Skip to content

PinZheng(config): promote dev to main#267

Closed
Ducksss wants to merge 57 commits into
mainfrom
PinZheng/promote-dev-to-main-266
Closed

PinZheng(config): promote dev to main#267
Ducksss wants to merge 57 commits into
mainfrom
PinZheng/promote-dev-to-main-266

Conversation

@Ducksss

@Ducksss Ducksss commented Jul 13, 2026

Copy link
Copy Markdown
Owner

Summary

Promote the complete reviewed dev snapshot to main as one atomic production release.

  • dev commit: f9d09bec78f0ce4075fe8853b695dd56846144e5
  • promotion commit: 0b95f258db01bcddd06fc582784d164da1a7d930
  • shared tree: 2a21c064fce8e6e241ec3629dfe5c64473abb35e
  • production delta: 149 files, 5,193 insertions, 542 deletions

The promotion commit records both current main and reviewed dev as parents. Its file tree is byte-for-byte identical to dev; there are no promotion-only source changes.

Final review remediation

The last review cycle was merged through #266 after addressing every valid finding:

  • migration guidance now accompanies stable Payload dbName identifiers
  • subprocess stdin cleanup handles real early-close EPIPE safely
  • release-gate tests pin the production build command and default-port isolation
  • verification docs distinguish deterministic fixtures, fresh consumers, and the release gate
  • the component template requires all four fresh-consumer smoke shards
  • terminal version assertions now distinguish manifest and CLI versions correctly

Validation already green on the exact dev tree

  • pnpm test:release
    • lint, generated source, TypeScript, registry reproducibility/schema
    • 117 integration tests passed, 1 skipped
    • production Next.js build completed (275 pages)
    • 99 Playwright tests passed
  • GitHub Registry Verification pr-gate
    • quick checks
    • Node 20 compatibility
    • release gate
    • fresh Payload smoke shards 0, 1, 2, and 3
  • both Vercel deployment previews
  • git diff --exit-code HEAD origin/dev
  • git diff --check origin/main HEAD

Promotion policy

This PR intentionally promotes all of dev together. It does not cherry-pick a partial release, so the reviewed fixes and their tests remain coupled to the behavior they protect.

Ducksss and others added 30 commits June 19, 2026 14:46
Adds a `blog` collection (defineCollections + author/date frontmatter) alongside
the existing docs collection, a flat `/blog/[slug]` post route and `/blog` index
card grid styled to the shadcn + emerald brand, RootProvider/SiteHeader layout,
and Blog nav links. Seeds two real posts bylined Ducksss: a friendly "Hello"
welcome and an "Anatomy of an install" deep-dive.

zod is promoted to a direct devDependency (4.4.3, the version fumadocs-core
already resolves) so the blog frontmatter schema can extend pageSchema. The blog
is independent of the docs llms.txt/geo contract.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Summary:
- Bump TypeScript from 5.7.3 to 5.9.3 and refresh pnpm lock.
- Bump registry verification failure artifact uploads to v7.

Rationale:
- Keep Dependabot maintenance updates on dev with a small scoped diff.
- Next is already at 16.2.6 on dev, so no package diff was needed.

Tests:
- pnpm install --frozen-lockfile
- pnpm build
- E2E_PORT=3100 pnpm test:release (fails locally: e2e route sweep
  timeout and Darwin homepage snapshot delta; lint, source build,
  typecheck, registry check, and integration tests passed before e2e)
- E2E_PORT=3100 pnpm exec cross-env NODE_OPTIONS="--no-deprecation
  --import=tsx/esm" playwright test --config=playwright.config.ts
  tests/e2e/frontend.e2e.spec.ts -g "landing page keeps its desktop
  and mobile visual contract" (fails locally: same Darwin snapshot delta)
Import the tailark "faqs" category as Payload Components, adapted to the
site's light/emerald token system. Ships 6 distinct structural variants —
faq-accordion, faq-split, faq-card, faq-icons, faq-grouped, faq-grid —
each with source config + Component, manifest, registry entry, docs page,
and demo twin. Shared family code: faqFields.ts and faqIcons.ts (icon-name
select → lucide map, mirroring the Content family's contentIcons pattern).

Activates the previously-empty `faq` catalog category, registers the FAQ
docs sidebar family, and bumps the page-block count 38 → 44 (copy + guard).
Adds `accordion` to the public shadcn dependency allowlist so the accordion
variants pass the registry import-derivation test.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Summary:
- Replace public alpha labels with neutral open-source and MIT copy.
- Rename the internal alpha component template to component-template.
- Refresh homepage screenshots for the visible copy changes.

Rationale:
- The site, CLI, docs, and package metadata should not present the
  project as alpha.
- The template rename prevents future component docs from reintroducing
  alpha language.

Tests:
- rg -n -i "\\balpha\\b|alpha-" --glob '!node_modules/**' --glob '!public/r/**' --glob '!.next/**' --glob '!test-results/**'
- git diff --check
- pnpm lint
- pnpm exec tsc --noEmit
- pnpm run test:int
- pnpm run test:e2e
- pnpm test:registry
- pnpm build
Summary:
- Merge the alpha messaging cleanup on top of latest dev.
- Resolve homepage snapshot conflicts against the current FAQ catalog state.
- Remove newly introduced FAQ alpha status fields from component metadata.

Rationale:
- Dev should not expose public alpha labels in copy, CLI output, docs,
  metadata, or internal templates.
- Regenerated snapshots reflect the merged landing page rather than either
  side of the binary conflict.

Tests:
- pnpm test:release
Make the @payload-components registry submission-ready for the official shadcn
registry directory — all 44 items, including the FAQ family merged from dev.

- Replace the <your-domain> placeholder with https://www.payload-components.xyz
  across every item's docs URL; point registry.json homepage at the live site.
- Add a registry:validate gate (ajv + vendored shadcn draft-07 schemas) folded
  into test:registry, since shadcn@4.7.0 has no validate command.
- Document the @payload-components namespace install path in the install/registry
  docs and README.
- Stage the shadcn-ui/ui directory entry + submission steps in AGENTS.md.

Verified locally: registry reproducible + schema-valid (44 items), lint, tsc,
test:int (68 passed). Landed via admin merge (dev's review gate is
unsatisfiable for the sole owner; the Registry Verification workflow
startup-fails repo-wide and Vercel was rate-limited).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Summary:
- Rework the README around open-source SaaS-style positioning.
- Add the existing social card, contributor links, and community framing.
- Split consumer install guidance from local repository setup.

Rationale:
- The README is the front door for contributors and early adopters.
- Keeping the content MIT-first and community-first avoids stale commercial
  framing while making the install contract easier to scan.

Tests:
- pnpm lint
- git diff --check -- README.md
- curl -fsSI https://www.payload-components.xyz/opengraph-image
- rg stale commercial framing scan
Summary:
- Update FAQ registry, manifest, and installed Payload labels to use the
  proper acronym capitalization.
- Add the new FAQ slugs to CLI help and correct the blog component count.
- Clip page-level horizontal overflow and refresh the stale Linux landing
  desktop screenshot baseline.
- Document why TypeScript remains pinned to 5.x until the tsconfck peer
  range supports TypeScript 6.

Rationale:
- The PR was fast-forwardable but blocked by release-gate visual and
  overflow failures plus review metadata drift.
- Keeping TypeScript 5.x avoids shipping an unmet peer dependency from
  vite-tsconfig-paths through tsconfck.

Tests:
- pnpm test:release
Summary:
- Replace the stale Linux mobile landing screenshot baseline with the
  release-gate actual image from PR #152.

Rationale:
- The Linux mobile baseline was still taller than the current rendered
  landing page, matching the same stale-baseline issue fixed for desktop.
- The actual image was stable across CI retries.

Tests:
- pnpm test:release
- verified CI artifact actual image was stable across retries
…ift (#153)

* repo(chore): close CI visual-regression gap and clear review bloat/drift

Repo review follow-ups (no behavior change to the shipped site or CLI):

- CI visual gap: the components-visual suite silently skipped on every CI
  run (only darwin baselines existed; CI is linux). Add a visual-baselines
  workflow_dispatch that mints per-platform baselines in the CI renderer and
  opens a PR, plus a coverage guard that fails loudly once a platform is
  minted but a component lacks a baseline (instead of silently skipping).
- Drop 3 dead pnpm.overrides (dompurify, drizzle-orm, uuid): Payload-runtime
  residue with no package in the lockfile.
- Remove the unreachable layout='stack' branch in ComponentFamilyHeader.
- Derive the not-found 'Known components' list from componentEntries.
- Guard componentFamilies.posts.countLabel (the one unguarded catalog count).
- Hoist the duplicated baseManifest into a dependency-free manifest-factory
  module (the two copies had drifted; import-light so it can't defeat the
  manifest spec's mock).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* ci(fix): restore actions/upload-artifact@v4 (v7 doesn't exist)

PR #146 bumped upload-artifact v4→v7, but that major doesn't exist. An
unresolvable action reference makes the workflow fail at startup
(startup_failure, 0s), which has blocked every dev push and PR gate since
that merge. Restore the known-good v4.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* Revert "ci(fix): restore actions/upload-artifact@v4 (v7 doesn't exist)"

This reverts commit d1392ea.

* test(ci): refresh stale linux landing baseline (desktop)

The linux landing baselines went stale during the day the CI gate was down
(broken allowlist): the family-teaser landing change shrank the page, the
darwin baseline was refreshed but linux never was. This restores the desktop
linux baseline from the gate's own actual render; mobile follows.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(ci): refresh stale linux landing baseline (mobile)

Companion to the desktop refresh: restores the mobile linux landing baseline
from the gate's own actual render (390x14444, matching the current darwin
baseline). Both linux landing baselines now reflect the family-teaser landing.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
The renderBlocks/pagesLayout patcher deduped on exact full lines while the
verifier checked loose substrings, so the two could disagree. A consumer whose
anchor region was reformatted (Prettier reflow, hand-edit, double quotes, no
trailing comma) could slip past the writer's exact-line dedup — appending a
duplicate object key / import — while the verifier still reported it present,
so 'add' wrote a broken RenderBlocks.tsx and 'doctor' called it healthy.

Give apply (dedup) and verify one shared structural matcher per fragment
(tolerant of quote style, trailing semicolons, indentation, spacing) so they
can't disagree. Adds a regression test that pre-seeds a reformatted
registration and asserts apply doesn't duplicate it and verify reads it present.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…160)

installedFiles was recorded in .payload-components/state.json but never read
for any decision — add/doctor re-derive install validity from the manifest, so
the stored copy was just a duplicate of manifest.files that could only drift.
Remove it from the state entry type, the three record functions, the v1->v2
migration, normalizeState, and the install assertions/specs.

Backward-compatible: normalizeState no longer reads the field, so existing v2
state files that still carry it load fine (the dead field is ignored on read).
No state version bump.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
)

Ports tailark's MIT comparator category as comparator-table, comparator-grid, and comparator-stack — new comparator page-family, page-block count 44 to 47.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…count (#172)

* registry(fix): use canonical www URL for comparator install commands

The Comparator family (#158) shipped its three registry-item docs with the
literal https://<your-domain>/r/comparator-*.json placeholder, and its three
MDX manual-install snippets used the bare apex https://payload-components.xyz
(no www). Every other one of the 44 published items uses the canonical
https://www.payload-components.xyz that #150/#155 standardized on; the
placeholder is a copy-pasteable-but-broken install command and the bare apex
is inconsistent.

Replace both with https://www.payload-components.xyz in the three comparator
entries of payload-components/registry.json and the three comparator docs
pages. Source-only change; public/r/*.json is gitignored and rebuilt from this
source by registry:build.

Found during the dev->main promote review (PR #162).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* a11y(comparator): label state icons + table headers, refresh blog count

- Add role="img" + aria-label ("Included"/"Not included") to the Check/Minus
  state icons in all three Comparator blocks so screen readers announce the
  yes/no meaning of each matrix cell (previously icon-only).
- Add scope="col" to the ComparatorTable plan header cells.
- Bump the (non-test-pinned) blog copy "About 44" -> "About 47" page blocks to
  match the count now installable after the Comparator family.

Attribute-only on the block source (no className change), so the demo-twin
class-mirror guard is unaffected and the visual baselines are unchanged; the
blog count is prose, not a pinned assertion.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…163)

Code-review remediation (P1 hardening + P2 trims + a11y gate):

- a11y: add tests/e2e/a11y.e2e.spec.ts (axe-core WCAG 2.1 A/AA over
  /, /docs, /components; serious+critical). Fixes it surfaced: darken
  --muted-foreground 50%->46% (was 4.41:1, sub-AA), text-brand-600 on
  light-emerald catalog pills, raise reduced-opacity small labels to full
  opacity, logo placeholders /55->/70, tabIndex on scrollable code blocks.
- cli: atomic state writes (temp+rename) + corrupt-state fallback in
  loadState; fix latent shared-defaultState mutation (createDefaultState
  factory). Add fragment-patching failure-mode tests.
- ci: unify GitHub Action versions across workflows; main-only push gate;
  add fast-fail quick-checks (lint+tsc) job.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…159)

* components(feat): add testimonials family (6 tailark-derived blocks)

Imports the distinct testimonial layouts from tailark/blocks (MIT),
re-implemented as wired Payload blocks in this repo's idiom (Media
avatars, editable fields, light tokens): testimonials-quote, -spotlight,
-grid, -rating, -bento, -wall. Full contract each — source, manifest,
registry entry, demo twin, docs — plus catalog, count (38->44),
family-teaser, and enumeration wiring.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(ci): raise e2e dev-server heap to clear route-loop OOM

The frontend route-loop (frontend.e2e:159) visits every component doc
page against `next dev`; at 50 routes the dev server hit its memory
threshold and restarted mid-test (ERR_CONNECTION_RESET on the last
routes), failing the linux release gate even through retries:2. Bump
--max-old-space-size to 8192 for the dev server so it doesn't restart
while compiling all routes in one pass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(chore): mint darwin landing baseline for testimonials teaser

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(ci): mint linux landing baseline for testimonials teaser

Rendered on the ubuntu gate via the visual-baselines workflow so the
landing visual test compares (not fails) on the linux release gate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(ci): raise e2e dev-server heap to 12GB for the 53-route loop

8192MB held at 50 routes but the dev server still hit its memory
threshold and restarted at 53 (faq+comparator+testimonials), resetting
mid-route-loop. Give real headroom on the 16GB CI runner.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Serves /google44d8f9f26e2e2367.html for the new GSC property,
alongside the existing googleda94848bf7de62aa.html and BingSiteAuth.xml.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…#181)

* catalog(chore): reorder /components to showcase best components first

Lead the catalog with the most-wanted, most visually striking blocks.
Categories now rank landing-page essentials first: Hero, Features,
Comparator (pricing), Call to action, then social proof (Integration,
Logo cloud, Testimonials), then FAQ, then the deep Content set,
trailing Team and Embed. Within each category the showpiece variant
(per familyRepresentatives) leads.

Applied consistently across the wall + sidebar (componentEntries,
componentCategories) and the docs nav (FAMILIES); the landing teaser
inherits componentCategories order automatically. Pure data reorder of
all 53 page blocks — no schema/logic change. Fixes the prior
wall/sidebar disagreement, surfaces Comparator (was last) and
Testimonials, and de-emphasizes the single-purpose Embed (was 3rd).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(chore): mint Linux visual baselines (frontend)

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Applies the genuinely-new increments from the four Dependabot PRs (#167-#170)
directly on dev, the integration branch, since merging them into main would be
reverted by the next dev->main promote.

- actions/checkout v6 -> v7 across all workflows (lockstep, allowlist admits v7)
- cross-env ^7.0.3 -> ^10.1.0 (minimal lockfile delta: +@epic-web/invariant)

setup-node@v6 and pnpm/action-setup@v6 (#168, #169) were already on dev, so
those PRs are redundant. Also points Dependabot at dev (target-branch) so future
bumps land on the integration branch instead of main.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Resolves all six open Dependabot security alerts (undici < 7.28.0):
- CVE-2026-6734, CVE-2026-9697 (high)
- CVE-2026-9679, CVE-2026-9678 (medium)
- CVE-2026-11525, CVE-2026-6733 (low)

undici is an optional transitive of the jsdom/test chain; the parent range
already admits 7.28.0, so a plain re-resolve picks it up (no override needed).
The sibling bumps are all within that same optional cluster.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Lands @highoncomputers' #173 onto dev. Resolves #138.

Co-authored-by: highoncomputers <highoncomputers@users.noreply.github.com>
Print stage-specific recovery guidance when `payload-components add` fails
mid-install, a "retrying partial install" notice when re-running a partial
entry, and owned/patched file detail in `payload-components doctor`. Docs in
both READMEs cover fix-and-retry without deleting patched host files.

Rebuilds the intent of #94 on the current install-state model: owned files
come from `manifest.files` and patched files from the existing patchedFiles
var / `entry.patchedFiles` (the `installedFiles` field #94 relied on was
removed from the state model).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Clarify that `payload-components init` delegates to `shadcn init` to create the `components.json` baseline, and that `payload-components add` expects that baseline and does not run init automatically as a side effect.

Lands the docs fix from #165 with authorship preserved for @tysoul574-spec.

Closes #104

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…190)

* frontend(feat): redesign logo as terminal prompt + block-cursor mark

Replace the bare > glyph with a geometric prompt chevron + block cursor,
drawn as a real SVG so the header, favicon, and OG image share one mark.
Retires the Payload-CMS-style favicon.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(chore): mint Linux visual baselines (frontend.e2e) (#189)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Fills the previously-empty Pricing catalog family with five field-driven
Payload blocks, retokenized from tailark/blocks (MIT) onto the light
monochrome + emerald system: pricing-cards (showpiece), pricing-cards-muted,
pricing-cards-cta, pricing-split, and pricing-enterprise (editable Media
logo wall). Shared pricingFields/planFields keep the family from drifting.

Wires the full add-a-family contract against current dev (58 page blocks):
5 block sources + shared fields, 5 manifests, 5 registry.json items
(registryDeps matched to imports), 5 class-mirrored demo twins + demo
content, catalog entries inserted at the curated rank (after Comparator),
FAMILIES docs-nav entry, count pins (53->58) across site.ts/about/tests,
cli + smoke lists, and 5 docs pages with tailark MIT attribution.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…#193)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…split highlight (#194)

Three polish fixes from the pricing-family code review. All visually neutral,
so the just-minted (#193) Linux baselines stay valid.

- PricingEnterprise: validate the logo `href` so non-http(s) values (e.g. a
  `javascript:` payload) are rejected. Inlined rather than reusing
  shared/safeUrls — the embed/form validators there would wrongly reject
  arbitrary customer URLs.
- Mark the decorative feature-list `<Check>` icons aria-hidden across all five
  variants so screen readers don't announce them.
- PricingSplit: derive the highlighted (right) plan from the `featured` flag
  instead of hard-coding plans[1], so marking either plan featured works.
  Mirrored in the PricingSplitDemo twin.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Add stable edge cache headers for crawl metadata and tighten sitemap coverage.
* docs: refresh ROADMAP.md to match current catalog count and remove stale references (#128)

Updates the stale '38 installable page blocks' count to '53 page blocks
across 11 families, with 8 post components in development'. Removes the
'waitlist funnel' reference from the Not Planned section since the waitlist
was removed. Adds a note about analytics collection.

Closes #128

* docs(roadmap): fix stale counts and broken analytics link

- 53 -> 58 installable page blocks (registry.json ships 58; matches site copy)
- 11 -> 12 families (pricing family already shipped via #191)
- drop link to non-existent content/docs/analytics.mdx
- restore "waitlist funnel" to Not Planned (still a documented non-goal)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: highoncomputers <highoncomputers@users.noreply.github.com>
Co-authored-by: Chai Pin Zheng <chaipinzheng@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Ducksss and others added 23 commits June 24, 2026 20:45
…ro-interactions (#211)

- HeroInstallReplay: auto-replay the install choreography when the frame
  re-enters the viewport (IntersectionObserver). Plays once on load, replays
  on a fresh re-entry, idle while sitting still or off-screen, and disabled
  under prefers-reduced-motion — a perf-safe "product loop", not an always-on
  hero animation.
- Add a .hover-lift utility (transform + shadow, transition only) and apply it
  to the framed preview surface and the maintainer-note card for tactile
  micro-interactions.

Layers on top of the existing scroll-reveal + wire-draw scroll animations.
No visual-baseline change: every effect is hover-only or reduced-motion-off,
so the reduced-motion snapshots are untouched.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Add a lightweight ParallaxController (one passive, rAF-throttled scroll
handler) that drifts decorative layers — the hero bloom and the community
dot field — by a clamped fraction of their distance from the viewport
centre. CSS view() timelines can't drive these (they sit inside
overflow-hidden sections that become degenerate scroll containers), so a
minimal JS handler does it: transform-only via translate3d, coalesced to one
rAF per frame, idle when not scrolling, guarded against a zero viewport, and
disabled entirely under prefers-reduced-motion.

Verified the transform varies across a real wheel scroll; reduced-motion
snapshots are unchanged (effect is RM-off), so no baseline regeneration.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…ow it works (#215)

Add a plain "what it is" definition lede, a "Built on shadcn. Finished for
Payload." section (1-of-5 vs 5-of-5 comparison reusing wiringLedger.columns
plus a numbered 01-05 install pipeline), and an explicit community-first/MIT
close to the /about page. Single-file change; reuses existing Section
primitives and site.ts data.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* seo: improve homepage search snippets

* test: align homepage route title expectation

* seo: keep brand homepage title, complete OG/Twitter card

Next does not inherit nested openGraph/twitter fields across route
segments, so the new page-level metadata override silently dropped
og:type, og:site_name, og:locale and twitter:card that the homepage
previously inherited from the root layout. Re-declare them (matching
every sibling page) so the homepage keeps its large-image Twitter card
and complete Open Graph metadata.

Keep the homepage <title> on the established brand string
"Payload Components — fully-wired blocks for Payload CMS".

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Ducksss <58126222+Ducksss@users.noreply.github.com>
Co-authored-by: Chai Pin Zheng <chaipinzheng@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Ducksss <58126222+Ducksss@users.noreply.github.com>
Bumps [semver](https://github.com/npm/node-semver) from 7.7.4 to 7.8.5.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.7.4...v7.8.5)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 7.8.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tailwind-merge](https://github.com/dcastil/tailwind-merge) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: tailwind-merge
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@axe-core/playwright](https://github.com/dequelabs/axe-core-npm) from 4.11.3 to 4.12.1.
- [Release notes](https://github.com/dequelabs/axe-core-npm/releases)
- [Changelog](https://github.com/dequelabs/axe-core-npm/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/dequelabs/axe-core-npm/commits)

---
updated-dependencies:
- dependency-name: "@axe-core/playwright"
  dependency-version: 4.12.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the next-react group with 3 updates: [next](https://github.com/vercel/next.js), [react](https://github.com/facebook/react/tree/HEAD/packages/react) and [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom).


Updates `next` from 16.2.6 to 16.2.9
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.6...v16.2.9)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.2.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: next-react
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: next-react
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: next-react
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sanmaxdev <sanmaxdev@users.noreply.github.com>
Follow-up hardening for the managed PostHog integration (#203):

- Drop the hardcoded fallback project key so forks and unset
  environments no-op instead of phoning home to a baked-in project.
- Only send network events from production hostnames or localhost,
  so Vercel preview deploys never pollute the funnel even if the
  env var is scoped to all environments.
- Document NEXT_PUBLIC_POSTHOG_KEY / NEXT_PUBLIC_POSTHOG_HOST in
  .env.example.

In-page event recording (the e2e contract) is unchanged: events are
still pushed to window.__posthogEvents before any network guard.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
A Get Started page bridging install → admin → live: shows the block already in the Payload admin picker after `add`, with captured admin screenshots (picker + fields) and the live component preview. Also prints a post-install "next steps" hint in the CLI pointing to the admin and the walkthrough.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* site: derive installable and upcoming component counts from catalog data (#131)

Instead of hard-coding '58 installable' and '8 in development' in site copy,
compute the counts from componentEntries and upcomingComponents. The derived
values sit right after the arrays so they can never drift from what the
catalog actually ships.

- Add installablePageCount and upcomingPostCount exports
- componentsIntro now uses a template literal with derived counts
- componentFamilies.pages.countLabel and .posts.countLabel derive from data
- about page intro uses the derived counts instead of hard-coded text
- Existing fumadocs-site.int.spec.ts already asserts against derived values

Closes #131

* test: align catalog count assertions

* feat(site): link upcoming components to request issues

* test: tolerate homepage snapshot renderer drift

* site: keep dev's short catalog intro while deriving the count

#202 carried #200's older base, which reverted dev's deliberately
shortened componentsIntro to the verbose "no skeletons … full
contract" form. Restore dev's short sentence and keep the derived
${installablePageCount} count (the point of the contribution).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test: refresh catalog carry-over homepage baselines

---------

Co-authored-by: highoncomputers <highoncomputers@users.noreply.github.com>
Co-authored-by: Ducksss <58126222+Ducksss@users.noreply.github.com>
Co-authored-by: sanmaxdev <46221775+sanmaxdev@users.noreply.github.com>
Co-authored-by: Chai Pin Zheng <chaipinzheng@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…dary (#241)

Progressively enhance the static WiringNodeMap into an interactive
@xyflow/react graph on motion-enabled desktop: flowing emerald edges,
draggable nodes, hover-to-trace-file spotlight, click-to-pin, CSS-3D tilt,
and a staggered scroll-in reveal. SSR, mobile, and reduced-motion keep the
static map, so crawlers, the geo/llms contract, the axe a11y gate, and the
visual baselines are all unchanged.

- New WiringFlow (motion-gated enhancer, lazy ssr:false), WiringFlowCanvas
  (the graph; pane is aria-hidden with an sr-only content mirror,
  node/edge focus disabled), and wiring-nodes (cards shared with the static
  map so both render identically).
- @xyflow/react added as a devDependency (Next bundles it at build; the
  published CLI still ships only ajv+semver).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Page views were double-counted in GA4: gtag('config') auto-sends one and
trackPageView sent a second 'page_view' event through the shared sink. Route
page views to PostHog only — GA4 and Vercel already auto-track them — using
PostHog's native $pageview event so its web-analytics and paths views
populate. Persist the session distinct_id in localStorage so reloads stitch
to one identity instead of inflating unique-user counts.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…es (#249)

The "exposes docs, catalog, component pages" smoke walk hits ~64 routes, and each
/docs/components/<slug> page embeds a live-preview iframe that compiles a second
route (/components/preview/<slug>). Compiling ~116 routes on demand in one serial
walk overwhelmed `next dev` mid-walk (net::ERR_CONNECTION_RESET, exhausting
retries) as the catalog grew to 58 components.

Block the preview subframe during this smoke test (it only asserts title/h1/
overflow) and navigate with waitUntil:'domcontentloaded'. Full route coverage is
preserved; on-demand compile load roughly halves. Local: all ~64 routes pass in
2.7m with no reset.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…nance ledger (#248)

Re-implemented blocks derived from tailark/blocks (MIT) now carry consistent
attribution, and a new payload-components/PROVENANCE.md records the upstream
item + pinned SHA per derived component after a full drift audit.

- testimonials (6) + pricing (5): source comment + docs footer made consistent
- newly verified derivations attributed: call-to-action-boxed, comparator-grid,
  comparator-table, team-roster
- README acknowledges tailark/blocks; contributing.mdx documents the convention
- audited vs upstream 8eadeb3 — re-implementations, not copies; nothing removed
  or renamed upstream, so no code drift to follow

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Give the hero "Star on GitHub" button a subtle, on-brand shine so it
pulls the eye: glass gloss at rest, a glint that sweeps the face, and
three emerald star twinkles (fitting a Star button) that pop in a
staggered rhythm with two hanging past the pill edge. Hover blooms an
emerald glow, tints the border, and re-fires the glint.

All effects are transform / opacity / background-position on small
elements (no animated blur, no large re-rastering layer), and every
loop parks on an invisible or static end state so the reduced-motion
guard hides the decoration cleanly. Only the brand emerald + white are
used — no new hues.

Co-authored-by: Chai Pin Zheng <pinzheng@reactor.school>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* ci(fix): make release gates exhaustive and bounded

Summary:
- Lint installable source and run E2E against a production build.
- Shard fresh consumer smoke across every registry-backed component.
- Bound subprocesses and guard package publishing from release to npm.

Rationale:
- Remove silent coverage gaps and network-sensitive default tests.
- Reject untrusted tags, non-main commits, and incomplete release gates.

Tests:
- E2E_PORT=3192 pnpm test:release
- pnpm test:pack
- pnpm install --frozen-lockfile

* ci(security): validate release tags before checkout

Summary:
- Run the publish guard from protected main before candidate checkout.
- Read candidate versions from tag objects and verify peeled ancestry.
- Pin the trusted workflow order with real Git-backed test coverage.

Rationale:
- Prevent off-main tags from replacing the guard or running lifecycle code.

Tests:
- release-gate.int.spec.ts (8 passed)
- pnpm lint
- pnpm exec tsc --noEmit
- package-publish.yml YAML parse

* backend(fix): harden component install verification

Summary:
- retain exact Bun lockfile identity in project recovery metadata
- share manifest and registry dependency plans across add and doctor
- repair missing UI dependencies and verify anchored Payload fragments

Rationale:
- prevent healthy state from masking deleted shadcn UI dependencies
- reject commented or unrelated fragment matches during recovery
- preserve idempotent installs without changing public or state schemas

Tests:
- pnpm lint
- pnpm exec tsc --noEmit
- pnpm run test:int
- pnpm build:cli
- pnpm test:pack

* frontend(fix): repair responsive component previews

* frontend(fix): complete responsive preview coverage

* frontend(test): cover responsive component visuals

* frontend(test): strengthen responsive assertions

* frontend(test): prove mobile wiring wrapping

* fullstack(fix): align site metadata and product copy

Add shared blog metadata and sitemap coverage, defer catalog query updates, and align documentation and catalog copy with the actual install pipeline.

* fullstack(fix): centralize site version and pipeline data

* fullstack(test): prove product consistency contracts

Add focused contracts for blog metadata, catalog search behavior, and registry copy. Bind catalog input to local state and remove stale sample-content wording.

* fullstack(test): complete product contract coverage

* fullstack(test): verify catalog search behavior

* fullstack(fix): stabilize catalog search synchronization

* fullstack(fix): remove stale catalog counts

* fullstack(chore): remove stale count exports

* chore: remove internal review artifact

* fix(test): close final release gate regressions

* fix(test): stabilize final release assertions

* fix(build): make package metadata import runtime-safe

* fix(test): stabilize responsive release checks

* fix(test): prove responsive release readiness

* fix(preview): guarantee iframe height synchronization

* fix(preview): recover missed iframe load synchronization

* test(visual): update comparator card baselines

* test(visual): refresh landing reduced-motion baselines

* backend(fix): support nested payload layout blocks

Recognize the current Payload website template's layout field while keeping admin block arrays out of fragment verification. This keeps fresh consumer installs compatible without weakening the anchor boundary.\n\nTests: pnpm exec vitest run --config ./vitest.config.mts tests/int/payload-components-fragment.int.spec.ts

* backend(fix): detect current payload layout field

Inspect the unmasked type literal when distinguishing the real blocks field from admin configuration. This keeps comment-aware matching while supporting the current Payload starter shape.\n\nTests: pnpm exec vitest run --config ./vitest.config.mts tests/int/payload-components-fragment.int.spec.ts

* backend(fix): support generic Pages collection configs

Match Payload's typed Pages collection declaration when locating the layout field, preserving the existing anchor-scoped fragment checks.\n\nTests: pnpm exec vitest run --config ./vitest.config.mts tests/int/payload-components-fragment.int.spec.ts

* backend(fix): bound pricing block database names

Give pricing plan arrays stable short database names so the full registry consumer can initialize Payload without exceeding PostgreSQL's identifier limit.\n\nTests: fragment integration suite passed; fresh consumer build exposed and verified the remaining identifier boundary.

* ci(fix): close pre-merge gate regressions

Summary:
- accept pnpm argument separators in the fresh-smoke shard runner
- provision Bun wherever Bun lockfile integration tests execute
- preserve in-progress catalog queries across filter updates
- source hero component version copy from its manifest

Rationale:
- restore required GitHub checks without weakening their coverage
- prevent filter races and public component-version drift

Tests:
- pnpm lint
- pnpm source:build
- pnpm exec tsc --noEmit
- pnpm run test:int (111 passed, 1 skipped)
- focused catalog Playwright regression (1 passed)

* ci(fix): install bun within allowed action policy

Summary:
- install a pinned Bun CLI from npm in verification and publish jobs
- avoid an unapproved third-party setup action

Rationale:
- keep Bun lockfile integration coverage compatible with repository policy
- prevent workflow startup failures before required jobs execute

Tests:
- release-gate and fresh-smoke integration tests (15 passed)
- workflow YAML parse
- git diff --check

* ci(fix): isolate smoke registry environment

Summary:
- keep the smoke registry override out of shadcn's REGISTRY_URL variable
- assert the four-shard and Bun gate environment in integration tests

Rationale:
- prevent an empty workflow input from corrupting shadcn dependency URLs
- keep local registry smoke deterministic on GitHub runners

Tests:
- release-gate integration tests (8 passed)
- workflow YAML parse
- git diff --check

* ci(fix): pack before consumer scaffolding

Summary:
- build the local package tarball before create-payload-app runs

Rationale:
- prevent nested pnpm scaffolding from corrupting root executable shims
- keep every smoke shard testing the same deterministic artifact

Tests:
- release-gate and fresh-smoke integration tests (15 passed)
- pnpm lint
- pnpm exec tsc --noEmit
- git diff --check

* ci(fix): pack before external smoke tooling

Summary:
- build the local package tarball before direct shadcn and Payload tooling
- pass the immutable artifact into the fresh consumer stage

Rationale:
- prevent nested pnpm commands from corrupting root executable shims
- keep every smoke shard testing the same deterministic artifact

Tests:
- release-gate and fresh-smoke integration tests (15 passed)
- pnpm lint
- pnpm exec tsc --noEmit
- git diff --check

* backend(fix): bound all block database identifiers

Summary:
- assign every shipped block a short unique PostgreSQL database name
- remove redundant nested pricing array database overrides
- enforce the identifier contract across all registry manifests

Rationale:
- prevent Payload-generated enum names from exceeding PostgreSQL limits
- avoid custom nested-array mappings that break Drizzle writes

Tests:
- pnpm lint
- pnpm test:registry (58 items)
- pnpm run test:int (112 passed, 1 skipped)
- pnpm exec tsc --noEmit
- git diff --check

* test(chore): mint Linux visual baselines (components-visual frontend) (#256)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* ci(fix): terminate completed fresh smoke seeds

Summary:
- terminate the generated one-shot seed script after all Payload writes finish
- add an integration regression for database handles keeping the process alive

Rationale:
- Payload keeps its initialized database adapter open after a successful seed
- explicit completion prevents every fresh-consumer shard from timing out

Tests:
- pnpm exec vitest run tests/int/fresh-payload-smoke.int.spec.ts
- pnpm exec vitest run tests/int/release-gate.int.spec.ts
- pnpm lint
- pnpm exec tsc --noEmit
- git diff --check

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Summary:
- Centralize the hero CTA shine and twinkle colors in brand tokens.
- Guard the effect against future absolute color-channel drift.

Rationale:
- Clear the final promotion review issue without visual changes.

Tests:
- pnpm test:release
- CodeRabbit CLI review: 0 issues
- GitHub pr-gate and four fresh-smoke shards
Summary:
- isolate doctor plan failures per component
- restore native mobile navigation link semantics
- document consumer-owned database migrations for copied source
- harden subprocess cleanup and add regression coverage

Rationale:
- clear all actionable findings from the dev-to-main promotion review
- keep existing consumers safe while preserving installer idempotency

Tests:
- pnpm test:release
- required GitHub release, compatibility, smoke, and deployment gates
- CodeRabbit review (0 remaining findings)
Summary:
- document migration requirements for stable Payload field identifiers
- harden subprocess stdin error handling and release-gate contracts
- distinguish deterministic, fresh-consumer, and release validation paths

Rationale:
- prevent silent schema migration risks and unhandled EPIPE failures
- ensure promotion evidence covers the actual production build and all smoke shards

Tests:
- pnpm test:release
- GitHub Registry Verification pr-gate (all release and smoke jobs)
- Vercel deployment previews
Summary:
- promote the complete reviewed dev snapshot to production
- preserve main and dev ancestry in an auditable merge commit

Rationale:
- ship the integration branch atomically after final review and release gates
- keep the promotion tree byte-for-byte identical to dev

Tests:
- pnpm test:release
- GitHub Registry Verification pr-gate
- all four fresh Payload smoke shards
- Vercel deployment previews
Copilot AI review requested due to automatic review settings July 13, 2026 13:40
@vercel

vercel Bot commented Jul 13, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
payload-components Ready Ready Preview, Comment Jul 13, 2026 1:44pm
payload-components-97bf Ready Ready Preview, Comment Jul 13, 2026 1:44pm

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@Ducksss

Ducksss commented Jul 13, 2026

Copy link
Copy Markdown
Owner Author

Superseded by the final full-review remediation. CodeRabbit found five valid issues in the exact promotion diff; I am fixing them on dev with regression coverage before reminting the atomic dev-to-main promotion.

@Ducksss Ducksss closed this Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants