Add modular post-processing system with bloom effect

.env.example

@@ -0,0 +1,35 @@
+# Copy this file to .env and configure your preferred LLM provider
+# The system will AUTO-DETECT which provider to use based on your configuration!
+# Just uncomment ONE of the options below:
+
+# =============================================================================
+# OPTION 1: Google Gemini (Cloud-based, requires API key)
+# =============================================================================
+# Uncomment to use Google Gemini:
+# GOOGLE_API_KEY=your_google_api_key_here
+
+# =============================================================================
+# OPTION 2: Ollama (Local, free)
+# =============================================================================
+# Uncomment to use Ollama:
+# OLLAMA_BASE_URL=http://localhost:11434
+# OLLAMA_MODEL=llama3.2:latest
+
+# =============================================================================
+# OPTION 3: LM Studio (Local, free) - DEFAULT
+# =============================================================================
+# Uncomment to use LM Studio (or leave as default):
+LMSTUDIO_BASE_URL=http://localhost:1234
+LMSTUDIO_MODEL=llama-3.2-1b-instruct
+
+# =============================================================================
+# Advanced: Manual Override (optional)
+# =============================================================================
+# Force a specific provider (overrides auto-detection):
+# LLM_PROVIDER=google
+
+# =============================================================================
+# Other Configuration
+# =============================================================================
+# ElevenLabs Text-to-Speech (optional)
+# ELEVENLABS_API_KEY=your_elevenlabs_api_key

.github/workflows/ci.yml

@@ -0,0 +1,72 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main]
+
+jobs:
+  quality-checks:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [20.x]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci || npm install
+
+      - name: Run format check
+        run: npm run format:check
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Run type checking
+        run: npm run check
+
+      - name: Run security audit
+        run: npm audit --audit-level=moderate
+        continue-on-error: true
+
+      - name: Build project
+        run: npm run build
+
+      - name: Check build output
+        run: ls -la build/ || ls -la dist/ || echo "Build directory not found"
+
+  security-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci || npm install
+
+      - name: Run npm audit
+        run: npm audit --audit-level=high
+        continue-on-error: true
+
+      - name: Check for known vulnerabilities
+        run: |
+          echo "Checking for security vulnerabilities..."
+          npm audit --audit-level=moderate --parseable | head -20 || true

.github/workflows/cla.yml

@@ -1,9 +1,9 @@
-name: "CLA Assistant"
+name: 'CLA Assistant'
 on:
   issue_comment:
     types: [created]
   pull_request_target:
-    types: [opened,closed,synchronize]
+    types: [opened, closed, synchronize]
 
 # explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
 permissions:
@@ -16,7 +16,7 @@ jobs:
   CLAAssistant:
     runs-on: ubuntu-latest
     steps:
-      - name: "CLA Assistant"
+      - name: 'CLA Assistant'
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
         uses: contributor-assistant/github-action@v2.6.1
         env:
@@ -31,7 +31,7 @@ jobs:
           branch: 'main'
           allowlist: user1,bot*
 
-         # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken
+          # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken
           #remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository)
           #remote-repository-name: enter the  remote repository name where the signatures should be stored (Default is storing the signatures in the same repository)
           #create-file-commit-message: 'For example: Creating file for storing CLA Signatures'

.github/workflows/security.yml

@@ -0,0 +1,84 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main]
+  schedule:
+    # Run security audit daily at 2 AM UTC
+    - cron: '0 2 * * *'
+
+jobs:
+  security-audit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci || npm install
+
+      - name: Run npm audit (allow low severity)
+        run: npm audit --audit-level=moderate
+        continue-on-error: true
+
+      - name: Run npm audit for high/critical
+        run: npm audit --audit-level=high
+
+      - name: Check for vulnerable dependencies
+        run: |
+          echo "Checking for high/critical vulnerabilities..."
+          npm audit --audit-level=high --json > audit-results.json 2>/dev/null || echo "Audit completed"
+
+          # Check if there are any high/critical vulnerabilities using correct JSON structure
+          HIGH_CRITICAL=$(npm audit --audit-level=high --json 2>/dev/null | grep -o '"high": [0-9]*' | grep -o '[0-9]*' || echo "0")
+          CRITICAL=$(npm audit --audit-level=high --json 2>/dev/null | grep -o '"critical": [0-9]*' | grep -o '[0-9]*' || echo "0")
+
+          echo "High vulnerabilities found: $HIGH_CRITICAL"
+          echo "Critical vulnerabilities found: $CRITICAL"
+
+          if [ "$HIGH_CRITICAL" != "0" ] || [ "$CRITICAL" != "0" ]; then
+            echo "❌ High or critical vulnerabilities found!"
+            exit 1
+          else
+            echo "✅ No high or critical vulnerabilities found"
+          fi
+
+      - name: Upload audit results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: security-audit-results
+          path: audit-results.json
+          retention-days: 30
+
+  dependency-review:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: moderate
+          allow-licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC
+        continue-on-error: true
+
+      - name: Manual dependency diff check
+        if: failure()
+        run: |
+          echo "⚠️  GitHub Advanced Security dependency review not available."
+          echo "Performing manual dependency comparison..."
+          git fetch origin ${{ github.base_ref }}
+          git diff origin/${{ github.base_ref }}...HEAD package-lock.json || echo "No package-lock.json changes detected"

.gitignore

@@ -21,3 +21,6 @@ Thumbs.db
 # Vite
 vite.config.js.timestamp-*
 vite.config.ts.timestamp-*
+
+# Test results
+test-results/

.husky/pre-commit

@@ -0,0 +1 @@
+npm run precommit