feat: PR-1 add project infrastructure and tooling config#1
Merged
mynameistito merged 7 commits intomainfrom Mar 26, 2026
Merged
feat: PR-1 add project infrastructure and tooling config#1mynameistito merged 7 commits intomainfrom
mynameistito merged 7 commits intomainfrom
Conversation
Set up build system (tsdown, Bun), linting (Ultracite/Biome), git hooks (lefthook), CI/CD workflows, dependency management, and community files.
📝 WalkthroughWalkthroughAdds comprehensive repository scaffolding: CI/CD workflows, issue/PR templates, linting/commit hooks, Changesets release config, editor/tool settings, documentation, package metadata, and utility scripts for a Bun/Node TypeScript Discord search CLI. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
7 issues found across 38 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="package.json">
<violation number="1" location="package.json:67">
P2: Move `@typescript/native-preview` to `devDependencies`; it's a build/typecheck tool, not a runtime dependency.</violation>
</file>
<file name="SECURITY.md">
<violation number="1" location="SECURITY.md:33">
P3: The security policy references `repo-updater`, which appears to be the wrong project name for this repository and can misdirect vulnerability reporters.</violation>
</file>
<file name="CONTRIBUTING.md">
<violation number="1" location="CONTRIBUTING.md:79">
P3: This dependency policy line is out of sync with `package.json` (it omits `@typescript/native-preview`), which can mislead contributors about allowed/runtime deps.</violation>
</file>
<file name=".gitignore">
<violation number="1" location=".gitignore:17">
P2: The log ignore pattern uses `_` instead of `*`, so most `.log` files will still be tracked.</violation>
<violation number="2" location=".gitignore:18">
P3: The report filename pattern uses `_` instead of `*`, so generated report JSON files may not be ignored.</violation>
</file>
<file name=".github/workflows/release.yml">
<violation number="1" location=".github/workflows/release.yml:9">
P2: Add explicit workflow token permissions for the release job; without them, changesets can fail to create/update the release PR when default GITHUB_TOKEN permissions are read-only.</violation>
</file>
<file name=".github/workflows/pr-labels.yml">
<violation number="1" location=".github/workflows/pr-labels.yml:11">
P2: Concurrency is keyed by branch ref, so label runs from different PRs targeting the same branch can cancel each other. Use the PR number in the group key to isolate runs per PR.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 24
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.claude/skills/better-result-adopt/SKILL.md:
- Line 143: The workflow step referencing the non-existent directory "opensrc/"
should be updated: either remove the "opensrc/" mention from the checklist step
that starts with "Check for source reference" or replace it with a clarifying
sentence that instructs users to create or supply an "opensrc/" directory
beforehand (e.g., "If you rely on local source code, ensure an 'opensrc/'
directory exists and contains the better-result source"); update the text around
the string "opensrc/" in SKILL.md to make this explicit.
- Line 32: Add a short, one- or two-sentence clarification for the "Panic" term
referenced in the migration table (the "Bugs/defects" row under Result callback)
that defines what a Panic is, when it is raised (e.g., unrecoverable runtime
error such as null deref or type error within a Result callback), and how it
differs from regular/handled errors; add this as a footnote or inline
parenthetical after the table and optionally include a link or reference to the
runtime docs for panics.
- Around line 75-82: The example references an UnhandledException type used in
the fetchUser function and in Result.tryPromise's catch handler but that class
is not defined; add a definition or reference so readers can follow the example.
Define UnhandledException (for example in tagged-errors.md) as a TaggedError
subtype that accepts a cause and builds a readable message, or add a clear note
in SKILL.md pointing to the exact file and exported class name where
UnhandledException is implemented; ensure the fetchUser example's return type
and the catch branch (UnhandledException) use that exact exported symbol so the
type and runtime class resolve.
In @.env.example:
- Around line 5-6: The .env.example file has keys out of alphabetical order
causing dotenv-linter UnorderedKey; reorder the variables so DISCORD_CLIENT_ID
appears before DISCORD_GUILD_ID (i.e., place the DISCORD_CLIENT_ID line above
the DISCORD_GUILD_ID line) and ensure the rest of the file follows alphabetical
ordering for environment keys.
In @.github/ISSUE_TEMPLATE/bug_report.yml:
- Around line 85-87: The description currently asks reporters to paste their
full `.env` file, which risks secret leakage; update the `description` value for
the "Environment file (if applicable)" label to request only the names of
relevant environment variables and a masked/example snippet (e.g.,
"DISCORD_TOKEN=REDACTED, DB_URL=postgres://user@host/... (redacted)") instead of
the full `.env` contents, and adjust text to explicitly warn against pasting
secrets so users provide only variable names and masked examples.
In @.github/ISSUE_TEMPLATE/question.yml:
- Around line 37-50: Add a new required runtime version field to the issue
template so reporters provide precise versions; specifically, next to the
existing dropdown field with id "runtime" add a short text/input field with id
"runtime_version" (label "Runtime version") and set validations.required: true
so the template collects exact runtime versions for faster troubleshooting.
In @.github/labeler.yml:
- Around line 1-61: Update the schema reference in .v8rrc.yml to match labeler
v6 when SchemaStore publishes a v6 schema, or temporarily remove the SchemaStore
v5 reference and validate against the official actions/labeler docs instead;
specifically, watch for a v6 schema in the SchemaStore repo and then change the
$schema value in .v8rrc.yml to the v6 URL (or replace the schema-based
validation with documentation-based checks), and ensure your .github/labeler.yml
usage remains compatible with labeler v6.0.1 during the interim.
In @.github/PULL_REQUEST_TEMPLATE.md:
- Line 1: Change the top-level heading "## What does this PR do?" to an H1 by
replacing the leading "##" with a single "#" so the first line reads "# What
does this PR do?" to satisfy MD041; update only the first line/header in
PULL_REQUEST_TEMPLATE.md (the header text "What does this PR do?") to use a
single '#' H1 marker.
In @.github/workflows/ci.yml:
- Around line 112-113: The CI step named "Test (Node.js runtime)" is invoking a
non-existent npm script "test:node"; update the workflow or package.json so the
script exists: either change the workflow command in the Test (Node.js runtime)
job from "bun run test:node" to an existing script (for example "bun run test"
or the correct script name found in package.json) or add a "test:node" script
entry to package.json that runs the intended Node.js test command; make sure to
reference the workflow job name and the script key "test:node" when making the
change.
In @.github/workflows/pr-labels.yml:
- Around line 10-12: The concurrency group currently uses `${{ github.workflow
}}-${{ github.ref }}` which with pull_request_target resolves to the base branch
and causes unrelated PR runs to cancel each other; update the concurrency key to
be PR-scoped by using a pull-request-specific identifier such as `${{
github.workflow }}-pr-${{ github.event.pull_request.number }}` or `${{
github.workflow }}-pr-${{ github.event.pull_request.head.sha }}` in the
`concurrency: group` value so each PR gets its own concurrency group (leave
`cancel-in-progress: true` as-is).
In @.github/workflows/release.yml:
- Around line 7-13: The workflow is missing explicit permissions required for
changesets/action to create/update release PRs and for npm publish with
provenance; add a top-level permissions block in the release workflow (near
concurrency and the release job declaration) granting at minimum pull-requests:
write (for PR creation), contents: write or packages: write (for package
publishing/metadata), and id-token: write (for OIDC/provenance); update the
release job definition (the release job name/runs-on/steps block) to use these
explicit permissions so the actions creating release PRs and publishing to npm
with provenance no longer rely on repo defaults.
In @.gitignore:
- Around line 16-19: The .gitignore patterns are too specific: replace the
literal "_.log" and overly rigid "report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json" so
they match real generated files; keep the existing "logs" entry as a directory
(or change to "logs/") and add broader globs such as "*.log" (to ignore any log
file) and a relaxed report pattern like "report*.json" or "report_*.json" (or
"report-*.json") to catch numbered/dated report files; update those entries in
the .gitignore accordingly.
In `@AGENTS.md`:
- Around line 3-5: The AGENTS.md header contains hardcoded
Generated/Commit/Branch metadata that will become stale; remove those static
lines or replace them with CI-generated placeholders and set up your pipeline to
populate them (e.g., use build-time templating, git describe/commit SHA and
branch env vars) so the file no longer contains drifting values; specifically
edit the AGENTS.md header to remove the three lines "**Generated:**",
"**Commit:**", and "**Branch:**" or swap them for templated tokens that your CI
(or a pre-commit hook) will substitute at publish time.
- Around line 11-24: The fenced directory-listing code block in AGENTS.md (the
block that begins with "src/" and ends with "presets.ts # Preset
persistence") should include a language identifier to satisfy markdownlint
MD040; change the opening fence from ``` to ```text so the block becomes a
"text" fenced code block (e.g., ```text ... ```), leaving the directory contents
unchanged.
In `@CLAUDE.md`:
- Line 1: Add a top-level H1 heading as the very first line of CLAUDE.md to
satisfy MD041 (e.g., prepend a line beginning with "#" such as "# CLAUDE" or a
project-appropriate title), ensuring there's a blank line after the heading so
the rest of the existing content ("Read AGENTS.md for project knowledge.")
follows correctly.
In `@CONTRIBUTING.md`:
- Around line 29-51: The fenced project-structure block in CONTRIBUTING.md lacks
a language tag (violates MD040); update the opening fence from ``` to ```text so
the block is marked as plain text. Locate the block showing "index.ts # Entry
point — CLI main loop..." and change its fence to include "text" (i.e., the
triple backticks that start the block), ensuring markdownlint passes and the doc
renders as intended.
In `@lefthook.yml`:
- Around line 7-8: The pre-commit hook currently runs the unpinned command "bunx
v8r {staged_files}" which allows whatever v8r version is resolved at runtime;
change this to an explicit pinned invocation (e.g., "bunx v8r@<VERSION>
{staged_files}") so the hook uses a deterministic v8r release—update the
lefthook.yml entry that contains the run line for the v8r hook to include the
chosen semver version (replace <VERSION> with the specific v8r version you want
to lock to).
In `@package.json`:
- Line 8: The top-level "types" field in package.json currently points to an
ESM-only declaration ("./dist/index.d.mts") which can confuse CJS consumers;
update package.json by either removing the top-level "types" entry to rely on
the "exports" map for per-entry type resolution, or change it to point to a
universal declaration file (e.g. "./dist/index.d.ts") if tsdown/your build emits
one so both ESM and CJS consumers get compatible typings; adjust the exports map
entries if necessary to reference their specific .d.mts/.d.cts/.d.ts files to
keep type resolution correct.
- Line 38: The "typecheck" npm script currently calls "tsgo --noEmit" which is
invalid; update the "typecheck" script (the "typecheck" entry in package.json)
to use "tsc --noEmit" instead of "tsgo --noEmit" so TypeScript type checking
runs correctly; ensure any callers like "prepublishOnly" and CI that rely on the
"typecheck" script continue to work after this change.
- Line 15: Add an outExtensions function to tsdown.config.ts that maps
js->.cjs/.mjs and dts->.d.cts/.d.mts based on context.format (implement the
suggested outExtensions callback) so tsdown emits .d.mts/.d.cts files, then
update package.json's export conditions and the "types" field referenced in
package.json (the import condition and the require/commonjs condition) to point
to the correct declaration file names produced for each format (use
./dist/index.d.mts for ESM and ./dist/index.d.cts for CJS) to match the
generated outputs.
- Line 67: The package "@typescript/native-preview" is a nightly experimental
TypeScript build and must not be listed in runtime dependencies; remove it from
dependencies and add it to devDependencies (or delete it entirely if not
needed). Update package.json so the entry for "@typescript/native-preview"
appears under the devDependencies section (or is removed), ensuring any build
scripts or tooling that rely on it still reference it as a dev-only dependency.
In `@scripts/cleanup.ts`:
- Line 11: The SKIP_DIRS set (const SKIP_DIRS) should be expanded to include
common generated and build folders so the pre-commit traversal stays fast;
update SKIP_DIRS to add directories such as dist, build, .next, out, target,
coverage, .turbo, .parcel-cache, and any repo-specific generated folders (e.g.,
generated, typings, build-output) so the walk logic that references SKIP_DIRS on
lines ~29-31 will skip those directories during traversal.
- Around line 22-23: The cleanup code currently swallows all filesystem errors
by using .catch(() => []) on readdir and similar swallowing around unlink;
update the logic in scripts/cleanup.ts to explicitly handle errors instead of
ignoring them: wrap the readdir call (the entries variable) in a try/catch,
treat ENOENT as harmless but log and rethrow or return failure for any other
error, and do the same for unlink/file removal operations (do not use blanket
.catch(() => {}) for unlink); include the target path and the caught error in
the log message so callers can diagnose failures, or rethrow non-ENOENT errors
so they aren’t silently skipped.
In `@SECURITY.md`:
- Line 33: The SECURITY.md guidance references the stale project name
"repo-updater"; update the doc by locating the string "repo-updater" in
SECURITY.md and replacing it with this repository's correct project name (use
the canonical repo/project name used elsewhere in docs or package metadata) so
vulnerability reports are routed correctly and consistently.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 2c546325-b14b-4ec4-abe0-08a451eedc05
⛔ Files ignored due to path filters (1)
bun.lockis excluded by!**/*.lock
📒 Files selected for processing (37)
.changeset/README.md.changeset/config.json.claude/CLAUDE.md.claude/commands/adopt-better-result.md.claude/settings.json.claude/skills/better-result-adopt/SKILL.md.claude/skills/better-result-adopt/references/tagged-errors.md.env.example.github/CODEOWNERS.github/ISSUE_TEMPLATE/bug_report.yml.github/ISSUE_TEMPLATE/config.yml.github/ISSUE_TEMPLATE/feature_request.yml.github/ISSUE_TEMPLATE/question.yml.github/PULL_REQUEST_TEMPLATE.md.github/dependabot.yml.github/labeler.yml.github/workflows/ci.yml.github/workflows/codeql.yml.github/workflows/pr-labels.yml.github/workflows/pr-triage.yml.github/workflows/release.yml.github/workflows/stale.yml.gitignore.npmrc.v8rrc.yml.zed/settings.jsonAGENTS.mdCLAUDE.mdCODE_OF_CONDUCT.mdCONTRIBUTING.mdSECURITY.mdbiome.jsonclefthook.ymlpackage.jsonscripts/cleanup.tstsconfig.jsontsdown.config.ts
mynameistito
changed the title
mynameistito
changed the title
Owner
Author
|
@greptile |
Greptile SummaryThis PR establishes the complete project infrastructure for
Confidence Score: 3/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Push / PR to main] --> B[CI Workflow]
A --> C[Release Workflow]
A --> D[CodeQL Workflow]
A --> E[PR Labels / Triage]
B --> B1[check: typecheck + lint]
B1 --> B2[build: tsdown src/index.ts]
B1 --> B3[test-bun: Bun latest + canary]
B2 --> B2E["❌ FAILS — src/index.ts missing"]
C --> C1[bun install]
C1 --> C2[bun run build]
C2 --> C2E["❌ FAILS — src/index.ts missing"]
C2 --> C3{changesets/action}
C3 -->|changesets present| C4[Publish to npm]
C3 -->|no changesets| C5[Open Release PR]
E --> E1[pr-labels: labeler from labeler.yml]
E --> E2[pr-triage: parse CODEOWNERS]
E2 --> E3{No reviewers?}
E3 -->|yes| E4[Request CODEOWNER review]
subgraph lefthook pre-commit
H1[bun fix staged JS/TS/JSON/CSS]
H2[bunx v8r staged YAML]
H3[bun typecheck staged TS]
H4[scripts/cleanup.ts]
end
Reviews (2): Last reviewed commit: "chore: add changeset for initial project..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
- Move @typescript/native-preview to devDependencies - Fix typecheck script (tsgo -> tsc) - Add test:node placeholder script - Add permissions block to release workflow - Fix .gitignore wildcard patterns (_ -> *) - Add outExtensions to tsdown config for .d.mts/.d.cts - Remove top-level types field from package.json - Update exports map with correct type declarations - Fix pr-labels concurrency (branch -> PR number) - Improve cleanup.ts error handling and expand SKIP_DIRS - Pin v8r version in lefthook.yml - Fix security.md project name reference - Sync contributing.md dependency policy - Reorder .env.example alphabetically - Secure bug_report.yml (warn against pasting secrets) - Add language tag to AGENTS.md code block - Add H1 heading to CLAUDE.md
There was a problem hiding this comment.
2 issues found across 13 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="CONTRIBUTING.md">
<violation number="1" location="CONTRIBUTING.md:79">
P3: The contributing guide now incorrectly documents `@typescript/native-preview` as a runtime dependency, but it is a devDependency in `package.json`. This can mislead contributors about dependency policy.</violation>
</file>
<file name="package.json">
<violation number="1" location="package.json:38">
P2: `test:node` is a no-op that always succeeds, so CI can pass without executing any Node tests.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
Actionable comments posted: 5
♻️ Duplicate comments (3)
AGENTS.md (1)
3-5:⚠️ Potential issue | 🟡 MinorRemove stale hardcoded metadata.
These hardcoded
Generated,Commit, andBranchvalues will immediately drift and provide misleading information. Consider removing them or automating their generation via CI.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@AGENTS.md` around lines 3 - 5, Remove the stale hardcoded metadata lines "Generated:", "Commit:", and "Branch:" from AGENTS.md (they are the three top-level metadata entries) and either delete them entirely or replace with CI-populated placeholders; if automation is chosen, add CI template tokens (e.g., {{BUILD_TIMESTAMP}}, {{GIT_COMMIT}}, {{GIT_BRANCH}}) so the values are injected at build time instead of hardcoding the literal strings.lefthook.yml (1)
7-8: 🧹 Nitpick | 🔵 TrivialConsider pinning
v8rto a specific version for reproducibility.Using
v8r@latestis better than unpinned, but different developers or CI runs may still resolve different versions over time. For fully deterministic builds, pin to a specific version (e.g.,v8r@3.1.0).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@lefthook.yml` around lines 7 - 8, The lefthook pre-commit hook currently invokes v8r via "run: bunx v8r@latest {staged_files}" which is not pinned; change that invocation to a fixed version (for example "bunx v8r@3.1.0 {staged_files}") so the v8r version is deterministic across dev machines and CI; update the run line in lefthook.yml where "bunx v8r@latest" appears and ensure any related documentation or comments reflect the chosen pinned version.CONTRIBUTING.md (1)
29-51:⚠️ Potential issue | 🟡 MinorAdd a language tag to the project-structure fenced block.
Use a
textinfo string on the opening fence to satisfy markdown linting and keep doc checks clean.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@CONTRIBUTING.md` around lines 29 - 51, The fenced project-structure block in CONTRIBUTING.md lacks a language/info string; update its opening triple backticks to include the `text` info string (i.e., change ``` to ```text) so the markdown linter accepts the block and doc checks pass, leaving the block contents (the index.ts and src/ tree) unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/ISSUE_TEMPLATE/bug_report.yml:
- Around line 37-39: Update the "description" value for the block labeled "Full
command and output" to include an explicit redaction warning instructing
reporters to remove secrets/PII (tokens, auth headers, file paths, user
identifiers) before pasting terminal output; modify the description string in
the same YAML entry (the fields labeled label/description/render) to append a
short sentence like "Please redact secrets/PII (tokens, auth headers, file
paths, user IDs) before posting" while preserving render: shell and existing
instructions.
- Around line 89-96: Replace the realistic-looking example values in the
environment snippet with obvious placeholders so scanners/users won't mistake
them for real IDs: update the sample lines for DISCORD_BOT_TOKEN,
DISCORD_CLIENT_ID, and DISCORD_GUILD_ID (the env block shown in the template) to
use clearly non-sensitive placeholders like DISCORD_BOT_TOKEN=REDACTED_TOKEN,
DISCORD_CLIENT_ID=YOUR_CLIENT_ID, DISCORD_GUILD_ID=YOUR_GUILD_ID (or similar),
ensuring only variable names and explicit placeholder text remain.
In `@CONTRIBUTING.md`:
- Around line 79-80: Update the runtime dependencies list in CONTRIBUTING.md by
removing `@typescript/native-preview` (which is a devDependency in package.json)
so the bullet lists only the actual runtime deps: `@clack/prompts`,
`better-result`, and `zod`; specifically edit the bullet that currently reads
"**No external runtime deps** ... `@clack/prompts`, `better-result`,
`@typescript/native-preview`, and `zod`" and remove `@typescript/native-preview`
so the text matches package.json.
- Around line 20-22: Replace the stale `tsgo` references in the CONTRIBUTING.md
documentation with the actual TypeScript command used by the project: `tsc
--noEmit`; specifically update the "Type check" bullet that currently shows
`tsgo --noEmit` and any other occurrences (e.g., the second reference at line
57) so they read `tsc --noEmit` to match the project's npm script and avoid
confusing contributors.
In `@SECURITY.md`:
- Around line 18-20: Replace the brittle relative link "../../security" in
SECURITY.md with the repository's direct advisory/reporting URL (use the GitHub
security advisory/report vulnerability form for this repo) so the "Security tab"
link always resolves; update the line containing "../../security" to point to
the canonical advisory submission link (replace the "../../security" token in
the diff) and ensure the link text and instructions remain unchanged.
---
Duplicate comments:
In `@AGENTS.md`:
- Around line 3-5: Remove the stale hardcoded metadata lines "Generated:",
"Commit:", and "Branch:" from AGENTS.md (they are the three top-level metadata
entries) and either delete them entirely or replace with CI-populated
placeholders; if automation is chosen, add CI template tokens (e.g.,
{{BUILD_TIMESTAMP}}, {{GIT_COMMIT}}, {{GIT_BRANCH}}) so the values are injected
at build time instead of hardcoding the literal strings.
In `@CONTRIBUTING.md`:
- Around line 29-51: The fenced project-structure block in CONTRIBUTING.md lacks
a language/info string; update its opening triple backticks to include the
`text` info string (i.e., change ``` to ```text) so the markdown linter accepts
the block and doc checks pass, leaving the block contents (the index.ts and src/
tree) unchanged.
In `@lefthook.yml`:
- Around line 7-8: The lefthook pre-commit hook currently invokes v8r via "run:
bunx v8r@latest {staged_files}" which is not pinned; change that invocation to a
fixed version (for example "bunx v8r@3.1.0 {staged_files}") so the v8r version
is deterministic across dev machines and CI; update the run line in lefthook.yml
where "bunx v8r@latest" appears and ensure any related documentation or comments
reflect the chosen pinned version.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 19a1646c-f22d-4e9e-bd03-be4709f2bfce
📒 Files selected for processing (13)
.env.example.github/ISSUE_TEMPLATE/bug_report.yml.github/workflows/pr-labels.yml.github/workflows/release.yml.gitignoreAGENTS.mdCLAUDE.mdCONTRIBUTING.mdSECURITY.mdlefthook.ymlpackage.jsonscripts/cleanup.tstsdown.config.ts
- Remove @typescript/native-preview from runtime dep list (now in devDependencies) - Remove test:node no-op script that always succeeds - Remove test-node job from CI (no tests exist yet) Prevents misleading contributors about deps and CI passing without actual tests
- Add redaction warning to bug report command output field - Replace realistic IDs with obvious placeholders (YOUR_CLIENT_ID/YOUR_GUILD_ID) - Replace stale tsgo references with tsc --noEmit (2 occurrences) - Replace brittle ../../security link with direct GitHub URL - Pin v8r to v3.1.0 for determinism
- Fix outExtensions: change 'esm' to 'es' (correct InternalModuleFormat) - Restore package.json with 'tsc --noEmit' (was reverted to tsgo) Fixes TypeScript error TS2367 in tsdown config
Owner
Author
|
@greptile |
| import { defineConfig } from "tsdown"; | ||
|
|
||
| export default defineConfig({ | ||
| entry: ["src/index.ts"], |
There was a problem hiding this comment.
src/index.ts does not exist — CI build job will always fail
The entry field points to src/index.ts, but no files under src/ are present in this PR (confirmed via git ls-tree). When bun run build runs tsdown, the bundler will exit with a "file not found" error, failing the build job on every push/PR until source files are introduced in a later PR.
Since the build job has no continue-on-error: true and branch protection typically requires all required jobs to pass, this PR cannot be merged as-is if the build check is required.
Options to unblock:
- Add a minimal placeholder
src/index.ts(e.g.export {}) so the build and pack dry-run succeed on this infrastructure PR. - Or mark the
buildjobcontinue-on-error: trueinci.ymluntil the source is present. - Or skip the
buildjob entirely and add it back in the PR that introducessrc/index.ts.
2 tasks
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stacked PR Chain
This is PR 1 of 7 — merge in order.
main← PR1 ← PR2 ← PR3 ← PR4 ← PR5 ← PR6 ← PR7Test plan
bun installresolves dependenciesbun run checkpasses lintingbun run typecheckpassesSummary by cubic
Set up project infrastructure: build with
tsdownon Bun, strict linting viaultracite/@biomejs/biome, pre-commit hooks withlefthook, and CI/CD workflows (CI, CodeQL, release, stale, labels/triage). Added Changesets, Dependabot, and community health files to standardize releases and contributions.New Features
tsdown(ESM/CJS + types) and TS config.ultraciteand@biomejs/biome; repo presets and editor settings.lefthookfor fix, YAML validate, typecheck, and cleanup.@changesets/cli, stale, labeler/triage..env.example.Dependencies
@clack/prompts,better-result,zod,@typescript/native-preview.@biomejs/biome,ultracite,tsdown,typescript,@types/bun,lefthook,@changesets/cli.Written for commit 7c339aa. Summary will update on new commits.
Greptile Summary
This PR establishes the full project infrastructure for
discord-search: build pipeline (tsdown/Bun), strict linting (ultracite/Biome), pre-commit hooks (lefthook), CI/CD workflows (CI, CodeQL, release via Changesets), Dependabot, and all community health files. The foundation is well-structured and thoughtfully configured, but three issues need to be resolved before CI and releases will work correctly.test:nodescript —ci.ymlcallsbun run test:nodein thetest-nodematrix job, but no such script exists inpackage.json. That job will always fail on every push/PR.@typescript/native-previewindependencies— The TypeScript native compiler (tsgo) is a build-time tool and should be indevDependencies. Leaving it independenciesships a large binary to every consumer of the published CLI package.release.ymlmissingpermissions— The Changesets action requirescontents: writeandpull-requests: writeto push version tags and open release PRs. Without an explicit permissions block the workflow will silently fail on repos with restrictive default GITHUB_TOKEN settings..gitignoreglob typo —_.logand the numbered report pattern use_instead of*as a wildcard, so most log files won't be ignored.Confidence Score: 3/5
test:nodescript and missing release workflow permissions) will cause immediate, reproducible CI/CD failures on the very first PR after merge. The third (TypeScript compiler shipped as a production dependency) silently bloats every published version. These are straightforward fixes that keep the overall infrastructure design — which is solid — intact.package.json,.github/workflows/ci.yml, and.github/workflows/release.ymlall need attention before this is safe to merge.Important Files Changed
@typescript/native-previewis independenciesinstead ofdevDependencies(pollutes published package), and thetest:nodescript referenced by CI is missing entirely.test-nodejob callsbun run test:nodewhich is absent frompackage.json— that job will always fail.permissionsblock (contents: write,pull-requests: write) required for the action to create release PRs and push version tags._instead of*as glob wildcard in_.logand the numbered report pattern, so most log files won't actually be ignored.noUncheckedIndexedAccess; includesjsx: "react-jsx"which is unused for this CLI but harmless.tmpclaude-*andnultemp files; cross-platform and well-guarded against errors.pull_request_target; correctly avoids self-assignment and handles both user and team owners.Bunas a global, and enforcestypeoverinterface— minimal and correct.security-extendedqueries; action SHAs are pinned.Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[Push / PR to main] --> B{Event type?} B -->|push| C[CI Workflow] B -->|push| D[Release Workflow] B -->|push or PR| E[CodeQL Workflow] B -->|PR opened/sync| F[PR Labels Workflow] B -->|PR opened/ready| G[PR Triage Workflow] C --> C1[check: Typecheck & Lint] C1 --> C2[build: Build Verification] C1 --> C3[test-bun: Bun latest + canary] C1 --> C4[test-node: Node 22 + 24] D --> D1[bun install] D1 --> D2[bun run build] D2 --> D3{changesets/action} D3 -->|has changesets| D4[Publish to npm] D3 -->|no changesets| D5[Open Release PR] G --> G1[Parse CODEOWNERS] G1 --> G2{No reviewers?} G2 -->|yes| G3[Request CODEOWNER review] subgraph Pre-commit hooks via lefthook H1[bun fix staged files] H2[bunx v8r YAML files] H3[bun typecheck] H4[cleanup.ts] endReviews (1): Last reviewed commit: "feat: add project infrastructure and too..." | Re-trigger Greptile