chore: add CI/CodeQL workflows, fix README badges, enhance CLAUDE.md

- Add ci.yml workflow for PR build checks (lint + build)
- Add codeql.yml workflow for JavaScript/TypeScript security analysis
- Fix README badges to reference actual workflows (ci, deploy, codeql)
- Add Live demo and Documentation links to README
- Replace inaccurate CI/CD section with workflow table
- Add development workflow, repo conventions, and CI/CD details to CLAUDE.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: jonathanperis

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: CI
+
+on:
+  pull_request:
+    branches: ["main"]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: "20"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Build
+        run: npm run build
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NEXT_PUBLIC_GA_ID: G-35CN95481D

.github/workflows/codeql.yml

@@ -0,0 +1,31 @@
+name: CodeQL
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "0 6 * * 1"
+
+permissions:
+  security-events: write
+  contents: read
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: javascript-typescript
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

CLAUDE.md

@@ -90,7 +90,10 @@ jonathanperis.github.io/
 ├── next.config.ts              # Static export, cache headers
 ├── tsconfig.json               # strict, ES2017, @/* alias
 ├── postcss.config.mjs          # Tailwind CSS v4
-└── .github/workflows/deploy.yml # GitHub Pages deploy on push to main
+└── .github/workflows/
+    ├── ci.yml                  # PR build check (lint + build)
+    ├── deploy.yml              # GitHub Pages deploy on push to main
+    └── codeql.yml              # Security analysis (JS/TS)
 ```
 
 ---
@@ -106,6 +109,32 @@ jonathanperis.github.io/
 
 ## CI/CD
 
-- **Trigger:** Push to main or manual dispatch
-- **Pipeline:** `npm ci` → `npm run build` → Upload `./out` → Deploy to GitHub Pages
+| Workflow | Trigger | Purpose |
+|----------|---------|---------|
+| `ci.yml` | Pull requests to main | Lint + build validation |
+| `deploy.yml` | Push to main / manual dispatch | Build → upload → deploy to GitHub Pages |
+| `codeql.yml` | Push, PRs, weekly (Mon 06:00 UTC) | JavaScript/TypeScript security scanning |
+
 - **Dependabot:** Weekly npm + GitHub Actions updates
+- **Merge strategy:** Rebase only (squash and merge commits disabled)
+- **Branch protection:** Main branch is protected; all changes go through PRs
+- **Auto-merge:** Enabled for Dependabot PRs
+
+---
+
+## Development Workflow
+
+1. Create a feature branch from `main`
+2. Make changes and push
+3. Open a PR targeting `main` — CI runs lint + build automatically
+4. After review and green checks, rebase-merge the PR
+5. `deploy.yml` triggers automatically on push to main
+
+---
+
+## Repository Conventions
+
+- **GitHub operations:** Always use `gh` CLI
+- **Community health files** (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT) live in the [`.github` repo](https://github.com/jonathanperis/.github) — do not duplicate them here
+- **PR strategy:** Branch + PR for all changes, rebase merge only
+- **Commit style:** Conventional commits (`feat:`, `fix:`, `chore:`, `docs:`)

README.md

@@ -2,9 +2,9 @@
 
 > Personal developer portfolio built with Next.js — dynamically fetches GitHub projects, dark terminal aesthetic, print-optimized resume
 
-[![CI](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/main-release.yml/badge.svg)](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/main-release.yml) [![CodeQL](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/codeql.yml/badge.svg)](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/codeql.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+[![CI](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/ci.yml/badge.svg)](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/ci.yml) [![Deploy to GitHub Pages](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/deploy.yml/badge.svg)](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/deploy.yml) [![CodeQL](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/codeql.yml/badge.svg)](https://github.com/jonathanperis/jonathanperis.github.io/actions/workflows/codeql.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 
-**[Visit →](https://jonathanperis.github.io/)**
+**[Live demo →](https://jonathanperis.github.io/)** | **[Documentation →](CLAUDE.md)**
 
 ---
 
@@ -55,9 +55,13 @@ Open http://localhost:3000
 
 ## CI/CD
 
-The `main-release.yml` workflow builds the site with Node 20, runs `npm ci` and `npm run build`, then uploads the static export to GitHub Pages with `actions/deploy-pages`.
+| Workflow | Trigger | Purpose |
+|----------|---------|---------|
+| `ci.yml` | Pull requests to main | Lint + build check |
+| `deploy.yml` | Push to main / manual | Build and deploy to GitHub Pages |
+| `codeql.yml` | Push, PRs, weekly schedule | JavaScript/TypeScript security analysis |
 
-The `codeql.yml` workflow runs on push, pull request, and a weekly schedule to analyze the JavaScript/TypeScript codebase.
+Dependabot monitors npm and GitHub Actions dependencies weekly.
 
 ## License