chore: add commitlint configuration and pre-commit hook for enforcing commit message standards

[amondnet]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @amondnet, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new system to enforce commit message standards using commitlint and husky. This ensures all future commits adhere to the Conventional Commits specification, improving the clarity and consistency of the project's commit history. Additionally, a new CONTRIBUTING.md file has been added to provide comprehensive guidelines for contributors.

Highlights

• Enforced Commit Message Standards: Integrates commitlint and husky to automatically validate commit messages against the Conventional Commits specification, ensuring consistency and readability.
• Comprehensive Contribution Guidelines: A new CONTRIBUTING.md file outlines detailed instructions for development setup, commit message conventions, pull request procedures, code style, and testing, making it easier for new contributors to get started.
• Automated Pre-commit Hook: A commit-msg Git hook is set up via Husky, which automatically runs commitlint to check commit messages before they are finalized, preventing non-compliant commits.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Deploy preview for team-scope-test ready!

✅ Preview
https://team-scope-test-127l74r87-dietfriends.vercel.app

Built with commit 3be72f0.
This pull request is being automatically deployed with vercel-action

[github-actions]

Deploy preview for express-basic-auth ready!

✅ Preview
https://express-basic-auth-3qjp957t9-minsu-lees-projects-b1e388b7.vercel.app

Built with commit 3be72f0.
This pull request is being automatically deployed with vercel-action

[gemini-code-assist]

Code Review

This pull request is a great addition, setting up commitlint with husky to enforce conventional commit messages. This will significantly improve the consistency and readability of the project's commit history. I've left a few suggestions to ensure the new setup works correctly and the contribution guidelines are clear for new developers. Specifically, I've pointed out a potential module format issue in the commitlint configuration, a documentation inconsistency regarding the package manager, and a best practice improvement for the husky script. Once these are addressed, this PR will be in excellent shape.

[claude]

Code Review: Commitlint Configuration and Pre-commit Hook

Overview

This PR adds commitlint configuration and pre-commit hooks to enforce conventional commit message standards. The implementation aligns well with the project's AGENTS.md requirements and follows best practices.

✅ Strengths

Code Quality & Best Practices

• Clean configuration: Simple, minimal commitlint config extends conventional config appropriately
• Proper Husky integration: Correctly configured commit-msg hook with proper escape handling
• Comprehensive documentation: Well-written CONTRIBUTING.md with clear examples and guidelines
• Consistent with project standards: Aligns perfectly with AGENTS.md commit convention rules

CI/CD Integration

• Robust CI workflow: Added commitlint job validates both PR titles and individual commits
• Proper dependency management: Dependencies properly separated (dev vs runtime)
• Incremental validation: Smart logic to only validate commits when PR has multiple commits

🔧 Issues & Recommendations

Critical Issues

1. Node.js version inconsistency (.github/workflows/ci.yml lines 20,45,67,89):

   • Commitlint job uses node-version: 22.x
   • Other jobs use node-version: 20
   • Impact: Could cause CI failures if commitlint dependencies require Node 22.x features
   • Fix: Standardize all jobs to use Node.js 22.x to match engines requirement

2. Redundant dependency installation (.github/workflows/ci.yml lines 22-24):

   • Dependencies are already in package.json, no need to install separately
   • Fix: Use pnpm install and leverage existing deps

Minor Issues

3. Empty pre-commit hook (.husky/pre-commit):

   • File exists but is empty - consider removing if unused or documenting intended purpose

4. Minor formatting (AGENTS.md line 84):

   • Trailing whitespace removal is good but consider broader formatting consistency check

🔒 Security Assessment

• No security concerns: All configurations use standard, well-maintained packages
• Safe hook implementation: Husky integration follows security best practices
• No credential exposure: No sensitive data in configuration files

⚡ Performance Considerations

• Minimal impact: Commitlint adds ~1-2 seconds to commit process
• CI efficiency: New job runs in parallel, minimal overhead
• Dependency size: Added dependencies are reasonable for the functionality

🧪 Test Coverage

• No test impact: Changes are purely configuration-based
• CI validation: The CI workflow itself acts as integration testing
• Manual testing recommended: Test commit-msg hook locally before merge

📋 Action Items

1. Fix Node.js version consistency in CI workflow
2. Remove redundant dependency installation in commitlint CI job
3. Consider removing empty pre-commit hook or document its purpose
4. Test the commit-msg hook locally to ensure it works as expected

🎯 Overall Assessment

This is a solid improvement that enhances code quality and consistency. The implementation follows project conventions and best practices. With the Node.js version fix, this PR will provide excellent value for maintaining commit message standards.

Recommendation: Approve after addressing the Node.js version inconsistency issue.

---

Review conducted following CLAUDE.md and AGENTS.md guidelines

[sonarqubecloud]

Quality Gate failed

Failed conditions
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[claude]

🔍 Pull Request Review

Thank you for implementing commitlint to enforce conventional commit standards! This is a valuable addition that will improve project consistency. Here's my comprehensive review:

✅ Positive Aspects

Code Quality & Standards

• Excellent implementation of conventional commits with proper tooling
• Well-structured CI integration that validates both PR titles and commit messages
• Clean configuration using standard @commitlint/config-conventional
• Proper documentation in CONTRIBUTING.md with clear examples and guidelines

Configuration & Setup

• Correct commitlint config using modern ES modules syntax
• Proper Husky integration with commit-msg hook
• Good package.json updates with appropriate dev dependencies

⚠️ Issues & Concerns

Critical Issues

1. Node.js Version Inconsistency (.github/workflows/ci.yml:20 vs ci.yml:45,69,91):

   • Commitlint job uses Node.js 22.x
   • Other jobs use Node.js 20
   • package.json specifies "node": "22.x"
   • Recommendation: Standardize on Node.js 22.x across all jobs or update package.json to match existing jobs

2. Empty pre-commit hook (.husky/pre-commit:1):

   • File exists but is completely empty
   • Security risk: Empty hooks can cause confusion
   • Recommendation: Either add meaningful pre-commit checks or remove the file

3. CI Job Dependencies:

   • Commitlint job runs independently and could pass while other jobs fail
   • Recommendation: Consider adding job dependencies or combining validation steps

Performance Concerns

1. Redundant npm installs in CI:

   • Commitlint job installs dependencies separately from other jobs
   • Recommendation: Use package caching or shared job artifacts

2. CONTRIBUTING.md inconsistencies (CONTRIBUTING.md:8):

   • Instructions mention npm install but project uses pnpm
   • Recommendation: Update to reflect pnpm usage consistently

📋 Minor Improvements

Documentation

• CONTRIBUTING.md could benefit from examples of scope usage
• Consider adding commitlint troubleshooting section

Configuration

• Consider adding custom commitlint rules for project-specific needs
• Husky installation could be documented in setup instructions

🔐 Security Assessment

• No security concerns identified
• All configurations follow best practices
• Dependencies are from trusted sources

🧪 Test Coverage

• Changes don't require additional test coverage
• CI validation provides adequate testing for commit message format

📊 Overall Assessment

This is a solid implementation of commit message standards that follows the project's conventions outlined in AGENTS.md. The core functionality is well-implemented, but there are some consistency issues that should be addressed.

Priority fixes needed:

1. Standardize Node.js versions across CI jobs
2. Handle empty pre-commit hook
3. Update documentation to reflect pnpm usage

Recommendation: ✅ Approve with requested changes

The benefits of enforcing conventional commits outweigh the minor issues, which can be addressed in follow-up PRs.