Reduce Medusa admin build load

[BleedingDev]

Summary

• keep Medusa admin minification enabled; the previous minify: false workaround stays removed
• pin Vite globally to official vite@8.0.11 through pnpm.overrides, so workspace Vite resolutions do not drift back to Vite 5/7
• keep Medusa admin on Vite 8, with targeted overrides for @medusajs/admin-bundler, @medusajs/admin-vite-plugin, and @vitejs/plugin-react@6.0.1
• upgrade Payload's Vite test stack to Vite 8 as well: direct vite@8.0.11, @vitejs/plugin-react@6.0.1, vitest@4.1.5, and native Vite 8 resolve.tsconfigPaths
• keep the product description WYSIWYG editor lighter by removing the heavyweight source/diff + CodeMirror editing UI while retaining headings, lists, links, emphasis, separators and code-block parsing

Notes

• Direct Vite 8 was approved despite the workspace minimum-release-age=1440 policy. The lockfile pins vite@8.0.11, and pnpm fetch --frozen-lockfile passes without changing repo policy.
• Vite 8 is the official Rolldown-powered Vite release: https://vite.dev/blog/announcing-vite8
• pnpm still reports existing unrelated peer warnings around Medusa/plugin packages, but the Docker build validates that the admin build works with the forced Vite 8 path.

Validation

• bunx biome check --write package.json apps/frontend-demo/package.json apps/n1/package.json apps/payload/package.json apps/payload/vitest.config.mts
• bunx biome check --write apps/medusa-be/medusa-config.ts apps/medusa-be/src/admin/widgets/product-description-editor.tsx
• pnpm list -r vite --depth 0 -> only vite@8.0.11
• rg -n 'vite@([0-7]\\.|9\\.)|\\bvite: ["'"'"'^~]*[0-7]\\.|"vite"\\s*:\\s*"[~^]?[0-7]\\.' pnpm-lock.yaml package.json apps libs --glob 'package.json' -> no matches
• pnpm --filter @nmit/payload test:int -> 9 files / 109 tests passed
• pnpm fetch --store-dir=/tmp/new-engine-pnpm-fetch-vite8 --frozen-lockfile -> passed without min-age bypass
• git diff --check
• /usr/bin/time -l docker build --progress=plain --target build -f docker/development/medusa-be/Dockerfile .
  • Docker pnpm fetch --frozen-lockfile passed
  • Medusa backend build: 3.37s
  • Medusa frontend build: 6.11s
  • Medusa build pipeline total: 36s

Summary by CodeRabbit

• Chores
  • Upgraded build tooling (Vite) and aligned dependency overrides; updated dev tooling and type package pins across apps; adjusted backend admin host handling and test tooling configuration.
• Refactoring
  • Simplified the product description editor UI by removing diffing/code-display controls and streamlining the toolbar.

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	34% smaller
apps/payload/vitest.config.mts	27% smaller
apps/medusa-be/medusa-config.ts	20% smaller
apps/payload/package.json	1% smaller
apps/medusa-be/src/admin/widgets/product-description-editor.tsx	1% smaller
apps/frontend-demo/package.json	0% smaller
apps/medusa-be/package.json	0% smaller
apps/n1/package.json	0% smaller
pnpm-lock.yaml	Unsupported file format

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
new-engine-ui-storybook	Ready	Preview, Comment	May 8, 2026 6:41am

[coderabbitai]

Warning

Rate limit exceeded

@BleedingDev has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 54 minutes and 26 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 42645de1-c32f-440e-a073-4e207c88e2c5

📥 Commits

Reviewing files that changed from the base of the PR and between fb265a2 and 33085b4.

📒 Files selected for processing (1)

• apps/medusa-be/medusa-config.ts

Walkthrough

Upgrades Vite and related tooling, pins nested dependencies via pnpm overrides, changes Medusa admin allowed-hosts derivation to parse/trim MEDUSA_BACKEND_URL, and simplifies the MDXEditor by removing code-mirror/diff features and toolbar controls.

Changes

Vite 8 Upgrade and MDXEditor Simplification

Layer / File(s)	Summary
Dependency Overrides package.json	Root-level pnpm.overrides adds explicit version pins for @types/react-dom, @medusajs/admin-bundler/@medusajs/admin-vite-plugin nested vite, and @medusajs/admin-bundler>@vitejs/plugin-react.
Vite Version Upgrade apps/medusa-be/package.json	devDependencies.vite updated from ^5.4.21 to 8.0.11.
Vite Configuration Allowed-Hosts apps/medusa-be/medusa-config.ts	Refactors MEDUSA_ADMIN_ALLOWED_HOSTS derivation: returns true in development; otherwise trims MEDUSA_BACKEND_URL and uses parsed hostname or raw value; wired into admin.vite().server.allowedHosts.
MDXEditor Refactoring apps/medusa-be/src/admin/widgets/product-description-editor.tsx	Removes codeMirrorPlugin and diffSourcePlugin imports/config; deletes productEditorCodeLanguages; simplifies toolbar (removes DiffSourceToggleWrapper and diff-specific insert items); changes plugins useMemo dependency to [].
Payload package and engines apps/payload/package.json	Updates devDependencies (@vitejs/plugin-react@6.0.1, vitest/coverage to 4.1.x), removes vite-tsconfig-paths, and tightens engines.node to `^20.19.0
Payload vitest config apps/payload/vitest.config.mts	Enables resolve.tsconfigPaths: true, removes tsconfigPaths() plugin, keeps React plugin and existing test/coverage settings.
Pinned @types/node apps/frontend-demo/package.json, apps/n1/package.json	Bumps @types/node to ^20.19.40 in both apps.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• TechsioCZ/new-engine#396: Modifies the same product-description-editor and medusa-be configuration files with related dependency and MDXEditor functionality changes.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Reduce Medusa admin build load' directly aligns with the PR's primary objective to optimise the Medusa admin build by pinning Vite 8, removing heavy editor components, and streamlining dependencies.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/reduce-medusa-admin-build-load

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch codex/reduce-medusa-admin-build-load

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 41607a8aa8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[blacksmith-sh]

Blacksmith Account Suspended

This Blacksmith account requires additional verification. Jobs targeting Blacksmith runners will not be picked up and will remain queued until they timeout.

Please contact Blacksmith Support for assistance.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f39662bb0f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 33c3cf7b5d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6e39e1b206

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/medusa-be/medusa-config.ts`:
- Around line 47-50: The catch block for setting MEDUSA_ADMIN_ALLOWED_HOSTS can
pass a full URL string to allowedHosts; update the catch to extract a hostname
from MEDUSA_BACKEND_URL consistently (e.g., construct a URL with a scheme like
`http://` around MEDUSA_BACKEND_URL and use its hostname) so
MEDUSA_ADMIN_ALLOWED_HOSTS always receives a bare hostname; change only the
fallback assignment for MEDUSA_ADMIN_ALLOWED_HOSTS while keeping the try branch
that uses new URL(MEDUSA_BACKEND_URL).hostname.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: f40090ad-a508-474c-9d65-b0741ea4a2f2

📥 Commits

Reviewing files that changed from the base of the PR and between f39662b and fb265a2.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• apps/frontend-demo/package.json
• apps/medusa-be/medusa-config.ts
• apps/n1/package.json
• apps/payload/package.json
• apps/payload/vitest.config.mts
• package.json

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: main

🧰 Additional context used

📓 Path-based instructions (7)

**/package.json

📄 CodeRabbit inference engine (CLAUDE.md)

Use pnpm CLI to add dependencies; never edit package.json directly

Files:

• apps/frontend-demo/package.json
• apps/n1/package.json
• package.json
• apps/payload/package.json

apps/n1/**/package.json

📄 CodeRabbit inference engine (apps/n1/CLAUDE.md)

Do NOT manually edit package.json - use pnpm add <pkg> or pnpm add -D <pkg> commands instead

Files:

• apps/n1/package.json

apps/payload/**/package.json

📄 CodeRabbit inference engine (apps/payload/.cursor/rules/components.md)

Pin all @payloadcms/* packages to the exact same version to avoid dependency version mismatch errors with hooks like useConfig

Files:

• apps/payload/package.json

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Import UI components using the pattern import { ComponentName } from '@libs/ui/atoms/component-name' or '@libs/ui/molecules/component-name'

Files:

• apps/medusa-be/medusa-config.ts

apps/medusa-be/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (apps/medusa-be/CLAUDE.md)

apps/medusa-be/**/*.{ts,tsx,js,jsx}: Always use braces for if/else statements, even for single statements
Declare one variable per const/let statement; do not use multiple declarations on one line
Use nullish coalescing operator (??) instead of logical OR (||) for null/undefined defaults
Write comments explaining why code exists, not what it does; rely on self-documenting code with clear naming
Always validate data before type casting; do not use 'as Type' without prior validation

Files:

• apps/medusa-be/medusa-config.ts

apps/medusa-be/**/*.{ts,tsx}

📄 CodeRabbit inference engine (apps/medusa-be/CLAUDE.md)

apps/medusa-be/**/*.{ts,tsx}: Do not use non-null assertion operator (!) in TypeScript code
Annotate the type of generic field access (e.g., result[field]) as unknown before type guards
Use Modules.* and ContainerRegistrationKeys.* constants instead of hardcoding strings for container resolution

Files:

• apps/medusa-be/medusa-config.ts

apps/medusa-be/**/medusa-config.ts

📄 CodeRabbit inference engine (apps/medusa-be/CLAUDE.md)

apps/medusa-be/**/medusa-config.ts: Conditional module loading must be evaluated at BUILD time via environment variables, not runtime
Cross-module provider dependencies must declare 'dependencies' array in module config for injection into provider container

Files:

• apps/medusa-be/medusa-config.ts

🧠 Learnings (2)

📚 Learning: 2026-02-05T14:43:17.404Z

Learnt from: KaiUweCZE
Repo: NMIT-WR/new-engine PR: 324
File: apps/medusa-be/package.json:0-0
Timestamp: 2026-02-05T14:43:17.404Z
Learning: Validate and enforce React 19 compatibility across monorepo workspaces. Since Medusa UI supports React 19 via root package.json overrides and Medusa Cloud prerequisites show React 19 overrides for npm workspaces, ensure workspace root and all relevant package.json files align with React 19 (18+ requirement is satisfied). When reviewing, verify that overrides exist in the root package.json and that dependent packages in apps or packages directories declare React 19 (or compatible) in their peerDependencies or dependencies as appropriate for workspace usage.

Applied to files:

• apps/frontend-demo/package.json
• apps/n1/package.json
• package.json
• apps/payload/package.json

📚 Learning: 2026-05-07T19:05:58.339Z

Learnt from: redeyecz
Repo: TechsioCZ/new-engine PR: 390
File: apps/medusa-be/package.json:78-81
Timestamp: 2026-05-07T19:05:58.339Z
Learning: When reviewing changes to `package.json`, do not automatically flag dependency additions/removals as "manually edited" or as "bypassing the pnpm lockfile" just because the `package.json` diff shows only that file changed. First verify whether `pnpm-lock.yaml` is missing the corresponding entries. Since `pnpm add` updates both `package.json` and `pnpm-lock.yaml` together, legitimate changes can appear in the `package.json` diff while still being properly tracked in the lockfile.

Applied to files:

• apps/frontend-demo/package.json
• apps/n1/package.json
• package.json
• apps/payload/package.json

🔇 Additional comments (5)

package.json (1)

52-56: chore: Vite/admin override pinning looks consistent

The targeted and global vite pins are coherent and reduce resolver drift across workspaces.

apps/frontend-demo/package.json (1)

37-37: chore: Node typings bump is aligned

@types/node update is straightforward and consistent with the broader toolchain alignment in this PR.

apps/n1/package.json (1)

39-39: chore: typings alignment in n1 is good

This pin keeps the app’s TS node typings in step with the related workspace updates.

apps/payload/package.json (1)

46-58: chore: Payload test stack upgrade is coherent

The Vite 8 / Vitest 4 / plugin-react 6 combination and Node engine floor update are consistent with the intended migration path.

Also applies to: 61-61

apps/payload/vitest.config.mts (1)

5-8: chore: config simplification is clean

Switching to built-in tsconfig path resolution and keeping a minimal plugin list improves maintainability without changing test intent.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fb265a2dca

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".