chore(ci): update installations via mise#153
Open
coryrylan wants to merge 1 commit into
Open
Conversation
github-actions
Bot
added
scope(ci)
scope(internals)
scope(docs)
dependencies
ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Enterprise Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (32)
💤 Files with no reviewable changes (2)
📝 WalkthroughWalkthroughThe PR replaces nvm/corepack-based hook and CI setup with mise-based tool resolution and execution, updates toolchain manifests and validation, rewires Git hooks and starter build inputs, and revises repository documentation and troubleshooting guidance. ChangesMise toolchain migration
Sequence Diagram(s)sequenceDiagram
participant ReleaseJob as release job
participant SetupCI as .github/actions/setup-ci
participant MiseAction as jdx/mise-action
participant pnpm as pnpm
participant vale as vale
ReleaseJob->>SetupCI: uses setup-ci with install-playwright='false'
SetupCI->>MiseAction: installs pinned tools
SetupCI->>pnpm: resolves store and installs dependencies
SetupCI->>vale: runs vale sync
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.agents/hooks/lib/node-env.sh:
- Around line 48-65: The `hook_mise_exec` and `hook_mise_run` wrappers in
`node-env.sh` currently call `cd "$working_dir"` without guarding failures, so
the subsequent `mise` command can run in the wrong directory if the
change-directory fails. Update both functions to make the subshell exit
immediately when `cd` fails, using a subshell-safe guard such as `|| exit 1`,
and keep the logic localized to `hook_mise_exec` and `hook_mise_run` so callers
always execute in the intended project directory.
In @.husky/mise.sh:
- Line 1: Add a ShellCheck shell directive at the top of the sourced Husky
script so SC2148 no longer fires and linting uses the correct target shell.
Update the .husky/mise.sh bootstrap around resolve_mise_bin() to declare the
script as sh-compatible, since Husky sources it under sh and a shebang is not
appropriate here.
In `@AGENTS.md`:
- Around line 27-44: The bootstrap example under Common Commands uses mise
directly even though the setup note says it may not be on PATH; update that
example to use the full ~/.local/bin/mise path consistently. Make the change in
the repository setup snippet so the documented install-and-setup flow works in a
fresh shell, and keep the rest of the AGENTS.md setup steps unchanged.
In `@package.json`:
- Line 338: The prepare command is starting the Playwright install in the
background without waiting for it to finish, so the browser download may be
interrupted during local setup. Update the package.json prepare script that runs
pnpm run playwright, node .husky/install.mjs, and vale sync so the subshell
waits for the backgrounded Playwright task to complete before exiting, using the
existing prepare command entry as the place to fix it.
In `@projects/site/src/docs/internal/guidelines/troubleshooting.md`:
- Around line 239-247: The Node version example under the troubleshooting
guidance is incorrect because the expected output for `node --version` is
missing the leading v. Update the example in the `mise exec -- node --version`
section so it matches the actual output format (`v26.4.0`), keeping the
surrounding `mise install` and version-check instructions unchanged.
In `@projects/starters/go/package.json`:
- Around line 7-26: The Go starter build currently writes to bin/go-starter
without ensuring bin/ exists first, so update the build flow to create the
output directory before invoking go build. Adjust the wireit build command in
package.json to prepare bin/ before writing the binary, and make sure the
preview script also uses the same directory-creation step before running the
compiled starter.
In `@README.md`:
- Around line 37-40: The bootstrap snippet in the README skips the required
trust step before running setup. Update the setup instructions to include the
project-root trust command before the existing `mise run setup` call, keeping
the flow in the same install block so users trust the repo first and then run
setup.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: f3852c9a-76ba-43db-998a-4582171f6501
⛔ Files ignored due to path filters (2)
mise.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (28)
.agents/hooks/lib/node-env.sh.agents/hooks/post-tool-use-edit-write.sh.agents/hooks/pre-tool-use-edit-write.sh.agents/hooks/session-start.sh.agents/hooks/stop.sh.github/actions/setup-ci/action.yml.github/workflows/ci.yml.gitignore.husky/commit-msg.husky/mise.sh.husky/post-checkout.husky/post-commit.husky/post-merge.husky/pre-commit.husky/pre-push.nvmrcAGENTS.mdREADME.mdconfig/docker/ci.dockerfileconfig/vale/install.mjsknip.config.jsmise.tomlpackage.jsonprojects/internals/BUILD.mdprojects/internals/ci/ci-validate.jsprojects/site/src/docs/internal/guidelines/troubleshooting.mdprojects/starters/go/package.jsonprojects/starters/package.json
💤 Files with no reviewable changes (2)
- config/docker/ci.dockerfile
- config/vale/install.mjs
| @@ -0,0 +1,31 @@ | |||
| resolve_mise_bin() { | |||
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Add a ShellCheck shell directive.
This file is sourced (not executed), so a shebang isn't appropriate, but ShellCheck reports SC2148 because it can't infer the target shell. Since Husky runs hooks under sh, add a directive so linting is accurate and CI ShellCheck doesn't error.
🔧 Proposed fix
+# shellcheck shell=sh
resolve_mise_bin() {📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| resolve_mise_bin() { | |
| # shellcheck shell=sh | |
| resolve_mise_bin() { |
🧰 Tools
🪛 Shellcheck (0.11.0)
[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
(SC2148)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.husky/mise.sh at line 1, Add a ShellCheck shell directive at the top of the
sourced Husky script so SC2148 no longer fires and linting uses the correct
target shell. Update the .husky/mise.sh bootstrap around resolve_mise_bin() to
declare the script as sh-compatible, since Husky sources it under sh and a
shebang is not appropriate here.
Source: Linters/SAST tools
| }, | ||
| "prepare": { | ||
| "command": "test -n \"$CI\" || (pnpm run playwright & node .husky/install.mjs ; node config/vale/install.mjs)" | ||
| "command": "test -n \"$CI\" || (pnpm run playwright & node .husky/install.mjs ; vale sync)" |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win
Backgrounded Playwright install is never awaited.
pnpm run playwright & runs detached, then the subshell exits after vale sync. The triggering install process can terminate before the Playwright browser download completes (and may SIGHUP the orphaned job), leaving browsers partially installed during local prepare. Add a wait so the parallelized install is allowed to finish.
🔧 Proposed fix
- "command": "test -n \"$CI\" || (pnpm run playwright & node .husky/install.mjs ; vale sync)"
+ "command": "test -n \"$CI\" || (pnpm run playwright & node .husky/install.mjs ; vale sync ; wait)"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "command": "test -n \"$CI\" || (pnpm run playwright & node .husky/install.mjs ; vale sync)" | |
| "command": "test -n \"$CI\" || (pnpm run playwright & node .husky/install.mjs ; vale sync ; wait)" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 338, The prepare command is starting the Playwright
install in the background without waiting for it to finish, so the browser
download may be interrupted during local setup. Update the package.json prepare
script that runs pnpm run playwright, node .husky/install.mjs, and vale sync so
the subshell waits for the backgrounded Playwright task to complete before
exiting, using the existing prepare command entry as the place to fix it.
Comment on lines
+239
to
247
| - **Solution:** Install the repository toolchain with mise | ||
|
|
||
| ```shell | ||
| # Install correct version from .nvmrc | ||
| nvm install | ||
| nvm use | ||
| # Install tool versions from mise.toml | ||
| mise install | ||
|
|
||
| # Verify version | ||
| node --version # Should show 26.1.0 | ||
| mise exec -- node --version # Should show 26.4.0 | ||
| ``` |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor
🧩 Analysis chain
🏁 Script executed:
sed -n '232,252p' projects/site/src/docs/internal/guidelines/troubleshooting.mdRepository: NVIDIA/elements
Length of output: 625
Fix the Node version example output.
node --version prints v26.4.0, so the expected output should include the v prefix.
Proposed fix
-mise exec -- node --version # Should show 26.4.0
+mise exec -- node --version # Should show v26.4.0📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - **Solution:** Install the repository toolchain with mise | |
| ```shell | |
| # Install correct version from .nvmrc | |
| nvm install | |
| nvm use | |
| # Install tool versions from mise.toml | |
| mise install | |
| # Verify version | |
| node --version # Should show 26.1.0 | |
| mise exec -- node --version # Should show 26.4.0 | |
| ``` |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@projects/site/src/docs/internal/guidelines/troubleshooting.md` around lines
239 - 247, The Node version example under the troubleshooting guidance is
incorrect because the expected output for `node --version` is missing the
leading v. Update the example in the `mise exec -- node --version` section so it
matches the actual output format (`v26.4.0`), keeping the surrounding `mise
install` and version-check instructions unchanged.
Comment on lines
+37
to
40
| # install dependencies https://mise.en.dev/getting-started.html | ||
| curl https://mise.run | sh | ||
| ~/.local/bin/mise run setup | ||
| ``` |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Locate README and relevant references to mise setup/trust
git ls-files | rg -n '^README\.md$|mise|trust|setup' || true
echo '--- README.md excerpt ---'
nl -ba README.md | sed -n '1,120p'
echo '--- Search for trust/setup references across repo ---'
rg -n "mise trust|mise run setup|curl https://mise.run|mise\.run|gettings?-started|setup" .Repository: NVIDIA/elements
Length of output: 785
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Show the exact README region around the disputed lines and any surrounding instructions
nl -ba README.md | sed -n '30,50p'
# Find any docs or scripts that define the intended bootstrap flow
rg -n "trust|mise run setup|mise install|curl https://mise.run|bootstrap|bootstrap path" README.md .github . 2>/dev/null || trueRepository: NVIDIA/elements
Length of output: 193
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Inspect the README section and any project files that define mise behavior
nl -ba README.md | sed -n '34,45p'
echo '--- Project files mentioning mise ---'
fd -HI 'mise*' . || true
echo '--- Relevant config contents ---'
for f in .mise.toml mise.toml .tool-versions .config/mise/config.toml; do
if [ -f "$f" ]; then
echo "### $f"
nl -ba "$f" | sed -n '1,220p'
fi
doneRepository: NVIDIA/elements
Length of output: 193
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo '--- README.md around lines 34-45 ---'
sed -n '34,45p' README.md
echo '--- mise.toml ---'
sed -n '1,220p' mise.toml
echo '--- .github/actions/setup-ci/action.yml (if relevant) ---'
sed -n '1,220p' .github/actions/setup-ci/action.yml
echo '--- .husky/mise.sh (if relevant) ---'
sed -n '1,200p' .husky/mise.shRepository: NVIDIA/elements
Length of output: 4379
Add mise trust before mise run setup. The bootstrap snippet skips the trust step, but this repo expects the project root to be trusted first.
Proposed fix
curl https://mise.run | sh
+~/.local/bin/mise trust
~/.local/bin/mise run setup📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| # install dependencies https://mise.en.dev/getting-started.html | |
| curl https://mise.run | sh | |
| ~/.local/bin/mise run setup | |
| ``` | |
| # install dependencies https://mise.en.dev/getting-started.html | |
| curl https://mise.run | sh | |
| ~/.local/bin/mise trust | |
| ~/.local/bin/mise run setup |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@README.md` around lines 37 - 40, The bootstrap snippet in the README skips
the required trust step before running setup. Update the setup instructions to
include the project-root trust command before the existing `mise run setup`
call, keeping the flow in the same install block so users trust the repo first
and then run setup.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/actions/setup-ci/action.yml:
- Around line 37-46: The Vale cache workflow always runs `vale sync` because the
`actions/cache` step in the setup CI action has no identifier to inspect its
cache result. Add an `id` to the Cache Vale styles step and update the following
`Sync Vale styles` step in the action workflow to run only when the cache was
not hit by checking `cache-hit != 'true'`, so restored
`config/vale/styles/Google` and `config/vale/styles/write-good` do not trigger a
redundant sync.
In `@projects/internals/BUILD.md`:
- Line 122: The mise documentation link is incorrect and points to a broken
site. Update the markdown reference in BUILD.md from the current mise hyperlink
to the official mise documentation URL, using the existing link entry so readers
of the BUILD.md section get the correct destination.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: 31d000fd-0d7f-4284-8108-e9769cff2825
⛔ Files ignored due to path filters (2)
mise.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (28)
.agents/hooks/lib/node-env.sh.agents/hooks/post-tool-use-edit-write.sh.agents/hooks/pre-tool-use-edit-write.sh.agents/hooks/session-start.sh.agents/hooks/stop.sh.github/actions/setup-ci/action.yml.github/workflows/ci.yml.gitignore.husky/commit-msg.husky/mise.sh.husky/post-checkout.husky/post-commit.husky/post-merge.husky/pre-commit.husky/pre-push.nvmrcAGENTS.mdREADME.mdconfig/docker/ci.dockerfileconfig/vale/install.mjsknip.config.jsmise.tomlpackage.jsonprojects/internals/BUILD.mdprojects/internals/ci/ci-validate.jsprojects/site/src/docs/internal/guidelines/troubleshooting.mdprojects/starters/go/package.jsonprojects/starters/package.json
💤 Files with no reviewable changes (2)
- config/docker/ci.dockerfile
- config/vale/install.mjs
| The following are the repo wide tools that apply to all source code and projects. | ||
|
|
||
| - [NodeJS/Corepack](https://nodejs.org/api/corepack.html) | ||
| - [mise](https://mise.en.dev/) |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Incorrect mise documentation URL.
https://mise.en.dev/ is not the official site; the mise documentation lives at https://mise.jdx.dev/. As-is, this link is broken for readers.
📝 Proposed fix
-- [mise](https://mise.en.dev/)
+- [mise](https://mise.jdx.dev/)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - [mise](https://mise.en.dev/) | |
| [mise](https://mise.jdx.dev/) |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@projects/internals/BUILD.md` at line 122, The mise documentation link is
incorrect and points to a broken site. Update the markdown reference in BUILD.md
from the current mise hyperlink to the official mise documentation URL, using
the existing link entry so readers of the BUILD.md section get the correct
destination.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 107-109: The setup-ci action is being invoked without the npm auth
token, so it cannot write the authenticated npm config needed by the release
flow. Update the `setup-ci` step in the workflow to pass `NODE_AUTH_TOKEN` (the
same token later used by `Release`) into `./.github/actions/setup-ci`, ensuring
the action can prepare a valid `$HOME/.npmrc` before `pnpm run release` runs.
In `@projects/internals/ci/ci-validate.js`:
- Around line 12-15: The validation checks in ci-validate.js currently assume
packageJson.engines, packageJson.devEngines.packageManager, and
packageJson.packageManager always exist, which can throw before the mismatch
reporting runs. Update the reads used in the validation list to be null-safe so
the existing comparison logic can still produce a readable validation failure
when those fields are missing; keep the changes local to the validation entries
that reference packageJson and the related mismatch labels.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: b677be75-168a-49b3-b06e-e8a6097ea7a0
⛔ Files ignored due to path filters (2)
mise.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (28)
.agents/hooks/lib/node-env.sh.agents/hooks/post-tool-use-edit-write.sh.agents/hooks/pre-tool-use-edit-write.sh.agents/hooks/session-start.sh.agents/hooks/stop.sh.github/actions/setup-ci/action.yml.github/workflows/ci.yml.gitignore.husky/commit-msg.husky/mise.sh.husky/post-checkout.husky/post-commit.husky/post-merge.husky/pre-commit.husky/pre-push.nvmrcAGENTS.mdREADME.mdconfig/docker/ci.dockerfileconfig/vale/install.mjsknip.config.jsmise.tomlpackage.jsonprojects/internals/BUILD.mdprojects/internals/ci/ci-validate.jsprojects/site/src/docs/internal/guidelines/troubleshooting.mdprojects/starters/go/package.jsonprojects/starters/package.json
💤 Files with no reviewable changes (2)
- config/docker/ci.dockerfile
- config/vale/install.mjs
Comment on lines
+107
to
+109
| - uses: ./.github/actions/setup-ci | ||
| with: | ||
| node-version-file: './.nvmrc' | ||
| registry-url: 'https://registry.npmjs.org' | ||
| cache: 'pnpm' | ||
| - run: pnpm install --frozen-lockfile | ||
| install-playwright: 'false' |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
Pass the npm token into the setup action or release publishes will be unauthenticated.
./.github/actions/setup-ci only writes the auth line into $HOME/.npmrc when NODE_AUTH_TOKEN is present during that step. In this job, the token is only introduced later for the Release step, so the action now prepares an unauthenticated npm config and pnpm run release can no longer rely on the old setup-node behavior.
Suggested fix
- uses: ./.github/actions/setup-ci
+ env:
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
with:
install-playwright: 'false'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - uses: ./.github/actions/setup-ci | |
| with: | |
| node-version-file: './.nvmrc' | |
| registry-url: 'https://registry.npmjs.org' | |
| cache: 'pnpm' | |
| - run: pnpm install --frozen-lockfile | |
| install-playwright: 'false' | |
| - uses: ./.github/actions/setup-ci | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| with: | |
| install-playwright: 'false' |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/ci.yml around lines 107 - 109, The setup-ci action is
being invoked without the npm auth token, so it cannot write the authenticated
npm config needed by the release flow. Update the `setup-ci` step in the
workflow to pass `NODE_AUTH_TOKEN` (the same token later used by `Release`) into
`./.github/actions/setup-ci`, ensuring the action can prepare a valid
`$HOME/.npmrc` before `pnpm run release` runs.
Comment on lines
+12
to
+15
| ['mise node', tools.node, read('.nvmrc').trim(), '.nvmrc'], | ||
| ['package engines.node', packageJson.engines.node, tools.node, 'mise node'], | ||
| ['packageManager pnpm', packageJson.packageManager.match(/^pnpm@(.+)$/)?.[1], tools.pnpm, 'mise pnpm'], | ||
| ['devEngines.packageManager.version', packageJson.devEngines.packageManager.version, tools.pnpm, 'mise pnpm'] |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win
Report missing package fields as validation failures instead of crashing.
If engines, devEngines.packageManager, or packageManager disappears, this script throws before it can emit the intended mismatch message. Make these reads null-safe so config drift produces a readable failure instead of a TypeError.
Suggested fix
const expectations = [
['mise node', tools.node, read('.nvmrc').trim(), '.nvmrc'],
- ['package engines.node', packageJson.engines.node, tools.node, 'mise node'],
- ['packageManager pnpm', packageJson.packageManager.match(/^pnpm@(.+)$/)?.[1], tools.pnpm, 'mise pnpm'],
- ['devEngines.packageManager.version', packageJson.devEngines.packageManager.version, tools.pnpm, 'mise pnpm']
+ ['package engines.node', packageJson.engines?.node, tools.node, 'mise node'],
+ [
+ 'packageManager pnpm',
+ typeof packageJson.packageManager === 'string'
+ ? packageJson.packageManager.match(/^pnpm@(.+)$/)?.[1]
+ : undefined,
+ tools.pnpm,
+ 'mise pnpm'
+ ],
+ [
+ 'devEngines.packageManager.version',
+ packageJson.devEngines?.packageManager?.version,
+ tools.pnpm,
+ 'mise pnpm'
+ ]
];📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| ['mise node', tools.node, read('.nvmrc').trim(), '.nvmrc'], | |
| ['package engines.node', packageJson.engines.node, tools.node, 'mise node'], | |
| ['packageManager pnpm', packageJson.packageManager.match(/^pnpm@(.+)$/)?.[1], tools.pnpm, 'mise pnpm'], | |
| ['devEngines.packageManager.version', packageJson.devEngines.packageManager.version, tools.pnpm, 'mise pnpm'] | |
| ['mise node', tools.node, read('.nvmrc').trim(), '.nvmrc'], | |
| ['package engines.node', packageJson.engines?.node, tools.node, 'mise node'], | |
| [ | |
| 'packageManager pnpm', | |
| typeof packageJson.packageManager === 'string' | |
| ? packageJson.packageManager.match(/^pnpm@(.+)$/)?.[1] | |
| : undefined, | |
| tools.pnpm, | |
| 'mise pnpm' | |
| ], | |
| [ | |
| 'devEngines.packageManager.version', | |
| packageJson.devEngines?.packageManager?.version, | |
| tools.pnpm, | |
| 'mise pnpm' | |
| ] |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@projects/internals/ci/ci-validate.js` around lines 12 - 15, The validation
checks in ci-validate.js currently assume packageJson.engines,
packageJson.devEngines.packageManager, and packageJson.packageManager always
exist, which can throw before the mismatch reporting runs. Update the reads used
in the validation list to be null-safe so the existing comparison logic can
still produce a readable validation failure when those fields are missing; keep
the changes local to the validation entries that reference packageJson and the
related mismatch labels.
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (8)
README.md (1)
37-39: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick winTrust the repository before
mise run setup.This setup block jumps from installing
misestraight tomise run setup, but the repo bootstrap flow still requiresmise trustfirst. As written, a fresh clone can fail before dependencies are installed.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@README.md` around lines 37 - 39, The README bootstrap steps for mise are missing the required trust step before running setup. Update the setup instructions around the mise install/run sequence to include `mise trust` in the repository workflow before `mise run setup`, so the fresh-clone bootstrap path uses the correct order and can proceed cleanly.projects/internals/ci/ci-validate.js (1)
11-15: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick winMake the
package.jsonreads null-safe.If any of
engines,packageManager, ordevEngines.packageManageris missing, Lines 13-15 throw before this script can emit the intended mismatch message, so config drift becomes a crash instead of a validation failure.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/internals/ci/ci-validate.js` around lines 11 - 15, The `expectations` setup in `ci-validate.js` assumes `packageJson.engines`, `packageJson.packageManager`, and `packageJson.devEngines.packageManager` always exist, which can crash before validation runs. Update the reads for these fields to be null-safe in the `expectations` array so missing config values produce a mismatch entry instead of throwing, while preserving the existing labels and comparison flow.AGENTS.md (1)
41-44: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winUse the documented
~/.local/bin/misepath in the bootstrap commands.Line 42 says
misemay not be onPATHyet, but Lines 43-44 still invokemisedirectly, so the first-run example can fail in a fresh shell.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@AGENTS.md` around lines 41 - 44, The bootstrap example still calls mise directly even though it may not be on PATH yet, so update the setup commands to use the documented ~/.local/bin/mise path consistently. Fix the command sequence in AGENTS.md so the first-run instructions for mise trust and mise run setup reference the explicit binary path instead of relying on PATH availability.package.json (1)
339-339: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick winWait for the backgrounded Playwright install before exiting
prepare.
pnpm run playwright &is still launched asynchronously, and the subshell exits aftervale syncwithoutwait, so browser downloads can be interrupted during local installs.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` at line 339, The prepare command starts `pnpm run playwright` in the background and then exits without waiting, so the Playwright install can be cut off. Update the `command` entry in package.json to keep the prepare step alive until the backgrounded Playwright install finishes, using the existing shell flow around `pnpm run playwright`, `node .husky/install.mjs`, and `vale sync`.projects/starters/go/package.json (1)
10-10: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick winCreate
bin/before writingbin/go-starter.Both
previewand the Wireitbuildcommand write intobin/, but neither ensures the directory exists, so a clean checkout still fails on the first build.Also applies to: 19-19
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/starters/go/package.json` at line 10, The preview and Wireit build commands write the Go binary into bin/ without guaranteeing the directory exists, so a clean checkout can fail on first run. Update the package.json scripts for preview and build so they create bin/ before invoking go build, keeping the existing go build and ./bin/go-starter flow intact.projects/site/src/docs/internal/guidelines/troubleshooting.md (1)
245-247: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winUpdate the Node version example output.
node --versionprintsv26.4.0, so the example should keep the leadingv. This is the same mismatch flagged in the previous review.
Based on the previous review comment about the missingvprefix.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/site/src/docs/internal/guidelines/troubleshooting.md` around lines 245 - 247, The Node version example in the troubleshooting guide is missing the leading v prefix shown by node --version; update the example output in the documentation to match the actual `node --version` result. Locate the version check snippet around the `mise exec -- node --version` example and change the displayed version text so it includes the `v` prefix consistently.projects/internals/BUILD.md (1)
122-124: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winFix the mise documentation link.
https://mise.en.dev/is still the wrong destination for the mise docs. This remains the same broken link reported in the prior review.
Based on the previous review comment about the incorrect mise URL.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/internals/BUILD.md` around lines 122 - 124, The mise documentation link is still pointing to the wrong destination in the BUILD.md docs section. Update the markdown link on the mise reference to the correct official docs URL, and keep the surrounding description unchanged; use the existing mise entry in the documentation list as the place to fix it..github/workflows/ci.yml (1)
107-109: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick winPass
NODE_AUTH_TOKENintosetup-ci.
setup-cistill runs beforeRelease, so it writes$HOME/.npmrcwithout auth and the install phase can’t rely on the token added later. This is the same gap flagged in the previous review.
Based on the previous review comment about authenticated npm config.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/ci.yml around lines 107 - 109, The setup-ci step is still running without npm auth, so it writes an unauthenticated .npmrc before Release provides the token. Update the setup-ci invocation in the CI workflow to pass NODE_AUTH_TOKEN through its with/secret inputs so the action can configure npm with credentials up front; use the setup-ci action and the Release-auth flow as the reference points when wiring the token.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.agents/hooks/lib/node-env.sh:
- Around line 38-42: The setup probe in the subshell is running tool checks even
when cd "$project_root" fails, so guard the directory change before invoking
MISE_BIN probes. Update the logic in the subshell in node-env.sh so that the
node and pnpm version checks only execute after a successful cd, using the
existing command grouping around "$MISE_BIN" exec and the surrounding fallback
block to stop early on directory change failure.
In `@projects/starters/go/package.json`:
- Around line 20-23: The Wireit build inputs for the Go starter are incomplete
because the package.json files list only main.go and src/**, so dependency
changes in go.mod and go.sum can leave bin/go-starter stale. Update the build
task’s tracked files to include go.mod and go.sum alongside the existing entries
so changes to module dependencies correctly invalidate the cache.
---
Duplicate comments:
In @.github/workflows/ci.yml:
- Around line 107-109: The setup-ci step is still running without npm auth, so
it writes an unauthenticated .npmrc before Release provides the token. Update
the setup-ci invocation in the CI workflow to pass NODE_AUTH_TOKEN through its
with/secret inputs so the action can configure npm with credentials up front;
use the setup-ci action and the Release-auth flow as the reference points when
wiring the token.
In `@AGENTS.md`:
- Around line 41-44: The bootstrap example still calls mise directly even though
it may not be on PATH yet, so update the setup commands to use the documented
~/.local/bin/mise path consistently. Fix the command sequence in AGENTS.md so
the first-run instructions for mise trust and mise run setup reference the
explicit binary path instead of relying on PATH availability.
In `@package.json`:
- Line 339: The prepare command starts `pnpm run playwright` in the background
and then exits without waiting, so the Playwright install can be cut off. Update
the `command` entry in package.json to keep the prepare step alive until the
backgrounded Playwright install finishes, using the existing shell flow around
`pnpm run playwright`, `node .husky/install.mjs`, and `vale sync`.
In `@projects/internals/BUILD.md`:
- Around line 122-124: The mise documentation link is still pointing to the
wrong destination in the BUILD.md docs section. Update the markdown link on the
mise reference to the correct official docs URL, and keep the surrounding
description unchanged; use the existing mise entry in the documentation list as
the place to fix it.
In `@projects/internals/ci/ci-validate.js`:
- Around line 11-15: The `expectations` setup in `ci-validate.js` assumes
`packageJson.engines`, `packageJson.packageManager`, and
`packageJson.devEngines.packageManager` always exist, which can crash before
validation runs. Update the reads for these fields to be null-safe in the
`expectations` array so missing config values produce a mismatch entry instead
of throwing, while preserving the existing labels and comparison flow.
In `@projects/site/src/docs/internal/guidelines/troubleshooting.md`:
- Around line 245-247: The Node version example in the troubleshooting guide is
missing the leading v prefix shown by node --version; update the example output
in the documentation to match the actual `node --version` result. Locate the
version check snippet around the `mise exec -- node --version` example and
change the displayed version text so it includes the `v` prefix consistently.
In `@projects/starters/go/package.json`:
- Line 10: The preview and Wireit build commands write the Go binary into bin/
without guaranteeing the directory exists, so a clean checkout can fail on first
run. Update the package.json scripts for preview and build so they create bin/
before invoking go build, keeping the existing go build and ./bin/go-starter
flow intact.
In `@README.md`:
- Around line 37-39: The README bootstrap steps for mise are missing the
required trust step before running setup. Update the setup instructions around
the mise install/run sequence to include `mise trust` in the repository workflow
before `mise run setup`, so the fresh-clone bootstrap path uses the correct
order and can proceed cleanly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: d38cfee7-97b7-4406-9ebd-df7fe40789d5
⛔ Files ignored due to path filters (2)
mise.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (28)
.agents/hooks/lib/node-env.sh.agents/hooks/post-tool-use-edit-write.sh.agents/hooks/pre-tool-use-edit-write.sh.agents/hooks/session-start.sh.agents/hooks/stop.sh.github/actions/setup-ci/action.yml.github/workflows/ci.yml.gitignore.husky/commit-msg.husky/mise.sh.husky/post-checkout.husky/post-commit.husky/post-merge.husky/pre-commit.husky/pre-push.nvmrcAGENTS.mdREADME.mdconfig/docker/ci.dockerfileconfig/vale/install.mjsknip.config.jsmise.tomlpackage.jsonprojects/internals/BUILD.mdprojects/internals/ci/ci-validate.jsprojects/site/src/docs/internal/guidelines/troubleshooting.mdprojects/starters/go/package.jsonprojects/starters/package.json
💤 Files with no reviewable changes (2)
- config/docker/ci.dockerfile
- config/vale/install.mjs
Comment on lines
+20
to
+23
| "files": [ | ||
| "main.go", | ||
| "src/**" | ||
| ], |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Track go.mod and go.sum as Wireit build inputs.
The build task only watches main.go and src/**. If module dependencies change, Wireit can reuse a stale bin/go-starter even though the compiled output should change.
Suggested fix
"files": [
"main.go",
+ "go.mod",
+ "go.sum",
"src/**"
],📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "files": [ | |
| "main.go", | |
| "src/**" | |
| ], | |
| "files": [ | |
| "main.go", | |
| "go.mod", | |
| "go.sum", | |
| "src/**" | |
| ], |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@projects/starters/go/package.json` around lines 20 - 23, The Wireit build
inputs for the Go starter are incomplete because the package.json files list
only main.go and src/**, so dependency changes in go.mod and go.sum can leave
bin/go-starter stale. Update the build task’s tracked files to include go.mod
and go.sum alongside the existing entries so changes to module dependencies
correctly invalidate the cache.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (8)
.husky/mise.sh (1)
1-1: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick winAdd a ShellCheck shell directive.
This file is sourced under
shby Husky, so a shebang isn't appropriate, but ShellCheck still emits SC2148 because it can't infer the target shell. Add# shellcheck shell=shat the top so linting is accurate and CI doesn't error.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.husky/mise.sh at line 1, Add a ShellCheck shell directive at the top of the Husky-sourced script so linting knows it targets sh. Update the .husky/mise.sh script by placing # shellcheck shell=sh before resolve_mise_bin() to satisfy ShellCheck and avoid SC2148 while keeping the file sourced rather than executable.Source: Linters/SAST tools
.agents/hooks/lib/node-env.sh (2)
48-66: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win
cdis still unguarded in the exec/run wrappers (appears unaddressed/regressed).Despite the earlier fix marked as addressed, lines 53 and 63 still call
cd "$working_dir"without a guard, and ShellCheck (SC2164) continues to flag both. Since these library functions may run withoutset -e, a failedcdlets the command execute in the caller's directory (likely repo root), targeting the wrong project.🛡️ Proposed fix
hook_mise_exec() { local working_dir="$1" shift ( - cd "$working_dir" + cd "$working_dir" || exit 1 "$MISE_BIN" exec -- "$@" ) } hook_mise_run() { local working_dir="$1" shift ( - cd "$working_dir" + cd "$working_dir" || exit 1 "$MISE_BIN" run "$@" ) }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/hooks/lib/node-env.sh around lines 48 - 66, The hook_mise_exec and hook_mise_run wrappers still call cd without checking for failure, so a bad working_dir can fall through and run mise in the wrong directory. Update both functions in node-env.sh to guard the directory change before invoking MISE_BIN, and if the directory switch fails, stop the wrapper from executing the command. Keep the fix localized to hook_mise_exec and hook_mise_run so ShellCheck SC2164 is resolved consistently.Source: Linters/SAST tools
38-46: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick winGuard the setup
cdbefore probing tools.Line 39's
cd "$project_root"is unguarded inside the subshell; if it fails, themise execversion probes run in the caller's directory and validate the wrong toolchain. Use|| exit 1(subshell-safe).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.agents/hooks/lib/node-env.sh around lines 38 - 46, Guard the project_root directory change in the setup block of node-env.sh so the tool probes only run after a successful cd. In the subshell that calls "$MISE_BIN" exec for node and pnpm versions, make the cd failure terminate that subshell immediately (for example by using a subshell-safe early exit) so the checks do not fall back to the caller’s directory; keep the existing failure message path in the surrounding block.Source: Linters/SAST tools
projects/starters/go-htmx/package.json (1)
20-24: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick winTrack
go.modandgo.sumin Wireit inputs.Without them, module-only changes can reuse a stale cached build.
🔎 Read-only verification
#!/bin/bash set -euo pipefail printf '\n## Wireit inputs\n' sed -n '18,24p' projects/starters/go-htmx/package.json printf '\n## Module files at starter root\n' find projects/starters/go-htmx -maxdepth 1 -type f \( -name 'go.mod' -o -name 'go.sum' \) -print | sort🛠️ Proposed fix
"files": [ "main.go", + "go.mod", + "go.sum", "src/**", "package.json" ],🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/starters/go-htmx/package.json` around lines 20 - 24, The Wireit inputs for the go-htmx starter are missing the module files, so module-only changes can bypass cache invalidation. Update the package.json inputs for the build task to include go.mod and go.sum alongside main.go, src/**, and package.json, using the existing Wireit configuration in the starter package.package.json (1)
341-341: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick winWait for the Playwright install.
pnpm run playwrightis still backgrounded without await, sopreparecan exit before the browser download finishes.🔧 Proposed fix
- "command": "test -n \"$CI\" || (pnpm run playwright & node .husky/install.mjs ; vale sync)" + "command": "test -n \"$CI\" || (pnpm run playwright & node .husky/install.mjs ; vale sync ; wait)"🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` at line 341, The prepare command is still launching pnpm run playwright in the background without waiting, so the install can finish early; update the package.json prepare script to ensure the Playwright install completes before continuing, using the existing command and keeping the node .husky/install.mjs and vale sync steps synchronized with that wait.projects/internals/BUILD.md (1)
122-124: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick winFix the mise docs URL.
https://mise.en.dev/is broken; point readers at the official documentation site instead.📝 Proposed fix
-- [mise](https://mise.en.dev/) +- [mise](https://mise.jdx.dev/)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/internals/BUILD.md` around lines 122 - 124, The mise documentation link is broken and should point to the official docs instead. Update the markdown link in the BUILD.md section that references mise to use the correct official documentation URL, keeping the surrounding description about the repository toolchain and CI unchanged.projects/internals/ci/ci-validate.js (1)
13-15: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick winNull-safe these config reads.
packageJson.engines,packageJson.packageManager, orpackageJson.devEngines.packageManagercan still be absent, and this script will throw before it can report the mismatch.🛠 Proposed fix
- ['package engines.node', packageJson.engines.node, tools.node, 'mise node'], - ['packageManager pnpm', packageJson.packageManager.match(/^pnpm@(.+)$/)?.[1], tools.pnpm, 'mise pnpm'], - ['devEngines.packageManager.version', packageJson.devEngines.packageManager.version, tools.pnpm, 'mise pnpm'] + ['package engines.node', packageJson.engines?.node, tools.node, 'mise node'], + [ + 'packageManager pnpm', + typeof packageJson.packageManager === 'string' + ? packageJson.packageManager.match(/^pnpm@(.+)$/)?.[1] + : undefined, + tools.pnpm, + 'mise pnpm' + ], + [ + 'devEngines.packageManager.version', + packageJson.devEngines?.packageManager?.version, + tools.pnpm, + 'mise pnpm' + ]🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/internals/ci/ci-validate.js` around lines 13 - 15, The config checks in the validation list are not null-safe, so missing packageJson.engines, packageJson.packageManager, or packageJson.devEngines.packageManager can throw before reporting mismatches. Update the read expressions in the CI validation logic to safely access those nested fields, especially around the packageManager regex match and the devEngines.packageManager.version lookup, so the script can continue and report comparison results even when sections are absent.README.md (1)
40-42: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick winAdd the missing trust step.
The bootstrap flow still goes straight from install to setup, so a fresh shell can fail if the repo isn't trusted yet. Use the explicit
~/.local/bin/misepath here as well.🔧 Proposed fix
curl https://mise.run | sh +~/.local/bin/mise trust ~/.local/bin/mise run setup🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@README.md` around lines 40 - 42, The README bootstrap steps are missing the required trust command before setup, which can break a fresh shell flow; update the setup sequence to include the explicit ~/.local/bin/mise path for the trust step as well as the existing setup step so the repo is trusted before running setup.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@README.md`:
- Line 39: The setup note in the README uses a dead mise documentation URL;
update the inline install-dependencies comment to point to the official mise
docs instead. Locate the existing docs link in the README and replace it with
the correct official URL so the setup guidance remains valid.
---
Duplicate comments:
In @.agents/hooks/lib/node-env.sh:
- Around line 48-66: The hook_mise_exec and hook_mise_run wrappers still call cd
without checking for failure, so a bad working_dir can fall through and run mise
in the wrong directory. Update both functions in node-env.sh to guard the
directory change before invoking MISE_BIN, and if the directory switch fails,
stop the wrapper from executing the command. Keep the fix localized to
hook_mise_exec and hook_mise_run so ShellCheck SC2164 is resolved consistently.
- Around line 38-46: Guard the project_root directory change in the setup block
of node-env.sh so the tool probes only run after a successful cd. In the
subshell that calls "$MISE_BIN" exec for node and pnpm versions, make the cd
failure terminate that subshell immediately (for example by using a
subshell-safe early exit) so the checks do not fall back to the caller’s
directory; keep the existing failure message path in the surrounding block.
In @.husky/mise.sh:
- Line 1: Add a ShellCheck shell directive at the top of the Husky-sourced
script so linting knows it targets sh. Update the .husky/mise.sh script by
placing # shellcheck shell=sh before resolve_mise_bin() to satisfy ShellCheck
and avoid SC2148 while keeping the file sourced rather than executable.
In `@package.json`:
- Line 341: The prepare command is still launching pnpm run playwright in the
background without waiting, so the install can finish early; update the
package.json prepare script to ensure the Playwright install completes before
continuing, using the existing command and keeping the node .husky/install.mjs
and vale sync steps synchronized with that wait.
In `@projects/internals/BUILD.md`:
- Around line 122-124: The mise documentation link is broken and should point to
the official docs instead. Update the markdown link in the BUILD.md section that
references mise to use the correct official documentation URL, keeping the
surrounding description about the repository toolchain and CI unchanged.
In `@projects/internals/ci/ci-validate.js`:
- Around line 13-15: The config checks in the validation list are not null-safe,
so missing packageJson.engines, packageJson.packageManager, or
packageJson.devEngines.packageManager can throw before reporting mismatches.
Update the read expressions in the CI validation logic to safely access those
nested fields, especially around the packageManager regex match and the
devEngines.packageManager.version lookup, so the script can continue and report
comparison results even when sections are absent.
In `@projects/starters/go-htmx/package.json`:
- Around line 20-24: The Wireit inputs for the go-htmx starter are missing the
module files, so module-only changes can bypass cache invalidation. Update the
package.json inputs for the build task to include go.mod and go.sum alongside
main.go, src/**, and package.json, using the existing Wireit configuration in
the starter package.
In `@README.md`:
- Around line 40-42: The README bootstrap steps are missing the required trust
command before setup, which can break a fresh shell flow; update the setup
sequence to include the explicit ~/.local/bin/mise path for the trust step as
well as the existing setup step so the repo is trusted before running setup.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: 1ee2730c-aa2e-444d-ab0c-14a6dec0d08a
⛔ Files ignored due to path filters (2)
mise.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (31)
.agents/hooks/lib/node-env.sh.agents/hooks/post-tool-use-edit-write.sh.agents/hooks/pre-tool-use-edit-write.sh.agents/hooks/session-start.sh.agents/hooks/stop.sh.github/actions/setup-ci/action.yml.github/workflows/ci.yml.gitignore.husky/commit-msg.husky/mise.sh.husky/post-checkout.husky/post-commit.husky/post-merge.husky/pre-commit.husky/pre-push.nvmrcAGENTS.mdREADME.mdconfig/docker/ci.dockerfileconfig/vale/install.mjsknip.config.jsmise.tomlpackage.jsonprojects/internals/BUILD.mdprojects/internals/ci/ci-validate.jsprojects/site/src/docs/internal/guidelines/troubleshooting.mdprojects/starters/go-htmx/package.jsonprojects/starters/go-htmx/src/index.htmlprojects/starters/go/package.jsonprojects/starters/go/src/index.htmlprojects/starters/package.json
💤 Files with no reviewable changes (2)
- config/docker/ci.dockerfile
- config/vale/install.mjs
johnyanarella
approved these changes
Jun 26, 2026
coryrylan
force-pushed
the
topic-mise
branch
2 times, most recently
from
048a483 to
f04c450
Compare
- Updated Node.js version from 26.1.0 to 26.4.0 in `.nvmrc`, `package.json`, and documentation. - Upgraded pnpm from 11.0.8 to 11.9.0 across relevant files. - Replaced references to nvm with mise for managing the development environment and CI setup. - Enhanced `.gitignore` to exclude visual build artifacts more effectively. - Removed the Vale installation script and integrated its management through mise. - Updated CI configuration to utilize the new setup process with mise. Signed-off-by: Cory Rylan <crylan@nvidia.com>
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
.github/workflows/ci.yml (1)
107-109: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick winPass
NODE_AUTH_TOKENintosetup-ci.The action still runs before the npm auth token is available, so it cannot prepare the authenticated
.npmrcthat the release flow expects.Proposed fix
- uses: ./.github/actions/setup-ci + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} with: install-playwright: 'false'🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/ci.yml around lines 107 - 109, The setup-ci action is missing the npm auth token, so it cannot generate the authenticated .npmrc needed by the release flow. Update the workflow step that calls setup-ci to pass NODE_AUTH_TOKEN through its with/env configuration, using the existing setup-ci action reference so the token is available before npm setup runs.projects/starters/go/package.json (1)
18-27: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick winTrack
go.modandgo.sumin the Wireit inputs.Module updates still won’t invalidate this build, so
bincan be reused after the compiled output should have changed.Proposed fix
"files": [ "main.go", + "go.mod", + "go.sum", "src/**", "package.json" ],🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/starters/go/package.json` around lines 18 - 27, The Wireit build inputs for the Go starter are missing the module manifest files, so changes to dependencies won’t invalidate the cached build. Update the build definition in the package config used by the go starter to include go.mod and go.sum alongside the existing inputs for the build command, so the build is rerun whenever module metadata changes.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@projects/starters/go-htmx/package.json`:
- Around line 18-27: The build inputs for the go-htmx starter are missing module
metadata, so changes to dependencies can leave the cached binary stale. Update
the build configuration in package.json so the build files tracked by the
starter include go.mod and go.sum alongside main.go and src/**, using the build
section to ensure dependency changes invalidate the cache correctly.
---
Duplicate comments:
In @.github/workflows/ci.yml:
- Around line 107-109: The setup-ci action is missing the npm auth token, so it
cannot generate the authenticated .npmrc needed by the release flow. Update the
workflow step that calls setup-ci to pass NODE_AUTH_TOKEN through its with/env
configuration, using the existing setup-ci action reference so the token is
available before npm setup runs.
In `@projects/starters/go/package.json`:
- Around line 18-27: The Wireit build inputs for the Go starter are missing the
module manifest files, so changes to dependencies won’t invalidate the cached
build. Update the build definition in the package config used by the go starter
to include go.mod and go.sum alongside the existing inputs for the build
command, so the build is rerun whenever module metadata changes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: b20328fe-edc6-4934-bb55-91900eec89f3
⛔ Files ignored due to path filters (2)
mise.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (32)
.agents/hooks/lib/node-env.sh.agents/hooks/post-tool-use-edit-write.sh.agents/hooks/pre-tool-use-bash.sh.agents/hooks/pre-tool-use-edit-write.sh.agents/hooks/session-start.sh.agents/hooks/stop.sh.github/actions/setup-ci/action.yml.github/workflows/ci.yml.gitignore.husky/commit-msg.husky/mise.sh.husky/post-checkout.husky/post-commit.husky/post-merge.husky/pre-commit.husky/pre-push.nvmrcAGENTS.mdREADME.mdconfig/docker/ci.dockerfileconfig/vale/install.mjsknip.config.jsmise.tomlpackage.jsonprojects/internals/BUILD.mdprojects/internals/ci/ci-validate.jsprojects/site/src/docs/internal/guidelines/troubleshooting.mdprojects/starters/go-htmx/package.jsonprojects/starters/go-htmx/src/index.htmlprojects/starters/go/package.jsonprojects/starters/go/src/index.htmlprojects/starters/package.json
💤 Files with no reviewable changes (2)
- config/docker/ci.dockerfile
- config/vale/install.mjs
There was a problem hiding this comment.
Caution
Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.
Actionable comments posted: 1
♻️ Duplicate comments (2)
.github/workflows/ci.yml (1)
107-109: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick winPass
NODE_AUTH_TOKENintosetup-ci.The action still runs before the npm auth token is available, so it cannot prepare the authenticated
.npmrcthat the release flow expects.Proposed fix
- uses: ./.github/actions/setup-ci + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} with: install-playwright: 'false'🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/ci.yml around lines 107 - 109, The setup-ci action is missing the npm auth token, so it cannot generate the authenticated .npmrc needed by the release flow. Update the workflow step that calls setup-ci to pass NODE_AUTH_TOKEN through its with/env configuration, using the existing setup-ci action reference so the token is available before npm setup runs.projects/starters/go/package.json (1)
18-27: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick winTrack
go.modandgo.sumin the Wireit inputs.Module updates still won’t invalidate this build, so
bincan be reused after the compiled output should have changed.Proposed fix
"files": [ "main.go", + "go.mod", + "go.sum", "src/**", "package.json" ],🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/starters/go/package.json` around lines 18 - 27, The Wireit build inputs for the Go starter are missing the module manifest files, so changes to dependencies won’t invalidate the cached build. Update the build definition in the package config used by the go starter to include go.mod and go.sum alongside the existing inputs for the build command, so the build is rerun whenever module metadata changes.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@projects/starters/go-htmx/package.json`:
- Around line 18-27: The build inputs for the go-htmx starter are missing module
metadata, so changes to dependencies can leave the cached binary stale. Update
the build configuration in package.json so the build files tracked by the
starter include go.mod and go.sum alongside main.go and src/**, using the build
section to ensure dependency changes invalidate the cache correctly.
---
Duplicate comments:
In @.github/workflows/ci.yml:
- Around line 107-109: The setup-ci action is missing the npm auth token, so it
cannot generate the authenticated .npmrc needed by the release flow. Update the
workflow step that calls setup-ci to pass NODE_AUTH_TOKEN through its with/env
configuration, using the existing setup-ci action reference so the token is
available before npm setup runs.
In `@projects/starters/go/package.json`:
- Around line 18-27: The Wireit build inputs for the Go starter are missing the
module manifest files, so changes to dependencies won’t invalidate the cached
build. Update the build definition in the package config used by the go starter
to include go.mod and go.sum alongside the existing inputs for the build
command, so the build is rerun whenever module metadata changes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: b20328fe-edc6-4934-bb55-91900eec89f3
⛔ Files ignored due to path filters (2)
mise.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (32)
.agents/hooks/lib/node-env.sh.agents/hooks/post-tool-use-edit-write.sh.agents/hooks/pre-tool-use-bash.sh.agents/hooks/pre-tool-use-edit-write.sh.agents/hooks/session-start.sh.agents/hooks/stop.sh.github/actions/setup-ci/action.yml.github/workflows/ci.yml.gitignore.husky/commit-msg.husky/mise.sh.husky/post-checkout.husky/post-commit.husky/post-merge.husky/pre-commit.husky/pre-push.nvmrcAGENTS.mdREADME.mdconfig/docker/ci.dockerfileconfig/vale/install.mjsknip.config.jsmise.tomlpackage.jsonprojects/internals/BUILD.mdprojects/internals/ci/ci-validate.jsprojects/site/src/docs/internal/guidelines/troubleshooting.mdprojects/starters/go-htmx/package.jsonprojects/starters/go-htmx/src/index.htmlprojects/starters/go/package.jsonprojects/starters/go/src/index.htmlprojects/starters/package.json
💤 Files with no reviewable changes (2)
- config/docker/ci.dockerfile
- config/vale/install.mjs
🛑 Comments failed to post (1)
projects/starters/go-htmx/package.json (1)
18-27: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Track
go.modandgo.sumhere too.Module dependency changes can still leave the cached binary stale, so the starter may ship outdated output.
Proposed fix
"files": [ "main.go", + "go.mod", + "go.sum", "src/**", "package.json" ],📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements."build": { "command": "go build -o bin main.go", "files": [ "main.go", "go.mod", "go.sum", "src/**", "package.json" ], "output": [ "bin" ]🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@projects/starters/go-htmx/package.json` around lines 18 - 27, The build inputs for the go-htmx starter are missing module metadata, so changes to dependencies can leave the cached binary stale. Update the build configuration in package.json so the build files tracked by the starter include go.mod and go.sum alongside main.go and src/**, using the build section to ensure dependency changes invalidate the cache correctly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
.nvmrc,package.json, and documentation..gitignoreto exclude visual build artifacts more effectively.Summary by CodeRabbit
mise-managed toolchain (including Node/pnpm/Vale and Git hooks).install-playwright).mise.tomlandmise.lock, and tightened protection around destructive commit patterns.mise, Vale, and Git LFS workflows.