From 0be92155e8b099e6a90cd3f964991044109d58f4 Mon Sep 17 00:00:00 2001
From: "continue[bot]" <230936708+continue[bot]@users.noreply.github.com>
Date: Fri, 8 May 2026 06:04:55 +0000
Subject: [PATCH 1/5] Add Improve Test Coverage check
---
.continue/checks/improve-test-coverage.md | 7 +++++++
1 file changed, 7 insertions(+)
create mode 100644 .continue/checks/improve-test-coverage.md
diff --git a/.continue/checks/improve-test-coverage.md b/.continue/checks/improve-test-coverage.md
new file mode 100644
index 000000000..7bdc0cf50
--- /dev/null
+++ b/.continue/checks/improve-test-coverage.md
@@ -0,0 +1,7 @@
+---
+name: Improve Test Coverage
+---
+
+Run tests for this repo with coverage reporting (e.g. for vitest, npx vitest run --coverage | head 50). Pick a file that is under-tested and add tests.
+
+Focus on unit, integration, and other backend-esque tests. Only test client components if many other components in the repo are tested. Don't add tests for test files or DB entities/models.
\ No newline at end of file
From 6e46a53c719484844df8a7aac3014b7484aa8988 Mon Sep 17 00:00:00 2001
From: "continue[bot]" <230936708+continue[bot]@users.noreply.github.com>
Date: Fri, 8 May 2026 06:36:46 +0000
Subject: [PATCH 2/5] Add Code Security Review check
---
.continue/checks/code-security-review.md | 370 +++++++++++++++++++++++
1 file changed, 370 insertions(+)
create mode 100644 .continue/checks/code-security-review.md
diff --git a/.continue/checks/code-security-review.md b/.continue/checks/code-security-review.md
new file mode 100644
index 000000000..4f644b628
--- /dev/null
+++ b/.continue/checks/code-security-review.md
@@ -0,0 +1,370 @@
+---
+name: Code Security Review
+description: When a PR is opened, this agent performs a comprehensive security
+ audit for OWASP Top 10 vulnerabilities and security best practices.
+---
+
+## Purpose
+
+Perform a comprehensive security audit of pull request changes, focusing on OWASP Top 10 vulnerabilities, authentication/authorization issues, and security best practices.
+
+## Execution Steps
+
+### 1. Pull Request Analysis
+
+View the changes on the pull request and focus on security-relevant files (authentication, database queries, API endpoints, input handlers, configuration). Read the full content of each changed file to understand context.
+
+### 2. Security Vulnerability Scanning
+
+Scan for the following vulnerability categories:
+
+#### OWASP Top 10 Coverage
+
+**A01: Broken Access Control**
+
+- Missing authentication checks on sensitive endpoints
+- Insecure Direct Object References (IDOR)
+- Privilege escalation vulnerabilities
+- Missing authorization checks (e.g., user can access other users' data)
+- Path traversal vulnerabilities
+
+**A02: Cryptographic Failures**
+
+- Hardcoded secrets (API keys, passwords, tokens)
+- Weak or outdated encryption algorithms
+- Insecure random number generation
+- Sensitive data in logs or error messages
+- Missing encryption for sensitive data
+
+**A03: Injection**
+
+- SQL injection (string concatenation in queries)
+- Command injection (unsanitized input in system commands)
+- NoSQL injection
+- LDAP injection
+- XPath injection
+- Template injection
+
+**A04: Insecure Design**
+
+- Missing rate limiting on authentication/API endpoints
+- Insecure default configurations
+- Missing security headers
+- Insufficient anti-automation measures
+
+**A05: Security Misconfiguration**
+
+- Debug mode enabled in production
+- Verbose error messages exposing system details
+- Default credentials
+- Unnecessary features enabled
+- Missing security patches
+
+**A06: Vulnerable and Outdated Components**
+
+- Outdated dependencies with known CVEs
+- Unmaintained libraries
+- Missing security updates
+
+**A07: Identification and Authentication Failures**
+
+- Weak password policies
+- Missing multi-factor authentication
+- Insecure session management
+- Predictable session IDs
+- Missing account lockout mechanisms
+- Improper credential storage
+
+**A08: Software and Data Integrity Failures**
+
+- Missing integrity checks
+- Insecure deserialization
+- Unsigned or unverified updates
+- Missing CI/CD security
+
+**A09: Security Logging and Monitoring Failures**
+
+- Insufficient logging of security events
+- Sensitive data in logs
+- Missing audit trails
+- No alerting on suspicious activity
+
+**A10: Server-Side Request Forgery (SSRF)**
+
+- Unvalidated URLs
+- Missing URL allowlisting
+- Internal network exposure
+
+#### Additional Security Patterns
+
+**Cross-Site Scripting (XSS)**
+
+- Unescaped output in templates
+- innerHTML usage with user input
+- Missing Content-Security-Policy headers
+- Unsafe sanitization
+
+**Cross-Site Request Forgery (CSRF)**
+
+- Missing CSRF tokens on state-changing operations
+- Missing SameSite cookie attributes
+- Incorrect token validation
+
+**Security Headers**
+
+- Missing X-Frame-Options
+- Missing X-Content-Type-Options
+- Missing Strict-Transport-Security
+- Weak Content-Security-Policy
+
+**Input Validation**
+
+- Missing input validation
+- Insufficient sanitization
+- Type coercion vulnerabilities
+- Regex denial of service (ReDoS)
+
+**Cookie Security**
+
+- Missing HttpOnly flag
+- Missing Secure flag
+- Missing SameSite attribute
+- Overly permissive cookie scope
+
+### 3. Severity Classification
+
+Classify each finding by severity:
+
+**🔴 Critical**
+
+- SQL injection vulnerabilities
+- XSS in sensitive contexts
+- Hardcoded secrets/credentials
+- Authentication bypass
+- Remote code execution
+
+**🟠 High**
+
+- Missing input validation on sensitive operations
+- Weak cryptography
+- Authorization issues
+- Insecure defaults
+- Command injection
+
+**🟡 Medium**
+
+- Missing CSRF protection
+- Insecure cookie configuration
+- Excessive logging of sensitive data
+- Missing rate limiting
+- Outdated dependencies
+
+**🟢 Low**
+
+- Best practice violations
+- Code quality issues with security implications
+- Missing security headers (non-critical)
+- Weak password policies
+
+### 4. Automatic Fixes (Critical/High Only)
+
+For **Critical** and **High** severity issues, implement fixes directly:
+
+**SQL Injection Fixes:**
+
+```typescript
+// Before (vulnerable)
+db.query(`SELECT * FROM users WHERE id = ${userId}`);
+
+// After (fixed)
+db.query("SELECT * FROM users WHERE id = ?", [userId]);
+// or
+db.query("SELECT * FROM users WHERE id = $1", [userId]);
+```
+
+**XSS Fixes:**
+
+```typescript
+// Before (vulnerable)
+element.innerHTML = userInput;
+
+// After (fixed)
+element.textContent = userInput;
+// or use a proper sanitization library
+```
+
+**Hardcoded Secrets Fixes:**
+
+```typescript
+// Before (vulnerable)
+const API_KEY = "sk-1234567890abcdef";
+
+// After (fixed)
+const API_KEY = process.env.API_KEY;
+// Add to .env.example: API_KEY=your_key_here
+```
+
+**Missing Authentication Fixes:**
+
+```typescript
+// Before (vulnerable)
+app.get("/admin/users", (req, res) => {
+ // no auth check
+});
+
+// After (fixed)
+app.get("/admin/users", requireAuth, requireAdmin, (req, res) => {
+ // protected
+});
+```
+
+**Input Validation Fixes:**
+
+```typescript
+// Before (vulnerable)
+const userId = req.params.id;
+
+// After (fixed)
+const userId = parseInt(req.params.id, 10);
+if (isNaN(userId) || userId <= 0) {
+ return res.status(400).json({ error: "Invalid user ID" });
+}
+```
+
+### 5. PR Comment
+
+Post or update a PR comment with findings. Use HTML comment `` to identify the comment for updates.
+
+**Comment Template:**
+
+````markdown
+
+
+## 🛡️ Security Review
+
+### Summary
+
+- **Critical:** X issues (Y fixed automatically)
+- **High:** X issues (Y fixed automatically)
+- **Medium:** X issues (manual review needed)
+- **Low:** X issues (recommendations)
+
+### Automatic Fixes Applied
+
+✅ **Fixed SQL injection vulnerabilities**
+
+- File: `src/routes/users.ts:45`
+- Changed to parameterized queries
+
+✅ **Removed hardcoded API key**
+
+- File: `src/config/api.ts:12`
+- Moved to environment variables
+
+### Issues Requiring Manual Review
+
+#### 🟡 Medium: Missing CSRF Protection
+
+**File:** `src/routes/admin.ts:78`
+**Category:** OWASP A01: Broken Access Control
+
+State-changing POST endpoint missing CSRF token validation.
+
+**Recommendation:**
+
+```typescript
+app.post("/admin/delete-user", csrfProtection, (req, res) => {
+ // Add CSRF middleware
+});
+```
+
+#### 🟢 Low: Missing Security Headers
+
+**File:** `src/server.ts:15`
+**Category:** OWASP A05: Security Misconfiguration
+
+Consider adding security headers using helmet.js:
+
+```typescript
+import helmet from "helmet";
+app.use(helmet());
+```
+
+### Security Checklist
+
+- [x] SQL injection vulnerabilities
+- [x] Hardcoded secrets
+- [ ] CSRF protection on state-changing operations
+- [ ] Security headers configured
+- [ ] Input validation on all user inputs
+- [ ] Authentication required on sensitive endpoints
+
+---
+_Automated by [Code Security Review Agent](https://continue.dev)_
+````
+
+## Detection Patterns
+
+### SQL Injection Detection
+
+Look for:
+
+- String concatenation in database queries: `` `SELECT * FROM ${table}` ``
+- Template literals with variables: `` `WHERE id = ${id}` ``
+- String concatenation with `+`: `"SELECT * FROM users WHERE id = " + userId`
+
+Safe patterns:
+
+- Parameterized queries: `db.query('SELECT * FROM users WHERE id = ?', [id])`
+- ORM methods: `User.findById(id)`
+
+### XSS Detection
+
+Look for:
+
+- `innerHTML` with user input
+- `dangerouslySetInnerHTML` in React
+- Unescaped variables in templates
+- `eval()` with user input
+- `document.write()` with user input
+
+### Hardcoded Secrets Detection
+
+Look for patterns like:
+
+- `password = "..."`
+- `api_key = "sk-..."`
+- `secret = "..."`
+- `token = "ghp_..."`
+- `apiKey: "..."`
+- Private keys in code
+- AWS access keys
+
+Exceptions (not secrets):
+
+- Example/placeholder values in comments
+- Test fixtures with `test_`, `example_`, `fake_` prefixes
+- Documentation
+
+### Authentication Bypass Detection
+
+Look for:
+
+- Routes without authentication middleware
+- `if (isAdmin)` checks without proper validation
+- Direct database queries without user context
+- Missing ownership checks on resource access
+
+## Best Practices
+
+1. **Fix critical issues immediately** - don't wait for manual review
+2. **Be specific in recommendations** - provide exact code snippets
+3. **Update, don't duplicate** - use the HTML comment to update existing comments
+4. **Prioritize by severity** - fix critical/high first
+5. **Consider false positives** - validate findings before reporting
+6. **Check for regressions** - ensure fixes don't break functionality
+7. **Test fixes when possible** - run tests after implementing fixes
+
+```
+
+```
\ No newline at end of file
From aad3026217d20118b8c4342aa018944aa6afe9f0 Mon Sep 17 00:00:00 2001
From: "continue[bot]" <230936708+continue[bot]@users.noreply.github.com>
Date: Fri, 8 May 2026 06:45:55 +0000
Subject: [PATCH 3/5] Add Lighthouse Best Practice Analyzer check
---
.../lighthouse-best-practice-analyzer.md | 361 ++++++++++++++++++
1 file changed, 361 insertions(+)
create mode 100644 .continue/checks/lighthouse-best-practice-analyzer.md
diff --git a/.continue/checks/lighthouse-best-practice-analyzer.md b/.continue/checks/lighthouse-best-practice-analyzer.md
new file mode 100644
index 000000000..a15c5528a
--- /dev/null
+++ b/.continue/checks/lighthouse-best-practice-analyzer.md
@@ -0,0 +1,361 @@
+---
+name: Lighthouse Best Practice Analyzer
+---
+
+## Purpose
+
+Automatically scan repository for console errors using Lighthouse audits, categorize issues, and either commit fixes directly to PRs or create GitHub issues for complex problems requiring manual intervention.
+
+## Execution Steps
+
+### 1. Initial Setup & Lighthouse Audit
+
+- Identify the target environment (staging/preview URL for PR, production for main branch)
+- Run Lighthouse audit with best practices category enabled
+- Focus specifically on console error audits:
+ - `errors-in-console` audit results
+ - `no-console-logs` warnings (development artifacts)
+ - Browser console errors during page load
+
+### 2. Error Collection & Analysis
+
+- Extract all console errors from Lighthouse report
+- Collect error details:
+ - Error message and stack trace
+ - Source file and line number
+ - Error type (TypeError, ReferenceError, NetworkError, etc.)
+ - Context (component/page where error occurred)
+- Group related errors (same root cause)
+
+### 3. Error Triage & Classification
+
+### Category A: Auto-Fixable Issues
+
+- **Leftover console.log/debug statements** → Remove automatically
+- **Undefined variable references** → Add null checks
+- **Missing error boundaries** → Add try-catch or error boundary
+- **Simple typos in code** → Fix directly
+
+### Category B: Requires Investigation
+
+- **Third-party library errors** → Create issue with details
+- **API/Network failures** → Document and create issue
+- **Complex logic errors** → Create issue with reproduction steps
+- **Build/bundling issues** → Create issue with stack trace
+
+### 4. Action Execution
+
+**For Category A (Auto-Fix):**
+
+1. Create a branch if not already on PR branch: `fix/lighthouse-console-errors-{date}`
+2. Apply fixes to affected files
+3. Add HTML marker comments for tracking
+4. Commit with structured message
+5. Update or create PR with checklist
+
+**For Category B (Investigation Required):**
+
+1. Create GitHub issue with detailed template
+2. Add labels: `lighthouse`, `console-error`, `needs-investigation`
+3. Link to Lighthouse report and error context
+
+## File Modification Patterns
+
+### Adding Error Boundaries
+
+```jsx
+// Before
+export default function MyComponent() {
+ return {data.value}
+}
+
+// After
+
+export default function MyComponent() {
+ try {
+ if (!data?.value) return null
+ return {data.value}
+ } catch (error) {
+ console.error('MyComponent error:', error)
+ return Error loading content
+ }
+}
+
+
+```
+
+### Removing Console Statements
+
+```jsx
+// Before
+console.log('Debug info:', someData)
+console.debug('Testing:', value)
+
+// After - removed by lighthouse-console-analyzer
+
+
+```
+
+## Commit Message Format
+
+```
+fix(lighthouse): resolve console errors from audit
+
+Auto-fixed console errors identified by Lighthouse best practices audit:
+
+Category A Fixes:
+- Removed 3 console.log statements in components/Dashboard.tsx
+- Added null check for undefined variable in utils/api.ts
+- Added error boundary to components/UserProfile.tsx
+
+Lighthouse Score Impact:
+- Before: Best Practices Score XX/100
+- After: Best Practices Score YY/100
+- Console errors reduced from N to M
+
+Issues Created:
+- #123: Third-party library error in analytics script
+- #124: Network timeout in API endpoint
+
+
+
+```
+
+## GitHub Issue Template (Category B)
+
+```markdown
+---
+title: "Console Error: {Error Type} in {Component/File}"
+labels: lighthouse, console-error, needs-investigation
+---
+## Error Details
+
+**Detected by:** Lighthouse Best Practices Audit
+**Audit Date:** {timestamp}
+**Environment:** {staging/production URL}
+**Lighthouse Score Impact:** -{X} points
+
+### Error Message
+
+```
+
+{full error message}
+
+```
+
+### Stack Trace
+
+```
+
+{stack trace if available}
+
+```
+
+### Location
+- **File:** `{file path}`
+- **Line:** {line number}
+- **Component/Context:** {component name or page}
+
+### Error Classification
+**Category:** {error type - e.g., Third-party library, Network, Logic}
+**Severity:** {High/Medium/Low based on frequency and impact}
+**Frequency:** {how often error occurs}
+
+### Reproduction Steps
+1. Navigate to {URL}
+2. Open browser console
+3. {specific actions that trigger error}
+4. Observe error in console
+
+### Investigation Needed
+- [ ] Identify root cause
+- [ ] Determine if error affects functionality
+- [ ] Check if error occurs in production
+- [ ] Test potential fixes
+- [ ] Verify fix doesn't break other functionality
+
+### Lighthouse Report
+**Full Report:** {link to Lighthouse report if saved}
+**Related Audits:**
+- errors-in-console: {pass/fail}
+- {other relevant audits}
+
+### Additional Context
+{any other relevant information from Lighthouse or manual inspection}
+
+
+
+```
+
+## PR Comment Template (When Committing Fixes)
+
+```markdown
+## 🔦 Lighthouse Console Error Analysis
+
+**Audit Run:** {timestamp}
+**Branch:** `{branch-name}`
+**Environment Tested:** {URL}
+
+### ✅ Auto-Fixed Issues (Category A)
+
+| File | Issue | Fix Applied |
+|------|-------|-------------|
+| `{file-path}` | {issue description} | {fix description} |
+
+**Total Fixes:** {N} issues resolved automatically
+
+### 📋 Issues Created for Investigation (Category B)
+
+| Issue | Type | Severity | Link |
+|-------|------|----------|------|
+| #{issue-number} | {error type} | {severity} | [View Issue]({url}) |
+
+**Total Issues:** {M} issues require manual investigation
+
+### 📊 Lighthouse Score Impact
+
+| Metric | Before | After | Change |
+|--------|--------|-------|--------|
+| Best Practices | {XX}/100 | {YY}/100 | +{diff} |
+| Console Errors | {N} errors | {M} errors | -{fixed} |
+
+### 🔍 Error Summary
+
+**Types Fixed:**
+- Console.log statements removed: {count}
+- Null checks added: {count}
+- Error boundaries added: {count}
+
+**Types Requiring Investigation:**
+- Third-party errors: {count}
+- Network errors: {count}
+- Logic errors: {count}
+
+### ✓ Verification Checklist
+- [x] Lighthouse audit completed
+- [x] Auto-fixable errors resolved
+- [x] Complex errors documented in issues
+- [x] Code changes reviewed and tested
+- [ ] Verify fixes don't introduce regressions
+
+---
+*Generated by Lighthouse Console Error Analyzer*
+
+
+```
+
+## Detection & Update Logic
+
+### HTML Markers for Tracking
+
+```html
+
+{error handling code}
+
+
+
+
+
+
+
+
+
+```
+
+### Update Existing Markers
+
+When re-running analysis:
+
+1. Check for existing `` markers in PR comments
+2. Update with new results rather than creating duplicate comments
+3. Track resolution status of previously created issues
+
+## Integration Requirements
+
+### Tools Needed
+
+- **Lighthouse CLI** or **PageSpeed Insights API** for audits
+- **GitHub API** for:
+ - Creating issues
+ - Commenting on PRs
+ - Committing fixes to branches
+- **File system access** for reading/modifying source files
+
+### Configuration
+
+```json
+{
+ "lighthouse": {
+ "categories": ["best-practices"],
+ "audits": ["errors-in-console", "no-console-logs"],
+ "throttling": "mobile3G",
+ "output": "json"
+ },
+ "autofix": {
+ "enabled": true,
+ "categories": ["console-logs", "null-checks", "error-boundaries"],
+ "maxChangesPerRun": 10
+ },
+ "issueCreation": {
+ "enabled": true,
+ "labels": ["lighthouse", "console-error", "needs-investigation"],
+ "assignees": []
+ }
+}
+
+```
+
+## Workflow Decision Tree
+
+```
+Run Lighthouse Audit
+ ↓
+Collect Console Errors
+ ↓
+For Each Error:
+ ↓
+ ├─→ Simple/Auto-fixable? (Category A)
+ │ ↓
+ │ Apply fix → Commit to PR
+ │ ↓
+ │ Update PR comment
+ │
+ └─→ Complex/Needs Investigation? (Category B)
+ ↓
+ Create GitHub Issue
+ ↓
+ Link in PR comment
+
+```
+
+## Success Criteria
+
+- ✅ Lighthouse audit runs successfully
+- ✅ All console errors identified and categorized
+- ✅ Auto-fixable issues committed with clear messages
+- ✅ Complex issues documented in GitHub issues with full context
+- ✅ PR updated with comprehensive analysis
+- ✅ Best Practices score improved
+- ✅ No regressions introduced by auto-fixes
+
+## Example Scenarios
+
+### Scenario 1: PR with Console Logs
+
+- **Detected:** 5 console.log statements in dev code
+- **Action:** Auto-remove all 5, commit with lighthouse message
+- **Result:** Clean PR, improved Lighthouse score
+
+### Scenario 2: Third-Party Script Error
+
+- **Detected:** Error from analytics.js library
+- **Action:** Create issue #456 with full error details
+- **Result:** Team investigates vendor integration
+
+### Scenario 3: Mixed Issues
+
+- **Detected:** 3 console.logs + 2 undefined variable errors + 1 network error
+- **Action:**
+ - Auto-fix: Remove logs, add null checks
+ - Create Issue: Document network error
+ - Update PR: Show both actions in summary
\ No newline at end of file
From 9c5a673b9315802d9f45338db84d6a35b6805c4c Mon Sep 17 00:00:00 2001
From: "continue[bot]" <230936708+continue[bot]@users.noreply.github.com>
Date: Fri, 8 May 2026 09:56:36 +0300
Subject: [PATCH 4/5] Add netlify-website-optimizer check (#20)
Co-authored-by: continue[bot] <230936708+continue[bot]@users.noreply.github.com>
---
.continue/checks/netlify-website-optimizer.md | 132 ++++++++++++++++++
1 file changed, 132 insertions(+)
create mode 100644 .continue/checks/netlify-website-optimizer.md
diff --git a/.continue/checks/netlify-website-optimizer.md b/.continue/checks/netlify-website-optimizer.md
new file mode 100644
index 000000000..48fffe767
--- /dev/null
+++ b/.continue/checks/netlify-website-optimizer.md
@@ -0,0 +1,132 @@
+---
+name: netlify-website-optimizer
+model: anthropic/claude-sonnet-4-5
+tools: netlify/netlify-mcp
+---
+
+# Netlify Performance Auditor Agent
+
+## Quick Triage (Do This First)
+
+1. Get deploy URLs from Netlify MCP
+2. Fetch HTML and check total bundle sizes (curl -sI for Content-Length)
+3. Calculate change percentage
+
+**Decision tree:**
+- <10% change → Simple approval, skip deep analysis
+- 10-50% change → Standard analysis
+- >50% change → Full analysis with root cause
+
+**This saves 60-80% of costs on clean PRs.**
+
+## Step 1: Get Deploy URLs
+
+Use Netlify MCP tools:
+
+1. `netlify-project-services-reader` with `get-projects` → Get site ID
+2. `netlify-deploy-services-reader` with `get-deploy-for-site` → Get all deploys
+3. Filter for:
+ - **Production**: `context === 'production'` and `state === 'ready'`
+ - **Preview**: `context === 'deploy-preview'` and `state === 'ready'` (match branch/PR if provided)
+
+Extract: `ssl_url`, `branch`, `commit_ref`, `state`, `published_at`
+
+If preview not ready: Wait 30s, check again (max 5 mins), inform user.
+
+## Step 2: Compare Bundle Sizes
+```bash
+# Get HTML and extract assets
+curl -s '' > index.html
+grep -oP 'src="[^"]+(\.js|\.css)"' index.html
+
+# Get size for each asset
+curl -sI '/path/to/file.js' | grep -i content-length
+```
+
+Calculate totals for JS, CSS, images. Compare production vs preview.
+
+## Step 3: Analyze Issues (Only if >10% increase)
+
+Check these files for common problems:
+
+**vite.config.ts / webpack.config.js:**
+- `minify: false` → 🔴 No minification
+- `treeshake: false` → 🔴 No tree-shaking
+- `sourcemap: true` in production → 🔴 Production sourcemaps
+
+**package.json:**
+- New large dependencies (lodash, moment, etc.) → 🔴 Redundant deps
+- Multiple similar libraries (lodash+underscore, moment+dayjs+date-fns) → 🔴 Duplicates
+
+**netlify.toml:**
+- `Cache-Control: no-cache` → 🔴 No caching
+- Missing headers for `/assets/*` → ⚠️ Suboptimal caching
+
+## Step 4: Generate Report
+
+### For Minor Changes (<10%)
+```markdown
+✅ **APPROVED** - Bundle size change: +15 KB (+3%)
+
+[Production]() vs [Preview]()
+```
+
+### For Significant Changes (10-50%)
+```markdown
+⚠️ **REVIEW NEEDED** - Bundle size: +125 KB (+28%)
+
+**Changes:**
+- JavaScript: +120 KB (new dependency: chart.js)
+- CSS: +5 KB
+
+**Recommendation:** Review if chart.js is necessary.
+
+[Production]() | [Preview]()
+```
+
+### For Critical Issues (>50% or config problems)
+```markdown
+🔴 **BLOCKED** - Bundle size: +426 KB (+174%)
+
+**Critical Issues:**
+
+1. **Minification disabled** (`vite.config.ts:20`)
+ - Fix: `minify: 'terser'`
+ - Impact: -70% bundle size
+
+2. **Redundant dependencies** (`package.json:22-29`)
+ - lodash (528 KB) + moment (232 KB) + date-fns (76 KB)
+ - Fix: Keep only dayjs, remove others
+ - Impact: -800 KB
+
+3. **No caching** (`netlify.toml:21`)
+ - Fix: Add `Cache-Control: public, max-age=31536000` for `/assets/*`
+ - Impact: 90% faster repeat visits
+
+**Expected after fixes:** ~250 KB (+5 KB from production)
+
+[Production]() | [Preview]()
+```
+
+## Blocking Criteria
+
+Block merge if ANY of:
+- Bundle size increase >50%
+- Minification disabled
+- Tree-shaking disabled
+- Production sourcemaps enabled
+- No cache headers configured
+
+## Error Handling
+
+- **Deploy building:** "⏳ Deploy building... checking in 30s. View: [dashboard-url]"
+- **Deploy not found:** List available deploys, ask for branch name
+- **Build failed:** Show error, link to Netlify dashboard
+
+## Tips
+
+- Always compare to production baseline
+- Provide file paths and line numbers for issues
+- Show exact code fixes
+- Focus on actionable items only
+- Skip detailed analysis for clean PRs
\ No newline at end of file
From f0e4c29b447ec60f2d3b548041491a4f1dd3470d Mon Sep 17 00:00:00 2001
From: "continue[bot]" <230936708+continue[bot]@users.noreply.github.com>
Date: Fri, 8 May 2026 06:56:54 +0000
Subject: [PATCH 5/5] Add netlify-website-optimizer check