ci: improve cache keys, observability, and node_modules caching strategy

[ggazzo]

This pull request updates and improves the caching strategy in GitHub Actions workflows and custom actions for the project. The main focus is on making cache keys more robust and granular, upgrading to newer cache action versions, and improving cache observability for CI runs. These changes help ensure more effective cache usage, reduce redundant builds, and provide better insights into cache performance.

Caching improvements and key changes:

• Introduced more granular and robust cache keys for packages and Meteor builds by hashing relevant files and directories, and updated the source-hash usage to combine these new keys for better cache hit accuracy (ci.yml, .github/actions/meteor-build/action.yml). [1] [2] [3] [4]

Cache action upgrades:

• Upgraded all uses of actions/cache from v3/v4 to v5 in custom actions and workflows for better performance and reliability (action.yml, ci.yml). [1] [2] [3] [4]

Cache observability and reporting:

• Added steps to output cache hit/miss information for key caches (packages, node_modules, deno, typecheck, eslint) to improve visibility into cache effectiveness during CI runs (ci.yml, ci-code-check.yml). [1] [2] [3] [4]

Workflow and cache logic enhancements:

• Separated Deno and Node.js module caching into distinct steps, improved cache key construction (removing unnecessary paths and files), and updated restore/save logic for incremental and lint caches (setup-node/action.yml, ci-code-check.yml). [1] [2] [3]

Minor improvements:

• Added new outputs to custom actions for cache hit status, and improved descriptions/documentation for action inputs and outputs. [1] [2]

These changes together should result in faster, more reliable CI runs with improved cache hit rates and easier debugging of cache issues.

• Updated action.yml files for meteor-build and setup-node to use actions/cache@v5.
• Enhanced descriptions for cache keys to clarify their purpose.
• Modified ci workflows to include observability for cache hits and keys.

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Chores
  • Improved CI caching: separate caches for TypeScript, ESLint, Deno runtime, MongoDB binary, and packages build with refined keys.
  • Introduced computed cache keys for package builds and app archive to better align cache scope.
  • Made Node/Yarn caching conditional and updated cache restore/save flow.
  • Added cache observability steps to surface cache hits and sizes for easier monitoring.
  • Clarified the build input description and switched it to a composite cache key.

Task: ARCH-2085

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 789154e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

CI GitHub Actions and custom actions were updated: cache actions upgraded to v5, cache keys separated into packages-build and meteor-rc keys, Deno and Node caching split and made observable, typecheck/ESLint caches split into restore/save steps, and action inputs/outputs adjusted for cache observability.

Changes

Cohort / File(s)	Summary
Meteor Build Caching .github/actions/meteor-build/action.yml	Changed source-hash input description to RC cache id (e.g. packages-build-cache-key + meteor apps/meteor archive hash from CI). No change to required/type or cache expressions.
Node Setup & Deno/MongoDB Caching .github/actions/setup-node/action.yml	Added output cache-deno-hit. Replaced prior node-module cache with actions/cache@v5 for Deno cache (packages/apps-engine/.deno-cache) keyed by Deno version + lockfile hash. Added conditional cache for mongodb-memory-server binary at ${{ runner.temp }}/mongodb-memory-server. Made actions/setup-node yarn caching conditional on inputs.cache-modules.
Code Check Cache Observability .github/workflows/ci-code-check.yml	Split typecheck/ESLint caches into restore-only actions/cache/restore@v5 steps, added observability steps that echo cache-hit, and added save actions/cache/save@v5 steps gated to pushes on refs/heads/develop. Simplified keys to use runner.os and narrowed restore prefixes.
CI Workflow Cache Strategy & Key Computation .github/workflows/ci.yml	Added ci-cache-keys step and new release-versions outputs: packages-build-cache-key (SHA256 of lockfiles/manifests + packages package.jsons) and meteor-rc-cache-key (git-archive hash of apps/meteor). Updated packages-build cache key, replaced source-hash usage with composite ${{ packages-build-cache-key }}-${{ meteor-rc-cache-key }}, added cache observability steps, and upgraded cache action usage to v5.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Release as ReleaseVersions job
participant CacheSvc as actions/cache@v5
participant SetupNode as setup-node action
participant MeteorBuild as meteor-build action
Release->>Release: compute packages-build-cache-key\ncompute meteor-rc-cache-key
Release->>CacheSvc: restore packages-build cache\n(key: packages-build-cache-key)
CacheSvc-->>Release: cache-hit / cache-miss
Release->>SetupNode: run setup-node (outputs cache-deno-hit)
SetupNode->>CacheSvc: restore deno cache\n(key: deno--)
CacheSvc-->>SetupNode: cache-hit / cache-miss
Release->>MeteorBuild: invoke meteor-build\n(source-hash: packages-build-cache-key-meteor-rc-cache-key)
MeteorBuild->>CacheSvc: optionally save caches
CacheSvc-->>MeteorBuild: saved

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related issues

• ARCH-2085 — CI caching/key improvements and cache observability: this PR implements the cache key redesign, upgrades to actions/cache@v5, and adds cache observability steps described in ARCH-2085.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change: improving cache keys, observability, and node_modules caching strategy in CI workflows.
Linked Issues check	✅ Passed	The code changes fully implement all objectives from the linked issue: granular cache keys, cache action upgrades to v5, observability steps, and improved caching logic.
Out of Scope Changes check	✅ Passed	All changes are scoped to CI infrastructure and caching improvements; no unrelated code modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.55%. Comparing base (58fc21c) to head (789154e).
⚠️ Report is 3 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #39709      +/-   ##
===========================================
+ Coverage    70.52%   70.55%   +0.02%     
===========================================
  Files         3271     3271              
  Lines       116804   116804              
  Branches     21066    21072       +6     
===========================================
+ Hits         82376    82410      +34     
+ Misses       32379    32335      -44     
- Partials      2049     2059      +10     

Flag	Coverage Δ
unit	70.99% <ø> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.github/actions/setup-node/action.yml (1)

67-81: Consider adding version awareness to the mongodb-memory-server cache key.

The cache key mongoms-${{ runner.arch }}-${{ runner.os }}-v1 is static and doesn't account for the MongoDB version being downloaded. If the project upgrades mongodb-memory-server or changes the target MongoDB version, the cache may serve stale binaries until manually busted by incrementing v1.

Consider including a version identifier (e.g., from a config file or environment variable) in the key to auto-invalidate when versions change.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/setup-node/action.yml around lines 67 - 81, Update the
mongodb-memory-server cache key to include a version identifier so the cache
auto-invalidates when binaries change: replace the static key expression
"mongoms-${{ runner.arch }}-${{ runner.os }}-v1" with one that appends a version
token (e.g., an input or env var like MONGOMS_VERSION or
inputs.mongodb-version), and ensure that the workflow sets that token (or reads
it from your config) before the cache step; leave the existing setup that writes
MONGOMS_DOWNLOAD_DIR and MONGOMS_PREFER_GLOBAL_PATH to the environment intact so
the downloaded binary path is still used.

.github/workflows/ci.yml (1)

96-109: Robust cache key computation, but error suppression on git archive may hide failures.

The hash computation logic is well-structured with set -euo pipefail. However, line 108 suppresses stderr with 2>/dev/null:

METEOR_HASH=$(git archive HEAD apps/meteor 2>/dev/null | sha256sum | awk '{print $1}')

If apps/meteor doesn't exist or git archive fails for another reason, the error is silently ignored, and sha256sum will hash an empty stream, producing a valid but potentially misleading hash. This could cause cache collisions across unrelated branches/states.

Consider letting errors propagate or adding explicit validation:

🛠️ Proposed fix to handle git archive errors explicitly

-          METEOR_HASH=$(git archive HEAD apps/meteor 2>/dev/null | sha256sum | awk '{print $1}')
+          if ! git archive HEAD apps/meteor > /tmp/meteor-archive.tar 2>&1; then
+            echo "::warning::git archive failed for apps/meteor, using fallback"
+            METEOR_HASH="fallback-$(date +%s)"
+          else
+            METEOR_HASH=$(sha256sum /tmp/meteor-archive.tar | awk '{print $1}')
+            rm -f /tmp/meteor-archive.tar
+          fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 96 - 109, The git archive error is
being suppressed which can produce a misleading METEOR_HASH; update the
METEOR_HASH computation to fail explicitly or validate the path before
archiving: first run a check like git ls-tree --exit-code HEAD apps/meteor (or
test -d apps/meteor) and abort with a clear error if it doesn't exist, then run
git archive HEAD apps/meteor | sha256sum | awk '{print $1}' without redirecting
stderr (remove 2>/dev/null) so failures propagate and the CI job doesn't
silently produce an empty hash.

.github/workflows/ci-code-check.yml (1)

58-60: Consider using $GITHUB_OUTPUT or step summary for better observability.

The cache observability steps echo to stdout, which is visible in logs but not easily queryable. If you want these metrics available as step outputs or in the workflow summary, consider:

💡 Option 1: Export as step outputs

       - name: Cache observability (typecheck)
         if: matrix.check == 'ts'
-        run: echo "typecheck-cache-exact-hit=${{ steps.restore-typecheck.outputs.cache-hit }}"
+        run: echo "typecheck-cache-exact-hit=${{ steps.restore-typecheck.outputs.cache-hit }}" >> $GITHUB_OUTPUT

💡 Option 2: Add to job summary for visibility

       - name: Cache observability (typecheck)
         if: matrix.check == 'ts'
-        run: echo "typecheck-cache-exact-hit=${{ steps.restore-typecheck.outputs.cache-hit }}"
+        run: echo "### Cache Status" >> $GITHUB_STEP_SUMMARY && echo "TypeCheck cache hit: ${{ steps.restore-typecheck.outputs.cache-hit }}" >> $GITHUB_STEP_SUMMARY

If the current logging approach meets your observability needs, feel free to keep as-is.

Also applies to: 103-105

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci-code-check.yml around lines 58 - 60, Update the "Cache
observability (typecheck)" step so it exports the metric as a proper step output
or writes to the job summary instead of only echoing to stdout: capture the
value from steps.restore-typecheck.outputs.cache-hit and either export it via
$GITHUB_OUTPUT (e.g., emit "typecheck-cache-exact-hit=…" to $GITHUB_OUTPUT) or
append a human-readable line to the job summary ($GITHUB_STEP_SUMMARY) for easy
querying/visibility; apply the same change to the other mirrored observability
step referenced in the diff.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci-code-check.yml:
- Line 51: Update all occurrences of the actions/cache subactions from v4 to v5:
replace uses: actions/cache/restore@v4 and uses: actions/cache/save@v4 with
uses: actions/cache/restore@v5 and uses: actions/cache/save@v5 (ensure you
update every instance mentioned in the PR — the restore and save usages at the
four locations — so the workflow consistently uses v5 subactions).

---

Nitpick comments:
In @.github/actions/setup-node/action.yml:
- Around line 67-81: Update the mongodb-memory-server cache key to include a
version identifier so the cache auto-invalidates when binaries change: replace
the static key expression "mongoms-${{ runner.arch }}-${{ runner.os }}-v1" with
one that appends a version token (e.g., an input or env var like MONGOMS_VERSION
or inputs.mongodb-version), and ensure that the workflow sets that token (or
reads it from your config) before the cache step; leave the existing setup that
writes MONGOMS_DOWNLOAD_DIR and MONGOMS_PREFER_GLOBAL_PATH to the environment
intact so the downloaded binary path is still used.

In @.github/workflows/ci-code-check.yml:
- Around line 58-60: Update the "Cache observability (typecheck)" step so it
exports the metric as a proper step output or writes to the job summary instead
of only echoing to stdout: capture the value from
steps.restore-typecheck.outputs.cache-hit and either export it via
$GITHUB_OUTPUT (e.g., emit "typecheck-cache-exact-hit=…" to $GITHUB_OUTPUT) or
append a human-readable line to the job summary ($GITHUB_STEP_SUMMARY) for easy
querying/visibility; apply the same change to the other mirrored observability
step referenced in the diff.

In @.github/workflows/ci.yml:
- Around line 96-109: The git archive error is being suppressed which can
produce a misleading METEOR_HASH; update the METEOR_HASH computation to fail
explicitly or validate the path before archiving: first run a check like git
ls-tree --exit-code HEAD apps/meteor (or test -d apps/meteor) and abort with a
clear error if it doesn't exist, then run git archive HEAD apps/meteor |
sha256sum | awk '{print $1}' without redirecting stderr (remove 2>/dev/null) so
failures propagate and the CI job doesn't silently produce an empty hash.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cf38026b-8c7f-4622-8b71-1215378e8143

📥 Commits

Reviewing files that changed from the base of the PR and between 61d3d9a and b9a222c.

📒 Files selected for processing (4)

• .github/actions/meteor-build/action.yml
• .github/actions/setup-node/action.yml
• .github/workflows/ci-code-check.yml
• .github/workflows/ci.yml

📜 Review details

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 0
File: :0-0
Timestamp: 2026-02-24T19:05:56.710Z
Learning: In Rocket.Chat PRs, keep feature PRs free of unrelated lockfile-only dependency bumps; prefer reverting lockfile drift or isolating such bumps into a separate "chore" commit/PR, and always use yarn install --immutable with the Yarn version pinned in package.json via Corepack.

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 0
File: :0-0
Timestamp: 2026-02-24T19:05:56.710Z
Learning: Rocket.Chat repo context: When a workspace manifest on develop already pins a dependency version (e.g., packages/web-ui-registration → "rocket.chat/ui-contexts": "27.0.1"), a lockfile change in a feature PR that upgrades only that dependency’s resolution is considered a manifest-driven sync and can be kept, preferably as a small "chore: sync yarn.lock with manifests" commit.

🔇 Additional comments (8)

.github/actions/setup-node/action.yml (2)

36-38: LGTM: Deno caching with proper key construction and output exposure.

The Deno cache implementation correctly:

• Uses a granular key combining OS, arch, version, and lockfile hash
• Exposes cache-hit as an output for observability in calling workflows
• Provides appropriate restore-keys for partial cache restoration

Also applies to: 44-53

---

60-60: LGTM: Conditional yarn caching via setup-node's built-in feature.

Using actions/setup-node's native cache: yarn option when inputs.cache-modules is truthy is cleaner than managing a separate cache step for yarn dependencies.

.github/actions/meteor-build/action.yml (2)

33-33: LGTM: Consistent upgrade to actions/cache@v5.

All cache steps are uniformly upgraded from v3/v4 to v5, maintaining consistency across the action. The cache keys and paths remain unchanged, ensuring backward compatibility.

Also applies to: 72-72, 81-81, 90-90

---

23-26: LGTM: Documentation updated to reflect new composite key scheme.

The source-hash description now accurately documents that it expects a composite value combining packages-build-cache-key and the Meteor archive hash, matching the usage in ci.yml line 288.

.github/workflows/ci.yml (2)

36-37: LGTM: Cache key propagation and composite key construction.

The new outputs packages-build-cache-key and meteor-rc-cache-key are properly:

• Defined in job outputs (lines 36-37)
• Used in the packages-build cache key (line 195)
• Combined for meteor-build's source-hash input (line 288)

This provides more granular cache invalidation - package changes invalidate packages-build cache, while Meteor-specific changes additionally invalidate the Meteor build cache.

Also applies to: 195-195, 288-288

---

197-200: LGTM: Cache observability steps for debugging.

These echo statements provide useful CI debugging information without affecting build behavior. They'll help diagnose cache hit/miss patterns.

Also applies to: 223-227

.github/workflows/ci-code-check.yml (2)

86-92: LGTM!

The save-only-on-develop strategy prevents cache pollution from PR branches while maintaining fresh caches from the main development line. The cache key correctly matches the restore key.

---

93-116: LGTM with a minor consideration.

The ESLint cache pattern is consistent with the TypeScript cache approach and the implementation is correct.

One optional consideration: the cache key uses only yarn.lock hash, so ESLint configuration changes (e.g., .eslintrc.* updates) won't invalidate the cache unless dependencies also change. ESLint's incremental cache generally handles this gracefully, but if you encounter stale lint results after config changes, you could extend the key to include config files:

key: eslintcache-${{ runner.os }}-${{ hashFiles('yarn.lock', '**/.eslintrc*', '**/eslint.config.*') }}

This is optional and likely unnecessary for most workflows.

[cubic-dev-ai]

1 issue found across 4 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/ci.yml">

<violation number="1" location=".github/workflows/ci.yml:102">
P1: The packages build cache key excludes package source files, so CI can reuse stale `/tmp/RocketChat-packages-build.tar.gz` after source-only changes.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[ggazzo]

/jira ARCH-2083

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/ci-code-check.yml (1)

51-51: ⚠️ Potential issue | 🟠 Major

Align cache subactions to v5 in this workflow.

Line 51, Line 88, Line 96, and Line 113 still use actions/cache/*@v4. This conflicts with the PR objective to move all cache actions to v5.

Suggested patch

-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
...
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@v5
...
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
...
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@v5

#!/bin/bash
# Verify any remaining v4 cache subaction usages in this workflow.
cat -n .github/workflows/ci-code-check.yml | rg -n 'actions/cache/(restore|save)@v4'
# Expected after fix: no matches

Also applies to: 88-88, 96-96, 113-113

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci-code-check.yml at line 51, Update the remaining cache
action usages from v4 to v5: replace every occurrence of the strings "uses:
actions/cache/restore@v4" and "uses: actions/cache/save@v4" with their v5
equivalents ("@v5") in the workflow so all cache subactions are aligned to v5;
verify no other "actions/cache/*@v4" instances remain by searching for that
pattern after edits.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/ci-code-check.yml:
- Line 51: Update the remaining cache action usages from v4 to v5: replace every
occurrence of the strings "uses: actions/cache/restore@v4" and "uses:
actions/cache/save@v4" with their v5 equivalents ("@v5") in the workflow so all
cache subactions are aligned to v5; verify no other "actions/cache/*@v4"
instances remain by searching for that pattern after edits.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 45f24400-6cc3-4fc3-aac9-bc9035c0e45c

📥 Commits

Reviewing files that changed from the base of the PR and between b9a222c and 6512376.

📒 Files selected for processing (5)

• .github/actions/meteor-build/action.yml
• .github/actions/setup-node/action.yml
• .github/actions/setup-playwright/action.yml
• .github/workflows/ci-code-check.yml
• .github/workflows/ci.yml

✅ Files skipped from review due to trivial changes (2)

• .github/actions/setup-playwright/action.yml
• .github/actions/meteor-build/action.yml

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/ci.yml
• .github/actions/setup-node/action.yml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 0
File: :0-0
Timestamp: 2026-02-24T19:05:56.710Z
Learning: In Rocket.Chat PRs, keep feature PRs free of unrelated lockfile-only dependency bumps; prefer reverting lockfile drift or isolating such bumps into a separate "chore" commit/PR, and always use yarn install --immutable with the Yarn version pinned in package.json via Corepack.

Learnt from: ahmed-n-abdeltwab
Repo: RocketChat/Rocket.Chat PR: 0
File: :0-0
Timestamp: 2026-02-24T19:05:56.710Z
Learning: Rocket.Chat repo context: When a workspace manifest on develop already pins a dependency version (e.g., packages/web-ui-registration → "rocket.chat/ui-contexts": "27.0.1"), a lockfile change in a feature PR that upgrades only that dependency’s resolution is considered a manifest-driven sync and can be kept, preferably as a small "chore: sync yarn.lock with manifests" commit.

🔇 Additional comments (1)

.github/workflows/ci-code-check.yml (1)

58-60: Good cache-hit observability additions.

Surfacing exact-hit status for typecheck and eslint improves CI cache debugging with minimal overhead.

Also applies to: 103-105

[cubic-dev-ai]

1 issue found across 3 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/ci.yml">

<violation number="1" location=".github/workflows/ci.yml:99">
P2: `packages-build-cache-key` no longer includes `packages/**/package.json`, so workspace manifest changes can incorrectly hit cache and reuse stale package build artifacts.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}