feat: Migrate and Adapt KDM Bot Automation Scripts

[utkarsh232005]

This PR introduces the custom bot automation scripts migrated from the reference folder, adapting them for the KDM CLI project structure. This includes removing DCO/GPG checks, renaming references to KDM, updating team names to the sole maintainer, and utilizing ubuntu-latest runners.

Summary by CodeRabbit

• Chores
  • Added automated workflows to handle issue comments, PR open/update/review/close events, scheduled inactivity checks, and PR review labeling.
  • Updated CI workflows for labeling, publishing, and testing, including refined artifact and lockfile handling.
  • Improved reliability by serializing runs per issue/PR and hardening runners.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 0a105eae-8de5-48ea-b403-9ca3348a678d

📥 Commits

Reviewing files that changed from the base of the PR and between f439862 and 9b8fc4f.

📒 Files selected for processing (2)

• .github/workflows/on-pr-review-labels.yaml
• .github/workflows/on-pr-review.yaml

---

📝 Walkthrough

Walkthrough

Adds GitHub Actions workflows and small workflow edits to run repository bot scripts for PR lifecycle events, PR review artifact handoff, issue comments, and a daily inactivity check; includes runner hardening, least-privilege permissions, and per-resource concurrency.

Changes

Bot Automation Event Workflows

Layer / File(s)	Summary
PR lifecycle event triggers .github/workflows/on-pr.yaml, .github/workflows/on-pr-update.yaml, .github/workflows/on-pr-close.yaml	PR open/reopen/ready_for_review, synchronize/edited, and merged-close events enforce per-PR concurrency, run runner hardening and default-branch checkout, and invoke the corresponding bot scripts (bot-on-pr-open.cjs, bot-on-pr-update.cjs, bot-on-pr-close.cjs).
Review capture and label pipeline .github/workflows/on-pr-review.yaml, .github/workflows/on-pr-review-labels.yaml	Capture pull_request_review.submitted events, write/upload a review-event artifact in on-pr-review.yaml; on-pr-review-labels.yaml triggers on the workflow_run success, downloads that artifact, and runs bot-on-pr-review-labels.cjs.
Comment and scheduled handlers .github/workflows/on-comment.yaml, .github/workflows/on-schedule-inactivity.yaml	Issue comment creation events trigger on-comment.yaml with per-issue concurrency and run bot-on-comment.cjs; scheduled/manual on-schedule-inactivity.yaml runs inactivity checks daily with a global serialized concurrency group running bot-inactivity.cjs.
Auxiliary workflow tweaks .github/workflows/labeler.yml, .github/workflows/publish.yml, .github/workflows/test.yml	Labeler actions/github-script now requires pr-labeler.cjs; publish/test workflows rename Node step labels to Setup Node.cjs, and publish now stages package-lock.cjson and reads version from package.cjson.

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🤖 Six bots awaken in workflow night,
Hardened runners keep the edges tight;
Reviews bundle artifacts, comments line the queue,
Cron hums at midnight, checks quietly through;
Small tweaks sing steady—automation true.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the primary change: migrating and adapting bot automation scripts, which is evidenced by 7 new/modified workflow files and script references throughout the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[coderabbitai]

Actionable comments posted: 8

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/on-comment.yaml:
- Around line 43-55: The on-comment job lacks a timeout which lets a hung run
block subsequent per-issue serialized jobs; add a timeout-minutes setting to the
on-comment job definition (alongside runs-on/concurrency) to cap how long a job
can run (e.g., timeout-minutes: 30) so that the concurrency group
(on-comment-${{ github.event.issue.number }}) will not be permanently starved by
a single stuck run; update the job named "on-comment" to include this timeout.

In @.github/workflows/on-pr-close.yaml:
- Around line 16-18: The workflow's post-merge jobs are missing a timeout guard:
add the timeout-minutes key to the on-pr-close job (the job named "on-pr-close")
and to the other close-event job referenced later in the file so each job has a
maximum runtime (e.g. timeout-minutes: 60); ensure you add the timeout-minutes
scalar at the same indentation level as runs-on/if within each job definition.

In @.github/workflows/on-pr-review-labels.yaml:
- Around line 15-18: The workflow job run-bot needs a concurrency block to
serialize executions and avoid label race conditions; add a concurrency key
under the job (job name: run-bot) such as concurrency: group: 'review-label-${{
github.event.workflow_run.id }}' (or a repo-wide key like 'review-labels' if you
prefer global serialization) so only one instance for that workflow_run (or
repo-wide) runs at a time and prevents simultaneous label updates.

In @.github/workflows/on-pr-review.yaml:
- Line 14: Replace the verbose boolean comparison in the workflow condition `if:
github.event.pull_request.draft == false` with the simplified falsy check used
by GitHub Actions expressions (e.g., `if: !github.event.pull_request.draft`) so
the intent is clearer and more concise; update the `if` expression where
`github.event.pull_request.draft` is checked.
- Around line 26-28: Replace the fragile manual string interpolation in the echo
that writes review-event.json with GitHub Actions' toJSON() expression so the
payload is safely serialized; update the expression that references
github.event.pull_request.number, github.event.review.state and
github.event.pull_request.draft to be passed into toJSON(...) and write that
serialized output to review-event.json instead of building the JSON string by
hand in the echo command.

In @.github/workflows/on-pr-update.yaml:
- Around line 19-21: Add a timeout to the on-pr-update job by adding the GitHub
Actions job property timeout-minutes under the on-pr-update job definition (the
job keyed as on-pr-update in the workflow) so the job cannot run indefinitely;
set an appropriate value (e.g., 10 or 30) for timeout-minutes to cover expected
run time and ensure external calls cannot block forever.

In @.github/workflows/on-pr.yaml:
- Around line 21-23: The on-pr-open job currently has no timeout and can hang
indefinitely; add a timeout-minutes property to the job definition (the job
named on-pr-open) to cap runner time (e.g., timeout-minutes: 10 or another
org-approved value) so the workflow will be cancelled if it exceeds that
duration.

In @.github/workflows/on-schedule-inactivity.yaml:
- Around line 42-49: The workflow job inactivity-check currently uses a global
concurrency group with cancel-in-progress: false which can block future runs if
one hangs; add a timeout-minutes setting on the inactivity-check job to bound
runtime (e.g., timeout-minutes: N) so hung runs are terminated and the
concurrency lock is released; update the inactivity-check job definition (job
name/inactivity-check and its concurrency block) to include timeout-minutes with
an appropriate value for your environment.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 6a5fd670-7048-43a8-9408-daf4debf1243

📥 Commits

Reviewing files that changed from the base of the PR and between 35ac7a2 and d93d8ba.

⛔ Files ignored due to path filters (44)

• .github/kdm-automation.json is excluded by none and included by none
• .github/scripts/bot-inactivity-comments.js is excluded by none and included by none
• .github/scripts/bot-inactivity.js is excluded by none and included by none
• .github/scripts/bot-on-comment.js is excluded by none and included by none
• .github/scripts/bot-on-pr-close.js is excluded by none and included by none
• .github/scripts/bot-on-pr-merged.js is excluded by none and included by none
• .github/scripts/bot-on-pr-open.js is excluded by none and included by none
• .github/scripts/bot-on-pr-review-labels.js is excluded by none and included by none
• .github/scripts/bot-on-pr-review.js is excluded by none and included by none
• .github/scripts/bot-on-pr-update.js is excluded by none and included by none
• .github/scripts/bot/bot-recommend-issues.js is excluded by none and included by none
• .github/scripts/commands/assign-comments.js is excluded by none and included by none
• .github/scripts/commands/assign.js is excluded by none and included by none
• .github/scripts/commands/finalize-comments.js is excluded by none and included by none
• .github/scripts/commands/finalize.js is excluded by none and included by none
• .github/scripts/commands/unassign-comments.js is excluded by none and included by none
• .github/scripts/commands/unassign.js is excluded by none and included by none
• .github/scripts/eslint.config.mjs is excluded by none and included by none
• .github/scripts/helpers/api.js is excluded by none and included by none
• .github/scripts/helpers/checks.js is excluded by none and included by none
• .github/scripts/helpers/comments.js is excluded by none and included by none
• .github/scripts/helpers/config-loader.js is excluded by none and included by none
• .github/scripts/helpers/constants.js is excluded by none and included by none
• .github/scripts/helpers/index.js is excluded by none and included by none
• .github/scripts/helpers/logger.js is excluded by none and included by none
• .github/scripts/helpers/validation.js is excluded by none and included by none
• .github/scripts/package-lock.json is excluded by !**/package-lock.json and included by none
• .github/scripts/package.json is excluded by none and included by none
• .github/scripts/tests/test-api.js is excluded by none and included by none
• .github/scripts/tests/test-assign-bot.js is excluded by none and included by none
• .github/scripts/tests/test-checks.js is excluded by none and included by none
• .github/scripts/tests/test-comments.js is excluded by none and included by none
• .github/scripts/tests/test-config-loader.js is excluded by none and included by none
• .github/scripts/tests/test-finalize-bot.js is excluded by none and included by none
• .github/scripts/tests/test-inactivity-bot.js is excluded by none and included by none
• .github/scripts/tests/test-on-comment-bot.js is excluded by none and included by none
• .github/scripts/tests/test-on-pr-close-bot.js is excluded by none and included by none
• .github/scripts/tests/test-on-pr-merged-bot.js is excluded by none and included by none
• .github/scripts/tests/test-on-pr-open-bot.js is excluded by none and included by none
• .github/scripts/tests/test-on-pr-review-bot.js is excluded by none and included by none
• .github/scripts/tests/test-on-pr-update-bot.js is excluded by none and included by none
• .github/scripts/tests/test-recommend-issues-bot.js is excluded by none and included by none
• .github/scripts/tests/test-unassign-bot.js is excluded by none and included by none
• .github/scripts/tests/test-utils.js is excluded by none and included by none

📒 Files selected for processing (7)

• .github/workflows/on-comment.yaml
• .github/workflows/on-pr-close.yaml
• .github/workflows/on-pr-review-labels.yaml
• .github/workflows/on-pr-review.yaml
• .github/workflows/on-pr-update.yaml
• .github/workflows/on-pr.yaml
• .github/workflows/on-schedule-inactivity.yaml

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

.github/workflows/on-comment.yaml (1)

47-55: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add timeout-minutes to prevent per-issue queue starvation.

With per-issue serialization and cancel-in-progress: false, one hung run can block all later commands for that issue indefinitely.

Suggested minimal fix

 jobs:
   on-comment:
     # Only run on issue comments (not PR review comments which also trigger issue_comment)
     if: github.event.issue.pull_request == null
 
     runs-on: ubuntu-latest
+    timeout-minutes: 10
 
     # Serialize per issue to prevent same-issue races without blocking other issues.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/on-comment.yaml around lines 47 - 55, The workflow
concurrency block can hang indefinitely because cancel-in-progress is false and
there is no timeout; add a timeout by setting the workflow-level timeout-minutes
(e.g., under the job that contains runs-on) to a reasonable value (e.g., 30) so
a single hung run cannot starve the per-issue queue; update the job that
declares runs-on: ubuntu-latest and the concurrency: group: on-comment-${{
github.event.issue.number }} / cancel-in-progress: false to include
timeout-minutes: <value> to enforce automatic termination of long-running jobs.

.github/workflows/on-schedule-inactivity.yaml (1)

44-49: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Set timeout-minutes to protect the globally serialized inactivity pipeline.

With a global concurrency lock and cancel-in-progress: false, a hung run can stall all future inactivity checks.

Suggested minimal fix

 jobs:
   inactivity-check:
     name: Inactivity Check
     runs-on: ubuntu-latest
+    timeout-minutes: 20
 
     concurrency:
       group: inactivity-check
       cancel-in-progress: false

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/on-schedule-inactivity.yaml around lines 44 - 49, The
workflow job that currently defines runs-on: ubuntu-latest and the concurrency
block with group: inactivity-check and cancel-in-progress: false needs a
timeout-minutes to avoid a hung run blocking the globally serialized pipeline;
update the job (the one containing runs-on: ubuntu-latest and concurrency:
group: inactivity-check) to include a reasonable timeout-minutes value (e.g., 30
or another SLA-appropriate duration) so GitHub Actions will cancel stuck runs
and free the concurrency lock.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/on-pr.yaml:
- Around line 35-36: The checkout step "Checkout Repository" currently relies on
implicit default-branch behavior; make the intent explicit by updating the
actions/checkout step (actions/checkout@de0fac2e...) to include a with: ref: ${{
github.event.pull_request.base.ref }} (and optionally fetch-depth: 0) so the
workflow explicitly checks out the target/default branch in pull_request_target
runs.

In @.github/workflows/publish.yml:
- Around line 49-50: Replace incorrect `.cjson` filenames with the real `.json`
names and guard file reads so missing files don't break the workflow: update
occurrences of "package.cjson" and "package-lock.cjson" to "package.json" and
"package-lock.json" (including the git commands like `git add package-lock.cjson
|| true` and the version-extraction step that reads the file), and add existence
checks or fallbacks before reading the lockfile so the workflow skips or handles
absent files instead of failing.

---

Duplicate comments:
In @.github/workflows/on-comment.yaml:
- Around line 47-55: The workflow concurrency block can hang indefinitely
because cancel-in-progress is false and there is no timeout; add a timeout by
setting the workflow-level timeout-minutes (e.g., under the job that contains
runs-on) to a reasonable value (e.g., 30) so a single hung run cannot starve the
per-issue queue; update the job that declares runs-on: ubuntu-latest and the
concurrency: group: on-comment-${{ github.event.issue.number }} /
cancel-in-progress: false to include timeout-minutes: <value> to enforce
automatic termination of long-running jobs.

In @.github/workflows/on-schedule-inactivity.yaml:
- Around line 44-49: The workflow job that currently defines runs-on:
ubuntu-latest and the concurrency block with group: inactivity-check and
cancel-in-progress: false needs a timeout-minutes to avoid a hung run blocking
the globally serialized pipeline; update the job (the one containing runs-on:
ubuntu-latest and concurrency: group: inactivity-check) to include a reasonable
timeout-minutes value (e.g., 30 or another SLA-appropriate duration) so GitHub
Actions will cancel stuck runs and free the concurrency lock.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 4569b7ea-74ff-4b9b-9d0d-353b15adbc6f

📥 Commits

Reviewing files that changed from the base of the PR and between d93d8ba and 0772204.

⛔ Files ignored due to path filters (42)

• .github/scripts/bot-inactivity-comments.cjs is excluded by none and included by none
• .github/scripts/bot-inactivity.cjs is excluded by none and included by none
• .github/scripts/bot-on-comment.cjs is excluded by none and included by none
• .github/scripts/bot-on-pr-close.cjs is excluded by none and included by none
• .github/scripts/bot-on-pr-merged.cjs is excluded by none and included by none
• .github/scripts/bot-on-pr-open.cjs is excluded by none and included by none
• .github/scripts/bot-on-pr-review-labels.cjs is excluded by none and included by none
• .github/scripts/bot-on-pr-review.cjs is excluded by none and included by none
• .github/scripts/bot-on-pr-update.cjs is excluded by none and included by none
• .github/scripts/bot/bot-recommend-issues.cjs is excluded by none and included by none
• .github/scripts/commands/assign-comments.cjs is excluded by none and included by none
• .github/scripts/commands/assign.cjs is excluded by none and included by none
• .github/scripts/commands/finalize-comments.cjs is excluded by none and included by none
• .github/scripts/commands/finalize.cjs is excluded by none and included by none
• .github/scripts/commands/unassign-comments.cjs is excluded by none and included by none
• .github/scripts/commands/unassign.cjs is excluded by none and included by none
• .github/scripts/helpers/api.cjs is excluded by none and included by none
• .github/scripts/helpers/checks.cjs is excluded by none and included by none
• .github/scripts/helpers/comments.cjs is excluded by none and included by none
• .github/scripts/helpers/config-loader.cjs is excluded by none and included by none
• .github/scripts/helpers/constants.cjs is excluded by none and included by none
• .github/scripts/helpers/index.cjs is excluded by none and included by none
• .github/scripts/helpers/logger.cjs is excluded by none and included by none
• .github/scripts/helpers/validation.cjs is excluded by none and included by none
• .github/scripts/package.json is excluded by none and included by none
• .github/scripts/pr-labeler.cjs is excluded by none and included by none
• .github/scripts/tests/test-api.cjs is excluded by none and included by none
• .github/scripts/tests/test-assign-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-checks.cjs is excluded by none and included by none
• .github/scripts/tests/test-comments.cjs is excluded by none and included by none
• .github/scripts/tests/test-config-loader.cjs is excluded by none and included by none
• .github/scripts/tests/test-finalize-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-inactivity-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-on-comment-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-on-pr-close-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-on-pr-merged-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-on-pr-open-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-on-pr-review-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-on-pr-update-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-recommend-issues-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-unassign-bot.cjs is excluded by none and included by none
• .github/scripts/tests/test-utils.cjs is excluded by none and included by none

📒 Files selected for processing (10)

• .github/workflows/labeler.yml
• .github/workflows/on-comment.yaml
• .github/workflows/on-pr-close.yaml
• .github/workflows/on-pr-review-labels.yaml
• .github/workflows/on-pr-review.yaml
• .github/workflows/on-pr-update.yaml
• .github/workflows/on-pr.yaml
• .github/workflows/on-schedule-inactivity.yaml
• .github/workflows/publish.yml
• .github/workflows/test.yml

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

For GitHub Actions, when actions/checkoutruns in apull_request_targetworkflow andwith.ref is omitted, which ref or SHA is checked out by default?

💡 Result:

When using the actions/checkout action in a pull_request_target workflow, if the with.ref input is omitted, the action defaults to checking out the repository's default branch [1][2][3]. This behavior is a result of how the pull_request_target event operates. Unlike the standard pull_request event, which triggers on the context of the pull request itself, pull_request_target workflows are executed in the context of the repository's default branch [3]. Consequently, the GITHUB_REF environment variable resolves to the default branch, and actions/checkout uses this reference by default when no specific ref is provided [1][2][3]. If you intend to check out the code from the pull request branch itself, you must explicitly specify the reference using the with.ref input, typically by setting it to ${{ github.event.pull_request.head.sha }} or ${{ github.head_ref }} [1][2][4].

Citations:

• 1: https://github.com/actions/checkout
• 2: https://github.com/actions/checkout/blob/v4/README.md
• 3: https://github.blog/changelog/2025-11-07-actions-pull_request_target-and-environment-branch-protections-changes/
• 4: https://rt-thread.medium.com/github-pull-request-target-reference-guide-d7a24691b8dc

---

Make the privileged checkout explicit.

In pull_request_target workflows that execute with repository default-branch privileges, keep the checkout intent unmistakable in the YAML. While actions/checkout already defaults to the default branch in this context, relying on implicit behavior in security-sensitive workflows creates drift risk and obfuscates intent during code review.

Suggested fix

       - name: Checkout Repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event.repository.default_branch }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Checkout Repository
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Checkout Repository
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	ref: ${{ github.event.repository.default_branch }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/on-pr.yaml around lines 35 - 36, The checkout step
"Checkout Repository" currently relies on implicit default-branch behavior; make
the intent explicit by updating the actions/checkout step
(actions/checkout@de0fac2e...) to include a with: ref: ${{
github.event.pull_request.base.ref }} (and optionally fetch-depth: 0) so the
workflow explicitly checks out the target/default branch in pull_request_target
runs.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read-only verification: confirm which package manifest/lockfile names exist and where workflow references point.
set -euo pipefail

echo "== Files named package.json / package-lock.json / package.cjson / package-lock.cjson =="
fd -HI 'package(\.lock)?\.(json|cjson)$'

echo
echo "== References in workflows =="
rg -n -C2 'package(\.lock)?\.(json|cjson)' .github/workflows

Repository: KDM-cli/kdm-cli

Length of output: 595

---

Fix non-existent .cjson filenames breaking version extraction.

The workflow references package.cjson and package-lock.cjson, but the repository only has package.json. Line 65 will fail immediately when trying to read the non-existent file, breaking the entire release.

Proposed fix

-      - name: Setup Node.cjs
+      - name: Setup Node.js
@@
-          git add package-lock.cjson || true
-          git diff --cached --quiet || git commit -m 'chore: update package-lock.cjson'
+          git add package-lock.json || true
+          git diff --cached --quiet || git commit -m 'chore: update package-lock.json'
@@
-          VERSION=$(node -e "console.log(JSON.parse(require('fs').readFileSync('./package.cjson', 'utf8')).version)")
+          VERSION=$(node -e "console.log(JSON.parse(require('fs').readFileSync('./package.json', 'utf8')).version)")

Also applies to: 65-65

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/publish.yml around lines 49 - 50, Replace incorrect
`.cjson` filenames with the real `.json` names and guard file reads so missing
files don't break the workflow: update occurrences of "package.cjson" and
"package-lock.cjson" to "package.json" and "package-lock.json" (including the
git commands like `git add package-lock.cjson || true` and the
version-extraction step that reads the file), and add existence checks or
fallbacks before reading the lockfile so the workflow skips or handles absent
files instead of failing.

[coderabbitai]

♻️ Duplicate comments (2)

.github/workflows/on-pr-review-labels.yaml (1)

20-22: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use a per-PR concurrency key; current key is effectively no-op for serialization.

At Line 21, github.event.workflow_run.id is unique per run, so simultaneous review runs on the same PR can still race while applying labels.

Suggested fix

     concurrency:
-      group: 'review-label-${{ github.event.workflow_run.id }}'
+      group: 'review-label-pr-${{ github.event.workflow_run.pull_requests[0].number }}'
+      cancel-in-progress: false

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/on-pr-review-labels.yaml around lines 20 - 22, The
concurrency group currently uses github.event.workflow_run.id which is unique
per run and doesn't serialize concurrent runs for the same PR; change the group
to a per-PR key instead (e.g., replace 'review-label-${{
github.event.workflow_run.id }}' with a PR-specific expression such as
'review-label-${{ github.event.pull_request.number }}' or, if only workflow_run
payload is available, 'review-label-${{
github.event.workflow_run.pull_requests[0].number }}') so simultaneous review
runs on the same PR will be serialized.

.github/workflows/on-pr-review.yaml (1)

14-14: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Wrap the if expression to prevent YAML parsing errors on Line 14.

The if condition if: !github.event.pull_request.draft starts with !, a reserved YAML character. GitHub Actions requires expressions beginning with ! to be wrapped in ${{ }} to prevent parsing failures.

Suggested fix

-    if: !github.event.pull_request.draft
+    if: ${{ !github.event.pull_request.draft }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/on-pr-review.yaml at line 14, The YAML `if` expression
starting with `!` (the conditional `if: !github.event.pull_request.draft`) must
be wrapped in GitHub Actions expression delimiters to avoid YAML parsing errors;
update the line to use the expression syntax by replacing `if:
!github.event.pull_request.draft` with `if: ${{ !
github.event.pull_request.draft }}` (keeping the same logic and spacing) so the
runner interprets it correctly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In @.github/workflows/on-pr-review-labels.yaml:
- Around line 20-22: The concurrency group currently uses
github.event.workflow_run.id which is unique per run and doesn't serialize
concurrent runs for the same PR; change the group to a per-PR key instead (e.g.,
replace 'review-label-${{ github.event.workflow_run.id }}' with a PR-specific
expression such as 'review-label-${{ github.event.pull_request.number }}' or, if
only workflow_run payload is available, 'review-label-${{
github.event.workflow_run.pull_requests[0].number }}') so simultaneous review
runs on the same PR will be serialized.

In @.github/workflows/on-pr-review.yaml:
- Line 14: The YAML `if` expression starting with `!` (the conditional `if:
!github.event.pull_request.draft`) must be wrapped in GitHub Actions expression
delimiters to avoid YAML parsing errors; update the line to use the expression
syntax by replacing `if: !github.event.pull_request.draft` with `if: ${{ !
github.event.pull_request.draft }}` (keeping the same logic and spacing) so the
runner interprets it correctly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: b5446ace-632a-4ee6-9455-6955b838cdc6

📥 Commits

Reviewing files that changed from the base of the PR and between 0772204 and f439862.

📒 Files selected for processing (7)

• .github/workflows/on-comment.yaml
• .github/workflows/on-pr-close.yaml
• .github/workflows/on-pr-review-labels.yaml
• .github/workflows/on-pr-review.yaml
• .github/workflows/on-pr-update.yaml
• .github/workflows/on-pr.yaml
• .github/workflows/on-schedule-inactivity.yaml

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.