Resolve PR 868 catalogue rebase

[ashleyshaw]

General Pull Request

Linked issues

Relates to #868

Changelog

Added

• None.

Changed

• Rebased the catalogue audit branch onto the fixed search branch.
• Kept the shared catalogue routing aligned with the search/filter implementation.

Fixed

• Catalogue navigation now follows the shared catalogue route consistently.
• Search and filter behaviour stays aligned with the shared matcher path.

Removed

• None.

---

Risk Assessment

Risk Level: Low

Potential Impact:

This is an audit/rebase PR for catalogue routing and search alignment. The main risk is a regression in catalogue discovery or a mismatch with the shared search behaviour.

Mitigation Steps:

• Rebased onto the fixed search branch.
• Verified the relevant website build and search utility tests during the branch work.
• Kept the change scope limited to the audit branch rebase.

---

How to Test

Prerequisites

• Run the website locally from the current branch state.

Test Steps

1. Open /c/tools/ and confirm the catalogue page renders correctly.
2. Use the text search and tag chips on a catalogue page.
3. Trigger header search on the home page and confirm the popup opens.

Expected Results

• Catalogue pages use the shared filtering behaviour.
• Search results and catalogue filters stay in sync.
• The search popup opens and closes consistently.

Edge Cases to Verify

• Empty search returns the default popular items list.
• Multi-word searches match expected content.
• Keyboard navigation works in the search popup.
• Catalogue filters clear correctly.
• Mobile layout remains usable.

---

Checklist (Global DoD / PR)

• All AC met and demonstrated
• Tests added/updated (unit/E2E as appropriate)
• Accessibility checklist completed (where relevant):
  • Semantic HTML and heading order verified
  • Keyboard navigation and visible focus states verified
  • ARIA used only where needed
  • Contrast and non-colour cues reviewed (WCAG 2.2 AA)
• Docs/readme/changelog updated (if user-facing)
• Frontmatter updated where applicable (last_updated and version)
• I have reviewed and applied the downstream override policy (or linked an approved exception)
• Security checklist completed (where relevant):
  • Untrusted input validated and sanitised
  • Output escaped for its rendering context
  • Privileged actions enforce nonce and capability checks
  • No secrets/sensitive data introduced; OWASP risks reviewed
• Code/design reviews approved
• CI green; linked issues closed; release notes prepared (if shipping)
• Risk assessment completed above
• Testing instructions provided above

References

• Contribution Guidelines
• Branching Strategy
• Automation & Workflows
• Pull Request Labelling
• Saved Replies
• Labeler Config
• Labels
• Issue Types

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

Release Notes

• Documentation

  • Updated branching strategy documentation with exception for temporary audit replay branches.

• Refactor

  • Streamlined component styling through CSS cleanup and reorganisation.
  • Added new overlay styling token to support both light and dark themes.

• Tests

  • Added test suite for branch name validation to ensure expected naming patterns are supported and invalid formats are properly rejected.

Walkthrough

This PR introduces audit replay branch support to enforce temporary branch naming conventions, updates website styling with a new overlay token, and cleans up component-scoped hero image styles across two page templates.

Changes

Audit Replay Branch Support

Layer / File(s)	Summary
Branch validation policy documentation docs/BRANCHING_STRATEGY.md	Version bumped to v1.4, documented the temporary audit replay branch exception (pr-<number>-audit), and illustrated the updated validation workflow.
Branch validator implementation and tests scripts/validation/validate-branch-name.js, scripts/validation/__tests__/validate-branch-name.test.js	Added AUDIT_BRANCH_PATTERN regex to permit audit branches, integrated it into the validation allow-list, updated error messaging to document the allowed format, and created test cases verifying acceptance of pr-<number>-audit names and rejection of malformed alternatives.

Website Styling Updates

Layer / File(s)	Summary
Overlay scrim token definition website/src/styles/site-tokens.css	Introduced --overlay-scrim CSS custom property with light-mode RGBA value rgba(9, 9, 9, 0.55) and dark-mode override rgba(0, 0, 0, 0.65).
Component hero style removal website/src/components/WapuuHero.astro, website/src/pages/c/[cat].astro	Removed component-scoped styles for .page-hero-wapuu (dimensions and media query) and .page-hero-inner/.page-hero-text (layout rules).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• lightspeedwp/.github#894: Adds styling references to the --overlay-scrim token that is introduced in this PR.

Suggested reviewers

• krugazul

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title partially relates to the changeset as it mentions the PR reference and rebase context, but it doesn't clearly convey the main technical changes (branch validation, CSS tokens, component refactoring).	Consider a more specific title that highlights the primary change—for example: 'Allow audit replay branches and align catalogue routing' to better represent the scope.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description follows the template structure with linked issues, changelog sections, risk assessment, testing instructions, and completed checklists, making it largely complete and well-documented.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch pr-868-audit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Template check passed after update. Thanks for fixing the PR description.

[github-actions]

🔍 Reviewer Summary for PR #895

CI Status: ✅ success
Files changed: 8
Risk Distribution: 0 critical, 1 high, 5 medium, 2 low

Recommendations

• Ready to proceed pending human review

---

[gemini-code-assist]

Code Review

This pull request introduces a new search utility (search-utils.js) that implements normalized search matching, tokenization, and scoring/ranking, which is integrated into the search palette and category pages. While these search enhancements are excellent, the PR introduces critical layout regressions due to the accidental removal of essential styles in WapuuHero.astro and [cat].astro. Additionally, feedback is provided to improve the search scoring logic for word boundaries, fix highlighting mismatches with punctuation, avoid redundant split-and-join operations, and prevent accessibility issues when toggling the inert attribute on background elements.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The current highlight implementation splits the text using the raw query string. If the query contains punctuation or different spacing (e.g., "open-source"), it won't match the actual text (e.g., "Open Source"), resulting in no highlighting even though the item was matched and ranked. Splitting the query into tokens and highlighting any of the matched tokens resolves this mismatch.

Suggested change

	function highlight(text, q) {
	if (!q.trim()) return escapeHtml(text);
	const safe = q.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
	const parts = text.split(new RegExp(`(${safe})`, 'gi'));
	return parts.map((p, i) => i % 2 === 1 ? `<mark>${escapeHtml(p)}</mark>` : escapeHtml(p)).join('');
	const safe = q.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
	const parts = text.split(new RegExp(`(${safe})`, "gi"));
	return parts
	.map((p, i) =>
	i % 2 === 1 ? `<mark>${escapeHtml(p)}</mark>` : escapeHtml(p),
	)
	.join("");
	}
	function highlight(text, q) {
	const tokens = getSearchTokens(q);
	if (tokens.length === 0) return escapeHtml(text);
	const pattern = tokens.map((t) => t.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")).join("|");
	const parts = text.split(new RegExp("(" + pattern + ")", "gi"));
	return parts
	.map((p, i) =>
	i % 2 === 1 ? "<mark>" + escapeHtml(p) + "</mark>" : escapeHtml(p),
	)
	.join("");
	}

[gemini-code-assist]

Blindly setting and removing the inert attribute on all children of document.body can break the accessibility state of other elements on the page that were already meant to be inert (e.g., other background modals or drawers). Using a temporary tracking attribute like data-search-inert ensures we only restore the interactivity of elements that we explicitly made inert.

  Array.from(document.body.children).forEach((child) => {
    if (child !== root && !child.hasAttribute("inert")) {
      child.setAttribute("inert", "");
      child.setAttribute("data-search-inert", "");
    }
  });
}

function close() {
  root.setAttribute("hidden", "");
  document.body.classList.remove("search-open");
  Array.from(document.body.children).forEach((child) => {
    if (child.hasAttribute("data-search-inert")) {
      child.removeAttribute("inert");
      child.removeAttribute("data-search-inert");
    }
  });

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 518cb0f65d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Require every search token to match

When the palette calls rankSearchItems(ITEMS, query), a multi-word query now keeps any item with a non-zero score, so an item that only mentions one token from a query like release workflow is included and can occupy one of the 12 returned slots. The previous palette logic required every word to match, so multi-word searches no longer reliably narrow results; filter out items unless each token appears in at least one searchable field before sorting by score.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/BRANCHING_STRATEGY.md`:
- Around line 176-178: The workflow example regex for BRANCH currently allows
pr-<number>-audit but omits the codex prefix; update the pattern used in the
conditional that tests "$BRANCH" (the long regex in the second line) to include
codex alongside the other allowed prefixes so codex/* branches pass when copied
into CI, ensuring it matches the validator/allowed-prefix list used elsewhere in
the docs; modify only the regex token list (add "codex") in the conditional that
begins with if [[ ! "$BRANCH" =~ ^(feat|fix|... to keep the example consistent
with the validator and the earlier list.

In `@scripts/validation/__tests__/validate-branch-name.test.js`:
- Around line 1-6: The test file has a jsdom pragma causing lint no-undef errors
with CommonJS require; switch the Jest environment to Node (replace or remove
the "`@jest-environment` jsdom" directive) so the suite runs in Node where
require("child_process") and require("path") (spawnSync and path) are valid, or
alternatively remove the pragma entirely if the default is Node; update the top
of the file accordingly so the require(...) calls (spawnSync and path) no longer
trigger lint errors.
- Around line 11-13: The spawnSync helper currently inherits the parent
environment causing flakiness; update the spawnSync call that invokes
process.execPath with [scriptPath, "--branch", branchName] to pass an explicit
env option that isolates environment variables (e.g., env: { PATH:
process.env.PATH, NODE_ENV: "test", CI: "true" }) so tag-related or other
external vars cannot short-circuit the validator; change the call that
references spawnSync/process.execPath/scriptPath/branchName to include this
controlled env object.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 36af1baa-7218-4224-8b3f-b36d3b52d0e9

📥 Commits

Reviewing files that changed from the base of the PR and between 6f305d1 and baf1854.

📒 Files selected for processing (6)

• docs/BRANCHING_STRATEGY.md
• scripts/validation/__tests__/validate-branch-name.test.js
• scripts/validation/validate-branch-name.js
• website/src/components/WapuuHero.astro
• website/src/pages/c/[cat].astro
• website/src/styles/site-tokens.css

💤 Files with no reviewable changes (2)

• website/src/components/WapuuHero.astro
• website/src/pages/c/[cat].astro

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Testing
• GitHub Check: check
• GitHub Check: coderabbit-gate

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{php,js,jsx,ts,tsx,css,scss,html}

📄 CodeRabbit inference engine (AGENTS.md)

Follow WordPress Coding Standards (CSS, HTML, JavaScript, PHP) and inline-documentation standards at all times

Files:

• website/src/styles/site-tokens.css
• scripts/validation/validate-branch-name.js
• scripts/validation/__tests__/validate-branch-name.test.js

**/*.{php,html,css,scss}

📄 CodeRabbit inference engine (CLAUDE.md)

Ensure WCAG 2.2 AA minimum accessibility compliance with semantic HTML, keyboard support, and sufficient contrast

Files:

• website/src/styles/site-tokens.css

**/*.md

📄 CodeRabbit inference engine (.github/instructions/markdown.instructions.md)

**/*.md: Use one H1 (#) per file; keep heading levels sequential (never skip from H2 to H4)
Use fenced code blocks with explicit language tags (bash, yaml, markdown, etc.)
Keep links relative for in-repo files; verify they resolve before merging
Use 1. for ordered lists and - for unordered lists
Keep all wording in UK English (optimise, organisation, colour, behaviour, analyse)
Do not add a references: frontmatter field — use inline links or a footer section instead
Blank lines before and after headings, code blocks, and block-level elements
Maximum line length: 120 characters (soft limit; prefer wrapping at natural sentence boundaries)
All .md files in this repository should include YAML frontmatter with required fields: file_type, title, description, version, last_updated, owners, tags, status, stability, domain
Every image (![]()) must have descriptive alt text explaining the image's purpose, not its appearance. Empty alt (![ ]()) is valid only for purely decorative images
Link text must describe the destination — never use 'click here', 'read more', or bare URLs as visible text
Every table must have a header row (| Header |). Avoid merged cells
Use headings to communicate document structure, not for visual styling
Do not rely on colour alone to convey information in diagrams or callout blocks
Mermaid diagrams must include accTitle and accDescr attributes for accessibility
Specify language in frontmatter; use plain language, avoid jargon where possible

Files:

• docs/BRANCHING_STRATEGY.md

**/docs/**/*.md

⚙️ CodeRabbit configuration file

**/docs/**/*.md: Review documentation files:

• Ensure markdown is linted and formatted per project style guides.
• Flag illogical folder structures, file naming, or misplaced content.
• Confirm documentation is up to date, accurate, and cross-referenced.
• Ensure accessibility (heading hierarchy, alt text for images, UK English).

Files:

• docs/BRANCHING_STRATEGY.md

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{js,ts,jsx,tsx}: Follow ESLint/Prettier standards for JavaScript and TypeScript files
Avoid unnecessary JavaScript, defer/lazy-load where possible, and prefer native blocks

Files:

• scripts/validation/validate-branch-name.js
• scripts/validation/__tests__/validate-branch-name.test.js

**/*.{js,ts}

⚙️ CodeRabbit configuration file

**/*.{js,ts}: Review JavaScript/TypeScript:

• Ensure code is linted and follows project style guides.
• Check for dead code, unused variables, and clear function naming.
• Validate accessibility and performance optimisations.
• Ensure tests are isolated and do not depend on external state.
• Check for descriptive test names and clear test structure.

Files:

• scripts/validation/validate-branch-name.js
• scripts/validation/__tests__/validate-branch-name.test.js

🧠 Learnings (5)

📚 Learning: 2026-06-03T17:57:58.761Z

Learnt from: CR
Repo: lightspeedwp/.github PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-06-03T17:57:58.761Z
Learning: All PRs must target `develop` by default, NOT `main`. Only `release/*` and `hotfix/*` branches are allowed to merge to `main`.

Applied to files:

• docs/BRANCHING_STRATEGY.md

📚 Learning: 2026-06-03T17:57:58.761Z

Learnt from: CR
Repo: lightspeedwp/.github PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-06-03T17:57:58.761Z
Learning: Before every push, verify the current branch is NOT `main` or `develop` (unless in a release cycle) and follows the `{type}/{scope}-{short-title}` naming pattern

Applied to files:

• docs/BRANCHING_STRATEGY.md
• scripts/validation/validate-branch-name.js

📚 Learning: 2026-06-03T17:57:58.761Z

Learnt from: CR
Repo: lightspeedwp/.github PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-06-03T17:57:58.761Z
Learning: Branch names must follow the format `{type}/{scope}-{short-title}` (lowercase, kebab-case) where `{type}` is one of: feat/, fix/, hotfix/, release/, refactor/, chore/, docs/, test/, perf/, ci/, build/, deps/, security/, revert/, research/, design/, a11y/, ux/, i18n/, ops/

Applied to files:

• docs/BRANCHING_STRATEGY.md
• scripts/validation/validate-branch-name.js

📚 Learning: 2026-06-03T17:57:58.761Z

Learnt from: CR
Repo: lightspeedwp/.github PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-06-03T17:57:58.761Z
Learning: Do NOT use `claude/` as a branch prefix. This is explicitly forbidden under all circumstances.

Applied to files:

• docs/BRANCHING_STRATEGY.md
• scripts/validation/validate-branch-name.js

📚 Learning: 2026-06-03T17:57:58.761Z

Learnt from: CR
Repo: lightspeedwp/.github PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-06-03T17:57:58.761Z
Learning: Use squash merge for all PR merges. Immediately after successful merge, delete the remote branch via `git push origin --delete {branch-name}` and the local branch via `git branch -d {branch-name}`

Applied to files:

• docs/BRANCHING_STRATEGY.md

🪛 ESLint

scripts/validation/__tests__/validate-branch-name.test.js

[error] 5-5: 'require' is not defined.

(no-undef)

---

[error] 6-6: 'require' is not defined.

(no-undef)

🔇 Additional comments (2)

website/src/styles/site-tokens.css (1)

14-14: LGTM!

Also applies to: 48-48

scripts/validation/validate-branch-name.js (1)

47-47: LGTM!

Also applies to: 90-97, 99-106