chore: checkpoint automation and agent setup

Author: Neikon

.devcontainer/devcontainer.json

@@ -0,0 +1,25 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/javascript-node
+{
+	"name": "Node.js",
+	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+	"image": "mcr.microsoft.com/devcontainers/javascript-node:4-24-trixie",
+	"features": {
+		"ghcr.io/devcontainers-extra/features/npm-package:1": {}
+	},
+
+	// Features to add to the dev container. More info: https://containers.dev/features.
+	// "features": {},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	"postCreateCommand": "bash .devcontainer/post-create.sh",
+
+	// Configure tool-specific properties.
+	// "customizations": {},
+
+	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+	// "remoteUser": "root"
+}

.devcontainer/post-create.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if ! command -v jq >/dev/null 2>&1; then
+	sudo apt-get update
+	sudo apt-get install -y jq
+fi
+
+if ! command -v nu >/dev/null 2>&1; then
+	npm install -g nushell
+fi
+
+npm ci

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for more information:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+ - package-ecosystem: "devcontainers"
+   directory: "/"
+   schedule:
+     interval: weekly

.gitignore

@@ -42,6 +42,9 @@ Icon?
 # JetBrains IDEs
 .idea/
 
+# Codex local workspace data
+.codex
+
 # Build output
 /dist/
 /build/
@@ -60,4 +63,3 @@ coverage/
 # Misc
 *.sublime-workspace
 *.sublime-project
-

AGENTS.md

@@ -0,0 +1,19 @@
+# AGENTS
+
+This repository uses this file as the entry point for future coding agents.
+
+Before starting work:
+
+1. Read [MEMORY.md](./MEMORY.md).
+2. Use that file as persistent project context across conversations.
+3. Keep `MEMORY.md` updated manually after any relevant change, decision, blocker, or workflow update.
+
+Operational notes:
+
+- Prefer minimal, reversible changes.
+- Validate with `npm test` for `themes.json` checks.
+- Use `npm run build` when touching generated site assets or source files under `dev/`.
+- When automation changes are introduced, document the intent and impact in `MEMORY.md`.
+- After implementing relevant changes or new functionality, create a commit and push it so work remains traceable and easy to roll back if needed.
+- Never perform a merge without explicit user authorization.
+- Never take actions that could affect the repository's production main branch without explicit user authorization.

MEMORY.md

@@ -0,0 +1,70 @@
+# Persistent Memory
+
+This file stores durable project context so future conversations can resume work with less re-discovery.
+
+## Project Summary
+
+- Repository: `FirefoxCSS-Store.github.io`
+- Purpose: static site that catalogs Firefox `userChrome.css` themes
+- Main data source: `themes.json`
+- Site source: `dev/`
+- Generated site output: `docs/`
+
+## Tooling And Validation
+
+- Package manager: `npm`
+- Build command: `npm run build`
+- Test command: `npm test`
+- Build system: `gulp`
+- Theme validation script: `tests/themes.check.js`
+- Theme metadata refresh script: `scripts/sort_themes.nu`
+- Dev container config: `.devcontainer/devcontainer.json`
+- Devcontainer bootstrap script: `.devcontainer/post-create.sh`
+- Devcontainer automation now runs `.devcontainer/post-create.sh` from `postCreateCommand` to ensure `jq`, `nu`, and project dependencies are installed after container creation/rebuild
+
+## Automation Context
+
+- Active working branch created for automation improvements: `improve-automation`
+- Existing GitHub Actions:
+- `.github/workflows/build.yml`
+- `.github/workflows/check-themes.yml`
+- Current workflows use older action versions and Node 14, which is a likely area for automation modernization
+- Build workflow is manual (`workflow_dispatch`) and commits generated `docs/` output back to the branch
+- PR validation currently runs only when `themes.json` changes
+
+## Repo Notes
+
+- Local `.codex` file is ignored in `.gitignore`
+- Build workflow currently commits generated files back to the branch after `npm run build`
+- Pull requests touching `themes.json` trigger validation via `npm test`
+- Site pages are generated from Pug in `dev/pug/`
+- Client behavior is implemented in `dev/js/main.js`
+- Styles are authored in SCSS under `dev/scss/`
+- Published site assets live in committed `docs/`
+- Local containerized development is configured to install Node, npm, `jq`, and Nushell
+- The devcontainer also runs `npm ci` automatically, so rebuilds recreate `node_modules` without manual setup
+
+## Architecture Snapshot
+
+- `themes.json` is the single catalog source used by the client and copied to `docs/themes.json` during build
+- The frontend is a mostly static site with a small client-side app that fetches `themes.json`, sorts, filters, and renders cards in the browser
+- Gulp handles Pug compilation, SCSS compilation, Babel transpilation, JS minification, image conversion/copy, and config file copying
+- Images from `images/` are emitted to `docs/assets/img/`; many local screenshots are converted to WebP
+- `scripts/sort_themes.nu` enriches theme entries with `pushed_at`, `stargazers_count`, and `avatar` using GitHub/GitLab/Codeberg APIs or git cloning fallback
+
+## Known Technical Risks
+
+- `dev/js/main.js` has a broken explicit lightbox close path: `removeLightbox` uses `getElementsById`, and the close button does not call the function correctly
+- Theme rendering is intentionally throttled with `444ms` per card, which scales poorly for a catalog of 100+ entries
+- Search/filter logic depends on client-side fetch and has no visible loading or error handling
+- Test coverage is narrow: `tests/themes.check.js` validates only basic key order/types and not richer schema or link/image integrity
+- `dev/config/robots.txt` currently disallows all crawlers, which matters if discoverability or SEO becomes a goal
+
+## Working Agreement For Future Sessions
+
+- Read this file before making assumptions about project state
+- Update this file manually when there are relevant decisions, branch changes, automation updates, or persistent blockers
+- Keep entries concise and durable; avoid transient noise
+- Future agents should create a commit and push after implementing relevant changes or new functionality so work stays traceable and reversible
+- Future agents must not merge without explicit user authorization
+- Future agents must not take actions that could affect the production main branch without explicit user authorization