chore: fix telemetry env var for publish CI

[ymc9]

Summary by CodeRabbit

• Chores

  • Added global environment settings to the release workflow to standardize telemetry and enable default opt-out across all release jobs.
  • Reworked test tooling: removed legacy workspace/base test configs and introduced a new multi-package test configuration to centralize test discovery.

• Tests

  • Two CLI test suites have been skipped in CI due to timeout concerns.

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Telemetry Environment Variable Fix

Todo List:

• Read the modified workflow file
• Analyze changes for code quality and best practices
• Check for potential bugs or security issues
• Provide comprehensive review feedback

Review Summary

The changes look good and address a clear need for telemetry configuration in the publish workflow. Here's my analysis:

✅ Positive Aspects

1. Clear Intent: Adding telemetry environment variables at the global workflow level ensures consistent configuration across all jobs.

2. Proper Secret Handling: Using ${{ secrets.TELEMETRY_TRACKING_TOKEN }} follows GitHub Actions security best practices for sensitive data.

3. Privacy Consideration: Setting DO_NOT_TRACK: '1' provides a privacy-conscious default, which is good practice for CI/CD environments.

📋 Code Quality & Best Practices

• Placement: ✅ Correctly placed at the workflow level (lines 8-10) making these variables available to all jobs
• Syntax: ✅ Proper YAML formatting and GitHub Actions syntax
• Naming: ✅ Clear, descriptive environment variable names

🔒 Security Considerations

• Secret Management: ✅ Properly uses GitHub Secrets for the tracking token
• Exposure Risk: ✅ Low risk - the DO_NOT_TRACK variable is safe to expose, and the token is properly masked
• Scope: ✅ Variables are scoped appropriately at the workflow level

🐛 Potential Issues

Minor Consideration: The workflow doesn't validate if TELEMETRY_TRACKING_TOKEN secret exists. If the secret is missing, the environment variable will be empty, but this is likely acceptable behavior for telemetry (graceful degradation).

🚀 Performance Impact

• Minimal Impact: Adding environment variables has negligible performance overhead
• No Additional Dependencies: No new actions or steps that would slow down the workflow

🧪 Test Coverage

• Limited Testing: Environment variables in CI workflows are typically tested through actual workflow execution
• Recommendation: Consider running a test workflow or monitoring the next release to ensure telemetry works as expected

📝 Minor Suggestions

1. Documentation: Consider adding a comment above the env block explaining the purpose:

   # Telemetry configuration for package publishing
   env:
       TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
       DO_NOT_TRACK: '1'

2. Secret Documentation: Ensure the TELEMETRY_TRACKING_TOKEN secret is documented in your repository's setup guide.

Overall Assessment

This is a clean, straightforward fix that follows GitHub Actions best practices. The changes are minimal, focused, and address the specific need for telemetry configuration in the publish workflow. No blocking issues identified.

Recommendation: ✅ Approve - Ready to merge

[Copilot]

Pull Request Overview

This PR fixes telemetry configuration in the publish release CI workflow by adding proper environment variable settings.

• Adds telemetry tracking token from secrets
• Disables tracking with DO_NOT_TRACK flag

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds workflow-wide env vars to .github/workflows/publish-release.yml, skips two CLI test suites, clears vitest.base.config.ts, removes vitest.workspace.ts and a VSCode workspace setting, and introduces a new vitest.config.ts with project-based test configuration.

Changes

Cohort / File(s)	Change Summary
GitHub Actions workflow env addition .github/workflows/publish-release.yml	Added top-level env with TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }} and DO_NOT_TRACK: '1'; applies to all jobs. No other workflow sections changed.
Tests: skip CLI suites packages/cli/test/init.test.ts, packages/cli/test/migrate.test.ts	Converted describe(...) to describe.skip(...) for both test suites to disable them in CI (comments note timeout). Test bodies unchanged.
Vitest base config cleared vitest.base.config.ts	Removed the file contents, deleting the default exported Vitest config (file becomes empty/no export).
Vitest new project config vitest.config.ts	Added new Vitest config exporting defineConfig({ test: { projects: ['packages/*'] } }).
Vitest workspace removed vitest.workspace.ts	Deleted file that previously exported defineWorkspace(['packages/*']).
VSCode settings updated .vscode/settings.json	Removed vitest.workspaceConfig entry (file changed from { "vitest.workspaceConfig": "./vitest.workspace.ts" } to {}).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: CLI telemetry #220 — Adds the same top-level GitHub Actions env vars (TELEMETRY_TRACKING_TOKEN, DO_NOT_TRACK) to workflows.

Poem

I hop the branch and nibble notes,
Two tests lie quiet in their coats.
A config cleared, a new map drawn,
Env flags set at break of dawn.
Carrot clap — the rabbit's yawn. 🥕🐇

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9cf3169 and 71995aa.

📒 Files selected for processing (1)

• .vscode/settings.json (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .vscode/settings.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-test (20.x)

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/fix-publish-telemetry

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/publish-release.yml (1)

8-10: Resolve telemetry env contradiction and scope secret to the single step that needs it

Setting DO_NOT_TRACK='1' while also exporting TELEMETRY_TRACKING_TOKEN at workflow scope is contradictory and unnecessarily exposes the secret to all steps and 3rd‑party actions. Decide intent and adjust scoping:

Preferred: disable telemetry by default, enable only for the publish step.

• Keep DO_NOT_TRACK='1' at workflow level.
• Remove TELEMETRY_TRACKING_TOKEN from workflow env.
• In the "Publish packages" step, set TELEMETRY_TRACKING_TOKEN and override DO_NOT_TRACK='0'.

Apply this diff:

 name: Publish and Release
@@
-on:
+on:
     workflow_dispatch:
     push:
         branches:
             - main
-env:
-    TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
-    DO_NOT_TRACK: '1'
+env:
+    DO_NOT_TRACK: '1'
@@
             - name: Publish packages
               run: pnpm run publish-all
               env:
                   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+                  TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
+                  DO_NOT_TRACK: '0'

Verification (optional): confirm your tooling actually honors these vars.

#!/bin/bash
# Where are these envs used?
rg -n --hidden -S "DO_NOT_TRACK|TELEMETRY_TRACKING_TOKEN|TELEMETRY|TRACKING|NEXT_TELEMETRY_DISABLED|TURBO_TELEMETRY_DISABLED"

🧹 Nitpick comments (1)

.github/workflows/publish-release.yml (1)

8-10: If telemetry should be fully disabled, remove the token entirely

Alternate path: if the goal is to ensure no tracking during CI, drop the token and keep DO_NOT_TRACK='1'.

-env:
-    TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
-    DO_NOT_TRACK: '1'
+env:
+    DO_NOT_TRACK: '1'

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7d10be5 and b25243b.

📒 Files selected for processing (1)

• .github/workflows/publish-release.yml (1 hunks)

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Telemetry Environment Variable Fix

Todo List:

• Read the modified workflow file
• Analyze test file changes
• Review vitest configuration changes
• Check for potential bugs or security issues
• Provide comprehensive review feedback

Review Summary

I've analyzed all the changes in this PR. Here's my comprehensive review:

🚨 Critical Issue: Contradictory Telemetry Configuration

File: .github/workflows/publish-release.yml:8-10

The most significant issue is the contradictory telemetry configuration:

env:
    TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
    DO_NOT_TRACK: '1'

Problem: Setting both a tracking token AND DO_NOT_TRACK: '1' creates conflicting signals. If tracking should be disabled, the token is unnecessary and potentially wasteful of secret resources.

Recommendations:

1. If telemetry should be disabled entirely: Remove TELEMETRY_TRACKING_TOKEN and keep only DO_NOT_TRACK: '1'
2. If telemetry should be enabled for publishing: Remove DO_NOT_TRACK: '1' and keep only the token
3. If selective tracking is needed: Move the token to the specific "Publish packages" step and override DO_NOT_TRACK: '0' there

✅ Positive Aspects

Workflow Changes

• Proper secret handling: Uses GitHub Secrets correctly for sensitive data
• Global scope: Environment variables are appropriately placed at workflow level
• Clean syntax: Proper YAML formatting

Test Configuration Changes

• Simplified config: The vitest configuration changes streamline the test setup
• Project discovery: Using projects: ['packages/*'] is a clean approach for monorepo testing

📋 Other Findings

Test File Changes (packages/cli/test/init.test.ts)

• Status: The test remains skipped due to CI timeout issues
• Impact: No functional changes, just formatting/import adjustments
• Recommendation: Consider investigating and fixing the underlying timeout issue in a future PR

Security Considerations

• Secret exposure: ✅ Secrets are properly masked and not exposed
• Scope limitation: ⚠️ The tracking token is exposed to all steps and third-party actions unnecessarily

Performance Impact

• Minimal overhead: Environment variable additions have negligible performance impact
• Build process: No changes to build steps or dependencies

🔧 Specific Recommendations

Option 1: Disable Telemetry (Recommended)

env:
    DO_NOT_TRACK: '1'

Option 2: Enable Telemetry for Publishing Only

env:
    DO_NOT_TRACK: '1'

# Then in the "Publish packages" step:
- name: Publish packages
  run: pnpm run publish-all
  env:
      NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
      TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
      DO_NOT_TRACK: '0'

Option 3: Enable Telemetry Globally

env:
    TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}

📊 Risk Assessment

• High: Contradictory configuration may lead to unpredictable behavior
• Medium: Unnecessary secret exposure to all workflow steps
• Low: Performance and functional impact

🎯 Overall Recommendation

Action Required: Resolve the telemetry configuration contradiction before merging. The current setup sends mixed signals and may not work as intended.

Choose one of the three options above based on your telemetry requirements. I recommend Option 1 (disable telemetry) for CI environments unless there's a specific need for tracking publish metrics.

---

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/cli/test/init.test.ts (1)

7-8: Skip only on CI to keep the suite running locally

Avoid blanket skipping so regressions are still caught locally. Use conditional skipping, which Vitest supports via describe.skipIf / describe.runIf.

-// skipping due to timeout during CI
-describe.skip('Cli init command tests', () => {
+// skip in CI only; keep running locally
+describe.skipIf(!!process.env.CI)('Cli init command tests', () => {

Refs: Vitest API for describe.skipIf / runIf. (vitest.dev, v2.vitest.dev)

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b25243b and 41c5b4f.

📒 Files selected for processing (4)

• packages/cli/test/init.test.ts (1 hunks)
• vitest.base.config.ts (0 hunks)
• vitest.config.ts (1 hunks)
• vitest.workspace.ts (0 hunks)

💤 Files with no reviewable changes (2)

• vitest.base.config.ts
• vitest.workspace.ts

🧰 Additional context used

📓 Path-based instructions (1)

{packages,samples,tests}/**

📄 CodeRabbit inference engine (CLAUDE.md)

Packages are located in packages/, samples/, and tests/

Files:

• packages/cli/test/init.test.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-test (20.x)

🔇 Additional comments (1)

vitest.config.ts (1)

1-7: Migration to test.projects looks correct

Using test.projects is the recommended approach in Vitest ≥3.2; workspace is deprecated. This config shape aligns with current docs.

Refs: Vitest “Test Projects” guide. (vitest.dev)

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Telemetry Environment Variable Fix

Todo List:

• Read and analyze all changed files
• Review GitHub Actions workflow changes
• Analyze vitest configuration restructuring
• Examine test file modifications
• Provide comprehensive code review feedback
• Post final review summary

---

Comprehensive Code Review

🚨 Critical Issue: Contradictory Telemetry Configuration

File: .github/workflows/publish-release.yml:9-10

env:
    TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
    DO_NOT_TRACK: '1'

Problem: This is the most significant issue in the PR. Setting both a telemetry tracking token AND DO_NOT_TRACK: '1' creates contradictory signals that could lead to unpredictable behavior. This configuration essentially says "here's a token to track telemetry" while simultaneously saying "don't track anything."

Security Risk: The tracking token is unnecessarily exposed to all workflow steps and third-party actions when it may not be needed if tracking is disabled.

Recommendations:

1. Option 1 - Disable telemetry globally (Recommended for CI):

   env:
       DO_NOT_TRACK: '1'

2. Option 2 - Enable telemetry only for publishing:

   env:
       DO_NOT_TRACK: '1'
   
   # Then in the "Publish packages" step:
   - name: Publish packages
     run: pnpm run publish-all
     env:
         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
         DO_NOT_TRACK: '0'

3. Option 3 - Enable telemetry globally:

   env:
       TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}

⚠️ Additional Issues Found

VSCode Configuration Drift

File: .vscode/settings.json:2

The VSCode settings still reference the deleted vitest.workspace.ts file:

{
    "vitest.workspaceConfig": "./vitest.workspace.ts"
}

Impact: This will cause VSCode Vitest extension errors since the referenced file no longer exists.

Fix: Update to reference the new config or remove if the extension can auto-discover:

{
    "vitest.workspaceConfig": "./vitest.config.ts"
}

Test Coverage Regression

Files: packages/cli/test/init.test.ts:8, packages/cli/test/migrate.test.ts:13

Both critical CLI test suites are completely skipped due to CI timeout issues. This represents a significant regression in test coverage for core functionality.

Impact:

• No testing of CLI init commands
• No testing of migration commands
• Potential for undetected regressions in core CLI features

Recommendations:

1. Investigate timeout root cause rather than blanket skipping
2. Use conditional skipping to maintain local testing:

   describe.skipIf(!!process.env.CI)('CLI init command tests', () => {

3. Consider test optimization - break large tests into smaller, faster units

✅ Positive Aspects

Vitest Configuration Modernization

Files: vitest.config.ts, deleted vitest.base.config.ts, vitest.workspace.ts

• Clean migration: Properly migrated from deprecated defineWorkspace to modern test.projects configuration
• Simplified setup: Single config file is cleaner than the previous multi-file setup
• Version compatibility: The repo uses Vitest ^3.2.4, so the new configuration is fully supported

GitHub Actions Best Practices

• Proper secret handling: Uses GitHub Secrets correctly (despite the contradictory config issue)
• Appropriate scope: Environment variables are correctly placed at workflow level

📊 Technical Assessment

Code Quality: ⚠️ Needs Improvement

• Contradictory configuration is a major code quality issue
• Configuration drift between actual and referenced files

Security: ⚠️ Medium Risk

• Unnecessary secret exposure to all workflow steps
• No validation if secrets exist (though this is acceptable for telemetry)

Performance: ✅ Good

• Minimal overhead from environment variables
• Vitest config changes don't impact performance

Best Practices: ⚠️ Mixed

• ✅ Good: Modern Vitest configuration, proper YAML formatting
• ❌ Bad: Contradictory telemetry setup, skipped critical tests

Test Coverage: ❌ Regression

• Complete removal of CLI init and migrate tests
• No alternative testing strategy provided

🎯 Priority Recommendations

1. HIGH: Resolve telemetry configuration contradiction
2. HIGH: Fix VSCode settings reference to deleted file
3. MEDIUM: Address skipped test suites with proper investigation
4. LOW: Consider adding documentation comment for telemetry configuration

🔍 Files Requiring Changes

1. .github/workflows/publish-release.yml - Fix contradictory telemetry config
2. .vscode/settings.json - Update vitest.workspaceConfig reference
3. Consider reverting test skipping and investigating timeout issues

Overall Assessment: While the vitest configuration changes are solid, the telemetry configuration issue is a blocking concern that needs resolution before merge.

---

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/cli/test/migrate.test.ts (1)

12-13: Make test suite skips conditional on CI, don’t permanently disable

• In packages/cli/test/migrate.test.ts, replace the hard describe.skip('CLI migrate commands test', …) with a CI-gated skip (e.g.

  const inCI = process.env.CI === 'true' || process.env.CI === '1';
  const d = inCI ? describe.skip : describe;
  d('CLI migrate commands test', () => { … });

  ) and consider raising the per-test timeout.
• In packages/cli/test/init.test.ts, apply the same CI‐gated skip for the describe.skip('Cli init command tests', …) suite.

Optionally open a follow-up issue to re-enable both suites once CI is stable.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 41c5b4f and 9cf3169.

📒 Files selected for processing (1)

• packages/cli/test/migrate.test.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

{packages,samples,tests}/**

📄 CodeRabbit inference engine (CLAUDE.md)

Packages are located in packages/, samples/, and tests/

Files:

• packages/cli/test/migrate.test.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-test (20.x)
• GitHub Check: claude-review

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Telemetry Environment Variable Fix

Todo List:

• Read and analyze all changed files
• Review GitHub Actions workflow changes
• Analyze vitest configuration restructuring
• Examine test file modifications
• Provide comprehensive code review feedback
• Post final review summary

---

Comprehensive Code Review

🚨 Critical Issue: Contradictory Telemetry Configuration

File: .github/workflows/publish-release.yml:9-10

env:
    TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
    DO_NOT_TRACK: '1'

Problem: This is the most significant issue in the PR. Setting both a telemetry tracking token AND DO_NOT_TRACK: '1' creates contradictory signals that could lead to unpredictable behavior. This configuration essentially says "here's a token to track telemetry" while simultaneously saying "don't track anything."

Security Risk: The tracking token is unnecessarily exposed to all workflow steps and third-party actions when it may not be needed if tracking is disabled.

Recommendations:

1. Option 1 - Disable telemetry globally (Recommended for CI):

   env:
       DO_NOT_TRACK: '1'

2. Option 2 - Enable telemetry only for publishing:

   env:
       DO_NOT_TRACK: '1'
   
   # Then in the "Publish packages" step:
   - name: Publish packages
     run: pnpm run publish-all
     env:
         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
         DO_NOT_TRACK: '0'

3. Option 3 - Enable telemetry globally:

   env:
       TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}

⚠️ Additional Issues Found

VSCode Configuration Drift

File: .vscode/settings.json:2

The VSCode settings still reference the deleted vitest.workspace.ts file:

{
    "vitest.workspaceConfig": "./vitest.workspace.ts"
}

Impact: This will cause VSCode Vitest extension errors since the referenced file no longer exists.

Fix: Update to reference the new config or remove if the extension can auto-discover:

{
    "vitest.workspaceConfig": "./vitest.config.ts"
}

Test Coverage Regression

Files: packages/cli/test/init.test.ts:8, packages/cli/test/migrate.test.ts:13

Both critical CLI test suites are completely skipped due to CI timeout issues. This represents a significant regression in test coverage for core functionality.

Impact:

• No testing of CLI init commands
• No testing of migration commands
• Potential for undetected regressions in core CLI features

Recommendations:

1. Investigate timeout root cause rather than blanket skipping
2. Use conditional skipping to maintain local testing:

   describe.skipIf(!!process.env.CI)('CLI init command tests', () => {

3. Consider test optimization - break large tests into smaller, faster units

✅ Positive Aspects

Vitest Configuration Modernization

Files: vitest.config.ts, deleted vitest.base.config.ts, vitest.workspace.ts

• Clean migration: Properly migrated from deprecated defineWorkspace to modern test.projects configuration
• Simplified setup: Single config file is cleaner than the previous multi-file setup
• Version compatibility: The repo uses Vitest ^3.2.4, so the new configuration is fully supported

GitHub Actions Best Practices

• Proper secret handling: Uses GitHub Secrets correctly (despite the contradictory config issue)
• Appropriate scope: Environment variables are correctly placed at workflow level

📊 Technical Assessment

Code Quality: ⚠️ Needs Improvement

• Contradictory configuration is a major code quality issue
• Configuration drift between actual and referenced files

Security: ⚠️ Medium Risk

• Unnecessary secret exposure to all workflow steps
• No validation if secrets exist (though this is acceptable for telemetry)

Performance: ✅ Good

• Minimal overhead from environment variables
• Vitest config changes don't impact performance

Best Practices: ⚠️ Mixed

• ✅ Good: Modern Vitest configuration, proper YAML formatting
• ❌ Bad: Contradictory telemetry setup, skipped critical tests

Test Coverage: ❌ Regression

• Complete removal of CLI init and migrate tests
• No alternative testing strategy provided

🎯 Priority Recommendations

1. HIGH: Resolve telemetry configuration contradiction
2. HIGH: Fix VSCode settings reference to deleted file
3. MEDIUM: Address skipped test suites with proper investigation
4. LOW: Consider adding documentation comment for telemetry configuration

🔍 Files Requiring Changes

1. .github/workflows/publish-release.yml - Fix contradictory telemetry config
2. .vscode/settings.json - Update vitest.workspaceConfig reference
3. Consider reverting test skipping and investigating timeout issues

Overall Assessment: While the vitest configuration changes are solid, the telemetry configuration issue is a blocking concern that needs resolution before merge.

---