feat: add machine-readable metadata endpoints humans.txt and security.txt

[toddeTV]

Summary by CodeRabbit

• New Features

  • Added a machine-readable security.txt available at /.well-known/security.txt and also reachable via /security.txt (301 redirect).
  • Added a humans.txt endpoint providing project/team/credits and legal/privacy links.

• Chores

  • Centralized site/project metadata into a shared configuration to drive branding and SEO values.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 37d333f5-d05c-4b40-9869-2222b24c06e5

📥 Commits

Reviewing files that changed from the base of the PR and between 0b59fae and 76a63a6.

📒 Files selected for processing (2)

• server/routes/.well-known/security.txt.get.ts
• server/routes/humans.txt.get.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• server/routes/.well-known/security.txt.get.ts
• server/routes/humans.txt.get.ts

---

📝 Walkthrough

Walkthrough

This pull request centralizes project metadata into project.config.json, integrates it into Nuxt's SEO/site configuration, and implements two server-side handlers that generate and serve machine-readable metadata files: security.txt and humans.txt. Both endpoints are configured for static prerendering with shared cache-control rules, and /security.txt is aliased to /.well-known/security.txt via a 301 redirect.

Changes

Machine-readable metadata endpoints with centralized project configuration

Layer / File(s)	Summary
Project configuration foundation project.config.json	New configuration file with structured metadata: author contact/profile links, legal notice and privacy policy paths, repository and license URLs, security contact, preferred languages, site description, and canonical URL.
Configuration integration in Nuxt nuxt.config.ts	Imports projectConfig and defines staticMachineReadableTextRouteRule constant (prerender + cache-control). SEO head meta tags (application-name, author) and @nuxtjs/seo site config (url, name, description) are sourced from projectConfig. Adds route rules and a redirect for machine-readable endpoints.
Security.txt endpoint nuxt.config.ts, public/_redirects, server/routes/.well-known/security.txt.get.ts	Adds a 301 redirect /security.txt → /.well-known/security.txt, and a GET handler that generates security.txt containing Contact, Expires (180 days), Canonical, Preferred-Languages, and optional Policy derived from projectConfig; returns text/plain; charset=utf-8.
Humans.txt endpoint server/routes/humans.txt.get.ts	Adds a GET handler that builds humans.txt with Project, Author (name and profile URLs), and Source Code sections using projectConfig and runtimeConfig.public.build.releaseLabel; returns text/plain; charset=utf-8.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant SecurityTxtHandler
  participant ProjectConfig
  Client->>SecurityTxtHandler: GET /.well-known/security.txt
  SecurityTxtHandler->>ProjectConfig: Read siteUrl, contact, languages, policyUrl
  SecurityTxtHandler->>SecurityTxtHandler: create expires + build content
  SecurityTxtHandler->>Client: HTTP 200 text/plain response

Loading

sequenceDiagram
  participant Client
  participant HumansTxtHandler
  participant ProjectConfig
  participant RuntimeConfig
  Client->>HumansTxtHandler: GET /humans.txt
  HumansTxtHandler->>ProjectConfig: Read author, project, repo, legal paths
  HumansTxtHandler->>RuntimeConfig: Read build.releaseLabel
  HumansTxtHandler->>Client: HTTP 200 text/plain response

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• toddeTV/todde.tv#7: Both PRs modify nuxt.config.ts's @nuxtjs/seo configuration, with this PR wiring SEO metadata to the new centralized projectConfig while PR #7 introduces and configures the SEO module itself.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main change: adding two machine-readable metadata endpoints (humans.txt and security.txt) to the project.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

server/routes/.well-known/security.txt.get.ts (1)

12-26: ⚡ Quick win

Add brief JSDoc for the helper functions.

Both helpers are missing function docs, which this repo requires.

As per coding guidelines "Brief JSDoc on all functions."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@server/routes/.well-known/security.txt.get.ts` around lines 12 - 26, Add
brief JSDoc comments for the helper functions createSecurityTxtExpires and
buildSecurityTxtContent: describe each function's purpose, annotate parameters
(now: Date, lifetimeDays: number for createSecurityTxtExpires; options:
SecurityTxtContentOptions, now: Date for buildSecurityTxtContent), note default
values where applicable (e.g., defaultSecurityTxtLifetimeDays and new Date()),
and specify the return type (string, ISO timestamp or content string). Place the
JSDoc immediately above each function declaration and keep the comments short
and focused per repository guidelines.

server/routes/humans.txt.get.ts (1)

3-35: ⚡ Quick win

Add a brief JSDoc for the route handler.

The new handler is undocumented; this repo expects short function docs.

As per coding guidelines "Brief JSDoc on all functions."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@server/routes/humans.txt.get.ts` around lines 3 - 35, Add a brief JSDoc
comment above the exported route handler (the export default
defineEventHandler(...) function) describing the route purpose (returns
humans.txt-style plain text), listing the parameters/context (event: H3 event or
runtime config access via useRuntimeConfig) and the return type (string
response), and mention any side effects (sets Content-Type via
setResponseHeader); keep it short (one or two lines) and reference
projectConfig, useRuntimeConfig, and setResponseHeader so future readers know
what the handler uses.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@nuxt.config.ts`:
- Line 109: Replace the current use of projectConfig.author.name for the
site.name metadata with the project name to keep SEO identity consistent: update
the metadata assignment where site.name is set (currently "name:
projectConfig.author.name") to use projectConfig.projectName instead so it
matches the application-name value already using projectConfig.projectName.

---

Nitpick comments:
In `@server/routes/.well-known/security.txt.get.ts`:
- Around line 12-26: Add brief JSDoc comments for the helper functions
createSecurityTxtExpires and buildSecurityTxtContent: describe each function's
purpose, annotate parameters (now: Date, lifetimeDays: number for
createSecurityTxtExpires; options: SecurityTxtContentOptions, now: Date for
buildSecurityTxtContent), note default values where applicable (e.g.,
defaultSecurityTxtLifetimeDays and new Date()), and specify the return type
(string, ISO timestamp or content string). Place the JSDoc immediately above
each function declaration and keep the comments short and focused per repository
guidelines.

In `@server/routes/humans.txt.get.ts`:
- Around line 3-35: Add a brief JSDoc comment above the exported route handler
(the export default defineEventHandler(...) function) describing the route
purpose (returns humans.txt-style plain text), listing the parameters/context
(event: H3 event or runtime config access via useRuntimeConfig) and the return
type (string response), and mention any side effects (sets Content-Type via
setResponseHeader); keep it short (one or two lines) and reference
projectConfig, useRuntimeConfig, and setResponseHeader so future readers know
what the handler uses.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 09848e46-b59e-49a8-a83f-65827e381520

📥 Commits

Reviewing files that changed from the base of the PR and between 6f422be and 0b59fae.

📒 Files selected for processing (5)

• nuxt.config.ts
• project.config.json
• public/_redirects
• server/routes/.well-known/security.txt.get.ts
• server/routes/humans.txt.get.ts