feat: enforce lint checks as gate for commits and CI (#54)

- Add PHP syntax check to lint-staged via scripts/lint-php.sh
- Add lint:php script to package.json
- Update lint script to include PHP checks
- Create scripts/safe-commit.sh for AI agent use
- Update deploy-test.yml: lint jobs as gate before deploy
- Add branch protection for main requiring status checks
- Update AGENTS.md with pre-commit hook rules for agents

Also addresses #53: CI requires lint checks before merge

Co-authored-by: Claw <claw@openclaw.local>

.gitea/workflows/deploy-test.yml

@@ -6,8 +6,67 @@ on:
       - "feature/**"
 
 jobs:
-  deploy:
+  lint-php:
+    name: PHP Syntax Check
     runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install PHP
+        run: apt-get update -qq && apt-get install -y -qq php-cli > /dev/null 2>&1
+
+      - name: PHP Lint
+        run: |
+          errors=0
+          while IFS= read -r file; do
+            if ! php -l "$file" > /dev/null 2>&1; then
+              echo "❌ Syntax error in $file"
+              php -l "$file"
+              errors=1
+            fi
+          done < <(find . -name "*.php" -not -path "./vendor/*")
+          if [ "$errors" -eq 1 ]; then
+            echo "::error::PHP lint check failed"
+            exit 1
+          fi
+          echo "✅ All PHP files pass syntax check"
+
+  lint-css:
+    name: CSS Lint (stylelint)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node.js & stylelint
+        run: |
+          apt-get update -qq && apt-get install -y -qq npm nodejs > /dev/null 2>&1
+          npm install -g stylelint stylelint-config-standard stylelint-prettier > /dev/null 2>&1
+
+      - name: CSS Lint
+        run: |
+          npx stylelint "**/*.css" --config .stylelintrc.json --allow-empty-input
+          echo "✅ All CSS files pass lint"
+
+  lint-html:
+    name: HTML Lint (htmlhint)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node.js & htmlhint
+        run: |
+          apt-get update -qq && apt-get install -y -qq npm nodejs > /dev/null 2>&1
+          npm install -g htmlhint > /dev/null 2>&1
+
+      - name: HTML Lint
+        run: |
+          npx htmlhint "**/*.html" --config .htmlhintrc
+          echo "✅ All HTML files pass lint"
+
+  deploy:
+    name: Deploy to Test Environment
+    runs-on: ubuntu-latest
+    needs: [lint-php, lint-css, lint-html]
     container:
       volumes:
         - /var/www/test/html:/deploy
@@ -20,6 +79,7 @@ jobs:
           echo "=== Deploying branch: ${{ gitea.ref_name }} ==="
           echo "=== Commit: ${{ gitea.sha }} ==="
           echo "=== By: ${{ gitea.actor }} ==="
+          echo "=== All lint checks passed ✅ ==="
           date
 
       - name: Deploy to test environment
@@ -37,18 +97,18 @@ jobs:
             --exclude='.htmlhintrc' \
             --exclude='.gitignore' \
             --exclude='.dockerignore' \
+            --exclude='.continue' \
             --exclude='Dockerfile' \
             --exclude='nginx.conf' \
             --exclude='eslint.config.js' \
             --exclude='package.json' \
+            --exclude='package-lock.json' \
             --exclude='docs/' \
             --exclude='AGENTS.md' \
             --exclude='README.md' \
+            --exclude='scripts/' \
             ./ /deploy/
           
-          # Set haus-schleusingen.html as index
-          cp /deploy/haus-schleusingen.html /deploy/index.html 2>/dev/null || true
-          
           echo "✅ Deployment complete!"
 
       - name: Set permissions
@@ -64,6 +124,7 @@ jobs:
           echo "=========================================="
           echo "  Branch:  ${{ gitea.ref_name }}"
           echo "  Commit:  ${{ gitea.sha }}"
-          echo "  Target:  http://178.104.150.0/"
+          echo "  Target:  http://178.104.150.0:6427/"
+          echo "  Lint:    ✅ All checks passed"
           echo "  Time:    $(date)"
           echo "=========================================="

AGENTS.md

@@ -1,8 +1,27 @@
 # Agent-Richtlinien für dieses Projekt
 
+## ⚠️ WICHTIG: Pre-Commit Hooks sind Pflicht
+
+**Jeder Commit MUSS die Pre-Commit Lint-Checks durchlaufen. Niemals `--no-verify` verwenden!**
+
+### Für AI-Agents (Claw etc.):
+- Verwende `./scripts/safe-commit.sh "Nachricht"` statt `git commit -m "..."`
+- Das Script garantiert dass lint-staged läuft (PHP, HTML, CSS, JS, Prettier)
+- Wenn ein Linter fehlschlägt: **Fehler beheben, nicht überspringen!**
+- Niemals `git commit --no-verify` verwenden
+
+### Lint-Checks die laufen:
+- **PHP:** `php -l` Syntax-Check (via `scripts/lint-php.sh`)
+- **HTML:** htmlhint
+- **CSS:** stylelint + prettier
+- **JS:** eslint + prettier
+- **JSON/MD:** prettier
+
+---
+
 ## Systemumgebung
 
-- **Betriebssystem: Windows** – Alle Befehle und Pfade müssen Windows-kompatibel sein (z. B. Pfadtrennzeichen `\`, PowerShell-Syntax).
+- **Betriebssystem: Linux** – Befehle und Pfade sind Linux-kompatibel.
 
 ---
 

package.json

@@ -7,12 +7,16 @@
     "lint:html": "htmlhint \"**/*.html\"",
     "lint:css": "stylelint \"css/**/*.css\" \"fonts/**/*.css\" && echo Stylelint: No errors found",
     "lint:js": "eslint \"js/**/*.js\" --ignore-pattern \"**/*.min.js\" && echo ESLint: No errors found",
-    "lint": "npm run lint:html && npm run lint:css && npm run lint:js",
+    "lint": "npm run lint:php && npm run lint:html && npm run lint:css && npm run lint:js",
     "format": "prettier --write \"**/*.{html,css,js,json,md}\" --ignore-path .prettierignore",
     "format:check": "prettier --check \"**/*.{html,css,js,json,md}\" --ignore-path .prettierignore",
-    "prepare": "husky"
+    "prepare": "husky",
+    "lint:php": "find . -name \"*.php\" -not -path \"./vendor/*\" -exec php -l {} \\; > /dev/null 2>&1 && echo \"PHP syntax OK\" || (echo \"PHP lint failed\" && exit 1)"
   },
   "lint-staged": {
+    "*.{php}": [
+      "scripts/lint-php.sh"
+    ],
     "*.{html}": [
       "htmlhint",
       "prettier --write"

scripts/lint-php.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# Pre-commit PHP syntax check for lint-staged
+# Called with staged .php files as arguments
+
+set -euo pipefail
+
+if ! command -v php &>/dev/null; then
+  echo "❌ PHP not found. Install php-cli to commit PHP files."
+  echo "   Ubuntu/Debian: sudo apt-get install php-cli"
+  exit 1
+fi
+
+errors=0
+for file in "$@"; do
+  if ! php -l "$file" >/dev/null 2>&1; then
+    echo "❌ Syntax error in $file"
+    php -l "$file"
+    errors=1
+  fi
+done
+
+if [ "$errors" -eq 1 ]; then
+  echo ""
+  echo "❌ PHP lint failed. Fix errors before committing."
+  exit 1
+fi
+
+echo "✅ PHP syntax OK"

scripts/safe-commit.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# safe-commit.sh – Commit with pre-commit hooks guaranteed to run
+# Usage: ./scripts/safe-commit.sh "commit message"
+#
+# This script ensures lint checks always execute, even when committing
+# from non-interactive contexts (CI, AI agents, etc.).
+
+set -euo pipefail
+
+if [ -z "${1:-}" ]; then
+  echo "❌ Usage: ./scripts/safe-commit.sh \"commit message\""
+  exit 1
+fi
+
+MSG="$1"
+REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$REPO_ROOT"
+
+# Ensure hooks directory exists and is configured
+if [ -d ".husky" ]; then
+  git config core.hooksPath .husky
+fi
+
+# Run lint-staged manually as a safety net (in case hook is skipped)
+if command -v npx &>/dev/null && [ -f "node_modules/.bin/lint-staged" ]; then
+  echo "🔍 Running pre-commit lint checks..."
+  npx lint-staged || {
+    echo ""
+    echo "❌ Lint checks failed. Commit aborted."
+    echo "   Fix the errors above and try again."
+    exit 1
+  }
+  echo "✅ All lint checks passed."
+fi
+
+# Commit with hooks enabled (no --no-verify)
+git commit -m "$MSG"