### Release Signing Secrets (Optional)
 
 For GPG-signed releases:
@@ -289,7 +338,6 @@ For GPG-signed releases:
 | `RELEASE_SIGNING_KEY` | Base64-encoded GPG private key |
 | `SIGNING_KEY_ID` | GPG key ID |
 | `SIGNING_KEY_PASSPHRASE` | GPG key passphrase |
-| `DEPLOY_KEY` | SSH key for pushing to protected branches |
 
 To generate:
 ```bash

package/typescript/copy-overwrite/.github/dependabot.yml

@@ -1,3 +1,6 @@
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
+
 version: 2
 updates:
   # JavaScript/Node.js dependencies

package/typescript/copy-overwrite/.github/workflows/ci.yml

@@ -1,3 +1,6 @@
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
+
 name: 🔍 CI Quality Checks
 
 on:
@@ -7,43 +10,18 @@ on:
 jobs:
   quality:
     name: 🔍 Quality Checks
-    timeout-minutes: 30
-    # Reference to the quality checks workflow
     uses: ./.github/workflows/quality.yml
     with:
       node_version: '22.21.1'
       package_manager: 'bun'
-      skip_jobs: 'test,test:integration,test:e2e'
+      skip_jobs: ''
     secrets: inherit
-
-  # playwright:
-  #   name: 🎭 Playwright Tests
-  #   timeout-minutes: 30
-  #   needs: [quality]
-  #   uses: ./.github/workflows/playwright.yml
-  #   with:
-  #     pr_number: ${{ github.event.pull_request.number }}
-  #     branch_ref: ${{ github.head_ref }}
-  #     base_ref: ${{ github.base_ref }}
-
-  lighthouse:
-    name: 💡 Lighthouse CI
-    timeout-minutes: 15
-    needs: [quality]
-    uses: ./.github/workflows/lighthouse.yml
-    with:
-      node_version: '22.21.1'
-      package_manager: 'bun'
-
-  create_sentry_issue_on_failure:
-    name: 🚨 Create Sentry Issue on Failure
-    timeout-minutes: 5
+  create_issue_on_failure:
+    name: 📌 Create Issue on Failure
     needs: [quality]
     if: ${{ always() && (needs.quality.result == 'failure' || needs.quality.result == 'failure') && !contains(github.event.head_commit.message, '[skip ci]') }}
-    uses: ./.github/workflows/create-sentry-issue-on-failure.yml
+    uses: ./.github/workflows/create-issue-on-failure.yml
     with:
       workflow_name: 'CI Quality Checks'
       failed_job: ${{ needs.quality.result == 'failure' && 'quality' || 'playwright' }}
-      SENTRY_ORG: ${{ vars.SENTRY_ORG }}
-      SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
     secrets: inherit

package/typescript/copy-overwrite/.github/workflows/claude.yml

@@ -1,3 +1,6 @@
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
+
 name: Claude Code
 
 on:

package/typescript/copy-overwrite/.github/workflows/create-github-issue-on-failure.yml

@@ -1,3 +1,5 @@
+# This file is managed by Lisa.
+# Do not edit directly — changes will be overwritten on the next `lisa` run.
 # -----------------------------------------------------------------------------
 # GitHub Issue Creation Workflow
 # -----------------------------------------------------------------------------
@@ -35,7 +37,7 @@ on:
       node_version:
         description: 'Node.js version to use'
         required: false
-        default: '20.x'
+        default: '22.21.1'
         type: string
       package_manager:
         description: 'Package manager to use (npm, yarn, or bun)'
@@ -49,8 +51,8 @@ on:
         type: string
     secrets:
       PAT:
-        required: true
-        description: 'Personal Access Token with repo scope'
+        required: false
+        description: 'Personal Access Token with repo scope (falls back to GITHUB_TOKEN)'
 
 # Concurrency is managed by the parent workflow that calls this one
 # This avoids deadlocks between parent and child workflows
@@ -73,7 +75,7 @@ jobs:
       - name: 🔖 Create Issue
         uses: actions/github-script@v7
         with:
-          github-token: ${{ secrets.PAT }}
+          github-token: ${{ secrets.PAT || github.token }}
           script: |
             // Get repository and run information
             const { owner, repo } = context.repo;