chore: add knip dependency checks

[janburzinski]

summary

test knip workflow so that we can fine tune the config and just have it run "dry run" for now

[greptile-apps]

Greptile Summary

This PR adds a Knip dead-code and unused-dependency analysis workflow that runs on every PR targeting main. It also ships the initial knip.json configuration and registers knip as a dev dependency. The workflow is intentionally non-blocking (--no-exit-code) while the configuration is being tuned.

• .github/workflows/knip.yml installs dependencies with --ignore-scripts (safe since the postinstall is a no-op in CI), then runs Knip with the github-actions reporter so findings appear as inline PR annotations.
• knip.json seeds the entry-point list, a set of ignoreDependencies regexes for packages that Knip currently can't trace, and per-file ignores for five files still generating false positives.
• package.json gains the knip dev dependency (v6) and a matching knip npm script.

Confidence Score: 4/5

Safe to merge — the workflow is deliberately report-only and cannot block PRs.

The changes are additive and low-risk: a new non-blocking CI job and its config file. The only minor gap is the missing timeout-minutes on the job, which could tie up a runner on a pathological hang but won't affect correctness.

.github/workflows/knip.yml — add a job timeout before the workflow goes fully live.

Important Files Changed

Filename	Overview
.github/workflows/knip.yml	New workflow; well-structured with retry logic and correct action versions. Missing a job-level timeout-minutes.
knip.json	New Knip config; entry points, ignoreFiles, and ignoreDependencies look appropriate for this Electron codebase.
package.json	Adds knip ^6.12.2 to devDependencies and a knip npm script; consistent with the schema version referenced in knip.json.
pnpm-lock.yaml	Lockfile update for the new knip dependency; no concerns.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A([PR opened / workflow_dispatch]) --> B[Checkout code]
    B --> C[Setup pnpm 10.28.2]
    C --> D[Setup Node.js 24]
    D --> E{pnpm install\n--frozen-lockfile\n--ignore-scripts}
    E -- success --> F[Run Knip\n--reporter github-actions\n--no-exit-code\n--no-config-hints]
    E -- fail attempt 1 or 2 --> G[Sleep 10s]
    G --> E
    E -- fail attempt 3 --> H([Exit 1 — install failed])
    F --> I([Always exits 0\nAnnotations posted to PR])

Loading

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
.github/workflows/knip.yml:9
**Missing job-level timeout**

Without a `timeout-minutes` on the job, a hung `pnpm install` or Knip run could hold a GitHub-hosted runner for up to the platform default (6 hours). Adding a budget (e.g. `timeout-minutes: 15`) keeps the queue healthy and surfaces real hangs quickly.

_{Reviews (1): Last reviewed commit: "ci(knip): make checks report-only" | Re-trigger Greptile}

[greptile-apps]

Missing job-level timeout

Without a timeout-minutes on the job, a hung pnpm install or Knip run could hold a GitHub-hosted runner for up to the platform default (6 hours). Adding a budget (e.g. timeout-minutes: 15) keeps the queue healthy and surfaces real hangs quickly.

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/workflows/knip.yml
Line: 9

Comment:
**Missing job-level timeout**

Without a `timeout-minutes` on the job, a hung `pnpm install` or Knip run could hold a GitHub-hosted runner for up to the platform default (6 hours). Adding a budget (e.g. `timeout-minutes: 15`) keeps the queue healthy and surfaces real hangs quickly.

How can I resolve this? If you propose a fix, please make it concise.