Skip to content

chore: add pnpm hardening, pin GH Actions, and LLM docs#116

Merged
kelsos merged 4 commits intorotki:mainfrom
kelsos:feature/llms-txt
Apr 9, 2026
Merged

chore: add pnpm hardening, pin GH Actions, and LLM docs#116
kelsos merged 4 commits intorotki:mainfrom
kelsos:feature/llms-txt

Conversation

@kelsos
Copy link
Copy Markdown
Member

@kelsos kelsos commented Apr 9, 2026

Summary

  • Add pnpm-workspace.yaml with security hardening settings (trustPolicy, strictDepBuilds, blockExoticSubdeps, saveExact, shellEmulator, minimumReleaseAge)
  • Update Renovate config: pin dependencies, 7-day minimum release age, fix Node.js version constraint (22→24), add helpers:pinGitHubActionDigests
  • Pin all GitHub Actions to commit SHAs and add restrictive permissions blocks (fixes zizmor warnings)
  • Upgrade pnpm/action-setup v4→v5, actions/deploy-pages v4→v5, crate-ci/typos master→v1.45.0
  • Update Vue monorepo 3.5.30→3.5.31, pnpm 10.32.1→10.33.0
  • Add vitepress-plugin-llms to generate llms.txt and llms-full.txt at build time following the llmstxt.org standard

Test plan

  • pnpm lint passes
  • pnpm build succeeds and generates llms.txt (74 lines) and llms-full.txt (~7k lines) in dist
  • zizmor reports 0 findings on all workflows
  • CI passes on PR
  • Verify llms.txt and llms-full.txt are served correctly after deploy

kelsos added 4 commits April 9, 2026 10:38
@kelsos
chore: add pnpm hardening and update renovate config
5a8d6e3 
Add pnpm-workspace.yaml with security hardening settings and update
renovate to pin dependencies and enforce minimum release age.
@kelsos
chore: pin GitHub Actions to commit SHAs and fix permissions
5fea450 
Pin all GitHub Action references to full commit SHAs for supply chain
security. Upgrade pnpm/action-setup v4→v5, actions/deploy-pages v4→v5,
and crate-ci/typos master→v1.45.0. Add restrictive top-level permissions
to fix zizmor excessive-permissions warnings. Add
helpers:pinGitHubActionDigests to renovate to maintain pins.
@kelsos
chore: update Vue monorepo to 3.5.31 and pnpm to 10.33.0
2f9ff9f 
Update vue, @vue/compiler-sfc, and @vue/runtime-dom from 3.5.30 to
3.5.31. Bump pnpm packageManager to 10.33.0. Add vite to
trustPolicyExclude due to publish attestation type change in 5.4.21.
@kelsos
feat: add LLM-friendly documentation via vitepress-plugin-llms
fe8f012 
Generate llms.txt index and llms-full.txt concatenated docs at build
time, following the llmstxt.org standard for LLM consumption.
@kelsos kelsos merged commit fe8f012 into rotki:main Apr 9, 2026
5 checks passed
@kelsos kelsos deleted the feature/llms-txt branch April 9, 2026 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kelsos