chore: consolidate surviving remote branch work

[flyingrobots]

Summary

This PR consolidates the remote branches that still deserve to land on top of the current main, and explicitly documents the ones that should not.

Included in this branch:

• cherry-picked origin/progress/update-matrix
• cherry-picked origin/dependabot/github_actions/main/github-actions-6d0f2f8a45
• cherry-picked origin/dependabot/npm_and_yarn/main/tiptap/pm-3.20.2
• cherry-picked origin/dependabot/npm_and_yarn/main/tiptap/react-3.20.2 with conflict resolution for the shared Tiptap dependency block
• extracted the safe @supabase/pg-parser portion from origin/dependabot/npm_and_yarn/main/production-dependencies-0813ff24ca
• made the SHIPME PR-comment step best-effort so comment-permission edge cases do not fail the certificate job
• improved placeholder-bundle fallback logging in generate-execution.mjs

Branch Decisions

Branch	What it changes	Decision	Notes
dependabot/github_actions/main/github-actions-6d0f2f8a45	Updates SHA-pinned GitHub Action refs across workflows	Merge	Cherry-picked cleanly on top of the hardened workflow set
dependabot/npm_and_yarn/main/development-dependencies-cf3ed49629	Large dev-toolchain bump including eslint 10, @eslint/js 10, vite-adjacent tooling, and website/test updates	Do not merge	Rejected as-is because it introduces unsupported peer ranges on current main; needs a dedicated compatibility pass
dependabot/npm_and_yarn/main/mantine/notifications-8.3.17	Website-only @mantine/notifications bump	Do not merge	Narrow partial Mantine drift with failing PR checks; not worth landing alone
dependabot/npm_and_yarn/main/production-dependencies-0813ff24ca	Root/runtime dependency bumps including vite 8 and @supabase/pg-parser 0.1.7	Partial extract only	Rejected as-is because vite 8 conflicts with the repo-wide pnpm.overrides alias to rolldown-vite@7.1.14; extracted only the safe @supabase/pg-parser bump
dependabot/npm_and_yarn/main/tiptap/pm-3.20.2	Website @tiptap/pm bump	Merge	Cherry-picked
dependabot/npm_and_yarn/main/tiptap/react-3.20.2	Website @tiptap/react bump	Merge	Cherry-picked with conflict resolution against the @tiptap/pm branch
gh-pages	Published site output	Do not merge	Deployment branch, not a source branch for main
progress/update-matrix	README and progress metadata refresh	Merge	Cherry-picked cleanly

Risk

• Low to moderate operational risk. The branch mainly carries workflow SHA pin refreshes and dependency bumps, but it does touch the website editor stack (@tiptap/*) and runtime parser dependency (@supabase/pg-parser).
• The most meaningful functional risk is the website TipTap compatibility surface; that is why the website build and generation path were re-run locally.
• The SHIPME workflow change lowers risk rather than raising it: certificate generation still runs, but PR comment posting is no longer allowed to fail the job.

Backout

• Full PR rollback: git revert adb725b f251611 d5a0bce a8bfd79 1797394 273922f 5f8262e e6e79d3 on main, then push the revert branch and merge it normally.
• Workflow pin rollback map for the action-SHA refresh landed by commit 5f8262e:
  • actions/checkout: 93cb6efe18208431cddfb8368fd83d5badbf9bfd or 34e114876b0b11c390a56381ad16ebd13914f8d5 -> de0fac2e4500dabe0009e67214ff5f5447ce83dd
  • actions/cache: 0057852bfaa89a56745cba8c7296529d2fc39830 -> cdf6c1fa76f9f475f3d7449005a359c84ca0f306
  • dorny/paths-filter: de90cc6fb38fc0963ad72b210f1f284cd68cea36 -> fbd0ab8f3e69293af611ebaee6363fc25e6d187d
  • oven-sh/setup-bun: f4d14e03ff726c06358e5557344e1da148b56cf7 -> 0c5077e51419868618aeaa5fe8019c62421857d6
  • peter-evans/create-pull-request: f409e76e481d84f8c7920f637f57ed4f122d2265 -> c0f553feafe707dd4945e87a08a221bf535ef945
  • ossf/scorecard-action: c7f6ae853cd60e6e2f412cf35def4cffda4599c1 -> 4eaacf0543bb3f2c246792bd56e8cdeffafb205a
  • actions/github-script: 60a0d83039c74a4aee543508d2ffcb1c3799cdea -> ed597411d8f924073f98dfc5c65a23a2325f34cd
• Fastest rollback for the parser bump only: revert commit d5a0bce.
• Fastest rollback for the SHIPME comment fix only: revert commit adb725b.

Testing

• pnpm lint
• pnpm --filter wesley-website build
• pnpm --filter @wesley/core test
• node packages/wesley-host-node/bin/wesley.mjs generate --schema test/fixtures/examples/ecommerce.graphql --ops test/fixtures/examples/ops --out-dir <tmp> --allow-dirty
• pre-push Bats suite triggered automatically during git push

Merge Strategy

• Merge this branch with a regular merge commit after CI is green.
• Do not squash away the branch-level integration history; the keep/reject decisions are part of the audit trail.

[coderabbitai]

Warning

Rate limit exceeded

@flyingrobots has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 41 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 74c10137-7730-4198-970a-3e95b95c0529

📥 Commits

Reviewing files that changed from the base of the PR and between adb725b and 11ed689.

⛔ Files ignored due to path filters (1)

• packages/wesley-core/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (7)

• .github/workflows/cert-shipme.yml
• CHANGELOG.md
• CHRONICLES_OF_THE_MACHINE-KIND_VOL_00000001.jsonl
• test/ci-pkg-core.bats
• test/ci-workflows.bats
• wesley-website/src/components/playground/RichEditor.jsx
• wesley-website/src/components/playground/RichEditor.test.jsx

Walkthrough

Updated many GitHub Actions action pins across workflows; bumped @supabase/pg-parser and TipTap package versions; adjusted project progress/badges; added branch-triage log entry; small runtime fallback and logging improvements in a CLI emitter; removed an unused import.

Changes

Cohort / File(s)	Summary
GitHub Actions — widespread checkout pins .github/workflows/... (architecture-boundaries.yml, ci.yml, cli-tests.yml, codeql.yml, dependency-review.yml, docs-link-check.yml, pkg-cli.yml, pkg-core.yml, pkg-generator-js.yml, pkg-generator-supabase.yml, pkg-holmes.yml, pkg-host-deno.yml, pkg-host-node.yml, pkg-slaps.yml, pkg-tasks.yml, preflight.yml, wesley-website.yml, ...)	Replaced many actions/checkout pins with de0fac2e4500dabe0009e67214ff5f5447ce83dd. No control-flow changes.
GitHub Actions — other action pins & workflow logic .github/workflows/browser-smoke.yml, cert-shipme.yml, pkg-host-bun.yml, progress.yml, runtime-smokes.yml, scorecards.yml, wesley-holmes.yml	Updated other action pins (cache, oven-sh/setup-bun, peter-evans/create-pull-request, ossf/scorecard-action, actions/github-script). cert-shipme.yml additionally adds continue-on-error and wraps PR-comment update/create in a try/catch to emit warnings on failure (non-failing). Otherwise no behavior changes.
Package dependency bumps package.json, packages/wesley-core/package.json, packages/wesley-generator-supabase/package.json, packages/wesley-host-node/package.json	Bumped @supabase/pg-parser to ^0.1.7 across multiple package.json files.
Frontend dependency bumps wesley-website/package.json	Bumped @tiptap/pm and @tiptap/react from ^3.13.0 → ^3.20.4.
Progress, badges, README README.md, meta/badges/overall.json, meta/progress.json	Updated overall and package progress numbers and passRates; added hasApi/hasCaveats flags and updated timestamp; badge message changed to reflect new progress.
CLI emitter: logging & SHA fallback packages/wesley-cli/src/commands/generate-execution.mjs	Emit placeholder bundle now initializes sha to 'unknown', prefers GITHUB_SHA if git lookup fails, and logs debug on SHA/history refresh failures (explicit catch + debug).
Minor cleanup & logs scripts/check-doc-truth.mjs, CHRONICLES_OF_THE_MACHINE-KIND_VOL_00000001.jsonl	Removed unused dirname import; added a branch-triage log entry and removed a prior correction entry in the chronicles JSONL.

Sequence Diagram(s)

(omitted — changes are primarily dependency/version pinning, minor workflow error handling and small internal logging adjustments; no multi-component new control flow requiring visualization)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat(host-browser): browser host + browser/deno/bun smokes #270 — touches the same workflow files and action pin updates.
• chore: lump merge of 4 stale branches + cherry-picks from 2 more #398 — overlaps changes to project metadata (README, meta/progress.json, meta/badges/overall.json).

"Pins advance, badges shift, logs record the day,
A SHA falls back when git won't play.
Workflows hum with newer strings,
Small bumps, bright wings — CI sings."

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately summarizes the PR's main objective of consolidating remote branches; it is concise, clear, and directly reflects the changeset's primary intent.
Description check	✅ Passed	Description comprehensively covers all required template sections: Summary with linked decisions, Why (rationale + alternatives), Changes (via branch decision table), Risk assessment, detailed Backout procedures, Testing commands, and Merge Strategy with checklist items checked.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/mega-merge

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 The Case of Pull Request #432

🕵️ SHA-lock HOLMES's Investigation (click to expand)

🕵️ SHA-lock HOLMES Investigation

• Generated: 2026-03-18T13:41:18.428Z
• Commit SHA: 8b9e91c
• Bundle Version: 2.0.0

⚠️ Evidence valid only for commit 8b9e91c

🔍 Executive Deduction

"Watson, after careful examination of the evidence, I deduce..."

Weighted Completion: ██████░░░░ 60.0%
Scores: SCS 60.0% · TCI 70.0% · MRI 20.0%
Verification Status: 2 claims verified
Ship Verdict: REQUIRES INVESTIGATION

🧩 SCS Breakdown

Component	Score	Coverage
Sql	60.0%	0.60/1.00
Types	60.0%	0.60/1.00
Validation	60.0%	0.60/1.00
Tests	70.0%	0.70/1.00

🧪 TCI Breakdown

Component	Score	Coverage	Note
Unit Constraints	70.0%	1/1	N/A
Unit Rls	0.0%	—	N/A
Integration Relations	0.0%	—	N/A
E2e Ops	0.0%	—	Not tracked in quick emit mode

⚠️ MRI Breakdown

Component	Risk Share	Points	Count
Drops	100.0%	20	0
Renames Without Uid	0.0%	0	0
Add Not Null Without Default	0.0%	0	0
Non Concurrent Indexes	0.0%	0	0

📊 The Weight of Evidence

"Observe, Watson, how not all features carry equal importance..."

Element	Weight	Status	Evidence	Deduction
schema	5	✅ SQL & tests	out/schema.sql:1-9999@8b9e91c	Elementary!

🚪 Security & Performance Gates

"Elementary security measures, Watson..."

Gate	Status	Evidence	Holmes's Ruling
Migration Risk	✅	MRI: 20.0%	"Acceptable risk"
Test Coverage	⚠️	TCI: 70.0%	"Insufficient coverage"
Sensitive Fields	✅	0 fields	"All secured"

📋 The Verdict

⚠️ REQUIRES FURTHER INVESTIGATION
"Some clues remain unclear. Address the noted issues."

Signed and sealed,

• S. Holmes, Consulting Detective

[END OF INVESTIGATION FOR COMMIT 8b9e91c]

---

🩺 Dr. WATSON's Verification (click to expand)

🩺 Dr. Watson's Independent Verification Report

Medical Examination of Evidence

• Examination Date: 2026-03-18T13:42:17.926Z
• Patient SHA: 8b9e91c

🔬 Citation Verification

"Let me examine each piece of evidence independently..."

• Citations Examined: 2
• Verified: 0 ✅
• Failed: 0 ❌
• Unable to Verify: 2

Verification Rate: 0.0%

📊 Mathematical Verification

"I shall recalculate Holmes's arithmetic..."

Holmes claimed SCS: 60.0%
Watson calculates: 100.0%
Difference: ⚠️ Significant

🔍 Consistency Analysis

"Checking for contradictions in Holmes's deductions..."

✅ No logical inconsistencies detected

🩺 Dr. Watson's Medical Opinion

VERIFICATION: CONCERNS NOTED ⚠️

"While Holmes's methods are generally sound, I have noted some"
"discrepancies that warrant further investigation."

Respectfully submitted,

• Dr. J. Watson, M.D.
  Medical Examiner & Verification Specialist

---

🔮 Professor MORIARTY's Predictions (click to expand)

🧠 Professor Moriarty's Temporal Predictions

The Mathematics of Inevitability

• Analysis Date: 2026-03-18T13:43:02.338Z

🔮 Current State

SCS: ██████░░░░ 60.0%
TCI: ███████░░░ 70.0%
MRI: 20.0% risk

📈 Velocity Analysis

SCS Velocity: +0.00%/day
Git Activity (window): 24h · commits 38 (1 relevant) · ~38.00 commits/day
↳ Magnitude: ~8 relevant LOC/day across ~1.0 files/day
Activity Index: 14 / 100 (PR 0, Window 36)
Blended Velocity: +0.09%/day
Commit Size Burstiness: 0 / 100 (higher = more uneven commit sizes)
⚠️ PLATEAU DETECTED - Low SCS movement and low recent Git activity.

⏰ Completion Predictions

ETA: Cannot predict (insufficient velocity)

"At current velocity, completion is... improbable."

🧪 Readiness EXPLAIN

• SCS ≥ 80% → FAIL ❌ (actual 60.0%)
• TCI ≥ 70% → PASS ✅ (actual 70.0%)
• MRI ≤ 40% → PASS ✅ (actual 20.0%)
• CI Stability ≥ 90% (branch main) → FAIL ❌ (actual 90% over ~168h)
• Delivery context (last 168h): 0 issues closed · 0 PRs merged (informational, not gating)

Signals blend: SCS velocity (70%) + Git activity (30%, branch-first). Activity only suppresses false plateaus; it never inflates readiness.

📊 Historical Trajectory

03-18: ██████░░░░ 60.0%
03-18: ██████░░░░ 60.0%
03-18: ██████░░░░ 60.0%

"Every problem becomes elementary when reduced to mathematics"
— Professor Moriarty

---

Machine-readable reports: holmes-report.json · watson-report.json · moriarty-report.json (see workflow artifacts).

---

Filed at 221B Repository Street

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f25161123b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 9

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/cli-quick.yml:
- Around line 31-37: The workflow changes combine two major action upgrades
(actions/checkout@... and dorny/paths-filter@...) into a permissions-fix commit;
split them into a separate commit/PR that upgrades actions/checkout (v5→v6) and
dorny/paths-filter (v3→v4) or revert the action version bumps in this PR so the
permissions change is isolated, and if you must keep them document in the PR
description why the upgrades are required (reference the specific steps "uses:
actions/checkout@..." and the "Detect CLI changes" step using dorny/paths-filter
with id: changes), include the target release SHAs/versions, and add explicit
rollback instructions (how to pin back to the previous SHAs) and a short
compatibility note so reviewers can evaluate the major-version impact.

In @.github/workflows/progress.yml:
- Line 25: This workflow update changes the pinned action SHA for
actions/checkout (actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd);
add an explicit rollback map to the PR description listing the previous SHA →
new SHA mapping for this pin (and any other workflow pins changed in the same
PR), and include the exact rollback git command to revert if needed (for
example, the commit hash to revert to or the cherry-pick command to apply the
previous commit). Make the rollback entry concrete—e.g. "actions/checkout:
OLD_SHA → de0fac2e4500dabe0009e67214ff5f5447ce83dd; rollback: git revert
<this-PR-commit-SHA> OR git cherry-pick <previous-commit-SHA> onto main"—so
reviewers and on-call engineers can copy/paste it during an emergency.

In @.github/workflows/scorecards.yml:
- Around line 29-35: Update the PR description to include a concise
justification for changing the workflow action pins (why the pins were updated —
e.g., fixed a deterministic break, performance/regression, or security fix) and
add explicit revert mappings for each action showing the old SHA → new SHA for
actions/checkout (old SHA → de0fac2e4500dabe0009e67214ff5f5447ce83dd) and
ossf/scorecard-action (old SHA → 4eaacf0543bb3f2c246792bd56e8cdeffafb205a);
reference the exact action identifiers used in the diff (actions/checkout and
ossf/scorecard-action) so reviewers can verify and so the PR provides a clear
backout path.

In `@CHRONICLES_OF_THE_MACHINE-KIND_VOL_00000001.jsonl`:
- Line 76: The "timestamp" field in the JSON line uses fractional seconds
("2026-03-18T12:51:10.144Z") but the Chronicle schema requires strict UTC
without fractions (YYYY-MM-DDTHH:MM:SSZ); update the producer that writes the
"timestamp" key so it emits timestamps trimmed to whole seconds (e.g.,
"2026-03-18T12:51:10Z") for entries like the one with agent "codex" and action
"branch-triage", ensure the serializer/formatter that generates these JSONL
lines always truncates or formats Date objects to seconds-only UTC before
writing.

In `@meta/progress.json`:
- Around line 13-15: The project metadata currently claims passRate: 0.9 but CI
shows only 33.3% (2 of 3 suites failing) and unit/integration tests under
`@wesley/core` are failing; run the full test matrix (unit, integration, snapshot)
locally/CI, fix the failing tests in the `@wesley/core` package (address failing
assertions, mocks, or test setup in the failing test files) until all suites
pass, then update meta/progress.json to reflect the actual computed passRate
(e.g., 0.333 or the accurate decimal) and only change "next" or "progress" if
the fixed test results meet the criteria for advancing.

In `@packages/wesley-cli/src/commands/generate-execution.mjs`:
- Around line 230-232: The catch block that swallows errors when resolving the
git SHA should be updated to (1) capture the thrown error (e.g., catch (err)),
(2) emit a debug/trace log with the error and context (using the same logger
used elsewhere in this module) so failures are observable, and (3) update the
inline comment to accurately describe the fallback chain: first try `git
rev-parse HEAD`, then `ctx.env.GITHUB_SHA`, then `"unknown"`; ensure the
variable that holds the SHA (the code around the git invocation and
`ctx.env.GITHUB_SHA`) still falls back to `"unknown"` after logging the error.
- Around line 306-308: The empty catch after calling loadMoriartyHistory is
either redundant or masking unexpected errors; either remove the try/catch (so
unexpected throws propagate to the existing outer catch) or modify the catch to
capture the error (e.g., catch (err)) and log it via the existing logger/warn
callback or processLogger (include err.message/stack) to preserve observability;
locate the call to loadMoriartyHistory in generate-execution.mjs and update the
surrounding try/catch accordingly.

In `@packages/wesley-core/package.json`:
- Line 56: The package-lock for the wesley-core workspace is out of sync:
package.json declares "@supabase/pg-parser": "^0.1.7" but
packages/wesley-core/package-lock.json is still pinned to 0.1.3; regenerate the
lock to reflect ^0.1.7 by running npm install (or npm ci after updating
package.json) in the workspace root so packages/wesley-core/package-lock.json is
updated to resolve 0.1.7, and ensure the dependency spec for
"@supabase/pg-parser" remains consistent across root and workspaces.

In `@wesley-website/package.json`:
- Around line 27-28: Replace the invalid use of
editor.commands.setContent(createCodeDocument(value), false, { preserveCursor:
true }) in RichEditor.jsx: the setContent API does not accept a preserveCursor
option; instead either chain commands to set content and restore selection (use
editor.chain().setContent(createCodeDocument(value)).setTextSelection(position).focus().run()
and compute the desired position) or use editor.commands.insertContent(...) for
partial updates that retain the cursor; update the call sites where
createCodeDocument(value) is applied to use one of these approaches and remove
the unsupported options object.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 84028799-0fb9-4ebe-a8c0-7e74be8b57d3

📥 Commits

Reviewing files that changed from the base of the PR and between fff4a61 and f251611.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (36)

• .github/workflows/architecture-boundaries.yml
• .github/workflows/browser-smoke.yml
• .github/workflows/cert-shipme.yml
• .github/workflows/ci.yml
• .github/workflows/cli-quick.yml
• .github/workflows/cli-tests.yml
• .github/workflows/codeql.yml
• .github/workflows/dependency-review.yml
• .github/workflows/docs-link-check.yml
• .github/workflows/pkg-cli.yml
• .github/workflows/pkg-core.yml
• .github/workflows/pkg-generator-js.yml
• .github/workflows/pkg-generator-supabase.yml
• .github/workflows/pkg-holmes.yml
• .github/workflows/pkg-host-bun.yml
• .github/workflows/pkg-host-deno.yml
• .github/workflows/pkg-host-node.yml
• .github/workflows/pkg-slaps.yml
• .github/workflows/pkg-tasks.yml
• .github/workflows/preflight.yml
• .github/workflows/progress.yml
• .github/workflows/runtime-smokes.yml
• .github/workflows/scorecards.yml
• .github/workflows/wesley-holmes.yml
• .github/workflows/wesley-website.yml
• CHRONICLES_OF_THE_MACHINE-KIND_VOL_00000001.jsonl
• README.md
• meta/badges/overall.json
• meta/progress.json
• package.json
• packages/wesley-cli/src/commands/generate-execution.mjs
• packages/wesley-core/package.json
• packages/wesley-generator-supabase/package.json
• packages/wesley-host-node/package.json
• scripts/check-doc-truth.mjs
• wesley-website/package.json

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/cert-shipme.yml:
- Around line 102-111: The current comment lookup uses a single-page
listComments result, matches any Bot by user.type and only checks body text
which is brittle; change the logic to fully paginate comments (use
octokit.paginate or loop pages with per_page) when calling
github.rest.issues.listComments, require the exact bot identity by matching
c.user.login === 'github-actions[bot]' instead of c.user.type, and anchor the
comment with a stable HTML marker (e.g. a hidden "<!-- SHIPME_COMMENT -->"
token) so the matching predicate checks for that marker in c.body rather than
the visible badge text; then reuse the found botComment id with
github.rest.issues.updateComment or fall back to
github.rest.issues.createComment as before.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3f2d3d93-6e6e-4d6f-a29c-cd31f572a769

📥 Commits

Reviewing files that changed from the base of the PR and between f251611 and adb725b.

📒 Files selected for processing (2)

• .github/workflows/cert-shipme.yml
• packages/wesley-cli/src/commands/generate-execution.mjs

[flyingrobots]

@coderabbitai review please 🥕

[coderabbitai]

Rate Limit Exceeded

@flyingrobots have exceeded the limit for the number of chat messages per hour. Please wait 0 minutes and 31 seconds before sending another message.

[flyingrobots]

@coderabbitai review please 🥕

[coderabbitai]

@flyingrobots On it! 🥕 Kicking off the review of your mega-merge PR now.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.