Theme: Testing + CI Foundation (the safety net) — HIGH PRIORITY
Problem
There is no CI whatsoever in this repo (.github/workflows/ does not exist — verified). Nothing gates pushes or PRs: lint, type errors, and build breaks all land silently. This is a monorepo of four independent sample apps with heterogeneous stacks and package managers, so a single top-level build won't cover them. Without CI there is no safety net for the dependency and SDK upgrades tracked in the sibling issues.
App inventory (each is self-contained with its own manifest/lockfile):
| App |
Stack |
Package manager |
Build |
legal-semantic-search |
Next.js 15 + LangChain + Pinecone JS v4 |
npm (package-lock.json) |
next build |
namespace-notes/client |
Next.js 15 + next-auth beta |
npm |
next build |
namespace-notes/server |
Express / Node + TypeScript (tsc) + Pinecone JS v2 |
npm |
tsc |
pinecone-assistant |
Next.js 15 |
pnpm (pnpm-lock.yaml) |
next build |
shop-the-look |
Next.js 15 frontend + FastAPI (Python) backend |
npm + pip (requirements.txt) |
next build + Python import check |
Proposed fix
Add .github/workflows/ci.yml triggered on push and pull_request, with a matrix over the app subdirectories. Because package managers differ, drive the matrix on { app, package-manager, node-version } and set the working-directory per job.
For each JS/TS app, run in its subdir:
- install (respecting the app's lockfile:
npm ci, or pnpm install --frozen-lockfile for pinecone-assistant)
lint (each app defines next lint / eslint; namespace-notes/server uses eslint-config-standard-with-typescript)
- typecheck (
tsc --noEmit; the server already compiles via tsc)
- production build (
next build; tsc for the server) — this is the build smoke test that catches bundling/packaging breaks a type check misses
Add a separate Python job for shop-the-look:
pip install -r requirements.txt
- import/compile smoke (
python -c "import api.index" or python -m compileall api) and ruff/flake8 if adopted
Additional requirements:
- Least-privilege token: set
permissions: contents: read at the workflow top level (Theme 5 — no workflow tokens exist yet, so establish the default now).
- Cache dependencies per package manager (
actions/setup-node cache for npm/pnpm; actions/setup-python pip cache).
- Use
fail-fast: false so one app's failure doesn't mask the others.
- Pin action versions and the Node/Python runtimes actually used by the apps.
Note: a separate CI PR will be opened to close this issue.
Acceptance criteria
- Workflow runs on push + PR and is green on the current tree (or surfaces real pre-existing breakage to be fixed).
- Every app subdir is covered by lint + typecheck + build;
shop-the-look Python backend has an install + import smoke job.
- Each job installs from the app's own lockfile with the correct package manager (npm vs pnpm vs pip).
GITHUB_TOKEN scoped to least privilege at workflow level.
- Dependency caching enabled.
Blast radius
safe — additive; introduces no runtime changes. May surface latent lint/type/build failures, which should be fixed or annotated as part of the CI PR.
Dependencies
None — this is the prerequisite safety net for the dependency-major and SDK-upgrade issues in this sweep.
Theme: Testing + CI Foundation (the safety net) — HIGH PRIORITY
Problem
There is no CI whatsoever in this repo (
.github/workflows/does not exist — verified). Nothing gates pushes or PRs: lint, type errors, and build breaks all land silently. This is a monorepo of four independent sample apps with heterogeneous stacks and package managers, so a single top-level build won't cover them. Without CI there is no safety net for the dependency and SDK upgrades tracked in the sibling issues.App inventory (each is self-contained with its own manifest/lockfile):
legal-semantic-searchpackage-lock.json)next buildnamespace-notes/clientnext buildnamespace-notes/servertsc) + Pinecone JS v2tscpinecone-assistantpnpm-lock.yaml)next buildshop-the-lookrequirements.txt)next build+ Python import checkProposed fix
Add
.github/workflows/ci.ymltriggered onpushandpull_request, with a matrix over the app subdirectories. Because package managers differ, drive the matrix on{ app, package-manager, node-version }and set the working-directory per job.For each JS/TS app, run in its subdir:
npm ci, orpnpm install --frozen-lockfileforpinecone-assistant)lint(each app definesnext lint/ eslint;namespace-notes/serveruses eslint-config-standard-with-typescript)tsc --noEmit; the server already compiles viatsc)next build;tscfor the server) — this is the build smoke test that catches bundling/packaging breaks a type check missesAdd a separate Python job for
shop-the-look:pip install -r requirements.txtpython -c "import api.index"orpython -m compileall api) andruff/flake8if adoptedAdditional requirements:
permissions: contents: readat the workflow top level (Theme 5 — no workflow tokens exist yet, so establish the default now).actions/setup-nodecache for npm/pnpm;actions/setup-pythonpip cache).fail-fast: falseso one app's failure doesn't mask the others.Acceptance criteria
shop-the-lookPython backend has an install + import smoke job.GITHUB_TOKENscoped to least privilege at workflow level.Blast radius
safe— additive; introduces no runtime changes. May surface latent lint/type/build failures, which should be fixed or annotated as part of the CI PR.Dependencies
None — this is the prerequisite safety net for the dependency-major and SDK-upgrade issues in this sweep.