Update Dependencies / Added nest.js sample #601
Conversation
merge dev to main (v3.2.0)
merge dev to main (v3.2.1)
📝 WalkthroughWalkthroughThis pull request updates dependencies across the monorepo (Node tooling, ESLint, TypeScript, ORM packages, and framework libraries), refactors Vue mutation type handling, introduces a new NestJS sample application with auth controllers and ORM integration, normalizes schema imports in sample projects, and modernizes utility code to use updated glob API patterns. Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 8
🤖 Fix all issues with AI agents
In `@MY-CHANGES.md`:
- Around line 1-2: Replace the placeholder "ToDo" in the changelog entry with a
real release note or delete the file; specifically locate the markdown entry
containing the single-word placeholder "ToDo" and either populate it with a
meaningful change description (summary, date, author/PR reference) or remove the
MY-CHANGES.md file from the release to avoid shipping an empty/placeholder
changelog.
In `@packages/auth-adapters/better-auth/src/adapter.ts`:
- Around line 1-13: The import for DBAdapterDebugLogOption is coming from the
wrong package; replace the existing import of DBAdapterDebugLogOption from
'@better-auth/core/db/adapter' with an import from 'better-auth/adapters' so
DBAdapterDebugLogOption is imported alongside the adapter factory types
(referencing DBAdapterDebugLogOption and
createAdapterFactory/AdapterFactoryCustomizeAdapterCreator/AdapterFactoryOptions
to locate the relevant import block in adapter.ts), leaving the other imports
from 'better-auth' and '@zenstackhq/orm' unchanged.
In `@samples/nest.js/package.json`:
- Around line 5-7: The package.json scripts (notably the "db:init" script that
runs "npx tsx src/zenstack/seed.ts") rely on npx to fetch tsx at runtime; add
"tsx" to devDependencies (or alternatively change the script to use an
already-declared runtime like "ts-node") so the tool is installed upfront and
the script won't fail in offline/locked environments—update package.json
devDependencies to include "tsx" (and pin a compatible version) or modify the
"db:init" script to use "ts-node" if you prefer that runtime.
In `@samples/nest.js/README.md`:
- Line 3: Update the README sentence that currently reads "This sample
demonstrate three ways of using ZenStack in a NestJS application." to correct
subject-verb agreement by changing "demonstrate" to "demonstrates" so it reads
"This sample demonstrates three ways of using ZenStack in a NestJS application."
In `@samples/nest.js/src/db.service.ts`:
- Around line 11-14: The SQLite database path is currently CWD-relative
('./src/zenstack/dev.db') in the SqliteDialect/SQLite instantiation inside the
DB service constructor (where super(schema, { dialect: new SqliteDialect({
database: new SQLite(...) }) }) is called); change it to use a deterministic
absolute path or a configurable env var: read process.env.DB_PATH (fallback to a
path resolved with path.resolve or path.join based on __dirname, e.g., resolving
to the repo-relative zenstack/dev.db), and ensure you import Node's path and use
that resolved value when constructing new SQLite or pass the env value directly
so the path is not CWD-sensitive.
In `@samples/nest.js/src/utils.ts`:
- Around line 1-5: The isAdmin function reads req.headers['x-admin'] which may
be string | string[] | undefined; update isAdmin to normalize the header:
extract the header value from FastifyRequest.headers['x-admin'], if it's an
array use the first element, coerce to a string, trim and lowercase it, then
compare against '1' and 'true' to return a boolean; reference the isAdmin
function and the 'x-admin' header when making this change.
In `@samples/nest.js/src/zenstack/schema.zmodel`:
- Line 38: The procedure getUserFeeds declares userId as Int but the User model
defines id as String (User.id), causing a type mismatch; update the procedure
signature getUserFeeds(userId: Int, limit: Int?) to use a String for userId
(userId: String, limit: Int?) and adjust any callers to pass string IDs (or
alternatively change the User.id type if you intend numeric IDs), ensuring all
references to getUserFeeds and any query logic use the matching String type.
In `@samples/nest.js/src/zenstack/seed.ts`:
- Around line 3-39: Wrap the DB operations inside async function main() in a
try/finally so db.$disconnect() is always awaited (e.g., try { ... } finally {
await db.$disconnect(); }) and surface errors instead of using void main(): call
main().catch(err => { console.error(err); process.exit(1); }); update references
in the file (DbService, main, db.$disconnect()) accordingly.
🧹 Nitpick comments (11)
packages/cli/test/migrate.test.ts (1)
66-66: Minor formatting nit: add space after comma.The timeout value is reasonable for this test involving multiple migration operations. However, consider adding a space after the comma for consistency with typical JavaScript/TypeScript formatting conventions.
💅 Suggested formatting fix
- },200000); + }, 200000);.devcontainer/devcontainer.json (1)
18-19: Potential version inconsistency with pnpm.The command installs
pnpm@latestvia corepack, but the rootpackage.jsonpinspackageManagertopnpm@10.28.0. This could cause version drift between the container environment and CI/production. Based on learnings, the repo uses pinned pnpm versions.Consider pinning the version in the postCreateCommand to match:
- "postCreateCommand": "bash -lc 'set -euo pipefail; sudo npm -g i n; sudo n lts; hash -r; npm -g i npm@latest; corepack enable; corepack prepare pnpm@latest --activate; npm -g i typescript npm-check-updates; pnpm install'" + "postCreateCommand": "bash -lc 'set -euo pipefail; sudo npm -g i n; sudo n lts; hash -r; npm -g i npm@latest; corepack enable; corepack prepare pnpm@10.28.0 --activate; npm -g i typescript npm-check-updates; pnpm install'"packages/create-zenstack/src/templates.ts (1)
1-1: Clarify or remove the cryptic path comment.The comment
//../../cli/src/actions/templates.tsis unclear. If this indicates the file was copied/moved from that location, consider making it more explicit or removing it if no longer relevant.samples/nest.js/tsconfig.json (1)
19-23: Consider enabling stricter type checking for better sample quality.Several strict options are disabled which may lead to subtle bugs:
noImplicitAny: false- allows implicitanytypesstrictBindCallApply: false- skips bind/call/apply checkingnoFallthroughCasesInSwitch: false- allows unintentional switch fallthroughFor a sample project meant to demonstrate best practices, consider enabling these or using
"strict": trueto catch more issues.samples/next.js/package.json (1)
7-8: Document why--webpackis used in the sample scripts.The
--webpackflag is supported in Next.js 16 and is used to opt out of the new Turbopack default. Since this is a sample, consider adding a comment or note in the sample README explaining this choice (e.g., "using Webpack for broader plugin compatibility" or "Turbopack support for this setup is still in development"). This clarifies the intent for developers using the sample.samples/nest.js/src/zenstack/schema.zmodel (1)
37-37: Commented-out procedure differs from other samples.The
listPublicPostsprocedure is active in the SvelteKit, Next.js, and Nuxt samples but commented out here. Consider uncommenting for consistency, or remove the comment if it's intentionally excluded.samples/nest.js/src/db.service.ts (1)
6-17: Close the SQLite handle on shutdown.
better-sqlite3keeps the file handle open; adding a NestJS lifecycle hook avoids locked files in dev/tests.♻️ Proposed fix
-import { ClientOptions, ZenStackClient } from '@zenstackhq/orm'; +import { ClientOptions, ZenStackClient } from '@zenstackhq/orm'; +import { OnModuleDestroy } from '@nestjs/common'; import { SqliteDialect } from '@zenstackhq/orm/dialects/sqlite'; import SQLite from 'better-sqlite3'; import { schema, SchemaType } from './zenstack/schema'; export class DbService extends ZenStackClient< SchemaType, ClientOptions<SchemaType> -> { +> implements OnModuleDestroy { + private readonly db: ReturnType<typeof SQLite>; + constructor() { - super(schema, { - dialect: new SqliteDialect({ - database: new SQLite('./src/zenstack/dev.db'), - }), + const db = new SQLite('./src/zenstack/dev.db'); + super(schema, { + dialect: new SqliteDialect({ database: db }), log: ['query', 'error'], }); + this.db = db; } + + onModuleDestroy() { + this.db.close(); + } }samples/nest.js/src/app-auth.controller.ts (1)
14-23: Use structured logger instead ofconsole.log
console.logbypasses the app’s logging pipeline; prefer a controller-scoped logger for consistency.♻️ Suggested change
-import { Controller, Get, Inject, Post } from '@nestjs/common'; +import { Controller, Get, Inject, Logger, Post } from '@nestjs/common'; import { DbService } from './db.service'; `@Controller`('api-auth') export class AppAuthController { - constructor(`@Inject`('AUTH_DB') private readonly dbService: DbService) {} + private readonly logger = new Logger(AppAuthController.name); + constructor(`@Inject`('AUTH_DB') private readonly dbService: DbService) {} `@Post`('/posts') createPost() { - console.log('Handling post'); + this.logger.log('Handling post'); return this.dbService.post.create({samples/nest.js/src/app-auto.controller.ts (2)
18-21: Make the REST endpoint configurable
A hard-coded localhost endpoint will be wrong in non-local environments; consider reading from env/config.♻️ Suggested change
private readonly apiHandler = new RestApiHandler({ schema, - endpoint: 'http://localhost:3000/api-auto', + endpoint: `${process.env.API_BASE_URL ?? 'http://localhost:3000'}/api-auto`, });
25-39: Normalize wildcard path before passing to the handler
Ensure a leading slash to avoid route mismatches; verify the expected path format forRestApiHandler.♻️ Suggested change
- const pathParam: string = params?.['*'] ?? ('' as string); + const rawPath: string = params?.['*'] ?? ''; + const pathParam = rawPath.startsWith('/') ? rawPath : `/${rawPath}`;samples/nest.js/src/main.ts (1)
8-14: Consider binding to0.0.0.0for containerized deployments."Fastify, in contrast, listens only on the loopback interface 127.0.0.1" by default. When deploying in containers (Docker, Kubernetes), this will prevent external traffic from reaching the server. Pass the host as the second argument to
listen().🔧 Suggested fix
async function bootstrap() { const app = await NestFactory.create<NestFastifyApplication>( AppModule, new FastifyAdapter(), ); - await app.listen(process.env.PORT ?? 3000); + await app.listen(process.env.PORT ?? 3000, '0.0.0.0'); }
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (48)
.devcontainer/devcontainer.jsonMY-CHANGES.mdpackage.jsonpackages/auth-adapters/better-auth/package.jsonpackages/auth-adapters/better-auth/src/adapter.tspackages/cli/package.jsonpackages/cli/src/utils/exec-utils.tspackages/cli/test/migrate.test.tspackages/clients/client-helpers/package.jsonpackages/clients/tanstack-query/package.jsonpackages/clients/tanstack-query/src/vue.tspackages/create-zenstack/package.jsonpackages/create-zenstack/src/templates.tspackages/ide/vscode/package.jsonpackages/orm/package.jsonpackages/plugins/policy/package.jsonpackages/server/package.jsonpackages/testtools/package.jsonpackages/zod/package.jsonpnpm-workspace.yamlsamples/nest.js/.gitignoresamples/nest.js/.prettierrcsamples/nest.js/README.mdsamples/nest.js/eslint.config.mjssamples/nest.js/nest-cli.jsonsamples/nest.js/package.jsonsamples/nest.js/src/app-auth.controller.tssamples/nest.js/src/app-auto.controller.tssamples/nest.js/src/app.controller.tssamples/nest.js/src/app.module.tssamples/nest.js/src/db.service.tssamples/nest.js/src/main.tssamples/nest.js/src/utils.tssamples/nest.js/src/zenstack/input.tssamples/nest.js/src/zenstack/models.tssamples/nest.js/src/zenstack/schema.tssamples/nest.js/src/zenstack/schema.zmodelsamples/nest.js/src/zenstack/seed.tssamples/nest.js/tsconfig.build.jsonsamples/nest.js/tsconfig.jsonsamples/next.js/package.jsonsamples/next.js/zenstack/schema.zmodelsamples/nuxt/zenstack/schema.zmodelsamples/sveltekit/package.jsonsamples/sveltekit/src/zenstack/schema.zmodeltests/e2e/package.jsontests/runtimes/bun/package.jsontests/runtimes/edge-runtime/package.json
🧰 Additional context used
📓 Path-based instructions (1)
**/*.zmodel
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.zmodel: Always runzenstack generateafter modifying ZModel schemas
ZModel schema files should define database structure and policies that compile to TypeScript viazenstack generate
Files:
samples/next.js/zenstack/schema.zmodelsamples/nuxt/zenstack/schema.zmodelsamples/nest.js/src/zenstack/schema.zmodelsamples/sveltekit/src/zenstack/schema.zmodel
🧠 Learnings (13)
📓 Common learnings
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to packages/zenstackhq/orm/**/*.{ts,tsx} : Implement plugin hooks at ORM, Kysely, and entity mutation levels for query interception and customization
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Use `pnpm` with workspaces for package management, pinned to version `pnpm10.12.1`
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to **/*.zmodel : ZModel schema files should define database structure and policies that compile to TypeScript via `zenstack generate`
Applied to files:
samples/nest.js/src/zenstack/models.tspackages/zod/package.jsonpackages/create-zenstack/src/templates.tspackages/orm/package.jsonsamples/nest.js/README.mdsamples/next.js/zenstack/schema.zmodelsamples/nest.js/src/db.service.tssamples/nuxt/zenstack/schema.zmodelsamples/nest.js/src/zenstack/schema.tspackages/testtools/package.jsonsamples/nest.js/package.jsonsamples/nest.js/src/zenstack/schema.zmodelsamples/sveltekit/src/zenstack/schema.zmodelsamples/next.js/package.jsonsamples/nest.js/src/zenstack/input.tssamples/sveltekit/package.json
📚 Learning: 2025-10-21T16:09:31.218Z
Learnt from: ymc9
Repo: zenstackhq/zenstack-v3 PR: 319
File: packages/runtime/src/client/executor/zenstack-query-executor.ts:63-72
Timestamp: 2025-10-21T16:09:31.218Z
Learning: In ZenStack, TypeDefs can be inherited by models. When a TypeDef contains fields with `map` attributes, those mapped field names need to be processed by the QueryNameMapper since they become part of the inheriting model's schema. Therefore, when checking if a schema has mapped names (e.g., in `schemaHasMappedNames`), both `schema.models` and `schema.typeDefs` must be inspected for `@map` and `map` attributes.
Applied to files:
samples/nest.js/src/zenstack/models.tssamples/next.js/zenstack/schema.zmodelsamples/nest.js/src/zenstack/schema.ts
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to **/*.zmodel : Always run `zenstack generate` after modifying ZModel schemas
Applied to files:
samples/nest.js/src/zenstack/models.tssamples/next.js/zenstack/schema.zmodelsamples/nuxt/zenstack/schema.zmodelsamples/next.js/package.json
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to packages/zenstackhq/orm/**/*.{ts,tsx} : Implement plugin hooks at ORM, Kysely, and entity mutation levels for query interception and customization
Applied to files:
samples/nest.js/src/zenstack/models.tspackages/orm/package.jsonsamples/nest.js/README.mdsamples/next.js/zenstack/schema.zmodelpnpm-workspace.yamlsamples/nest.js/src/zenstack/schema.tspackages/testtools/package.jsonpackages/auth-adapters/better-auth/src/adapter.tspackages/clients/tanstack-query/src/vue.tssamples/nest.js/src/zenstack/schema.zmodelsamples/nest.js/src/zenstack/input.ts
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to packages/zenstackhq/orm/**/*.{ts,tsx} : Use Kysely as the query builder interface for low-level database queries, avoiding raw SQL when possible
Applied to files:
samples/nest.js/src/zenstack/models.tspackages/create-zenstack/src/templates.tspackages/orm/package.jsonsamples/nest.js/README.mdsamples/next.js/zenstack/schema.zmodelsamples/nest.js/src/db.service.tspnpm-workspace.yamltests/runtimes/bun/package.jsonpackages/testtools/package.jsonpackages/auth-adapters/better-auth/src/adapter.tspackages/clients/tanstack-query/src/vue.tssamples/nest.js/src/zenstack/input.ts
📚 Learning: 2025-12-30T15:07:06.254Z
Learnt from: mwillbanks
Repo: zenstackhq/zenstack-v3 PR: 550
File: packages/orm/src/client/crud/operations/base.ts:158-159
Timestamp: 2025-12-30T15:07:06.254Z
Learning: Do not use ts-expect-error in production code within the zenstackhq/zenstack-v3 repo (e.g., packages/*). Use explicit type annotations, targeted type assertions, or refactor to resolve the type error. ts-expect-error may be acceptable only in test files for stubbing or temporary silencing. Ensure production code is type-safe and maintainable.
Applied to files:
packages/cli/src/utils/exec-utils.tspackages/create-zenstack/src/templates.tspackages/auth-adapters/better-auth/src/adapter.tspackages/clients/tanstack-query/src/vue.ts
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to tests/e2e/**/*.{ts,tsx} : E2E tests should validate real-world schema compatibility with established projects
Applied to files:
samples/nest.js/tsconfig.jsonpackages/orm/package.jsonsamples/nest.js/src/zenstack/schema.tstests/e2e/package.jsonpackages/server/package.json
📚 Learning: 2025-12-30T15:07:10.092Z
Learnt from: mwillbanks
Repo: zenstackhq/zenstack-v3 PR: 550
File: packages/orm/src/client/crud/operations/base.ts:158-159
Timestamp: 2025-12-30T15:07:10.092Z
Learning: In the zenstackhq/zenstack-v3 codebase, ts-expect-error should be heavily avoided in production code (packages/*). It is acceptable in test files but production code should use proper type annotations, type assertions, or refactoring to resolve type errors instead.
Applied to files:
packages/zod/package.jsonpackages/orm/package.jsonsamples/nest.js/README.mdpackages/cli/package.jsonpackages/server/package.jsonsamples/sveltekit/package.json
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to packages/zenstackhq/orm/**/*.test.{ts,tsx} : ORM package tests should include comprehensive client API tests and policy tests
Applied to files:
packages/orm/package.jsonsamples/nest.js/README.mdsamples/nest.js/src/zenstack/input.ts
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Use `pnpm` with workspaces for package management, pinned to version `pnpm10.12.1`
Applied to files:
packages/orm/package.jsonpnpm-workspace.yamlpackages/clients/client-helpers/package.jsonpackages/testtools/package.jsonpackage.jsonsamples/nest.js/package.jsonpackages/cli/package.json
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to ide/vscode/**/{package.json,version.ts} : The VSCode IDE extension package should maintain a different version from other packages to comply with VSCode Marketplace requirements
Applied to files:
packages/ide/vscode/package.jsonpackage.json
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Use Turbo for build orchestration and run `pnpm build`, `pnpm watch`, `pnpm lint`, and `pnpm test` for development tasks
Applied to files:
package.jsonsamples/next.js/package.json
🧬 Code graph analysis (5)
samples/nest.js/src/zenstack/seed.ts (1)
samples/nest.js/src/db.service.ts (1)
DbService(6-18)
samples/nest.js/src/app-auth.controller.ts (4)
samples/nest.js/src/app-auto.controller.ts (1)
Controller(16-46)samples/nest.js/src/app.controller.ts (1)
Controller(5-35)samples/nest.js/src/db.service.ts (1)
DbService(6-18)samples/nest.js/src/zenstack/models.ts (1)
Post(17-17)
samples/nest.js/src/app.controller.ts (2)
samples/nest.js/src/db.service.ts (1)
DbService(6-18)samples/nest.js/src/zenstack/models.ts (1)
Post(17-17)
samples/nest.js/src/app-auto.controller.ts (3)
samples/nest.js/src/app-auth.controller.ts (1)
Controller(5-25)samples/nest.js/src/app.controller.ts (1)
Controller(5-35)samples/nest.js/src/db.service.ts (1)
DbService(6-18)
samples/nest.js/src/app.module.ts (3)
samples/nest.js/src/db.service.ts (1)
DbService(6-18)samples/nest.js/src/utils.ts (1)
isAdmin(3-6)packages/plugins/policy/src/plugin.ts (1)
PolicyPlugin(6-29)
🔇 Additional comments (49)
samples/nest.js/.prettierrc (1)
1-4: LGTM — clear, minimal Prettier config.tests/runtimes/edge-runtime/package.json (1)
21-23: Verify edge-runtime typechecks after@types/pgbump.Run the local typecheck/tests to confirm no new type errors were introduced:
#!/bin/bash pnpm -C tests/runtimes/edge-runtime test:typecheck pnpm -C tests/runtimes/edge-runtime testpackages/testtools/package.json (1)
40-41: I need the review comment to rewrite. Please provide the original review comment within<review_comment>tags along with any relevant context (such as file paths, code snippets, or links to executed capability results) so I can verify and rewrite it according to the required format.packages/clients/client-helpers/package.json (1)
32-34: No breaking changes documented for superjson 2.2.6. The latest documented changes in the 2.2.x series (v2.2.2) include backward-compatible improvements: deserialization error handling and a DoS vulnerability fix. The update is safe to proceed with.samples/nest.js/nest-cli.json (1)
1-14: LGTM!Well-configured NestJS CLI setup. Using SWC with
typeCheck: trueprovides faster builds while maintaining type safety. ThedeleteOutDir: trueensures clean builds.packages/plugins/policy/package.json (1)
49-49: LGTM!Type definition update aligns with the repo-wide dependency refresh. This is a safe devDependency update.
packages/zod/package.json (1)
37-40: LGTM!Minor version bump within Zod 4.x is a safe update. Ensure the
catalog:version inpnpm-workspace.yamlis compatible with or matches ^4.3.5 for consistency between devDependency and peerDependency.packages/create-zenstack/package.json (1)
34-35: Verify ESM migration for ora and compatibility with new APIs.These major version upgrades introduce breaking changes:
ora: 5.x → 9.x includes a critical migration from CommonJS to Pure ESM. Code usingrequire('ora')will fail withERR_REQUIRE_ESM. Requires Node.js 20+ in v9.commander: 8.x → 14.x includes API changes (Option.preset, showSuggestionAfterError default behavior, boolean-option handling).Verify the
create-zenstackpackage has been migrated to ESM and its code is compatible with the new API signatures.tests/runtimes/bun/package.json (1)
23-25: Dependency bumps look fine; please confirm runtime compatibility.
Line 23–25: Ensurebun-types@^1.3.6matches the Bun version used in CI, and that@types/pg@^8.16.0aligns with thepgcatalog version.packages/auth-adapters/better-auth/package.json (1)
44-49: Version bump OK; validate adapter compatibility.
Line 44–49: Please verify the adapter still compiles/behaves correctly againstbetter-auth@^1.4.13and the updated import paths (run adapter tests or a small integration).samples/sveltekit/package.json (1)
27-38: Version updates look fine; confirm sample build still passes.
Line 27–38: Please verify these bumps remain compatible with the workspace’s cataloged@sveltejs/kit/svelteversions and run the sample build to confirm.packages/ide/vscode/package.json (1)
40-40: Verify thatengines.vscodewas updated to match the@types/vscodebump.Line 40:
@types/vscode@^1.108.1requiresengines.vscodeto be at least^1.108.0. The VSCode extension publisher (vsce) enforces this minimum version alignment. Ifengines.vscoderemains at^1.90.0, vsce will reject the package, or TypeScript will allow APIs unavailable in v1.90, risking runtime failures.Confirm that
engines.vscodewas also bumped to^1.108.0in this change, or downgrade@types/vscodeto^1.90.0if the lower engine constraint must be maintained.samples/nest.js/.gitignore (1)
1-58: LGTM for NestJS sample ignore coverage.Captures common build artifacts, env files, and IDE configs cleanly.
packages/cli/src/utils/exec-utils.ts (1)
8-17: Default stdio handling looks solid.Good safeguard against non-interactive hangs while preserving explicit stdio overrides.
packages/orm/package.json (2)
118-126: No action required. zod 4.3.5 and tsx 4.21.0 have no user-facing behavioral changes or breaking changes. The zod v4.3.5 release is documentation and maintenance-focused, and tsx 4.21.0 only upgraded esbuild. Both versions are stable and safe to use.Likely an incorrect or invalid review comment.
84-98: Verify breaking changes for ID libs; uuid v13 and cuid2 v3 are confirmed breaking.
uuid v13.0.0 has a breaking export map change (browser exports become default). Named imports (import { v4 as uuidv4 }) remain the API, but this requires ESM-compatible tooling; confirm jest/build configs support ESM or map uuid appropriately. [build/toolchain risk]
@paralleldrive/cuid2 v3.0.6 is a semantic breaking change from old cuid: IDs are no longer k-sortable (not timestamp-ordered), default length is 24 chars, and the API changed to use init() factory. If ORM or its schema assumes k-sortable IDs, sorting by ID, or the old cuid format, this will break. [ID format/sorting risk]
nanoid v5.1.6: no breaking changes (patch-only fix).
ulid v3.0.2: requires Node 18+ (up from 16+) and is ESM-only; no API breaking changes documented.
Confirm ORM does not rely on cuid's k-sortability and that ID generation/schema logic is unaffected.
tests/e2e/package.json (1)
15-27: Verify ID generation behavior matches e2e test expectations for major library updates.The uuid v13 update involves import/export mechanics (ESM-only with Node 18+ requirement) and is unlikely to affect test assertions. However,
@paralleldrive/cuid2v3 introduces a breaking semantic change: IDs are no longer k-sortable and no longer timestamp-based. Any e2e test fixtures or assertions that rely on ID ordering to verify sequence or assume timestamp encoding will break. Confirm no test code depends on ID monotonicity or uses IDs for timing/ordering validation, and check that bundle/import configurations support the ESM-only uuid v13 module resolution.packages/create-zenstack/src/templates.ts (1)
30-59: LGTM!The starter template provides a clean, working example demonstrating ZenStackClient with SQLite. The database paths are correctly aligned assuming the generated schema file will be at
./zenstack/schema.tsand the dev.db will be relative to it.packages/clients/tanstack-query/package.json (1)
77-79: Peer dependency minimum versions may break existing users.Changing peer dependencies from
^5.0.0to^5.90.17(and similar for others) will cause npm/pnpm to emit warnings for users on older TanStack Query versions (e.g., 5.50.0). This effectively requires users to upgrade their TanStack Query packages.If this is intentional due to API changes you depend on, consider documenting this in a changelog. If not, the previous floor versions (
^5.0.0,^6.0.0) provide broader compatibility:"peerDependencies": { - "@tanstack/react-query": "^5.90.17", - "@tanstack/svelte-query": "^6.0.15", - "@tanstack/vue-query": "^5.92.6" + "@tanstack/react-query": "^5.0.0", + "@tanstack/svelte-query": "^6.0.0", + "@tanstack/vue-query": "^5.0.0" },packages/cli/package.json (3)
45-57: LGTM on minor/patch updates.The patch and minor version updates (execa, mixpanel, package-manager-detector, semver,
@types/semver) are low-risk incremental updates.
44-44: Verify CLI code updates for Commander v14 and Ora v9 major version jumps.Commander v8→14 introduces significant breaking changes across 6 major versions that require code updates:
- Node.js v20+ is now required (check CI/runtime environment)
- Removed default CommonJS export: update imports from
require('commander')to{ program }- Excess command arguments now error by default (add
.allowExcessArguments()or declare expected arguments)- Stricter validation for duplicate option flags and command names
- Help class internals refactored; private Help APIs (e.g., Help.wrap) must migrate to public APIs
Ora v5→9 also has a critical breaking change:
- Ora is now ESM-only; CommonJS
require('ora')no longer works- Either migrate to ESM, use dynamic import, or declare
allowSyntheticDefaultImportsif using ESM in a CommonJS contextConfirm the CLI code has been updated to handle these changes and that Node v20+ is targeted in CI/runtime.
49-49: Verify CLI compatibility with Ora v9.This is a major version jump from v5 to v9. Ora v9 is ESM-only and requires Node.js 20+. Ensure the CLI package is configured for ESM (or uses dynamic imports if CommonJS) and targets Node 20 or higher. While spinner method usage (.start(), .succeed(), .fail()) remains compatible, module resolution and runtime requirements are breaking changes.
samples/nest.js/tsconfig.json (1)
25-27: LGTM on ts-node SWC configuration.The
ts-nodesection withswc: truealigns with the PR description noting that this sample uses SWC as the compiler, providing faster TypeScript execution during development.samples/nest.js/tsconfig.build.json (1)
1-3: LGTM for a minimal build tsconfig.
Please just confirmtsc -p samples/nest.js/tsconfig.build.jsonbehaves as intended (exclusions effective, build output expected).samples/nest.js/eslint.config.mjs (1)
1-35: Looks good; please verify lint passes with type-aware rules enabled.
projectService: truecan fail if the TS project graph is misconfigured; confirmpnpm lintin the sample works cleanly.pnpm-workspace.yaml (1)
7-35: Validate the widened catalog ranges don't introduce incompatible transitive upgrades.Please ensure the workspace lockfile and CI reflect the intended resolved versions (especially React/Next/TanStack/TypeScript). Verify by running
pnpm -r list --depth 0and checking that resolved versions match expectations, particularly for breaking changes in major/minor version transitions.samples/next.js/package.json (1)
32-32: eslint-config-next 16.1.2 is correctly aligned with Next.js 16.x. This version is the official ESLint config shipped for Next.js 16 and should be used with Next.js 16.x releases. No action required.package.json (3)
52-58: Package extension added to fix@sveltejs/packagepeer dependency.This extension ensures
@sveltejs/packagehas access to TypeScript ^5.9.3, which is a reasonable workaround for peer dependency resolution issues.
5-5: Dependency updates look appropriate.The pnpm and devDependency version bumps (eslint, vitest, prettier, tsup, tsx, turbo, typescript-eslint, yaml) are minor/patch updates that align the toolchain with current releases.
Also applies to: 28-43
33-33: Check if glob CLI is used directly in build scripts or package.json scripts.Glob v13 has a breaking change: the CLI program was removed and moved to the separate
glob-binpackage. If your monorepo uses glob CLI in any build scripts orpackage.jsonscripts, you'll need to addglob-binas a dependency. Programmatic usage of glob should be unaffected.samples/sveltekit/src/zenstack/schema.zmodel (1)
1-28: Schema structure looks good for a sample application.The User and Post models with their relations are well-defined. The cascade delete/update on the Post→User relation ensures referential integrity.
As per coding guidelines, remember to run
zenstack generateafter modifying this schema to compile it to TypeScript.samples/next.js/zenstack/schema.zmodel (1)
1-28: Schema is consistent with other samples; no access control policies present.Note: The AI summary mentioned
@@allowrules and anadminfield for this schema, but these are not present in the actual code. The schema matches the simpler SvelteKit/Nuxt samples pattern.As per coding guidelines, remember to run
zenstack generateafter modifying this schema.samples/nuxt/zenstack/schema.zmodel (1)
1-28: Schema is consistent with other framework samples.The structure mirrors the SvelteKit and Next.js samples, maintaining consistency across the sample applications.
As per coding guidelines, remember to run
zenstack generateafter modifying this schema.samples/nest.js/src/zenstack/schema.zmodel (2)
6-8: Good addition of policy plugin for access control demonstration.Including the
@zenstackhq/plugin-policyplugin enables the@@allowrules defined on the models, making this sample more feature-complete for demonstrating ZenStack's access control capabilities.
10-35: Well-structured models with access control policies.The User and Post models with
@@allowrules demonstrate ZenStack's policy-based access control effectively. The cascade behavior on the Post→User relation is correctly configured.As per coding guidelines, remember to run
zenstack generateafter modifying this schema.samples/nest.js/src/zenstack/schema.ts (1)
8-127: LGTM for the generated schema output.No issues spotted in this generated schema definition.
samples/nest.js/src/zenstack/models.ts (1)
8-17: LGTM for generated model type exports.The model type aliases look consistent with the schema.
packages/server/package.json (1)
124-160: Confirm adapter compatibility with the bumped peer/dev dependency ranges.These updates cover major/RC framework versions (Express 5.2.1, Fastify 5.7, Hono 4.11, H3 2.0.1-rc.8, Zod 4.3.5). Please re-run the server adapter test matrix and update any compatibility docs if needed.
samples/nest.js/src/app.controller.ts (1)
16-32: Avoid hard-codedauthorIdvalues.The user ID should be derived from the current request context (authentication/JWT) rather than hard-coded. This ensures the post is correctly attributed to the actual authenticated user making the request, rather than assuming a fixed user ID exists in the database.
samples/nest.js/src/app-auth.controller.ts (2)
6-7: LGTM
Constructor wiring looks clean.
9-12: LGTM
Straightforward list handler.samples/nest.js/src/zenstack/input.ts (1)
1-50: LGTM (generated types)
No concerns with the generated aliases.samples/nest.js/src/app-auto.controller.ts (1)
23-23: LGTMsamples/nest.js/src/app.module.ts (2)
11-17: LGTM
Module wiring is clear.
18-26: No changes required. The$use()and$setAuth()methods both return new client instances (shallow clones) and do not mutate the originalDbService. The current code correctly creates a per-request auth-bound client by chaining these methods, which is the documented pattern. Each request receives a distinct client instance, so there is no risk of auth context leakage or middleware accumulation across requests.packages/clients/tanstack-query/src/vue.ts (4)
16-16: LGTM on the type migration toMutationObserverOptions.Using
MutationObserverOptionsfrom@tanstack/query-corefor the internal callback types is appropriate since it provides the framework-agnostic callback signatures. The Vue-specificUseMutationOptionsis retained where needed (e.g., procedure mutations at line 156).Also applies to: 119-121
141-145: Good type abstractions.The new type aliases (
MutationLifecycleOptions,ResolvedMutationOptions,MutationCallbackParams) centralize the mutation callback typing and make the lifecycle hook implementations more readable.
593-641: Lifecycle hooks are correctly implemented.The
unref()calls on user callbacks (lines 598, 620, 640) provide defensive handling for edge cases where callbacks might be ref-wrapped inside the options object. The callback parameters use the newMutationCallbackParamstype for type safety, and return values are properly preserved for context propagation.
649-649: Correct reactive pattern for Vue Query.Passing a getter function
() => finalOptions.valuerather than the computed ref directly is the proper pattern for Vue Query to reactively update when options change.
✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@package.json`:
- Around line 30-44: Replace all uses of the old glob.sync API with the new
named export globSync: in the three affected modules (scripts/test-generate.ts,
scripts/bump-version.ts, and packages/testtools/src/client.ts) change the import
from "import { glob } from 'glob'" to "import { globSync } from 'glob'" and
update each call site from glob.sync(...) to globSync(...). Also review the
dependency versions: align the glob version pinned in
packages/language/package.json (currently ^11.1.0) with the root/testtools
(^13.0.0) by either upgrading packages/language to ^13.x or intentionally
keeping it at v11 and adding a comment/exemption—ensure package.json entries for
"glob" are consistent across the monorepo.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
package.jsonpackages/create-zenstack/src/templates.tssamples/nest.js/src/zenstack/schema.zmodelsamples/next.js/zenstack/schema.zmodelsamples/nuxt/zenstack/schema.zmodelsamples/sveltekit/src/zenstack/schema.zmodel
✅ Files skipped from review due to trivial changes (1)
- samples/next.js/zenstack/schema.zmodel
🚧 Files skipped from review as they are similar to previous changes (3)
- samples/nest.js/src/zenstack/schema.zmodel
- samples/sveltekit/src/zenstack/schema.zmodel
- packages/create-zenstack/src/templates.ts
🧰 Additional context used
📓 Path-based instructions (1)
**/*.zmodel
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.zmodel: Always runzenstack generateafter modifying ZModel schemas
ZModel schema files should define database structure and policies that compile to TypeScript viazenstack generate
Files:
samples/nuxt/zenstack/schema.zmodel
🧠 Learnings (7)
📓 Common learnings
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Database migrations should use Prisma CLI under the hood via ZenStack commands
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to packages/zenstackhq/orm/**/*.{ts,tsx} : Implement plugin hooks at ORM, Kysely, and entity mutation levels for query interception and customization
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to **/*.zmodel : ZModel schema files should define database structure and policies that compile to TypeScript via `zenstack generate`
Applied to files:
samples/nuxt/zenstack/schema.zmodel
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to **/*.zmodel : Always run `zenstack generate` after modifying ZModel schemas
Applied to files:
samples/nuxt/zenstack/schema.zmodel
📚 Learning: 2025-10-21T16:09:31.218Z
Learnt from: ymc9
Repo: zenstackhq/zenstack-v3 PR: 319
File: packages/runtime/src/client/executor/zenstack-query-executor.ts:63-72
Timestamp: 2025-10-21T16:09:31.218Z
Learning: In ZenStack, TypeDefs can be inherited by models. When a TypeDef contains fields with `map` attributes, those mapped field names need to be processed by the QueryNameMapper since they become part of the inheriting model's schema. Therefore, when checking if a schema has mapped names (e.g., in `schemaHasMappedNames`), both `schema.models` and `schema.typeDefs` must be inspected for `@map` and `map` attributes.
Applied to files:
samples/nuxt/zenstack/schema.zmodel
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Use `pnpm` with workspaces for package management, pinned to version `pnpm10.12.1`
Applied to files:
package.json
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Applies to ide/vscode/**/{package.json,version.ts} : The VSCode IDE extension package should maintain a different version from other packages to comply with VSCode Marketplace requirements
Applied to files:
package.json
📚 Learning: 2025-11-26T01:55:04.540Z
Learnt from: CR
Repo: zenstackhq/zenstack-v3 PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-26T01:55:04.540Z
Learning: Use Turbo for build orchestration and run `pnpm build`, `pnpm watch`, `pnpm lint`, and `pnpm test` for development tasks
Applied to files:
package.json
🔇 Additional comments (3)
samples/nuxt/zenstack/schema.zmodel (1)
1-1: LGTM!The import statement correctly references the shared schema and aligns with the standardized import pattern applied across other sample apps in this PR. The relative path is accurate for this file's location.
As per coding guidelines, remember to run
zenstack generateafter modifying ZModel schemas when working with these samples.package.json (2)
5-5: No action needed. Thepnpm@10.28.0pin at the root is intentional; the VSCode package correctly maintainspnpm@10.12.1separately to comply with VSCode Marketplace requirements (as documented in repo learnings). These are separate, non-conflicting configurations.Likely an incorrect or invalid review comment.
53-58: No action needed. ThepackageExtensionsTypeScript version is already perfectly aligned with the workspace catalog. Both specifytypescript: ^5.9.3, and the rootdevDependenciesuses"catalog:"to inherit this same version. There is no version skew or risk of duplicate installations.Likely an incorrect or invalid review comment.
✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.
2 participants
New Sample
nest.js with fastify and swc as compiler
Not Updated
prisma@6.19.0 to prisma@7.2.0
langium@3.5.0 to langium@4.1.0
Summary by CodeRabbit
New Features
Chores
Tests
✏️ Tip: You can customize this high-level summary in your review settings.