Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Caution Review failedThe pull request is closed. Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. WalkthroughThis PR updates many dependency versions across the monorepo, replaces several Zod email validations from Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Changes are repetitive (dependency bumps, schema pattern swaps, import removals) but touch many files; Zod v4-related edits and patched auth changes warrant focused checks. Possibly related PRs
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (1)
apps/web/app/(app)/admin/validation.tsx (1)
5-5: Same verification needed forz.email()usage.The same concern about
z.email()validity applies here. Please refer to the verification request inapps/web/utils/actions/permissions.ts(Line 50).Also applies to: 17-17
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (26)
apps/unsubscriber/package.json(1 hunks)apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsx(1 hunks)apps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsx(1 hunks)apps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsx(1 hunks)apps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsx(1 hunks)apps/web/app/(app)/admin/validation.tsx(2 hunks)apps/web/app/api/sso/signin/route.test.ts(1 hunks)apps/web/app/api/sso/signin/route.ts(1 hunks)apps/web/components/NavUser.tsx(0 hunks)apps/web/components/SideNavWithTopNav.tsx(0 hunks)apps/web/package.json(6 hunks)apps/web/utils/action-display.tsx(0 hunks)apps/web/utils/actions/permissions.ts(1 hunks)apps/web/utils/actions/unsubscriber.validation.ts(1 hunks)apps/web/utils/email.ts(1 hunks)apps/web/utils/error.ts(1 hunks)apps/web/utils/gmail/mail.ts(0 hunks)biome.json(1 hunks)package.json(2 hunks)packages/loops/package.json(1 hunks)packages/resend/package.json(1 hunks)packages/tinybird-ai-analytics/package.json(1 hunks)packages/tinybird/package.json(1 hunks)patches/better-auth@1.3.28.patch(1 hunks)patches/better-auth@1.3.7.patch(0 hunks)version.txt(1 hunks)
💤 Files with no reviewable changes (5)
- apps/web/components/SideNavWithTopNav.tsx
- apps/web/components/NavUser.tsx
- patches/better-auth@1.3.7.patch
- apps/web/utils/action-display.tsx
- apps/web/utils/gmail/mail.ts
🧰 Additional context used
📓 Path-based instructions (26)
apps/web/**/*.{ts,tsx}
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/**/*.{ts,tsx}: Use TypeScript with strict null checks
Path aliases: Use@/for imports from project root
Use proper error handling with try/catch blocks
Format code with Prettier
Leverage TypeScript inference for better DX
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/utils/actions/permissions.tsapps/web/utils/error.tsapps/web/utils/email.tsapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/api/sso/signin/route.tsapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsxapps/web/app/api/sso/signin/route.test.tsapps/web/utils/actions/unsubscriber.validation.ts
apps/web/app/**
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
NextJS app router structure with (app) directory
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/api/sso/signin/route.tsapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsxapps/web/app/api/sso/signin/route.test.ts
apps/web/**/*.tsx
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/**/*.tsx: Follow tailwindcss patterns with prettier-plugin-tailwindcss
Prefer functional components with hooks
Use shadcn/ui components when available
Ensure responsive design with mobile-first approach
Follow consistent naming conventions (PascalCase for components)
Use LoadingContent component for async data
Useresult?.serverErrorwithtoastErrorandtoastSuccess
UseLoadingContentcomponent to handle loading and error states consistently
Passloading,error, and children props toLoadingContent
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsx
!{.cursor/rules/*.mdc}
📄 CodeRabbit inference engine (.cursor/rules/cursor-rules.mdc)
Never place rule files in the project root, in subdirectories outside .cursor/rules, or in any other location
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/utils/actions/permissions.tsapps/web/utils/error.tsbiome.jsonapps/web/utils/email.tspatches/better-auth@1.3.28.patchapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/api/sso/signin/route.tsversion.txtpackages/resend/package.jsonpackages/loops/package.jsonpackages/tinybird/package.jsonapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsxapps/unsubscriber/package.jsonapps/web/app/api/sso/signin/route.test.tspackages/tinybird-ai-analytics/package.jsonapps/web/utils/actions/unsubscriber.validation.tsapps/web/package.jsonpackage.json
**/*.tsx
📄 CodeRabbit inference engine (.cursor/rules/form-handling.mdc)
**/*.tsx: Use React Hook Form with Zod for validation
Validate form inputs before submission
Show validation errors inline next to form fields
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsx
**/*.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/logging.mdc)
**/*.{ts,tsx}: UsecreateScopedLoggerfor logging in backend TypeScript files
Typically add the logger initialization at the top of the file when usingcreateScopedLogger
Only use.with()on a logger instance within a specific function, not for a global loggerImport Prisma in the project using
import prisma from "@/utils/prisma";
**/*.{ts,tsx}: Don't use TypeScript enums.
Don't use TypeScript const enum.
Don't use the TypeScript directive @ts-ignore.
Don't use primitive type aliases or misleading types.
Don't use empty type parameters in type aliases and interfaces.
Don't use any or unknown as type constraints.
Don't use implicit any type on variable declarations.
Don't let variables evolve into any type through reassignments.
Don't use non-null assertions with the ! postfix operator.
Don't misuse the non-null assertion operator (!) in TypeScript files.
Don't use user-defined types.
Use as const instead of literal types and type annotations.
Use export type for types.
Use import type for types.
Don't declare empty interfaces.
Don't merge interfaces and classes unsafely.
Don't use overload signatures that aren't next to each other.
Use the namespace keyword instead of the module keyword to declare TypeScript namespaces.
Don't use TypeScript namespaces.
Don't export imported variables.
Don't add type annotations to variables, parameters, and class properties that are initialized with literal expressions.
Don't use parameter properties in class constructors.
Use either T[] or Array consistently.
Initialize each enum member value explicitly.
Make sure all enum members are literal values.
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/utils/actions/permissions.tsapps/web/utils/error.tsapps/web/utils/email.tsapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/api/sso/signin/route.tsapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsxapps/web/app/api/sso/signin/route.test.tsapps/web/utils/actions/unsubscriber.validation.ts
apps/web/app/(app)/*/**
📄 CodeRabbit inference engine (.cursor/rules/page-structure.mdc)
Components for the page are either put in page.tsx, or in the apps/web/app/(app)/PAGE_NAME folder
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsx
apps/web/app/(app)/*/**/*.tsx
📄 CodeRabbit inference engine (.cursor/rules/page-structure.mdc)
If you need to use onClick in a component, that component is a client component and file must start with 'use client'
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsx
apps/web/app/(app)/*/**/**/*.tsx
📄 CodeRabbit inference engine (.cursor/rules/page-structure.mdc)
If we're in a deeply nested component we will use swr to fetch via API
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsx
apps/web/app/**/*.tsx
📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)
Components with
onClickmust be client components withuse clientdirective
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsx
**/*.{js,jsx,ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{js,jsx,ts,tsx}: Don't useelements in Next.js projects.
Don't use elements in Next.js projects.
Don't use namespace imports.
Don't access namespace imports dynamically.
Don't use global eval().
Don't use console.
Don't use debugger.
Don't use var.
Don't use with statements in non-strict contexts.
Don't use the arguments object.
Don't use consecutive spaces in regular expression literals.
Don't use the comma operator.
Don't use unnecessary boolean casts.
Don't use unnecessary callbacks with flatMap.
Use for...of statements instead of Array.forEach.
Don't create classes that only have static members (like a static namespace).
Don't use this and super in static contexts.
Don't use unnecessary catch clauses.
Don't use unnecessary constructors.
Don't use unnecessary continue statements.
Don't export empty modules that don't change anything.
Don't use unnecessary escape sequences in regular expression literals.
Don't use unnecessary labels.
Don't use unnecessary nested block statements.
Don't rename imports, exports, and destructured assignments to the same name.
Don't use unnecessary string or template literal concatenation.
Don't use String.raw in template literals when there are no escape sequences.
Don't use useless case statements in switch statements.
Don't use ternary operators when simpler alternatives exist.
Don't use useless this aliasing.
Don't initialize variables to undefined.
Don't use the void operators (they're not familiar).
Use arrow functions instead of function expressions.
Use Date.now() to get milliseconds since the Unix Epoch.
Use .flatMap() instead of map().flat() when possible.
Use literal property access instead of computed property access.
Don't use parseInt() or Number.parseInt() when binary, octal, or hexadecimal literals work.
Use concise optional chaining instead of chained logical expressions.
Use regular expression literals instead of the RegExp constructor when possible.
Don't use number literal object member names th...
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/utils/actions/permissions.tsapps/web/utils/error.tsapps/web/utils/email.tsapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/api/sso/signin/route.tsapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsxapps/web/app/api/sso/signin/route.test.tsapps/web/utils/actions/unsubscriber.validation.ts
!pages/_document.{js,jsx,ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
!pages/_document.{js,jsx,ts,tsx}: Don't import next/document outside of pages/_document.jsx in Next.js projects.
Don't import next/document outside of pages/_document.jsx in Next.js projects.
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/utils/actions/permissions.tsapps/web/utils/error.tsbiome.jsonapps/web/utils/email.tspatches/better-auth@1.3.28.patchapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/api/sso/signin/route.tsversion.txtpackages/resend/package.jsonpackages/loops/package.jsonpackages/tinybird/package.jsonapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsxapps/unsubscriber/package.jsonapps/web/app/api/sso/signin/route.test.tspackages/tinybird-ai-analytics/package.jsonapps/web/utils/actions/unsubscriber.validation.tsapps/web/package.jsonpackage.json
**/*.{jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{jsx,tsx}: Don't destructure props inside JSX components in Solid projects.
Don't use both children and dangerouslySetInnerHTML props on the same element.
Don't use Array index in keys.
Don't assign to React component props.
Don't define React components inside other components.
Don't use event handlers on non-interactive elements.
Don't assign JSX properties multiple times.
Don't add extra closing tags for components without children.
Use <>...</> instead of ....
Don't insert comments as text nodes.
Don't use the return value of React.render.
Make sure all dependencies are correctly specified in React hooks.
Make sure all React hooks are called from the top level of component functions.
Don't use unnecessary fragments.
Don't pass children as props.
Use semantic elements instead of role attributes in JSX.
Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsx
**/*.{html,jsx,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{html,jsx,tsx}: Don't use or elements.
Don't use accessKey attribute on any HTML element.
Don't set aria-hidden="true" on focusable elements.
Don't add ARIA roles, states, and properties to elements that don't support them.
Only use the scope prop on elements.
Don't assign non-interactive ARIA roles to interactive HTML elements.
Make sure label elements have text content and are associated with an input.
Don't assign interactive ARIA roles to non-interactive HTML elements.
Don't assign tabIndex to non-interactive HTML elements.
Don't use positive integers for tabIndex property.
Don't include "image", "picture", or "photo" in img alt prop.
Don't use explicit role property that's the same as the implicit/default role.
Make static elements with click handlers use a valid role attribute.
Always include a title element for SVG elements.
Give all elements requiring alt text meaningful information for screen readers.
Make sure anchors have content that's accessible to screen readers.
Assign tabIndex to non-interactive HTML elements with aria-activedescendant.
Include all required ARIA attributes for elements with ARIA roles.
Make sure ARIA properties are valid for the element's supported roles.
Always include a type attribute for button elements.
Make elements with interactive roles and handlers focusable.
Give heading elements content that's accessible to screen readers (not hidden with aria-hidden).
Always include a lang attribute on the html element.
Always include a title attribute for iframe elements.
Accompany onClick with at least one of: onKeyUp, onKeyDown, or onKeyPress.
Accompany onMouseOver/onMouseOut with onFocus/onBlur.
Include caption tracks for audio and video elements.
Make sure all anchors are valid and navigable.
Ensure all ARIA properties (aria-*) are valid.
Use valid, non-abstract ARIA roles for elements with ARIA roles.
Use valid ARIA state and property values.
Use valid values for the autocomplete attribute on input eleme...Files:
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsxapps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsxapps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsxapps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsxapps/web/app/(app)/admin/validation.tsxapps/web/utils/actions/**/*.ts
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/utils/actions/**/*.ts: Use server actions for all mutations (create/update/delete operations)
next-safe-actionprovides centralized error handling
Use Zod schemas for validation on both client and server
UserevalidatePathin server actions for cache invalidation
apps/web/utils/actions/**/*.ts: Use server actions (withnext-safe-action) for all mutations (create/update/delete operations); do NOT use POST API routes for mutations.
UserevalidatePathin server actions to invalidate cache after mutations.Files:
apps/web/utils/actions/permissions.tsapps/web/utils/actions/unsubscriber.validation.ts**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/form-handling.mdc)
**/*.ts: The same validation should be done in the server action too
Define validation schemas using ZodFiles:
apps/web/utils/actions/permissions.tsapps/web/utils/error.tsapps/web/utils/email.tsapps/web/app/api/sso/signin/route.tsapps/web/app/api/sso/signin/route.test.tsapps/web/utils/actions/unsubscriber.validation.tsapps/web/utils/actions/*.ts
📄 CodeRabbit inference engine (.cursor/rules/server-actions.mdc)
apps/web/utils/actions/*.ts: Implement all server actions using thenext-safe-actionlibrary for type safety, input validation, context management, and error handling. Refer toapps/web/utils/actions/safe-action.tsfor client definitions (actionClient,actionClientUser,adminActionClient).
UseactionClientUserwhen only authenticated user context (userId) is needed.
UseactionClientwhen both authenticated user context and a specificemailAccountIdare needed. TheemailAccountIdmust be bound when calling the action from the client.
UseadminActionClientfor actions restricted to admin users.
Access necessary context (likeuserId,emailAccountId, etc.) provided by the safe action client via thectxobject in the.action()handler.
Server Actions are strictly for mutations (operations that change data, e.g., creating, updating, deleting). Do NOT use Server Actions for data fetching (GET operations). For data fetching, use dedicated GET API Routes combined with SWR Hooks.
UseSafeErrorfor expected/handled errors within actions if needed.next-safe-actionprovides centralized error handling.
Use the.metadata({ name: "actionName" })method to provide a meaningful name for monitoring. Sentry instrumentation is automatically applied viawithServerActionInstrumentationwithin the safe action clients.
If an action modifies data displayed elsewhere, userevalidatePathorrevalidateTagfromnext/cachewithin the action handler as needed.Server action files must start with
use serverFiles:
apps/web/utils/actions/permissions.tsapps/web/utils/actions/unsubscriber.validation.tsapps/web/utils/**
📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)
Create utility functions in
utils/folder for reusable logicFiles:
apps/web/utils/actions/permissions.tsapps/web/utils/error.tsapps/web/utils/email.tsapps/web/utils/actions/unsubscriber.validation.tsapps/web/utils/**/*.ts
📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)
apps/web/utils/**/*.ts: Use lodash utilities for common operations (arrays, objects, strings)
Import specific lodash functions to minimize bundle sizeFiles:
apps/web/utils/actions/permissions.tsapps/web/utils/error.tsapps/web/utils/email.tsapps/web/utils/actions/unsubscriber.validation.tsapps/web/app/api/**/route.ts
📄 CodeRabbit inference engine (apps/web/CLAUDE.md)
apps/web/app/api/**/route.ts: UsewithAuthfor user-level operations
UsewithEmailAccountfor email-account-level operations
Do NOT use POST API routes for mutations - use server actions instead
No need for try/catch in GET routes when using middleware
Export response types from GET routes
apps/web/app/api/**/route.ts: Wrap all GET API route handlers withwithAuthorwithEmailAccountmiddleware for authentication and authorization.
Export response types from GET API routes for type-safe client usage.
Do not use try/catch in GET API routes when using authentication middleware; rely on centralized error handling.Files:
apps/web/app/api/sso/signin/route.ts**/api/**/route.ts
📄 CodeRabbit inference engine (.cursor/rules/security.mdc)
**/api/**/route.ts: ALL API routes that handle user data MUST use appropriate authentication and authorization middleware (withAuth or withEmailAccount).
ALL database queries in API routes MUST be scoped to the authenticated user/account (e.g., include userId or emailAccountId in query filters).
Always validate that resources belong to the authenticated user before performing operations (resource ownership validation).
UsewithEmailAccountmiddleware for API routes that operate on a specific email account (i.e., use or requireemailAccountId).
UsewithAuthmiddleware for API routes that operate at the user level (i.e., use or require onlyuserId).
UsewithErrormiddleware (with proper validation) for public endpoints, custom authentication, or cron endpoints.
Cron endpoints MUST usewithErrormiddleware and validate the cron secret usinghasCronSecret(request)orhasPostCronSecret(request).
Cron endpoints MUST capture unauthorized attempts withcaptureExceptionand return a 401 status for unauthorized requests.
All parameters in API routes MUST be validated for type, format, and length before use.
Request bodies in API routes MUST be validated using Zod schemas before use.
All Prisma queries in API routes MUST only return necessary fields and never expose sensitive data.
Error messages in API routes MUST not leak internal information or sensitive data; use generic error messages and SafeError where appropriate.
API routes MUST use a consistent error response format, returning JSON with an error message and status code.
AllfindUniqueandfindFirstPrisma calls in API routes MUST include ownership filters (e.g., userId or emailAccountId).
AllfindManyPrisma calls in API routes MUST be scoped to the authenticated user's data.
Never use direct object references in API routes without ownership checks (prevent IDOR vulnerabilities).
Prevent mass assignment vulnerabilities by only allowing explicitly whitelisted fields in update operations in AP...Files:
apps/web/app/api/sso/signin/route.tsapps/web/app/api/**/*.{ts,js}
📄 CodeRabbit inference engine (.cursor/rules/security-audit.mdc)
apps/web/app/api/**/*.{ts,js}: All API route handlers in 'apps/web/app/api/' must use authentication middleware: withAuth, withEmailAccount, or withError (with custom authentication logic).
All Prisma queries in API routes must include user/account filtering (e.g., emailAccountId or userId in WHERE clauses) to prevent unauthorized data access.
All parameters used in API routes must be validated before use; do not use parameters from 'params' or request bodies directly in queries without validation.
Request bodies in API routes should use Zod schemas for validation.
API routes should only return necessary fields using Prisma's 'select' and must not include sensitive data in error messages.
Error messages in API routes must not reveal internal details; use generic errors and SafeError for user-facing errors.
All QStash endpoints (API routes called via publishToQstash or publishToQstashQueue) must use verifySignatureAppRouter to verify request authenticity.
All cron endpoints in API routes must use hasCronSecret or hasPostCronSecret for authentication.
Do not hardcode weak or plaintext secrets in API route files; secrets must not be directly assigned as string literals.
Review all new withError usage in API routes to ensure custom authentication is implemented where required.Files:
apps/web/app/api/sso/signin/route.tsapps/web/app/api/sso/signin/route.test.ts**/*.test.{ts,js}
📄 CodeRabbit inference engine (.cursor/rules/security.mdc)
Include security tests in your test suites to verify authentication, authorization, and error handling.
Files:
apps/web/app/api/sso/signin/route.test.ts**/*.{test,spec}.{js,jsx,ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/ultracite.mdc)
**/*.{test,spec}.{js,jsx,ts,tsx}: Don't use export or module.exports in test files.
Don't use focused tests.
Don't use disabled tests.
Make sure the assertion function, like expect, is placed inside an it() function call.
Don't nest describe() blocks too deeply in test files.
Don't use focused tests.
Don't use disabled tests.
Don't use export or module.exports in test files.Files:
apps/web/app/api/sso/signin/route.test.ts**/*.test.{ts,tsx}
📄 CodeRabbit inference engine (.cursor/rules/testing.mdc)
**/*.test.{ts,tsx}: Use Vitest (vitest) as the testing framework
Colocate tests next to the file under test (e.g., dir/format.ts with dir/format.test.ts)
In tests, mock theserver-onlymodule withvi.mock("server-only", () => ({}));
When testing code that uses Prisma, mock it withvi.mock("@/utils/prisma")and use the mock from@/utils/__mocks__/prisma
Use provided helpers for mocks: import{ getEmail, getEmailAccount, getRule }from@/__tests__/helpers
Each test should be independent
Use descriptive test names
Mock external dependencies in tests
Clean up mocks between tests (e.g.,vi.clearAllMocks()inbeforeEach)
Avoid testing implementation details; focus on observable behavior
Do not mock the LoggerFiles:
apps/web/app/api/sso/signin/route.test.tsapps/web/utils/actions/*.validation.ts
📄 CodeRabbit inference engine (.cursor/rules/fullstack-workflow.mdc)
Define Zod schemas for validation in dedicated files and use them for both client and server validation.
Define input validation schemas using Zod in the corresponding
.validation.tsfile. These schemas are used bynext-safe-action(.schema()) and can also be reused on the client for form validation.Files:
apps/web/utils/actions/unsubscriber.validation.ts🧠 Learnings (5)
📚 Learning: 2025-07-18T15:05:16.146Z
Learnt from: CR PR: elie222/inbox-zero#0 File: .cursor/rules/fullstack-workflow.mdc:0-0 Timestamp: 2025-07-18T15:05:16.146Z Learning: Applies to apps/web/utils/actions/*.validation.ts : Define Zod schemas for validation in dedicated files and use them for both client and server validation.Applied to files:
apps/web/utils/actions/permissions.tsapps/web/app/(app)/admin/validation.tsx📚 Learning: 2025-07-18T15:04:30.467Z
Learnt from: CR PR: elie222/inbox-zero#0 File: apps/web/CLAUDE.md:0-0 Timestamp: 2025-07-18T15:04:30.467Z Learning: Applies to apps/web/utils/actions/**/*.ts : Use Zod schemas for validation on both client and serverApplied to files:
apps/web/utils/actions/permissions.tsapps/web/app/(app)/admin/validation.tsx📚 Learning: 2025-07-18T17:27:58.249Z
Learnt from: CR PR: elie222/inbox-zero#0 File: .cursor/rules/server-actions.mdc:0-0 Timestamp: 2025-07-18T17:27:58.249Z Learning: Applies to apps/web/utils/actions/*.validation.ts : Define input validation schemas using Zod in the corresponding `.validation.ts` file. These schemas are used by `next-safe-action` (`.schema()`) and can also be reused on the client for form validation.Applied to files:
apps/web/utils/actions/permissions.tsapps/web/app/(app)/admin/validation.tsx📚 Learning: 2025-07-20T09:00:41.968Z
Learnt from: CR PR: elie222/inbox-zero#0 File: .cursor/rules/security-audit.mdc:0-0 Timestamp: 2025-07-20T09:00:41.968Z Learning: Applies to apps/web/app/api/**/*.{ts,js} : Request bodies in API routes should use Zod schemas for validation.Applied to files:
apps/web/app/(app)/admin/validation.tsx📚 Learning: 2025-10-02T23:23:48.064Z
Learnt from: CR PR: elie222/inbox-zero#0 File: .cursor/rules/llm-test.mdc:0-0 Timestamp: 2025-10-02T23:23:48.064Z Learning: Applies to apps/web/__tests__/**/*.test.ts : Use Vitest in LLM tests and import { describe, expect, test, vi, beforeEach } from "vitest"Applied to files:
apps/web/app/api/sso/signin/route.test.ts⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: Software Component Analysis Js
- GitHub Check: Jit Security
- GitHub Check: Analyze (actions)
🔇 Additional comments (24)
apps/web/app/(app)/[emailAccountId]/bulk-unsubscribe/BulkUnsubscribeDesktop.tsx (1)
109-109: Verify the removal of the larger breakpoint was intentional.The
min-[1650px]:max-w-[400px]breakpoint appears to have been removed, which means content in this cell will now be constrained to 300px maximum width even on very large screens (≥1650px). This could cause sender names and email addresses to be truncated more aggressively on wide displays.Since this PR focuses on package updates, please confirm whether this styling change was intentional or if it was accidentally removed during refactoring.
apps/web/app/(app)/[emailAccountId]/calendars/CalendarConnectionCard.tsx (1)
11-11: LGTM: Clean removal of unused import.The
CheckCircleicon was not used anywhere in this component.apps/web/utils/actions/unsubscriber.validation.ts (1)
5-5: LGTM: Cleaner email validation pattern.The change from
z.string().email()toz.email()is more concise while maintaining identical validation behavior.apps/web/app/api/sso/signin/route.ts (1)
10-10: LGTM: Consistent validation update.Aligns with the codebase-wide migration to the more concise
z.email()pattern.apps/web/app/api/sso/signin/route.test.ts (1)
30-30: LGTM: Removed unused imports.The imports for
NextResponseandSafeErrorwere not referenced in the test file.apps/web/utils/error.ts (1)
30-30: LGTM: Corrects property access for Zod errors.This changes
error.errorstoerror.issues, which is the correct property name for Zod error objects. The type definition at lines 12-14 confirms that Zod errors have anissuesproperty.apps/web/utils/email.ts (1)
4-4: LGTM: Cleaner schema definition.Consistent with the migration to
z.email()across the codebase.apps/web/app/(app)/[emailAccountId]/compose/ComposeEmailForm.tsx (1)
144-144: LGTM: Validation update.Aligns with the pattern of using
z.email()for email validation throughout the codebase.apps/web/utils/actions/permissions.ts (1)
50-50: The project uses Zod v4.1.12, which provides z.email() as a top-level method for email validation, and z.string().email() is deprecated in Zod v4. The change fromz.string().email()toz.email()is correct and represents a best practice migration to the recommended Zod v4 API. The original review comment's concern is unfounded.Likely an incorrect or invalid review comment.
version.txt (1)
1-1: LGTM!Standard patch version increment that aligns with the dependency updates in this PR.
patches/better-auth@1.3.28.patch (1)
1-12: Verify the necessity and document the reason for this patch.This patch explicitly sets
session.user.image = nullin the session cookie cache. While the summary mentions this mirrors the 1.3.7 patch, the underlying reason isn't clear.Consider:
- Is this working around a bug in better-auth that has been reported upstream?
- Is this a privacy/security measure to prevent image URLs from being stored in cookies?
- Should this be documented in a comment or README to help future maintainers understand why the patch exists?
Please verify the rationale and consider adding documentation if not already present.
packages/resend/package.json (1)
8-24: LGTM!Dependency updates look good. React 19.2.0 and related type definitions are current, and the other package updates are routine version bumps.
package.json (1)
33-41: LGTM! Important zod override added.The addition of the pnpm override for
@chronark/zod-bird>zodensures that the transitive dependency uses zod 4.1.12, which is critical for maintaining consistency across the monorepo during the zod v3→v4 migration.The better-auth patch update aligns with the new patch file.
biome.json (1)
37-44: LGTM!Disabling
noAlertanduseArrowFunctionrules is appropriate for the linter migration from Next.js to Biome. These pragmatic settings allow the existing codebase patterns while the team gradually adopts Biome's recommendations.packages/tinybird-ai-analytics/package.json (1)
5-13: No zod v4 compatibility issues found in this package.The package uses zod only in
publish.tswith a simple schema containing only basic primitives (z.object(),z.string(),z.number(),z.number().int(),z.string().optional(),z.infer<>). These are all stable APIs across zod v3 and v4. No deprecated patterns like custom error messages, renamed string validators, or internal APIs are present. The upgrade from 3.25.46 to 4.1.12 is fully compatible with the existing code.packages/tinybird/package.json (1)
5-14: No breaking zod patterns detected in tinybird package—upgrade appears safe.The tinybird package uses only fundamental zod patterns (z.object, z.string, z.number, z.enum, z.infer) which remain stable across v3→v4. The web search confirmed major breaking changes involve error API changes, renamed string validators (ip/cidr), and modified optional/default/catch semantics—none of which are present in the tinybird schemas. The PR's migration from
z.string().email()toz.email()correctly follows zod v4's preferred top-level helper approach.apps/unsubscriber/package.json (1)
20-31: The upgrade is compatible with this codebase, but should be validated with codemods and testing.Your code uses minimal, stable API patterns that are compatible with both AI SDK v5 and Zod v4:
- generateText v5 requires
modelandpromptparameters, which matches your call pattern exactly (generateText({ model, prompt }))- Provider packages work with the pattern
google('model-name'),openai('model-name'), etc., which yourgetModel()function implements correctly- Zod usage is limited to basic validators (
.optional(),.url(),.object(),.array(),.enum()) that have stable APIs across v3→v4Recommended next steps:
- Run the
@ai-sdk/codemodeven though your code appears compatible—it catches edge cases:npx @ai-sdk/codemod v5- Run your test suite (none found in the repository) to verify AI calls and schema validation work correctly
- Test each provider (Google, OpenAI, Anthropic, Bedrock) to confirm model instantiation and calls succeed
packages/loops/package.json (1)
6-6: Dependency updates are consistent with monorepo alignment.The patch and minor version bumps (loops ^6.0.1, @types/node 24.9.1, typescript 5.9.3) are conservative and safe updates. These changes align with the broader monorepo dependency consolidation noted in this PR.
Also applies to: 9-9, 11-11
apps/web/package.json (6)
167-167: Zod version is appropriate for schema validation updates.Zod 4.1.12 (line 167) is a valid, stable version where the
.email()method (mentioned in the AI summary as replacingz.string().email()) is available. The learnings indicated that zod v8.1.0 does not exist in official sources; v4.1.12 is the correct choice.
26-26: better-auth and @better-auth/sso versions are aligned.Both packages are pinned to 1.3.28, which is consistent. The AI summary mentions that better-auth patches were updated to set
session.user.image = null. This field-level change is not visible in package.json; it should be applied in the corresponding configuration or patch files (not shown in this review).Verify that better-auth patch files (if using pnpm patches) are present in the repository and correctly configure
session.user.image = null.Also applies to: 94-94
124-124: lucide-react 0.546.0 is the latest stable release.lucide-react 0.546.0 (line 124) is the latest stable version per learnings (published mid-October 2025). No breaking API changes are reported in the 0.54x series; tree-shaking and import patterns remain unchanged.
46-47: Version alignment verified; codebase is prepared for Next.js 16.Verification confirms @next/mdx and @next/third-parties at 15.5.6 correctly match the next version. The codebase does not rely on deprecated APIs flagged in Next.js 16 migration:
remotePatternsis used (not deprecatedimages.domains), nolegacyBehaviorin Link components, no AMP usage, nonext lintscript, andnext/font/googleimports are modern. No action required.
138-138: React 19 compatibility verified—upgrade is safe to proceed with one known caveat.Verification shows no deprecated React APIs, no incompatible patterns, and full Next.js 15.5.6 + React 19 alignment. TanStack Query (v5.90.5) and Table (v8.21.3) are both React 19-compatible. React Compiler is not enabled, avoiding potential edge cases.
Known caveat: @radix-ui packages may display peer-dependency warnings at install time (expected ecosystem behavior as packages migrate to React 19 peer-deps). Workarounds if needed:
npm install --legacy-peer-depsor configure overrides in package.json. This does not affect runtime compatibility.
159-159: AI summary inaccuracy verified; stripe 19.1.0 upgrade appears safe for this codebase.The AI-generated summary incorrectly stated a stripe upgrade from 7.9.0 → 8.1.0, but git history confirms the actual change is 18.5.0 → 19.1.0—a single intentional major version bump.
After analyzing codebase stripe usage, all methods used (subscriptions, customers, checkout, billingPortal, paymentMethods) are standard v1 APIs compatible with v19.1.0. No V2 APIs or event parsing patterns (which are common breaking-change sources in v19.0+) are used. The webhook handler uses the compatible
webhooks.constructEvent()method, and customer balance transactions (createBalanceTransaction) remain available in v19.x.No critical breaking changes detected. Deploy with standard QA testing.
| hour: z.string().min(1, "Please select an hour"), | ||
| minute: z.string().min(1, "Please select minutes"), | ||
| ampm: z.enum(["AM", "PM"], { required_error: "Please select AM or PM" }), | ||
| ampm: z.enum(["AM", "PM"], { error: "Please select AM or PM" }), |
There was a problem hiding this comment.
🧩 Analysis chain
Verify the "error" parameter for z.enum().
The change from required_error to error in the z.enum() configuration may not be valid. Standard Zod documentation indicates that z.enum() accepts errorMap, invalid_type_error, and required_error, but not a generic error property.
🌐 Web query:
Zod z.enum error message configuration options
💡 Result:
Short answer — you have three ways to control z.enum error text:
- Per-schema generic message
- Pass a message param when creating the enum: z.enum(['A','B'], { message: 'must be A or B' }). This becomes the schema’s default message. [1]
- Schema-level errorMap
- Attach an error map to the specific schema: z.enum(['A','B']).errorMap((issue, ctx) => issue.code === z.ZodIssueCode.invalid_enum_value ? { message: 'invalid choice' } : { message: ctx.defaultError }). Use this to handle specific issue codes (invalid_enum_value, invalid_type, etc.). [2][3]
- Global errorMap
- Set z.setErrorMap(...) to provide app-wide/customized messages based on issue.code and issue params (useful for i18n or consistent phrasing). [2]
Notes
- For enum-specific failures look for the Zod issue code invalid_enum_value (and sometimes invalid_type/required when input is missing). Use errorMap to distinguish them. [3]
- Behavior/formatting changed between Zod v3 → v4 for enum messages (see related GH discussion). If you rely on the exact built-in phrasing, verify your Zod version. [4]
References
- Zod error handling / custom messages. [1]
- ZodErrorMap / setErrorMap and .errorMap usage. [2]
- Examples / community tips for enums (invalid_enum_value) . [3]
- GH issue about enum message changes between versions. [4]
🏁 Script executed:
#!/bin/bash
# Inspect the actual file to confirm the parameter being used
fd "DigestScheduleForm.tsx" --type f --exec cat {}Length of output: 11466
🏁 Script executed:
#!/bin/bash
# Search for other z.enum usages in the codebase to see patterns
rg "z\.enum" --type ts --type tsx -B2 -A2Length of output: 27
🏁 Script executed:
#!/bin/bash
# Check if there's package.json to determine Zod version
cat package.json | grep -A 2 -B 2 '"zod"'Length of output: 0
🏁 Script executed:
#!/bin/bash
# Also check workspace root package.json
fd "package.json" --max-depth 1 --type f --exec cat {}Length of output: 1062
Change error to message parameter in z.enum() configuration.
The error parameter is not valid for z.enum(). Zod's z.enum() accepts a message parameter, not error. The correct usage is z.enum(["AM", "PM"], { message: "Please select AM or PM" }).
Currently, the custom error message will be ignored and Zod will use its default message instead.
🤖 Prompt for AI Agents
In apps/web/app/(app)/[emailAccountId]/settings/DigestScheduleForm.tsx around
line 34, the z.enum call uses an invalid `error` option so the custom message is
ignored; replace the `error` property with `message` (i.e., pass { message:
"Please select AM or PM" }) so Zod will use the provided validation message.
| "build": "cross-env NODE_OPTIONS=--max_old_space_size=16384 prisma migrate deploy && next build", | ||
| "start": "next start", | ||
| "lint": "next lint", | ||
| "lint": "biome check .", |
There was a problem hiding this comment.
🧩 Analysis chain
Missing Biome devDependency — lint script will fail.
The lint script was changed to "biome check ." (line 9), but Biome is not listed in devDependencies. The lint script will fail at runtime without it. Ensure Biome is added to devDependencies with an appropriate version.
To verify and fix this issue, run the following script:
Add Biome to devDependencies, for example:
"devDependencies": {
+ "biome": "^1.9.0",
"@headlessui/tailwindcss": "0.2.2",
...Also applies to: 169-199
🏁 Script executed:
#!/bin/bash
# Check if biome is referenced in the lint script but missing from devDependencies
LINT_SCRIPT=$(jq -r '.scripts.lint' apps/web/package.json)
echo "Lint script: $LINT_SCRIPT"
# Check if biome exists in devDependencies
if jq -e '.devDependencies.biome' apps/web/package.json > /dev/null 2>&1; then
echo "✓ Biome found in devDependencies"
else
echo "✗ Biome NOT found in devDependencies"
fiLength of output: 63
Missing Biome devDependency — lint script will fail at runtime.
The lint script references biome check . but Biome is not listed in devDependencies. Add Biome with an appropriate version:
"devDependencies": {
+ "biome": "^1.9.0",
"@headlessui/tailwindcss": "0.2.2",
...Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In apps/web/package.json around line 9 the "lint" script uses `biome check .`
but Biome is not listed in devDependencies; add a devDependency entry for Biome
(for example "biome": "^1.2.0" or the agreed project version) to devDependencies
and run npm/yarn/pnpm install to ensure the lint script works at runtime.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 27 files
Prompt for AI agents (all 2 issues)
Understand the root cause of the following 2 issues and fix them.
<file name="packages/tinybird-ai-analytics/package.json">
<violation number="1" location="packages/tinybird-ai-analytics/package.json:7">
`@chronark/zod-bird` still depends on `zod@^3.22.4`, so bumping this package to `zod@4.1.12` introduces a major-version mismatch that will break the Tinybird integration relying on the plugin’s v3 types. Please keep zod on the v3 line until the plugin supports v4.</violation>
</file>
<file name="apps/web/package.json">
<violation number="1" location="apps/web/package.json:9">
Switching the web package’s lint script to biome will fail because this package doesn’t depend on @biomejs/biome, so pnpm can’t find the CLI. Restore a working command or add the dependency to apps/web.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| "build": "cross-env NODE_OPTIONS=--max_old_space_size=16384 prisma migrate deploy && next build", | ||
| "start": "next start", | ||
| "lint": "next lint", | ||
| "lint": "biome check .", |
There was a problem hiding this comment.
Switching the web package’s lint script to biome will fail because this package doesn’t depend on @biomejs/biome, so pnpm can’t find the CLI. Restore a working command or add the dependency to apps/web.
Prompt for AI agents
Address the following comment on apps/web/package.json at line 9:
<comment>Switching the web package’s lint script to biome will fail because this package doesn’t depend on @biomejs/biome, so pnpm can’t find the CLI. Restore a working command or add the dependency to apps/web.</comment>
<file context>
@@ -6,33 +6,33 @@
"build": "cross-env NODE_OPTIONS=--max_old_space_size=16384 prisma migrate deploy && next build",
"start": "next start",
- "lint": "next lint",
+ "lint": "biome check .",
"test": "cross-env RUN_AI_TESTS=false vitest",
"test-ai": "cross-env RUN_AI_TESTS=true vitest --run",
</file context>
| "lint": "biome check .", | |
| "lint": "next lint", |
There was a problem hiding this comment.
2 issues found across 27 files
Prompt for AI agents (all 2 issues)
Understand the root cause of the following 2 issues and fix them.
<file name="apps/web/utils/email.ts">
<violation number="1" location="apps/web/utils/email.ts:4">
`z.email()` is not defined on the Zod namespace, so this change breaks email validation by throwing a runtime TypeError. Please keep using `z.string().email()`.</violation>
</file>
<file name="apps/web/package.json">
<violation number="1" location="apps/web/package.json:9">
The new lint script depends on the biome CLI, but this package does not declare @biomejs/biome, so the command will fail when run in the apps/web workspace.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| import { z } from "zod"; | ||
|
|
||
| const emailSchema = z.string().email(); | ||
| const emailSchema = z.email(); |
There was a problem hiding this comment.
z.email() is not defined on the Zod namespace, so this change breaks email validation by throwing a runtime TypeError. Please keep using z.string().email().
Prompt for AI agents
Address the following comment on apps/web/utils/email.ts at line 4:
<comment>`z.email()` is not defined on the Zod namespace, so this change breaks email validation by throwing a runtime TypeError. Please keep using `z.string().email()`.</comment>
<file context>
@@ -1,7 +1,7 @@
import { z } from "zod";
-const emailSchema = z.string().email();
+const emailSchema = z.email();
// Converts "John Doe <john.doe@gmail>" to "John Doe"
</file context>
| const emailSchema = z.email(); | |
| const emailSchema = z.string().email(); |
| "build": "cross-env NODE_OPTIONS=--max_old_space_size=16384 prisma migrate deploy && next build", | ||
| "start": "next start", | ||
| "lint": "next lint", | ||
| "lint": "biome check .", |
There was a problem hiding this comment.
The new lint script depends on the biome CLI, but this package does not declare @biomejs/biome, so the command will fail when run in the apps/web workspace.
Prompt for AI agents
Address the following comment on apps/web/package.json at line 9:
<comment>The new lint script depends on the biome CLI, but this package does not declare @biomejs/biome, so the command will fail when run in the apps/web workspace.</comment>
<file context>
@@ -6,33 +6,33 @@
"build": "cross-env NODE_OPTIONS=--max_old_space_size=16384 prisma migrate deploy && next build",
"start": "next start",
- "lint": "next lint",
+ "lint": "biome check .",
"test": "cross-env RUN_AI_TESTS=false vitest",
"test-ai": "cross-env RUN_AI_TESTS=true vitest --run",
</file context>
1 participant
Summary by CodeRabbit
Bug Fixes
Chores