debug: Add react-scan

[brendan-kellam]

adds react scan behind a DEBUG_ENABLE_REACT_SCAN flag to help with debugging rendering issues in development.

Summary by CodeRabbit

• Documentation

  • Added debugging guide documenting React Scan, a development tool that visualizes component re-renders.

• New Features

  • Introduced opt-in React Scan debugging capability for development. Enable via DEBUG_ENABLE_REACT_SCAN=true in .env.development.local and restart the dev server to view browser highlights of re-rendering components.

[github-actions]

@brendan-kellam your pull request is missing a changelog!

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6465a592-aa85-46b0-8ed9-037777020704

📥 Commits

Reviewing files that changed from the base of the PR and between b0b0c3c and f3e6249.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (4)

• CONTRIBUTING.md
• packages/shared/src/env.server.ts
• packages/web/package.json
• packages/web/src/app/layout.tsx

---

Walkthrough

This pull request adds React Scan, a development debugging tool that highlights re-rendering components. Changes include documentation for enabling it via a new DEBUG_ENABLE_REACT_SCAN environment variable, adding the dependency, configuring the server env variable, and conditionally injecting the React Scan script in the root layout when enabled in development mode.

Changes

Cohort / File(s)	Summary
Documentation CONTRIBUTING.md	Added "Debugging" section documenting React Scan functionality, setup via .env.development.local, and dev server restart requirement.
Environment Configuration packages/shared/src/env.server.ts	Added DEBUG_ENABLE_REACT_SCAN boolean environment variable to server-side schema with default value of 'false'.
Dependencies packages/web/package.json	Added react-scan dependency (^0.5.3) to both dependencies and devDependencies.
Script Injection packages/web/src/app/layout.tsx	Updated development-only script injection logic to use env.NODE_ENV instead of process.env.NODE_ENV and added conditional injection of React Scan's auto script when DEBUG_ENABLE_REACT_SCAN is enabled.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• debug: Add react-grab #979: Modifies packages/web/src/app/layout.tsx and packages/web/package.json to inject development-only instrumentation scripts and add related dependencies, sharing the same pattern of conditional script injection.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bkellam/add-react-scan

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

License Audit

❌ Status: FAIL

Metric	Count
Total packages	2109
Resolved (non-standard)	15
Unresolved	2
Strong copyleft	0
Weak copyleft	27

Fail Reasons

• 2 packages have unresolvable licenses: @react-grab/cli, @react-grab/mcp

Unresolved Packages

Package	Version	License	Reason
@react-grab/cli	0.1.23	UNKNOWN	No repository or homepage URL in package metadata; npm registry response contains no license, repository, or homepage fields; unable to locate source repository to check for LICENSE file
@react-grab/mcp	0.1.23	UNKNOWN	No repository or homepage URL in package metadata; npm registry response contains no license, repository, or homepage fields; unable to locate source repository to check for LICENSE file

Weak Copyleft Packages (informational)

Package	Version	License
@img/sharp-libvips-darwin-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-darwin-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm	1.0.5	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-ppc64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-riscv64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-s390x	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-s390x	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linux-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-arm64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-arm64	1.2.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-x64	1.0.4	LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-x64	1.2.4	LGPL-3.0-or-later
@img/sharp-wasm32	0.33.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT
@img/sharp-wasm32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later AND MIT
@img/sharp-win32-arm64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-ia32	0.33.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-ia32	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-x64	0.33.5	Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-x64	0.34.5	Apache-2.0 AND LGPL-3.0-or-later
axe-core	4.10.3	MPL-2.0
dompurify	3.3.1	(MPL-2.0 OR Apache-2.0)

Resolved Packages (15)

Package	Version	Original	Resolved	Source
codemirror-lang-elixir	4.0.0	UNKNOWN	Apache-2.0	GitHub repo (https://github.com/livebook-dev/codemirror-lang-elixir)
lezer-elixir	1.1.2	UNKNOWN	Apache-2.0	GitHub repo (https://github.com/livebook-dev/lezer-elixir)
map-stream	0.1.0	UNKNOWN	MIT	GitHub repo (https://github.com/dominictarr/map-stream)
memorystream	0.3.1	UNKNOWN	MIT	GitHub repo (https://github.com/JSBizon/node-memorystream)
valid-url	1.0.9	UNKNOWN	MIT	GitHub repo LICENSE file (https://github.com/ogt/valid-url)
posthog-js	1.345.5	SEE LICENSE IN LICENSE	Apache-2.0	GitHub repo LICENSE file (https://github.com/PostHog/posthog-js)
@sentry/cli	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — Functional Source License 1.1 with MIT future license; FSL-1.1-MIT is not a recognized SPDX identifier but license confirmed as Functional Source License
@sentry/cli-darwin	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — same repo as @sentry/cli
@sentry/cli-linux-arm	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — same repo as @sentry/cli
@sentry/cli-linux-arm64	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — same repo as @sentry/cli
@sentry/cli-linux-i686	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — same repo as @sentry/cli
@sentry/cli-linux-x64	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — same repo as @sentry/cli
@sentry/cli-win32-arm64	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — same repo as @sentry/cli
@sentry/cli-win32-i686	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — same repo as @sentry/cli
@sentry/cli-win32-x64	2.58.5	FSL-1.1-MIT	FSL-1.1-MIT	GitHub repo LICENSE file (https://github.com/getsentry/sentry-cli) — same repo as @sentry/cli