chore: promote bootstrap baseline to main

[seonghobae]

Summary

• promote the reviewed bootstrap baseline from develop to the protected main release branch
• carry repository governance, Code Security, dependency review, SBOM, release, i18n, and desktop/app skeleton baselines into the release branch
• keep CodeRabbit and the required GitHub checks as the enforced merge gate for main

Verification

• required checks on develop passed before creating this release PR
• branch protection on main requires CodeRabbit, ci / build-and-test, dependency-review, security-audit, CodeQL, sbom, release-preflight, gate / build / windows, and gate / build / macos

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 34536667-330b-412c-859a-db86146e0e7d

📥 Commits

Reviewing files that changed from the base of the PR and between 7901e3a and d77d678.

⛔ Files ignored due to path filters (9)

• apps/desktop/src-tauri/Cargo.lock is excluded by !**/*.lock
• apps/desktop/src-tauri/icons/128x128.png is excluded by !**/*.png
• apps/desktop/src-tauri/icons/256x256.png is excluded by !**/*.png
• apps/desktop/src-tauri/icons/32x32.png is excluded by !**/*.png
• apps/desktop/src-tauri/icons/512x512.png is excluded by !**/*.png
• apps/desktop/src-tauri/icons/icon.ico is excluded by !**/*.ico
• apps/desktop/src-tauri/icons/icon.png is excluded by !**/*.png
• package-lock.json is excluded by !**/package-lock.json
• services/analysis-engine/uv.lock is excluded by !**/*.lock

📒 Files selected for processing (98)

• .editorconfig
• .gitattributes
• .github/CODEOWNERS
• .github/ISSUE_TEMPLATE/bug_report.yml
• .github/ISSUE_TEMPLATE/config.yml
• .github/ISSUE_TEMPLATE/feature_request.yml
• .github/PULL_REQUEST_TEMPLATE.md
• .github/dependabot.yml
• .github/workflows/build-baseline.yml
• .github/workflows/ci.yml
• .github/workflows/codeql.yml
• .github/workflows/dependency-review.yml
• .github/workflows/release.yml
• .github/workflows/sbom.yml
• .github/workflows/secret-scan-gate.yml
• .github/workflows/security-audit.yml
• .gitignore
• AGENTS.md
• ARCHITECTURE.md
• CODE_OF_CONDUCT.md
• CONTRIBUTING.md
• LICENSE
• README.md
• SECURITY.md
• apps/desktop/index.html
• apps/desktop/package.json
• apps/desktop/src-tauri/Cargo.toml
• apps/desktop/src-tauri/build.rs
• apps/desktop/src-tauri/icons/icon.icns
• apps/desktop/src-tauri/src/main.rs
• apps/desktop/src-tauri/tauri.conf.json
• apps/desktop/src/App.test.tsx
• apps/desktop/src/App.tsx
• apps/desktop/src/env.d.ts
• apps/desktop/src/features/chords/index.tsx
• apps/desktop/src/features/home/index.tsx
• apps/desktop/src/features/player/index.tsx
• apps/desktop/src/features/ranges/index.tsx
• apps/desktop/src/features/settings/index.tsx
• apps/desktop/src/i18n/index.ts
• apps/desktop/src/locales/en/common.json
• apps/desktop/src/locales/ko/common.json
• apps/desktop/src/main.tsx
• apps/desktop/src/setupTests.ts
• apps/desktop/tsconfig.json
• apps/desktop/tsconfig.test.json
• apps/desktop/tsconfig.tools.json
• apps/desktop/vite.config.ts
• docs/architecture/overview.md
• docs/brand-story.md
• docs/i18n/i18n-policy.md
• docs/plans/2026-03-10-bandscope-cross-platform-build-design.md
• docs/plans/2026-03-10-bandscope-cross-platform-build.md
• docs/plans/2026-03-10-bandscope-harness-design.md
• docs/plans/2026-03-10-bandscope-harness.md
• docs/plans/2026-03-10-bandscope-supply-chain-design.md
• docs/plans/2026-03-10-bandscope-supply-chain.md
• docs/release/release-policy.md
• docs/repository/bootstrap-plan.md
• docs/repository/gitflow.md
• docs/repository/governance.md
• docs/security/app-security.md
• docs/security/code-security.md
• docs/security/cross-platform-build-policy.md
• docs/security/dependency-policy.md
• docs/security/github-required-checks.md
• docs/security/sbom-policy.md
• docs/workflow/github-bootstrap-execution-policy.md
• eslint.config.js
• package.json
• packages/shared-config/eslint/base.mjs
• packages/shared-config/typescript/base.json
• packages/shared-types/package.json
• packages/shared-types/src/index.ts
• packages/shared-types/test/index.test.ts
• packages/shared-types/tsconfig.json
• packages/shared-types/tsconfig.test.json
• packages/shared-types/vitest.config.ts
• pyproject.toml
• scripts/checks/check_rust.sh
• scripts/checks/security_gates.py
• scripts/checks/verify_docs.py
• scripts/checks/verify_github_bootstrap_policy.py
• scripts/checks/verify_security_notes.py
• scripts/checks/verify_supply_chain.py
• scripts/harness/quickcheck.sh
• scripts/release/package_desktop_artifact.py
• services/analysis-engine/pyproject.toml
• services/analysis-engine/src/bandscope_analysis/__init__.py
• services/analysis-engine/src/bandscope_analysis/api.py
• services/analysis-engine/src/bandscope_analysis/chords/__init__.py
• services/analysis-engine/src/bandscope_analysis/health.py
• services/analysis-engine/src/bandscope_analysis/ranges/__init__.py
• services/analysis-engine/src/bandscope_analysis/separation/__init__.py
• services/analysis-engine/tests/test_api.py
• services/analysis-engine/tests/test_health.py
• supply-chain/supplemental-component-inventory.json
• tsconfig.base.json

Cache: Disabled due to Reviews > Disable Cache setting

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

---

📝 Walkthrough

Summary by CodeRabbit

릴리스 노트

• 새로운 기능

  • 데스크톱 뮤직 분석 애플리케이션 (React + Tauri 기반)
  • 한국어/영어 다국어 지원
  • Python 기반 분석 엔진
  • 공유 타입 정의 라이브러리

• 문서

  • 아키텍처, 보안, 공급망 보안 정책 추가
  • 기여 가이드 및 릴리스 정책 수립
  • 브랜드 스토리 및 설계 문서 작성

• 인프라 및 도구

  • GitHub Actions 자동화 워크플로우 구성
  • 의존성 관리 및 보안 감사 체계 구축
  • 개발 도구 및 검증 스크립트 설정

워크스루

BandScope 프로젝트의 초기 저장소 부트스트랩을 구성합니다. 프로젝트 구조(모노레포), 거버넌스 및 보안 정책, GitHub 워크플로우, 데스크톱 앱(React/Tauri), 공유 타입 패키지, Python 분석 엔진 서비스, 그리고 다양한 검증 및 배포 스크립트를 추가합니다.

변경사항

코호트 / 파일	요약
프로젝트 구성 .editorconfig, .gitattributes, .gitignore, tsconfig.base.json	에디터/Git 설정 및 TypeScript 기본 설정을 정의하여 일관된 코드 스타일을 적용합니다.
GitHub 구성 .github/CODEOWNERS, .github/ISSUE_TEMPLATE/..., .github/dependabot.yml, .github/workflows/*	코드 소유권 할당, 이슈 템플릿, Dependabot 설정, 그리고 CI/CD 워크플로우(build-baseline, ci, codeql, dependency-review, release, sbom, security-audit, secret-scan-gate)를 구성합니다.
라이선스 및 기본 문서 LICENSE, CODE_OF_CONDUCT.md, README.md	MIT 라이선스, 행동 강령, 프로젝트 개요를 추가합니다.
거버넌스 및 정책 문서 AGENTS.md, ARCHITECTURE.md, CONTRIBUTING.md, SECURITY.md	프로젝트 거버넌스, 아키텍처, 기여 가이드, 보안 정책을 정의합니다.
보안 및 공급망 정책 docs/security/*, docs/plans/2026-03-10-*.md, supply-chain/supplemental-component-inventory.json	상세한 보안 정책(애플리케이션, 코드, 의존성, SBOM, cross-platform build), 공급망 설계, 그리고 보충 인벤토리를 문서화합니다.
저장소 및 워크플로우 정책 docs/repository/*, docs/workflow/github-bootstrap-execution-policy.md	Git 워크플로우, 거버넌스, 부트스트랩 계획, 그리고 실행 정책을 정의합니다.
국제화 및 브랜드 docs/i18n/i18n-policy.md, docs/brand-story.md, docs/architecture/overview.md	i18n 정책, 브랜드 스토리, 아키텍처 개요를 문서화합니다.
루트 패키지 설정 package.json, pyproject.toml	Node.js 모노레포 워크스페이스 및 Python 프로젝트 메타데이터를 구성합니다.
ESLint 및 공유 설정 eslint.config.js, packages/shared-config/eslint/base.mjs, packages/shared-config/typescript/base.json	ESLint 규칙 및 공유 TypeScript 설정을 정의합니다.
공유 타입 패키지 packages/shared-types/package.json, packages/shared-types/src/index.ts, packages/shared-types/test/index.test.ts, packages/shared-types/tsconfig*.json, packages/shared-types/vitest.config.ts	SUPPORTED_AUDIO_FORMATS, ProjectSummary 타입, createDefaultProjectSummary() 함수를 내보내며 100% 코드 커버리지 테스트를 포함합니다.
데스크톱 앱 스캐폴드 apps/desktop/index.html, apps/desktop/package.json, apps/desktop/src/main.tsx, apps/desktop/src/App.tsx, apps/desktop/src/features/*/index.tsx, apps/desktop/src/i18n/index.ts, apps/desktop/src/locales/*/*.json, apps/desktop/src/env.d.ts, apps/desktop/setupTests.ts, apps/desktop/tsconfig*.json, apps/desktop/vite.config.ts, apps/desktop/src/App.test.tsx	React/Tauri 데스크톱 앱(Home, Player, Chords, Ranges, Settings 기능), i18n 지원(영어/한국어), Vite 설정, Vitest 테스트(100% 커버리지)를 구현합니다.
Tauri 데스크톱 네이티브 apps/desktop/src-tauri/Cargo.toml, apps/desktop/src-tauri/build.rs, apps/desktop/src-tauri/src/main.rs, apps/desktop/src-tauri/tauri.conf.json	Tauri 애플리케이션 구성, 빌드 스크립트, 창 설정, CSP를 정의합니다.
분석 엔진 서비스 services/analysis-engine/pyproject.toml, services/analysis-engine/src/bandscope_analysis/__init__.py, services/analysis-engine/src/bandscope_analysis/api.py, services/analysis-engine/src/bandscope_analysis/health.py, services/analysis-engine/src/bandscope_analysis/chords/__init__.py, services/analysis-engine/src/bandscope_analysis/ranges/__init__.py, services/analysis-engine/src/bandscope_analysis/separation/__init__.py, services/analysis-engine/tests/test_*.py	Python 분석 서비스(health report, api, placeholder 모듈 포함) 및 유닛 테스트를 추가합니다.
검증 및 보안 스크립트 scripts/checks/check_rust.sh, scripts/checks/security_gates.py, scripts/checks/verify_docs.py, scripts/checks/verify_github_bootstrap_policy.py, scripts/checks/verify_security_notes.py, scripts/checks/verify_supply_chain.py	Rust 체크, 보안 패턴 검증, 문서 무결성, 부트스트랩 정책, 보안 노트, 공급망 정책을 검증합니다.
통합 및 배포 스크립트 scripts/harness/quickcheck.sh, scripts/release/package_desktop_artifact.py	통합 검증 스크립트 및 데스크톱 아티팩트 패키징 도구를 제공합니다.

코드 리뷰 예상 노력

🎯 4 (복잡) | ⏱️ ~60분

관련 가능성 있는 PR

• chore: bootstrap setup baseline #1: 동일한 저장소 부트스트랩 파일 및 스캐폴딩(editorconfig, gitattributes, GitHub 워크플로우, 데스크톱 앱, shared-types, 검증 스크립트)을 추가합니다.

시

🐰 저장소가 세워지는 걸 봐요,
TypeScript 계약과 Python 엔진이,
React의 춤과 Tauri의 노래로,
보안 정책들이 튼튼한 바탕을,
그리고 열 개의 워크플로우가 심장처럼 뛰어요! ✨

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release/bootstrap-initial

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[seonghobae]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.