fix: reduce CodeQL noise from tests and harden scan findings

[RtlZeroMemory]

Summary

• exclude test-only paths from CodeQL analysis for JS/TS and Rust
• harden scripts/run-tests.mjs --filter to use literal substring matching instead of raw regex input
• replace the trailing-zero cleanup regex in constraint helpers with a linear trim path and add a regression test

Validation

• npm run lint
• npm run typecheck
• npm run build
• node scripts/run-tests.mjs --scope packages --filter "compositionWidgets"
• node scripts/run-tests.mjs --scope scripts --filter "check-core-portability"

Notes

• the current open alerts on main were concentrated in test paths, but there were also two non-test alerts in scripts/run-tests.mjs and packages/core/src/constraints/helpers.ts; this PR addresses both.

Summary by CodeRabbit

• Documentation

  • Clarified --filter flag behavior to match literal substrings in test file paths rather than regex patterns
  • Expanded testing guidance with examples covering integration, regression, snapshot/visual stability, and responsive behavior across viewports

• Tests

  • Added test coverage for numeric constraint formatting with exponent inputs

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 368d129b-dffd-49cc-b910-2ce35ffbfcb2

📥 Commits

Reviewing files that changed from the base of the PR and between ea6ecca and f9b5576.

📒 Files selected for processing (7)

• .github/codeql/codeql-config.yml
• .github/workflows/codeql.yml
• docs/dev/testing.md
• docs/guide/testing.md
• packages/core/src/constraints/helpers.ts
• packages/core/src/widgets/__tests__/compositionWidgets.test.ts
• scripts/run-tests.mjs

---

📝 Walkthrough

Walkthrough

This pull request establishes CodeQL analysis configuration by introducing a new configuration file that excludes test-related paths, updates the CodeQL workflow to use this configuration, clarifies documentation about test filtering behavior, refactors numeric formatting logic into a helper function, adds test coverage for exponent formatting, and modifies the test script to perform literal substring matching for the --filter flag.

Changes

Cohort / File(s)	Summary
CodeQL Configuration .github/codeql/codeql-config.yml, .github/workflows/codeql.yml	Introduces new CodeQL config file that excludes test files and directories via path-ignore patterns; workflow updated to reference this config for JavaScript/TypeScript and Rust analysis steps.
Documentation Updates docs/dev/testing.md, docs/guide/testing.md	Clarifies that --filter flag performs literal substring matching (not regex); extends testing guidance with additional scope examples (integration, regression, snapshot/visual, responsive).
Numeric Formatting Refactor packages/core/src/constraints/helpers.ts	Extracts trailing zero trimming logic into new trimTrailingZerosAfterDecimal() helper function; formatDslNumber() now delegates to this helper for consistency.
Test Coverage packages/core/src/widgets/__tests__/compositionWidgets.test.ts	Adds test case verifying exponent formatting with clamp constraints produces properly trimmed decimal output.
Test Script Update scripts/run-tests.mjs	Implements escapeRegExpLiteral() helper and updates filter matching to treat --filter argument as a literal substring rather than raw regex pattern.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• RtlZeroMemory/Rezi#262: Modifies CodeQL workflow configuration (enables result uploads), complementing this PR's custom config-file addition.

Poem

🐰 A config unfolds, test paths hidden away,
Helpers trim zeros with care every day,
Filters match strings, no regex tricks here,
Documentation shines bright, crystal clear!
With tests newly added, the codebase takes flight. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main objectives: reducing CodeQL noise by excluding tests from analysis and hardening the scripts/run-tests.mjs filter implementation. Both changes are reflected in the changeset and represent the primary focus.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/codeql-alerts

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}