chore: update dependencies and add Claude skills config

[shuhuiluo]

Update Bun runtime (1.3.3 → 1.3.5) and project dependencies including Towns Protocol SDK (0.0.427 → 0.0.453), drizzle-orm (0.44.7 → 0.45.1), viem (2.40.3 → 2.43.5), and ESLint/TypeScript tooling.

Add .claude/settings.json with Towns skills plugin enabled.

Summary by CodeRabbit

• Chores
  • Version updated to 1.0.1
  • Upgraded multiple runtime dependencies to latest compatible versions for improved compatibility and stability
  • Updated development tooling across linting, code formatting, and TypeScript support packages
  • Enhanced configuration to enable additional plugin support

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The pull request updates project version from 1.0.0 to 1.0.1 in package.json, bumps the Bun tooling version from 1.3.3 to 1.3.5 in the .bun-version file, and adds a new configuration file at .claude/settings.json to enable the towns@towns-skills plugin. Additionally, multiple runtime and development dependencies are upgraded to newer patch and minor versions across the project without structural or script changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: dependency updates and addition of Claude skills configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @package.json:
- Around line 21-56: package.json was updated but bun.lock was not regenerated;
run bun install to update the lockfile and commit the updated bun.lock so
dependencies are properly pinned (after pulling latest branch, run bun install,
verify bun.lock changes, run your test/CI commands, then include bun.lock in the
commit alongside the package.json changes).

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1430e51 and 9b734ae.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• .bun-version
• .claude/settings.json
• package.json

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: shuhuiluo
Repo: HereNotThere/bot-github PR: 26
File: src/github-app/app.ts:1-3
Timestamp: 2025-11-17T23:50:17.552Z
Learning: The HereNotThere/bot-github project uses Bun as its package manager, with dependencies locked in bun.lock rather than package-lock.json.

📚 Learning: 2025-11-17T23:50:17.552Z

Learnt from: shuhuiluo
Repo: HereNotThere/bot-github PR: 26
File: src/github-app/app.ts:1-3
Timestamp: 2025-11-17T23:50:17.552Z
Learning: The HereNotThere/bot-github project uses Bun as its package manager, with dependencies locked in bun.lock rather than package-lock.json.

Applied to files:

• package.json

📚 Learning: 2025-11-25T03:24:12.463Z

Learnt from: CR
Repo: HereNotThere/bot-github PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T03:24:12.463Z
Learning: Applies to **/*.ts : Include required environment variables: APP_PRIVATE_DATA (bot credentials) and JWT_SECRET (webhook security token)

Applied to files:

• package.json

🔇 Additional comments (3)

.claude/settings.json (1)

1-5: LGTM!

The configuration format is valid and correctly enables the Towns skills plugin, which aligns with the project's use of the Towns Protocol SDK.

package.json (2)

3-3: LGTM!

The patch version bump from 1.0.0 to 1.0.1 is appropriate for a dependency update release.

---

33-33: Codebase is already using Zod 4.3.5 and has minimal exposure to breaking changes.

The listed breaking changes (error customization, object/function/record schema redesigns, default value logic) are not reflected in the actual codebase. Analysis found:

• Only .refine() usage (1 instance in src/types/events-api.ts:42)—remains functional in v4
• Basic z.number() calls—unaffected by v4 changes
• The .default() calls found are Drizzle ORM database schema syntax, not Zod

No evidence of usage for:

• z.function(), z.record(), custom error maps, string format validators (.email(), .uuid())

If the codebase was recently upgraded to v4, verify the test suite passes. Otherwise, no action needed.