Upgrade packages

[elie222]

Upgrade app and package dependencies and add bypass logic for premium checks in utils.webhook.validate-webhook-account.validateWebhookAccount

Bumps dependency versions across apps and packages, switches experimental_createMCPClient to @ai-sdk/mcp, and updates utils.webhook.validate-webhook-account.validateWebhookAccount to set a static premium tier when env.NEXT_PUBLIC_BYPASS_PREMIUM_CHECKS is truthy.

📍Where to Start

Start with the premium computation in validateWebhookAccount in validate-webhook-account.ts.

---

📊 Macroscope summarized d7f8b30. 1 file reviewed, 1 issue evaluated, 0 issues filtered, 1 comment posted

🗂️ Filtered Issues

Summary by CodeRabbit

• Chores
  • Updated dependencies across the monorepo, including AI SDKs, Next.js, React, database adapters, UI libraries, and development tools
  • Added Model Context Protocol SDK integration capability
  • Package manager updated to pnpm 10.24.0
  • Bumped application version from v2.21.42 to v2.21.44

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
inbox-zero	Building	Preview	Dec 4, 2025 3:47pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This PR updates dependencies across multiple monorepo packages, including AI SDK versions, the Node.js type definitions, and development tooling. It migrates MCP functionality to a dedicated package (@ai-sdk/mcp), updates the import accordingly, and introduces a development/testing feature to bypass premium account checks via an environment variable. The version is bumped from v2.21.42 to v2.21.44.

Changes

Cohort / File(s)	Summary
AI SDK and core dependency updates apps/unsubscriber/package.json, apps/web/package.json	DevDependencies and runtime dependencies bumped across both app packages, including @ai-sdk providers (@amazon-bedrock, @anthropic, @google, @openai, @react), ai, fastify, React, Next.js, Prisma, Radix UI, Sentry, Stripe, and others; new dependency @ai-sdk/mcp added to apps/web.
MCP client migration apps/web/utils/ai/mcp/mcp-tools.ts	Import source for experimental_createMCPClient changed from "ai" to "@ai-sdk/mcp" package.
Premium check bypass feature apps/web/utils/webhook/validate-webhook-account.ts	Added env import and conditional bypass logic; if NEXT_PUBLIC_BYPASS_PREMIUM_CHECKS is truthy, account is treated as premium (tier BUSINESS_PLUS_ANNUALLY); otherwise original logic preserved.
Root and workspace dependency updates package.json, packages/cli/package.json, packages/loops/package.json, packages/resend/package.json, packages/tinybird-ai-analytics/package.json, packages/tinybird/package.json	Development dependencies (@types/node, @types/react, @types/react-dom, typescript, vitest, prettier) bumped across packages; packageManager updated to pnpm@10.24.0 in root package.json.
Version bump version.txt	Version incremented from v2.21.42 to v2.21.44.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Key areas requiring attention:

• Verify @ai-sdk/mcp import migration in mcp-tools.ts does not break existing functionality or exports
• Validate NEXT_PUBLIC_BYPASS_PREMIUM_CHECKS logic in validate-webhook-account.ts is only for development and does not inadvertently bypass authorization in production
• Check compatibility of major version bumps: stripe (19.1.0 → 20.0.0), vitest (3.2.4 → 4.0.15), jsdom (26.1.0 → 27.2.0), and Sanity packages (4.10.3 → 4.20.3) for breaking changes
• Verify all @ai-sdk package version compatibility with each other and with the new @ai-sdk/mcp package

Possibly related PRs

• Update packages #1063 — Touches the same app/web MCP-related code and package.json dependency updates
• Update packages #381 — Updates @ai-sdk package dependencies in apps/web and introduces @ai-sdk/mcp functionality
• cli fixes and tests #1048 — Modifies vitest in packages/cli, same pattern of development tooling updates across monorepo

Poem

🐰 Dependencies dance in version's delight,
From ai-sdk heights to MCP's new flight,
Premium checks bypassed for testing's fair game,
Monorepo hops forward—v2.21.44's the claim!
Tooling refreshed, the rabbit approves tonight. ✨

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/packages-upgrade

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 905d223 and d7f8b30.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (11)

• apps/unsubscriber/package.json (1 hunks)
• apps/web/package.json (5 hunks)
• apps/web/utils/ai/mcp/mcp-tools.ts (1 hunks)
• apps/web/utils/webhook/validate-webhook-account.ts (2 hunks)
• package.json (1 hunks)
• packages/cli/package.json (1 hunks)
• packages/loops/package.json (1 hunks)
• packages/resend/package.json (1 hunks)
• packages/tinybird-ai-analytics/package.json (1 hunks)
• packages/tinybird/package.json (1 hunks)
• version.txt (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

createEmailProvider is called early (line 135) before verifying a supported provider or valid tokens, so it can throw (e.g., Unsupported provider: undefined) and abort validation paths that should return { ok: true }. Consider deferring provider creation to the unwatch branches and guarding failures so unsupported/missing providers don’t break the graceful response.

🚀 Reply to ask Macroscope to explain or update this suggestion.

👍 Helpful? React to give us feedback.

[cubic-dev-ai]

No issues found across 12 files