feat: add conventional commit linting

.github/actions/spelling/expect.txt

@@ -147,7 +147,7 @@
 htmlc
 htmx
 httpdebug
 Huawei
 huawei
 hypertext
 iaskspider
@@ -187,8 +187,8 @@
 licend
 licstart
 lightpanda
-limsa
-Linting
+LIMSA
+linting
 linuxbrew
 LLU
 loadbalancer
@@ -341,7 +341,7 @@
 withthothmock
 wolfbeast
 wordpress
 Workaround
 workaround
 workdir
 wpbot

.github/workflows/conventional-commits.yml

@@ -0,0 +1,31 @@
+name: Commit Lint
+
+on: [push, pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Setup node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          cache: npm
+
+      - name: Install commitlint
+        run: npm ci
+
+      - name: Validate current commit (last commit) with commitlint
+        if: github.event_name == 'push'
+        run: npx commitlint --last --verbose
+
+      - name: Validate PR commits with commitlint
+        if: github.event_name == 'pull_request'
+        run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose

.husky/commit-msg

@@ -0,0 +1 @@
+npx --no -- commitlint --edit $1

commitlint.config.js

@@ -0,0 +1,27 @@
+module.exports = {
+  extends: ['@commitlint/config-conventional'],
+  rules: {
+    'type-enum': [
+      2,
+      'always',
+      [
+        'build',
+        'chore',
+        'ci',
+        'docs',
+        'feat',
+        'fix',
+        'perf',
+        'refactor',
+        'revert',
+        'style',
+        'test'
+      ]
+    ],
+    'subject-case': [2, 'never', ['pascal-case', 'upper-case']],
+    'subject-empty': [2, 'never'],
+    'subject-full-stop': [2, 'never', '.'],
+    'type-case': [2, 'always', 'lower-case'],
+    'type-empty': [2, 'never']
+  }
+};

docs/docs/CHANGELOG.md

@@ -121,7 +121,7 @@
 
 #### Fixes a problem with nonstandard URLs and redirects
 
 Fixes [GHSA-jhjj-2g64-px7c](https://github.com/TecharoHQ/anubis/security/advisories/GHSA-jhjj-2g64-px7c).
 
 This could allow an attacker to craft an Anubis pass-challenge URL that forces a redirect to nonstandard URLs, such as the `javascript:` scheme which executes arbitrary JavaScript code in a browser context when the user clicks the "Try again" button.
 
@@ -148,7 +148,7 @@
 
 - [Czech](https://github.com/TecharoHQ/anubis/pull/849)
 - [Finnish](https://github.com/TecharoHQ/anubis/pull/863)
 - [Norwegian Bokmål](https://github.com/TecharoHQ/anubis/pull/855)
 - [Norwegian Nynorsk](https://github.com/TecharoHQ/anubis/pull/855)
 - [Russian](https://github.com/TecharoHQ/anubis/pull/882)
 
@@ -253,7 +253,10 @@
 
 - Add `COOKIE_SECURE` option to set the cookie [Secure flag](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies)
 - Sets cookie defaults to use [SameSite: None](https://web.dev/articles/samesite-cookies-explained)
-- Determine the `BIND_NETWORK`/`--bind-network` value from the bind address ([#677](https://github.com/TecharoHQ/anubis/issues/677)).
+- Add conventional commit linting to enforce standardized commit message formatting across the project
+- Fix OpenGraph passthrough with new policy definitions ([#717](https://github.com/TecharoHQ/anubis/issues/717))
+- Determine the `BIND_NETWORK`/`--bind-network` value from the bind address ([#677](https://github.com/TecharoHQ/anubis/issues/677))
+- Implement localization system. Find locale files in lib/localization/locales/.
 - Implement a [development container](https://containers.dev/) manifest to make contributions easier.
 - Fix dynamic cookie domains functionality ([#731](https://github.com/TecharoHQ/anubis/pull/731))
 - Add option for custom cookie prefix ([#732](https://github.com/TecharoHQ/anubis/pull/732))

docs/docs/developer/local-dev.md

@@ -2,7 +2,7 @@
 title: Local development
 ---
 
 If you use an editor with [Development containers](https://containers.dev) support, load this repo's [devcontainer configuration](https://github.com/TecharoHQ/anubis/tree/main/.devcontainer). Skip to [Running Anubis locally](#running-anubis-locally) if you are using the devcontainer.
 
 This enables you to contribute from [GitHub Codespaces](https://github.com/features/codespaces) or other web-based editors.
 
@@ -60,6 +60,43 @@
 DOCKER_REPO=registry.host/org/repo DOCKER_METADATA_OUTPUT_TAGS=registry.host/org/repo:latest npm run container
 ```
 
+## Commit linting
+
+Anubis enforces [conventional commits](https://www.conventionalcommits.org/) to maintain consistent commit messages. The commit linting is automatically set up when you run:
+
+```text
+npm ci
+```
+
+### Commit message format
+
+Commits must follow this format:
+
+```text
+type(scope): description
+```
+
+**Valid types:**
+- `feat`: New features
+- `fix`: Bug fixes
+- `docs`: Documentation changes
+- `style`: Code style changes (formatting, missing semicolons, etc.)
+- `refactor`: Code refactoring without changing functionality
+- `perf`: Performance improvements
+- `test`: Adding or updating tests
+- `build`: Build system changes
+- `ci`: CI/CD configuration changes
+- `chore`: Maintenance tasks
+- `revert`: Reverting previous commits
+
+**Examples:**
+- `feat: add dark mode support`
+- `fix(policy): resolve memory leak in challenge validation`
+- `docs: update API documentation`
+- `perf(hash): optimize SHA-256 hashing performance`
+
+The commit hook will automatically validate your commit messages and prevent commits that don't follow the conventional format.
+
 ## Building packages
 
 For more information, see [Building native packages is complicated](https://xeiaso.net/blog/2025/anubis-packaging/) and [#156: Debian, RPM, and binary tarball packages](https://github.com/TecharoHQ/anubis/issues/156).