chore: add Windows and macOS CI for cross-platform scaffolding tests

[ulises-jeremias]

Summary

Add Windows and macOS CI jobs to test the scaffold command on actual Windows and macOS machines (issue #30).

Changes

• Add cross-platform-scaffold job that runs on windows-latest and macos-latest
• Uses pnpm for consistency
• Creates a test project and verifies it was created successfully

Why

• Issue Project scaffolding not working on Windows #30: Scaffold not working on Windows
• Current CI only runs on Ubuntu
• This will catch platform-specific path handling bugs

Verification

• npm run lint — ✅ passes
• npm run type-check — ✅ passes

[coderabbitai]

Warning

Rate limit exceeded

@ulises-jeremias has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 45 minutes and 41 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 45 minutes and 41 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 800dde69-0e3c-49e6-99f2-07d76c752e88

📥 Commits

Reviewing files that changed from the base of the PR and between 2a7f689 and 6d41b34.

📒 Files selected for processing (2)

• .github/workflows/test.yml
• AGENTS.md

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/add-cross-platform-ci

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
❌ ACTION	actionlint	1		1	0	0.06s
✅ EDITORCONFIG	editorconfig-checker	1		0	0	0.01s
✅ REPOSITORY	gitleaks	yes		no	no	3.79s
✅ REPOSITORY	git_diff	yes		no	no	0.02s
❌ REPOSITORY	osv-scanner	yes		22	no	3.09s
✅ REPOSITORY	secretlint	yes		no	no	1.1s
✅ REPOSITORY	syft	yes		no	no	3.32s
✅ REPOSITORY	trufflehog	yes		no	no	5.25s
❌ SPELL	cspell	2		2	0	3.37s
✅ YAML	prettier	1	0	0	0	0.54s
✅ YAML	v8r	1		0	0	3.56s
✅ YAML	yamllint	1		0	0	0.59s

Detailed Issues

❌ ACTION / actionlint - 1 error

.github/workflows/test.yml:62:9: shellcheck reported issue in this script: SC2086:info:1:50: Double quote to prevent globbing and word splitting [shellcheck]
   |
62 |         run: |
   |         ^~~~

❌ SPELL / cspell - 2 errors

.github/workflows/test.yml:82:22     - Unknown word (mktemp)     -- TEMP_DIR=$(mktemp -d)
	 Suggestions: [mkdtemp, kemp, Kemp, meetup, mate]
.github/workflows/test.yml:87:73     - Unknown word (vite)       -- project --template react-vite --skip-git --skip-install
	 Suggestions: [vibe, vice, vide, vile, vine]
CSpell: Files checked: 2, Issues found: 2 in 1 file.


You can skip this misspellings by defining the following .cspell.json file at the root of your repository
Of course, please correct real typos before :)

{
    "version": "0.2",
    "language": "en",
    "ignorePaths": [
        "**/node_modules/**",
        "**/vscode-extension/**",
        "**/.git/**",
        "**/.pnpm-lock.json",
        ".vscode",
        "package-lock.json",
        "megalinter-reports"
    ],
    "words": [
        "mktemp",
        "vite"
    ]
}


You can also copy-paste megalinter-reports/.cspell.json at the root of your repository

❌ REPOSITORY / osv-scanner - 22 errors

Scanning dir .
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
Starting filesystem walk for root: /
Scanned tools/danger/package-lock.json file and found 161 packages
Scanned package-lock.json file and found 587 packages
End status: 47 dirs visited, 222 inodes visited, 2 Extract calls, 48.709998ms elapsed, 48.710409ms wall time
Filtered 7 local/unscannable package/s from the scan.

Total 17 packages affected by 22 known vulnerabilities (1 Critical, 6 High, 13 Medium, 2 Low, 0 Unknown) from 1 ecosystem.
21 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE                             | VERSION | FIXED VERSION | SOURCE                         |
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+
| https://osv.dev/GHSA-3p68-rc4w-qgx5 | 6.3  | npm       | axios                               | 1.13.6  | 1.15.0        | package-lock.json              |
| https://osv.dev/GHSA-fvcv-3m26-pcqx | 4.8  | npm       | axios                               | 1.13.6  | 1.15.0        | package-lock.json              |
| https://osv.dev/GHSA-f886-m6hf-6m8v | 6.5  | npm       | brace-expansion                     | 2.0.2   | 2.0.3         | package-lock.json              |
| https://osv.dev/GHSA-r4q5-vmmm-2653 | 6.9  | npm       | follow-redirects                    | 1.15.11 | 1.16.0        | package-lock.json              |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch                           | 2.3.1   | 2.3.2         | package-lock.json              |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch                           | 2.3.1   | 2.3.2         | package-lock.json              |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)                     | 4.0.3   | 4.0.4         | package-lock.json              |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)                     | 4.0.3   | 4.0.4         | package-lock.json              |
| https://osv.dev/GHSA-48c2-rrv3-qjmp | 4.3  | npm       | yaml (dev)                          | 2.8.1   | 2.8.3         | package-lock.json              |
| https://osv.dev/GHSA-h5c3-5r3r-rr8q | 5.3  | npm       | @octokit/plugin-paginate-rest (dev) | 2.21.3  | 9.2.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-rmvr-2pp2-xj38 | 5.3  | npm       | @octokit/request (dev)              | 5.6.3   | 8.4.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-xx4v-prfh-6cgc | 5.3  | npm       | @octokit/request-error (dev)        | 2.1.0   | 5.1.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-vpq2-c234-7xj6 | 3.3  | npm       | @tootallnate/once (dev)             | 2.0.0   | 3.0.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-grv7-fg5c-xmjg | 7.5  | npm       | braces (dev)                        | 3.0.2   | 3.0.3         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-fjxv-7rqg-78g4 | 9.4  | npm       | form-data (dev)                     | 4.0.0   | 4.0.4         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-869p-cjfg-cm3x | 7.5  | npm       | jws (dev)                           | 3.2.2   | 3.2.3         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-952p-6rrq-rcjv | 5.3  | npm       | micromatch (dev)                    | 4.0.5   | 4.0.8         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-8g77-54rh-46hx | 8.9  | npm       | parse-git-config (dev)              | 2.0.3   | --            | tools/danger/package-lock.json |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)                     | 2.3.1   | 2.3.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)                     | 2.3.1   | 2.3.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-6rw7-vpxm-498p | 6.3  | npm       | qs (dev)                            | 6.12.0  | 6.14.1        | tools/danger/package-lock.json |
| https://osv.dev/GHSA-w7fw-mjwx-w883 | 3.7  | npm       | qs (dev)                            | 6.12.0  | 6.14.2        | tools/danger/package-lock.json |
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository