feat: implement issue #333 — Compliance: copilot-instructions-missing-local-dev-commands

[don-petry]

Closes #333

Implemented by dev-lead agent. Please review.

Summary by CodeRabbit

• Documentation
  • Added a new “Local Dev Commands” section with quick references for installing dependencies, running tests, checking coverage, linting, formatting, and typechecking.
  • Included a note clarifying that the app runs in Google Apps Script and does not use a local development server.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Warning

Review limit reached

@don-petry, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 57 minutes and 53 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a1a16555-4937-4b3f-ba28-aa3d2f1281ab

📥 Commits

Reviewing files that changed from the base of the PR and between 8f2a975 and 5984a2d.

📒 Files selected for processing (1)

• .github/copilot-instructions.md

📝 Walkthrough

Walkthrough

The PR adds a Local Dev Commands section to .github/copilot-instructions.md with repository commands for install, testing, linting, formatting, and typechecking, plus a note that the app runs in Google Apps Script.

Changes

Copilot instructions compliance

Layer / File(s)	Summary
Local Dev Commands section .github/copilot-instructions.md	Adds a new Local Dev Commands Markdown section listing the main npm scripts and clarifying that deployment targets Google Apps Script rather than a local server.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly states the compliance fix for issue #333 and the missing local dev commands section.
Linked Issues check	✅ Passed	The PR adds the required Local Dev Commands section to .github/copilot-instructions.md, matching issue #333.
Out of Scope Changes check	✅ Passed	The changes stay focused on the requested copilot instructions update and do not add unrelated scope.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev-lead/issue-333-20260626-2029

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[gemini-code-assist]

Code Review

This pull request updates the ".github/copilot-instructions.md" file to include a new "Local Dev Commands" section, detailing commands for installation, testing, linting, formatting, and typechecking, along with a note on how the code is deployed and run. The feedback suggests adding a command to run tests for a specific folder or script to improve local development efficiency.

[don-petry]

Dev-Lead — fix-bot-comment (applied)

Changes committed and pushed.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[don-petry]

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

[donpetry-bot]

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: 5984a2d84a4635960ca1c51285083cab17f98a04
Review mode: triage-approved (single reviewer)

Summary

Docs-only change (+14/-0) adding the required ## Local Dev Commands section to .github/copilot-instructions.md. Confirms the triage low-risk assessment.

Linked issue analysis

Closes #333 (compliance: copilot-instructions-missing-local-dev-commands). The issue requires a ## Local Dev Commands section per the org standard; the PR adds exactly that, listing install/test/coverage/e2e/lint/format/typecheck commands plus a note that deployed code runs in Google Apps Script (no local dev server). Substantively addressed.

Findings

No blocking findings.

• gemini-code-assist (low priority): suggested adding a per-folder test command — already incorporated in the diff (Test (specific folder): npx jest "<agent-folder>/tests"). Resolved.
• SonarCloud Quality Gate: passed (0 new issues, 0 security hotspots).
• chatgpt-codex / coderabbit: usage/rate-limit notices only — no substantive feedback.
• Secret scanning MCP tool not exposed for this repo; gitleaks CI check passed. No secrets in a docs-only diff.

CI status

All checks green or skipped — build-and-test, Node.js Tests, Coverage, Playwright UI, CodeQL (actions/js-ts/python), SonarCloud, gitleaks secret scan, AgentShield, dependency-audit all SUCCESS. mergeStateStatus is BLOCKED only because human review (org-leads) is still required, not due to any failing check.

---

Reviewed automatically by the PR-review agent (single-reviewer mode: fable 5). Reply if you need a human review.

[github-actions]

CI Failure: SonarCloud Code Analysis

Step: SonarCloud Quality Gate
Root cause: Lint/style

SonarCloud detected 13 Security Hotspots in new code on the main branch, causing the Quality Gate to fail. Security Hotspots flag security-sensitive code patterns (e.g. use of eval, dynamic URLs, credential handling) that require manual review to determine if they are actual vulnerabilities. The PR diff itself only modifies .github/copilot-instructions.md, so these hotspots likely originate from recently merged code that pushed the count over the Quality Gate threshold.

Suggested fix: Open the SonarCloud Security Hotspots dashboard and triage the 13 flagged hotspots — mark each as Safe or Acknowledged if they are intentional patterns, or fix the underlying code if they represent real risks, then re-run the analysis.

View run logs