docs: improve local development setup documentation

[shige]

Summary

• Fix README Quick Start that omitted critical prerequisites (PostgreSQL, GitHub App), causing new contributors to hit errors immediately (Development Environment Setup #2781)
• Add step-by-step local development setup guide to CONTRIBUTING.md (prerequisites, env vars, database, dev server)
• Reorganize .env.example with clear required/optional sections and uncommented GitHub App variables

Test plan

• Read through README Quick Start and confirm it matches actual setup flow
• Read through CONTRIBUTING.md setup guide and confirm steps are accurate
• Confirm .env.example required section lists all boot-time validated variables
• Follow the setup steps on a fresh clone to verify end-to-end

🤖 Generated with Claude Code

---

Note

Low Risk
Documentation-only updates that change onboarding instructions and .env guidance; low risk aside from potential confusion if any prerequisites or required vars are misstated.

Overview
Updates the README Quick Start to remove the “under 2 minutes” flow and instead point users to copying apps/studio.giselles.ai/.env.example to .env.local, running pnpm dev:studio.giselles.ai, and acknowledging required prerequisites (Node/pnpm/PostgreSQL/GitHub App/AI key).

Adds a numbered, step-by-step local development setup section to CONTRIBUTING.md, including prerequisites, required env vars, DB creation/migrations, and how to start the dev server.

Reorganizes apps/studio.giselles.ai/.env.example to clearly separate Required vs Optional variables and promotes GitHub App credentials into the required section; also adds a .continuity ledger describing the doc changes and intent.

^{Written by Cursor Bugbot for commit 18a92cb. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• Documentation
  • Updated prerequisite requirements for local development (Node.js 24+, pnpm 10+, PostgreSQL, GitHub App, AI provider API key)
  • Simplified Quick Start and consolidated setup command in README
  • Added step-by-step development setup to CONTRIBUTING with env, DB, and migration steps
  • Reorganized example env to separate required vs optional, moved GitHub App creds to required and uncommented variables
  • Cleaned and formatted docs; added new security/feature flags and removed legacy duplicated blocks

[giselles-ai]

Finished running flow.

Step 1
🟢	On Pull Request Opened Status: Success Updated: Mar 3, 2026 3:55am
Step 2
🟢	Manual QA Status: Success Updated: Mar 3, 2026 3:58am
🟢	Prompt for AI Agents Status: Success Updated: Mar 3, 2026 3:58am
Step 3
🟢	Create a Comment for PR Status: Success Updated: Mar 3, 2026 4:00am
Step 4
🟢	Create Pull Request Comment Status: Success Updated: Mar 3, 2026 4:00am

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
giselle	Ready	Preview, Comment	Mar 3, 2026 3:58am
ui	Ready	Preview, Comment	Mar 3, 2026 3:58am

[changeset-bot]

⚠️ No Changeset found

Latest commit: 18a92cb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

💥 An error occurred when fetching the changed packages and changesets in this PR

Some errors occurred when validating the changesets config:
The package or glob expression "giselles-ai" is specified in the `ignore` option but it is not found in the project. You may have misspelled the package name or provided an invalid glob expression. Note that glob expressions must be defined according to https://www.npmjs.com/package/micromatch.

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation and configuration updates: Quick Start simplified, CONTRIBUTING expanded with local development setup and prerequisites, and apps/studio.giselles.ai/.env.example reorganized to move GitHub App and Postgres-related entries and add new security/feature flags and Langfuse variables.

Changes

Cohort / File(s)	Summary
Contributor & Quick Start Docs CONTRIBUTING.md, README.md	Added a detailed Development environment setup (prerequisites, clone/install, env, DB setup, migrations, dev run). Simplified Quick Start to reference CONTRIBUTING and a single dev command.
App environment example apps/studio.giselles.ai/.env.example	Reorganized .env example into required vs optional sections; added TOKEN_ENCRYPTION_KEY, CRON_SECRET, DEVELOPER_FLAG, FLAGS_SECRET, GTM_ID, LANGFUSE_* vars; removed deprecated OPENAI and legacy Postgres blocks and some dev-only GitHub App lines.
Change log / manifest .continuity/20260303-120000-main.md	Documentation entry summarizing the above updates and formatting validation noted.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I nibble docs and tidy strings,

env keys gleam like little things.
Quick Start trimmed, CONTRIBUTING sings,
Migrations ready, and dev joy brings.
Hooray — a hop for setup wings! 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: improving local development setup documentation across README, CONTRIBUTING.md, and .env.example files.
Description check	✅ Passed	The description comprehensively covers all template sections: Summary explains the key fixes and changes, Testing includes a detailed test plan checklist, and Other Information provides context and risk assessment.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch docs/improve-local-dev-setup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/studio.giselles.ai/.env.example`:
- Around line 12-16: Reorder the dotenv keys to satisfy dotenv-linter by
arranging the GITHUB_APP_* entries alphabetically; replace the current block
(GITHUB_APP_ID, GITHUB_APP_PRIVATE_KEY, GITHUB_APP_CLIENT_ID,
GITHUB_APP_CLIENT_SECRET, GITHUB_APP_WEBHOOK_SECRET) with the alphabetized
sequence: GITHUB_APP_CLIENT_ID, GITHUB_APP_CLIENT_SECRET, GITHUB_APP_ID,
GITHUB_APP_PRIVATE_KEY, GITHUB_APP_WEBHOOK_SECRET so the linter passes.
- Around line 18-30: The OPENAI_API_KEY declaration currently sits above the
"Optional" block and contradicts the comment that "At least one AI provider API
key is needed"; either move the OPENAI_API_KEY line into the optional providers
section alongside ANTHROPIC_API_KEY and GOOGLE_AI_API_KEY or update the header
comment to explicitly state OpenAI is required; update the surrounding comments
so they consistently reflect the chosen behavior and ensure OPENAI_API_KEY,
ANTHROPIC_API_KEY and GOOGLE_AI_API_KEY are grouped with matching explanatory
text.

In `@CONTRIBUTING.md`:
- Around line 64-67: Replace the inconsistent npx command in the CONTRIBUTING.md
snippet: find the exact text "npx drizzle-kit push" and change it to "pnpm exec
drizzle-kit push" so the migration step uses the project's pnpm toolchain and
matches other setup commands; ensure spacing and surrounding lines (the cd
commands) remain unchanged.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f1cf8e2 and 1279858.

📒 Files selected for processing (4)

• .continuity/20260303-120000-main.md
• CONTRIBUTING.md
• README.md
• apps/studio.giselles.ai/.env.example

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix dotenv key ordering to satisfy current linter rule.

dotenv-linter flagged the GitHub App key order. If lint is CI-gated, this can fail checks; reorder keys per rule.

🧰 Tools

🪛 dotenv-linter (4.0.0)

[warning] 14-14: [UnorderedKey] The GITHUB_APP_CLIENT_ID key should go before the GITHUB_APP_ID key

(UnorderedKey)

---

[warning] 15-15: [UnorderedKey] The GITHUB_APP_CLIENT_SECRET key should go before the GITHUB_APP_ID key

(UnorderedKey)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/studio.giselles.ai/.env.example` around lines 12 - 16, Reorder the
dotenv keys to satisfy dotenv-linter by arranging the GITHUB_APP_* entries
alphabetically; replace the current block (GITHUB_APP_ID,
GITHUB_APP_PRIVATE_KEY, GITHUB_APP_CLIENT_ID, GITHUB_APP_CLIENT_SECRET,
GITHUB_APP_WEBHOOK_SECRET) with the alphabetized sequence: GITHUB_APP_CLIENT_ID,
GITHUB_APP_CLIENT_SECRET, GITHUB_APP_ID, GITHUB_APP_PRIVATE_KEY,
GITHUB_APP_WEBHOOK_SECRET so the linter passes.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

OPENAI_API_KEY placement conflicts with “at least one provider” requirement.

This currently reads as “OpenAI is required,” while the comment says any single provider key is enough. Move OPENAI_API_KEY to the optional provider block (or explicitly document OpenAI-only requirement).

Suggested `.env.example` adjustment

-# At least one AI provider API key is needed to use text generation
-# OpenAI API https://openai.com/index/openai-api/
-# `@see` https://platform.openai.com/docs/quickstart
-OPENAI_API_KEY=
+# At least one AI provider API key is needed to use text generation

 # ==============================================================================
 # Optional — features will degrade gracefully without these
 # ==============================================================================

 # Additional AI providers
-# ANTHROPIC_API_KEY=
-# GOOGLE_AI_API_KEY=
+# OPENAI_API_KEY=
+# ANTHROPIC_API_KEY=
+# GOOGLE_AI_API_KEY=

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# At least one AI provider API key is needed to use text generation
	# OpenAI API https://openai.com/index/openai-api/
	# @see https://platform.openai.com/docs/quickstart
	OPENAI_API_KEY=
	# ==============================================================================
	# Optional — features will degrade gracefully without these
	# ==============================================================================
	# Additional AI providers
	# ANTHROPIC_API_KEY=
	# GOOGLE_AI_API_KEY=
	# At least one AI provider API key is needed to use text generation
	# ==============================================================================
	# Optional — features will degrade gracefully without these
	# ==============================================================================
	# Additional AI providers
	# OPENAI_API_KEY=
	# ANTHROPIC_API_KEY=
	# GOOGLE_AI_API_KEY=

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/studio.giselles.ai/.env.example` around lines 18 - 30, The
OPENAI_API_KEY declaration currently sits above the "Optional" block and
contradicts the comment that "At least one AI provider API key is needed";
either move the OPENAI_API_KEY line into the optional providers section
alongside ANTHROPIC_API_KEY and GOOGLE_AI_API_KEY or update the header comment
to explicitly state OpenAI is required; update the surrounding comments so they
consistently reflect the chosen behavior and ensure OPENAI_API_KEY,
ANTHROPIC_API_KEY and GOOGLE_AI_API_KEY are grouped with matching explanatory
text.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# 1. Check package.json for drizzle scripts and dependencies
echo "=== Checking package.json for drizzle-related scripts ==="
rg -n 'drizzle|scripts' package.json -A 5 -B 5 | head -100

# 2. Verify drizzle-kit is in pnpm-lock.yaml
echo -e "\n=== Checking pnpm-lock.yaml for drizzle-kit ==="
rg -n 'drizzle-kit' pnpm-lock.yaml | head -10

# 3. View exact content of CONTRIBUTING.md around lines 64-67
echo -e "\n=== CONTRIBUTING.md lines 60-70 ==="
sed -n '60,70p' CONTRIBUTING.md

Repository: giselles-ai/giselle

Length of output: 2042

---

🏁 Script executed:

#!/bin/bash
# 4. Search for other drizzle-kit usage in the codebase
echo "=== Searching for drizzle-kit usage patterns ==="
rg -n 'drizzle-kit' --type md --type ts --type tsx --type js --type json -C 2

# 5. Check if there's a workspace or app-specific package.json
echo -e "\n=== Checking apps/studio.giselles.ai/package.json ==="
if [ -f apps/studio.giselles.ai/package.json ]; then
  rg -n '"scripts"|drizzle' apps/studio.giselles.ai/package.json -A 3 -B 3
fi

Repository: giselles-ai/giselle

Length of output: 849

---

🏁 Script executed:

#!/bin/bash
# Check for other npx usages in CONTRIBUTING.md to see if pattern is consistent
echo "=== Searching for 'npx' in CONTRIBUTING.md ==="
rg -n 'npx' CONTRIBUTING.md

# Check full scripts section in apps/studio.giselles.ai/package.json
echo -e "\n=== Full scripts section in apps/studio.giselles.ai/package.json ==="
sed -n '9,30p' apps/studio.giselles.ai/package.json

Repository: giselles-ai/giselle

Length of output: 955

---

Use pnpm exec for database migrations in setup docs.

The documentation at line 66 uses npx drizzle-kit push, which is inconsistent with the project's pnpm-exclusive toolchain (as specified in packageManager: "pnpm@10.16.0"). Update to pnpm exec drizzle-kit push to align with project standards and all other setup commands.

Suggested docs change

 cd apps/studio.giselles.ai
-npx drizzle-kit push
+pnpm exec drizzle-kit push
 cd ../..

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CONTRIBUTING.md` around lines 64 - 67, Replace the inconsistent npx command
in the CONTRIBUTING.md snippet: find the exact text "npx drizzle-kit push" and
change it to "pnpm exec drizzle-kit push" so the migration step uses the
project's pnpm toolchain and matches other setup commands; ensure spacing and
surrounding lines (the cd commands) remain unchanged.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 12798587fe

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Move COOKIE_SECRET out of optional env section

Labeling the rest of this file as optional is misleading for COOKIE_SECRET: if a developer follows this guidance and leaves it empty, authenticated pages will crash because getGiselleSession() calls getCookie(), and lib/signed-cookie.ts hard-fails with invariant(SECRET, "COOKIE_SECRET is not set"). This is not graceful degradation; it blocks normal logged-in flows (for example, paths that call fetchCurrentTeam() in the main app UI), so COOKIE_SECRET should be documented as required alongside the other boot-time essentials.

Useful? React with 👍 / 👎.

[giselles-ai]

🔍 QA Testing Assistant by Giselle

📋 Manual QA Checklist

Based on the changes in this PR, here are the key areas to test manually:

• Documentation Review: Verify the clarity, accuracy, and formatting of the updated README.md and CONTRIBUTING.md files, specifically focusing on the local development setup instructions.
• Environment File Validation: Confirm that apps/studio.giselles.ai/.env.example is correctly structured with clear "Required" and "Optional" sections, and that critical boot-time variables are in the "Required" section.
• End-to-End Setup (Fresh Clone): On a fresh clone, follow the new documentation step-by-step to set up the project from scratch, ensuring pnpm install completes without errors.
• Environment Variable Configuration: Test the process of creating and populating .env.local for apps/studio.giselles.ai, ensuring all required variables are present and uncommented.
• Database Setup Verification: Execute the specified drizzle-kit push commands on a fresh PostgreSQL database and confirm they complete successfully.
• Development Server Startup: Run pnpm dev:studio.giselles.ai and confirm the server starts without errors, especially those related to missing environment variables.
• Application Loading: After server startup, navigate to http://localhost:3000 and verify that the Giselle studio application loads successfully.

✨ Prompt for AI Agents

Use the following prompts with Cursor or Claude Code to automate E2E testing:

📝 E2E Test Generation Prompt

## 🤖 Prompt for AI Agent: Create E2E Startup Validation Tests

You are an expert QA engineer using Playwright. Your task is to write a new test suite that validates the application's startup behavior based on the environment variable requirements outlined in the updated documentation.

These are not traditional UI interaction tests. Instead, you will write tests that attempt to start the development server under different environment variable configurations and assert the outcome (successful start or specific failure).

### 1. Context Summary

*   **PR Description:** The pull request updates documentation to clarify the local development setup. It specifies that `POSTGRES_URL` and a full set of `GITHUB_APP_*` variables are **required** for the application to start.
*   **Key User Flow Affected:** The "new contributor setup" flow. We are testing the first crucial step: starting the development server (`pnpm dev:studio.giselles.ai`).
*   **Critical Path:** The application's boot-up sequence. The tests must verify that the server starts successfully when all required environment variables are present and fails with expected errors when they are missing.

### 2. Test Scenarios

Create a new test file (`tests/startup.spec.ts`) containing the following scenarios. Use the `@startup` tag for all tests in this file. **Important:** These tests modify and depend on a shared resource (port 3000), so they must be configured to run serially.

*   **Happy Path (Smoke Test):**
    *   **Scenario:** The application starts successfully when all required environment variables are provided.
    *   **Given:** A valid `POSTGRES_URL`, `GITHUB_APP_ID`, `GITHUB_APP_PRIVATE_KEY`, `GITHUB_APP_CLIENT_ID`, `GITHUB_APP_CLIENT_SECRET`, `GITHUB_APP_WEBHOOK_SECRET`, and at least one AI provider key (e.g., `OPENAI_API_KEY`) are set.
    *   **When:** The `pnpm dev:studio.giselles.ai` command is executed.
    *   **Then:**
        *   The process should not exit prematurely.
        *   The standard output should contain a success message (e.g., "ready - started server on", "event - compiled successfully").
        *   A Playwright `page.goto('http://localhost:3000')` call should succeed.
        *   The page title should be correct ("Giselle" or similar).

*   **Negative Scenarios (Startup Failures):**
    *   **Scenario 1:** The application fails to start if `POSTGRES_URL` is missing.
        *   **Given:** All required variables are set **except** `POSTGRES_URL`.
        *   **When:** The `pnpm dev:studio.giselles.ai` command is executed.
        *   **Then:**
            *   The process should exit with a non-zero exit code.
            *   The standard error output should contain a message indicating that `POSTGRES_URL` is required.

    *   **Scenario 2:** The application fails to start if a required GitHub App variable is missing.
        *   **Given:** All required variables are set **except** one of the `GITHUB_APP_*` variables (e.g., `GITHUB_APP_ID`).
        *   **When:** The `pnpm dev:studio.giselles.ai` command is executed.
        *   **Then:**
            *   The process should exit with a non-zero exit code.
            *   The standard error output should contain an error message related to invalid or missing GitHub App configuration. (The exact message might be a Zod validation error or a custom error).

### 3. Playwright Implementation Instructions

Since these tests involve controlling a child process (the dev server), use Node.js's `child_process` module within your Playwright tests.

*   **Test Structure:**
    *   Use `test.describe('Application Startup Validation', () => { ... });`.
    *   Configure the suite to run in serial mode: `test.describe.configure({ mode: 'serial' });`.
    *   Use a `beforeAll` or `beforeEach` to define the base set of required environment variables.
    *   Use a `afterEach` hook to ensure the child process is always killed, preventing orphaned processes.

*   **Implementation Details:**
    *   Import `spawn` from `child_process`.
    *   In each test, create a custom `env` object by cloning `process.env` and adding/removing the variables for that specific scenario.
    *   Spawn the dev server process. Use `pnpm` as the command and `['dev:studio.giselles.ai']` as the arguments. Pass the custom `env` object.
    *   Listen to the `stdout`, `stderr`, and `exit` events of the child process to make your assertions.

*   **Code Example (for the happy path):**

```typescript
import { test, expect, Page } from '@playwright/test';
import { spawn, ChildProcess } from 'child_process';

test.describe('Application Startup Validation', () => {
  // These tests manipulate the dev server, they MUST run serially.
  test.describe.configure({ mode: 'serial' });

  let serverProcess: ChildProcess;
  
  // Ensure the server process is killed after each test
  test.afterEach(() => {
    if (serverProcess) {
      serverProcess.kill();
    }
  });

  test('should start successfully with all required env vars @startup', async ({ page }) => {
    const requiredEnv = {
      ...process.env,
      POSTGRES_URL: 'postgres://user:pass@localhost:5432/test-db', // Use a test-specific value
      GITHUB_APP_ID: 'test_id',
      GITHUB_APP_PRIVATE_KEY: 'test_key',
      GITHUB_APP_CLIENT_ID: 'test_client_id',
      GITHUB_APP_CLIENT_SECRET: 'test_client_secret',
      GITHUB_APP_WEBHOOK_SECRET: 'test_webhook_secret',
      OPENAI_API_KEY: 'test_openai_key',
    };

    const serverReadyPromise = new Promise<void>((resolve, reject) => {
      serverProcess = spawn('pnpm', ['dev:studio.giselles.ai'], { env: requiredEnv });

      serverProcess.stdout?.on('data', (data: Buffer) => {
        const output = data.toString();
        // Look for the Next.js server ready message
        if (output.includes('ready - started server on') || output.includes('event - compiled successfully')) {
          resolve();
        }
      });
      
      serverProcess.stderr?.on('data', (data: Buffer) => {
        console.error(`Server stderr: ${data.toString()}`);
      });
      
      serverProcess.on('exit', (code) => {
        if (code !== 0) {
          reject(new Error(`Server process exited with code ${code}`));
        }
      });
    });

    await expect(serverReadyPromise).toPass({ timeout: 60000 }); // Wait for server to be ready

    await page.goto('http://localhost:3000');
    await expect(page).toHaveTitle(/Giselle/);
  });

  // ... implement negative test cases similarly ...
  // For negative tests, you will listen for the 'exit' event and check stderr.
});

• For Negative Tests:
  • Do not wait for a "ready" message. Instead, wrap the process spawning in a Promise that resolves with the stderr content and exit code.
  • Assert that the exit code is non-zero.
  • Assert that the captured stderr includes() the expected error text.

4. MCP Integration Guidelines

• Command: The tests should be executable via the standard Playwright MCP command.
• Targeting: Because we've used the @startup tag, these specific tests can be run in isolation with:

  pnpm mcp playwright:test -- --grep "@startup"

• Environment: The tests manage their own environment variables for the child process, so no special environment setup is needed for the test runner itself.

5. CI-Ready Code Requirements

• Organization: Place the new tests in a dedicated file: tests/startup.spec.ts.
• Naming Conventions: Use clear, descriptive names for tests as outlined in the scenarios (e.g., should fail to start if POSTGRES_URL is missing).
• Error Handling: The implementation must be robust. Crucially, use an afterEach hook to kill() the server process. This prevents orphaned processes from causing failures in subsequent CI steps or other tests.
• Parallelization: Explicitly disable parallelization for this test suite using test.describe.configure({ mode: 'serial' }); as shown in the example. This is non-negotiable.

</details>

<!--

Additional template variables:

- {{PR\_TITLE}}: The title of the pull request

- {{CHANGED\_FILES}}: List of modified files

- {{PR\_DESCRIPTION}}: PR description content

- {{DIFF\_SUMMARY}}: Summary of code changes

-->

---

[Copilot]

Pull request overview

This PR updates contributor-facing documentation to reduce “surprise” setup failures when running the Studio app locally, by making prerequisites explicit and providing a clearer end-to-end setup path.

Changes:

• Reworks README.md Quick Start commands to match the current monorepo scripts and points readers to full setup docs.
• Adds a step-by-step local development setup guide to CONTRIBUTING.md (prereqs, env vars, DB setup, migrations, dev server).
• Reorganizes apps/studio.giselles.ai/.env.example into clearer Required vs Optional sections and promotes GitHub App credentials to the required set.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.

File	Description
apps/studio.giselles.ai/.env.example	Reorganizes env vars into Required/Optional blocks and promotes core variables.
README.md	Updates Quick Start commands and calls out prerequisites + link to CONTRIBUTING setup guide.
CONTRIBUTING.md	Adds a numbered local dev setup guide with prerequisites, env vars, DB + migrations.
.continuity/20260303-120000-main.md	Adds a continuity ledger entry describing intent/decisions for this doc-focused change.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The file declares “Required — the app will not start without these”, but COOKIE_SECRET is not included in the required section even though core request paths call signed-cookie (which hard-throws if COOKIE_SECRET is unset). Please move COOKIE_SECRET into the Required section (and keep the later entry consistent) so new contributors don’t miss it.

[Copilot]

The suggested Google/other provider env var names don’t match what the code reads. For embeddings, the code checks GOOGLE_GENERATIVE_AI_API_KEY (not GOOGLE_AI_API_KEY) and also uses COHERE_API_KEY for Cohere profiles. Please update these names in .env.example (and consider adding AI_GATEWAY_API_KEY as an optional entry since it’s referenced as well).

Suggested change

	# GOOGLE_AI_API_KEY=
	# GOOGLE_GENERATIVE_AI_API_KEY=
	# COHERE_API_KEY=
	# AI_GATEWAY_API_KEY=

[Copilot]

The note says to edit .env.local, but the Quick Start creates apps/studio.giselles.ai/.env.local. Please point to the full path to avoid contributors editing/creating a root-level .env.local by mistake.

Suggested change

	> **Note**: You need Node.js 24+, pnpm 10+, PostgreSQL, a GitHub App, and at least one AI provider API key. Edit `.env.local` before starting — see [CONTRIBUTING.md](CONTRIBUTING.md#development-environment-setup) for full setup instructions.
	> **Note**: You need Node.js 24+, pnpm 10+, PostgreSQL, a GitHub App, and at least one AI provider API key. Edit `apps/studio.giselles.ai/.env.local` before starting — see [CONTRIBUTING.md](CONTRIBUTING.md#development-environment-setup) for full setup instructions.

[Copilot]

This “required variables” list is missing COOKIE_SECRET, which is required for signed session cookies (signed-cookie hard-throws when it’s unset). Please include it in the required variables table so local setup doesn’t fail at runtime.

Suggested change

	| `GITHUB_APP_ID` | Your GitHub App's ID |
	| `GITHUB_APP_PRIVATE_KEY` | Your GitHub App's private key (PEM format) |
	| `GITHUB_APP_CLIENT_ID` | Your GitHub App's client ID |
	| `GITHUB_APP_CLIENT_SECRET` | Your GitHub App's client secret |
	| `GITHUB_APP_WEBHOOK_SECRET` | Your GitHub App's webhook secret |
	| `COOKIE_SECRET` | Secret used to sign session cookies (required for signed-cookie) |
	| `GITHUB_APP_ID` | Your GitHub App's ID |
	| `GITHUB_APP_PRIVATE_KEY` | Your GitHub App's private key (PEM format) |
	| `GITHUB_APP_CLIENT_ID` | Your GitHub App's client ID |
	| `GITHUB_APP_CLIENT_SECRET` | Your GitHub App's client secret |
	| `GITHUB_APP_WEBHOOK_SECRET` | Your GitHub App's webhook secret |

[Copilot]

The Google provider env var name here (GOOGLE_AI_API_KEY) doesn’t match what the codebase expects for Gemini embeddings (GOOGLE_GENERATIVE_AI_API_KEY). Please update the variable name (and consider mentioning COHERE_API_KEY if Cohere embedding profiles are used locally).

Suggested change

	| `GOOGLE_AI_API_KEY` | Google AI |
	| `GOOGLE_GENERATIVE_AI_API_KEY` | Google AI (Gemini) |
	| `COHERE_API_KEY` | Cohere |

[Copilot]

GITHUB_APP_PRIVATE_KEY is described as “PEM format”, but .env.local typically can’t safely store a raw multi-line PEM without converting newlines (e.g., replacing line breaks with \n). Consider adding a short note about the expected formatting so new contributors don’t paste a multi-line key that dotenv parses incorrectly.

Suggested change

	| `GITHUB_APP_PRIVATE_KEY` | Your GitHub App's private key (PEM format) |
	| `GITHUB_APP_PRIVATE_KEY` | Your GitHub App's private key in PEM format, with line breaks replaced by `\n` so it fits on a single line in `.env.local` |

[coderabbitai]

♻️ Duplicate comments (1)

CONTRIBUTING.md (1)

64-68: ⚠️ Potential issue | 🟡 Minor

Use pnpm exec for consistency with project toolchain.

Line 66 uses npx drizzle-kit push, which is inconsistent with the project's pnpm-exclusive package manager. All other commands in this guide use pnpm, and the project specifies packageManager: "pnpm@10.16.0".

Suggested fix

 cd apps/studio.giselles.ai
-npx drizzle-kit push
+pnpm exec drizzle-kit push
 cd ../..

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CONTRIBUTING.md` around lines 64 - 68, Replace the inconsistent use of npx in
the CONTRIBUTING.md snippet: change the command that currently runs "npx
drizzle-kit push" to use the project's pnpm toolchain, e.g., run "pnpm exec
drizzle-kit push" so it aligns with the packageManager and other docs; update
the line referencing "npx drizzle-kit push" accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@CONTRIBUTING.md`:
- Around line 64-68: Replace the inconsistent use of npx in the CONTRIBUTING.md
snippet: change the command that currently runs "npx drizzle-kit push" to use
the project's pnpm toolchain, e.g., run "pnpm exec drizzle-kit push" so it
aligns with the packageManager and other docs; update the line referencing "npx
drizzle-kit push" accordingly.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1279858 and 18a92cb.

📒 Files selected for processing (1)

• CONTRIBUTING.md