CI, test suite, and free-tier LLM guard wired up for the finance fork

Archibald312 laid down the infrastructure a hard fork needs to run independently: a four-job GitHub Actions pipeline, 57 unit tests, five Playwright e2e specs, and a guard that blocks customer documents from free-tier Gemini unless you explicitly opt in.

infrastructuresecurity

The CI workflow runs lint, unit tests, e2e tests, and a dependency audit in parallel on every push and PR to main. In-progress cancellation keeps rapid pushes from stacking runners. Artifacts upload on failure for triage.

The unit suite covers auth middleware, access guards for projects, documents, and reviews, and AES-256-GCM encryption for stored API keys. Everything is mocked against Supabase so the suite stays under a second. The Playwright specs cover auth, projects, documents, chat, and tabular flows against real dev servers on CI runners.

The free-tier Gemini guard is the most operationally significant piece. Free-tier model traffic can be used for training; the guard makes routing customer documents there an explicit opt-in via env-var allowlist rather than a silent default. That's a privacy posture decision baked into the build.

An npm audit fix cleared three high-severity transitive vulns in xmldom, fast-xml-builder, and protobufjs. A FORK.md documents the upstream relationship, hard-fork strategy, AGPL-3.0 obligations, branching conventions, and a do-not-PR-to-upstream warning. The pre-merge checklist called out seven required secrets and branch protection rules to configure post-merge.

So what Worth examining if you're forking and need a CI baseline with the free-tier model privacy guard already in place. The AES-256-GCM API-key encryption and the three vuln fixes are also extractable without adopting the whole setup. Skip if you're not on a hard-fork path - the `FORK.md` and workflow structure are scoped to that intent.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?