fix: RockSolid audit — all 13 findings resolved by ahm3t0t · Pull Request #8 · CalmKernelTR/calmkerneltr.github.io

ahm3t0t · 2026-04-04T17:09:47Z

RockSolid Challenge — Full Audit Fix

All 13 findings from the repo audit resolved in a single PR.

Critical + High

#	Severity	Fix	Files
1	CRITICAL	Replace broken Next.js 404.html (removed abacus.ai script)	`404.html`
2	HIGH	Fix OG image path → `/og-image.png`	`index.html`, `en/index.html`
7	HIGH	Create privacy-policy pages (KVKK compliance)	`privacy-policy.html`, `en/privacy-policy.html`
8	HIGH	Restore LICENSE (proprietary)	`LICENSE`
9	HIGH	Fix CI — update Lighthouse URLs to actual pages, pin deps	`.github/workflows/ci.yml`

Medium

#	Fix	Files
3	Remove logos/ (~6.4MB unreferenced PNGs)	`logos/` deleted
4	Remove orphan fontello fonts	`assets/fonts/fontello.*` deleted
6	Verify .gitmem/ untracked	Already clean
10	Create README.md (current stack)	`README.md`
11	Restore SECURITY.md	`SECURITY.md`
12	Update .REPOMAP.md (Tailwind, not Bootstrap)	`.REPOMAP.md`
13	Add .gitattributes (EOL, binary markers)	`.gitattributes`

Low

#	Fix	Files
5	Fix "Turkce" → "Türkçe" typo	`en/index.html`

Additional

Tailwind CSS rebuilt for all 5 pages (index, en/index, privacy-policy, en/privacy-policy, 404)
CI dependencies pinned: html5validator==0.4.2, @lhci/cli@0.14.0
actions/checkout updated to @v6"

#1 [CRITICAL] Replace broken Next.js 404.html with static dark amber page #2 [HIGH] Fix OG image path (/assets/images/og-preview.png → /og-image.png) #3 [MEDIUM] Remove logos/ directory (~6.4MB unreferenced PNGs) #4 [MEDIUM] Remove orphan fontello.woff/woff2 #5 [LOW] Fix 'Turkce' → 'Türkçe' typo in en/index.html #6 [MEDIUM] .gitmem/ already untracked (verified) #7 [HIGH] Create privacy-policy.html (TR) + en/privacy-policy.html (EN) #8 [HIGH] Restore LICENSE (proprietary) #9 [HIGH] Fix CI workflow — update Lighthouse URLs to existing pages #10 [MEDIUM] Create README.md with current stack info #11 [MEDIUM] Restore SECURITY.md #12 [MEDIUM] Update .REPOMAP.md to reflect Tailwind/dark amber design #13 [MEDIUM] Add .gitattributes (EOL normalization, binary markers) Additional: Tailwind CSS rebuilt for all pages, pinned CI dependencies Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

chatgpt-codex-connector · 2026-04-04T17:09:54Z

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

coderabbitai · 2026-04-04T17:10:02Z

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fb4ffcbf-3ff1-448a-aa4c-8b9fc54ae884

📥 Commits

Reviewing files that changed from the base of the PR and between 08f0e41 and c49b68d.

📒 Files selected for processing (9)

.gitattributes
.github/workflows/ci.yml
404.html
assets/css/main.css
assets/js/cookie-consent.js
en/index.html
en/privacy-policy.html
index.html
privacy-policy.html

📝 Walkthrough

Summary by CodeRabbit

New Features
- Added Turkish and English privacy policy pages and improved cookie-consent behavior.
- Redesigned 404 page with new styling and navigation.
Updates
- New site design palette/typography and rebuilt styles/assets (Tailwind-based).
- Updated social preview images, corrected “Türkçe” label, and adjusted navigation targets/links.
Documentation
- Added README, SECURITY, LICENSE, repository map, and normalization attributes.

Walkthrough

Repository converted from a Next.js/Bootstrap site to a static HTML site using Tailwind CSS v4 and Font Awesome 6; removed several prior pages (tools, premium, blog), added privacy pages, docs (README/SECURITY/LICENSE), CI/workflow changes, a regenerated Tailwind build, and cookie-consent robustness fixes.

Changes

Cohort / File(s)	Summary
Repository map & docs `\.REPOMAP\.md`, `README\.md`, `SECURITY\.md`, `LICENSE`	Replaced repo map and added documentation, security policy, and proprietary license describing new site scope and stack.
Git & CI config `\.gitattributes`, `.github/workflows/ci.yml`	Added .gitattributes for EOL/linguist rules; updated CI checkout version and pinned html5validator/@lhci versions and Lighthouse URL set to match removed/added pages.
Static pages (root) `index.html`, `en/index.html`, `404.html`	Converted pages to Tailwind-styled static HTML: updated og/twitter image path, changed skip-to-content to Tailwind sr-only, adjusted navigation links/labels and mobile toggle script, and replaced Next.js 404 with a standalone static 404.
Privacy policy pages `privacy-policy.html`, `en/privacy-policy.html`	Added Turkish and English static privacy pages with meta (canonical/hreflang/OG), KVKK/GDPR content, contact details, and mobile menu JS.
Assets — CSS & JS `assets/css/main.css`, `assets/js/cookie-consent.js`, `src/input.css`, `assets/...`	Regenerated Tailwind v4 compiled CSS with new theme tokens/utilities; added cookie-consent assets and hardened cookie-consent script with try/catch guarding localStorage reads/writes.
Build/deploy assets & workflow files `favicon.svg`, `og-image.png`, `webfonts/...`, `.github/workflows/deploy.yml` (new path added in .REPOMAP)	Documented/added static assets and a GitHub Actions Pages deploy workflow entry referenced in repo map.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

feat: CalmKernel website redesign — Dark Amber theme (Stitch AI) #5: Appears to implement the same Tailwind "Dark Amber" redesign and overlapping edits to CSS, cookie-consent assets, and core HTML files.

Poem

🐰
From Next to Tailwind I hop and play,
Dark Amber dawns on a static day.
Privacy pages neat, cookie banner wise,
Fonts and deploys beneath amber skies.
Hopping on—site polished, cozy, and gay.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the primary objective: resolving all 13 audit findings, which is directly supported by the comprehensive changes across critical, high, medium, and low severity items.
Description check	✅ Passed	The description is highly detailed and directly related to the changeset, providing a well-organized breakdown of all 13 audit findings by severity with corresponding file changes and additional context.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch fix/rocksolid-audit-fixes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

gemini-code-assist

Code Review

This pull request migrates the CalmKernel corporate website to a new stack featuring Tailwind CSS v4 and Font Awesome 6, while adding essential documentation like a proprietary license, security policy, and privacy policies in both Turkish and English. Feedback includes optimizing the Tailwind build command with glob patterns, improving accessibility on the 404 page with a skip link, updating Font Awesome classes to version 6 standards, and adopting modern ES6+ syntax for JavaScript snippets.

gemini-code-assist · 2026-04-04T17:11:36Z

+python3 -m http.server 8000
+
+# Rebuild Tailwind CSS (requires standalone CLI)
+tailwindcss --input src/input.css --output assets/css/main.css --content "index.html,en/index.html,privacy-policy.html,en/privacy-policy.html,404.html" --minify


Instead of manually listing every HTML file in the Tailwind CLI command, use a glob pattern like "**/*.html". This ensures that any future pages added to the repository are automatically included in the CSS build process without requiring manual updates to the documentation or build scripts.

Suggested change

tailwindcss --input src/input.css --output assets/css/main.css --content "index.html,en/index.html,privacy-policy.html,en/privacy-policy.html,404.html" --minify

tailwindcss --input src/input.css --output assets/css/main.css --content "**/*.html" --minify

gemini-code-assist · 2026-04-04T17:11:36Z

+<body class="bg-zinc-950 text-zinc-300 font-body antialiased">
+
+  <div class="min-h-screen flex flex-col items-center justify-center px-6 text-center">


For consistency with the other pages in this PR (such as privacy-policy.html), consider adding a "Skip to content" link for improved accessibility (A11y). This allows users navigating with keyboards or screen readers to bypass the navigation header.

<body class="bg-zinc-950 text-zinc-300 font-body antialiased"> <a href="#main-content" class="skip-link" style="position:absolute;left:-9999px;top:auto;width:1px;height:1px;overflow:hidden;z-index:9999;padding:8px;background:#f59e0b;color:#000;text-decoration:none;font-weight:bold;">İçeriğe atla</a> <div id="main-content" class="min-h-screen flex flex-col items-center justify-center px-6 text-center">

gemini-code-assist · 2026-04-04T17:11:36Z

+          Contact
+        </a>
+        <button id="mobileMenuBtn" class="md:hidden text-white text-xl" aria-label="Open menu" aria-expanded="false" aria-controls="mobileMenu">
+          <i class="fa fa-bars"></i>


Use the Font Awesome 6 solid category class fas (or fa-solid) instead of the legacy fa class for consistency with other icons in the project and adherence to FA6 standards.

Suggested change

gemini-code-assist · 2026-04-04T17:11:36Z

+      var menu = document.getElementById('mobileMenu');
+      btn.addEventListener('click', function() {
+        var open = menu.classList.toggle('hidden');
+        btn.setAttribute('aria-expanded', !open);


Use const and let instead of var to adhere to modern JavaScript (ES6+) best practices. This provides better scoping and prevents issues related to variable hoisting.

Suggested change

var menu = document.getElementById('mobileMenu');

btn.addEventListener('click', function() {

var open = menu.classList.toggle('hidden');

btn.setAttribute('aria-expanded', !open);

const btn = document.getElementById('mobileMenuBtn');

const menu = document.getElementById('mobileMenu');

btn.addEventListener('click', function() {

const open = menu.classList.toggle('hidden');

gemini-code-assist · 2026-04-04T17:11:36Z

+        </a>
+        <!-- Mobile menu button -->
+        <button id="mobileMenuBtn" class="md:hidden text-white text-xl" aria-label="Menüyü aç" aria-expanded="false" aria-controls="mobileMenu">
+          <i class="fa fa-bars"></i>


Use the Font Awesome 6 solid category class fas (or fa-solid) instead of the legacy fa class for consistency with other icons in the project and adherence to FA6 standards.

Suggested change

gemini-code-assist · 2026-04-04T17:11:36Z

+      var menu = document.getElementById('mobileMenu');
+      btn.addEventListener('click', function() {
+        var open = menu.classList.toggle('hidden');
+        btn.setAttribute('aria-expanded', !open);


Use const and let instead of var to adhere to modern JavaScript (ES6+) best practices. This provides better scoping and prevents issues related to variable hoisting.

Suggested change

var menu = document.getElementById('mobileMenu');

btn.addEventListener('click', function() {

var open = menu.classList.toggle('hidden');

btn.setAttribute('aria-expanded', !open);

const btn = document.getElementById('mobileMenuBtn');

const menu = document.getElementById('mobileMenu');

btn.addEventListener('click', function() {

const open = menu.classList.toggle('hidden');

blocksorg · 2026-04-04T17:13:19Z

+        <a class="text-zinc-400 hover:text-amber-400 transition-all duration-300" href="/#products">Ürünler</a>
+        <a class="text-zinc-400 hover:text-amber-400 transition-all duration-300" href="/#open-source">Açık Kaynak</a>
+        <a class="text-zinc-400 hover:text-amber-400 transition-all duration-300" href="/#about">Hakkımızda</a>
+        <a class="text-zinc-400 hover:text-amber-400 transition-all duration-300" href="/blog/bigfive-v6.1.0.html">Blog</a>


Broken nav link — /blog/bigfive-v6.1.0.html does not exist (Severity 7)

Both the desktop nav (href="/blog/bigfive-v6.1.0.html") and the mobile menu (line ~62) link to a blog page that is not in the repository. git ls-tree on main shows no blog/ directory exists.

This is a pre-existing issue carried from index.html, but the new privacy-policy pages replicate it into two additional pages. Visitors clicking "Blog" from the privacy policy page will hit a 404.

Suggested fix: either remove the Blog nav link until blog pages exist, or replace it with an existing page (e.g., link to the home page's open-source section with /#open-source). The same fix should be applied to en/privacy-policy.html.

blocksorg · 2026-04-04T17:13:26Z

+        <a class="text-zinc-400 hover:text-amber-400 transition-all duration-300" href="/en/#products">Products</a>
+        <a class="text-zinc-400 hover:text-amber-400 transition-all duration-300" href="/en/#open-source">Open Source</a>
+        <a class="text-zinc-400 hover:text-amber-400 transition-all duration-300" href="/en/#about">About</a>
+        <a class="text-zinc-400 hover:text-amber-400 transition-all duration-300" href="/en/blog/bigfive-v6.1.0.html">Blog</a>


Broken nav link — /en/blog/bigfive-v6.1.0.html does not exist (Severity 7)

Same issue as privacy-policy.html: the Blog link in both desktop nav and mobile menu points to /en/blog/bigfive-v6.1.0.html, which does not exist in the repo. Clicking it from the live EN privacy policy page will result in a 404.

Please remove or replace this link alongside the fix in privacy-policy.html.

From prior PRs (open findings): - Skip link visible on focus (sr-only + focus:not-sr-only) — CodeRabbit - aria-expanded state corrected (isHidden logic) — Blocks - localStorage try-catch wrapper — Gemini From PR #8 reviews: - Blog nav links → # (page doesn't exist yet) — CodeRabbit/Blocks/Devin - Tools footer → /#products anchor — Devin - 404.html skip link added — Gemini - fa → fas class (FA6) — Gemini - var → const/let (ES6) — Gemini - .gitattributes *.yaml added — CodeRabbit - CI Lighthouse EN privacy page added — CodeRabbit All pages: index, en/index, privacy-policy, en/privacy-policy, 404 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

gemini-code-assist Bot reviewed Apr 4, 2026

View reviewed changes

blocksorg Bot reviewed Apr 4, 2026

View reviewed changes

This comment was marked as resolved.

Sign in to view

ahm3t0t merged commit 70ec406 into main Apr 4, 2026
3 of 5 checks passed

	tailwindcss --input src/input.css --output assets/css/main.css --content "index.html,en/index.html,privacy-policy.html,en/privacy-policy.html,404.html" --minify
	tailwindcss --input src/input.css --output assets/css/main.css --content "*/.html" --minify

		<body class="bg-zinc-950 text-zinc-300 font-body antialiased">

		<div class="min-h-screen flex flex-col items-center justify-center px-6 text-center">

Conversation

ahm3t0t commented Apr 4, 2026 • edited by devin-ai-integration Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

RockSolid Challenge — Full Audit Fix

Critical + High

Medium

Low

Additional

Uh oh!

chatgpt-codex-connector Bot commented Apr 4, 2026

Uh oh!

coderabbitai Bot commented Apr 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review failed

Summary by CodeRabbit

Walkthrough

Changes

Estimated code review effort

Possibly related PRs

Poem

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist Bot Apr 4, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot Apr 4, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot Apr 4, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot Apr 4, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot Apr 4, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist Bot Apr 4, 2026

Choose a reason for hiding this comment

Uh oh!

blocksorg Bot Apr 4, 2026

Choose a reason for hiding this comment

Uh oh!

blocksorg Bot Apr 4, 2026

Choose a reason for hiding this comment

Uh oh!

This comment was marked as resolved.

Uh oh!

This comment was marked as resolved.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

ahm3t0t commented Apr 4, 2026 •

edited by devin-ai-integration Bot

Loading

coderabbitai Bot commented Apr 4, 2026 •

edited

Loading