.forgejo/workflows/deploy.yml

@@ -29,7 +29,6 @@ jobs:
 
   build-and-deploy:
     runs-on: docker
-    needs: quality
     steps:
       - name: Install tools
         run: apt-get update && apt-get install -y docker.io openssh-client

.prettierignore

@@ -18,5 +18,3 @@ coverage/
 
 pnpm-lock.yaml
 routeTree.gen.ts
-
-.pnpm-store/

apps/api/package.json

@@ -7,8 +7,7 @@
     "dev": "pnpm --filter shared build && pnpm --filter db build && tsx watch src/server.ts",
     "build": "tsc",
     "start": "node dist/src/server.js",
-    "test": "vitest",
+    "test": "vitest"
-    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
     "@lila/db": "workspace:*",

apps/api/src/lib/auth.ts

@@ -4,6 +4,7 @@ import { Resend } from "resend";
 import { db } from "@lila/db";
 import * as schema from "@lila/db/schema";
 
+const resend = new Resend(process.env["RESEND_API_KEY"]);
 const emailFrom = process.env["EMAIL_FROM"] ?? "noreply@lilastudy.com";
 
 export const auth = betterAuth({
@@ -29,7 +30,6 @@ export const auth = betterAuth({
       user: { email: string };
       url: string;
     }) => {
-      const resend = new Resend(process.env["RESEND_API_KEY"]);
       await resend.emails.send({
         from: emailFrom,
         to: user.email,
@@ -48,7 +48,6 @@ export const auth = betterAuth({
       user: { email: string };
       url: string;
     }) => {
-      const resend = new Resend(process.env["RESEND_API_KEY"]);
       await resend.emails.send({
         from: emailFrom,
         to: user.email,

apps/web/package.json

@@ -6,8 +6,7 @@
   "scripts": {
     "dev": "vite",
     "build": "tsc -b && vite build",
-    "preview": "vite preview",
+    "preview": "vite preview"
-    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
     "@lila/shared": "workspace:*",

documentation/backlog.md

@@ -90,6 +90,9 @@ Directionally right, timing is unclear. Revisit when the next/now work is done.
 - **Resolve eslint peer dependency warning** `[debt]`
   `eslint-plugin-react-hooks 7.0.1` expects `eslint ^3.0.0–^9.0.0` but found `10.0.3`. Low impact but worth cleaning up when nearby.
 
+- **husky + lint-staged** `[debt]`
+  Set up husky and lint-staged to run linting and formatting checks before every commit. Prevents CI failures from formatting or lint issues that slipped through locally.
+
 - **OpenAPI documentation for REST endpoints** `[feature]`
   Document the API surface using OpenAPI/Swagger. Covers all REST endpoints with request/response shapes. Useful groundwork for the admin dashboard and any future contributors.
 
@@ -102,7 +105,6 @@ Directionally right, timing is unclear. Revisit when the next/now work is done.
 
 Shipped milestones, newest first.
 
-- **04 - 2026 - husky + lint-staged + CI quality gate** - Pre-commit formatting, pre-push tests, and CI lint/typecheck/test gate before every deploy.
 - **04 - 2026 - t00001 - Docker credential helper**
 - **04 - 2026 - Pin dependencies in package.json** - Unpinned deps in a CI/CD pipeline are a real risk.
 - **04 - 2026 - React error boundaries** - Catch and display runtime errors gracefully instead of crashing the entire app.

documentation/roasts/gameService.md

@@ -1,6 +1,6 @@
 # 🔥 GameService Roast: `apps/api/src/services/gameService.ts`
 
-> _"It works on my machine" is not a scalability strategy._
+> *"It works on my machine" is not a scalability strategy.*
 
 **Project:** lila — Vocabulary Trainer  
 **File Roasted:** `gameService.ts`  
@@ -52,7 +52,8 @@ deleteAnswer(sessionId: string, questionId: string): Promise<boolean>;
 // Option B: Use Valkey Lua script for atomic read-modify-write
 // Option C: Optimistic locking with version numbers
 
-Priority: 🔴 CRITICAL — Data integrity issue 2. N+1 Query: Database Performance Bomb
+Priority: 🔴 CRITICAL — Data integrity issue
+2. N+1 Query: Database Performance Bomb
 Location: gameService.ts:24-26 + termModel.ts:getDistractors()
 
 // For each of N terms, we call getDistractors():
@@ -64,16 +65,24 @@ const distractorTexts = await getDistractors(term.termId, ...); // 🚩 N querie
 
 Impact Analysis:
 Rounds
+	
 DB Queries
+	
 At 50 concurrent users
 3
+	
 1 + 3 = 4
+	
 200 queries/min
 10
+	
 1 + 10 = 11
+	
 550 queries/min
 20
+	
 1 + 20 = 21
+	
 1,050 queries/min
 Each getDistractors() runs:
 
@@ -88,13 +97,13 @@ Fix: Batch Fetch Distractors
 const allDistractors = await db
   .select({ termId: terms.id, text: translations.text })
   .from(terms)
-.innerJoin(translations, /_ ... _/)
+  .innerJoin(translations, /* ... */)
   .where(and(
     eq(terms.pos, pos),
     eq(translations.difficulty, difficulty),
     inArray(terms.id, termIds), // Batch!
   ))
-.limit(DISTRACTOR_FETCH_COUNT \* termIds.length);
+  .limit(DISTRACTOR_FETCH_COUNT * termIds.length);
 
 // Group by termId in JS, then slice to 3 unique distractors per term
 const distractorsByTerm = groupByTermId(allDistractors);
@@ -125,7 +134,8 @@ throw new UnprocessableEntityError(
   );
 }
 Priority: 🟡 HIGH — Observability & UX issue
-⚠️ High-Severity Smells 4. Code Duplication: Singleplayer vs Multiplayer
+⚠️ High-Severity Smells
+4. Code Duplication: Singleplayer vs Multiplayer
 Compare: gameService.ts vs multiplayerGameService.ts
 // gameService.ts
 const optionTexts = [term.targetText, ...uniqueDistractors.slice(0, 3)];
@@ -162,12 +172,13 @@ correctOptionId
   };
 };
 
-Priority: 🟡 HIGH — Maintainability issue 5. Shuffle Bias: Math.random() Trap
+Priority: 🟡 HIGH — Maintainability issue
+5. Shuffle Bias: Math.random() Trap
 Location: utils.ts:shuffleArray() + multiplayerGameService.ts:shuffle()
 
 export const shuffleArray = <T>(array: T[]): T[] => {
   for (let i = result.length - 1; i > 0; i--) {
-const j = Math.floor(Math.random() \* (i + 1)); // 🚩 Modulo bias + non-crypto RNG
+    const j = Math.floor(Math.random() * (i + 1)); // 🚩 Modulo bias + non-crypto RNG
     // ...
   }
 };
@@ -230,7 +241,7 @@ it("deletes session after TTL expires", async () => {
   vi.useFakeTimers();
   const session = await createGameSession(validRequest, store, "user-1");
   
-vi.advanceTimersByTime(31 _ 60 _ 1000); // 31 minutes
+  vi.advanceTimersByTime(31 * 60 * 1000); // 31 minutes
   
   await expect(store.get(session.sessionId)).resolves.toBeNull();
 });
@@ -242,10 +253,11 @@ mockGetDistractors.mockResolvedValue(["same", "same", "same", "same"]);
 });
 
 Priority: 🟡 HIGH — Prevents regression on critical fixes
-🧼 Code Quality Nitpicks 7. Magic Numbers
+🧼 Code Quality Nitpicks
+7. Magic Numbers
 
 // gameService.ts:52
-await store.create(sessionId, {...}, 30 _ 60 _ 1000); // What is this?
+await store.create(sessionId, {...}, 30 * 60 * 1000); // What is this?
 
 // termModel.ts:65
 .limit(count); // count=6, but why?
@@ -255,7 +267,7 @@ optionId: z.number().int().min(0).max(3), // Why 4 options?
 
 Fix: Centralize in @lila/shared/constants.ts:
 
-export const GAME*SESSION_TTL_MS = 30 * 60 \_ 1000;
+export const GAME_SESSION_TTL_MS = 30 * 60 * 1000;
 export const DISTRACTOR_FETCH_COUNT = 6;
 export const GAME_OPTION_COUNT = 4;
 export const MIN_UNIQUE_DISTRACTORS = 3;
@@ -282,6 +294,8 @@ return Promise.resolve(entry.data as Readonly<GameSessionData>);
 Problem: No logging, no metrics. You're flying blind in production.
 Minimal Fix (5 minutes):
 
+
+
 // apps/api/src/lib/logger.ts
 import pino from "pino";
 export const logger = pino({ 
@@ -329,6 +343,6 @@ WHERE ...
 LIMIT $1
 
 -- Option C: Random offset (simple, but still scans)
-OFFSET floor(random() _ (SELECT count(_) FROM terms WHERE ...))
+OFFSET floor(random() * (SELECT count(*) FROM terms WHERE ...))
 
 Action: Add a ticket to documentation/tickets/t00009.md now.

documentation/tickets/t00006.md

@@ -84,10 +84,7 @@ Rejected because: for user-owned resources identified by opaque IDs, confirming
 2. `GameSessionStore.ts` — add `userId` to `GameSessionData`:
 
    ```ts
-   export type GameSessionData = {
+   export type GameSessionData = { answers: Map<string, number>; userId: string };
-     answers: Map<string, number>;
-     userId: string;
-   };
    ```
 
 3. `gameService.ts` — add `userId` to both function signatures:
@@ -103,11 +100,7 @@ Rejected because: for user-owned resources identified by opaque IDs, confirming
    Store it on create:
 
    ```ts
-   await store.create(
+   await store.create(sessionId, { answers: answerKey, userId }, 30 * 60 * 1000);
-     sessionId,
-     { answers: answerKey, userId },
-     30 * 60 * 1000,
-   );
    ```
 
    Assert on evaluate:
@@ -121,7 +114,7 @@ Rejected because: for user-owned resources identified by opaque IDs, confirming
 4. `gameController.ts` — extract from authenticated request:
 
    ```ts
-   req.session.user.id;
+   req.session.user.id
    ```
 
 5. `gameRouter.ts` — cast at registration:

documentation/tickets/t00008.md

@@ -27,9 +27,7 @@ Not chosen for this ticket — the database query is in `@lila/db` and is a sepa
 - Filter distractors against the correct answer before building options:
 
   ```ts
-  const uniqueDistractors = distractorTexts.filter(
+  const uniqueDistractors = distractorTexts.filter((t) => t !== term.targetText);
-    (t) => t !== term.targetText,
-  );
   const optionTexts = [term.targetText, ...uniqueDistractors.slice(0, 3)];
   ```
 

package.json

@@ -6,13 +6,13 @@
   "scripts": {
     "build": "pnpm --filter @lila/shared build && pnpm --filter @lila/db build && pnpm --filter @lila/api build",
     "dev": "concurrently --names \"api,web\" -c \"magenta.bold,green.bold\" \"pnpm --filter @lila/api dev\" \"pnpm --filter @lila/web dev\"",
-    "prepare": "husky || true",
+    "prepare": "husky",
     "test": "vitest",
     "test:run": "vitest run",
     "lint": "eslint .",
     "format": "prettier --write .",
     "format:check": "prettier --check .",
-    "typecheck": "pnpm -r typecheck"
+    "typecheck": "tsc --build --noEmit"
   },
   "lint-staged": {
     "**/*.{ts,tsx}": [

packages/db/package.json

@@ -6,8 +6,7 @@
   "scripts": {
     "build": "rm -rf dist && tsc",
     "generate": "drizzle-kit generate",
-    "migrate": "drizzle-kit migrate",
+    "migrate": "drizzle-kit migrate"
-    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
     "@lila/shared": "workspace:*",

packages/shared/package.json

@@ -4,8 +4,7 @@
   "private": true,
   "type": "module",
   "scripts": {
-    "build": "tsc",
+    "build": "tsc"
-    "typecheck": "tsc --noEmit"
   },
   "exports": {
     ".": "./dist/src/index.js"