fix: prevent deployment when quality checks fail

.forgejo/workflows/deploy.yml

@@ -29,6 +29,7 @@ jobs:
 
   build-and-deploy:
     runs-on: docker
+    needs: quality
     steps:
       - name: Install tools
         run: apt-get update && apt-get install -y docker.io openssh-client

.prettierignore

@@ -18,3 +18,5 @@ coverage/
 
 pnpm-lock.yaml
 routeTree.gen.ts
+
+.pnpm-store/

apps/api/package.json

@@ -7,7 +7,8 @@
     "dev": "pnpm --filter shared build && pnpm --filter db build && tsx watch src/server.ts",
     "build": "tsc",
     "start": "node dist/src/server.js",
-    "test": "vitest"
+    "test": "vitest",
+    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
     "@lila/db": "workspace:*",

apps/api/src/lib/auth.ts

@@ -4,7 +4,6 @@ import { Resend } from "resend";
 import { db } from "@lila/db";
 import * as schema from "@lila/db/schema";
 
-const resend = new Resend(process.env["RESEND_API_KEY"]);
 const emailFrom = process.env["EMAIL_FROM"] ?? "noreply@lilastudy.com";
 
 export const auth = betterAuth({
@@ -30,6 +29,7 @@ export const auth = betterAuth({
       user: { email: string };
       url: string;
     }) => {
+      const resend = new Resend(process.env["RESEND_API_KEY"]);
       await resend.emails.send({
         from: emailFrom,
         to: user.email,
@@ -48,6 +48,7 @@ export const auth = betterAuth({
       user: { email: string };
       url: string;
     }) => {
+      const resend = new Resend(process.env["RESEND_API_KEY"]);
       await resend.emails.send({
         from: emailFrom,
         to: user.email,

apps/web/package.json

@@ -6,7 +6,8 @@
   "scripts": {
     "dev": "vite",
     "build": "tsc -b && vite build",
-    "preview": "vite preview"
+    "preview": "vite preview",
+    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
     "@lila/shared": "workspace:*",

documentation/backlog.md

@@ -90,9 +90,6 @@ Directionally right, timing is unclear. Revisit when the next/now work is done.
 - **Resolve eslint peer dependency warning** `[debt]`
   `eslint-plugin-react-hooks 7.0.1` expects `eslint ^3.0.0–^9.0.0` but found `10.0.3`. Low impact but worth cleaning up when nearby.
 
-- **husky + lint-staged** `[debt]`
-  Set up husky and lint-staged to run linting and formatting checks before every commit. Prevents CI failures from formatting or lint issues that slipped through locally.
-
 - **OpenAPI documentation for REST endpoints** `[feature]`
   Document the API surface using OpenAPI/Swagger. Covers all REST endpoints with request/response shapes. Useful groundwork for the admin dashboard and any future contributors.
 
@@ -105,6 +102,7 @@ Directionally right, timing is unclear. Revisit when the next/now work is done.
 
 Shipped milestones, newest first.
 
+- **04 - 2026 - husky + lint-staged + CI quality gate** - Pre-commit formatting, pre-push tests, and CI lint/typecheck/test gate before every deploy.
 - **04 - 2026 - t00001 - Docker credential helper**
 - **04 - 2026 - Pin dependencies in package.json** - Unpinned deps in a CI/CD pipeline are a real risk.
 - **04 - 2026 - React error boundaries** - Catch and display runtime errors gracefully instead of crashing the entire app.

documentation/roasts/gameService.md

@@ -1,6 +1,6 @@
 # 🔥 GameService Roast: `apps/api/src/services/gameService.ts`
 
-> *"It works on my machine" is not a scalability strategy.*
+> _"It works on my machine" is not a scalability strategy._
 
 **Project:** lila — Vocabulary Trainer  
 **File Roasted:** `gameService.ts`  
@@ -52,8 +52,7 @@ interface GameSessionStore {
 // Option B: Use Valkey Lua script for atomic read-modify-write
 // Option C: Optimistic locking with version numbers
 
-Priority: 🔴 CRITICAL — Data integrity issue
+Priority: 🔴 CRITICAL — Data integrity issue 2. N+1 Query: Database Performance Bomb
-2. N+1 Query: Database Performance Bomb
 Location: gameService.ts:24-26 + termModel.ts:getDistractors()
 
 // For each of N terms, we call getDistractors():
@@ -65,24 +64,16 @@ const questions: GameQuestion[] = await Promise.all(
 
 Impact Analysis:
 Rounds
-	
 DB Queries
-	
 At 50 concurrent users
 3
-	
 1 + 3 = 4
-	
 200 queries/min
 10
-	
 1 + 10 = 11
-	
 550 queries/min
 20
-	
 1 + 20 = 21
-	
 1,050 queries/min
 Each getDistractors() runs:
 
@@ -97,13 +88,13 @@ Fix: Batch Fetch Distractors
 const allDistractors = await db
 .select({ termId: terms.id, text: translations.text })
 .from(terms)
-  .innerJoin(translations, /* ... */)
+.innerJoin(translations, /_ ... _/)
 .where(and(
 eq(terms.pos, pos),
 eq(translations.difficulty, difficulty),
 inArray(terms.id, termIds), // Batch!
 ))
-  .limit(DISTRACTOR_FETCH_COUNT * termIds.length);
+.limit(DISTRACTOR_FETCH_COUNT \* termIds.length);
 
 // Group by termId in JS, then slice to 3 unique distractors per term
 const distractorsByTerm = groupByTermId(allDistractors);
@@ -134,8 +125,7 @@ if (uniqueDistractors.length < 3) {
 );
 }
 Priority: 🟡 HIGH — Observability & UX issue
-⚠️ High-Severity Smells
+⚠️ High-Severity Smells 4. Code Duplication: Singleplayer vs Multiplayer
-4. Code Duplication: Singleplayer vs Multiplayer
 Compare: gameService.ts vs multiplayerGameService.ts
 // gameService.ts
 const optionTexts = [term.targetText, ...uniqueDistractors.slice(0, 3)];
@@ -172,13 +162,12 @@ export const buildQuestionOptions = (
 };
 };
 
-Priority: 🟡 HIGH — Maintainability issue
+Priority: 🟡 HIGH — Maintainability issue 5. Shuffle Bias: Math.random() Trap
-5. Shuffle Bias: Math.random() Trap
 Location: utils.ts:shuffleArray() + multiplayerGameService.ts:shuffle()
 
 export const shuffleArray = <T>(array: T[]): T[] => {
 for (let i = result.length - 1; i > 0; i--) {
-    const j = Math.floor(Math.random() * (i + 1)); // 🚩 Modulo bias + non-crypto RNG
+const j = Math.floor(Math.random() \* (i + 1)); // 🚩 Modulo bias + non-crypto RNG
 // ...
 }
 };
@@ -241,7 +230,7 @@ it("deletes session after TTL expires", async () => {
 vi.useFakeTimers();
 const session = await createGameSession(validRequest, store, "user-1");
 
-  vi.advanceTimersByTime(31 * 60 * 1000); // 31 minutes
+vi.advanceTimersByTime(31 _ 60 _ 1000); // 31 minutes
 
 await expect(store.get(session.sessionId)).resolves.toBeNull();
 });
@@ -253,11 +242,10 @@ it("uses fallback when <3 unique distractors available", async () => {
 });
 
 Priority: 🟡 HIGH — Prevents regression on critical fixes
-🧼 Code Quality Nitpicks
+🧼 Code Quality Nitpicks 7. Magic Numbers
-7. Magic Numbers
 
 // gameService.ts:52
-await store.create(sessionId, {...}, 30 * 60 * 1000); // What is this?
+await store.create(sessionId, {...}, 30 _ 60 _ 1000); // What is this?
 
 // termModel.ts:65
 .limit(count); // count=6, but why?
@@ -267,7 +255,7 @@ optionId: z.number().int().min(0).max(3), // Why 4 options?
 
 Fix: Centralize in @lila/shared/constants.ts:
 
-export const GAME_SESSION_TTL_MS = 30 * 60 * 1000;
+export const GAME*SESSION_TTL_MS = 30 * 60 \_ 1000;
 export const DISTRACTOR_FETCH_COUNT = 6;
 export const GAME_OPTION_COUNT = 4;
 export const MIN_UNIQUE_DISTRACTORS = 3;
@@ -294,8 +282,6 @@ return Promise.resolve(entry.data as Readonly<GameSessionData>);
    Problem: No logging, no metrics. You're flying blind in production.
    Minimal Fix (5 minutes):
 
-
-
 // apps/api/src/lib/logger.ts
 import pino from "pino";
 export const logger = pino({
@@ -343,6 +329,6 @@ WHERE ...
 LIMIT $1
 
 -- Option C: Random offset (simple, but still scans)
-OFFSET floor(random() * (SELECT count(*) FROM terms WHERE ...))
+OFFSET floor(random() _ (SELECT count(_) FROM terms WHERE ...))
 
 Action: Add a ticket to documentation/tickets/t00009.md now.

documentation/tickets/t00006.md

@@ -84,7 +84,10 @@ Rejected because: for user-owned resources identified by opaque IDs, confirming
 2. `GameSessionStore.ts` — add `userId` to `GameSessionData`:
 
    ```ts
-   export type GameSessionData = { answers: Map<string, number>; userId: string };
+   export type GameSessionData = {
+     answers: Map<string, number>;
+     userId: string;
+   };
    ```
 
 3. `gameService.ts` — add `userId` to both function signatures:
@@ -100,7 +103,11 @@ Rejected because: for user-owned resources identified by opaque IDs, confirming
    Store it on create:
 
    ```ts
-   await store.create(sessionId, { answers: answerKey, userId }, 30 * 60 * 1000);
+   await store.create(
+     sessionId,
+     { answers: answerKey, userId },
+     30 * 60 * 1000,
+   );
    ```
 
    Assert on evaluate:
@@ -114,7 +121,7 @@ Rejected because: for user-owned resources identified by opaque IDs, confirming
 4. `gameController.ts` — extract from authenticated request:
 
    ```ts
-   req.session.user.id
+   req.session.user.id;
    ```
 
 5. `gameRouter.ts` — cast at registration:

documentation/tickets/t00008.md

@@ -27,7 +27,9 @@ Not chosen for this ticket — the database query is in `@lila/db` and is a sepa
 - Filter distractors against the correct answer before building options:
 
   ```ts
-  const uniqueDistractors = distractorTexts.filter((t) => t !== term.targetText);
+  const uniqueDistractors = distractorTexts.filter(
+    (t) => t !== term.targetText,
+  );
   const optionTexts = [term.targetText, ...uniqueDistractors.slice(0, 3)];
   ```
 

package.json

@@ -6,13 +6,13 @@
   "scripts": {
     "build": "pnpm --filter @lila/shared build && pnpm --filter @lila/db build && pnpm --filter @lila/api build",
     "dev": "concurrently --names \"api,web\" -c \"magenta.bold,green.bold\" \"pnpm --filter @lila/api dev\" \"pnpm --filter @lila/web dev\"",
-    "prepare": "husky",
+    "prepare": "husky || true",
     "test": "vitest",
     "test:run": "vitest run",
     "lint": "eslint .",
     "format": "prettier --write .",
     "format:check": "prettier --check .",
-    "typecheck": "tsc --build --noEmit"
+    "typecheck": "pnpm -r typecheck"
   },
   "lint-staged": {
     "**/*.{ts,tsx}": [

packages/db/package.json

@@ -6,7 +6,8 @@
   "scripts": {
     "build": "rm -rf dist && tsc",
     "generate": "drizzle-kit generate",
-    "migrate": "drizzle-kit migrate"
+    "migrate": "drizzle-kit migrate",
+    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
     "@lila/shared": "workspace:*",

packages/shared/package.json

@@ -4,7 +4,8 @@
   "private": true,
   "type": "module",
   "scripts": {
-    "build": "tsc"
+    "build": "tsc",
+    "typecheck": "tsc --noEmit"
   },
   "exports": {
     ".": "./dist/src/index.js"