From 7183e659c69ccf48c58f547e152dc4543a8e3676 Mon Sep 17 00:00:00 2001
From: Kurdistan Tech Ministry <info@pezkuwichain.io>
Date: Mon, 23 Feb 2026 10:19:49 +0300
Subject: [PATCH] fix: enforce security audit - remove continue-on-error

---
 .github/workflows/quality-gate.yml | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/quality-gate.yml b/.github/workflows/quality-gate.yml
index ac00a1c6..b8ca99d8 100644
--- a/.github/workflows/quality-gate.yml
+++ b/.github/workflows/quality-gate.yml
@@ -169,7 +169,7 @@ jobs:
           echo "✅ Deployed web app v${{ env.NEW_VERSION }} to app.pezkuwichain.io"
 
   # ========================================
-  # SECURITY CHECKS (INFORMATIVE)
+  # SECURITY CHECKS (BLOCKING)
   # ========================================
   security-audit:
     name: Security Audit
@@ -185,22 +185,19 @@ jobs:
         with:
           node-version: '20'
 
-      - name: Web - npm audit
+      - name: Web - npm audit (critical only)
         working-directory: ./web
-        continue-on-error: true
         run: |
           npm install
-          npm audit --audit-level=high
+          npm audit --audit-level=critical
 
-      - name: Mobile - npm audit
+      - name: Mobile - npm audit (critical only)
         working-directory: ./mobile
-        continue-on-error: true
         run: |
-          npm install
-          npm audit --audit-level=high
+          npm install --legacy-peer-deps
+          npm audit --audit-level=critical --production
 
       - name: TruffleHog Secret Scan
-        continue-on-error: true
         uses: trufflesecurity/trufflehog@main
         with:
           path: ./