Tweaking workflow for GH

[blockiosaurus]

No description provided.

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflows for improved clarity and environment variable management.
  • Added steps to load environment variables and install pnpm in workflows.
  • Changed Node.js version specification and authentication variable in workflows.
  • Added a new environment variable for Solana version configuration.
• Tests
  • Updated test setups to specify wallet addresses and introduce delays for airdrop commands.
  • Skipped file upload tests not supported on the localnet environment.
  • Adjusted CLI test parameters and added a test asset file.
• Refactor
  • Improved naming and structure of workflow steps for better readability.
• Chores
  • Updated lint scripts and added a script to auto-fix lint issues; removed posttest script.

Summary by CodeRabbit

• Chores
  • Improved clarity and maintainability of GitHub Actions workflows by naming steps and explicitly adding pnpm installation steps.
  • Updated Node.js version specification and environment variable usage for authentication in release workflows.
  • Added environment variable SOLANA_VERSION to GitHub environment configuration.
• Tests
  • Modified test setup to specify wallet addresses for Solana airdrop commands and added delays to support network state propagation.
  • Disabled tests involving file uploads due to localnet environment limitations.
  • Updated CLI test helper to use localhost IP and added a key file argument.
  • Added a new JSON test asset file containing an array of integers.

Walkthrough

The GitHub Actions workflows were updated to explicitly name checkout, pnpm installation, and Node.js setup steps. The onPushToMain.yml workflow replaced the GH_TOKEN environment variable with SVC_TOKEN for authentication. Test setups were modified to specify wallet addresses for airdrop commands and introduce delays. Some tests involving file uploads were skipped due to localnet limitations. The CLI test runner was updated with new arguments, and a new JSON test asset was added. The .github/.env file was updated with a new SOLANA_VERSION environment variable.

Changes

File(s)	Change Summary
.github/workflows/onPushToMain.yml	Added explicit step names; installed pnpm; set Node.js version to 22; replaced GH_TOKEN with SVC_TOKEN.
.github/workflows/onRelease.yml	Added explicit step names; added pnpm installation step; set Node.js version to latest.
.github/workflows/test.yml	Added explicit step names; added pnpm installation step; configured Node.js version and pnpm caching; started validator with Solana version from env.
.github/.env	Added SOLANA_VERSION=1.18.19 environment variable.
test/commands/core/core.burn.test.ts	Added wallet address argument to Solana airdrop command in test setup.
test/commands/core/core.collection.create.test.ts	Added wallet address argument and 10-second delay in test setup; skipped file upload test with comment.
test/commands/core/core.create.test.ts	Added wallet address argument and 10-second delay in test setup; skipped file upload test with comment.
test/runCli.ts	Changed CLI test helper to use http://127.0.0.1:8899 and added -k test-assets/test.json argument.
test-assets/test.json	Added new JSON file containing an array of 64 integer values.
package.json	Added lint:fix script; updated lint script to set ESLINT_USE_FLAT_CONFIG=false; removed posttest script.

Sequence Diagram(s)

No sequence diagram generated as changes primarily involve workflow step naming, test setup adjustments, environment variable additions, and test asset additions without altering control flow or feature logic.

Suggested reviewers

• tonyboylehub

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a3db795 and cc5c9e9.

📒 Files selected for processing (1)

• .github/workflows/onPushToMain.yml (2 hunks)

🔇 Additional comments (1)

.github/workflows/onPushToMain.yml (1)

31-31: Verify GitHub CLI token env-var is correct
The gh api command in the version-check step will authenticate using the environment variable you provide. By default, the CLI picks up GITHUB_TOKEN. Please confirm that setting GH_TOKEN: ${{ secrets.SVC_TOKEN }} works as intended. If not, map your service token to GITHUB_TOKEN instead:

   env:
-    GH_TOKEN: ${{ secrets.SVC_TOKEN }}
+    GITHUB_TOKEN: ${{ secrets.SVC_TOKEN }}

[coderabbitai]

🧹 Nitpick (assertive)

Ensure SVC_TOKEN has minimal required scopes
The release creation step now uses secrets.SVC_TOKEN. Confirm that this secret is configured in the repo and granted only the least privileges needed for creating releases (e.g., repo scope). It’s also helpful to document the required scopes for SVC_TOKEN in your README or a CONTRIBUTING guide.

🤖 Prompt for AI Agents

In .github/workflows/onPushToMain.yml at line 55, verify that the secret
SVC_TOKEN is configured in the repository settings and ensure it has only the
minimal required scopes, such as the 'repo' scope, necessary for creating
releases. Additionally, update the README or CONTRIBUTING guide to document the
required scopes for SVC_TOKEN to inform contributors and maintainers.

[coderabbitai]

Actionable comments posted: 7

♻️ Duplicate comments (1)

test/commands/core/core.create.test.ts (1)

19-19: 🧹 Nitpick (assertive)

Same wallet address duplication issue.

This is the same hardcoded wallet address used across multiple test files. Please see my previous comment about centralizing this constant.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4a4106e and 29cffd1.

📒 Files selected for processing (5)

• test-assets/test.json (1 hunks)
• test/commands/core/core.burn.test.ts (1 hunks)
• test/commands/core/core.collection.create.test.ts (2 hunks)
• test/commands/core/core.create.test.ts (2 hunks)
• test/runCli.ts (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: unit-tests (windows-latest, latest)
• GitHub Check: unit-tests (windows-latest, lts/*)
• GitHub Check: unit-tests (windows-latest, lts/-1)

🔇 Additional comments (1)

test/commands/core/core.collection.create.test.ts (1)

19-19: LGTM! Good practice to use explicit test wallet address.

Using a specific wallet address for the airdrop command improves test reliability and determinism. This ensures the test setup is consistent across different runs.

[coderabbitai]

🧹 Nitpick (assertive)

LGTM! Consider adding documentation for the test data.

The JSON array appears to contain 64 byte values (0-255 range), which suggests cryptographic test data. The format is correct and will integrate well with the CLI's -k flag.

Consider adding a comment or documentation explaining:

• The purpose of this specific test data
• The expected format (64 integers, 0-255 range)
• Whether this represents a key, hash, or other data structure

🤖 Prompt for AI Agents

In test-assets/test.json at line 1, add a comment or accompanying documentation
that explains the purpose of this JSON array test data, clarifies that it
consists of 64 integers each in the 0-255 range, and specifies whether it
represents a cryptographic key, hash, or another data structure to improve
maintainability and clarity.

[coderabbitai]

🧹 Nitpick (assertive)

Consider centralizing the hardcoded wallet address.

Good change to make the test more deterministic by specifying an explicit wallet address instead of relying on defaults.

Consider extracting the wallet address to a shared constant to improve maintainability:

+// At the top of the file or in a shared test utilities file
+const TEST_WALLET_ADDRESS = "TESTfCYwTPxME2cAnPcKvvF5xdPah3PY7naYQEP2kkx"

-            ["toolbox", 'sol', "airdrop", "100", "TESTfCYwTPxME2cAnPcKvvF5xdPah3PY7naYQEP2kkx"]
+            ["toolbox", 'sol', "airdrop", "100", TEST_WALLET_ADDRESS]

This same address appears in multiple test files, so centralizing it would make maintenance easier.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	["toolbox", 'sol', "airdrop", "100", "TESTfCYwTPxME2cAnPcKvvF5xdPah3PY7naYQEP2kkx"]
	// test/commands/core/core.burn.test.ts
	// Extracted test wallet address constant
	const TEST_WALLET_ADDRESS = "TESTfCYwTPxME2cAnPcKvvF5xdPah3PY7naYQEP2kkx";
	describe('core.burn command', () => {
	it('should airdrop SOL to the test wallet', async () => {
	// … other setup …
	// Use the centralized constant here instead of the hardcoded string
	await provider.runCommand([
	"toolbox",
	'sol',
	"airdrop",
	"100",
	TEST_WALLET_ADDRESS
	]);
	// … assertions …
	});
	});

🤖 Prompt for AI Agents

In test/commands/core/core.burn.test.ts at line 9, the hardcoded wallet address
used in the test should be extracted to a shared constant. Create a centralized
constant for this wallet address in a common test utilities file or a constants
module, then import and use that constant in this test and other test files
where the same address appears. This will improve maintainability by avoiding
duplication and making updates easier.

[coderabbitai]

🛠️ Refactor suggestion

Consider making the delay configurable and add justification.

The 10-second delay appears arbitrary and could make tests flaky or unnecessarily slow.

Consider these improvements:

+// Add at the top of the file
+const NETWORK_PROPAGATION_DELAY = parseInt(process.env.TEST_DELAY_MS || '10000')

-        await new Promise(resolve => setTimeout(resolve, 10000))
+        // Wait for network state propagation after airdrop
+        await new Promise(resolve => setTimeout(resolve, NETWORK_PROPAGATION_DELAY))

This makes the delay configurable via environment variables and adds documentation for why the delay is needed.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	await new Promise(resolve => setTimeout(resolve, 10000))
	// At the top of test/commands/core/core.create.test.ts
	// Configurable network propagation delay (ms)
	const NETWORK_PROPAGATION_DELAY = parseInt(process.env.TEST_DELAY_MS || '10000');
	// … elsewhere in the file …
	// Wait for network state propagation after airdrop
	await new Promise(resolve => setTimeout(resolve, NETWORK_PROPAGATION_DELAY))

🤖 Prompt for AI Agents

In test/commands/core/core.create.test.ts at line 25, the fixed 10-second delay
is arbitrary and may cause tests to be flaky or slow. Refactor the code to make
the delay duration configurable through an environment variable, and add a
comment explaining why the delay is necessary to improve clarity and
flexibility.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify that skipped functionality is covered elsewhere.

While skipping file upload tests on localnet is reasonable, ensure this functionality is tested in other environments.

Run this script to check if file upload functionality is tested elsewhere:

---

🏁 Script executed:

#!/bin/bash
# Description: Search for file upload tests in other test environments or files
# Expected: Find alternative test coverage for file upload functionality

echo "Searching for file upload tests..."
rg -A 3 -B 3 "files.*upload|upload.*files|--files" --type ts

echo -e "\nSearching for integration or e2e tests..."
fd -e ts -e js | rg -i "integration|e2e" | head -10

echo -e "\nSearching for test configurations mentioning different networks..."
rg -A 2 -B 2 "mainnet|devnet|testnet" --type json --type ts --type js

Length of output: 13128

---

Add missing file-upload test coverage

I didn’t find any existing tests that actually exercise the --files flag outside of the two skipped units, nor any integration/e2e suite covering uploads. Please add or re-enable tests against a network that supports file uploads (e.g. devnet) or mock the uploader so localnet runs pass.

Key locations to address:

• test/commands/core/core.create.test.ts (around line 60)
• test/commands/core/core.collection.create.test.ts

Example diff to un-skip and target a supported endpoint:

-    // Skipping for now because you can't upload files on localnet
-    it.skip('creates a new asset with --files flag while uploading --image and --json files', async () => {
+    it('creates a new asset with --files flag while uploading --image and --json files (on devnet)', async () => {

Or add a new integration/e2e test under test/integration/ that covers both asset and collection file uploads.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Skipping for now because you can't upload files on localnet
	it.skip('creates a new asset with --files flag while uploading --image and --json files', async () => {
	it('creates a new asset with --files flag while uploading --image and --json files (on devnet)', async () => {
	// …existing test implementation…
	});

🤖 Prompt for AI Agents

In test/commands/core/core.create.test.ts around lines 60 to 61, the test for
creating a new asset with the --files flag is currently skipped due to localnet
limitations. To fix this, either re-enable the test and modify it to run against
a network that supports file uploads such as devnet, or mock the file uploader
functionality so the test can pass on localnet. Additionally, ensure similar
coverage is added or updated in
test/commands/core/core.collection.create.test.ts or by adding new
integration/e2e tests under test/integration/ that cover file upload scenarios
for both assets and collections.

[coderabbitai]

🧹 Nitpick (assertive)

Consider making the key file path configurable.

The URL change from localhost to 127.0.0.1 is fine, and the addition of the -k flag properly integrates the new test data file.

Consider making the key file path configurable to improve flexibility:

+// Add near the top of the file
+const DEFAULT_KEY_FILE = 'test-assets/test.json'
+const RPC_URL = 'http://127.0.0.1:8899'

-        const child = spawn('node', [CLI_PATH, ...args, '-r', 'http://127.0.0.1:8899', '-k', 'test-assets/test.json'], {
+        const keyFile = process.env.CLI_KEY_FILE || DEFAULT_KEY_FILE
+        const child = spawn('node', [CLI_PATH, ...args, '-r', RPC_URL, '-k', keyFile], {

This allows tests to override the key file path when needed while maintaining the current default behavior.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const child = spawn('node', [CLI_PATH, ...args, '-r', 'http://127.0.0.1:8899', '-k', 'test-assets/test.json'], {
	// At the top of test/runCli.ts
	const DEFAULT_KEY_FILE = 'test-assets/test.json'
	const RPC_URL = 'http://127.0.0.1:8899'
	// …later in the runCli function…
	// allow overriding the key‐file path via an environment variable
	const keyFile = process.env.CLI_KEY_FILE || DEFAULT_KEY_FILE
	- const child = spawn('node', [CLI_PATH, ...args, '-r', 'http://127.0.0.1:8899', '-k', 'test-assets/test.json'], {
	+ const child = spawn('node', [CLI_PATH, ...args, '-r', RPC_URL, '-k', keyFile], {
	cwd: projectDir,
	stdio: 'inherit',
	})

🤖 Prompt for AI Agents

In test/runCli.ts at line 9, the key file path 'test-assets/test.json' is
hardcoded in the spawn arguments. Refactor the code to accept the key file path
as a configurable parameter with a default value of 'test-assets/test.json'.
Update the spawn call to use this configurable path so tests can override it
when necessary while preserving the current default behavior.

[coderabbitai]

🧹 Nitpick (assertive)

Good documentation of localnet limitations.

The comment clearly explains why the test is skipped. However, consider adding a TODO or tracking issue to ensure this test gets re-enabled when file upload support is available in the test environment.

-    // Skipping for now because you can't upload files on localnet
+    // TODO: Re-enable when file uploads are supported on localnet
+    // Tracking issue: [add issue number if available]

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In test/commands/core/core.collection.create.test.ts around lines 36 to 37, the
test is skipped with a comment explaining localnet limitations. Add a TODO
comment or reference a tracking issue above the skip line to ensure this test is
revisited and re-enabled once file upload support is available in the test
environment.

[coderabbitai]

🧹 Nitpick (assertive)

Consider making the delay configurable.

The 10-second delay is reasonable for allowing network propagation, but consider making this configurable through an environment variable or test configuration to avoid unnecessarily slow tests in faster environments.

-        await new Promise(resolve => setTimeout(resolve, 10000))
+        const delay = process.env.TEST_AIRDROP_DELAY ? parseInt(process.env.TEST_AIRDROP_DELAY) : 10000
+        await new Promise(resolve => setTimeout(resolve, delay))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	await new Promise(resolve => setTimeout(resolve, 10000))
	const delay = process.env.TEST_AIRDROP_DELAY
	? parseInt(process.env.TEST_AIRDROP_DELAY, 10)
	: 10000
	await new Promise(resolve => setTimeout(resolve, delay))

🤖 Prompt for AI Agents

In test/commands/core/core.collection.create.test.ts at line 25, the fixed
10-second delay should be made configurable to improve test flexibility. Replace
the hardcoded 10000 ms delay with a value read from an environment variable or
test configuration, providing a default fallback of 10000 ms if the variable is
not set. This allows adjusting the delay duration based on the environment
without changing the code.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 29cffd1 and a7a6112.

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: unit-tests (windows-latest, latest)
• GitHub Check: unit-tests (windows-latest, lts/*)
• GitHub Check: unit-tests (windows-latest, lts/-1)

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Ensure the validator command doesn’t block the test suite
The new "test": "pnpm validator && mocha …" hook will only run Mocha if pnpm validator exits cleanly. If amman start (used in your validator script) stays alive, the mocha step will never execute. Please verify that the validator process terminates on its own or is intentionally backgrounded (for example: pnpm validator &). You may also consider adding Mocha’s --exit flag to force the runner to terminate after tests complete.

---

🏁 Script executed:

#!/bin/bash
# Extract the "validator" script from package.json to verify its behavior
jq -r '.scripts.validator' package.json

Length of output: 82

---

Ensure the validator command terminates so Mocha can run
Your "test" script currently uses pnpm validator && mocha…, but pnpm validator runs CI=1 amman start…, which by default spins up a long-running process and never exits—so mocha is never invoked. Please update your test hook to either background or terminate the validator before running tests. For example:

--- package.json:113
- "test": "pnpm validator && mocha --forbid-only \"test/**/*.test.ts\"",
+ "test": "pnpm validator & mocha --forbid-only \"test/**/*.test.ts\" --exit",

Alternatively, if Amman provides a validation-only mode or exit flag, use that in place of start, or chain a command to shut it down before invoking Mocha.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"test": "pnpm validator && mocha --forbid-only \"test/**/*.test.ts\"",
	"test": "pnpm validator & mocha --forbid-only \"test/**/*.test.ts\" --exit",

🤖 Prompt for AI Agents

In package.json at line 113, the "test" script runs "pnpm validator && mocha
..." but the validator command starts a long-running process that never exits,
preventing Mocha from running. Modify the "test" script to either run the
validator command in the background (e.g., "pnpm validator &") so Mocha can
start immediately, or change the validator command to a mode that exits after
validation. Alternatively, chain a command to stop the validator process before
running Mocha. Also consider adding Mocha's "--exit" flag to ensure it
terminates properly after tests complete.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a7a6112 and f6fc0ae.

📒 Files selected for processing (3)

• .github/.env (1 hunks)
• .github/workflows/test.yml (1 hunks)
• package.json (1 hunks)

🔇 Additional comments (5)

.github/.env (1)

1-1: Add SOLANA_VERSION environment variable
Introducing SOLANA_VERSION=1.18.19 enables consistent Solana validator setup across workflows.

.github/workflows/test.yml (4)

16-17: Add explicit Checkout step
Naming the checkout step and pinning to actions/checkout@v4 improves clarity and ensures reproducible behavior.

---

20-21: Install pnpm explicitly
Leveraging pnpm/action-setup@v4 guarantees a consistent pnpm version and integrates caching.

---

22-23: Setup Node.js with pnpm cache
Using actions/setup-node@v4 with cache: pnpm speeds up installs and aligns with pnpm usage.

---

27-31: Start Solana validator with configured versions
This step correctly injects both the Node.js and Solana versions into the validator invocation, matching the new .env schema.

[coderabbitai]

🧹 Nitpick (assertive)

Minor: Removed trailing newline
This change only removes the final newline—no functional or configuration impact. Consider retaining a POSIX-compliant newline at end-of-file for tooling consistency.

🤖 Prompt for AI Agents

In package.json at line 121, a trailing newline was removed. To maintain POSIX
compliance and ensure compatibility with various tools, add a newline character
at the end of the file after the closing brace.

[coderabbitai]

🧹 Nitpick (assertive)

Ensure cross-platform loading of env vars
Using cat .github/.env >> $GITHUB_ENV works on Linux but may behave unexpectedly on Windows (PowerShell). Consider specifying the shell to bash:

 - name: Load environment variables
   run: cat .github/.env >> $GITHUB_ENV
 + shell: bash

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Load environment variables
	run: cat .github/.env >> $GITHUB_ENV
	- name: Load environment variables
	run: cat .github/.env >> $GITHUB_ENV
	shell: bash

🤖 Prompt for AI Agents

In .github/workflows/test.yml at lines 18 to 19, the current command uses 'cat
.github/.env >> $GITHUB_ENV' which may not work correctly on Windows runners
using PowerShell. To fix this, explicitly specify the shell as bash for this
step by adding 'shell: bash' under the run command. This ensures consistent
cross-platform behavior when loading environment variables.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/test.yml (1)

18-19: 🧹 Nitpick (assertive)

Ensure cross-platform loading of environment variables
Using cat .github/.env >> $GITHUB_ENV may not work on Windows runners by default. Specify the shell as bash for consistency:

-      - name: Load environment variables
-        run: cat .github/.env >> $GITHUB_ENV
+      - name: Load environment variables
+        shell: bash
+        run: cat .github/.env >> $GITHUB_ENV

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f6fc0ae and adb5012.

📒 Files selected for processing (1)

• .github/workflows/test.yml (1 hunks)

🔇 Additional comments (3)

.github/workflows/test.yml (3)

16-17: Approve checkout step
Explicitly naming the checkout step and using actions/checkout@v4 is clear and correct.

---

20-21: Approve pnpm installation step
The pnpm/action-setup@v4 step correctly installs pnpm ahead of the Node.js setup.

---

22-26: Approve Node.js setup with pnpm caching
Using actions/setup-node@v4 with cache: pnpm aligns with best practices for caching dependencies.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (2)

.github/workflows/onPushToMain.yml (2)

39-39: Ensure minimal scopes for SVC_TOKEN usage
Confirm that secrets.SVC_TOKEN is configured with only the permissions needed for GitHub API operations (e.g., repo scope).

---

63-63: Token replacement for release action
The token: ${{ secrets.SVC_TOKEN }} change matches the update above. Ensure this secret has minimal privileges as documented.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between adb5012 and 1881c75.

📒 Files selected for processing (4)

• .github/workflows/onPushToMain.yml (3 hunks)
• .github/workflows/onRelease.yml (1 hunks)
• .github/workflows/test.yml (1 hunks)
• package.json (2 hunks)

🔇 Additional comments (9)

.github/workflows/onPushToMain.yml (3)

12-13: Explicit checkout step is clear and correct
This names the checkout step and pins to actions/checkout@v4, aligning with other workflows.

---

14-15: Loading environment variables from .github/.env
This correctly exports the variables into $GITHUB_ENV on Ubuntu runners.

---

16-17: Install pnpm before Node setup
Using pnpm/action-setup@v4 ensures pnpm is available for subsequent steps.

.github/workflows/onRelease.yml (3)

11-12: Explicitly named checkout step
Renaming and pinning the checkout action to actions/checkout@v4 improves clarity and consistency with other workflows.

---

13-14: Load environment variables for publish workflow
Sourcing .github/.env into $GITHUB_ENV ensures environment consistency across your workflows.

---

15-16: Install pnpm explicitly
Pre-installing pnpm guarantees that subsequent commands use pnpm consistently.

.github/workflows/test.yml (3)

11-11: Confirm Windows exclusion is intentional
You’ve restricted the matrix.os to only ubuntu-latest, dropping Windows coverage. If this is deliberate, document it in the workflow or README to inform contributors.

---

16-23: Setup steps consistency
Explicitly naming and ordering the checkout, env loading, pnpm installation, and Node setup steps aligns with other workflows and ensures environment consistency.

---

27-33: Validator step configuration
With Windows runners removed, the Start validator step will only run on Linux, making an explicit OS filter redundant. The cache and artifacts flags are appropriate for performance.

[coderabbitai]

🧹 Nitpick (assertive)

Pin Node.js version explicitly
Specifying node-version: 22 helps ensure consistency, but consider using a semver range ("22.x") to automatically pick up patch and minor releases.

🤖 Prompt for AI Agents

In .github/workflows/onPushToMain.yml at lines 18 to 21, the Node.js version is
pinned to the exact version 22, which may prevent automatic updates for patch
and minor releases. Change the node-version value from 22 to "22.x" to allow the
workflow to use the latest patch and minor versions within the major version 22,
ensuring better consistency and updates.

[coderabbitai]

🧹 Nitpick (assertive)

Use fixed Node.js version over latest
While node-version: latest picks up the newest Node.js, pinning to a specific LTS (e.g., 18.x or 20.x) can prevent unexpected breakages when new major releases arrive.

🤖 Prompt for AI Agents

In .github/workflows/onRelease.yml at lines 17 to 20, replace the node-version
value from 'latest' to a specific LTS version like '18.x' or '20.x' to ensure
consistent and stable Node.js environment and avoid unexpected breakages from
new major releases.

[coderabbitai]

🛠️ Refactor suggestion

Ensure cross-platform environment variable syntax
The prefix ESLINT_USE_FLAT_CONFIG=false works on Unix shells but breaks on Windows. Use cross-env to support all platforms:

"lint": "cross-env ESLINT_USE_FLAT_CONFIG=false eslint . --ext .ts",
"lint:fix": "cross-env ESLINT_USE_FLAT_CONFIG=false eslint . --ext .ts --fix",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"lint": "ESLINT_USE_FLAT_CONFIG=false eslint . --ext .ts",
	"lint:fix": "ESLINT_USE_FLAT_CONFIG=false eslint . --ext .ts --fix",
	- "lint": "ESLINT_USE_FLAT_CONFIG=false eslint . --ext .ts",
	+ "lint": "cross-env ESLINT_USE_FLAT_CONFIG=false eslint . --ext .ts",
	- "lint:fix": "ESLINT_USE_FLAT_CONFIG=false eslint . --ext .ts --fix",
	+ "lint:fix": "cross-env ESLINT_USE_FLAT_CONFIG=false eslint . --ext .ts --fix",

🤖 Prompt for AI Agents

In package.json at lines 109 to 110, the environment variable prefix for
ESLINT_USE_FLAT_CONFIG is set using Unix shell syntax, which breaks on Windows.
To fix this, install the cross-env package and prefix the lint and lint:fix
scripts with "cross-env" so the environment variable is set in a cross-platform
compatible way.