feat: add CI/CD pipeline with content validation

.claude/settings.json

@@ -0,0 +1,15 @@
+{
+  "hooks": {
+    "preToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "if echo \"$TOOL_INPUT\" | grep -q 'git commit'; then npm run lint --silent && npm run validate:frontmatter --silent || echo 'VALIDATION_FAILED'; fi"
+          }
+        ]
+      }
+    ]
+  }
+}

.cspell.json

@@ -0,0 +1,85 @@
+{
+  "version": "0.2",
+  "language": "en",
+  "words": [
+    "Astro",
+    "Avalonia",
+    "backend",
+    "Bevy",
+    "codebase",
+    "dataview",
+    "devops",
+    "Django",
+    "Elasticsearch",
+    "Elixir",
+    "fenced",
+    "Firebase",
+    "frontend",
+    "Godot",
+    "Grafana",
+    "GraphQL",
+    "gRPC",
+    "Haskell",
+    "HTMX",
+    "Jotai",
+    "Kotlin",
+    "Kubernetes",
+    "Laravel",
+    "MAUI",
+    "memoization",
+    "mermaid",
+    "middleware",
+    "monospace",
+    "Nuxt",
+    "Obsidian",
+    "OpenTelemetry",
+    "ORM",
+    "ORMs",
+    "PostgreSQL",
+    "Prometheus",
+    "Recoil",
+    "refactoring",
+    "Remix",
+    "roadmap",
+    "RSC",
+    "Scala",
+    "Solidjs",
+    "Supabase",
+    "Svelte",
+    "SvelteKit",
+    "TanStack",
+    "Tauri",
+    "trpc",
+    "TypeScript",
+    "unidirectional",
+    "Vercel",
+    "Vite",
+    "Vitest",
+    "webhooks",
+    "wikilink",
+    "wikilinks",
+    "Zustand"
+  ],
+  "ignorePaths": [
+    "node_modules/**",
+    ".obsidian/**",
+    ".git/**",
+    "package.json",
+    "package-lock.json",
+    ".cspell.json"
+  ],
+  "ignoreRegExpList": [
+    "\\[\\[.*?\\]\\]",
+    "```[\\s\\S]*?```",
+    "`[^`]+`"
+  ],
+  "dictionaries": [
+    "typescript",
+    "node",
+    "npm",
+    "softwareTerms",
+    "companies",
+    "html",
+    "css"
+  ]
+}

.github/workflows/validate.yml

@@ -0,0 +1,86 @@
+name: Validate Content
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  lint:
+    name: Markdown Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run markdownlint
+        run: npm run lint
+
+  frontmatter:
+    name: Validate Frontmatter
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Validate frontmatter
+        run: npm run validate:frontmatter
+
+  wikilinks:
+    name: Validate Wikilinks
+    runs-on: ubuntu-latest
+    continue-on-error: true  # Don't fail on links to planned content
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Validate wikilinks
+        run: npm run validate:links
+
+  spellcheck:
+    name: Spell Check
+    runs-on: ubuntu-latest
+    continue-on-error: true  # Don't fail the build on spelling errors
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run spell check
+        run: npm run spell

.gitignore

@@ -1,3 +1,6 @@
+# Node
+node_modules/
+
 # Obsidian
 .obsidian/workspace.json
 .obsidian/workspaces.json

.markdownlint.json

@@ -0,0 +1,43 @@
+{
+  "default": true,
+  "MD001": true,
+  "MD003": { "style": "atx" },
+  "MD004": { "style": "dash" },
+  "MD007": { "indent": 2 },
+  "MD009": true,
+  "MD010": true,
+  "MD012": { "maximum": 2 },
+  "MD013": false,
+  "MD020": false,
+  "MD022": { "lines_above": 1, "lines_below": 1 },
+  "MD024": { "siblings_only": true },
+  "MD025": false,
+  "MD026": { "punctuation": ".,;:" },
+  "MD029": { "style": "ordered" },
+  "MD030": true,
+  "MD031": true,
+  "MD032": true,
+  "MD033": {
+    "allowed_elements": ["br", "details", "summary", "kbd", "sub", "sup"]
+  },
+  "MD034": true,
+  "MD035": { "style": "---" },
+  "MD036": false,
+  "MD037": true,
+  "MD038": true,
+  "MD039": true,
+  "MD040": false,
+  "MD041": false,
+  "MD042": true,
+  "MD044": false,
+  "MD045": false,
+  "MD046": { "style": "fenced" },
+  "MD047": true,
+  "MD048": { "style": "backtick" },
+  "MD049": { "style": "underscore" },
+  "MD050": { "style": "asterisk" },
+  "MD051": false,
+  "MD052": false,
+  "MD053": false,
+  "MD056": false
+}

API Design Patterns.md

@@ -10,7 +10,7 @@ tags:
   - backend
 type: reference
 status: complete
-created: 2025-11-28
+created: '2025-11-28'
 ---
 
 # API Design Patterns

Auth Standards & RFCs.md

@@ -13,7 +13,7 @@ tags:
   - standards
 type: reference
 status: complete
-created: 2025-11-30
+created: '2025-11-30'
 ---
 
 # Auth Standards & RFCs
@@ -182,6 +182,7 @@ Push authorization parameters to server before redirect.
 ```
 
 **Benefits:**
+
 - Keeps sensitive params off URL (logged, cached, leaked via Referer)
 - Enables pre-validation before user interaction
 - Required for FAPI (Financial-grade API)
@@ -244,6 +245,7 @@ SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
 | `jti` | JWT ID (unique identifier) |
 
 **Validation checklist:**
+
 - [ ] Verify signature (RS256 preferred over HS256)
 - [ ] Check `exp` not passed
 - [ ] Check `nbf` if present
@@ -347,6 +349,7 @@ token=eyJhbGciOiJSUzI1NiIs...
 ```
 
 **When to use:**
+
 - Opaque tokens (not self-contained)
 - Need real-time revocation check
 - Token details not in token itself
@@ -382,6 +385,7 @@ grant_type=urn:ietf:params:oauth:grant-type:token-exchange
 ```
 
 **Use cases:**
+
 - Impersonation (admin acting as user)
 - Delegation (service-to-service)
 - Token downscoping (reduce privileges)
@@ -524,6 +528,7 @@ Passwordless authentication using public key cryptography.
 ```
 
 **Benefits:**
+
 - Phishing-resistant (bound to origin)
 - No passwords to steal
 - Built into OS/browsers