chore: Enhance security, CI stability, and dashboard features

[yacosta738]

This pull request introduces several improvements across documentation, CI workflows, and project skills, with a focus on enhanced frontend design guidance, security scanning, and workflow reliability. The most notable changes are the addition of a comprehensive "frontend-design" skill, documentation and workflow updates for Snyk security scanning, improved Docker publishing documentation, and reliability fixes in commit message checks and Renovate automation.

Documentation and Skills

• Added a new frontend-design skill in .agents/skills/frontend-design/SKILL.md, providing detailed best practices and decision rules for building production-grade frontend UIs that avoid generic AI patterns. This includes when to use the skill, critical design patterns, code examples, and command-line tips.
• Registered the frontend-design skill in .agents/AGENTS.md for discoverability and usage guidance.

Security and CI Enhancements

• Documented the new snyk-security.yml workflow in .github/workflows/README.md, outlining its purpose, triggers, and steps for running Snyk Code, Open Source, Container, and IaC scans, with SARIF uploads for GitHub Code Scanning. [1] [2]
• Added the Snyk workflow to the workflow summary table for visibility.

Docker Publishing and Workflow Updates

• Updated the publishing workflow documentation to clarify that both runtime and dashboard Docker images are built and published, and improved step descriptions for clarity.
• Pinned Docker-related GitHub Actions to specific commit SHAs in _publish.yml for improved security and reproducibility. [1] [2]

Automation and Reliability Fixes

• Improved the commit message check script (check-commit-msg.sh) to use more robust Bash idioms and ensure error messages are sent to stderr.
• Enhanced the Renovate fix workflow (fix-renovate.yml) by adding a step to re-validate the PR head SHA before performing write actions, preventing race conditions and ensuring that automation only acts on the correct commit. Also updated the push command to use HEAD for accuracy. [1] [2]

Changelog and Journal Updates

• Updated .agents/journal/scribe-journal.md with detailed entries for recent documentation audits, asset/link fixes, and coverage configuration, ensuring a clear record of project improvements and validation steps. [1] [2]

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (2)

• main
• develop

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8e33bac4-79ef-4d03-b89b-4bb82454bf72

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric	Description	Value	Threshold	Status
PR Merge Rate	PRs merged vs closed	88%	>= 30%	✅
Repo Quality	Repos with ≥100 stars	0	>= 0	✅
Positive Reactions	Positive reactions received	9	>= 1	✅
Negative Reactions	Negative reactions received	0	<= 5	✅
Account Age	GitHub account age	3054 days	>= 30 days	✅
Activity Consistency	Regular activity over time	108%	>= 0%	✅
Issue Engagement	Issues with community engagement	0	>= 0	✅
Code Reviews	Code reviews given to others	398	>= 0	✅
Merger Diversity	Unique maintainers who merged PRs	2	>= 0	✅
Repo History Merge Rate	Merge rate in this repo	91%	>= 0%	✅
Repo History Min PRs	Previous PRs in this repo	135	>= 0	✅
Profile Completeness	Profile richness (bio, followers)	90	>= 0	✅
Suspicious Patterns	Spam-like activity detection	1	N/A	❌

---

_{Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-03-09 to 2026-03-09}

[sonarqubecloud]

Quality Gate failed

Failed conditions
76.8% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud