Skip to content

feat(design): adopt msk-shop design system + CSV export + safe dep bumps#112

Merged
Musiker15 merged 5 commits into
mainfrom
feat/msk-shop-redesign
Jul 13, 2026
Merged

feat(design): adopt msk-shop design system + CSV export + safe dep bumps#112
Musiker15 merged 5 commits into
mainfrom
feat/msk-shop-redesign

Conversation

@Musiker15

Copy link
Copy Markdown
Member

Overview

Throws away the abandoned "Modern Minimal" redesign (ADR 0024) and re-skins the
whole app to look like the sibling msk-shop project, for one consistent MSK
brand across both products. shadcn/ui + Radix stays. Bundles the follow-up work
into one PR as requested: CSV export and the safe dependency bumps.

Still zero-knowledge end to end. Presentation-only for the screens, no logic,
crypto, dnd or Yjs changes.

1. Design system (ADR 0025, supersedes ADR 0024)

  • globals.css: msk-shop tokens + idioms 1:1 (GitHub-Dark surfaces bg #0d1117
    / card #161b22 / border #30363d, MSK green --color-primary #5eb131 dark
    / #4ea426 light, .eyebrow / .msk-card / .msk-btn-* / .container-page /
    .hero-decor-gradient), plus a legacy-alias bridge so the screen migration was
    non-breaking. Every component token is now canonical.
  • Fonts: remove geist, add self-hosted @fontsource-variable/inter +
    jetbrains-mono (no CDN, no build-time fetch, font-src 'self').
  • Theme: next-themes defaultTheme="dark" (matches msk-shop).
  • Primitives: the src/components/ui/* shadcn/Radix set is kept and re-skinned.
  • Screens: all ~40 screens migrated onto the primitives. Native checkboxes,
    selects, file inputs and dnd handles are deliberately left native. Em-dashes
    removed from UI copy.

2. CSV board export (DSGVO Art. 20)

toCsv / downloadCsvExport + an "Export CSV" button next to JSON / Markdown /
Trello. Flat, one row per card, custom fields as columns, RFC-4180 escaping,
UTF-8 BOM for Excel. tests/unit/csv-export.test.ts (5 cases).

3. Dependencies

Safe bumps: prettier 3.9.5, tailwindcss + @tailwindcss/postcss 4.3.2,
eslint-config-next 16.2.10, axe-core 4.12.1, tsx 4.23.1, yjs 13.6.31, plus a
one-off tree reformat. Risky majors left for their own review: nodemailer 9,
@types/node 26, the next group, and the CI action bumps.

Status of the 8 open points

  • CSV export: done. Safe Dependabot bumps: done (majors deferred).
  • eslint 10 / plugin-react 6: still upstream-blocked.
  • Board-column virtualization: kept deferred (WCAG keyboard-drag), per decision.
  • Login-notification geolocation: kept omitted (privacy), per decision.
  • External audit / pentest: external service, readiness doc only.
  • Account-wide bulk export + offline create-from-template: open follow-ups.

Verification

typecheck + lint + 315 unit tests + production build all green. Verified in the
browser via computed-style introspection: --color-primary #5eb131, bg
#0d1117, Inter Variable, green primary buttons and .msk-label.

…024)

Replace the abandoned "Modern Minimal" identity with the msk-shop design
system for one consistent MSK brand across both products: GitHub-Dark
surfaces + MSK green, Inter Variable + JetBrains Mono (self-hosted, no
CDN/telemetry), next-themes default dark. The shadcn/ui + Radix primitive
foundation is kept and re-skinned.

- globals.css: msk-shop tokens + idioms (.eyebrow, .msk-card, .msk-btn-*,
  .container-page, .hero-decor-gradient) plus a legacy-alias bridge so the
  screen migration stays non-breaking
- fonts: remove geist, add @fontsource-variable/inter + jetbrains-mono
- theme-provider: defaultTheme dark (matches msk-shop)
- re-skin ui/ primitives and canonicalise every token across the tree
- migrate the screens onto the primitives (auth, board, card-drawer, views,
  panels, workspaces, account, admin, landing, public); native checkboxes,
  selects, file inputs and dnd handles kept as-is
- remove em-dashes from user-facing copy

typecheck + lint + build green.

Signed-off-by: Musiker15 <info@musiker15.de>
- CLAUDE.md: tech-stack (fonts Inter/JetBrains Mono, design-system = msk-shop,
  next-themes default dark), ADR table (0024 superseded, 0025 accepted),
  header status entry for the redesign
- ADR 0024 marked superseded, its dead mockup reference updated
- remove docs/design/modern-minimal-mockup.html (abandoned direction artifact)

Signed-off-by: Musiker15 <info@musiker15.de>
Adds `toCsv` / `downloadCsvExport` to the board exporter and an "Export CSV"
button next to JSON / Markdown / Trello. Flat, spreadsheet-friendly: one row
per card ordered by column then card position, custom-field definitions as
extra columns, RFC-4180 escaping (comma / quote / newline), UTF-8 BOM so Excel
detects the encoding. Completes the export side of DSGVO Art. 20 portability.

tests/unit/csv-export.test.ts (5 cases). typecheck + lint green.

Signed-off-by: Musiker15 <info@musiker15.de>
Applies the low-risk Dependabot bumps: prettier 3.8.3 -> 3.9.5, tailwindcss +
@tailwindcss/postcss 4.3.0 -> 4.3.2, eslint-config-next 16.2.7 -> 16.2.10,
axe-core 4.11.4 -> 4.12.1, tsx 4.22.3 -> 4.23.1, yjs 13.6.31. Ran
`prettier --write` across src/ + tests/ for the 3.9 formatting so the tree
stays consistent (no per-commit drift via lint-staged).

The risky majors are left for their own review: nodemailer 8 -> 9, @types/node
25 -> 26, the next group, and the actions/cache + actions/checkout CI bumps.

Also fixes a stale unit assertion: the Button primary variant now uses
`var(--color-primary)` (canonical token), not the removed `--color-accent`.

typecheck + lint + 315 tests + build green.

Signed-off-by: Musiker15 <info@musiker15.de>
Two high advisories surfaced by the PR's fresh `pnpm audit --prod
--audit-level=high` run (both published after main's last green CI):

- nodemailer <=9.0.0 (GHSA-p6gq-j5cr-w38f): bump 8.0.10 -> 9.0.1. Our mailer
  only uses createTransport + sendMail (no `raw` message option), so the major
  bump is a no-op for our code; typecheck + tests green.
- hono <4.12.25 (GHSA-88fw-hqm2-52qc): CORS reflect-any-origin, dragged in
  transitively by prisma -> @prisma/dev (dev tooling, not a production path).
  Pinned via a pnpm-workspace.yaml override, next to the existing Hono/Prisma
  one.

`pnpm audit --prod --audit-level=high` now reports no known vulnerabilities.

Signed-off-by: Musiker15 <info@musiker15.de>
@Musiker15
Musiker15 force-pushed the feat/msk-shop-redesign branch from 01b491d to 75fad99 Compare July 13, 2026 06:46
@Musiker15 Musiker15 self-assigned this Jul 13, 2026
@Musiker15
Musiker15 merged commit c414f46 into main Jul 13, 2026
9 checks passed
@Musiker15
Musiker15 deleted the feat/msk-shop-redesign branch July 13, 2026 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant