chore: release v1.3.3

[miccy]

Pull Request

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context.

Changelog

[1.3.3] - 2025-11-30

Added

• Community sections to English and Czech READMEs
• Shared Renovate configuration preset documentation in READMEs
• Automated release notes extraction from CHANGELOG.md in release.yml

Changed

• Updated scripts/release.sh to support releases from *-dev branches (e.g., claude-dev, gemini-dev)
• Updated release script instructions to reflect the automated release process
• Updated docs/RELEASE_WORKFLOW.md and cs/docs/RELEASE_WORKFLOW.md to reflect *-dev branch support

Fixed

• Cleaned up .coderabbit.yaml configuration

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

Summary by CodeRabbit

• Chores

  • Version bumped to 1.3.3 across scripts and tooling; CHANGELOG updated with a new 1.3.3 section and an outdated line removed from the prior release.

• Chores / Configuration

  • CI/tooling configuration adjusted to enable additional linters/security checks and refine PR title guidance; some configuration flags consolidated.

• Documentation

  • Contributor/agent guidelines expanded with mandatory changelog updates and bilingual-documentation synchronization rules.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updates version identifiers to 1.3.3 across multiple shell scripts, adds a new 1.3.3 section to CHANGELOG.md while removing one bullet from the 1.3.2 entry, and adjusts configuration and AI assistant guidance in .coderabbit.yaml, AGENTS.md, and cs/AGENTS.md. No runtime control-flow or exported API changes.

Changes

Cohort / File(s)	Summary
CHANGELOG update CHANGELOG.md	Added a new 1.3.3 section (Added, Changed, Fixed) and removed the bullet about scripts/release.sh from the 1.3.2 entry.
Shell script version bumps scripts/check-github-repos.sh, scripts/full-audit.sh, scripts/harden-npm.sh, scripts/quick-audit.sh, scripts/set-language.sh	Updated embedded version constant/string from 1.3.1 → 1.3.3; no other logic or control-flow changes.
Detect script version bump scripts/detect.sh	Updated VERSION from 1.3.2 → 1.3.3; no other changes.
Configuration and tooling .coderabbit.yaml	Removed top-level version field; switched integrations flags to usage: disabled; added tools block enabling linters/security tools and auto_title_instructions; minor structural/format adjustments.
AI assistant guidelines AGENTS.md, cs/AGENTS.md	Removed a documentation bullet and added two new guidelines: mandatory changelog updates (Keep a Changelog enforcement) and a bilingual documentation synchronization rule.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Files to inspect closely:
  • .coderabbit.yaml — validate schema/keys for tooling and integrations.
  • AGENTS.md and cs/AGENTS.md — ensure bilingual guidance is consistent and clear.
  • CHANGELOG.md — confirm 1.3.3 content and the removed 1.3.2 bullet.
  • Shell scripts — quick diff to confirm only version strings changed.

Possibly related PRs

• Preview/v1.3.1 #5 — Related: adjusts script versioning and changelog entries touching the same release tooling.

Poem

✨ A tiny bump, a changelog cheer,
Scripts now whisper "one three three" near.
Configs refined and guidelines set,
Small edits folded into the net. 🎉

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: release v1.3.3' directly and clearly summarizes the main change—a version release. It follows Conventional Commits format and accurately reflects the PR's primary objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch preview/v1.3.3

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 31228ed and abaef5e.

📒 Files selected for processing (2)

• .coderabbit.yaml (2 hunks)
• CHANGELOG.md (1 hunks)

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/scripts/**/*.sh : Breaking changes to public script APIs must not be made without proper versioning and migration documentation

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/**/CHANGELOG.md : CHANGELOG.md must be updated when detekční logika is added or modified

Applied to files:

• CHANGELOG.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to scripts/**/*.sh : All detection scripts must include documentation in `DETECTION.md` and updates to `CHANGELOG.md`

Applied to files:

• CHANGELOG.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Prioritize changes in order: critical security updates (new IOCs, vulnerability fixes), broken functionality, documentation accuracy, enhancements, then style/formatting

Applied to files:

• CHANGELOG.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to scripts/**/*.sh : Maintain safety checks in all detection scripts and never auto-run security scripts without explicit user confirmation

Applied to files:

• CHANGELOG.md

🔇 Additional comments (2)

CHANGELOG.md (1)

8-26: ✅ CHANGELOG.md 1.3.3 section looks great!

Glad to see the scripts/detect.sh enhancements are now properly documented (line 19). The 1.3.3 entry is comprehensive and captures the key improvements across release workflow, configuration management, and CI/CD support.

.coderabbit.yaml (1)

29-56: 🎉 Excellent structural fixes to .coderabbit.yaml!

The configuration now correctly follows the CodeRabbit schema:

✅ Tools properly nested under reviews (lines 32-43) — no longer misplaced under chat
✅ auto_title_instructions under reviews (lines 45-46) — with clear Conventional Commits guidance
✅ chat section focused (lines 48-56) — containing only auto_reply and integrations
✅ Integration settings valid — usage: disabled correctly replaces previous invalid format
✅ request_changes_workflow enabled (lines 29-30) — enables auto-approval workflow

The previous critical schema violation has been resolved. Your linter configuration (ShellCheck, Markdownlint, Actionlint, Gitleaks, YAMLLint) is now properly recognized and will be applied during reviews.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

scripts/detect.sh (1)

70-99: Trap and output file handling are well-implemented.

The cleanup logic is solid:

• Pre-creates output file so CI artifacts can upload even on early exit
• Trap ensures summary is always appended (normal or error exits)
• Gracefully handles missing OUTPUT_FILE

Consider adding a brief inline comment explaining the trap's purpose for maintainability.

CHANGELOG.md (1)

1-7: Consider updating PR description to reflect actual changes.

The PR title indicates "chore: release v1.3.3," but the PR body shows an unfilled template with a changelog placeholder. For clarity and traceability, consider filling in the PR description with a summary of what's included in this release (version bumps, detect.sh enhancements, CHANGELOG updates, etc.).

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fd90f89 and fbe7d02.

📒 Files selected for processing (7)

• CHANGELOG.md (1 hunks)
• scripts/check-github-repos.sh (1 hunks)
• scripts/detect.sh (1 hunks)
• scripts/full-audit.sh (1 hunks)
• scripts/harden-npm.sh (1 hunks)
• scripts/quick-audit.sh (1 hunks)
• scripts/set-language.sh (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.sh

📄 CodeRabbit inference engine (AGENTS.md)

**/*.sh: Use English comments only in shell script files (.sh)
Use shellcheck for validation of all shell script modifications

Files:

• scripts/quick-audit.sh
• scripts/check-github-repos.sh
• scripts/harden-npm.sh
• scripts/set-language.sh
• scripts/full-audit.sh
• scripts/detect.sh

scripts/**/*.sh

📄 CodeRabbit inference engine (AGENTS.md)

scripts/**/*.sh: Scripts must be tested for compatibility with both macOS and Linux before suggesting modifications
Maintain safety checks in all detection scripts and never auto-run security scripts without explicit user confirmation
All detection scripts must include documentation in DETECTION.md and updates to CHANGELOG.md

Files:

• scripts/quick-audit.sh
• scripts/check-github-repos.sh
• scripts/harden-npm.sh
• scripts/set-language.sh
• scripts/full-audit.sh
• scripts/detect.sh

🧠 Learnings (6)

📓 Common learnings

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/scripts/**/*.sh : Breaking changes to public script APIs must not be made without proper versioning and migration documentation

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to scripts/**/*.sh : All detection scripts must include documentation in `DETECTION.md` and updates to `CHANGELOG.md`

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/scripts/**/*.sh : Breaking changes to public script APIs must not be made without proper versioning and migration documentation

Applied to files:

• scripts/quick-audit.sh
• scripts/harden-npm.sh
• scripts/full-audit.sh
• scripts/detect.sh

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to scripts/**/*.sh : All detection scripts must include documentation in `DETECTION.md` and updates to `CHANGELOG.md`

Applied to files:

• scripts/detect.sh
• CHANGELOG.md

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/**/CHANGELOG.md : CHANGELOG.md must be updated when detekční logika is added or modified

Applied to files:

• CHANGELOG.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Prioritize changes in order: critical security updates (new IOCs, vulnerability fixes), broken functionality, documentation accuracy, enhancements, then style/formatting

Applied to files:

• CHANGELOG.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to scripts/**/*.sh : Maintain safety checks in all detection scripts and never auto-run security scripts without explicit user confirmation

Applied to files:

• CHANGELOG.md

🔇 Additional comments (6)

scripts/set-language.sh (1)

2-2: Version bump looks good.

Consistent version update across the release. The script correctly exposes this via the --version flag.

scripts/quick-audit.sh (1)

2-2: Version bump approved. Verify DETECTION.md was updated.

The version bump is consistent. However, per coding guidelines, detection scripts require documentation updates. Please confirm that DETECTION.md and cs/docs/DETECTION.md (if applicable) have been updated to reflect any changes to this audit script.

scripts/full-audit.sh (1)

20-20: Version bump approved. Verify DETECTION.md was updated.

Version is consistent with the release. Please confirm that documentation in DETECTION.md has been updated to reflect this audit script's capabilities.

scripts/check-github-repos.sh (1)

2-2: Version bump approved. Verify DETECTION.md was updated.

Version is consistent with the release. Please ensure that DETECTION.md documentation reflects any GitHub-specific detection capabilities in this script.

scripts/detect.sh (1)

26-26: Version bump approved, but functional changes need CHANGELOG documentation.

The version bump is consistent. However, lines 70–99 contain significant functional additions (OUTPUT_FILE handling for CI, trap setup for summary generation on exit) that should be documented in CHANGELOG.md under the 1.3.3 section.

The AI summary states "no functional modifications," but this file includes:

• Output file path normalization for CI environments (lines 72–81)
• Exit trap to write scan summary (lines 84–98)

Please confirm these changes are intentional for this release and update the CHANGELOG accordingly.

scripts/harden-npm.sh (1)

2-2: Version bump approved.

Consistent version update. The script maintains good safety practices with dry-run mode as default.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 58ede88 and 31228ed.

📒 Files selected for processing (4)

• .coderabbit.yaml (2 hunks)
• AGENTS.md (1 hunks)
• CHANGELOG.md (1 hunks)
• cs/AGENTS.md (1 hunks)

🧰 Additional context used

🧠 Learnings (16)

📓 Common learnings

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/scripts/**/*.sh : Breaking changes to public script APIs must not be made without proper versioning and migration documentation

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/**/CHANGELOG.md : CHANGELOG.md must be updated when detekční logika is added or modified

Applied to files:

• cs/AGENTS.md
• CHANGELOG.md

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/docs/**/*.md : All .md files in docs/ directory must maintain feature parity between English and Czech versions

Applied to files:

• cs/AGENTS.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/**/{CONTRIBUTING.md,CONTRIBUTING-cs.md} : CONTRIBUTING guides must exist in both English (CONTRIBUTING.md) and Czech (CONTRIBUTING-cs.md) versions

Applied to files:

• cs/AGENTS.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Documentation updates affecting both English and Czech versions must be synchronized in commits using scopes: `docs(en)`, `docs(cs)`, or `docs(all)`

Applied to files:

• cs/AGENTS.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/{README.md,cs/README.md} : Root README files must exist in both English (README.md) and Czech (cs/README.md) versions with identical feature parity

Applied to files:

• cs/AGENTS.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to README.md : Root README files must maintain bilingual support with `README.md` for English and `cs/README.md` for Czech versions

Applied to files:

• cs/AGENTS.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/docs/**/*.md : Documentation updates must include commit message scope indicating affected language(s): 'docs(en)', 'docs(cs)', or 'docs(all)'

Applied to files:

• cs/AGENTS.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: When updating documentation, both English and Czech versions must be updated simultaneously to maintain feature parity

Applied to files:

• cs/AGENTS.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/docs/**/*.md : Technical terms (CVE, IOC, etc.) must remain in English in both Czech and English language documentation

Applied to files:

• cs/AGENTS.md

📚 Learning: 2025-11-30T14:28:26.180Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: cs/AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:26.180Z
Learning: Applies to cs/docs/**/*.md : Code examples in documentation must be identical across both English and Czech versions

Applied to files:

• cs/AGENTS.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to docs/**/*.md : All `.md` files in `docs/` must have both English (EN) and Czech (CS) versions with identical content structure and identical code examples

Applied to files:

• cs/AGENTS.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to docs/**/*.md : Technical terms (CVE, IOC, etc.) must remain in English in both English and Czech versions of documentation

Applied to files:

• cs/AGENTS.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to scripts/**/*.sh : All detection scripts must include documentation in `DETECTION.md` and updates to `CHANGELOG.md`

Applied to files:

• CHANGELOG.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Prioritize changes in order: critical security updates (new IOCs, vulnerability fixes), broken functionality, documentation accuracy, enhancements, then style/formatting

Applied to files:

• CHANGELOG.md
• AGENTS.md

📚 Learning: 2025-11-30T14:28:13.600Z

Learnt from: CR
Repo: miccy/dont-be-shy-hulud PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-30T14:28:13.600Z
Learning: Applies to scripts/**/*.sh : Maintain safety checks in all detection scripts and never auto-run security scripts without explicit user confirmation

Applied to files:

• CHANGELOG.md

🔇 Additional comments (3)

CHANGELOG.md (1)

8-24: ✅ Past review concern resolved—detect.sh enhancements now documented.

The 1.3.3 section now properly includes the detect.sh output handling enhancement (line 18) that was flagged as missing in the previous review. The changelog entries align with the broader PR changes and follow the Keep a Changelog format correctly.

cs/AGENTS.md (1)

105-114: ✅ Bilingual guidelines properly formalized in Czech.

The new sections on Changelog Updates (lines 105–108) and Bilingual Documentation Rule (lines 110–113) clearly codify the maintenance requirements. These guidelines align with the learnings documented for this repository and provide clear expectations for contributors. As per learnings, both English and Czech versions must be synchronized, and the corresponding English version (AGENTS.md) mirrors these guidelines appropriately.

AGENTS.md (1)

103-111: ✅ Bilingual guidelines properly formalized in English.

The new Changelog Updates section (lines 103–106) and Bilingual Documentation Rule (lines 108–111) codify essential maintenance practices. These guidelines align with the PR objectives and formalize documented learnings about keeping English and Czech versions synchronized while maintaining changelog discipline.