chore: consolidated web deps (11 packages + hono security + test fixes)#1150
Merged
chore: consolidated web deps (11 packages + hono security + test fixes)#1150
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Contributor
WalkthroughThis pull request introduces four changes across build configuration, mock service worker, and test files. The Vite dependency specification in the package configuration is narrowed from a range to a specific patch version. The mock service worker's package version constant is incremented from 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
Contributor
Dependency ReviewThe following issues were found:
Snapshot WarningsEnsure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice. License Issuesweb/package-lock.json
OpenSSF ScorecardScorecard details
Scanned Files
|
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates various project dependencies, including Vite, MSW, and several ESLint and Vitest packages. Additionally, it modifies the test suite to disable the development authentication bypass in specific router and store tests to ensure they exercise the real authentication flow.
web/package.json
Outdated
| "typescript": "^6.0", | ||
| "typescript-eslint": "^8", | ||
| "vite": "^8", | ||
| "vite": "^8.0.7", |
Contributor
There was a problem hiding this comment.
Hardcoding a specific patch version for 'vite' in package.json can lead to dependency drift or conflicts if other packages in the workspace require a different version. Consider using a caret (^) or tilde (~) range if compatibility allows, or ensure this pin is strictly necessary for stability.
Contributor
There was a problem hiding this comment.
Pull request overview
Consolidates multiple Dependabot updates for the web/ workspace into a single dependency bump, including Hono security patches, and adjusts failing web tests to avoid VITE_DEV_AUTH_BYPASS leaking into Vitest runs.
Changes:
- Bumps a set of
web/dependencies (notably Vite/Vitest/Storybook/MSW/Hono) and updates the lockfile accordingly. - Updates MSW’s generated service worker version in
public/. - Fixes existing unit tests by forcing dev auth bypass off during test execution.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| web/src/tests/stores/auth.test.ts | Adds a mock to disable dev auth bypass in auth store tests. |
| web/src/tests/router/guards.test.tsx | Adds a mock to disable dev auth bypass in router guard tests. |
| web/public/mockServiceWorker.js | Updates MSW service worker package version constant. |
| web/package.json | Pins vite to ^8.0.7 (and overall dependency consolidation). |
| web/package-lock.json | Consolidated lockfile updates for all bumped packages. |
Files not reviewed (1)
- web/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
1
to
+6
| import { useAuthStore } from '@/stores/auth' | ||
| import type { AuthResponse, UserInfoResponse } from '@/api/types' | ||
|
|
||
| // Disable dev auth bypass so store uses real auth flow | ||
| vi.mock('@/utils/dev', () => ({ IS_DEV_AUTH_BYPASS: false })) | ||
|
|
There was a problem hiding this comment.
IS_DEV_AUTH_BYPASS is evaluated when modules import @/utils/dev. In this test, useAuthStore is imported before the vi.mock('@/utils/dev', ...) statement, so the store may read the real env-derived value if the mock isn’t applied before module evaluation. To make the test deterministic (and consistent with web/src/__tests__/api/client.test.ts), move the vi.mock('@/utils/dev', ...) setup so it runs before importing @/stores/auth (e.g., import vi first, apply the mock, then import the store).
Suggested change
| import { useAuthStore } from '@/stores/auth' | |
| import type { AuthResponse, UserInfoResponse } from '@/api/types' | |
| // Disable dev auth bypass so store uses real auth flow | |
| vi.mock('@/utils/dev', () => ({ IS_DEV_AUTH_BYPASS: false })) | |
| import { vi } from 'vitest' | |
| import type { AuthResponse, UserInfoResponse } from '@/api/types' | |
| // Disable dev auth bypass so store uses real auth flow | |
| vi.mock('@/utils/dev', () => ({ IS_DEV_AUTH_BYPASS: false })) | |
| const { useAuthStore } = await import('@/stores/auth') |
Comment on lines
1
to
+10
| import { screen, waitFor } from '@testing-library/react' | ||
| import userEvent from '@testing-library/user-event' | ||
| import { useAuthStore } from '@/stores/auth' | ||
| import { useSetupStore } from '@/stores/setup' | ||
| import { AuthGuard, GuestGuard, SetupCompleteGuard, SetupGuard } from '@/router/guards' | ||
| import { renderRoutes } from '../test-utils' | ||
|
|
||
| // Disable dev auth bypass so guards use real auth flow | ||
| vi.mock('@/utils/dev', () => ({ IS_DEV_AUTH_BYPASS: false })) | ||
|
|
There was a problem hiding this comment.
AuthGuard/SetupGuard ultimately depend on IS_DEV_AUTH_BYPASS, which is computed at @/utils/dev module-evaluation time. Because @/stores/auth, @/stores/setup, and @/router/guards are imported before the vi.mock('@/utils/dev', ...) call, this test can become order-dependent if the mock isn’t applied before those modules load. To keep the bypass reliably disabled, apply the mock before importing the guards/stores (same pattern as web/src/__tests__/api/client.test.ts).
Comment on lines
7
to
12
| * - Please do NOT modify this file. | ||
| */ | ||
|
|
||
| const PACKAGE_VERSION = '2.13.0' | ||
| const PACKAGE_VERSION = '2.13.2' | ||
| const INTEGRITY_CHECKSUM = '4db4a41e972cec1b64cc569c66952d82' | ||
| const IS_MOCKED_RESPONSE = Symbol('isMockedResponse') |
There was a problem hiding this comment.
public/mockServiceWorker.js is an MSW-generated artifact (header says “Please do NOT modify this file”). This PR updates PACKAGE_VERSION manually; to avoid drifting from the exact worker script MSW expects for the installed version (including any related integrity/checksum semantics), regenerate the worker via the MSW init command for the updated msw version instead of hand-editing constants.
8770454 to
dcea933
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@web/package.json`:
- Around line 104-106: Add a short inline comment near the "overrides" entry
that pins "rolldown": "1.0.0-rc.14" in package.json indicating this is a
temporary RC pin and include a reference to a tracking issue or TODO (e.g.,
"TODO: remove override when rolldown stable >=1.0.0 released") so the override
on "rolldown" can be revisited and removed when a stable version is published.
In `@web/public/mockServiceWorker.js`:
- Line 10: The PACKAGE_VERSION constant in mockServiceWorker.js
('PACKAGE_VERSION') no longer matches the msw dependency in
package.json/package-lock.json; update the "msw" entry in package.json to
"^2.13.2" and then regenerate package-lock.json (run npm install or yarn
install) so package-lock.json reflects the same 2.13.2 version, ensuring
mockServiceWorker.js, package.json, and package-lock.json are consistent.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 226ca05c-7b3f-4d22-a0a9-3393cdfff52d
⛔ Files ignored due to path filters (1)
web/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (4)
web/package.jsonweb/public/mockServiceWorker.jsweb/src/__tests__/router/guards.test.tsxweb/src/__tests__/stores/auth.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
- GitHub Check: Build Backend
- GitHub Check: Build Sandbox
- GitHub Check: Build Web
- GitHub Check: Dashboard Test
- GitHub Check: Dependency Review
- GitHub Check: Analyze (go)
- GitHub Check: Analyze (javascript-typescript)
- GitHub Check: Analyze (python)
🧰 Additional context used
📓 Path-based instructions (2)
web/src/**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (web/CLAUDE.md)
web/src/**/*.{ts,tsx,js,jsx}: Always usecreateLoggerfrom@/lib/logger-- never bareconsole.warn/console.error/console.debugin application code
Logger variable name must always beconst log(e.g.const log = createLogger('module-name'))
Pass dynamic/untrusted values as separate arguments to logger methods (not interpolated into the message string) so they go throughsanitizeArg
Attacker-controlled fields inside structured objects must be wrapped insanitizeForLog()before embedding in log calls
Files:
web/src/__tests__/router/guards.test.tsxweb/src/__tests__/stores/auth.test.ts
web/src/**/*.{ts,tsx}
📄 CodeRabbit inference engine (web/CLAUDE.md)
web/src/**/*.{ts,tsx}: Use Tailwind semantic classes (text-foreground,bg-card,text-accent,text-success,bg-danger, etc.) or CSS variables (var(--so-*)) for colors; NEVER hardcode hex values in.tsx/.tsfiles
Usefont-sansorfont-mono(Geist tokens) for typography; NEVER setfontFamilydirectly in.tsx/.tsfiles
Use density-aware tokens (p-card,gap-section-gap,gap-grid-gap) or standard Tailwind spacing; NEVER hardcode pixel values for layout spacing in components
Use token variables (var(--so-shadow-card-hover),border-border,border-bright) for shadows and borders; NEVER hardcode values in.tsx/.tsfiles
Use@/lib/motionpresets for Framer Motion transition durations; NEVER hardcode transition durations
CSS side-effect imports in TypeScript 6 require type declarations -- add/// <reference types="vite/client" />at the top of files with CSS imports
web/src/**/*.{ts,tsx}: ALWAYS reuse existing components fromweb/src/components/ui/before creating new ones
NEVER hardcode hex colors, font-family, pixel spacing, or Framer Motion transitions. Use design tokens and@/lib/motionpresets.
Files:
web/src/__tests__/router/guards.test.tsxweb/src/__tests__/stores/auth.test.ts
🧠 Learnings (19)
📓 Common learnings
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-02T16:11:16.315Z
Learning: Dependabot: daily updates (uv, github-actions, npm, pre-commit, docker, gomod), all updates grouped into 1 PR per ecosystem, no auto-merge
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-14T15:43:05.601Z
Learning: Applies to web/package.json : Web dashboard Node.js 20+; dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, ESLint, vue-tsc)
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-01T18:57:46.655Z
Learning: Applies to web/package.json : Web dashboard Node.js 22+, TypeScript 6.0+, dependencies in `web/package.json`
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/__tests__/**/*.{test,spec}.{ts,tsx} : Vitest unit tests must use coverage scoped to files changed vs origin/main branch
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-20T08:28:32.845Z
Learning: Applies to web/src/__tests__/**/*.{ts,js} : Dashboard testing: Vitest unit tests organized by feature under `web/src/__tests__/`. Use fast-check for property-based testing (`fc.assert` + `fc.property`).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/.storybook/**/*.{ts,js} : Use `defineMain` from `storybook/react-vite/node` and `definePreview` from `storybook/react-vite` for type-safe Storybook configuration
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-31T14:31:11.894Z
Learning: Applies to web/src/**/*.{ts,tsx} : Use React 19, TypeScript 6.0+, and design system tokens from shadcn/ui + Tailwind CSS 4 + Radix UI in web dashboard
📚 Learning: 2026-04-02T12:21:16.739Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/__tests__/**/*.{test,spec}.{ts,tsx} : Vitest unit tests must use coverage scoped to files changed vs origin/main branch
Applied to files:
web/src/__tests__/router/guards.test.tsxweb/package.jsonweb/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-03-20T08:28:32.845Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-20T08:28:32.845Z
Learning: Applies to web/src/__tests__/**/*.{ts,js} : Dashboard testing: Vitest unit tests organized by feature under `web/src/__tests__/`. Use fast-check for property-based testing (`fc.assert` + `fc.property`).
Applied to files:
web/src/__tests__/router/guards.test.tsxweb/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-03-30T10:20:08.544Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:20:08.544Z
Learning: Applies to web/**/*.test.{ts,tsx} : Web dashboard: Use React Hypothesis (fast-check) for property-based testing with fc.assert + fc.property
Applied to files:
web/src/__tests__/router/guards.test.tsx
📚 Learning: 2026-04-02T12:21:16.739Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: Import from `storybook/test` instead of `storybook/test`
Applied to files:
web/src/__tests__/router/guards.test.tsxweb/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-03-30T10:41:40.176Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:41:40.176Z
Learning: Applies to web/src/__tests__/**/*.test.{ts,tsx} : Use property-based testing with fast-check in React tests (`fc.assert` + `fc.property`)
Applied to files:
web/src/__tests__/router/guards.test.tsxweb/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-03-30T10:20:08.544Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:20:08.544Z
Learning: Applies to web/**/*.stories.{ts,tsx} : Storybook 10: Use storybook/test (not storybook/test) and storybook/actions (not storybook/addon-actions) import paths
Applied to files:
web/src/__tests__/router/guards.test.tsxweb/package.jsonweb/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-03-30T10:41:40.176Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:41:40.176Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: import from `storybook/test` (not `storybook/test`), `storybook/actions` (not `storybook/addon-actions`)
Applied to files:
web/src/__tests__/router/guards.test.tsxweb/package.jsonweb/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/src/**/*.stories.tsx : Use `storybook/test` and `storybook/actions` import paths in Storybook stories (not `storybook/test` or `storybook/addon-actions`)
Applied to files:
web/src/__tests__/router/guards.test.tsxweb/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-03-14T15:43:05.601Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-14T15:43:05.601Z
Learning: Applies to web/package.json : Web dashboard Node.js 20+; dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, ESLint, vue-tsc)
Applied to files:
web/package.json
📚 Learning: 2026-04-01T18:57:46.655Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-01T18:57:46.655Z
Learning: Applies to web/package.json : Web dashboard Node.js 22+, TypeScript 6.0+, dependencies in `web/package.json`
Applied to files:
web/package.json
📚 Learning: 2026-03-15T18:17:43.675Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Applied to files:
web/package.json
📚 Learning: 2026-04-02T12:21:16.739Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to site/package.json : Landing page dependencies in `site/package.json` (Astro 6, astrojs/react, React 19, Tailwind CSS 4)
Applied to files:
web/package.json
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/src/**/*.{ts,tsx} : CSS side-effect imports in TypeScript 6 require type declarations -- add `/// <reference types="vite/client" />` at the top of files with CSS imports
Applied to files:
web/package.json
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/.storybook/**/*.{ts,js} : Use `defineMain` from `storybook/react-vite/node` and `definePreview` from `storybook/react-vite` for type-safe Storybook configuration
Applied to files:
web/package.jsonweb/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-03-15T21:32:02.880Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.
Applied to files:
web/package.json
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/tsconfig.json : In TypeScript 6, explicitly list needed types in the `types` array (e.g. `"types": ["vitest/globals"]`) instead of relying on auto-discovery of `types/*`
Applied to files:
web/package.json
📚 Learning: 2026-03-30T10:41:40.176Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:41:40.176Z
Learning: Applies to web/src/**/*.{ts,tsx} : Use Zustand stores for state management in the web dashboard; each domain has its own store module (auth, WebSocket, toast, analytics, setup, company, agents, budget, tasks, settings, providers, theme, per-domain stores)
Applied to files:
web/src/__tests__/stores/auth.test.ts
📚 Learning: 2026-03-27T12:44:29.466Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-27T12:44:29.466Z
Learning: Applies to web/src/stores/**/*.{ts,tsx} : Use Zustand stores in web dashboard for state management (auth, WebSocket, toast, analytics, domain shells)
Applied to files:
web/src/__tests__/stores/auth.test.ts
🔇 Additional comments (3)
web/src/__tests__/router/guards.test.tsx (1)
8-10: Good test hardening against env leakage.Forcing
IS_DEV_AUTH_BYPASStofalsehere makes guard tests deterministic and ensures they exercise the real auth/setup flow.web/src/__tests__/stores/auth.test.ts (1)
4-6: Nice consistency fix for auth-store test execution path.This mock prevents dev-bypass behavior from polluting tests and keeps session-validation assertions aligned with production auth flow.
web/package.json (1)
96-96: Vite version floor looks reasonable.Tightening
^8to^8.0.7sets the minimum version to include recent fixes while still allowing semver-compatible updates. This is appropriate for ensuring consistent behavior across installations.
web/package.json
Outdated
Comment on lines
104
to
106
| "overrides": { | ||
| "rolldown": "1.0.0-rc.14" | ||
| } |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify rolldown 1.0.0-rc.14 exists on npm
curl -s https://registry.npmjs.org/rolldown/1.0.0-rc.14 | jq '{name: .name, version: .version}'
# Check latest rolldown versions to see if stable is available
curl -s https://registry.npmjs.org/rolldown | jq '.["dist-tags"]'Repository: Aureliolo/synthorg
Length of output: 233
Track the RC pin for removal once a stable rolldown version is released.
Pinning rolldown to 1.0.0-rc.14 is a valid temporary workaround. Since 1.0.0-rc.14 remains the latest version on npm and no stable release exists yet, consider adding a comment or tracking issue to remove this override once a stable version becomes available.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@web/package.json` around lines 104 - 106, Add a short inline comment near the
"overrides" entry that pins "rolldown": "1.0.0-rc.14" in package.json indicating
this is a temporary RC pin and include a reference to a tracking issue or TODO
(e.g., "TODO: remove override when rolldown stable >=1.0.0 released") so the
override on "rolldown" can be revisited and removed when a stable version is
published.
| */ | ||
|
|
||
| const PACKAGE_VERSION = '2.13.0' | ||
| const PACKAGE_VERSION = '2.13.2' |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Check MSW version consistency between package.json, package-lock.json, and mockServiceWorker.js
echo "=== Checking web/package.json ==="
rg -n '"msw":\s*"[^"]*"' web/package.json
echo -e "\n=== Checking web/package-lock.json (top-level + resolved version) ==="
rg -n '"msw":\s*"[^"]*"' web/package-lock.json | head -5
echo -e "\n=== Checking mockServiceWorker.js PACKAGE_VERSION ==="
rg -n "PACKAGE_VERSION = '[^']*'" web/public/mockServiceWorker.js
echo -e "\n=== Expected: All three should consistently reference 2.13.2 ==="Repository: Aureliolo/synthorg
Length of output: 505
MSW version mismatch breaks integrity check: update package.json to 2.13.2.
The PACKAGE_VERSION in mockServiceWorker.js is set to '2.13.2', but web/package.json and web/package-lock.json still declare "msw": "^2.12.14". This mismatch will cause the MSW integrity check to fail at runtime, breaking all mocked requests in tests. Update package.json to "msw": "^2.13.2" and regenerate package-lock.json.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@web/public/mockServiceWorker.js` at line 10, The PACKAGE_VERSION constant in
mockServiceWorker.js ('PACKAGE_VERSION') no longer matches the msw dependency in
package.json/package-lock.json; update the "msw" entry in package.json to
"^2.13.2" and then regenerate package-lock.json (run npm install or yarn
install) so package-lock.json reflects the same 2.13.2 version, ensuring
mockServiceWorker.js, package.json, and package-lock.json are consistent.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@web/.storybook/main.ts`:
- Around line 13-20: Add a TODO comment above the config.build override in
web/.storybook/main.ts noting this is a temporary workaround for the Rollldown
RC bug and should be revisited/reverted once rollup/rolldown reaches a stable
release (include the issue/RC version: "rolldown 1.0.0-rc.13+"). Locate the
block where config.build is reassigned (the config.build = { ...config.build,
sourcemap: false, minify: false } statement) and prepend a concise TODO with
context, target version/condition for removal, and a link or reference to the
upstream bug/issue if available.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: a818a801-b5cd-4642-9ae0-65a8447e9c6d
⛔ Files ignored due to path filters (1)
web/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (2)
web/.storybook/main.tsweb/package.json
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)
- GitHub Check: Dashboard Security Audit
- GitHub Check: Dashboard Test
- GitHub Check: Dashboard Build
- GitHub Check: Dashboard Storybook Build
- GitHub Check: Dashboard Lint
- GitHub Check: Dashboard Type Check
- GitHub Check: Build Backend
- GitHub Check: Build Web
- GitHub Check: Build Sandbox
- GitHub Check: Dependency Review
- GitHub Check: Analyze (python)
- GitHub Check: Analyze (javascript-typescript)
- GitHub Check: Analyze (go)
🧰 Additional context used
📓 Path-based instructions (2)
web/.storybook/**/*.{ts,js}
📄 CodeRabbit inference engine (web/CLAUDE.md)
Use
defineMainfrom@storybook/react-vite/nodeanddefinePreviewfrom@storybook/react-vitefor type-safe Storybook configuration
Files:
web/.storybook/main.ts
web/.storybook/**/*.{ts,tsx}
📄 CodeRabbit inference engine (web/CLAUDE.md)
web/.storybook/**/*.{ts,tsx}: In Storybook 10, useparameters.backgrounds.options(object keyed by name) +initialGlobals.backgrounds.valuefor backgrounds API (replaces olddefault+valuesarray)
In Storybook 10, useparameters.a11y.test: 'error' | 'todo' | 'off'for accessibility testing (replaces old.elementand.manual); set globally inpreview.tsxto enforce WCAG compliance
Files:
web/.storybook/main.ts
🧠 Learnings (17)
📓 Common learnings
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-02T16:11:16.315Z
Learning: Dependabot: daily updates (uv, github-actions, npm, pre-commit, docker, gomod), all updates grouped into 1 PR per ecosystem, no auto-merge
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-14T15:43:05.601Z
Learning: Applies to web/package.json : Web dashboard Node.js 20+; dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, ESLint, vue-tsc)
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/.storybook/**/*.{ts,js} : Use `defineMain` from `storybook/react-vite/node` and `definePreview` from `storybook/react-vite` for type-safe Storybook configuration
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:20:08.544Z
Learning: Applies to web/**/*.stories.{ts,tsx} : Storybook 10: Use storybook/test (not storybook/test) and storybook/actions (not storybook/addon-actions) import paths
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-01T18:57:46.655Z
Learning: Applies to web/package.json : Web dashboard Node.js 22+, TypeScript 6.0+, dependencies in `web/package.json`
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/__tests__/**/*.{test,spec}.{ts,tsx} : Vitest unit tests must use coverage scoped to files changed vs origin/main branch
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-20T08:28:32.845Z
Learning: Applies to web/src/__tests__/**/*.{ts,js} : Dashboard testing: Vitest unit tests organized by feature under `web/src/__tests__/`. Use fast-check for property-based testing (`fc.assert` + `fc.property`).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: Import from `storybook/test` instead of `storybook/test`
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:41:40.176Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: import from `storybook/test` (not `storybook/test`), `storybook/actions` (not `storybook/addon-actions`)
📚 Learning: 2026-03-14T15:43:05.601Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-14T15:43:05.601Z
Learning: Applies to web/package.json : Web dashboard Node.js 20+; dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, ESLint, vue-tsc)
Applied to files:
web/package.json
📚 Learning: 2026-04-01T18:57:46.655Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-01T18:57:46.655Z
Learning: Applies to web/package.json : Web dashboard Node.js 22+, TypeScript 6.0+, dependencies in `web/package.json`
Applied to files:
web/package.json
📚 Learning: 2026-03-15T18:17:43.675Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Applied to files:
web/package.json
📚 Learning: 2026-04-02T12:21:16.739Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to site/package.json : Landing page dependencies in `site/package.json` (Astro 6, astrojs/react, React 19, Tailwind CSS 4)
Applied to files:
web/package.json
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/src/**/*.{ts,tsx} : CSS side-effect imports in TypeScript 6 require type declarations -- add `/// <reference types="vite/client" />` at the top of files with CSS imports
Applied to files:
web/package.jsonweb/.storybook/main.ts
📚 Learning: 2026-03-15T21:32:02.880Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.
Applied to files:
web/package.json
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/.storybook/**/*.{ts,js} : Use `defineMain` from `storybook/react-vite/node` and `definePreview` from `storybook/react-vite` for type-safe Storybook configuration
Applied to files:
web/package.jsonweb/.storybook/main.ts
📚 Learning: 2026-03-30T10:20:08.544Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:20:08.544Z
Learning: Applies to web/**/*.stories.{ts,tsx} : Storybook 10: Use storybook/test (not storybook/test) and storybook/actions (not storybook/addon-actions) import paths
Applied to files:
web/package.jsonweb/.storybook/main.ts
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/tsconfig.json : In TypeScript 6, explicitly list needed types in the `types` array (e.g. `"types": ["vitest/globals"]`) instead of relying on auto-discovery of `types/*`
Applied to files:
web/package.json
📚 Learning: 2026-03-30T10:41:40.176Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:41:40.176Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: import from `storybook/test` (not `storybook/test`), `storybook/actions` (not `storybook/addon-actions`)
Applied to files:
web/package.jsonweb/.storybook/main.ts
📚 Learning: 2026-04-02T12:21:16.739Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: Import from `storybook/test` instead of `storybook/test`
Applied to files:
web/package.jsonweb/.storybook/main.ts
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/src/**/*.stories.tsx : Use `storybook/test` and `storybook/actions` import paths in Storybook stories (not `storybook/test` or `storybook/addon-actions`)
Applied to files:
web/.storybook/main.ts
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/.storybook/**/*.{ts,tsx} : In Storybook 10, use `parameters.backgrounds.options` (object keyed by name) + `initialGlobals.backgrounds.value` for backgrounds API (replaces old `default` + `values` array)
Applied to files:
web/.storybook/main.ts
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/.storybook/**/*.{ts,tsx} : In Storybook 10, use `parameters.a11y.test: 'error' | 'todo' | 'off'` for accessibility testing (replaces old `.element` and `.manual`); set globally in `preview.tsx` to enforce WCAG compliance
Applied to files:
web/.storybook/main.ts
📚 Learning: 2026-04-02T12:21:16.739Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: Use `parameters.a11y.test: 'error' | 'todo' | 'off'` for a11y testing configuration (replaces old `.element` and `.manual`)
Applied to files:
web/.storybook/main.ts
📚 Learning: 2026-03-30T10:20:08.544Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:20:08.544Z
Learning: Applies to web/**/*.stories.{ts,tsx} : Storybook 10: Use parameters.backgrounds.options (object keyed by name) + initialGlobals.backgrounds.value for background options (replaces old default + values array)
Applied to files:
web/.storybook/main.ts
🔇 Additional comments (1)
web/package.json (1)
96-96: LGTM - Vite minimum version constraint is appropriate.The change from
^8to^8.0.7correctly sets a minimum version floor to ensure security fixes and feature updates from vite 8.0.7 are included, while still allowing future 8.x patches via the caret range.
web/.storybook/main.ts
Outdated
Comment on lines
+13
to
+20
| // Disable sourcemaps and minification for Storybook builds to avoid | ||
| // rolldown segfault on Linux CI (rolldown 1.0.0-rc.13+, 4200+ modules). | ||
| // Storybook builds are for verification only, not production serving. | ||
| config.build = { | ||
| ...config.build, | ||
| sourcemap: false, | ||
| minify: false, | ||
| } |
Contributor
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider adding a TODO to track reverting this workaround.
The implementation is correct—using the spread operator preserves existing config.build settings, and the comment clearly explains the rationale. However, since this workaround is tied to a specific rolldown RC version issue, consider adding a tracking note so it can be revisited when rolldown reaches stable.
📝 Suggested enhancement
// Disable sourcemaps and minification for Storybook builds to avoid
// rolldown segfault on Linux CI (rolldown 1.0.0-rc.13+, 4200+ modules).
// Storybook builds are for verification only, not production serving.
+ // TODO: re-enable once rolldown stable (>=1.0.0) is released and verified.
config.build = {📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // Disable sourcemaps and minification for Storybook builds to avoid | |
| // rolldown segfault on Linux CI (rolldown 1.0.0-rc.13+, 4200+ modules). | |
| // Storybook builds are for verification only, not production serving. | |
| config.build = { | |
| ...config.build, | |
| sourcemap: false, | |
| minify: false, | |
| } | |
| // Disable sourcemaps and minification for Storybook builds to avoid | |
| // rolldown segfault on Linux CI (rolldown 1.0.0-rc.13+, 4200+ modules). | |
| // Storybook builds are for verification only, not production serving. | |
| // TODO: re-enable once rolldown stable (>=1.0.0) is released and verified. | |
| config.build = { | |
| ...config.build, | |
| sourcemap: false, | |
| minify: false, | |
| } |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@web/.storybook/main.ts` around lines 13 - 20, Add a TODO comment above the
config.build override in web/.storybook/main.ts noting this is a temporary
workaround for the Rollldown RC bug and should be revisited/reverted once
rollup/rolldown reaches a stable release (include the issue/RC version:
"rolldown 1.0.0-rc.13+"). Locate the block where config.build is reassigned (the
config.build = { ...config.build, sourcemap: false, minify: false } statement)
and prepend a concise TODO with context, target version/condition for removal,
and a link or reference to the upstream bug/issue if available.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@web/package.json`:
- Line 96: The dependency entry for "vite" currently uses a caret range
("^8.0.5") which allows patch updates that reintroduce the CI-breaking versions;
update the package.json dependency for the "vite" key to an exact version string
("8.0.5") so it is pinned and will not float to newer releases, then run
npm/yarn install to refresh lockfile (ensure package.json's "vite" value is
changed from ^8.0.5 to 8.0.5).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 1671979f-4cc7-42b5-8adb-9040df250f5b
⛔ Files ignored due to path filters (1)
web/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
web/package.json
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
- GitHub Check: Dashboard Storybook Build
- GitHub Check: Dashboard Build
- GitHub Check: Dashboard Test
- GitHub Check: Dashboard Type Check
- GitHub Check: Build Sandbox
- GitHub Check: Build Web
- GitHub Check: Build Backend
- GitHub Check: Dependency Review
- GitHub Check: Analyze (go)
- GitHub Check: Analyze (python)
🧰 Additional context used
🧠 Learnings (12)
📓 Common learnings
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-14T15:43:05.601Z
Learning: Applies to web/package.json : Web dashboard Node.js 20+; dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, ESLint, vue-tsc)
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-02T16:11:16.315Z
Learning: Dependabot: daily updates (uv, github-actions, npm, pre-commit, docker, gomod), all updates grouped into 1 PR per ecosystem, no auto-merge
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/__tests__/**/*.{test,spec}.{ts,tsx} : Vitest unit tests must use coverage scoped to files changed vs origin/main branch
📚 Learning: 2026-03-14T15:43:05.601Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-14T15:43:05.601Z
Learning: Applies to web/package.json : Web dashboard Node.js 20+; dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, ESLint, vue-tsc)
Applied to files:
web/package.json
📚 Learning: 2026-04-01T18:57:46.655Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-01T18:57:46.655Z
Learning: Applies to web/package.json : Web dashboard Node.js 22+, TypeScript 6.0+, dependencies in `web/package.json`
Applied to files:
web/package.json
📚 Learning: 2026-03-15T18:17:43.675Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to web/** : Web dashboard: Node.js 20+, dependencies in web/package.json (Vue 3, PrimeVue, Tailwind CSS, Pinia, VueFlow, ECharts, Axios, vue-draggable-plus, Vitest, fast-check, ESLint, vue-tsc).
Applied to files:
web/package.json
📚 Learning: 2026-04-02T12:21:16.739Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to site/package.json : Landing page dependencies in `site/package.json` (Astro 6, astrojs/react, React 19, Tailwind CSS 4)
Applied to files:
web/package.json
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/src/**/*.{ts,tsx} : CSS side-effect imports in TypeScript 6 require type declarations -- add `/// <reference types="vite/client" />` at the top of files with CSS imports
Applied to files:
web/package.json
📚 Learning: 2026-03-15T21:32:02.880Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.
Applied to files:
web/package.json
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/.storybook/**/*.{ts,js} : Use `defineMain` from `storybook/react-vite/node` and `definePreview` from `storybook/react-vite` for type-safe Storybook configuration
Applied to files:
web/package.json
📚 Learning: 2026-03-30T10:20:08.544Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:20:08.544Z
Learning: Applies to web/**/*.stories.{ts,tsx} : Storybook 10: Use storybook/test (not storybook/test) and storybook/actions (not storybook/addon-actions) import paths
Applied to files:
web/package.json
📚 Learning: 2026-04-06T06:45:22.965Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-06T06:45:22.965Z
Learning: Applies to web/tsconfig.json : In TypeScript 6, explicitly list needed types in the `types` array (e.g. `"types": ["vitest/globals"]`) instead of relying on auto-discovery of `types/*`
Applied to files:
web/package.json
📚 Learning: 2026-03-30T10:41:40.176Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-30T10:41:40.176Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: import from `storybook/test` (not `storybook/test`), `storybook/actions` (not `storybook/addon-actions`)
Applied to files:
web/package.json
📚 Learning: 2026-04-02T12:21:16.739Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: web/CLAUDE.md:0-0
Timestamp: 2026-04-02T12:21:16.739Z
Learning: Applies to web/src/**/*.stories.tsx : Storybook 10: Import from `storybook/test` instead of `storybook/test`
Applied to files:
web/package.json
| "typescript": "^6.0", | ||
| "typescript-eslint": "^8", | ||
| "vite": "^8", | ||
| "vite": "^8.0.5", |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify whether Vite is truly pinned (exact) or ranged.
jq -r '.devDependencies.vite' web/package.json
# Expected for a real pin: 8.0.5
# Current risky value: ^8.0.5Repository: Aureliolo/synthorg
Length of output: 68
vite is not actually pinned; use an exact version to prevent regressing to problematic versions.
^8.0.5 allows upgrades to 8.0.6+ (the versions causing the Linux CI segfault), defeating the intent of this change. Use an exact version instead:
Fix
- "vite": "^8.0.5",
+ "vite": "8.0.5",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "vite": "^8.0.5", | |
| "vite": "8.0.5", |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@web/package.json` at line 96, The dependency entry for "vite" currently uses
a caret range ("^8.0.5") which allows patch updates that reintroduce the
CI-breaking versions; update the package.json dependency for the "vite" key to
an exact version string ("8.0.5") so it is pinned and will not float to newer
releases, then run npm/yarn install to refresh lockfile (ensure package.json's
"vite" value is changed from ^8.0.5 to 8.0.5).
Aureliolo
added a commit
that referenced
this pull request
Apr 9, 2026
🤖 I have created a release *beep* *boop* --- ## [0.6.5](v0.6.4...v0.6.5) (2026-04-09) ### Features * add control-plane API endpoints batch ([#1118](#1118), [#1119](#1119), [#1120](#1120), [#1121](#1121)) ([#1138](#1138)) ([af11f0a](af11f0a)) * engine intelligence v2 -- trace enrichment, compaction, versioning eval ([#1139](#1139)) ([ed57dfa](ed57dfa)), closes [#1123](#1123) [#1125](#1125) [#1113](#1113) * generalize versioning to VersionSnapshot[T] for all entity types ([#1155](#1155)) ([5f563ce](5f563ce)), closes [#1131](#1131) [#1132](#1132) [#1133](#1133) * implement auxiliary tool categories -- design, communication, analytics ([#1152](#1152)) ([b506ba4](b506ba4)) * implement multi-project support -- engine orchestration ([#242](#242)) ([#1153](#1153)) ([74f1362](74f1362)) * implement SharedKnowledgeStore append-only + MVCC consistency model (Phase 1.5) ([#1134](#1134)) ([965d3a1](965d3a1)), closes [#1130](#1130) * implement shutdown strategies and SUSPENDED task status ([#1151](#1151)) ([6a0db11](6a0db11)) * persistent cost aggregation for project-lifetime budgets ([#1173](#1173)) ([5c212c5](5c212c5)), closes [#1156](#1156) * Prometheus /metrics endpoint and OTLP exporter ([#1122](#1122)) ([#1135](#1135)) ([aaeaae9](aaeaae9)), closes [#1124](#1124) * Prometheus metrics -- daily budget %, per-agent cost, per-agent budget % ([#1154](#1154)) ([581c494](581c494)), closes [#1148](#1148) ### Bug Fixes * communication hardening -- meeting cooldown, circuit breaker backoff, debate fallback ([#1140](#1140)) ([fe82894](fe82894)), closes [#1115](#1115) [#1116](#1116) [#1117](#1117) ### CI/CD * bump wrangler from 4.80.0 to 4.81.0 in /.github in the all group ([#1144](#1144)) ([b7c0945](b7c0945)) ### Maintenance * bump python from `6869258` to `5e59aae` in /docker/backend in the all group ([#1141](#1141)) ([01e99c2](01e99c2)) * bump python from `6869258` to `5e59aae` in /docker/sandbox in the all group ([#1143](#1143)) ([ea755bd](ea755bd)) * bump python from `6869258` to `5e59aae` in /docker/web in the all group ([#1142](#1142)) ([5416dd9](5416dd9)) * bump the all group across 1 directory with 2 updates ([#1181](#1181)) ([d3d5adf](d3d5adf)) * bump the all group across 1 directory with 3 updates ([#1146](#1146)) ([c609e6c](c609e6c)) * bump the all group in /cli with 2 updates ([#1177](#1177)) ([afd9cde](afd9cde)) * bump the all group in /site with 3 updates ([#1178](#1178)) ([7cff82a](7cff82a)) * bump the all group with 2 updates ([#1180](#1180)) ([199a1a8](199a1a8)) * bump vitest from 4.1.2 to 4.1.3 in /site in the all group ([#1145](#1145)) ([a8c1194](a8c1194)) * consolidated web deps (11 packages + hono security + test fixes) ([#1150](#1150)) ([63a9390](63a9390)), closes [#1147](#1147) [#1136](#1136) [#1137](#1137) * pin Docker Python base image to 3.14.x ([#1182](#1182)) ([8ffdd86](8ffdd86)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidates three Dependabot PRs into one to avoid
web/package-lock.jsonconflicts:Additional updates picked up by
npm updatebeyond the original PRs:Test fixes: Fixed 6 pre-existing test failures in
auth.test.tsandguards.test.tsxcaused byVITE_DEV_AUTH_BYPASS=truein.envleaking into vitest. Addedvi.mock('@/utils/dev')to disable the bypass in tests (same pattern already used inclient.test.ts).Note: vite 8.0.7 includes rolldown 1.0.0-rc.13 which may segfault on Linux CI runners during Storybook builds (not a documented upstream issue, works on Windows). If CI Storybook build fails, will pin vite to 8.0.5 in a follow-up commit.
Closes #1147
Closes #1136
Closes #1137