Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.

Release: merge development into beta#45

Open
github-actions[bot] wants to merge 77 commits into
betafrom
development
Open

Release: merge development into beta#45
github-actions[bot] wants to merge 77 commits into
betafrom
development

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Automated PR to sync development changes to beta for beta release.

Merging this PR will trigger the beta release workflow.

Reminder: Add a major, minor, or patch label to this PR to control the version bump. Default is patch.

Move all Docusaurus config, src, and static files from docusaurus/
into docs/. Switch to the company-wide reusable documentation
workflow. Update editUrl reference accordingly.
@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report

Repository ConductionNL/nldesign
Commit 796c4ee
Branch 45/merge
Event pull_request
Generated 2026-03-19 19:05 UTC
Workflow Run https://github.com/ConductionNL/nldesign/actions/runs/23312024709

Summary

Group Result
PHP Quality PASS
Vue Quality PASS
Security PASS
License PASS
PHPUnit PASS
Newman SKIP

PHP Quality

Tool Result
lint PASS
phpcs PASS
phpmd PASS
psalm PASS
phpstan PASS
phpmetrics PASS

Vue Quality

Tool Result
eslint PASS
stylelint PASS

Security

Ecosystem Result
composer PASS
npm PASS

License Compliance

Ecosystem Result
composer PASS
npm PASS

composer dependencies (100 total)

Metric Count
Approved (allowlist) 100
Approved (override) 0
Denied 0

npm dependencies (7 total)

Metric Count
Approved (allowlist) 5
Approved (override) 2
Denied 0

PHPUnit Tests

PHP Nextcloud Result
Overall PASS

Code coverage: 0% (0 / 24 statements)

Integration Tests (Newman)

Newman integration tests were not enabled for this run.


Generated automatically by the Quality workflow.

Download the full PDF report from the workflow artifacts.

@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report

Repository ConductionNL/nldesign
Commit 452ede8
Branch 45/merge
Event pull_request
Generated 2026-03-19 21:37 UTC
Workflow Run https://github.com/ConductionNL/nldesign/actions/runs/23318045149

Summary

Group Result
PHP Quality PASS
Vue Quality PASS
Security PASS
License PASS
PHPUnit PASS
Newman SKIP

PHP Quality

Tool Result
lint PASS
phpcs PASS
phpmd PASS
psalm PASS
phpstan PASS
phpmetrics PASS

Vue Quality

Tool Result
eslint PASS
stylelint PASS

Security

Ecosystem Result
composer PASS
npm PASS

License Compliance

Ecosystem Result
composer PASS
npm PASS

composer dependencies (100 total)

Metric Count
Approved (allowlist) 100
Approved (override) 0
Denied 0

npm dependencies (7 total)

Metric Count
Approved (allowlist) 5
Approved (override) 2
Denied 0

PHPUnit Tests

PHP Nextcloud Result
Overall PASS

Code coverage: 0% (0 / 24 statements)

Integration Tests (Newman)

Newman integration tests were not enabled for this run.


Generated automatically by the Quality workflow.

Download the full PDF report from the workflow artifacts.

- Add status: implemented frontmatter to 13 specs missing it
- Rename '## ADDED Requirements' to '## Requirements' in all specs and archives
All specs moved from openspec/specs/ to openspec/changes/ with proper
proposal.md as the entry point. Follows the spec-driven workflow:
proposal -> design -> specs -> tasks
All 20 active changes processed:
- admin-settings, component-tokens, css-architecture,
  custom-css-overrides, docs-content, extended-token-sets,
  hide-slogan, menu-labels, nextcloud-variable-mapping,
  nl-design, prometheus-metrics, theming-sync-dialog,
  theming-sync, token-editor-ui, token-import-export,
  token-set-apply-dialog, token-set-dropdown, token-sets,
  token-sync-workflow, vng-token-set

For each change:
- Generated design.md and tasks.md (all tasks marked done)
- Updated 7 enriched specs to implemented status
- Synced all 20 specs to openspec/specs/
- Archived all 20 changes with date prefix
Adds a features overview document for the NL Design theming app, covering
39+ token sets, token editor UI, CSS architecture, theming sync, import/export,
and government design standard compliance (NL Design System, WCAG 2.1 AA).
[Docs] Feature overview with GEMMA/TEC standards
@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report

Repository ConductionNL/nldesign
Commit 1652e7f
Branch 45/merge
Event pull_request
Generated 2026-03-23 21:38 UTC
Workflow Run https://github.com/ConductionNL/nldesign/actions/runs/23461372774

Summary

Group Result
PHP Quality PASS
Vue Quality PASS
Security PASS
License PASS
PHPUnit PASS
Newman SKIP

PHP Quality

Tool Result
lint PASS
phpcs PASS
phpmd PASS
psalm PASS
phpstan PASS
phpmetrics PASS

Vue Quality

Tool Result
eslint PASS
stylelint PASS

Security

Ecosystem Result
composer PASS
npm PASS

License Compliance

Ecosystem Result
composer PASS
npm PASS

composer dependencies (100 total)

Metric Count
Approved (allowlist) 100
Approved (override) 0
Denied 0

npm dependencies (7 total)

Metric Count
Approved (allowlist) 5
Approved (override) 2
Denied 0

PHPUnit Tests

PHP Nextcloud Result
Overall PASS

Code coverage: 0% (0 / 24 statements)

Integration Tests (Newman)

Newman integration tests were not enabled for this run.


Generated automatically by the Quality workflow.

Download the full PDF report from the workflow artifacts.

@github-actions

github-actions Bot commented Apr 9, 2026

Copy link
Copy Markdown
Contributor Author

Quality Report

Repository ConductionNL/nldesign
Commit acbb095
Branch 45/merge
Event pull_request
Generated 2026-04-09 09:48 UTC
Workflow Run https://github.com/ConductionNL/nldesign/actions/runs/24183659733

Summary

Group Result
PHP Quality PASS
Vue Quality PASS
Security PASS
License PASS
PHPUnit PASS
Newman SKIP
Playwright SKIP

PHP Quality

Tool Result
lint PASS
phpcs PASS
phpmd PASS
psalm PASS
phpstan PASS
phpmetrics PASS

Vue Quality

Tool Result
eslint PASS
stylelint PASS

Security

Ecosystem Result
composer PASS
npm PASS

License Compliance

Ecosystem Result
composer PASS
npm PASS

composer dependencies (100 total)

Metric Count
Approved (allowlist) 100
Approved (override) 0
Denied 0

npm dependencies (7 total)

Metric Count
Approved (allowlist) 5
Approved (override) 2
Denied 0

PHPUnit Tests

PHP Nextcloud Result
Overall PASS

Code coverage: 0% (0 / 24 statements)

Integration Tests (Newman)

Newman integration tests were not enabled for this run.

E2E Tests (Playwright)

Playwright E2E tests were not enabled for this run.


Generated automatically by the Quality workflow.

Download the full PDF report from the workflow artifacts.

rubenvdlinde and others added 3 commits April 16, 2026 13:20
- Create l10n/en.json with 58 identity-mapped keys
- Create l10n/nl.json with 58 Dutch translations
- Keys collected from js/admin.js and templates/settings/admin.php
Update all translation keys to use sentence case (only first letter capitalized)
instead of title case. Keys changed:
- "Add Groups" → "Add groups"
- "Active Collections" → "Active collections"
- "API Key" → "API key"
- And 400+ similar keys across all apps

Sentence case for keys improves consistency and readability while preserving
proper English grammar in translated values.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…asset only) (#58)

The central Quality workflow (ConductionNL/.github#34) now publishes SBOMs
exclusively as release assets — see SECURITY.md "Software Bill of Materials".

This PR cleans up the per-app remnants:
- delete .github/workflows/sbom.yml (the central job replaces it)
- delete the checked-in sbom.cdx.json (release asset is the source of truth)
- gitignore SBOM files so future generations don't accidentally land in repo

Stable URL for clients:
  https://github.com/ConductionNL/nldesign/releases/latest/download/sbom.cdx.json

Co-authored-by: SBOM Cleanup <ops@conduction.nl>
@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ e0b6c18

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 7/7
PHPUnit
Newman ⏭️
Playwright ⏭️

Coverage: 0% (0/24 statements)


Quality workflow — 2026-05-01 11:51 UTC

Download the full PDF report from the workflow artifacts.

…nduction.nl

Mirrors the openregister docs migration (ConductionNL/openregister#1444)
and the mydash one before it. The docs site now inherits brand defaults
(tokens, Navbar/Footer swizzles, KvK/BTW copyright, hex-watermark hero)
and gets a brand-aligned landing page composed from <DetailHero> +
<WidgetShelf>.

- docs/docusaurus.config.js — rewritten to call createConfig() from
  @conduction/docusaurus-preset. Keeps nldesign-specific bits: NL+EN
  i18n, mermaid theme, custom prism themes, Documentation+GitHub navbar
  items. Footer reduced to the brand "Conduction" column via
  baseFooterLinks().filter(...). minigames: false to drop the
  canal-footer mini-games on this product-doc surface.
- docs/package.json + docs/package-lock.json — adds
  @conduction/docusaurus-preset@^1.4.3.
- docs/src/pages/index.js — replaces the homepage with <DetailHero>
  (design-palette icon, orange accent, Install/Docs/GitHub CTAs) + a
  3-card <WidgetShelf> (type scale, colour palette, component variants).
  Authored as .js not .mdx to avoid the docs-plugin/pages-plugin scan
  collision.
- docs/static/CNAME — nldesign.app -> nldesign.conduction.nl.
- .github/workflows/documentation.yml — cname: updated to
  nldesign.conduction.nl.

Production docs URL moves from https://nldesign.app to
https://nldesign.conduction.nl.
feat(docs): adopt @conduction/docusaurus-preset + move to nldesign.conduction.nl
@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ 33bfd61

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 7/7
PHPUnit
Newman ⏭️
Playwright ⏭️

Coverage: 0% (0/24 statements)


Quality workflow — 2026-05-07 20:51 UTC

Download the full PDF report from the workflow artifacts.

Bumps preset to 1.5.1 (DetailHero background='cobalt' variant + full-bleed clip-path fix). Cobalt panel now extends across the full viewport width matching the brand product-page identity used on https://mydash.conduction.nl/.
feat(docs): cobalt hero on landing (preset 1.5.1)
@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ e5323e2

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 7/7
PHPUnit
Newman ⏭️
Playwright ⏭️

Coverage: 0% (0/24 statements)


Quality workflow — 2026-05-07 21:25 UTC

Download the full PDF report from the workflow artifacts.

@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ 13c6474

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 7/7
PHPUnit
Newman ⏭️
Playwright ⏭️

Coverage: 0% (0/24 statements)


Quality workflow — 2026-05-12 22:09 UTC

Download the full PDF report from the workflow artifacts.

@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ b568281

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 7/7
PHPUnit
Newman ⏭️
Playwright ⏭️

Coverage: 0% (0/24 statements)


Quality workflow — 2026-05-12 22:29 UTC

Download the full PDF report from the workflow artifacts.

@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ 902a18c

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer
npm ✅ 7/7
PHPUnit ⏭️
Newman ⏭️
Playwright ⏭️

Quality workflow — 2026-05-25 19:32 UTC

Download the full PDF report from the workflow artifacts.

@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ 7a5f386

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 7/7
PHPUnit ⏭️
Newman ⏭️
Playwright ⏭️

Quality workflow — 2026-05-25 23:50 UTC

Download the full PDF report from the workflow artifacts.

@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ 53a8423

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 7/7
PHPUnit
Newman ⏭️
Playwright ⏭️

Coverage: 0% (0/24 statements)


Quality workflow — 2026-05-26 04:32 UTC

Download the full PDF report from the workflow artifacts.

@github-actions

Copy link
Copy Markdown
Contributor Author

Quality Report — ConductionNL/nldesign @ 8deadb7

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm ✅ 7/7
PHPUnit
Newman ⏭️
Playwright ⏭️

Coverage: 0% (0/24 statements)


Quality workflow — 2026-05-26 05:04 UTC

Download the full PDF report from the workflow artifacts.

- Add Playwright test suite covering all testable UI scenarios across 5
  specs: admin-settings, token-editor-ui, token-import-export,
  theming-sync-dialog, and token-set-apply-dialog (32 tests, all pass)
- Annotate 13 whole-spec @e2e exclude markers for pure backend/CSS/docs
  specs (component-tokens, css-architecture, custom-css-overrides,
  docs-content, extended-token-sets, hide-slogan, menu-labels,
  nextcloud-variable-mapping, nl-design, prometheus-metrics, theming-sync,
  token-set-dropdown, token-sets, token-sync-workflow, vng-token-set)
- Annotate per-scenario @e2e exclude markers for untestable scenarios in
  the 5 UI-surface specs (non-admin session, API internals, file mutations)
- Fix TokenSetPreviewService wrong CSS paths (css/defaults.css →
  css/systems/nldesign/defaults.css, css/overrides.css →
  css/systems/nldesign/overrides.css) — caused tokenset-preview endpoint
  to always return resolved:[] making the apply dialog never appear
- Fix missing .nldesign-dialog-overlay CSS (position: fixed, inset: 0,
  z-index: 10000) and .nldesign-dialog-actions sticky positioning so the
  Cancel button is reachable in the viewport during tests
- Gate-19 result: 0 uncovered, 31 covered, 408 excluded (439 total)
test: Gate-19 e2e spec-coverage — 0 uncovered (32 tests pass)
…CS/PHPMD/Psalm/Stylelint

Gate-1 (SPDX): add SPDX-License-Identifier + SPDX-FileCopyrightText inside docblock
  for all 18 PHP files in lib/; fix @license tag to include URL.

Gate-5 (route-auth): replace @AuthorizedAdminSetting docblock annotations with
  PHP8 #[AuthorizedAdminSetting(Admin::class)] attributes on all 11 SettingsController
  and 4 OverridesController public methods.

Gate-14 (route-reachability): consolidate overrides routing — removed duplicate
  getOverrides/setOverrides from SettingsController, changed routes.php to point
  overrides#getOverrides and overrides#setOverrides to OverridesController (which is
  the canonical implementation). Frontend calls /settings/overrides unchanged.

PHPCS: fix named-parameters sniff (parent::__construct, private method calls),
  inline ternary in HealthController, alignment issues (phpcbf auto-fixed).

PHPMD: fix ElseExpression in HealthController, add @SuppressWarnings(StaticAccess)
  for OCP\Server::get() and rename $customOverridesService → $overridesSvc in
  MetricsController. Refactor TokenRegistry::getTokens() (137 lines → 8 lines) by
  delegating to 4 private per-tab helpers, eliminating ExcessiveMethodLength.

Psalm: suppress OCA\Theming\{ImageManager,ThemingDefaults} UndefinedClass in
  psalm.xml — these are NC peer-app classes always loaded at runtime. Also suppress
  OCA\NLDesign\Settings\Admin (PHP8 attribute argument, resolved at runtime).

Stylelint: merge duplicate .nldesign-dialog-actions selectors in css/admin.css
  (lines 181+193 merged into single definition).
…lint

fix: bring CI green - SPDX auth attributes routes PHPCS PHPMD Psalm Stylelint
… specs

Adds spec-coverage stubs for the 15 openspec specs that had no corresponding
e2e test file. Each file documents per-scenario @e2e exclude annotations
(backend/CSS/API/CI scenarios) and includes a UI smoke test where a testable
DOM surface exists on the admin theming page.

Gate-19 result: 0 uncovered, 14 real UI tests, 425 legitimately excluded
across all 20 specs.
…ADR decisions (#132)

Closes #116 — removed `* { font-family: ... !important }` universal selector
(and the duplicate `body *, #app * ...` block) from theme.css and the large
universal list in element-overrides.css. Font is now applied via body +
key containers without !important; form elements targeted explicitly. This
prevents clobbering icon fonts, monospace code editors, and consumer-app
components that declare their own font-family. ADR-CSS-001 documented in
css-architecture spec.

Closes #117 (partial) — removed the most egregious !important usages on
generic font declarations. Remaining !important declarations are the
essential/structural category (NC variable remappings, accessibility focus
rules). ADR-CSS-002 documents the policy: !important only for essential
structural overrides and accessibility rules. Full sweep of remaining ~250
declarations deferred to a follow-up PR to avoid risky bulk changes.

Closes #127 — audited all 33 --nldesign-component-* tokens defined in
defaults.css but not consumed by any stylesheet; marked each with
/* reserved */ comment and added a file-level explanation. Prevents silent
pruning and documents that these tokens must not be removed.

Closes #128 — added "HOW FALLBACKS WORK" documentation block to
utrecht-bridge.css explaining that incomplete token sets silently fall back
to Utrecht/Rijkshuisstijl defaults, and how to debug using DevTools.

Closes #131 — added explicit ADR comment to --nldesign-color-focus explaining
the deliberate rgba exception to the solid-colours brand rule (WCAG 2.4.7/2.4.11
accessibility rationale). ADR-CSS-003 documented in css-architecture spec.
…d assets (#133)

Closes #118 — xxllnc primary/hover were translucent (#000000ad/#80);
replaced with solid #000000/#333333 to comply with brand solid-colour rule
and guarantee WCAG AA contrast on any background.

Closes #119 — typo --nldesign-color-succes (missing 's') left success color
undefined in the xxllnc set; corrected to --nldesign-color-success in both
the nldesign and xxllnc palette sections. Same fix for alert-succes variants.

Closes #120 — docs/static/img/logo.svg still used legacy cobalt #4376FC;
replaced with canonical #21468B (Dutch flag blue, retired 2026-05-13).

Closes #121 — all three app icon files contained an opacity="0.3" rect
violating the solid-colours brand rule; replaced with a proper MDI
palette-swatch glyph: fill="#fff" 24×24 for app.svg, no-fill for
app-dark.svg, #21468B hexagon + white glyph for app-store.svg.

Closes #124 — css/fonts/ was an unreferenced duplicate of
css/systems/nldesign/fonts/; deleted all 8 font files (~2 MB of dead weight).

Closes #125 — nederland-logo.svg and nederland-map.svg were byte-identical;
only nederland-logo.svg is referenced (rijkshuisstijl.css); deleted the
duplicate nederland-map.svg and the stale nederland-map-backup.svg.
…ion, preview palette (#134)

Closes #122 — SettingsController::setTokenSet was instantiating a new
TokenSetService via `new TokenSetService(appManager:)` instead of using
the already-injected $this->tokenSetService. Removed the ad-hoc new call
and the unused IAppManager constructor parameter.

Closes #126 — MetricsController and HealthController carried @NoCSRFRequired
but not @publicpage; Prometheus scrapers and uptime monitors received 401.
Added #[PublicPage] attribute to both index() methods so automated
monitoring can reach these endpoints without admin credentials.

Closes #123 — admin.js had a hardcoded 9-entry preview palette, leaving
~31 token sets with a stale preview. Replaced with getPreviewColors()
which reads primary_color from the already-parsed tokenSetsData (sourced
from token-sets.json via data-token-sets attribute). Removed hardcoded map.

Closes #129 — data-token-sets JSON in admin.php was rendered without safe
HTML encoding flags; replaced json_encode() with json_encode(..., JSON_HEX_TAG
| JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT) to prevent attribute
truncation if token set names contain special characters.

Closes #130 — importOverrides() lacked extension and MIME-type validation;
added explicit .css extension check and server-side mime_content_type()
validation (accepting text/css, text/plain, application/octet-stream) in
validateUploadedFile().
- M1: buildDeclarationLines now rejects values containing {, }, ;, /* or */
  via an up-front guard, preventing CSS injection through admin token overrides.
  Strip set also extended as belt-and-suspenders.
- L1: Admin::getForm injects TokenSetService via constructor (no more `new`);
  Application::injectThemeCSS fetches DesignSystemService and CustomOverridesService
  from the server container instead of constructing them manually.
- L2: HealthController::index now uses injected IConfig instead of
  \OCP\Server::get(IConfig::class) static service-locator call.
- L3: CustomOverridesService::parseDeclarations delegates to CssParserService
  (injected via constructor) — removes the duplicate :root-block parse logic.
…les (M2+L4) (#136)

7 municipality token CSS files had unresolved Style-Dictionary reference tokens
(e.g. {dinkelland.color.primary}) that were synced verbatim from upstream but
never post-processed — these produce invalid CSS declarations that browsers
silently discard. Commenting them out makes the intent explicit and prevents
the CSS sanitizer (M1) from rejecting them if read back through the editor.

Files fixed: dinkelland, epe, leiden, noaberkracht, noordwijk, tubbergen, xxllnc.
Total: 29 placeholder lines commented out across 7 files.

L4: noaberkracht.css and token-sets.json both reference legacy #4376fc
(retired Conduction cobalt, 2026-05-13). Added TODO comments flagging the
need for upstream municipality verification before changing the value.
test(e2e): add Playwright spec-coverage for all 15 remaining openspec specs
Fixes CVE-2026-48808, CVE-2026-48805, CVE-2026-46636, CVE-2026-48806,
CVE-2026-48807 — all twig/twig sandbox bypass/regression issues fixed
in 3.27.0.

Twig was transitive (via edgedesign/phpqa). Added explicit require-dev
pin ^3.27.0 to prevent regression on future composer update runs.
composer audit now reports clean.
fix(security): bump twig/twig to ^3.27.0 (5 CVEs)
- css/admin.css: add .nldesign-dialog-overlay / .nldesign-dialog / actions
  classes used by the apply-dialog and theming-sync dialogs (centered modal
  with sticky action footer, primary/cancel buttons).
- lib/Service/TokenSetPreviewService.php: relocate defaults.css /
  overrides.css to css/systems/nldesign/ to match the design-system
  directory layout.
- appinfo/info.xml: version bump 0.1.3-unstable.6 -> .8 (NC immutable
  Cache-Control bust).
…omplete-translations

# Conflicts:
#	css/admin.css
…lations

feat: dialog-overlay CSS + token path refactor
…lly (#139)

C1: Replace external HTTP URL references in 4 municipality token-set CSS files
(noaberkracht, dinkelland, leiden, tubbergen) with locally-bundled SVG logos
under img/logos/. Every page-load was leaking user IP + referrer to third-party
municipal origins. Placeholder SVGs created for the 3 municipalities without
previously-bundled assets; leiden.svg was already present.

C2: Add !/js/admin.js exception to .gitignore. /js/ was gitignored as a build
artifact but js/admin.js (979 lines, hand-authored) is tracked. Without the
exception, git clean -fdx would silently delete it from fresh checkouts.

Fixes: /tmp/triage-nldesign-nctemplate.md C1, C2
- PHPCS: phpcbf auto-fixed equals-sign alignment in Settings/Admin.php
- PHPStan: migrate Admin from ISettings to IDelegatedSettings so
  #[AuthorizedAdminSetting(Admin::class)] satisfies the class-string<IDelegatedSettings>
  constraint; add getName() + getAuthorizedAppConfig() implementations;
  remove unused $appManager property and constructor parameter
- gate-1 spdx-headers: add @copyright 2026 Conduction B.V. to all 18
  lib/ PHP files (gate checks for * @copyright docblock tag); phpcbf
  re-aligned category/package/link tags for consistency
fix: make composer check:strict pass on development
…ooter-bg

tubbergen.css:203 had --nldesign-component-page-footer-background-image pointing
to https://www.tubbergen.nl/…/footer-bg.svg. Wave-3 swept logo variables and
fixed dinkelland's equivalent footer-bg with unset, but missed this one.
Set to unset with the same privacy/availability comment as dinkelland.css.

css/ now has zero non-logo url(https://…) references.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant