chore(github): update CI workflows, prompts, and PR template

[loothero]

Summary

• sync .github/prompts review prompt updates
• update .github/pull_request_template.md
• add .github/workflows/main-ci.yml
• update .github/workflows/pr-ci.yml

Scope

This PR contains only .github/** changes and no application/runtime code changes.

Summary by CodeRabbit

• Chores
  • Added a centralized CI pipeline with multi-component testing and coverage reporting.
  • Enhanced PR CI with finer-grained gating and explicit outputs for automated review availability.
  • Updated review prompts and the pull request template to narrow frontend review scope and switch client tooling examples.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
summit	Ready	Preview, Comment	Feb 15, 2026 5:55am

[gemini-code-assist]

Summary of Changes

Hello @loothero, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request consolidates frontend-related directories by removing explicit references to ui/** across various GitHub configuration files. The changes primarily focus on updating automated review prompts and the pull request template to reflect this consolidation, ensuring that CI/CD processes and PR guidelines align with the updated project structure. This improves clarity and consistency in development workflows without affecting application runtime code.

Highlights

• Review Prompt Updates: The review prompts for Cairo, client, and indexer domains have been updated to remove references to the ui/** directory, streamlining their scope definitions.
• PR Template Refinement: The pull request template has been modified to remove ui/** as a distinct area, update example build commands to use pnpm and target client/**, and adjust the codex review routing reminder accordingly.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• .github/prompts/cairo-review.md
  • Removed ui/** from the list of directories to exclude from Cairo review findings.
• .github/prompts/client-review.md
  • Adjusted the client review scope to focus solely on client/** by removing ui/**.
• .github/prompts/indexer-review.md
  • Removed ui/** from the list of directories to exclude from indexer review findings.
• .github/pull_request_template.md
  • Removed the ui/** checkbox from the 'Areas Touched' section.
  • Updated the example build command from cd ui && npm run lint && npm run build to cd client && pnpm lint && pnpm build.
  • Modified the conditional verification section from 'If ui/** or client/** changed' to 'If client/** changed' and updated associated commands to use pnpm and client.
  • Updated the 'Codex review routing reminder' to reflect that frontend review now only covers client/**.

Ignored Files

• Ignored by pattern: .github/workflows/** (2)
  • .github/workflows/main-ci.yml
  • .github/workflows/pr-ci.yml

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR narrows review scopes by removing ui/** references and consolidating frontend review to client/**, adds a new comprehensive main-ci GitHub Actions workflow, and enhances pr-ci with AI-review gating, marker propagation, and per-review conditional logic tied to PR properties and secrets.

Changes

Cohort / File(s)	Summary
Review Prompts & Scope ​.github/prompts/cairo-review.md, ​.github/prompts/client-review.md, ​.github/prompts/indexer-review.md	Removes ui/** from some review scope boundaries; updates generated-code path from ui/src/generated/* → client/src/generated/*; indexer prompt no longer excludes ui/**, changing which files may be considered.
Pull Request Template ​.github/pull_request_template.md	Removes ui/** references, updates usage examples from ui/npm → client/pnpm, and consolidates frontend review guidance to client/**.
Main CI Workflow ​.github/workflows/main-ci.yml	Adds a new multi-job CI workflow with path-based job triggers, infra validation, ScarB/Foundry contracts pipeline, Node/PNPM client pipeline, indexer/API pipelines, caching, and Codecov integration.
PR CI Workflow Enhancement ​.github/workflows/pr-ci.yml	Adds ai-gate step and new changes outputs (review availability and block reasons); computes can_run_* flags based on forks, author, modified workflows, and secrets; propagates REVIEW_MARKER; gates Claude/Codex review jobs and enforces reporting/failure behavior for missing/skipped required reviews.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant PR as Pull Request
participant GH as GitHub Actions (pr-ci)
participant Gate as ai-gate step
participant Jobs as Review Jobs (Claude/Codex/Other)
participant Secrets as Repo Secrets

PR->>GH: push / open PR triggers workflow
GH->>Gate: run ai-gate with PR metadata & changed paths
Gate->>Secrets: check presence of AI/Claude secrets
Gate-->>GH: emit can_run_ai_reviews, can_run_claude_reviews, block reasons, REVIEW_MARKER
GH->>Jobs: conditionally start review jobs based on can_run_* flags and path filters
Jobs->>GH: report results (including marker-aware outputs)
GH->>PR: enforce final evaluation, fail or warn if required reviews missing/skipped

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• fix(ci): prevent AI review comments from overwriting each other #104: Related changes to AI review marker/comment handling in pr-ci.yml that intersect with this PR's REVIEW_MARKER and lookup gating logic.
• Add unified CI pipeline, review prompts, and PR template #102: Prior updates introducing workflow and prompt config edits (scope changes from ui/** to client/**) that this PR further refines.

Poem

🐰 I hopped through prompts, nudged ui aside,
client took the spotlight, CI grew wide.
Gates guard the reviews with secrets to keep,
Workflows now dance while the rabbits all leap,
Tiny paws clap for tests that run in stride.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides a basic summary but is missing several required template sections including Why this change, detailed Scope checkboxes, Change Type, Validation, Risk level, and other guidance sections.	Complete the description using the template: add motivation/impact explanation, check appropriate scope boxes, mark change type as chore, document validation steps performed, and include risk assessment.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: CI workflows, prompts, and PR template updates under .github/.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/github-only-pr

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

.github/workflows/main-ci.yml (2)

67-98: Consider enabling nullglob for safer glob expansion in the infra-validate step.

On Line 79, if no .yml/.yaml files exist under .github/workflows/, the literal glob string is passed to the loop. The [ -f "$file" ] || continue guard handles this correctly, but setting shopt -s nullglob at the top of the script is a cleaner approach and would also future-proof any additions.

Proposed fix

         run: |
+          shopt -s nullglob
           YAML_CLI="yaml@2.8.1"
           JSON5_CLI="json5@2.2.3"

---

375-405: Aggregator treats cancelled jobs as failures — verify this is intentional.

Line 395 selects both "failure" and "cancelled" results as failing. On the main branch, a cancelled job (e.g., due to concurrency cancellation of an in-progress run) would mark the aggregator as failed. This is stricter than many CI setups which only fail on "failure". The commit message mentions "harden review gates," so this may be intentional — just flagging for awareness.

.github/workflows/pr-ci.yml (3)

75-123: Missing either secret blocks all AI reviews, including the unaffected tool.

Line 98 uses an OR condition: if CLAUDE_CODE_OAUTH_TOKEN or CODEX_AUTH_DOT_JSON is empty, can_run_ai_reviews is set to false, which gates both Claude and Codex review jobs. This means a missing Codex secret also prevents Claude reviews from running (and vice versa).

If the intent is to require both review systems as a pair, this is fine — but if one tool should be allowed to run independently, consider gating them separately.

---

485-492: Fallback comment search omits the scope= qualifier — could match the wrong review.

The primary jq filter (Line 486) matches on the full REVIEW_MARKER including scope=contracts. The fallback at Lines 489-491 only matches on run= and sha= tokens plus the header. Since the header already contains a scope-specific string ("Cairo/Starknet Contract Review"), this is safe as long as headers remain unique across scopes. Worth documenting this implicit assumption, or including the scope= token in the fallback for extra safety.

---

536-538: Secret written to disk — ensure cleanup on failure.

The Codex OAuth JSON is written to ~/.codex/auth.json at Line 538. If a later step fails, the file persists for the remainder of the runner's lifetime. GitHub-hosted runners are ephemeral so this is low risk, but if self-hosted runners are ever used, consider adding a cleanup step with if: always().

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request provides updates to the repository's GitHub configuration, including review prompts and the pull request template. The changes consistently remove references to the ui/** directory, consolidating paths and commands under client/**. This includes updating review scopes, checklist items, and example commands, which also reflect a switch from npm to pnpm. These are appropriate housekeeping changes that align the repository's configuration with its evolving structure. The changes are correct and consistent across all files.

[Copilot]

Pull request overview

This PR modernizes the CI/CD infrastructure by syncing review prompts, adding a dedicated main branch CI workflow, and cleaning up references to the old ui/** directory structure that has been replaced by client/**.

Changes:

• Added comprehensive AI review gating logic to prevent reviews on forks, missing secrets, and workflow modifications
• Created new main-ci.yml workflow for main/next branch testing with infrastructure validation
• Updated all documentation and prompts to reflect client/** instead of legacy ui/** references

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/workflows/pr-ci.yml	Added AI review gating with fork/secret/workflow detection, REVIEW_MARKER system for deduplication, improved Claude comment detection with explicit usernames, separated *_ci and *_review path filters, removed unnecessary lint dependencies from general review jobs, added comprehensive review enforcement logic
.github/workflows/main-ci.yml	New workflow for main/next branch CI with same job structure as PR workflow but without AI reviews, includes infrastructure validation for YAML/JSON files
.github/pull_request_template.md	Removed obsolete ui/** references, updated examples to use client/ with pnpm instead of npm
.github/prompts/indexer-review.md	Removed ui/** from out-of-scope domain list
.github/prompts/client-review.md	Updated scope from ui/** and client/** to just client/**, updated generated code path
.github/prompts/cairo-review.md	Removed ui/** from out-of-scope domain list

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Codex Review - General Engineering Review

[HIGH] .github/workflows/main-ci.yml:42 - client_ci/indexer_ci/indexer_api_ci contract-trigger coverage is too narrow (contracts/src/models/beast.cairo only), so ABI/event-shape contract changes outside that file won’t run downstream TS checks.
Impact: Changes like contracts/src/models/events.cairo can break client/indexer decoding paths without running client-* or indexer-* CI on main/next.
Fix: Broaden the trigger set to all contract surfaces consumed by TS packages (at minimum contracts/src/models/**, ideally a single shared glob for ABI/event-relevant contract files).

[MEDIUM] .github/workflows/pr-ci.yml:482 - Claude comment detection is brittle because it requires both a hardcoded username allowlist and an exact marker substring (same pattern repeated at :705, :928, :1152).
Impact: If the bot login differs (or marker formatting drifts), CI reports “Could not find Claude review output” even when review succeeded, causing false failures.
Fix: Keep marker matching, but relax author matching (or remove strict login filtering) and add a fallback selector (e.g., latest comment containing header + run/sha token).

[MEDIUM] .github/workflows/pr-ci.yml:64 - The “workflow modified” guard only watches .github/workflows/pr-ci.yml, but review behavior is also controlled by .github/prompts/** and .github/actions/**.
Impact: A PR can alter review prompts/action behavior and still have AI review checks treated as trusted, weakening the safety model.
Fix: Expand the guarded paths to include .github/prompts/** and .github/actions/**, and disable/trip AI review enforcement (or load prompts from base SHA) when those files change.

[LOW] .github/workflows/main-ci.yml:78 - Infra validation uses unpinned transient CLIs via npx -y yaml / npx -y json5.
Impact: CI behavior can change unexpectedly with upstream package releases and may become flaky/non-reproducible.
Fix: Pin explicit versions (for example yaml@<pinned> and json5@<pinned>) or install pinned dev tools in-repo and invoke them consistently.

Summary: 0 CRITICAL, 1 HIGH, 2 MEDIUM, 1 LOW, 0 INFO