Add monorepo socket.dev pointers

[scosman]

Summary by CodeRabbit

• Chores
  • Added configuration to automatically trigger processes on updates to critical dependency files.

[gemini-code-assist]

Code Review

This pull request introduces a socket.yml configuration file to define trigger paths for dependency tracking. The reviewer suggested using glob patterns for the manifest files to improve maintainability and ensure automatic tracking of new projects within the monorepo.

[gemini-code-assist]

For better maintainability in a monorepo, it's advisable to use glob patterns to automatically discover dependency manifest files. This ensures that if new projects are added in the future, their dependencies will be automatically tracked by Socket.dev without needing to update this configuration file.

  - "**/package-lock.json"
  - "**/pyproject.toml"

[coderabbitai]

📝 Walkthrough

Walkthrough

A new socket.yml configuration file is added to define version 2 settings with trigger paths. The configuration specifies that changes to app/web_ui/package-lock.json and pyproject.toml should act as trigger paths for workflows or processes.

Changes

Cohort / File(s)	Summary
Socket Configuration socket.yml	New configuration file defining version 2 with trigger paths for app/web_ui/package-lock.json and pyproject.toml.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Hop, hop, hooray! A socket config takes flight,
With trigger paths now set just right,
Version two hops into place,
Dependencies tracked with grace,
Our little yml makes workflows run bright! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	No pull request description was provided. The required template sections including 'What does this PR do?', 'Related Issues', CLA confirmation, and checklists are all missing.	Add a complete pull request description following the template, including explanation of changes, related issue links, CLA confirmation, and test verification checklist.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add monorepo socket.dev pointers' directly describes the main change: adding socket.yml configuration for socket.dev integration in a monorepo context.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch scosman/socket_dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📊 Coverage Report

Overall Coverage: 91%

Diff: origin/main...HEAD

No lines with coverage information in this diff.

---

• 📊 HTML Coverage Report - Interactive coverage report
• 📈 Diff Coverage Report - Detailed diff analysis
• Github Actions Run - View the full coverage report

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@socket.yml`:
- Around line 2-4: Update the triggerPaths list in socket.yml to include the
additional project dependency files so changes to those subprojects will trigger
workflows; specifically add "app/desktop/pyproject.toml",
"libs/core/pyproject.toml", and "libs/server/pyproject.toml" alongside the
existing "app/web_ui/package-lock.json" and "pyproject.toml" entries in the
triggerPaths array.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ddd65b97-75ae-424e-b19b-df52876d59df

📥 Commits

Reviewing files that changed from the base of the PR and between 3bf27aa and 34913dd.

📒 Files selected for processing (1)

• socket.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Find all dependency files in the repository to ensure complete coverage.

echo "=== JavaScript dependency files ==="
fd -t f 'package-lock.json|package.json|yarn.lock|pnpm-lock.yaml'

echo -e "\n=== Python dependency files ==="
fd -t f 'pyproject.toml|poetry.lock|requirements.*.txt|Pipfile.lock|setup.py'

echo -e "\n=== Verify the specified paths exist ==="
if [ -f "app/web_ui/package-lock.json" ]; then
  echo "✓ app/web_ui/package-lock.json exists"
else
  echo "✗ app/web_ui/package-lock.json NOT FOUND"
fi

if [ -f "pyproject.toml" ]; then
  echo "✓ pyproject.toml exists"
else
  echo "✗ pyproject.toml NOT FOUND"
fi

Repository: Kiln-AI/Kiln

Length of output: 375

---

Consider monitoring dependency files in subdirectory projects.

The current configuration includes the root pyproject.toml and app/web_ui/package-lock.json. However, the repository contains three additional Python projects with their own pyproject.toml files:

• app/desktop/pyproject.toml
• libs/core/pyproject.toml
• libs/server/pyproject.toml

If these are managed independently, add them to triggerPaths to ensure changes to their dependencies also trigger workflow runs:

triggerPaths:
  - "app/web_ui/package-lock.json"
  - "app/desktop/pyproject.toml"
  - "libs/core/pyproject.toml"
  - "libs/server/pyproject.toml"
  - "pyproject.toml"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@socket.yml` around lines 2 - 4, Update the triggerPaths list in socket.yml to
include the additional project dependency files so changes to those subprojects
will trigger workflows; specifically add "app/desktop/pyproject.toml",
"libs/core/pyproject.toml", and "libs/server/pyproject.toml" alongside the
existing "app/web_ui/package-lock.json" and "pyproject.toml" entries in the
triggerPaths array.