feat(site): add SEO essentials, contact form, early-access banner

[Aureliolo]

Summary

• Add complete SEO infrastructure to the Astro landing page: OG/Twitter Card meta tags, canonical URLs, favicon reference, @astrojs/sitemap integration, robots.txt, and JSON-LD SoftwareApplication structured data
• Add Formcarry-powered contact form (ContactForm.astro) with honeypot anti-spam, response body validation, error logging, and graceful fallbacks
• Add early-access disclaimer banner between Hero and Proof Strip sections
• Add Contact link to Footer community column
• Optimize PageSpeed performance: non-render-blocking Google Fonts via media="print" onload pattern, preconnect to api.github.com
• Fix accessibility: upgrade all text-gray-500 to text-gray-400 for WCAG AA contrast compliance (~7:1 vs ~3.6:1 on dark bg), add persistent underlines to all inline text links (color alone not sufficient)
• Update CLAUDE.md to reflect new site components and SEO infrastructure

Review coverage

Pre-reviewed by 3 agents (docs-consistency, issue-resolution-verifier, silent-failure-hunter). 6 findings addressed:

• CLAUDE.md package structure and documentation entries updated (2 findings)
• ContactForm response body validation added — prevents data loss on false-positive HTTP 200 (1 finding)
• Honeypot false-positive shows fake success instead of dead UI (1 finding)
• Error catch block now logs to console for diagnostics (1 finding)
• DOM element lookups use defensive guards with native form fallback (1 finding)

Test plan

• npm --prefix site run build passes (verified)
• Build output includes sitemap-index.xml, robots.txt, og-image.png
• View page source: confirm OG/Twitter/canonical/favicon/JSON-LD tags
• Early-access banner visible below hero on index page
• Contact form renders with all fields, submission works via Formcarry
• Footer shows Contact link in Community column
• PageSpeed: verify non-render-blocking fonts, preconnect hints
• Accessibility: no text-gray-500 remaining, all inline links underlined

Closes #466

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@astrojs/sitemap	3.7.1	Unknown	Unknown
npm/@types/node	24.12.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 23/28 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/sax	1.2.7	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 23/28 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/arg	5.0.2	🟢 3.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 4 Found 13/29 approved changesets -- score normalized to 4 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/sitemap	9.0.1	🟢 3.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 0 Found 0/11 approved changesets -- score normalized to 0 Maintained 🟢 7 9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/stream-replace-string	2.0.0	🟢 3.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 0 Found 0/14 approved changesets -- score normalized to 0 Maintained ⚠️ 0 project is archived Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/undici-types	7.16.0	🟢 7.9	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 5 Found 14/28 approved changesets -- score normalized to 5 Binary-Artifacts 🟢 8 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 81 contributing companies or organizations

Scanned Files

• site/package-lock.json

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9e6e313f-3dc4-4e44-b938-68746030b035

📥 Commits

Reviewing files that changed from the base of the PR and between 8c167b2 and aec7b30.

📒 Files selected for processing (1)

• CLAUDE.md

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Contact form added to the landing page
  • Early Access Disclaimer section on the homepage

• Updates

  • SEO improvements: sitemap generation, robots.txt, Open Graph/Twitter meta and JSON-LD structured data
  • Footer updated with Contact and Sitemap links
  • Site-wide styling and text color refinements for improved visual consistency

Walkthrough

Adds sitemap integration and robots.txt, injects Open Graph/Twitter/canonical metadata and JSON-LD, introduces a client-side ContactForm component and CONTACT section plus an early‑access disclaimer, and applies small footer and styling adjustments on several site pages.

Changes

Cohort / File(s)	Summary
SEO Config & Public Files site/astro.config.mjs, site/package.json, site/public/robots.txt	Adds @astrojs/sitemap dependency and integration; adds robots.txt referencing https://synthorg.io/sitemap-index.xml. Check build installs and sitemap output path.
Layout / Metadata site/src/layouts/Base.astro	Extends Props with image? and type?, computes ogImageUrl and canonicalUrl, and emits Open Graph, Twitter Card, and canonical tags. Review meta composition and defaults.
Contact Form Component site/src/components/ContactForm.astro	New client-side contact form (honeypot, fetch POST to external form endpoint, success/error UI, ARIA/focus management). Review network endpoint, accessibility, and spam-handling behavior.
Homepage / Structured Data site/src/pages/index.astro	Imports and renders ContactForm, adds CONTACT section and early‑access disclaimer, injects JSON‑LD SoftwareApplication script, and passes description prop to Base. Verify JSON‑LD values and canonical usage.
Footer & Links site/src/components/Footer.astro	Adds "Contact" under Community and "Sitemap" under Legal; minor color class tweak. Confirm link targets.
Get Pages — Styling Tweaks site/src/pages/get/index.astro, site/src/pages/get/view/install-ps1.astro, site/src/pages/get/view/install-sh.astro	Minor class changes (text-gray-500 → text-gray-400) and link decoration adjustments; purely presentational.
Repository Notes CLAUDE.md	Updated summary to reflect added contact form and SEO infrastructure.

Sequence Diagram(s)

sequenceDiagram
    participant User as Browser/User
    participant Form as ContactForm (client)
    participant API as External Form Endpoint

    User->>Form: fill fields + submit
    Form->>Form: honeypot check
    alt honeypot filled
        Form-->>User: show fake success (hide form)
    else honeypot empty
        Form->>API: fetch POST FormData
        API-->>Form: 200 OK (success)
        Form-->>User: reset & show success message (focus)
        note right of Form: on non-OK or network error\nshow error message and restore submit
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• fix: replace slsa-github-generator with attest-build-provenance, fix DAST #424 — Modifies site/src/pages/get/index.astro; overlaps with styling/presentation changes on the same pages.
• feat: add /get/ installation page for CLI installer #413 — Changes Footer and index page components; overlaps with footer links and homepage layout updates.
• docs: set up documentation site, release CI, and sandbox hardening #298 — Previously modified site/astro.config.mjs; related to Astro config and sitemap integration.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the three main changes: SEO infrastructure, contact form, and early-access banner, matching the primary objectives.
Description check	✅ Passed	The description provides a detailed summary of all major changes, pre-review findings, and test plan, directly related to the changeset.
Linked Issues check	✅ Passed	All key objectives from #466 are addressed: OG/Twitter/canonical meta tags, sitemap integration, robots.txt, favicon, JSON-LD, contact form (via Formcarry), and early-access banner are implemented.
Out of Scope Changes check	✅ Passed	All changes are scoped to #466 requirements. Color and styling updates (gray-500 to gray-400) and underline decorations are accessibility/contrast fixes explicitly mentioned in the PR description as WCAG AA compliance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/site-seo-contact

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch feat/site-seo-contact

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the website's functionality, discoverability, performance, and accessibility. It introduces essential SEO elements to improve search engine ranking, adds a robust contact form for user interaction, and includes an early-access banner for clear communication. Furthermore, it addresses critical accessibility concerns by improving color contrast and link visibility, while also boosting page load performance through optimized font loading and preconnection strategies.

Highlights

• SEO Infrastructure: Added comprehensive SEO features to the Astro landing page, including OG/Twitter Card meta tags, canonical URLs, favicon, sitemap integration, robots.txt, and JSON-LD structured data.
• Contact Form: Implemented a Formcarry-powered contact form with honeypot anti-spam, response body validation, error logging, and graceful fallbacks.
• Early-Access Banner: Introduced an early-access disclaimer banner between the Hero and Proof Strip sections of the landing page.
• Accessibility Improvements: Upgraded text colors from text-gray-500 to text-gray-400 for WCAG AA contrast compliance and added persistent underlines to all inline text links.
• Performance Optimizations: Optimized PageSpeed by implementing non-render-blocking Google Fonts and preconnecting to api.github.com.
• Documentation Update: Updated CLAUDE.md to reflect the new site components and SEO infrastructure.

Changelog

• CLAUDE.md
  • Updated the description of the site/ directory to include contact form and SEO infrastructure.
  • Updated the description of components/ to include ContactForm.
• site/astro.config.mjs
  • Configured Astro to use the sitemap integration.
• site/package-lock.json
  • Added @astrojs/sitemap and its transitive dependencies, including @types/node, @types/sax, arg, sitemap, stream-replace-string, and undici-types.
• site/package.json
  • Added @astrojs/sitemap as a new dependency.
• site/public/robots.txt
  • Added a new robots.txt file to guide search engine crawlers and reference the sitemap.
• site/src/components/ContactForm.astro
  • Added a new Astro component for a Formcarry-powered contact form, incorporating client-side honeypot, response validation, and error handling.
• site/src/components/Footer.astro
  • Added a 'Contact' link to the community column.
  • Updated the footer's text color for improved accessibility.
• site/src/layouts/Base.astro
  • Extended component Props to include image and type for dynamic meta tags.
  • Implemented Open Graph and Twitter Card meta tags for social media sharing.
  • Added a canonical URL and favicon link.
  • Included preconnect hints for api.github.com.
  • Optimized Google Fonts loading to be non-render-blocking.
• site/src/pages/get/index.astro
  • Updated various text-gray-500 classes to text-gray-400 for better contrast.
  • Added persistent underlines to inline links for improved accessibility.
• site/src/pages/get/view/install-ps1.astro
  • Updated text-gray-500 class to text-gray-400 for better contrast.
• site/src/pages/get/view/install-sh.astro
  • Updated text-gray-500 class to text-gray-400 for better contrast.
• site/src/pages/index.astro
  • Imported the new ContactForm component.
  • Added an early-access disclaimer banner.
  • Updated multiple text-gray-500 classes to text-gray-400 for accessibility.
  • Added persistent underlines to inline links.
  • Integrated JSON-LD SoftwareApplication structured data.

Activity

• Pre-reviewed by 3 agents (docs-consistency, issue-resolution-verifier, silent-failure-hunter).
• Addressed 6 findings during review, including updates to CLAUDE.md package structure and documentation entries.
• Implemented contact form response body validation to prevent data loss on false-positive HTTP 200 responses.
• Ensured honeypot false-positives show a fake success message instead of a dead UI.
• Added error logging to the console for diagnostics in the contact form's catch block.
• Implemented defensive guards for DOM element lookups in the contact form script, with a native form fallback.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​astrojs/​sitemap@​3.7.1

View full report

[gemini-code-assist]

Code Review

This pull request significantly enhances the landing page by adding essential SEO features, a contact form, and an early-access banner. The implementation of OG/Twitter tags, a sitemap, robots.txt, and JSON-LD data provides a solid foundation for search engine visibility. The performance optimizations, such as non-render-blocking fonts, and the accessibility improvements to color contrast and link visibility are excellent additions.

My review includes a few suggestions to improve code maintainability and type safety in the new ContactForm.astro component and the JSON-LD implementation on the index page. These changes will help keep the codebase clean and consistent as it grows.

[gemini-code-assist]

For better type safety and cleaner code, you can use document.querySelector with a generic type argument instead of document.getElementById. This is a more modern and idiomatic approach in a TypeScript-aware environment like Astro.

After applying this suggestion, you can also remove all the redundant as HTMLFormElement and as HTMLButtonElement type casts within the form.addEventListener block, as the form and submitBtn variables will already have the correct types.

  const form = document.querySelector<HTMLFormElement>("#contact-form");
  const submitBtn = document.querySelector<HTMLButtonElement>("#contact-submit");

[gemini-code-assist]

To avoid duplicating the description string and hardcoding the site URL in your JSON-LD schema, it's a good practice to define the description in the frontmatter and pass it as a prop to the <Base> component. This makes your code more maintainable and ensures consistency.

---
import Base from "../layouts/Base.astro";
import Footer from "../components/Footer.astro";
import ContactForm from "../components/ContactForm.astro";

const description = "Framework for building synthetic organizations — autonomous AI agents orchestrated as a virtual company";
---

<Base title="SynthOrg — Build Synthetic Organizations" description={description}>

[gemini-code-assist]

Following the previous suggestion to define description as a variable, you can now use it here. Additionally, it's better to use Astro.site for the url property to avoid hardcoding the domain, ensuring it stays in sync with your site configuration.

  <script type="application/ld+json" set:html={JSON.stringify({
    "@context": "https://schema.org",
    "@type": "SoftwareApplication",
    "name": "SynthOrg",
    "description": description,
    "url": Astro.site,
    "applicationCategory": "DeveloperApplication",
    "operatingSystem": "Linux, macOS, Windows",
    "license": "https://github.com/Aureliolo/synthorg/blob/main/LICENSE",
    "author": {
      "@type": "Person",
      "name": "Aurelio",
    },
  })} />

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@site/src/components/ContactForm.astro`:
- Around line 72-78: Add accessible live region attributes and focus handoff for
the success and error messages: update the elements with id "contact-success"
and "contact-error" to include aria-live="polite" (or "assertive" as
appropriate) and a programmatically focusable target (e.g., tabindex="-1"), and
in the form submit handlers that hide the form (the code paths around the form
submission where the form is hidden/visual toggles occur) set focus to the shown
message element after toggling visibility; also ensure the hidden state uses
aria-hidden or class toggles consistently so hidden content is not focusable.
This applies to the success/error elements and the code paths that hide the form
(the post-submit success and error handling logic).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2f1da540-2d74-4f80-91f6-8dd4cfac1d04

📥 Commits

Reviewing files that changed from the base of the PR and between 5009da7 and 655e702.

⛔ Files ignored due to path filters (2)

• site/package-lock.json is excluded by !**/package-lock.json
• site/public/og-image.png is excluded by !**/*.png

📒 Files selected for processing (11)

• CLAUDE.md
• site/astro.config.mjs
• site/package.json
• site/public/robots.txt
• site/src/components/ContactForm.astro
• site/src/components/Footer.astro
• site/src/layouts/Base.astro
• site/src/pages/get/index.astro
• site/src/pages/get/view/install-ps1.astro
• site/src/pages/get/view/install-sh.astro
• site/src/pages/index.astro

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (python)

🧰 Additional context used

📓 Path-based instructions (3)

site/**/*.astro

📄 CodeRabbit inference engine (CLAUDE.md)

Landing page built with Astro (synthorg.io). Includes /get/ CLI installation page and shared Footer component. Site structure in site/src/pages/ (index, get), components/ (Footer), layouts/ (Base.astro).

Files:

• site/src/pages/get/view/install-ps1.astro
• site/src/components/Footer.astro
• site/src/layouts/Base.astro
• site/src/pages/index.astro
• site/src/components/ContactForm.astro
• site/src/pages/get/index.astro
• site/src/pages/get/view/install-sh.astro

site/**/*.{ts,tsx,astro}

📄 CodeRabbit inference engine (CLAUDE.md)

Landing page uses Astro with Concept C hybrid design. CI builds via .github/workflows/pages.yml: exports OpenAPI schema, builds Astro landing + Zensical docs, copies CLI install scripts into /get/, merges, deploys to GitHub Pages.

Files:

• site/src/pages/get/view/install-ps1.astro
• site/src/components/Footer.astro
• site/src/layouts/Base.astro
• site/src/pages/index.astro
• site/src/components/ContactForm.astro
• site/src/pages/get/index.astro
• site/src/pages/get/view/install-sh.astro

**/*.md

📄 CodeRabbit inference engine (CLAUDE.md)

Always read the relevant docs/design/ page before implementing any feature or planning any issue. The design spec in docs/design/ is the starting point for architecture, data models, and behavior. When a spec topic is referenced, read the relevant docs/design/ page before coding.

Files:

• CLAUDE.md

🧠 Learnings (23)

📓 Common learnings

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to site/**/*.{ts,tsx,astro} : Landing page uses Astro with Concept C hybrid design. CI builds via .github/workflows/pages.yml: exports OpenAPI schema, builds Astro landing + Zensical docs, copies CLI install scripts into /get/, merges, deploys to GitHub Pages.

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to site/**/*.astro : Landing page built with Astro (synthorg.io). Includes /get/ CLI installation page and shared Footer component. Site structure in site/src/pages/ (index, get), components/ (Footer), layouts/ (Base.astro).

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to site/**/*.{ts,tsx,astro} : Landing page uses Astro with Concept C hybrid design. CI builds via .github/workflows/pages.yml: exports OpenAPI schema, builds Astro landing + Zensical docs, copies CLI install scripts into /get/, merges, deploys to GitHub Pages.

Applied to files:

• site/src/pages/get/view/install-ps1.astro
• site/astro.config.mjs
• site/src/components/Footer.astro
• CLAUDE.md
• site/package.json
• site/src/layouts/Base.astro
• site/src/pages/index.astro
• site/src/components/ContactForm.astro
• site/src/pages/get/index.astro
• site/src/pages/get/view/install-sh.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to cli/scripts/install.{sh,ps1} : CLI install scripts (install.sh for Unix, install.ps1 for Windows) are in cli/scripts/. CI Pages workflow copies them to /get/ for the installation page.

Applied to files:

• site/src/pages/get/view/install-ps1.astro
• site/src/pages/get/index.astro
• site/src/pages/get/view/install-sh.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to site/**/*.astro : Landing page built with Astro (synthorg.io). Includes /get/ CLI installation page and shared Footer component. Site structure in site/src/pages/ (index, get), components/ (Footer), layouts/ (Base.astro).

Applied to files:

• site/astro.config.mjs
• site/src/components/Footer.astro
• CLAUDE.md
• site/package.json
• site/src/layouts/Base.astro
• site/src/pages/index.astro
• site/src/components/ContactForm.astro
• site/src/pages/get/index.astro
• site/src/pages/get/view/install-sh.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to pyproject.toml : Docs group in pyproject.toml contains: zensical, mkdocstrings[python], griffe-pydantic. Install: uv sync --group docs. Docs source in docs/ (Markdown, built with Zensical). Design spec in docs/design/ (7 pages). Architecture in docs/architecture/. Roadmap in docs/roadmap/. Security in docs/security.md. Licensing in docs/licensing.md. Reference in docs/reference/. REST API reference at docs/rest-api.md. Library reference in docs/api/ (auto-generated from docstrings via mkdocstrings + Griffe AST-based, no imports). Custom templates in docs/overrides/. Scripts in scripts/.

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to mkdocs.yml : mkdocs.yml at repo root is read natively by Zensical. Config includes custom_dir for optional theme/template overrides (docs/overrides/).

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to src/synthorg/**/*.py : Package structure: api/ (Litestar REST+WebSocket, JWT+API key auth, approval gate, coordination, RFC 9457 errors), budget/ (cost tracking, pre-flight/in-flight checks, CFO optimization, billing, errors), cli/ (Python CLI—superseded by Go binary), communication/ (message bus, meeting protocol, scheduler, orchestrator), config/ (YAML loading), core/ (domain models, RetryConfig, RateLimiterConfig), engine/ (orchestration, TaskEngine, routing, assignment, coordination dispatchers, checkpoint recovery, approval gate, stagnation detection), hr/ (hiring, firing, performance, promotion), memory/ (pluggable MemoryBackend, Mem0 adapter, retrieval, org memory), persistence/ (pluggable PersistenceBackend, SQLite), observability/ (logging, correlation, sinks), providers/ (LLM abstraction, LiteLLM), security/ (SecOps agent, rule engine, audit, scanner, progressive trust, autonomy levels), templates/ (presets, builder), tools/ (registry, file_system, git, sandbox, co...

Applied to files:

• CLAUDE.md
• site/src/pages/index.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to .github/workflows/pages.yml : Pages workflow: exports OpenAPI schema (scripts/export_openapi.py), builds Astro landing + Zensical docs, copies CLI install scripts into /get/, merges, deploys to GitHub Pages on push to main. Triggers on docs/**, site/**, mkdocs.yml, pyproject.toml, uv.lock, src/synthorg/**, scripts/**, cli/scripts/install.{sh,ps1}, workflow file changes, and workflow_dispatch.

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to docs/**/*.md : Documentation source files use Markdown, built with Zensical. Design spec pages (7): index, agents, organization, communication, engine, memory, operations. Architecture pages include decision log. Always link to docs/design/ pages from DESIGN_SPEC.md pointer file.

Applied to files:

• CLAUDE.md
• site/src/pages/index.astro

📚 Learning: 2026-03-15T19:54:39.886Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.886Z
Learning: Applies to **/*.md : Always read the relevant `docs/design/` page before implementing any feature or planning any issue. The design spec in docs/design/ is the starting point for architecture, data models, and behavior. When a spec topic is referenced, read the relevant docs/design/ page before coding.

Applied to files:

• CLAUDE.md
• site/src/pages/index.astro

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Applies to web/src/components/** : Vue components organized by feature (agents/, approvals/, budget/, common/, dashboard/, layout/, messages/, org-chart/, tasks/).

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).

Applied to files:

• site/package.json

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to web/package.json : Web dashboard dependencies: Node.js 20+, Vue 3, PrimeVue, Tailwind CSS, Pinia (state), VueFlow (visualizations), ECharts (charts), Axios (HTTP), vue-draggable-plus (drag), Vitest (testing), fast-check (property tests), ESLint (linting), vue-tsc (type checking). Install: npm --prefix web install. Dev server: npm --prefix web run dev (http://localhost:5173). Build: npm --prefix web run build. Lint: npm --prefix web run lint. Type check: npm --prefix web run type-check. Test: npm --prefix web run test.

Applied to files:

• site/package.json

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to **/*.{js,ts,vue} : Web dashboard uses Vue 3, PrimeVue for UI components, Tailwind CSS for styling, Pinia for state management, VueFlow for visualizations, ECharts for charts, Axios for API calls, vue-draggable-plus for dragging, Vitest for unit tests, fast-check for property-based tests, ESLint for linting, vue-tsc for type checking. Node.js 20+.

Applied to files:

• site/package.json

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Always read the relevant `docs/design/` page before implementing any feature or planning any issue. DESIGN_SPEC.md is a pointer file linking to the 7 design pages (index, agents, organization, communication, engine, memory, operations).

Applied to files:

• site/src/pages/index.astro

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Applies to docker/{Dockerfile*,compose.yml} : Docker: Backend uses 3-stage build (builder → setup → distroless runtime), Chainguard Python, non-root (UID 65532), CIS-hardened. Web uses nginxinc/nginx-unprivileged, Vue 3 SPA with PrimeVue + Tailwind CSS, SPA routing, API/WebSocket proxy to backend.

Applied to files:

• site/src/pages/index.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to Dockerfile* : Backend Dockerfile: 3-stage build (builder → setup → distroless runtime), Chainguard Python, non-root (UID 65532), CIS-hardened. Web Dockerfile: nginxinc/nginx-unprivileged with Vue 3 SPA (PrimeVue + Tailwind CSS), SPA routing, API/WebSocket proxy to backend. Sandbox Dockerfile: Python 3.14 + Node.js + git, non-root (UID 10001), agent code execution sandbox. All Dockerfiles in docker/.

Applied to files:

• site/src/pages/index.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to docker/** : All Docker files (Dockerfiles, compose, .env.example) are in docker/. Backend: 3-stage build (builder → setup → distroless), Chainguard Python, non-root UID 65532. Web: nginxinc/nginx-unprivileged, Vue 3 SPA, API/WebSocket proxy. Sandbox: Python 3.14 + Node.js + git, non-root UID 10001.

Applied to files:

• site/src/pages/index.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to .github/workflows/docker.yml : Docker workflow: builds backend + web + sandbox images, pushes to GHCR, signs with cosign. SLSA L3 provenance attestations via actions/attest-build-provenance. Scans: Trivy (CRITICAL = hard fail, HIGH = warn) + Grype (critical cutoff) + CIS Docker Benchmark v1.6.0 compliance (informational). CVE triage via .github/.trivyignore.yaml and .github/.grype.yaml. Images only pushed after scans pass. Triggers on push to main and version tags (v*).

Applied to files:

• site/src/pages/index.astro

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Applies to .github/workflows/docker.yml : CI Docker: build → scan → push to GHCR + cosign sign + SLSA L3 provenance via attest-build-provenance (images only pushed after Trivy/Grype scans pass).

Applied to files:

• site/src/pages/index.astro

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Dependabot: auto-updates Docker image digests and versions daily.

Applied to files:

• site/src/pages/index.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to .github/.grype.yaml : CVE triage and configuration for Docker image security scans via .github/.grype.yaml (for Grype).

Applied to files:

• site/src/pages/index.astro

📚 Learning: 2026-03-15T19:54:39.887Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:54:39.887Z
Learning: Applies to LICENSE : License: BUSL-1.1 with narrowed Additional Use Grant (free production use for non-competing small orgs; converts to Apache 2.0 three years after release). Release workflow auto-updates BSL Change Date in LICENSE to 3 years ahead.

Applied to files:

• site/src/pages/index.astro

🔇 Additional comments (13)

site/src/pages/get/view/install-sh.astro (1)

40-40: Contrast update looks good.

The label color shift improves visual consistency with the rest of the updated install surfaces.

site/src/pages/get/view/install-ps1.astro (1)

37-37: Nice consistency improvement.

This change aligns the PowerShell header label styling with the updated contrast treatment across the site.

site/src/components/Footer.astro (1)

28-28: Footer updates are aligned with the feature scope.

Adding the Contact entry and improving footer contrast both look good and match the landing-page UX goals.

Also applies to: 38-38

site/astro.config.mjs (1)

3-3: Sitemap integration wiring is correct.

Import and registration are clean and align with the site-level SEO objective.

Also applies to: 10-10

site/public/robots.txt (1)

1-4: robots.txt content is solid.

The directives are minimal and correct, and the sitemap reference is in the expected location.

site/src/layouts/Base.astro (2)

7-8: SEO metadata implementation is well-structured.

The canonical/OG/Twitter additions and default image/type props are integrated cleanly in the shared layout.

Also applies to: 14-19, 30-44

---

46-64: Font loading optimization is a good improvement.

The non-render-blocking stylesheet strategy plus <noscript> fallback is a solid performance/UX tradeoff.

site/src/pages/get/index.astro (1)

43-47: A11y-focused visual refinements look good.

The updated contrast and persistent underline treatment improve readability and link discoverability without affecting behavior.

Also applies to: 54-55, 63-68, 80-81, 92-97, 103-107, 129-130, 162-174, 187-202

site/package.json (1)

13-15: No action needed—versions are compatible.

@astrojs/sitemap@3.7.1 does not declare peer dependencies and was explicitly updated for the Astro 6 line. The combination astro@6.0.4 + @astrojs/sitemap@3.7.1 resolves successfully (confirmed by the lock file).

			> Likely an incorrect or invalid review comment.

site/src/components/ContactForm.astro (1)

87-90: Defensive DOM guard is solid.

Good call on Line 87-Line 90: failing open to native form submission avoids dead-end UX when script wiring is incomplete.

site/src/pages/index.astro (2)

59-71: Early-access banner placement and tone look right.

This is unobtrusive, prominent enough, and includes the two intended action links.

---

420-431: Contact section + JSON-LD integration looks good.

Line 420-Line 431 cleanly integrates the new form component, and Line 438-Line 452 adds valid static structured data in-page.

Also applies to: 438-452

CLAUDE.md (1)

83-83: Docs update is consistent with the implementation.

The landing-page scope and component list now reflect the new ContactForm + SEO work.

Also applies to: 164-164