nirukk52 · nirukk52 · Nov 14, 2025 · Nov 14, 2025 · Nov 14, 2025 · Nov 14, 2025
diff --git a/.cursor/commands/qa/Taskfile.yml b/.cursor/commands/qa/Taskfile.yml
@@ -110,16 +110,27 @@ tasks:
       - cd ../../../frontend && bun run test:e2e:ui
     silent: false
 
-  # Complete test suite
+  # Complete QA suite (THE definitive quality check)
   all:
-    desc: "Complete test suite (smoke + lint + typecheck + unit + e2e)"
-    cmds:
+    desc: "Complete QA suite (fix + rules + smoke + lint + typecheck + unit + e2e)"
+    cmds:
+      - echo "🎯 Running comprehensive QA suite..."
+      - echo ""
+      - task: fix
+      - echo ""
+      - task: rules:check
+      - echo ""
       - task: smoke
+      - echo ""
       - task: lint
+      - echo ""
       - task: typecheck
+      - echo ""
       - task: unit
+      - echo ""
       - task: e2e
-      - echo "🎉 All tests passed!"
+      - echo ""
+      - echo "🎉 All QA checks passed!"
     silent: false
 
   # Appium (mobile testing)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,139 @@
+# GitHub Actions CI Workflow
+#
+# Status: ACTIVE
+# Purpose: Run comprehensive QA suite on every push/PR
+#
+# This workflow uses the unified `task qa:all` command.
+# Mirrors Husky pre-push hook exactly (same commands, same checks).
+
+name: CI
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+jobs:
+  # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  # Comprehensive QA Suite (mirrors pre-push hook)
+  # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  # Command: cd .cursor && task qa:all
+  # Includes: fix, rules, smoke, lint, typecheck, unit, e2e
+
+  qa-all:
+    name: QA Suite (fix + rules + smoke + lint + typecheck + unit + e2e)
+    runs-on: ubuntu-latest
+    env:
+      ENCORE_AUTH_TOKEN: ${{ secrets.ENCORE_AUTH_TOKEN }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install go-task
+        run: |
+          sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
+          task --version
+
+      - name: Setup bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install Encore CLI
+        run: |
+          curl -L https://encore.dev/install.sh | bash
+          echo "$HOME/.encore/bin" >> $GITHUB_PATH
+
+      - name: Authenticate with Encore Cloud
+        run: |
+          if [ -z "$ENCORE_AUTH_TOKEN" ]; then
+            echo "⚠️  WARNING: ENCORE_AUTH_TOKEN not set in GitHub Secrets"
+            echo "   Encore builds requiring secrets will fail"
+            echo "   To fix: Add your Encore auth token as a GitHub Secret named 'ENCORE_AUTH_TOKEN'"
+            exit 1
+          else
+            echo "🔐 Authenticating with Encore Cloud..."
+            encore auth login --token "$ENCORE_AUTH_TOKEN"
+            echo "✅ Encore authentication successful"
+          fi
+
+      - name: Install Backend Dependencies
+        run: cd backend && bun install
+
+      - name: Install Frontend Dependencies
+        run: cd frontend && bun install
+
+      - name: Install Playwright Browser Binaries
+        run: cd frontend && bunx playwright install --with-deps chromium
+
+      - name: Start Backend
+        run: |
+          cd backend
+          encore run &
+          echo "Waiting for backend to be ready..."
+          timeout 60 bash -c 'until curl -sf http://localhost:4000/health > /dev/null; do sleep 2; done'
+
+      - name: Start Frontend
+        run: |
+          cd frontend
+          bun run dev &
+          echo "Waiting for frontend to be ready..."
+          timeout 60 bash -c 'until curl -sf http://localhost:5173 > /dev/null; do sleep 2; done'
+
+      - name: Run Complete QA Suite
+        run: cd .cursor && task qa:all
+
+# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+# Implementation Notes:
+# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+#
+# SIMPLICITY: Single job runs `task qa:all` - same as pre-push hook
+# MIRRORS LOCAL: Exact same command developers run locally
+# DRY: No duplication - all logic in .cursor/commands/qa/Taskfile.yml
+#
+# What `task qa:all` runs:
+# 1. qa:fix       - Auto-fix linting/formatting
+# 2. qa:rules     - Validate founder rules (no console.log, no any, American spelling)
+# 3. qa:smoke     - Health checks (backend + frontend)
+# 4. qa:lint      - Linting (backend + frontend)
+# 5. qa:typecheck - TypeScript validation (frontend)
+# 6. qa:unit      - Unit tests (backend only - encore test)
+# 7. qa:e2e       - E2E tests (frontend Playwright)
+#
+# Dependencies:
+# - go-task      - Taskfile runner
+# - bun          - Package manager
+# - Node.js      - Automation scripts
+# - Encore CLI   - Backend runtime
+#
+# Environment:
+# - Uses standard ports from .env (4000 backend, 5173 frontend)
+# - In-memory database for tests
+# - ENCORE_AUTH_TOKEN: GitHub Secret required for accessing Encore Cloud secrets
+#
+# GitHub Secrets Setup:
+# 1. Go to: Settings → Secrets and variables → Actions
+# 2. Create new secret: ENCORE_AUTH_TOKEN
+# 3. Get token from: encore auth token (run locally)
+# 4. Paste into GitHub Secrets
+#
+# Testing before activation:
+# 1. Create feature branch
+# 2. Rename to ci.yml
+# 3. Push to trigger workflow
+# 4. Verify qa:all passes
+# 5. Merge to main
+
+# Validation checklist when modifying:
+# 1. Create feature branch
+# 2. Push to trigger workflow
+# 3. Confirm qa:all passes in GitHub Actions
+# 4. Merge to main after review
+
diff --git a/.github/workflows/ci.yml.scaffold b/.github/workflows/ci.yml.scaffold
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -1,17 +1,16 @@
 #!/bin/sh
 # Husky pre-commit hook
-# Auto-fixes and validates code before allowing commit
+# Comprehensive QA suite BEFORE commit (coding agent safety)
+# 
+# WHY REDUNDANT: Coding agents can bypass guards and commit directly.
+# Running qa:all here ensures quality checks at EVERY commit.
 
-# Auto-fix linting and formatting
-echo "🔧 Auto-fixing code quality issues..."
-(cd .cursor && task qa:fix) || exit 1
-
-# Run the full QA suite (linting, testing, etc.)
-echo "🛠️ Running comprehensive QA checks..."
+echo "🛠️ Running comprehensive QA suite before commit..."
+echo "   (Redundant with pre-push for coding agent safety)"
+echo ""
 (cd .cursor && task qa:all) || exit 1
 
-# Validate founder rules
-echo "📋 Validating founder rules..."
-(cd .cursor && task qa:rules:check) || exit 1
+echo ""
+echo "✅ Pre-commit checks passed!"