Merged
Conversation
|
Warning Ignoring CodeRabbit configuration file changes. For security, only the configuration from the base branch is applied for open source repositories. 📝 WalkthroughWalkthroughAdds comprehensive Claude Code / Beads integration: config, templates, many command docs, devcontainer support with a Dolt server, CI/workflow updates, a settings-merge helper, and a utility to remove pre-commit hooks with tests. No core application logic changes. Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as DevContainer (on-create/post-start)
participant Pre as Pre-commit Hook
participant Merge as merge-claude-settings.sh
participant BD as Beads CLI (bd)
participant Dolt as beads-dolt (Dolt server)
Dev->>Merge: run merge-claude-settings (npm/json5 + jq)
Merge-->>Pre: produce `.claude/settings.json`
Dev->>Pre: pre-commit run merge-claude-settings
Dev->>BD: if not ready -> bd init --server beads-dolt
BD->>Dolt: start/connect to Dolt server (beads-dolt)
Dolt-->>BD: DB ready
Dev-->>BD: restore .claude/.beads state
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~35 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. 📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
zendern
approved these changes
Mar 19, 2026
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 38
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
template/.github/actions/install_deps/action.yml (1)
67-78:⚠️ Potential issue | 🟠 MajorPin GitHub Actions to commit SHAs instead of version tags.
Lines 67 and 78 use mutable version tags (v6.3.0, v6.0.0) instead of immutable commit SHAs. For CI supply-chain hardening, update both to commit SHA pinning.
The v6 upgrade to
aws-actions/configure-aws-credentialsis compatible; it requires GitHub Actions runner v2.327.1+ due to Node.js 24 runtime (GitHub-hosted runners meet this requirement, self-hosted runners should verify their version).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@template/.github/actions/install_deps/action.yml` around lines 67 - 78, Replace the mutable action version tags with immutable commit SHAs for the two actions used here: actions/setup-node@v6.3.0 and aws-actions/configure-aws-credentials@v6.0.0; update their uses entries to reference the specific commit SHAs (found on each repo's releases/tags) so the workflow pins exact commits, and verify the aws-actions/configure-aws-credentials SHA corresponds to a v6 release compatible with your runners.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.claude/.beads/.gitignore:
- Around line 50-58: The comment and patterns contradict each other: the NOTE
block claims JSONL files are tracked by default, but the .gitignore lists
interactions.jsonl and issues.jsonl; update the NOTE text so it accurately
reflects the repo behavior (e.g., state that JSONL files are intentionally
ignored for local development and should not be tracked/committed), and ensure
the explanatory paragraph references the actual ignored filenames
(interactions.jsonl and issues.jsonl) and the reason for ignoring them rather
than claiming they are tracked by default.
In @.claude/commands/add-command.md:
- Around line 6-20: The Markdown violates markdownlint MD041 because an H2 ("##
General Guidelines") appears before the first H1 ("# Slash Command Creator
Guide"); reorder the headings so the first visible heading after any frontmatter
is the H1 by moving "# Slash Command Creator Guide" above "## General
Guidelines" (ensure the H1 is the first top-level heading and retain the
existing content and heading hierarchy).
In @.claude/commands/commit.md:
- Around line 1-6: Add a top-level H1 heading immediately after the YAML
frontmatter to satisfy markdownlint MD041: insert a single line like "# Commit"
(or a project-appropriate H1 title) directly following the existing frontmatter
block so the document no longer jumps straight to "## General Guidelines" —
update the file ".claude/commands/commit.md" by adding that H1 header.
In @.claude/commands/create-issues.md:
- Around line 61-64: The fenced code block showing the CLI output "GitHub CLI
not available or not authenticated! Run: gh auth login" is unlabeled and
triggers markdownlint MD040; update that fence to include a language identifier
(use text) so the block opens with ```text instead of ``` to satisfy the linter
and preserve the output snippet.
- Around line 45-57: Update the "Step 2: Fetch Issue" gh command to pass an
explicit --repo using the owner/repo parsed in Step 1 (the value extracted from
"owner/repo/number" or inferred repo from git remote/branch), so replace the
current gh issue view [ISSUE_NUMBER] invocation with one that supplies --repo
<owner/repo>; ensure the docs mention using the parsed repo variable when
calling gh issue view to avoid relying on local git context.
In @.claude/commands/issue.md:
- Around line 6-46: The markdown is missing a top-level H1 and the inline
snippet lacks a labeled code fence; add a top-level H1 at the top of the
document (e.g., "# Analyze GitHub issue and create implementation plan") and
update the unlabeled code fence around the "GitHub CLI not available or not
authenticated! Run: gh auth login" message to include a language tag (e.g.,
```text or ```bash) so markdownlint passes; locate and edit the code fence that
contains that exact message to apply the change.
In @.claude/commands/polish.md:
- Line 6: The file uses a second-level header where a top-level H1 is required
and several fenced code blocks lack language labels; change the leading "##
General Guidelines" to a top-level "# General Guidelines" and add appropriate
fenced code block language identifiers for the unlabeled code blocks referenced
near the sections containing examples (the fenced blocks around the previously
noted areas) — e.g., use ```bash, ```js, ```python or the correct language for
each block so markdownlint MD041 and MD040 warnings are resolved.
In @.claude/commands/red.md:
- Line 6: This file lacks a top-level H1, triggering MD041; add a single
top-level heading above the existing content (before the line containing "**User
arguments:**") to serve as the document's H1 (for example a descriptive title
like "# red command" or "# Command: red") so the document begins with an H1 and
then the existing "**User arguments:**" body follows.
In @.claude/commands/refactor.md:
- Line 14: Add a top-level H1 heading above the existing "## General Guidelines"
header to satisfy MD041; edit the .claude/commands/refactor.md document to
insert a clear H1 (for example "# Refactor Commands" or similar
project-appropriate title) near the top so the existing "## General Guidelines"
becomes a second-level heading, and ensure there is a single blank line after
the new H1 for proper markdown linting.
In @.claude/commands/simplify.md:
- Line 6: The markdown has a second-level heading "## General Guidelines" which
triggers MD041; add a top-level H1 heading above it (a single "#" heading) to
serve as the document title so the existing "## General Guidelines" remains a
subsection; update the file's top so the new H1 precedes "General Guidelines"
and ensure the H1 text appropriately describes the document (e.g., "Simplify" or
a short title) to satisfy markdownlint.
In @.claude/commands/spike.md:
- Around line 6-12: Add a top-level H1 heading immediately after the front
matter to satisfy markdownlint MD041; replace or insert above the existing bold
block that begins with "**User arguments:**" so the document starts with a
single H1, then keep the existing bold "User arguments" section and the "SPIKE
PHASE!" text unchanged below it.
In @.claude/commands/summarize.md:
- Line 6: Add a top-level H1 immediately after the frontmatter to satisfy MD041;
locate the existing "## General Guidelines" heading and insert a single-line H1
(e.g., "# Summarize" or an appropriate title for this document) above that H2 so
the file contains one H1 before any H2 headings.
In @.claude/commands/tdd-review.md:
- Around line 6-76: Add a top-level H1 before the existing "## General
Guidelines" heading (e.g., "Test Quality Report") to fix MD041 (H2 before H1),
and update the fenced code block that ends the file (the triple backticks
sequence) to include a language tag (e.g., change ``` to ```markdown) to fix
MD040 so the code block has a language specifier.
In @.claude/helpers/merge-claude-settings.sh:
- Around line 48-52: The current try/catch around JSON5.parse in
merge-claude-settings.sh silently returns '{}' on parse errors; change the catch
to print a clear, file-specific error (include the filename from the variable
file and the JSON5.parse error message) to stderr and exit with a non-zero code
so the hook fails immediately instead of producing a misleading '{}' output;
update the block that reads fs.readFileSync(file, 'utf8') / JSON5.parse(...) and
replace the silent console.log('{}') with a console.error including the error
and process.exit(1).
- Around line 29-54: The current implementation saves find output into a scalar
(settings_files) and expands it unquoted into the Node command, breaking on
filenames with spaces/newlines; change file discovery to produce a NUL-separated
array (use find ... -print0 and readarray -d '' -t settings_files) then check
the array length (e.g. if [ "${`#settings_files`[@]}" -eq 0 ]) and pass the
filenames to the json5 Node invocation using the array expansion
"${settings_files[@]}" so parsed_json is built from the correct, NUL-safe list
of files; update the settings_files variable usage, the emptiness check, and the
npx node argument expansion accordingly.
In @.claude/settings/permissions/bash.jsonc:
- Around line 15-100: The permission list currently allows "Bash(kill *)" which
permits terminating arbitrary processes without user confirmation; replace this
broad allow with a safer pattern that requires explicit confirmation (move
"Bash(kill *)" out of the allow array and into "ask") or narrow it to
non-destructive signals (e.g., allow "Bash(kill -l *)" or specific safe signals)
and keep destructive entries like "Bash(kill -9 *)" in deny; update the "ask"
array to include "Bash(kill *)" (or the specific signals you want confirmation
for) so the agent must prompt before running any kill commands.
In @.claude/settings/permissions/read.jsonc:
- Around line 6-7: Remove the permissive Read(~/.zshrc) entry from the "allow"
array in the permissions file so home profile files are not readable by default;
if a specific component truly needs shell profile access, replace the broad
Read(~/.zshrc) allowance with a narrowly scoped, opt-in permission or move it to
a more specific environment/configuration that requires explicit approval.
Ensure the "allow" array no longer contains "Read(~/.zshrc)" and update any
documentation/tests that assumed that permission.
In @.devcontainer/docker-compose.yml:
- Around line 20-26: The devcontainer service references the beads-dolt service
via environment vars but doesn't declare a startup dependency, which can cause
race conditions; update the docker-compose service entry for the devcontainer
(the service that sets BEADS_DOLT_SERVER=beads-dolt and
BEADS_DOLT_PORT/BEADS_DOLT_SERVER_PORT env vars) to include a depends_on: -
beads-dolt so Docker Compose will start beads-dolt first (optionally add a
healthcheck on the beads-dolt service and use depends_on with condition:
service_healthy if supported to ensure readiness).
- Around line 29-35: The beads-dolt service's healthcheck is incomplete; update
the beads-dolt service block to use Dolt's official healthcheck by adding a
healthcheck that calls the dolt-sql-server healthcheck CLI with explicit
connection flags (--host, --port, --no-tls) and runs a timestamp query (e.g.,
SELECT UNIX_TIMESTAMP()) instead of SELECT 1, and increase the start_period to
60s; locate the beads-dolt service in the docker-compose.yml and modify or
replace its healthcheck stanza accordingly.
In @.devcontainer/post-start-command.sh:
- Around line 8-13: The script currently treats any non-zero exit from `bd
ready` as "not initialized" and runs the destructive `rm -rf .claude/.beads` +
`bd init` path; change this to first probe `bd ready --json` (or run `bd ready`
and capture stderr/stdout) and inspect the returned status/error message for an
explicit "not initialized" indicator before deleting files or reinitializing; if
the JSON/status indicates a transient error (auth, network, timeout) then abort
or retry with a non-destructive failure path instead of invoking `rm -rf
.claude/.beads` and `bd init`, and only call the destructive commands when the
parsed response explicitly shows the beads DB is uninitialized.
In @.github/reusable_workflows/build-docker-image.yaml:
- Around line 73-78: The referenced reusable action at uses:
./.github/actions/ecr-auth is missing; either add a new local action named
ecr-auth that accepts inputs role-arn and aws-region and performs ECR login, or
replace the uses line with a known working alternative (for example an inline
step that runs aws sts assume-role + aws ecr get-login-password or a public
action) and ensure it respects inputs.push-role-name conditional; update
references to role-arn and aws-region so the workflow consumes those values
correctly when inputs.push-role-name != 'no-push'.
In @.gitignore:
- Around line 22-24: The repository-wide "*.db" ignore is too broad and may hide
unrelated SQLite/fixture files; update the .gitignore to scope the ignore to the
Claude/Beads area instead of a global pattern (keep the ".dolt/" entry if
needed). Replace the global "*.db" entry with a path-specific pattern that
matches only the intended directory (e.g., restrict to beads/ or the
Claude-related subfolder such as beads/claude/*.db or beads/**/.db), ensuring
other project .db files remain tracked.
In `@AGENTS.md`:
- Line 14: The guideline that says "Prefer using random values in tests rather
than arbitrary ones..." should be rewritten to discourage non-deterministic test
data; update the rule (the sentence starting with "Prefer using random values in
tests...") to recommend using deterministic fixtures or seeded generators (or
explicitly seeded faker/uuid calls) and to choose enum values deterministically
unless a test explicitly validates randomness, and require documenting the seed
when randomness is used.
In `@CLAUDE.md`:
- Line 1: Put a top-level heading above the include so the file no longer starts
with a bare include token; edit CLAUDE.md to add a single H1 (for example "#
Includes") as the first line and leave the existing "@AGENTS.md" line unchanged
so the include directive is preserved.
In `@template/.claude/.beads/.gitignore`:
- Around line 50-58: The explanatory note currently contradicts the active
ignore patterns: update the human-readable comment so it accurately reflects
that interactions.jsonl and issues.jsonl are intentionally ignored (or,
alternatively, remove the ignore entries if you intend them to be tracked).
Specifically, edit the lines referencing "The JSONL files (issues.jsonl,
interactions.jsonl) and config files are tracked..." to state that
interactions.jsonl and issues.jsonl are ignored by this .gitignore to prevent
committing local databases (and keep the existing warning about not adding
negation patterns); ensure the text and the patterns "interactions.jsonl" and
"issues.jsonl" are consistent.
In `@template/.claude/commands/commit.md`:
- Line 6: This file triggers MD041 because it lacks a top-level H1; add a single
H1 heading at the top of the document (above the existing "## General
Guidelines") such as "# Commit Command Guidelines" or another concise title to
satisfy the rule; ensure only one H1 is present and keep "## General Guidelines"
as the H2 beneath it.
In `@template/.claude/commands/gap.md`:
- Around line 10-12: The lines containing the TDD-specific instruction ("Never
explicitly mention TDD" / "Write natural, descriptive code...") in the gap
analysis command template should be removed or replaced because they are
irrelevant to gap analysis; locate the block by searching for the exact text
"Never explicitly mention TDD" in template/.claude/commands/gap.md and either
delete those three TDD lines or replace them with gap-analysis-specific output
guidance (e.g., "Focus on identifying unaddressed items, provide concise
evidence, prioritize gaps, and give actionable recommendations"), or explicitly
document that this is shared guidance if that was intentional.
In `@template/.claude/commands/green.md`:
- Line 62: The ordered list item "3. **Refactor Phase**: Improve code structure
while keeping tests green" should restart numbering as a new list block to
satisfy MD029; change the leading numeral from "3." to "1." for the list item
containing "**Refactor Phase**" so the ordered list restarts correctly and
adheres to the configured markdown style.
- Line 6: Add a top-level H1 heading at the top of the markdown file so the
document complies with markdownlint MD041; insert a descriptive H1 (for example
"# Green command" or similar) above the existing "**User arguments:**" section
to serve as the required top-level heading and ensure the file now begins with a
single "#" heading rather than starting directly with content.
In `@template/.claude/commands/issue.md`:
- Around line 46-49: Add a language identifier to the fenced code block that
contains the message "GitHub CLI not available or not authenticated! Run: gh
auth login" (i.e., change the opening ``` to ```text) so the block adheres to
MD040; ensure the opening fence reads ```text and the closing fence remains ```
to properly mark it as plain text.
- Around line 6-8: Add a top-level H1 heading to satisfy MD041 by inserting a
single H1 before the existing text "Analyze GitHub issue and create TDD
implementation plan." — for example, add "# Analyze GitHub issue and create TDD
implementation plan" as the first line so the current line 6 becomes body
content; ensure the new H1 is the file's first non-blank line and retains the
existing "## General Guidelines" section below.
In `@template/.claude/commands/red.md`:
- Line 6: The file template/.claude/commands/red.md fails MD041 because it has
no top-level heading; add a single H1 heading at the top of the file (e.g., "#
Red" or "# Red command") so that the existing bold line "**User arguments:**" on
line 6 becomes a subsection under that H1 and the file satisfies the
markdown-lint rule.
In `@template/.claude/helpers/merge-claude-settings.sh`:
- Around line 44-54: The command building parsed_json uses an unquoted
$settings_files expansion which breaks on filenames with spaces; update the
script to pass filenames robustly (e.g., construct settings files as a Bash
array or emit a NUL-delimited list and pipe through xargs -0) so each path is
passed as a separate argument to the node JSON5 parser invocation (the node -e
block that reads process.argv.slice(1)). Ensure you stop expanding
$settings_files as an unquoted string and instead iterate/pipe the safe,
NUL-delimited or array-expanded entries into the node process so JSON5.parse
receives correct file paths even with spaces or special characters.
In `@template/.claude/settings/permissions/read.jsonc`:
- Around line 6-7: Remove the overly permissive Read(~/.zshrc) entry from the
"allow" array in the permissions JSON so the template no longer grants access to
that sensitive file; locate the "allow": ["Read(~/.zshrc)"] line and delete that
entry (or replace it with a non-home-specific, minimal permission if needed)
while leaving the existing "deny" entries (e.g. "deny":
["Read(~/Drive/Secrets/**)", "Read(~/.ssh/**)", "Read(**/.env*)",
"Read(~/.aws/**)"]) intact.
In `@template/.devcontainer/post-start-command.sh.jinja`:
- Around line 8-13: The current chain (rm -rf .claude/.beads && bd init ... &&
git restore --source=HEAD --staged --worktree .claude/.beads) can delete
.claude/.beads and skip restore if bd init fails; change the flow so git restore
always runs regardless of bd init exit status: e.g., create a small safe
sequence around rm -rf .claude/.beads, run bd init and capture its exit code,
then always run git restore --source=HEAD --staged --worktree .claude/.beads to
recover files, or install a trap (trap 'git restore --source=HEAD --staged
--worktree .claude/.beads' ERR EXIT) before running bd init; reference the
commands rm -rf .claude/.beads, bd init, and git restore in your change.
In `@template/.gitignore`:
- Around line 22-24: The current .gitignore entry '*.db' is too broad and may
hide unrelated repo files; narrow the scope to Beads/Claude artifacts by
replacing the global '*.db' pattern with a beads-scoped pattern (e.g., use
beads/*.db or beads/**/*.db) alongside the existing .dolt/ entry so only
Beads/Claude database files are ignored; update the .gitignore to remove the
global '*.db' and add the scoped beads pattern referencing the existing .dolt/
and '*.db' symbols in the diff.
In `@template/AGENTS.md`:
- Line 14: Replace the current guidance phrase "Prefer using random values in
tests rather than arbitrary ones (e.g. the faker library, uuids, random.randint)
when possible. For enums, pick randomly rather than hardcoding one value." with
a deterministic-first recommendation: instruct readers to prefer stable,
deterministic fixtures and explicit example values by default, and only use
randomness when intentionally testing variability—and then require seeding or
property-based testing patterns to ensure reproducibility; make the exception
explicit for fuzz/property tests and mention using seeded RNGs or deterministic
UUIDs when randomness is needed.
In `@tests/unit/copier_tasks/test_remove_precommit_hooks.py`:
- Around line 57-62: Update the test method
test_When_target_file_does_not_exist__Then_exits_with_error to assert the
specific exit code for file-not-found by replacing the generic non-zero check
with an exact equality check (result.returncode == 1); locate the assertion near
the call to self._run_script (using hook_id_regex and
target_file=nonexistent_path) and change it to assert result.returncode == 1 so
the test explicitly validates the script's file-not-found exit path.
---
Outside diff comments:
In `@template/.github/actions/install_deps/action.yml`:
- Around line 67-78: Replace the mutable action version tags with immutable
commit SHAs for the two actions used here: actions/setup-node@v6.3.0 and
aws-actions/configure-aws-credentials@v6.0.0; update their uses entries to
reference the specific commit SHAs (found on each repo's releases/tags) so the
workflow pins exact commits, and verify the
aws-actions/configure-aws-credentials SHA corresponds to a v6 release compatible
with your runners.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 91591bd3-f35f-46cb-b8a6-884b3e574558
⛔ Files ignored due to path filters (3)
.claude/package-lock.jsonis excluded by!**/package-lock.jsontemplate/.claude/package-lock.jsonis excluded by!**/package-lock.jsonuv.lockis excluded by!**/*.lock
📒 Files selected for processing (85)
.claude/.beads/.gitignore.claude/.beads/config.yaml.claude/.beads/metadata.json.claude/commands/add-command.md.claude/commands/commit.md.claude/commands/create-adr.md.claude/commands/create-issues.md.claude/commands/gap.md.claude/commands/green.md.claude/commands/issue.md.claude/commands/polish.md.claude/commands/red.md.claude/commands/refactor.md.claude/commands/research.md.claude/commands/simplify.md.claude/commands/spike.md.claude/commands/summarize.md.claude/commands/tdd-review.md.claude/commands/tdd.md.claude/helpers/merge-claude-settings.sh.claude/package.json.claude/settings/basics.jsonc.claude/settings/permissions/bash.jsonc.claude/settings/permissions/read.jsonc.claude/settings/permissions/write.jsonc.coderabbit.yaml.copier-answers.yml.coveragerc.devcontainer/devcontainer.json.devcontainer/docker-compose.yml.devcontainer/install-ci-tooling.py.devcontainer/on-create-command.sh.devcontainer/post-start-command.sh.github/actions/install_deps/action.yml.github/reusable_workflows/build-docker-image.yaml.github/workflows/ci.yaml.github/workflows/pre-commit.yaml.gitignore.pre-commit-config.yamlAGENTS.mdCLAUDE.mdcopier.ymlextensions/context.pypyproject.tomlsrc/copier_tasks/__init__.pysrc/copier_tasks/remove_precommit_hooks.pytemplate/.claude/.beads/.gitignoretemplate/.claude/.beads/config.yamltemplate/.claude/.beads/metadata.jsontemplate/.claude/commands/add-command.mdtemplate/.claude/commands/commit.mdtemplate/.claude/commands/create-adr.mdtemplate/.claude/commands/create-issues.mdtemplate/.claude/commands/gap.mdtemplate/.claude/commands/green.mdtemplate/.claude/commands/issue.mdtemplate/.claude/commands/polish.mdtemplate/.claude/commands/red.mdtemplate/.claude/commands/refactor.mdtemplate/.claude/commands/research.mdtemplate/.claude/commands/simplify.mdtemplate/.claude/commands/spike.mdtemplate/.claude/commands/summarize.mdtemplate/.claude/commands/tdd-review.mdtemplate/.claude/commands/tdd.mdtemplate/.claude/helpers/merge-claude-settings.shtemplate/.claude/package.jsontemplate/.claude/settings/basics.jsonctemplate/.claude/settings/permissions/bash.jsonctemplate/.claude/settings/permissions/read.jsonctemplate/.claude/settings/permissions/write.jsonctemplate/.coderabbit.yamltemplate/.devcontainer/devcontainer.json.jinjatemplate/.devcontainer/docker-compose.yml.jinjatemplate/.devcontainer/on-create-command.sh.jinjatemplate/.devcontainer/post-start-command.sh.jinjatemplate/.github/actions/ecr-auth/action.yml.jinjatemplate/.github/actions/install_deps/action.ymltemplate/.github/workflows/pre-commit.yamltemplate/.gitignoretemplate/.pre-commit-config.yamltemplate/AGENTS.mdtemplate/CLAUDE.mdtests/unit/copier_tasks/__init__.pytests/unit/copier_tasks/test_remove_precommit_hooks.py
Comment on lines
+50
to
+58
| # NOTE: Do NOT add negation patterns (e.g., !issues.jsonl) here. | ||
| # They would override fork protection in .git/info/exclude, allowing | ||
| # contributors to accidentally commit upstream issue databases. | ||
| # The JSONL files (issues.jsonl, interactions.jsonl) and config files | ||
| # are tracked by git by default since no pattern above ignores them. | ||
|
|
||
| # at the moment, we're just using beads for local development, so don't commit any jsonl | ||
| interactions.jsonl | ||
| issues.jsonl |
There was a problem hiding this comment.
Resolve contradictory guidance about JSONL tracking.
Lines 50-54 state JSONL files are tracked by default, but Lines 57-58 ignore them. Update the note so behavior and documentation match.
Suggested patch
-# NOTE: Do NOT add negation patterns (e.g., !issues.jsonl) here.
-# They would override fork protection in .git/info/exclude, allowing
-# contributors to accidentally commit upstream issue databases.
-# The JSONL files (issues.jsonl, interactions.jsonl) and config files
-# are tracked by git by default since no pattern above ignores them.
+# NOTE: Do NOT add negation patterns (e.g., !issues.jsonl) here.
+# They would override fork protection in .git/info/exclude, allowing
+# contributors to accidentally commit upstream issue databases.
+# This repository intentionally ignores local JSONL data below.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/.beads/.gitignore around lines 50 - 58, The comment and patterns
contradict each other: the NOTE block claims JSONL files are tracked by default,
but the .gitignore lists interactions.jsonl and issues.jsonl; update the NOTE
text so it accurately reflects the repo behavior (e.g., state that JSONL files
are intentionally ignored for local development and should not be
tracked/committed), and ensure the explanatory paragraph references the actual
ignored filenames (interactions.jsonl and issues.jsonl) and the reason for
ignoring them rather than claiming they are tracked by default.
Comment on lines
+6
to
+20
| ## General Guidelines | ||
|
|
||
| ### Output Style | ||
|
|
||
| - **Never explicitly mention TDD** in code, comments, commits, PRs, or issues | ||
| - Write natural, descriptive code without meta-commentary about the development process | ||
| - The code should speak for itself - TDD is the process, not the product | ||
|
|
||
| Beads is available for task tracking. Use `mcp__beads__*` tools to manage issues (the user interacts via `bd` commands). | ||
|
|
||
| ## Plan File Restriction | ||
|
|
||
| **NEVER create, read, or update plan.md files.** Claude Code's internal planning files are disabled for this project. Use other methods to track implementation progress (e.g., comments, todo lists, or external tools). | ||
|
|
||
| # Slash Command Creator Guide |
There was a problem hiding this comment.
Fix heading order to satisfy markdownlint MD041.
Line 6 starts with an H2 before the first H1 (Line 20), which triggers first-line-heading. Put the H1 first after frontmatter.
Suggested patch
-## General Guidelines
+# Slash Command Creator Guide
+
+## General Guidelines
@@
-# Slash Command Creator Guide
-
## How This Command Works🧰 Tools
🪛 markdownlint-cli2 (0.21.0)
[warning] 6-6: First line in a file should be a top-level heading
(MD041, first-line-heading, first-line-h1)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/commands/add-command.md around lines 6 - 20, The Markdown violates
markdownlint MD041 because an H2 ("## General Guidelines") appears before the
first H1 ("# Slash Command Creator Guide"); reorder the headings so the first
visible heading after any frontmatter is the H1 by moving "# Slash Command
Creator Guide" above "## General Guidelines" (ensure the H1 is the first
top-level heading and retain the existing content and heading hierarchy).
Comment on lines
+1
to
+6
| --- | ||
| description: Create a git commit following project standards | ||
| argument-hint: [optional-commit-description] | ||
| --- | ||
|
|
||
| ## General Guidelines |
There was a problem hiding this comment.
Add a top-level heading to satisfy markdownlint MD041.
The current file starts with frontmatter and then jumps to ##. Add an H1 immediately after frontmatter.
Proposed fix
---
description: Create a git commit following project standards
argument-hint: [optional-commit-description]
---
+# Commit Command
+
## General Guidelines📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| --- | |
| description: Create a git commit following project standards | |
| argument-hint: [optional-commit-description] | |
| --- | |
| ## General Guidelines | |
| --- | |
| description: Create a git commit following project standards | |
| argument-hint: [optional-commit-description] | |
| --- | |
| # Commit Command | |
| ## General Guidelines |
🧰 Tools
🪛 markdownlint-cli2 (0.21.0)
[warning] 6-6: First line in a file should be a top-level heading
(MD041, first-line-heading, first-line-h1)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/commands/commit.md around lines 1 - 6, Add a top-level H1 heading
immediately after the YAML frontmatter to satisfy markdownlint MD041: insert a
single line like "# Commit" (or a project-appropriate H1 title) directly
following the existing frontmatter block so the document no longer jumps
straight to "## General Guidelines" — update the file
".claude/commands/commit.md" by adding that H1 header.
Comment on lines
+45
to
+57
| **Step 1: Extract Issue Number** | ||
|
|
||
| - From URL: extract owner/repo/number | ||
| - From number: try to infer repo from git remote | ||
| - From branch name: check patterns like `issue-123`, `123-feature`, `feature/123` | ||
|
|
||
| **Step 2: Fetch Issue** | ||
|
|
||
| Use the GitHub CLI to fetch issue details: | ||
|
|
||
| ```bash | ||
| gh issue view [ISSUE_NUMBER] --json title,body,labels,comments,state | ||
| ``` |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Verify that gh supports explicit repo selection for issue lookups
gh issue view --help | sed -n '1,220p' | grep -n -- '--repo'Repository: LabAutomationAndScreening/copier-python-package-template
Length of output: 196
Add explicit --repo flag when fetching GitHub issues to ensure correct repository resolution.
Line 47 extracts owner/repo/number from the input, but Line 56 uses only [ISSUE_NUMBER]. Without the --repo flag, the command may resolve against the wrong repository depending on the current git context.
Suggested doc fix
- gh issue view [ISSUE_NUMBER] --json title,body,labels,comments,state
+ gh issue view [ISSUE_NUMBER] --repo [OWNER/REPO] --json title,body,labels,comments,state🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/commands/create-issues.md around lines 45 - 57, Update the "Step 2:
Fetch Issue" gh command to pass an explicit --repo using the owner/repo parsed
in Step 1 (the value extracted from "owner/repo/number" or inferred repo from
git remote/branch), so replace the current gh issue view [ISSUE_NUMBER]
invocation with one that supplies --repo <owner/repo>; ensure the docs mention
using the parsed repo variable when calling gh issue view to avoid relying on
local git context.
Comment on lines
+61
to
+64
| ``` | ||
| GitHub CLI not available or not authenticated! | ||
| Run: gh auth login | ||
| ``` |
There was a problem hiding this comment.
Add a language identifier to the fenced code block.
Line 61 uses an unlabeled fence, which trips markdownlint MD040. Use text for that output snippet.
🧰 Tools
🪛 markdownlint-cli2 (0.21.0)
[warning] 61-61: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/commands/create-issues.md around lines 61 - 64, The fenced code
block showing the CLI output "GitHub CLI not available or not authenticated!
Run: gh auth login" is unlabeled and triggers markdownlint MD040; update that
fence to include a language identifier (use text) so the block opens with
```text instead of ``` to satisfy the linter and preserve the output snippet.
Comment on lines
+6
to
+7
| "allow": ["Read(~/.zshrc)"], | ||
| "deny": ["Read(~/Drive/Secrets/**)", "Read(~/.ssh/**)", "Read(**/.env*)", "Read(~/.aws/**)"], |
There was a problem hiding this comment.
Mirror the same permission hardening in the template copy.
Line 6 also allows Read(~/.zshrc) here. This should be removed/restricted in the template as well, otherwise downstream repos inherit the same sensitive default.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@template/.claude/settings/permissions/read.jsonc` around lines 6 - 7, Remove
the overly permissive Read(~/.zshrc) entry from the "allow" array in the
permissions JSON so the template no longer grants access to that sensitive file;
locate the "allow": ["Read(~/.zshrc)"] line and delete that entry (or replace it
with a non-home-specific, minimal permission if needed) while leaving the
existing "deny" entries (e.g. "deny": ["Read(~/Drive/Secrets/**)",
"Read(~/.ssh/**)", "Read(**/.env*)", "Read(~/.aws/**)"]) intact.
Comment on lines
+8
to
+13
| if ! bd ready; then | ||
| echo "It's likely the Dolt server has not yet been initialized to support beads, running that now" # TODO: figure out a better way to match this specific scenario than just a non-zero exit code...but beads still seems like in high flux right now so not sure what to tie it to | ||
| # the 'stealth' flag is just the only way I could figure out how to stop it from modifying AGENTS.md...if there's another way to avoid that, then fine. Even without the stealth flag though, files inside the .claude/beads directory get modified, so restoring them at the end to what was set in git...these shouldn't really need to change regularly | ||
| # trying to set 'prefix' to nothing doesn't seem to work (it just acts like the prefix flag wasn't there), so just setting to 'work' as an arbitrary name | ||
| # for some reason, the envvar for the server host isn't being picked up normally, so just passing it explicitly here | ||
| rm -rf .claude/.beads && bd init --server-host="$BEADS_DOLT_SERVER_HOST" --database="$BEADS_DOLT_SERVER_DATABASE" --skip-hooks --stealth --prefix=work </dev/null && git -c core.hooksPath=/dev/null restore --source=HEAD --staged --worktree .claude/.beads |
There was a problem hiding this comment.
Consider error handling for the Beads initialization chain.
Line 13 chains rm -rf, bd init, and git restore with &&. If bd init fails, .claude/.beads will be deleted but not restored, leaving the repository in an inconsistent state.
Consider using a subshell with error handling or separate commands with explicit checks:
🛡️ Proposed fix with safer error handling
- rm -rf .claude/.beads && bd init --server-host="$BEADS_DOLT_SERVER_HOST" --database="$BEADS_DOLT_SERVER_DATABASE" --skip-hooks --stealth --prefix=work </dev/null && git -c core.hooksPath=/dev/null restore --source=HEAD --staged --worktree .claude/.beads
+ rm -rf .claude/.beads
+ if ! bd init --server-host="$BEADS_DOLT_SERVER_HOST" --database="$BEADS_DOLT_SERVER_DATABASE" --skip-hooks --stealth --prefix=work </dev/null; then
+ echo "bd init failed, restoring .beads from git"
+ fi
+ git -c core.hooksPath=/dev/null restore --source=HEAD --staged --worktree .claude/.beadsThis ensures git restore always runs to recover the .beads directory regardless of bd init success.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@template/.devcontainer/post-start-command.sh.jinja` around lines 8 - 13, The
current chain (rm -rf .claude/.beads && bd init ... && git restore --source=HEAD
--staged --worktree .claude/.beads) can delete .claude/.beads and skip restore
if bd init fails; change the flow so git restore always runs regardless of bd
init exit status: e.g., create a small safe sequence around rm -rf
.claude/.beads, run bd init and capture its exit code, then always run git
restore --source=HEAD --staged --worktree .claude/.beads to recover files, or
install a trap (trap 'git restore --source=HEAD --staged --worktree
.claude/.beads' ERR EXIT) before running bd init; reference the commands rm -rf
.claude/.beads, bd init, and git restore in your change.
Comment on lines
+22
to
+24
| # Dolt database files (used by beads for Claude) | ||
| .dolt/ | ||
| *.db |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Scope DB ignore more narrowly to Beads artifacts.
Line 24 (*.db) is very broad and may accidentally ignore legitimate repository files. Prefer a Beads/Claude-scoped pattern.
Proposed refinement
# Dolt database files (used by beads for Claude)
.dolt/
-*.db
+.claude/.beads/**/*.db🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@template/.gitignore` around lines 22 - 24, The current .gitignore entry
'*.db' is too broad and may hide unrelated repo files; narrow the scope to
Beads/Claude artifacts by replacing the global '*.db' pattern with a
beads-scoped pattern (e.g., use beads/*.db or beads/**/*.db) alongside the
existing .dolt/ entry so only Beads/Claude database files are ignored; update
the .gitignore to remove the global '*.db' and add the scoped beads pattern
referencing the existing .dolt/ and '*.db' symbols in the diff.
| - Always run tests with an explicit path (e.g. uv run pytest tests/unit) — test runners discover all types by default. | ||
| - Test coverage requirements are usually at 100%, so when running a subset of tests, always disable test coverage to avoid the test run failing for insufficient coverage. | ||
| - Avoid magic values in comparisons in tests in all languages (like ruff rule PLR2004 specifies) | ||
| - Prefer using random values in tests rather than arbitrary ones (e.g. the faker library, uuids, random.randint) when possible. For enums, pick randomly rather than hardcoding one value. |
There was a problem hiding this comment.
Don’t recommend randomness as the default for tests.
Line 14 encourages random values broadly, which can create flaky and hard-to-reproduce failures. Prefer deterministic fixtures; use seeded/property-style randomness only when intentionally testing variability.
Suggested patch
-- Prefer using random values in tests rather than arbitrary ones (e.g. the faker library, uuids, random.randint) when possible. For enums, pick randomly rather than hardcoding one value.
+- Prefer deterministic, explicit test values by default. Use randomness only when intentionally testing variability, and seed it to keep failures reproducible.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@template/AGENTS.md` at line 14, Replace the current guidance phrase "Prefer
using random values in tests rather than arbitrary ones (e.g. the faker library,
uuids, random.randint) when possible. For enums, pick randomly rather than
hardcoding one value." with a deterministic-first recommendation: instruct
readers to prefer stable, deterministic fixtures and explicit example values by
default, and only use randomness when intentionally testing variability—and then
require seeding or property-based testing patterns to ensure reproducibility;
make the exception explicit for fuzz/property tests and mention using seeded
RNGs or deterministic UUIDs when randomness is needed.
Comment on lines
+57
to
+62
| def test_When_target_file_does_not_exist__Then_exits_with_error(self, tmp_path: Path) -> None: | ||
| nonexistent_path = tmp_path / "does-not-exist.yaml" | ||
|
|
||
| result = self._run_script(hook_id_regex=r"^\s*-\s+id:\s+some-hook\s*$", target_file=nonexistent_path) | ||
|
|
||
| assert result.returncode != 0 |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider asserting the specific exit code for file-not-found.
The test verifies a non-zero exit but could be more precise by checking for exit code 1, which the script returns when the target file doesn't exist. This would make the test more explicit and catch any accidental changes to exit codes.
✨ Proposed improvement
+_EXIT_CODE_FILE_NOT_FOUND = 1
_EXIT_CODE_INVALID_REGEX = 2 def test_When_target_file_does_not_exist__Then_exits_with_error(self, tmp_path: Path) -> None:
nonexistent_path = tmp_path / "does-not-exist.yaml"
result = self._run_script(hook_id_regex=r"^\s*-\s+id:\s+some-hook\s*$", target_file=nonexistent_path)
- assert result.returncode != 0
+ assert result.returncode == _EXIT_CODE_FILE_NOT_FOUND🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@tests/unit/copier_tasks/test_remove_precommit_hooks.py` around lines 57 - 62,
Update the test method
test_When_target_file_does_not_exist__Then_exits_with_error to assert the
specific exit code for file-not-found by replacing the generic non-zero check
with an exact equality check (result.returncode == 1); locate the assertion near
the call to self._run_script (using hook_id_regex and
target_file=nonexistent_path) and change it to assert result.returncode == 1 so
the test explicitly validates the script's file-not-found exit path.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull in upstream template changes
Summary by CodeRabbit
New Features
Bug Fixes & Improvements
Documentation
Tests
Chores