ci: add deterministic formatting and clean-worktree gates

[Mehdi-Bl]

Summary

• add () and wire it into

ai-code-fusion@0.2.0 lint
npm run format:check && cross-env ESLINT_USE_FLAT_CONFIG=false eslint src tests --ext .js,.jsx,.ts,.tsx --cache && npm run lint:md && npm run changelog:validate

ai-code-fusion@0.2.0 format:check
prettier --check "**/*.{json,md,html,css}"

Checking formatting...
All matched files use Prettier code style!

ai-code-fusion@0.2.0 lint:md
npm run lint:md:links && npm run lint:md:style

ai-code-fusion@0.2.0 lint:md:links
node scripts/lint-markdown-links.js

Markdown docs lint passed: 15 markdown files checked, 8 links/images scanned, no decorative icons found.

ai-code-fusion@0.2.0 lint:md:style
markdownlint "**/*.{md,mdx}" --config .markdownlint.json --ignore node_modules --ignore dist

ai-code-fusion@0.2.0 changelog:validate
node scripts/validate-changelog.js

Changelog validation passed: CHANGELOG.md

• add a QA workflow guard to fail when lint leaves a dirty working tree
• update CI security plan and test catalog to document the new quality-gate behavior

Validation

• npm run lint
• npm test -- --runInBand

Summary by Sourcery

Add a non-mutating Prettier formatting check to the lint pipeline and enforce a clean working tree in the QA CI workflow after lint completes.

New Features:

• Introduce a dedicated format:check npm script for deterministic Prettier formatting verification without modifying files.

Enhancements:

• Wire format:check into the main npm run lint command to make formatter drift detection part of the standard lint workflow.

CI:

• Add a QA matrix step that fails the workflow if linting leaves a dirty git working tree.

Documentation:

• Update the CI/CD security plan and test catalog to document the new formatter drift gate and clean-worktree QA enforcement.

Summary by CodeRabbit

• Chores
  • Integrated format validation into the lint workflow
  • Added clean repository verification as a CI quality gate following linting
  • Updated documentation for new format checks and CI processes

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds a Prettier-based deterministic formatting check into the lint pipeline, introduces a CI QA workflow gate to fail on post-lint working-tree changes, and documents these quality gates in the test catalog and CI/CD security plan.

Sequence diagram for updated CI lint and clean-worktree gate

sequenceDiagram
  actor Developer
  participant GitHub
  participant QAWorkflow as QA_workflow_qa-matrix
  participant Npm as npm_scripts
  participant Git as git_CLI

  Developer->>GitHub: Push commit or open PR
  GitHub->>QAWorkflow: Trigger qa-matrix workflow

  QAWorkflow->>Npm: npm run lint
  activate Npm
  Npm->>Npm: npm run format:check
  Npm->>Npm: cross-env ESLINT_USE_FLAT_CONFIG=false eslint src tests
  Npm->>Npm: npm run lint:md
  Npm->>Npm: npm run changelog:validate
  Npm-->>QAWorkflow: Exit code from lint pipeline
  deactivate Npm

  QAWorkflow->>Git: git diff --name-status --exit-code
  Git-->>QAWorkflow: Exit code (nonzero if working tree dirty)

  alt working tree clean
    QAWorkflow->>Npm: npm test -- --runInBand
    Npm-->>QAWorkflow: Test results
  else working tree dirty
    QAWorkflow-->>GitHub: Mark job failed (formatting or lint mutated files)
  end

Loading

File-Level Changes

Change	Details	Files
Introduce a dedicated non-mutating Prettier formatting check and wire it into the main lint script.	Add a format:check npm script that runs prettier --check on JSON/Markdown/HTML/CSS files. Prepend the format:check step to the lint script so lint enforces formatter drift detection before other checks.	package.json
Add a QA workflow safeguard that ensures lint does not leave a dirty git working tree in CI.	Add a QA matrix workflow step that runs npm run lint. Add a follow-up step that runs git diff --name-status --exit-code to fail the job if lint modifies any tracked files.	.github/workflows/qa-matrix.yml
Document the new formatter drift check and CI clean-worktree gate in project docs and test catalog.	Update the tests catalog to list the formatter drift check command and to mention CI quality-gate coverage under workflow changes. Extend the CI/CD security plan to describe the Prettier formatter drift gate, to note that lint now includes the Prettier check, and to call out the QA matrix clean-repo enforcement step.	tests/catalog.md docs/plan/cicd_security.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[qodo-free-for-open-source-projects]

Review Summary by Qodo

Add deterministic formatting and clean-worktree quality gates

✨ Enhancement

Walkthroughs

Description

• Add Prettier formatter drift detection to lint pipeline
• Enforce clean working tree after linting in CI/CD
• Document new quality gates in security plan
• Update test catalog with formatter check coverage

Diagram

flowchart LR
  A["npm run lint"] --> B["format:check"]
  B --> C["ESLint"]
  C --> D["Markdown lint"]
  D --> E["Changelog validate"]
  E --> F["git diff check"]
  F --> G["Clean worktree verified"]

Loading

File Changes

1. package.json ✨ Enhancement +2/-1

Add Prettier format check to lint pipeline

• Add format:check script that runs Prettier in check mode for JSON, Markdown, HTML, CSS files
• Update lint script to include npm run format:check as first step before ESLint

package.json

---

2. .github/workflows/qa-matrix.yml ✨ Enhancement +3/-0

Add clean worktree verification after lint

• Add new step "Verify clean working tree after lint" that runs git diff --name-status --exit-code
• Ensures linting process does not leave uncommitted changes in repository

.github/workflows/qa-matrix.yml

---

3. docs/plan/cicd_security.md 📝 Documentation +3/-0

Document formatter drift and clean-worktree gates

• Document Prettier formatter drift gate as first security layer in source and policy gates
• Add details about format:check being non-mutating
• Document QA matrix enforcement of clean repository state after lint
• Update lint and changelog gates section with new Prettier check details

docs/plan/cicd_security.md

---

View more (1)

4. tests/catalog.md 📝 Documentation +4/-0

Update test catalog with formatter check

• Add formatter drift check (npm run format:check) to test catalog as non-mutating check
• Add CI quality gate/workflow changes section documenting lint and test commands

tests/catalog.md

---

[coderabbitai]

Warning

Rate limit exceeded

@Mehdi-Bl has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 18 minutes and 50 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

The changes introduce Prettier formatter verification as a pre-linting step in the CI pipeline and add a post-linting validation gate to ensure no uncommitted changes remain after formatting checks. The format:check script is added to package.json and integrated into the lint workflow, with supporting documentation updates.

Changes

Cohort / File(s)	Summary
CI Workflow Configuration .github/workflows/qa-matrix.yml, package.json	Added format:check script to package.json and prepended it to the lint workflow. Inserted new CI step "Verify clean working tree after lint" that executes git diff --name-status --exit-code between lint and test steps to enforce no uncommitted changes.
Documentation docs/plan/cicd_security.md, tests/catalog.md	Updated documentation to reflect new Prettier formatter drift gate in CI pipeline and documented the format:check command and post-lint verification step as part of QA quality gates.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• docs: refresh app view screenshots and add manual capture workflow #41: Modifies the repository's linting pipeline configuration in package.json and CI workflows to enforce code quality checks.
• fix: restore UI resizing and filtering + add cross-platform QA gate #24: Adds post-lint verification steps and Prettier checks to CI workflows (qa-matrix.yml) and package.json scripts, directly paralleling these changes.
• feat: restore QA automation and streamline docs on TS branch #23: Introduces CI/QA linting gates and formatter verification in package.json lint-related scripts with similar quality enforcement goals.

Poem

🐰 A formatter hops through the code with care,
Prettier checks dance through the air,
Then git verifies the tree stands clean,
No stray changes left unseen!
CI gates now guard with mighty might,
Keeping the workspace tidy and right! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: add deterministic formatting and clean-worktree gates' directly and accurately reflects the two main changes in the PR: the addition of a Prettier formatting check (deterministic formatting) and a git diff verification step (clean-worktree gate).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/ci-formatting-gate

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @Mehdi-Bl, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the project's continuous integration and delivery pipeline by introducing new quality gates. It ensures that all code adheres to a consistent formatting style through an automated check and prevents builds from passing if linting processes result in uncommitted changes, thereby improving overall code quality and build reliability.

Highlights

• Deterministic Formatting: Integrated a Prettier format check (npm run format:check) into the main npm run lint command to ensure consistent code style across the project.
• Clean Working Tree Enforcement: Introduced a QA workflow guard that fails the build if the lint process leaves a dirty working tree, ensuring that linting operations do not introduce uncommitted changes.
• Documentation Updates: Updated the CI/CD security plan and test catalog documentation to reflect the newly added quality gates for formatting and clean working tree enforcement.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• docs/plan/cicd_security.md
  • Documented the new Prettier formatter drift gate as a source and policy gate.
  • Added Prettier check to the list of operations performed by npm run lint.
  • Included the QA matrix enforcement of a clean repository state after linting.
• package.json
  • Modified the lint script to include npm run format:check.
  • Added a new format:check script to run Prettier in check mode.
• tests/catalog.md
  • Added the formatter drift check (npm run format:check) to the test catalog.
  • Documented the inclusion of npm run lint and npm test -- --runInBand under CI quality gate/workflow changes.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/qa-matrix.yml

Activity

• No human activity has occurred on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The format and format:check scripts use different file globs (the check omits JS/TS files), which may lead to code being auto-formatted locally but not enforced in CI; consider aligning the patterns or documenting the intentional difference.
• The git diff --name-status --exit-code step will fail on any line-ending normalization or other non-functional changes introduced by tools; if this becomes noisy, you may want to restrict the diff to relevant paths or configure .gitattributes to avoid false positives.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The `format` and `format:check` scripts use different file globs (the check omits JS/TS files), which may lead to code being auto-formatted locally but not enforced in CI; consider aligning the patterns or documenting the intentional difference.
- The `git diff --name-status --exit-code` step will fail on any line-ending normalization or other non-functional changes introduced by tools; if this becomes noisy, you may want to restrict the diff to relevant paths or configure `.gitattributes` to avoid false positives.

## Individual Comments

### Comment 1
<location> `package.json:26-27` </location>
<code_context>
     "dev": "node scripts/index.js dev",
     "clear-assets": "rimraf src/renderer/bundle.js src/renderer/bundle.js.map src/renderer/bundle.js.LICENSE.txt src/renderer/output.css",
-    "lint": "cross-env ESLINT_USE_FLAT_CONFIG=false eslint src tests --ext .js,.jsx,.ts,.tsx --cache && npm run lint:md && npm run changelog:validate",
+    "lint": "npm run format:check && cross-env ESLINT_USE_FLAT_CONFIG=false eslint src tests --ext .js,.jsx,.ts,.tsx --cache && npm run lint:md && npm run changelog:validate",
     "lint:md": "npm run lint:md:links && npm run lint:md:style",
     "lint:md:links": "node scripts/lint-markdown-links.js",
</code_context>

<issue_to_address>
**suggestion:** Consider aligning `format:check` file set with `format` to avoid inconsistent formatting guarantees.

Currently `format` runs Prettier on `**/*.{js,jsx,ts,tsx,json,md,html,css}`, while `format:check` only checks `**/*.{json,md,html,css}`. This means CI only enforces formatting for non-code files and may miss JS/TS issues. If CI is meant to gate on all Prettier formatting, consider having `format:check` use the same glob (or a shared config) so JS/TS files don’t pass lint but later fail `npm run format` locally.

```suggestion
    "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,md,html,css}\"",
    "format:check": "prettier --check \"**/*.{js,jsx,ts,tsx,json,md,html,css}\"",
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Files

None

[gemini-code-assist]

Code Review

This pull request adds a Prettier formatting check (format:check) to the lint script and a CI guard to ensure a clean working tree after linting. The changes are well-documented in cicd_security.md and tests/catalog.md. My review focuses on making the new format:check script more robust and consistent with the existing format script. I've suggested an improvement in package.json to ensure all relevant file types are checked for formatting.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[qodo-free-for-open-source-projects]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Prettier checks generated CSS 🐞 Bug ⛯ Reliability

Description

npm run lint now runs format:check, which checks all **/*.css in the repo unless excluded.
Generated/gitignored CSS like src/renderer/output.css (Tailwind output) may exist locally and
cause lint to fail even though the file isn’t intended to be formatted/committed.

Code

package.json[R20-27]

+    "lint": "npm run format:check && cross-env ESLINT_USE_FLAT_CONFIG=false eslint src tests --ext .js,.jsx,.ts,.tsx --cache && npm run lint:md && npm run changelog:validate",
    "lint:md": "npm run lint:md:links && npm run lint:md:style",
    "lint:md:links": "node scripts/lint-markdown-links.js",
    "lint:md:style": "markdownlint \"**/*.{md,mdx}\" --config .markdownlint.json --ignore node_modules --ignore dist",
    "changelog:validate": "node scripts/validate-changelog.js",
    "lint:tests": "cross-env ESLINT_USE_FLAT_CONFIG=false eslint tests --ext .js,.jsx,.ts,.tsx --cache",
    "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,md,html,css}\"",
+    "format:check": "prettier --check \"**/*.{json,md,html,css}\"",

Evidence

lint now invokes format:check, and format:check explicitly checks all matching css files.
The repo also generates src/renderer/output.css via the Tailwind build, and that output is
gitignored (i.e., can exist in working trees). .prettierignore does not exclude this generated
file path, so the new check is likely to pick it up when present and potentially fail due to
formatting differences.

package.json[20-27]
package.json[35-36]
.gitignore[17-21]
.prettierignore[1-7]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`npm run lint` now runs `prettier --check "**/*.{json,md,html,css}"`. This can inadvertently include generated artifacts (not meant for formatting enforcement) such as Tailwind’s `src/renderer/output.css`, making lint fail depending on the developer’s local build state.

## Issue Context
- Tailwind build writes to `src/renderer/output.css`.
- The file is gitignored (so it commonly exists locally, but not in CI checkouts).
- `.prettierignore` currently doesn’t exclude this output.

## Fix Focus Areas
- .prettierignore[1-7]
- package.json[20-27]
- package.json[35-36]
- .gitignore[17-21]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Format/check scope mismatch 🐞 Bug ⛯ Reliability

Description

format formats JS/TS, but new format:check only checks json/md/html/css. If you expect CI to
prevent JS/TS Prettier drift (given the presence of format), the current check won’t detect it.

Code

package.json[R26-27]

    "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,md,html,css}\"",
+    "format:check": "prettier --check \"**/*.{json,md,html,css}\"",

Evidence

The scripts define different file globs: format includes JS/TS while format:check does not.
Additionally, lint-staged only runs Prettier on json/md/html/css, which suggests this might be
intentional—but it should be aligned/documented to avoid confusion and inconsistent formatting
expectations.

package.json[26-27]
package.json[74-81]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
There is a mismatch between what `npm run format` changes (includes JS/TS) and what CI now validates via `npm run format:check` (json/md/html/css only). This can create confusing or inconsistent expectations about which file types are formatting-gated.

## Issue Context
`lint-staged` suggests Prettier is only meant for json/md/html/css while ESLint handles JS/TS; however, the `format` script still formats JS/TS.

## Fix Focus Areas
- package.json[20-27]
- package.json[26-27]
- package.json[74-81]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Clean-tree gate checks tracked only 🐞 Bug ⛯ Reliability

Description

The workflow’s new “clean working tree” gate uses git diff --name-status --exit-code, which only
fails on changes to tracked files and won’t flag newly created untracked artifacts. If the intent is
a truly clean workspace, this check is incomplete.

Code

.github/workflows/qa-matrix.yml[R42-43]

+      - name: Verify clean working tree after lint
+        run: git diff --name-status --exit-code

Evidence

The workflow step explicitly runs git diff --name-status --exit-code. That command asserts no
diffs against the index for tracked files; it does not validate that the workspace has no untracked
files. If the goal is to ensure lint doesn’t leave behind any artifacts at all, you’ll need an
additional git status-based check.

.github/workflows/qa-matrix.yml[39-46]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow step labeled “Verify clean working tree after lint” only checks tracked-file diffs. It won’t fail if lint produces untracked files.

## Issue Context
If the intended policy is “lint must not modify tracked files,” current check is fine. If the intended policy is “lint must leave the repo fully clean,” add a status-based check.

## Fix Focus Areas
- .github/workflows/qa-matrix.yml[39-46]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more