ci: add unit and integration test job

[andrmaz]

Summary

Adds CI test orchestration and CodeQL security scanning for pull requests.

Changes

• Add pnpm test (turbo run test) at the repo root
• Configure a test task in turbo.json with dependency on upstream builds
• Add a Unit & Integration Tests job to .github/workflows/ci.yml
  • Runs after lint/typecheck
  • Generates the Prisma client before tests
  • Uses turbo --affected on pull requests; runs the full suite on main
• Remove the failing placeholder test script from packages/db
• Add .github/workflows/codeql.yml for JavaScript/TypeScript CodeQL scanning on PRs

Verification

• pnpm test — 50 tests passed (29 api + 21 shared)
• pnpm test -- --affected — passes with Turbo cache

Notes

• @cortex/api includes NestJS module wiring tests (integration-style) alongside controller unit tests
• Packages without a test script are skipped by Turbo automatically
• CodeQL runs automatically on this PR after the workflow file is pushed; results appear under Security → Code scanning alerts and as a PR check

  

[coderabbitai]

Warning

Review limit reached

@cursor[bot], we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 45 minutes and 37 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9f1a8d00-5ebc-48d3-84ce-dfbcdc4065c3

📥 Commits

Reviewing files that changed from the base of the PR and between 29fc0bf and a119a5a.

📒 Files selected for processing (5)

• .github/workflows/ci.yml
• .github/workflows/codeql.yml
• package.json
• packages/db/package.json
• turbo.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cursor/ci-unit-integration-tests-83c2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[andrmaz]

@cursoragent How can I run CodeQL for the current pull request?

[cursor]

CodeQL was not configured in this repo, so there was nothing to run on PR #24 until now. I added .github/workflows/codeql.yml and pushed it to the branch — CodeQL is already running on the PR (you should see Analyze (javascript-typescript) in the checks).

How to run CodeQL on this PR

1. Automatic (default)

Once the workflow file is on the PR branch, CodeQL runs on every push to that branch. No extra steps needed.

2. Manual re-run

If you want to trigger it again without a new commit:

1. Open the PR → Checks tab, or go to Actions
2. Open the latest CodeQL run for cursor/ci-unit-integration-tests-83c2
3. Click Re-run all jobs

3. Manual dispatch (any branch)

The workflow includes workflow_dispatch:

1. Go to Actions → CodeQL → Run workflow
2. Select branch cursor/ci-unit-integration-tests-83c2
3. Click Run workflow

Where results show up

• PR checks — Analyze (javascript-typescript) in the checks list
• PR conversation — Code scanning annotations on changed lines (if findings exist)
• Security tab — Repository → Security → Code scanning alerts

Prerequisites

CodeQL uploads results to GitHub Code Scanning, which requires:

• Public repos — works on the free tier
• Private repos — needs GitHub Advanced Security enabled for the org/repo

If the job fails with a permissions or security-events error, an org admin may need to enable Code Scanning under Settings → Code security and analysis.

---

The workflow scans JavaScript/TypeScript with build-mode: none (no compile step), uses the security-and-quality query suite, and also runs on pushes to main and weekly on Mondays.