Add tickgit TODO guard

[MTG-Thomas]

Adds the pinned tickgit v0.0.17 TODO guard workflow with a committed zero-item baseline. The guard runs on PRs, weekdays on schedule, and manually with read-only permissions and generated-artifact paths ignored.

---

^{Need help on this PR? Tag @codesmith with what you need. Autofix is disabled.}

Summary by CodeRabbit

• Chores
  • Introduced automated validation system to identify and prevent untracked TODO, FIXME, and HACK comments from being merged into the codebase. The workflow ensures all inline code comments are properly tracked in the project baseline, improving code organization and preventing technical debt accumulation.

[coderabbitai]

Warning

Rate limit exceeded

@MTG-Thomas has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 55 minutes and 7 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 98fc24e7-167c-496a-bf84-1d4fe9f6a10d

📥 Commits

Reviewing files that changed from the base of the PR and between 9d990e6 and 8684f63.

📒 Files selected for processing (1)

• .github/workflows/tickgit-todo-guard.yml

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow detects new TODO/FIXME/HACK comments in pull requests and on a weekly schedule using the tickgit action, failing if new issues are found while ignoring common build and dependency directories.

Changes

TODO Guard CI Automation

Layer / File(s)	Summary
TODO guard workflow configuration .github/workflows/tickgit-todo-guard.yml	A new GitHub Actions workflow runs on PR events, weekly schedule, and manual dispatch. It uses the tickgit action with a baseline CSV to fail when new TODO/FIXME/HACK comments are detected, while ignoring matches in dependency, build, and output directories. Concurrency is configured to cancel in-progress runs, and permissions are restricted to contents: read.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~15 minutes

Poem

🐰 A workflow hops in with a watchful eye,
Scanning for TODOs that shouldn't pass by,
Weekly runs keeping the code oh-so-clean,
The finest TODO guard ever seen! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add tickgit TODO guard' clearly and concisely describes the main change: adding a new GitHub Actions workflow for detecting TODO comments.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/add-tickgit-todo-guard

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/tickgit-todo-guard.yml:
- Line 26: The workflow pins MTG-Thomas/tickgit to an unresolvable SHA in
.github/workflows/tickgit-todo-guard.yml; update the uses line that currently
reads "uses: MTG-Thomas/tickgit@c592be8853f724966909b8a5fde2c550b2e74892" to a
resolvable reference by either replacing the SHA with the actual commit SHA for
v0.0.17 or pinning to the tag "uses: MTG-Thomas/tickgit@v0.0.17"; also update
the inline version comment (currently "# v0.0.17") to match the chosen pin so
the comment and the used ref are consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 6224a342-9f9e-412b-9e2c-9f9a58657702

📥 Commits

Reviewing files that changed from the base of the PR and between c7f2742 and 9d990e6.

⛔ Files ignored due to path filters (1)

• .github/tickgit-baseline.csv is excluded by !**/*.csv

📒 Files selected for processing (1)

• .github/workflows/tickgit-todo-guard.yml