fix: add ShellCheck enforcement to CI code-quality workflow (t135.6)

[marcusquinn]

Summary

• Add ShellCheck lint step to the framework-validation job in code-quality.yml
• Enforces error-severity ShellCheck violations that fail the CI build
• Iterates all git-tracked .sh files with gcc output format for clear error reporting
• Mark t135.6 subtasks as complete in TODO.md (t135.6.1/t135.6.2 were done in PR fix: repair corrupted JSON configs and add CI validation #423)

Context

Task t135.6: Fix CI workflow code-quality.yml issues

Subtask status:

• t135.6.1 (.agent typo fix) - completed in PR fix: repair corrupted JSON configs and add CI validation #423
• t135.6.2 (non-existent dir refs) - completed in PR fix: repair corrupted JSON configs and add CI validation #423
• t135.6.3 (enforcement steps) - JSON validation added in PR fix: repair corrupted JSON configs and add CI validation #423, ShellCheck enforcement added in this PR

Design Decisions

• Uses -S error severity (catches critical issues like syntax errors, unreachable code)
• Does not enforce warning/info/style levels yet to avoid blocking on existing code
• ShellCheck is pre-installed on ubuntu-latest runners, no extra setup needed
• Uses gcc output format for machine-readable error locations

Summary by CodeRabbit

• Chores
  • Enhanced code quality validation in the development pipeline with automated shell script linting.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Added a ShellCheck linting step to the Code Quality workflow that validates all tracked shell scripts. The step iterates through shell files, executes ShellCheck with error-level severity, logs per-file results, counts failures, and returns appropriate exit codes to enforce quality gates.

Changes

Cohort / File(s)	Summary
CI Workflow Enhancement .github/workflows/code-quality.yml	Added ShellCheck validation step that scans all tracked *.sh files with error-level severity, reports individual results, aggregates failures, and exits with appropriate status codes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• chore: improve linter thresholds and fix preflight issues #62: Directly related—updates shell scripts with ShellCheck disable directives and explicit exits, adjusting thresholds to align with this PR's new CI linting enforcement.

Poem

🐚 ShellCheck enters the pipeline's gate,
Scanning scripts with error-level weight,
No more mishaps in the shell script dance,
Quality assured at every glance! ✨

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/t135.6

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the project's continuous integration quality gates by introducing mandatory ShellCheck analysis for all shell scripts. This proactive measure aims to catch critical scripting errors early in the development cycle, thereby enhancing the overall reliability and maintainability of the codebase. Concurrently, it brings the project's task documentation up-to-date by marking several completed maintenance and bug-fixing items.

Highlights

• CI Workflow Enhancement: ShellCheck enforcement has been integrated into the framework-validation job within the code-quality.yml CI workflow. This step will now lint all git-tracked .sh files.
• Error Severity Enforcement: The CI build will now fail for ShellCheck violations of 'error' severity. Lower severities (warning, info, style) are not enforced at this time to avoid blocking on existing code.
• Output Format: ShellCheck output is configured to use the gcc format, providing clear and machine-readable error reporting.
• Task Tracking Updates: The TODO.md file has been updated to mark several tasks as complete, including t139 (memory-helper.sh bugfix), t135.6.1, t135.6.2, t135.6.3 (CI workflow fixes), and t135.14 (shebang standardization).

Changelog

• TODO.md
  • Marked task t139 (bug: memory-helper.sh recall fails on hyphenated queries) as completed.
  • Marked subtask t135.6.1 (Fix .agent typo to .agents on line 31) as completed, noting it was done in PR fix: repair corrupted JSON configs and add CI validation #423.
  • Marked subtask t135.6.2 (Fix references to non-existent .agents/spec and docs/) as completed, noting it was done in PR fix: repair corrupted JSON configs and add CI validation #423.
  • Marked subtask t135.6.3 (Add enforcement steps (shellcheck, json validation) that fail the build) as completed.
  • Marked task t135.14 (Standardize shebangs to #!/usr/bin/env bash) as completed.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/code-quality.yml

Activity

• The author has provided a comprehensive summary of the changes, their context, and design decisions within the pull request description.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates TODO.md to mark several tasks as complete. The changes are consistent with the file's established format and accurately reflect the progress mentioned in the pull request description. The primary change of adding ShellCheck enforcement to the code-quality.yml workflow was not included in the provided file patches, so a review of that implementation was not possible. Based on the available changes, there are no issues to report.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 25 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Sat Feb 7 15:33:41 UTC 2026: Code review monitoring started
Sat Feb 7 15:33:42 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 25
Sat Feb 7 15:33:42 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Sat Feb 7 15:33:44 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 25
• VULNERABILITIES: 0

Generated on: Sat Feb 7 15:33:47 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud