Add comprehensive code review documentation

[Copilot]

Performed systematic code review of epubcheck-ts v0.3.3, analyzing architecture, test coverage, security, and type safety across 20 areas. Project achieves 70% feature parity with Java EPUBCheck at A- grade.

Critical Findings (P0)

Type Safety: CLI (bin/epubcheck.ts) has 59 ESLint violations - dynamic imports returning any, unsafe member access throughout message handling and result processing. TypeScript compilation fails pre-build due to imports from non-existent ../dist/index.js.

Security: No decompression size limit - vulnerable to ZIP bombs. Recommend 500MB cap.

Validation Gaps:

• ID/IDREF validation missing (duplicate IDs undetected)
• Accessibility at 30% coverage (ARIA roles, heading hierarchy, landmarks missing)
• Schema validation at 50% (XHTML/SVG disabled due to libxml2-wasm XPath limitations)

Documentation Structure

CODE_REVIEW.md (756 lines)

• 20 issues with severity, effort estimates, code locations
• Architecture, security, performance analysis
• Metrics: 91% test pass rate (505/553), 3-4x faster than Java

REVIEW_SUMMARY.md (152 lines)

• Executive summary, coverage breakdown by component
• 3-phase action plan: P0 fixes (1 day) → ID/IDREF + accessibility (1-2 weeks)

ISSUE_TEMPLATE.md (171 lines)

• Ready-to-post GitHub issue with prioritized checklist

CODE_REVIEW_README.md (138 lines)

• Document usage guide for developers/PMs/stakeholders

Key Strengths

• Modular validator pipeline, clean separation of concerns
• Strong OCF (90%), OPF (85%), CSS (70%) validation
• 154 EPUB fixtures from Java test suite
• Zero vulnerabilities, cross-platform (Node.js + browsers)

Recommendation

Address 4 critical issues (1 day effort), then ID/IDREF validation and accessibility expansion (1-2 weeks) to reach 90% feature parity.

Original prompt

Perform code review on this repo, summarize items in a new issue

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.