Chore/shared proofkit skills

[eluce2]

Summary by CodeRabbit

• Chores
  • Added CI enforcement to require a changeset on PRs that touch releasable code.
  • Consolidated continuous-release pipeline to delegate publishing to a reusable workflow.
  • Introduced a reusable publish workflow to run lint/typecheck/test/build and publish previews.
  • Release flow now conditionally publishes preview releases when changesets are present.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
proofkit-docs	Ready	Preview	Apr 2, 2026 2:09pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: b974d99

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: abb415ca-cacf-4921-9359-0dac28235d26

📥 Commits

Reviewing files that changed from the base of the PR and between 3504934 and b974d99.

📒 Files selected for processing (1)

• .github/workflows/release.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/release.yml

---

📝 Walkthrough

Walkthrough

Adds a Changeset Enforcement workflow for PRs to detect releasable-code edits and require changesets, and refactors release/publish CI into a reusable workflow used by continuous-release and conditional release preview publishing.

Changes

Cohort / File(s)	Summary
Changeset Enforcement ​.github/workflows/changeset-enforcement.yml	New PR-triggered workflow that diffs PR vs base, detects edits to releasable paths/files (apps/, packages/, fm-addon/, scripts/, package.json, lock/workspace files, turbo.json, TS/Vitest/Biome config, etc.), and when releasable changes exist runs Node 22/pnpm and enforces pnpm changeset status --since="origin/<base_ref>".
Reusable Publish Workflow ​.github/workflows/publish-any-commit-reusable.yml	New reusable workflow exposing optional ref input; defines jobs: lint, typecheck, test, build, and publish (publish depends on prior jobs). Each job checks out the specified ref, sets up Corepack/Node 22/pnpm, installs with --frozen-lockfile, runs the respective script, and publish runs pnpm dlx pkg-pr-new publish './packages/*' --packageManager=pnpm.
Continuous Release Simplification ​.github/workflows/continuous-release.yml	Removed inline lint/typecheck/test/build/publish jobs and top-level TURBO env vars; replaced with single publish-any-commit job that calls the new reusable workflow and passes secrets via secrets: inherit.
Release Workflow Integration ​.github/workflows/release.yml	Expanded workflow permissions (added id-token: write, actions: read); added jobs.release.outputs.hasChangesets mapping from steps.changesets.outputs.hasChangesets; added new publish-release-pr-preview job that invokes the reusable workflow with ref: refs/heads/changeset-release/${{ github.ref_name }} and runs only when needs.release.outputs.hasChangesets == 'true'.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• update formatting #42: Adds .changeset file and package updates that supply the changeset artifacts enforced by the new changeset-enforcement workflow.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Chore/shared proofkit skills' is vague and does not clearly convey the actual changes made, which involve significant GitHub Actions workflow restructuring including changeset enforcement, reusable workflows, and release automation.	Consider revising the title to be more specific and descriptive of the main changes, such as 'Add changeset enforcement workflow and refactor release automation' or similar to better reflect the actual implementation.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/shared-proofkit-skills

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/changeset-enforcement.yml (1)

40-49: Inconsistent pnpm setup approach compared to other workflows.

This workflow uses pnpm/action-setup@v4 while the other workflows in this PR use corepack enable. Both approaches work, but mixing them could lead to version mismatches if the repository's packageManager field in package.json specifies a different pnpm version than what pnpm/action-setup installs by default.

Consider using the same approach (corepack enable) for consistency across all workflows, which respects the version pinned in package.json.

♻️ Suggested change for consistency

      - name: Setup pnpm
        if: steps.scope.outputs.requires_changeset == 'true'
-       uses: pnpm/action-setup@v4
+       run: corepack enable

      - name: Setup Node.js
        if: steps.scope.outputs.requires_changeset == 'true'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/changeset-enforcement.yml around lines 40 - 49, Replace
the heterogeneous pnpm setup by removing the pnpm/action-setup@v4 step and using
the same "corepack enable" approach as other workflows: update the "Setup pnpm"
step (and ensure "Setup Node.js" remains) to run corepack enable so pnpm version
respects package.json's packageManager; specifically modify the steps titled
"Setup pnpm" and the adjacent "Setup Node.js" in changeset-enforcement.yml to
use corepack enable instead of pnpm/action-setup@v4 to keep behavior consistent
across workflows.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/changeset-enforcement.yml:
- Around line 40-49: Replace the heterogeneous pnpm setup by removing the
pnpm/action-setup@v4 step and using the same "corepack enable" approach as other
workflows: update the "Setup pnpm" step (and ensure "Setup Node.js" remains) to
run corepack enable so pnpm version respects package.json's packageManager;
specifically modify the steps titled "Setup pnpm" and the adjacent "Setup
Node.js" in changeset-enforcement.yml to use corepack enable instead of
pnpm/action-setup@v4 to keep behavior consistent across workflows.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8b0774f1-7f07-474d-be6d-8346587ca3c8

📥 Commits

Reviewing files that changed from the base of the PR and between 94d6068 and 3504934.

📒 Files selected for processing (4)

• .github/workflows/changeset-enforcement.yml
• .github/workflows/continuous-release.yml
• .github/workflows/publish-any-commit-reusable.yml
• .github/workflows/release.yml

[coderabbitai]

❌ An unexpected error occurred while resolving merge conflicts:

Resource not accessible by integration - https://docs.github.com/rest/git/trees#create-a-tree

[pkg-pr-new]

Open in StackBlitz

@proofkit/better-auth

pnpm add https://pkg.pr.new/proofsh/proofkit/@proofkit/better-auth@205

@proofkit/cli

pnpm add https://pkg.pr.new/proofsh/proofkit/@proofkit/cli@205

create-proofkit

pnpm add https://pkg.pr.new/proofsh/proofkit/create-proofkit@205

@proofkit/fmdapi

pnpm add https://pkg.pr.new/proofsh/proofkit/@proofkit/fmdapi@205

@proofkit/fmodata

pnpm add https://pkg.pr.new/proofsh/proofkit/@proofkit/fmodata@205

@proofkit/typegen

pnpm add https://pkg.pr.new/proofsh/proofkit/@proofkit/typegen@205

@proofkit/webviewer

pnpm add https://pkg.pr.new/proofsh/proofkit/@proofkit/webviewer@205

commit: b974d99

[graphite-app]

Git reference mismatch will cause incorrect file detection. Line 22 fetches and creates a local branch using origin/${{ github.base_ref }}:${{ github.base_ref }}, but line 29 attempts to diff against origin/${{ github.base_ref }} which expects a remote tracking branch. The colon syntax creates a local branch without updating the remote tracking branch, causing the diff to potentially use stale or missing remote refs.

Fix: Change line 22 to:

run: git fetch origin ${{ github.base_ref }} --depth=1

Or change line 29 to use the local branch:

CHANGED_FILES=$(git diff --name-only "${{ github.base_ref }}...HEAD")

Suggested change

	run: git fetch origin "${{ github.base_ref }}:${{ github.base_ref }}" --depth=1
	- name: Detect whether this PR touches releasable code
	id: scope
	shell: bash
	run: |
	set -euo pipefail
	CHANGED_FILES=$(git diff --name-only "origin/${{ github.base_ref }}...HEAD")
	run: git fetch origin ${{ github.base_ref }} --depth=1
	- name: Detect whether this PR touches releasable code
	id: scope
	shell: bash
	run: |
	set -euo pipefail
	CHANGED_FILES=$(git diff --name-only "origin/${{ github.base_ref }}...HEAD")

Spotted by Graphite



Is this helpful? React 👍 or 👎 to let us know.