chore: drift-check generated artifacts in CI

[mmorerasanchez]

Summary

• Build already runs in CI; this adds a git diff --exit-code gate immediately after so a forgotten rebuild can't ship a stale registry.json, public/r/, tokens/design-tokens.json, or skill/democrito/ to the published registry.
• DESIGN.md is excluded — stamp-design-date.mjs rewrites its date on every build, so diffing it would permanently fail CI after the commit day.
• Failures surface as a GitHub Actions ::error:: annotation in the PR UI with a clear remediation message.

Test plan

• CI on this PR passes (committed artifacts match what the build just regenerated — diff is clean)
• To confirm the gate fires: edit registry.json locally without rebuilding, push a commit — the drift-check step should fail with ::error::Generated artifacts are stale

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Enhanced CI quality checks to ensure generated artifacts remain committed and up-to-date, preventing drift in build outputs.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new step is added to the existing CI quality job that runs git diff --exit-code against four generated output paths (registry.json, public/r, tokens/design-tokens.json, skill/democrito). If any uncommitted differences are detected, the workflow emits an ::error:: message and fails.

Changes

CI Artifact Drift Check

Layer / File(s)	Summary
Artifact drift check step .github/workflows/ci.yml	Adds a step that runs git diff --exit-code on generated artifact paths and fails the workflow with an error message instructing to run npm run build and commit the outputs if drift is found.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A rabbit checks the generated files,
No drifting outputs allowed in these aisles!
git diff runs swift with an exit code true,
Commit your artifacts before pushing through.
🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'chore: drift-check generated artifacts in CI' accurately and concisely describes the main change: adding a drift-check mechanism to the CI pipeline to verify generated artifacts are committed and up-to-date.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/registry-drift-check

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 32-33: The git diff command used in the drift gate check ignores
untracked files, allowing new generated artifacts to bypass the validation.
Enhance the check by adding a test for untracked files in the monitored
directories (registry.json, public/r, tokens/design-tokens.json,
skill/democrito) using a command like git ls-files --others --exclude-standard
to detect any new files that haven't been committed, and fail the check if
untracked files are found alongside the existing git diff check.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b481beb9-1858-43a6-8ab7-7cf90472fc00

📥 Commits

Reviewing files that changed from the base of the PR and between cdaa425 and be39ca2.

📒 Files selected for processing (1)

• .github/workflows/ci.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Untracked generated files can bypass this drift gate.

Line 32 uses git diff --exit-code, which ignores untracked files. If the build creates a new artifact (for example, a new file under public/r/) and it isn’t committed, this check can still pass.

Suggested hardening

       - name: Check generated artifacts are committed (no drift)
         run: |
-          git diff --exit-code -- registry.json "public/r" tokens/design-tokens.json skill/democrito \
+          git diff --exit-code -- registry.json "public/r" tokens/design-tokens.json skill/democrito && \
+          test -z "$(git ls-files --others --exclude-standard -- public/r skill/democrito)" \
             || (echo "::error::Generated artifacts are stale — run 'npm run build' and commit the result." && exit 1)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	git diff --exit-code -- registry.json "public/r" tokens/design-tokens.json skill/democrito \
	|| (echo "::error::Generated artifacts are stale — run 'npm run build' and commit the result." && exit 1)
	git diff --exit-code -- registry.json "public/r" tokens/design-tokens.json skill/democrito && \
	test -z "$(git ls-files --others --exclude-standard -- public/r skill/democrito)" \
	|| (echo "::error::Generated artifacts are stale — run 'npm run build' and commit the result." && exit 1)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 32 - 33, The git diff command used in
the drift gate check ignores untracked files, allowing new generated artifacts
to bypass the validation. Enhance the check by adding a test for untracked files
in the monitored directories (registry.json, public/r,
tokens/design-tokens.json, skill/democrito) using a command like git ls-files
--others --exclude-standard to detect any new files that haven't been committed,
and fail the check if untracked files are found alongside the existing git diff
check.