chore(build): migrate to tsdown workspace mode

[fengmk2]

Replace per-package tsdown config spreading with native workspace mode:

• Add root tsdown.config.ts with workspace configuration
• Remove 60 standard tsdown.config.ts files that only spread base config
• Keep 7 configs with custom options (copy, unbundle, unused.ignore)
• Simplify root build script to just run tsdown once
• Delete tsdown.config.json (old JSON base config)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Build Process Improvements

  • Introduces a workspace-wide tsdown build/configuration flow; adds workspace scripts (including a tsdown alias and clean-dist) and centralizes defaults so most packages no longer need individual build configs.

• Breaking Changes

  • Many package-level build scripts and per-package tsdown configs were removed; publishing or custom build workflows may require updating.

• Documentation

  • Guidance updated: per-package config is optional — create one only for custom behavior; example simplified.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

More than 25% of the files skipped due to max files limit. The review is being skipped to prevent a low-quality review.

114 files out of 221 files are above the max files limit of 100. Please upgrade to Pro plan to get higher limits.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Centralized tsdown configuration to the workspace root and added a root tsdown script/devDependency; removed or simplified many per-package tsdown.config.ts files so packages inherit workspace defaults; removed numerous per-package build scripts from package.json files.

Changes

Cohort / File(s)	Summary
Root workspace & docs CLAUDE.md, package.json, tsdown.config.json	Add workspace-level tsdown configuration and root tsdown script/devDependency; update documentation to state per-package configs are only needed for custom options; modify root build orchestration to use tsdown.
Workspace script additions package.json	Added tsdown script, clean-dist script; updated clean, build, build:parallel, and added prelint; added tsdown devDependency entry.
Per-package manifest removals packages/*/package.json, plugins/*/package.json, tegg/core/*/package.json (many files)	Removed per-package build scripts (commonly tsdown && rimraf dist ... && tsc -p tsconfig.build.json); many prepublishOnly still reference build.
Per-package tsdown config simplifications packages/*/tsdown.config.ts, tegg/core/*/tsdown.config.ts (many files)	Removed import/spread of root tsdown.config.json; replaced with minimal inline configs (typical entry: { index: 'src/index.ts' }) or left simplified default export.
Per-plugin tsdown configs removed plugins/*/tsdown.config.ts (e.g., plugins/i18n/..., plugins/mock/..., plugins/redis/..., plugins/view/..., plugins/watcher/..., etc.)	Deleted many per-plugin tsdown.config.ts files and their default exports so those plugins now rely on workspace defaults unless a custom config is reintroduced.
Notable package.json edits packages/cluster/package.json, packages/koa/package.json, packages/supertest/package.json, packages/cookies/package.json, tegg/core/types/package.json, ...	Removed build entries (some leaving prepublishOnly pointing to a missing build); tegg/core/types export reductions noted in summary.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Heterogeneous edits across many manifest and config files require careful, separate checks.
• Review attention recommended for:
  • Packages whose prepublishOnly/publish hooks still reference removed build scripts.
  • Any packages/plugins that previously relied on per-package copy, unused, or custom tsdown options (ensure those custom behaviors are preserved or intentionally removed).
  • The root tsdown.config.json defaults vs. packages that were simplified — confirm expected entry/unbundle/dts/copy behavior.

Possibly related PRs

• fix(cluster): add missing exports for agent_worker and app_worker #5536 — touches packages/cluster/tsdown.config.ts changes (agent_worker/app_worker entries) and related manifest edits.
• fix: use tsc build #5582 — overlapping edits to per-package build scripts and tsdown configuration centralization across the monorepo.
• feat(typebox-validate): merge egg-typebox-validate plugin into monorepo #5583 — directly touches per-plugin tsdown configs (adds/removes) and may conflict with deleted/centralized tsdown config files.

Poem

🐰 I hopped through configs, tidy and quick,
One root to show defaults — a tiny trick.
Per-plugin files slimmed to what’s required,
Scripts aligned, and old builds retired.
A happy rabbit digs — the workspace is slick!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: migrating from per-package tsdown configs to workspace mode, which is the primary objective of this large refactoring PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying egg with    Cloudflare Pages

Latest commit:	f93d23f
Status:	✅  Deploy successful!
Preview URL:	https://17ca5209.egg-cci.pages.dev
Branch Preview URL:	https://tsdown-workspace.egg-cci.pages.dev

View logs

[gemini-code-assist]

Summary of Changes

Hello @fengmk2, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the monorepo's build system by adopting tsdown's native workspace mode. This change centralizes the build configuration into a single root tsdown.config.ts file, drastically reducing the number of individual package configuration files and simplifying the overall build command. The new setup promotes better maintainability and consistency across packages, while still allowing for specific customizations where necessary.

Highlights

• Centralized Build Configuration: Migrated the project's tsdown configuration to a native workspace mode, introducing a single root tsdown.config.ts file to manage build settings across the monorepo.
• Reduced Configuration Redundancy: Eliminated approximately 60 redundant per-package tsdown.config.ts files that previously only extended a base configuration, leading to a cleaner and more maintainable codebase.
• Simplified Build Process: Streamlined the root build script to execute tsdown once for the entire monorepo, replacing individual package build commands.
• Targeted Customization: Retained custom tsdown.config.ts files only for packages requiring specific, non-default options such as copy assets, custom entry points, or unused.ignore rules.
• Updated Documentation: The CLAUDE.md documentation has been updated to reflect the new tsdown workspace configuration and provide guidelines for plugins.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[cloudflare-workers-and-pages]

Deploying egg-v3 with    Cloudflare Pages

Latest commit:	f93d23f
Status:	✅  Deploy successful!
Preview URL:	https://7d9f47e6.egg-v3.pages.dev
Branch Preview URL:	https://tsdown-workspace.egg-v3.pages.dev

View logs

[gemini-code-assist]

Code Review

This pull request does a great job of migrating the build system to tsdown's workspace mode, which significantly simplifies the configuration by removing dozens of redundant config files. The changes to the root package.json and the new tsdown.config.ts are well-implemented.

However, there are a few critical issues with the updated build scripts in the individual package.json files. For packages that require file-copying operations (like packages/egg, plugins/onerror, and tools/create-egg), the new tsc-based build scripts will fail to copy necessary assets, leading to broken packages when prepublishOnly is triggered. I've left specific suggestions to fix these. There's also a broader inconsistency issue where per-package builds now use tsc while the root build uses tsdown, which could lead to subtle differences in output. I've raised this as a medium-severity issue with a suggestion to make the scripts more robust.

[coderabbitai]

Actionable comments posted: 9

🧹 Nitpick comments (12)

plugins/typebox-validate/package.json (1)

74-76: Consider removing unused build tools from devDependencies.

Both rimraf (line 74) and tsdown (line 76) appear in devDependencies but are no longer used in this package's build script. Since tsdown is now executed at the workspace root and rimraf is no longer needed with the simplified build process, these dependencies could be removed to reduce package overhead.

Verification script to check for actual usage

#!/bin/bash
# Search for any usage of rimraf or tsdown in package scripts or source files
rg -n --type json '"(rimraf|tsdown)"' plugins/typebox-validate/package.json
rg -n 'rimraf|tsdown' plugins/typebox-validate/src/

packages/extend2/package.json (1)

46-46: Unused tsdown dependency.

tsdown is listed in devDependencies but is no longer invoked in this package's build script. Consider removing it since the workspace root now handles tsdown execution.

plugins/schedule/package.json (1)

95-95: Clean up unused tsdown dependency.

tsdown remains in devDependencies but is no longer used in this package's scripts. Consider removing it to maintain a lean dependency tree.

plugins/jsonp/package.json (1)

68-68: Remove unused tsdown dependency.

tsdown is no longer invoked in this package's build script and can be removed from devDependencies.

packages/egg/package.json (1)

207-207: Unused tsdown in devDependencies.

Since tsdown is no longer executed in this package's build script, consider removing it from devDependencies.

plugins/static/package.json (1)

72-72: Cleanup opportunity: remove unused tsdown.

tsdown is no longer used in this package's build script and can be removed from devDependencies.

plugins/logrotator/package.json (1)

92-92: Remove unused tsdown dependency.

tsdown is no longer invoked in this package's build script. Consider removing it from devDependencies since tsdown execution is now handled at the workspace root.

tegg/core/transaction-decorator/package.json (1)

65-65: Consider removing unused tsdown devDependency.

The build script no longer uses tsdown (changed to tsc -p tsconfig.build.json), but tsdown remains in devDependencies. If workspace mode handles builds centrally, this local dependency may be unnecessary.

tegg/core/metadata/package.json (1)

111-111: Consider removing unused tsdown devDependency.

Same as other packages: the build script no longer references tsdown.

packages/router/package.json (1)

75-75: Consider removing unused tsdown devDependency.

The build script uses tsc -p tsconfig.build.json directly, making the local tsdown devDependency potentially unnecessary if workspace mode handles builds centrally.

packages/utils/package.json (1)

61-61: Consider removing unused tsdown devDependency.

Same pattern as other packages: build no longer uses tsdown directly.

packages/supertest/tsdown.config.ts (1)

1-8: Consider using a typed intermediate variable.

Per coding guidelines, tsdown configuration files should use typed intermediate variables. This aids IDE support and type checking.

🔎 Suggested refactor

 import { defineConfig } from 'tsdown';
+import type { UserConfig } from 'tsdown';

-export default defineConfig({
+const config: UserConfig = {
   unused: {
     level: 'error',
     ignore: ['@types/superagent'],
   },
-});
+};
+
+export default defineConfig(config);

Based on learnings, "Use typed intermediate variables for tsdown and vitest configuration files."

[coderabbitai]

Actionable comments posted: 15

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

packages/core/package.json (1)

60-64: Critical: Missing build script referenced by prepublishOnly.

Line 64 invokes pnpm run build but no build script is defined in the scripts section. This will cause the publish step to fail.

As per coding guidelines, all packages must include a build script. Add the missing build script or update prepublishOnly to reference the correct command.

packages/errors/package.json (1)

140-144: Critical: Missing build script referenced by prepublishOnly.

Line 144 invokes pnpm run build but no build script is defined in the scripts section. This will cause the publish step to fail.

Add the missing build script or update prepublishOnly to reference the correct workspace-level build command.

♻️ Duplicate comments (7)

tegg/core/standalone-decorator/package.json (1)

32-47: Verify that all exported source files exist.

A previous review identified that several exported modules reference source files that may not exist. Verify that all the following source files are present before publishing:

• ./src/decorator/index.ts
• ./src/decorator/Runner.ts
• ./src/typing.ts
• ./src/util/index.ts
• ./src/util/StandaloneUtil.ts

#!/bin/bash
# Verify all exported source files exist
echo "=== Checking source files referenced in exports ==="
for file in \
  "tegg/core/standalone-decorator/src/decorator/index.ts" \
  "tegg/core/standalone-decorator/src/decorator/Runner.ts" \
  "tegg/core/standalone-decorator/src/typing.ts" \
  "tegg/core/standalone-decorator/src/util/index.ts" \
  "tegg/core/standalone-decorator/src/util/StandaloneUtil.ts"
do
  if [ -f "$file" ]; then
    echo "✓ Found: $file"
  else
    echo "✗ Missing: $file"
  fi
done

packages/koa/tsdown.config.ts (1)

1-10: Violates coding guideline: missing typed intermediate variable.

This configuration directly exports the result of defineConfig(), which conflicts with the coding guideline requirement to "use typed intermediate variables for tsdown and vitest configuration files."

Based on coding guidelines.

🔎 If typed intermediate variables are still required, apply this refactor

 import { defineConfig } from 'tsdown';

-export default defineConfig({
+const config = defineConfig({
   entry: {
     index: 'src/index.ts',
   },
   unused: {
     ignore: ['@types/content-disposition'],
   },
 });
+
+export default config;

tegg/core/orm-decorator/tsdown.config.ts (1)

1-7: Violates coding guideline: missing typed intermediate variable.

This file uses the same direct export pattern that was flagged in packages/cluster/tsdown.config.ts. Per coding guidelines, tsdown configuration files should use typed intermediate variables rather than directly exporting the result of defineConfig().

🔎 Recommended refactor to use typed intermediate variable

 import { defineConfig } from 'tsdown';

-export default defineConfig({
+const config = defineConfig({
   entry: {
     index: 'src/index.ts',
   },
 });
+
+export default config;

As per coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files"

tegg/core/dynamic-inject/tsdown.config.ts (1)

1-7: Violates coding guideline: missing typed intermediate variable.

Same issue as flagged in packages/cluster/tsdown.config.ts and tegg/core/orm-decorator/tsdown.config.ts - direct export pattern violates the guideline requiring typed intermediate variables.

🔎 Recommended refactor

 import { defineConfig } from 'tsdown';

-export default defineConfig({
+const config = defineConfig({
   entry: {
     index: 'src/index.ts',
   },
 });
+
+export default config;

As per coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files"

tegg/core/transaction-decorator/tsdown.config.ts (1)

1-7: Violates coding guideline: missing typed intermediate variable.

Same issue as flagged in other tsdown.config.ts files - direct export pattern violates the guideline requiring typed intermediate variables.

🔎 Recommended refactor

 import { defineConfig } from 'tsdown';

-export default defineConfig({
+const config = defineConfig({
   entry: {
     index: 'src/index.ts',
   },
 });
+
+export default config;

As per coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files"

tegg/core/tegg/tsdown.config.ts (1)

1-7: Violates coding guideline: missing typed intermediate variable.

Same issue as flagged in other tsdown.config.ts files - direct export pattern violates the guideline requiring typed intermediate variables.

🔎 Recommended refactor

 import { defineConfig } from 'tsdown';

-export default defineConfig({
+const config = defineConfig({
   entry: {
     index: 'src/index.ts',
   },
 });
+
+export default config;

As per coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files"

plugins/i18n/tsdown.config.ts (1)

1-7: Violates coding guideline: missing typed intermediate variable.

Same issue as flagged in other tsdown.config.ts files - direct export pattern violates the guideline requiring typed intermediate variables.

🔎 Recommended refactor

 import { defineConfig } from 'tsdown';

-export default defineConfig({
+const config = defineConfig({
   entry: {
     index: 'src/index.ts',
   },
 });
+
+export default config;

As per coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files"

🧹 Nitpick comments (9)

plugins/jsonp/tsdown.config.ts (1)

1-7: Consider using typed intermediate variable for consistency.

The coding guideline suggests using typed intermediate variables for tsdown configuration files. While the direct export works correctly in workspace mode, an intermediate variable improves consistency across the codebase.

🔎 Suggested refactor

 import { defineConfig } from 'tsdown';

+const config = defineConfig({
+  entry: {
+    index: 'src/index.ts',
+  },
+});
+
-export default defineConfig({
-  entry: {
-    index: 'src/index.ts',
-  },
-});
+export default config;

Based on coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files."

packages/cookies/tsdown.config.ts (1)

1-7: Consider using typed intermediate variable for consistency.

The coding guideline suggests using typed intermediate variables for tsdown configuration files. While the direct export works correctly in workspace mode, an intermediate variable improves consistency across the codebase.

🔎 Suggested refactor

 import { defineConfig } from 'tsdown';

+const config = defineConfig({
+  entry: {
+    index: 'src/index.ts',
+  },
+});
+
-export default defineConfig({
-  entry: {
-    index: 'src/index.ts',
-  },
-});
+export default config;

Based on coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files."

plugins/view-nunjucks/tsdown.config.ts (1)

1-7: Consider using typed intermediate variable for consistency.

The coding guideline suggests using typed intermediate variables for tsdown configuration files. While the direct export works correctly in workspace mode, an intermediate variable improves consistency across the codebase.

🔎 Suggested refactor

 import { defineConfig } from 'tsdown';

+const config = defineConfig({
+  entry: {
+    index: 'src/index.ts',
+  },
+});
+
-export default defineConfig({
-  entry: {
-    index: 'src/index.ts',
-  },
-});
+export default config;

Based on coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files."

tegg/core/schedule-decorator/tsdown.config.ts (1)

1-7: Consider using typed intermediate variable for consistency.

The coding guideline suggests using typed intermediate variables for tsdown configuration files. While the direct export works correctly in workspace mode, an intermediate variable improves consistency across the codebase.

🔎 Suggested refactor

 import { defineConfig } from 'tsdown';

+const config = defineConfig({
+  entry: {
+    index: 'src/index.ts',
+  },
+});
+
-export default defineConfig({
-  entry: {
-    index: 'src/index.ts',
-  },
-});
+export default config;

Based on coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files."

tegg/core/eventbus-runtime/tsdown.config.ts (1)

1-7: Consider using typed intermediate variable for consistency.

The coding guideline suggests using typed intermediate variables for tsdown configuration files. While the direct export works correctly in workspace mode, an intermediate variable improves consistency across the codebase.

🔎 Suggested refactor

 import { defineConfig } from 'tsdown';

+const config = defineConfig({
+  entry: {
+    index: 'src/index.ts',
+  },
+});
+
-export default defineConfig({
-  entry: {
-    index: 'src/index.ts',
-  },
-});
+export default config;

Based on coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files."

tegg/core/metadata/tsdown.config.ts (1)

1-7: Consider using typed intermediate variable for consistency.

The coding guideline suggests using typed intermediate variables for tsdown configuration files. While the direct export works correctly in workspace mode, an intermediate variable improves consistency across the codebase.

🔎 Suggested refactor

 import { defineConfig } from 'tsdown';

+const config = defineConfig({
+  entry: {
+    index: 'src/index.ts',
+  },
+});
+
-export default defineConfig({
-  entry: {
-    index: 'src/index.ts',
-  },
-});
+export default config;

Based on coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files."

plugins/view/tsdown.config.ts (1)

1-7: Consider using typed intermediate variable for consistency.

The coding guideline suggests using typed intermediate variables for tsdown configuration files. While the direct export works correctly in workspace mode, an intermediate variable improves consistency across the codebase.

🔎 Suggested refactor

 import { defineConfig } from 'tsdown';

+const config = defineConfig({
+  entry: {
+    index: 'src/index.ts',
+  },
+});
+
-export default defineConfig({
-  entry: {
-    index: 'src/index.ts',
-  },
-});
+export default config;

Based on coding guidelines: "Use typed intermediate variables for tsdown and vitest configuration files."

plugins/session/tsdown.config.ts (1)

1-7: Consider using typed intermediate variable for configuration.

The coding guidelines recommend using typed intermediate variables for tsdown configuration files. While the direct export pattern is concise, an intermediate variable can improve type safety and maintainability.

[Based on learnings, use typed intermediate variables for tsdown config files]

🔎 Optional refactor with typed intermediate variable

 import { defineConfig } from 'tsdown';

-export default defineConfig({
+const config = defineConfig({
   entry: {
     index: 'src/index.ts',
   },
 });
+
+export default config;

packages/errors/package.json (1)

23-78: Extensive HTTP error exports - verify tree-shaking benefits.

The exports now include individual subpath exports for all 48 HTTP status code errors (400-418, 421-431, 451, 500-511) plus base error types and framework formatters.

While this enables fine-grained imports and better tree-shaking, it creates a large public API surface to maintain. Verify that consumers actually need direct access to individual HTTP error modules rather than importing from the main entry point.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/cheerio@1.1.2 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/cheerio@1.1.2 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/cheerio@1.1.2 → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm js-beautify is 100.0% likely obfuscated Confidence: 1.00 Location: Package overview From: pnpm-lock.yaml → npm/js-beautify@1.15.4 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-beautify@1.15.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ef848ac and df7bb7b.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (107)

• CLAUDE.md (1 hunks)
• package.json (2 hunks)
• packages/cluster/package.json (0 hunks)
• packages/cluster/tsdown.config.ts (0 hunks)
• packages/cookies/package.json (0 hunks)
• packages/cookies/tsdown.config.ts (0 hunks)
• packages/core/package.json (0 hunks)
• packages/core/tsdown.config.ts (0 hunks)
• packages/egg/package.json (0 hunks)
• packages/egg/tsdown.config.ts (0 hunks)
• packages/errors/package.json (0 hunks)
• packages/errors/tsdown.config.ts (0 hunks)
• packages/extend2/package.json (0 hunks)
• packages/extend2/tsdown.config.ts (0 hunks)
• packages/koa-static-cache/package.json (0 hunks)
• packages/koa-static-cache/tsdown.config.ts (0 hunks)
• packages/koa/package.json (0 hunks)
• packages/koa/tsdown.config.ts (0 hunks)
• packages/path-matching/package.json (0 hunks)
• packages/path-matching/tsdown.config.ts (0 hunks)
• packages/router/package.json (0 hunks)
• packages/router/tsdown.config.ts (0 hunks)
• packages/supertest/package.json (0 hunks)
• packages/supertest/tsdown.config.ts (0 hunks)
• packages/utils/package.json (0 hunks)
• packages/utils/tsdown.config.ts (0 hunks)
• plugins/development/package.json (0 hunks)
• plugins/development/tsdown.config.ts (0 hunks)
• plugins/i18n/package.json (0 hunks)
• plugins/i18n/tsdown.config.ts (0 hunks)
• plugins/jsonp/package.json (0 hunks)
• plugins/jsonp/tsdown.config.ts (0 hunks)
• plugins/logrotator/package.json (0 hunks)
• plugins/logrotator/tsdown.config.ts (0 hunks)
• plugins/mock/package.json (0 hunks)
• plugins/mock/tsdown.config.ts (0 hunks)
• plugins/multipart/package.json (0 hunks)
• plugins/multipart/tsdown.config.ts (0 hunks)
• plugins/onerror/package.json (0 hunks)
• plugins/onerror/tsdown.config.ts (0 hunks)
• plugins/redis/package.json (0 hunks)
• plugins/redis/tsdown.config.ts (0 hunks)
• plugins/schedule/package.json (0 hunks)
• plugins/schedule/tsdown.config.ts (0 hunks)
• plugins/security/package.json (0 hunks)
• plugins/security/tsdown.config.ts (0 hunks)
• plugins/session/package.json (0 hunks)
• plugins/session/tsdown.config.ts (0 hunks)
• plugins/static/package.json (0 hunks)
• plugins/static/tsdown.config.ts (0 hunks)
• plugins/tracer/package.json (0 hunks)
• plugins/tracer/tsdown.config.ts (0 hunks)
• plugins/typebox-validate/package.json (0 hunks)
• plugins/typebox-validate/tsdown.config.ts (0 hunks)
• plugins/view-nunjucks/package.json (0 hunks)
• plugins/view-nunjucks/tsdown.config.ts (0 hunks)
• plugins/view/package.json (0 hunks)
• plugins/view/tsdown.config.ts (0 hunks)
• plugins/watcher/package.json (0 hunks)
• plugins/watcher/tsdown.config.ts (0 hunks)
• tegg/core/ajv-decorator/package.json (0 hunks)
• tegg/core/ajv-decorator/tsdown.config.ts (0 hunks)
• tegg/core/aop-decorator/package.json (0 hunks)
• tegg/core/aop-decorator/tsdown.config.ts (0 hunks)
• tegg/core/aop-runtime/package.json (0 hunks)
• tegg/core/aop-runtime/tsdown.config.ts (0 hunks)
• tegg/core/background-task/package.json (0 hunks)
• tegg/core/background-task/tsdown.config.ts (0 hunks)
• tegg/core/common-util/package.json (0 hunks)
• tegg/core/common-util/tsdown.config.ts (0 hunks)
• tegg/core/controller-decorator/package.json (0 hunks)
• tegg/core/controller-decorator/tsdown.config.ts (0 hunks)
• tegg/core/core-decorator/package.json (0 hunks)
• tegg/core/core-decorator/tsdown.config.ts (0 hunks)
• tegg/core/dal-decorator/package.json (0 hunks)
• tegg/core/dal-decorator/tsdown.config.ts (0 hunks)
• tegg/core/dal-runtime/package.json (0 hunks)
• tegg/core/dal-runtime/tsdown.config.ts (0 hunks)
• tegg/core/dynamic-inject-runtime/package.json (0 hunks)
• tegg/core/dynamic-inject-runtime/tsdown.config.ts (0 hunks)
• tegg/core/dynamic-inject/package.json (0 hunks)
• tegg/core/dynamic-inject/tsdown.config.ts (0 hunks)
• tegg/core/eventbus-decorator/package.json (0 hunks)
• tegg/core/eventbus-decorator/tsdown.config.ts (0 hunks)
• tegg/core/eventbus-runtime/package.json (0 hunks)
• tegg/core/eventbus-runtime/tsdown.config.ts (0 hunks)
• tegg/core/lifecycle/package.json (0 hunks)
• tegg/core/lifecycle/tsdown.config.ts (0 hunks)
• tegg/core/loader/package.json (0 hunks)
• tegg/core/loader/tsdown.config.ts (0 hunks)
• tegg/core/metadata/package.json (0 hunks)
• tegg/core/metadata/tsdown.config.ts (0 hunks)
• tegg/core/orm-decorator/package.json (0 hunks)
• tegg/core/orm-decorator/tsdown.config.ts (0 hunks)
• tegg/core/runtime/package.json (0 hunks)
• tegg/core/runtime/tsdown.config.ts (0 hunks)
• tegg/core/schedule-decorator/package.json (0 hunks)
• tegg/core/schedule-decorator/tsdown.config.ts (0 hunks)
• tegg/core/standalone-decorator/package.json (0 hunks)
• tegg/core/standalone-decorator/tsdown.config.ts (0 hunks)
• tegg/core/tegg/package.json (0 hunks)
• tegg/core/tegg/tsdown.config.ts (0 hunks)
• tegg/core/test-util/package.json (0 hunks)
• tegg/core/test-util/tsdown.config.ts (0 hunks)
• tegg/core/transaction-decorator/package.json (0 hunks)
• tegg/core/transaction-decorator/tsdown.config.ts (0 hunks)
• tegg/core/types/package.json (0 hunks)

⛔ Files not processed due to max files limit (31)

• tegg/core/types/tsdown.config.ts
• tegg/plugin/ajv/package.json
• tegg/plugin/ajv/tsdown.config.ts
• tegg/plugin/aop/package.json
• tegg/plugin/aop/tsdown.config.ts
• tegg/plugin/common/package.json
• tegg/plugin/common/tsdown.config.ts
• tegg/plugin/config/package.json
• tegg/plugin/config/tsdown.config.ts
• tegg/plugin/controller/package.json
• tegg/plugin/controller/tsdown.config.ts
• tegg/plugin/dal/package.json
• tegg/plugin/dal/tsdown.config.ts
• tegg/plugin/eventbus/package.json
• tegg/plugin/eventbus/tsdown.config.ts
• tegg/plugin/orm/package.json
• tegg/plugin/orm/tsdown.config.ts
• tegg/plugin/schedule/package.json
• tegg/plugin/schedule/tsdown.config.ts
• tegg/plugin/tegg/package.json
• tegg/plugin/tegg/tsdown.config.ts
• tegg/standalone/standalone/package.json
• tegg/standalone/standalone/tsdown.config.ts
• tools/create-egg/package.json
• tools/create-egg/tsdown.config.ts
• tools/egg-bin/package.json
• tools/egg-bin/tsdown.config.ts
• tools/scripts/package.json
• tools/scripts/tsdown.config.ts
• tsdown.config.json
• tsdown.config.ts

💤 Files with no reviewable changes (105)

• plugins/static/package.json
• packages/path-matching/package.json
• plugins/security/package.json
• plugins/schedule/package.json
• packages/cookies/tsdown.config.ts
• plugins/typebox-validate/package.json
• tegg/core/runtime/package.json
• tegg/core/loader/package.json
• tegg/core/schedule-decorator/package.json
• tegg/core/controller-decorator/tsdown.config.ts
• tegg/core/metadata/package.json
• tegg/core/dynamic-inject/package.json
• tegg/core/common-util/package.json
• tegg/core/aop-runtime/package.json
• packages/cluster/package.json
• plugins/jsonp/package.json
• plugins/view/package.json
• plugins/logrotator/package.json
• plugins/view/tsdown.config.ts
• tegg/core/core-decorator/tsdown.config.ts
• tegg/core/dal-runtime/package.json
• tegg/core/transaction-decorator/package.json
• tegg/core/ajv-decorator/package.json
• packages/cookies/package.json
• packages/router/tsdown.config.ts
• packages/router/package.json
• packages/core/tsdown.config.ts
• tegg/core/tegg/package.json
• plugins/i18n/package.json
• packages/koa-static-cache/package.json
• packages/errors/package.json
• tegg/core/controller-decorator/package.json
• tegg/core/runtime/tsdown.config.ts
• tegg/core/dal-decorator/tsdown.config.ts
• plugins/redis/package.json
• tegg/core/dal-decorator/package.json
• plugins/jsonp/tsdown.config.ts
• plugins/static/tsdown.config.ts
• tegg/core/aop-decorator/package.json
• tegg/core/eventbus-decorator/package.json
• packages/koa/tsdown.config.ts
• tegg/core/background-task/tsdown.config.ts
• packages/supertest/tsdown.config.ts
• packages/extend2/package.json
• plugins/logrotator/tsdown.config.ts
• plugins/development/tsdown.config.ts
• packages/egg/tsdown.config.ts
• tegg/core/common-util/tsdown.config.ts
• tegg/core/core-decorator/package.json
• plugins/multipart/package.json
• plugins/development/package.json
• plugins/view-nunjucks/package.json
• tegg/core/orm-decorator/package.json
• tegg/core/aop-runtime/tsdown.config.ts
• tegg/core/dynamic-inject-runtime/tsdown.config.ts
• plugins/mock/tsdown.config.ts
• tegg/core/schedule-decorator/tsdown.config.ts
• plugins/schedule/tsdown.config.ts
• plugins/multipart/tsdown.config.ts
• plugins/redis/tsdown.config.ts
• tegg/core/standalone-decorator/package.json
• plugins/typebox-validate/tsdown.config.ts
• tegg/core/lifecycle/package.json
• tegg/core/metadata/tsdown.config.ts
• tegg/core/test-util/package.json
• tegg/core/transaction-decorator/tsdown.config.ts
• tegg/core/lifecycle/tsdown.config.ts
• packages/errors/tsdown.config.ts
• plugins/tracer/tsdown.config.ts
• packages/supertest/package.json
• packages/utils/tsdown.config.ts
• tegg/core/eventbus-decorator/tsdown.config.ts
• plugins/watcher/package.json
• packages/utils/package.json
• plugins/mock/package.json
• packages/cluster/tsdown.config.ts
• tegg/core/standalone-decorator/tsdown.config.ts
• packages/core/package.json
• plugins/session/package.json
• packages/extend2/tsdown.config.ts
• tegg/core/dynamic-inject/tsdown.config.ts
• tegg/core/test-util/tsdown.config.ts
• plugins/onerror/package.json
• tegg/core/loader/tsdown.config.ts
• packages/path-matching/tsdown.config.ts
• packages/koa-static-cache/tsdown.config.ts
• packages/koa/package.json
• tegg/core/orm-decorator/tsdown.config.ts
• tegg/core/ajv-decorator/tsdown.config.ts
• tegg/core/types/package.json
• tegg/core/aop-decorator/tsdown.config.ts
• tegg/core/dal-runtime/tsdown.config.ts
• plugins/tracer/package.json
• tegg/core/eventbus-runtime/package.json
• tegg/core/tegg/tsdown.config.ts
• tegg/core/dynamic-inject-runtime/package.json
• tegg/core/background-task/package.json
• plugins/session/tsdown.config.ts
• plugins/security/tsdown.config.ts
• packages/egg/package.json
• plugins/view-nunjucks/tsdown.config.ts
• plugins/i18n/tsdown.config.ts
• plugins/watcher/tsdown.config.ts
• plugins/onerror/tsdown.config.ts
• tegg/core/eventbus-runtime/tsdown.config.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• CLAUDE.md

🧰 Additional context used

📓 Path-based instructions (1)

package.json

📄 CodeRabbit inference engine (CLAUDE.md)

Dependencies defined in pnpm-workspace.yaml catalog must be referenced using catalog: in package.json files

Files:

• package.json

🧠 Learnings (15)

📓 Common learnings

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/*/tsdown.config.ts : Use tsdown for unbundled ESM builds that preserves file structure; configure via tsdown.config.ts in each package

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/**/*.ts : Use TypeScript throughout all packages in the Eggjs monorepo

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Applies to tegg/**/{core,plugin,standalone}/*/package.json : Use workspace:* protocol for internal monorepo dependencies in tegg package.json files

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.948Z
Learning: Maintain Egg as a pnpm monorepo with core runtime code in `packages/egg`, supporting modules in `packages/core`, `packages/cluster`, and `packages/utils`, optional integrations under `plugins/`, examples in `examples/`, documentation site in `site/`, and unit tests beside packages under `test/` directories with fixtures in `test/fixtures/`

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to plugins/*/tsdown.config.ts : All future plugins must use the standard tsdown configuration template with entry, unbundle, dts, and exports settings

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to {packages,plugins,tools}/**/tsconfig.json : All sub-project TypeScript configurations must extend from workspace root tsconfig.json with minimal configuration

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to {tsdown.config.ts,vitest.config.ts} : Use typed intermediate variables for tsdown and vitest configuration files

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/*/tsconfig.json : All sub-project tsconfig.json files MUST extend from root tsconfig.json using 'extends': '../../tsconfig.json'

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to {packages,plugins,tools}/**/tsconfig.build.json : All sub-project build TypeScript configurations must extend from root tsconfig.build.json

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Use pnpm workspaces with catalog: protocol for shared external dependencies centralized in root pnpm-workspace.yaml

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/**/*.ts : Use strict TypeScript mode in all packages

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/*/tsdown.config.ts : Use tsdown for unbundled ESM builds that preserves file structure; configure via tsdown.config.ts in each package

Applied to files:

• package.json

📚 Learning: 2025-12-12T16:02:35.012Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Applies to tegg/**/{core,plugin,standalone}/*/package.json : Include standard npm scripts in package.json: typecheck, clean, and build

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:44.351Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to plugins/*/tsdown.config.ts : All future plugins must use the standard tsdown configuration template with entry, unbundle, dts, and exports settings

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:44.351Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to **/{packages,plugins,tools}/**/package.json : All packages must include TypeScript type checking with tsc --noEmit in typecheck script

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:59.948Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.948Z
Learning: Build all packages with `pnpm run build`

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Build all packages first using 'pnpm run build' before making changes, then validate with lint, tests, and documentation site checks

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Run bootstrap and build commands in sequence: corepack enable pnpm → pnpm install → pnpm run build → pnpm run lint

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:59.948Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.948Z
Learning: Lint with `pnpm run lint` and run `pnpm run typecheck` before large refactors

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:44.351Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to plugins/*/package.json : All plugin package.json files must include build, typecheck, lint, test, and prepublishOnly scripts

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Run 'pnpm run build' after making changes (set timeout to 60+ seconds) and never cancel the command

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to pnpm-workspace.yaml : Define dependencies in pnpm-workspace.yaml catalog section and reference catalog entries with 'package-name': 'catalog:' or internal workspace dependencies with 'package-name': 'workspace:*'

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:44.351Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to package.json : Dependencies defined in pnpm-workspace.yaml catalog must be referenced using catalog: in package.json files

Applied to files:

• package.json

📚 Learning: 2025-12-12T16:02:35.012Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Use pnpm workspaces with catalog: protocol for shared external dependencies centralized in root pnpm-workspace.yaml

Applied to files:

• package.json

📚 Learning: 2025-12-12T16:02:35.012Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Applies to tegg/**/{core,plugin,standalone}/*/package.json : Use catalog: protocol for external shared dependencies in tegg package.json files

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: CodeQL analysis (javascript-typescript)
• GitHub Check: Agent
• GitHub Check: Test bin (windows-latest, 22, 2/3)
• GitHub Check: Test bin (windows-latest, 22, 0/3)
• GitHub Check: Test bin (ubuntu-latest, 22, 0/3)
• GitHub Check: typecheck
• GitHub Check: Cloudflare Pages: egg-v3

🔇 Additional comments (2)

package.json (2)

14-14: LGTM! Clear script alias for workspace-level tsdown.

The tsdown script provides a direct alias to the tsdown command, aligning with the migration to workspace mode.

---

63-63: LGTM! Correct use of catalog: protocol.

The tsdown devDependency correctly uses the catalog: protocol as required by the coding guidelines.

Based on coding guidelines, dependencies defined in pnpm-workspace.yaml catalog must be referenced using catalog: in package.json files.

[Copilot]

Pull request overview

Copilot reviewed 138 out of 139 changed files in this pull request and generated 45 comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

Comments suppressed due to low confidence (2)

plugins/onerror/tsdown.config.ts:10

• This custom config is missing the entry field. Since the root workspace config sets entry: 'src/**/*.ts', this package will build all TypeScript files. If the package needs to copy assets, it should also specify the entry pattern explicitly for clarity and to ensure correct build behavior.
  packages/egg/tsdown.config.ts:10
• This custom config is missing the entry field. Since the root workspace config sets entry: 'src/**/*.ts', this package will build all TypeScript files. If the package needs to copy assets, it should also specify the entry pattern explicitly for clarity and to ensure correct build behavior.

const config: UserConfig = defineConfig({
  copy: [
    {
      from: 'src/config/favicon.png',
      to: 'dist/config/favicon.png',
    },
  ],
});

[Copilot]

The build script has been removed but prepublishOnly still references it. This will cause publish failures. Either add the build script back or update prepublishOnly to call the workspace build command.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

package.json (1)

16-16: Verify resolution of prepublishOnly script failures flagged in previous review.

A previous review identified that 59 packages have prepublishOnly scripts that call npm run build or pnpm run build, but after centralizing the build to the workspace root, these packages lack local build scripts. This causes publishing to fail when prepublishOnly runs in each package's isolated context.

The root build script changes here are correct for workspace mode, but child packages must be updated to either:

1. Add local build scripts that delegate to the workspace build, or
2. Remove prepublishOnly scripts and ensure pnpm run build is executed at workspace level before publishing

Verify if this critical issue has been resolved:

#!/bin/bash
# Description: Check if packages with prepublishOnly still lack build scripts

echo "=== Packages with prepublishOnly but no build script ==="
fd package.json packages plugins tools tegg -t f -E node_modules --exec sh -c '
  pkg="$1"
  has_prepublish=$(jq -r ".scripts.prepublishOnly // empty" "$pkg" 2>/dev/null)
  has_build=$(jq -r ".scripts.build // empty" "$pkg" 2>/dev/null)
  if [ -n "$has_prepublish" ] && [ -z "$has_build" ]; then
    name=$(jq -r ".name // \"unnamed\"" "$pkg" 2>/dev/null)
    echo "Package: $name ($(dirname $pkg))"
    echo "  prepublishOnly: $has_prepublish"
    echo "  build: MISSING"
    echo "---"
  fi
' _ {} \; | head -50

echo -e "\n=== Count summary ==="
AFFECTED=$(fd package.json packages plugins tools tegg -t f -E node_modules --exec sh -c '
  pkg="$1"
  has_prepublish=$(jq -r ".scripts.prepublishOnly // empty" "$pkg" 2>/dev/null)
  has_build=$(jq -r ".scripts.build // empty" "$pkg" 2>/dev/null)
  if [ -n "$has_prepublish" ] && [ -z "$has_build" ]; then
    echo "1"
  fi
' _ {} \; | wc -l)
echo "Packages with prepublishOnly but no build script: $AFFECTED"

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between df7bb7b and 8f84e6b.

📒 Files selected for processing (3)

• package.json (2 hunks)
• tegg/core/types/package.json (0 hunks)
• tegg/core/types/tsdown.config.ts (0 hunks)

💤 Files with no reviewable changes (2)

• tegg/core/types/tsdown.config.ts
• tegg/core/types/package.json

🧰 Additional context used

📓 Path-based instructions (1)

package.json

📄 CodeRabbit inference engine (CLAUDE.md)

Dependencies defined in pnpm-workspace.yaml catalog must be referenced using catalog: in package.json files

Files:

• package.json

🧠 Learnings (19)

📓 Common learnings

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/*/tsdown.config.ts : Use tsdown for unbundled ESM builds that preserves file structure; configure via tsdown.config.ts in each package

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/**/*.ts : Use TypeScript throughout all packages in the Eggjs monorepo

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Applies to tegg/**/{core,plugin,standalone}/*/package.json : Use workspace:* protocol for internal monorepo dependencies in tegg package.json files

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.948Z
Learning: Maintain Egg as a pnpm monorepo with core runtime code in `packages/egg`, supporting modules in `packages/core`, `packages/cluster`, and `packages/utils`, optional integrations under `plugins/`, examples in `examples/`, documentation site in `site/`, and unit tests beside packages under `test/` directories with fixtures in `test/fixtures/`

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to {packages,plugins,tools}/**/tsconfig.json : All sub-project TypeScript configurations must extend from workspace root tsconfig.json with minimal configuration

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to plugins/*/tsdown.config.ts : All future plugins must use the standard tsdown configuration template with entry, unbundle, dts, and exports settings

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to {tsdown.config.ts,vitest.config.ts} : Use typed intermediate variables for tsdown and vitest configuration files

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/*/tsconfig.json : All sub-project tsconfig.json files MUST extend from root tsconfig.json using 'extends': '../../tsconfig.json'

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to {packages,plugins,tools}/**/tsconfig.build.json : All sub-project build TypeScript configurations must extend from root tsconfig.build.json

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Use pnpm workspaces with catalog: protocol for shared external dependencies centralized in root pnpm-workspace.yaml

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Use pnpm workspaces for dependency management in monorepo packages

📚 Learning: 2025-12-12T16:02:35.012Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Applies to tegg/**/{core,plugin,standalone}/*/package.json : Include standard npm scripts in package.json: typecheck, clean, and build

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Build all packages first using 'pnpm run build' before making changes, then validate with lint, tests, and documentation site checks

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:44.351Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to plugins/*/package.json : All plugin package.json files must include build, typecheck, lint, test, and prepublishOnly scripts

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:44.351Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to **/{packages,plugins,tools}/**/package.json : All packages must include TypeScript type checking with tsc --noEmit in typecheck script

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:59.948Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.948Z
Learning: Build all packages with `pnpm run build`

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:59.948Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.948Z
Learning: Lint with `pnpm run lint` and run `pnpm run typecheck` before large refactors

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/*/tsdown.config.ts : Use tsdown for unbundled ESM builds that preserves file structure; configure via tsdown.config.ts in each package

Applied to files:

• package.json

📚 Learning: 2025-12-12T16:02:35.012Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Applies to tegg/**/{core,plugin,standalone}/*/package.json : Use catalog: protocol for external shared dependencies in tegg package.json files

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:59.948Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.948Z
Learning: Maintain Egg as a pnpm monorepo with core runtime code in `packages/egg`, supporting modules in `packages/core`, `packages/cluster`, and `packages/utils`, optional integrations under `plugins/`, examples in `examples/`, documentation site in `site/`, and unit tests beside packages under `test/` directories with fixtures in `test/fixtures/`

Applied to files:

• package.json

📚 Learning: 2025-12-12T16:02:35.012Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Applies to tegg/**/{core,plugin,standalone}/*/package.json : Use workspace:* protocol for internal monorepo dependencies in tegg package.json files

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:44.351Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to plugins/*/package.json : All plugin package.json files must include egg in peerDependencies

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/**/*.ts : Use TypeScript throughout all packages in the Eggjs monorepo

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Run 'pnpm run build' after making changes (set timeout to 60+ seconds) and never cancel the command

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Run bootstrap and build commands in sequence: corepack enable pnpm → pnpm install → pnpm run build → pnpm run lint

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:59.948Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.948Z
Learning: Run `pnpm run test` for Vitest suite or `pnpm run test:cov` for coverage before submitting

Applied to files:

• package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to pnpm-workspace.yaml : Define dependencies in pnpm-workspace.yaml catalog section and reference catalog entries with 'package-name': 'catalog:' or internal workspace dependencies with 'package-name': 'workspace:*'

Applied to files:

• package.json

📚 Learning: 2025-12-20T09:24:44.351Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-20T09:24:44.351Z
Learning: Applies to package.json : Dependencies defined in pnpm-workspace.yaml catalog must be referenced using catalog: in package.json files

Applied to files:

• package.json

📚 Learning: 2025-12-12T16:02:35.012Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-12T16:02:35.012Z
Learning: Use pnpm workspaces with catalog: protocol for shared external dependencies centralized in root pnpm-workspace.yaml

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (16)

• GitHub Check: Test (macos-latest, 20, 2/3)
• GitHub Check: Test (windows-latest, 20, 2/3)
• GitHub Check: Test (macos-latest, 20, 3/3)
• GitHub Check: Test (macos-latest, 22, 3/3)
• GitHub Check: Test (windows-latest, 22, 1/3)
• GitHub Check: Test (macos-latest, 22, 1/3)
• GitHub Check: Test (windows-latest, 20, 1/3)
• GitHub Check: Test (windows-latest, 20, 3/3)
• GitHub Check: Test (windows-latest, 24, 3/3)
• GitHub Check: Test (windows-latest, 24, 1/3)
• GitHub Check: Test (windows-latest, 22, 3/3)
• GitHub Check: Test (windows-latest, 24, 2/3)
• GitHub Check: Test (windows-latest, 22, 2/3)
• GitHub Check: typecheck
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Cloudflare Pages: egg-v3

🔇 Additional comments (3)

package.json (3)

13-14: LGTM! Clean scripts properly centralized.

The clean-dist script centralizes artifact removal, and running it in prelint ensures type-aware linting operates on fresh state. The clean script properly sequences parallel package cleaning followed by centralized cleanup.

Also applies to: 18-18

---

15-16: LGTM! Root build script properly delegates to workspace tsdown.

The tsdown and build scripts correctly implement workspace mode by running tsdown once at the root level to build all packages.

---

66-66: LGTM! Dependency correctly uses catalog protocol.

The tsdown devDependency correctly references the catalog per coding guidelines.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.61%. Comparing base (6de1d54) to head (f93d23f).
⚠️ Report is 1 commits behind head on next.

Additional details and impacted files

@@            Coverage Diff             @@
##             next    #5738      +/-   ##
==========================================
- Coverage   87.62%   87.61%   -0.02%     
==========================================
  Files         569      563       -6     
  Lines       10941    10930      -11     
  Branches     1238     1238              
==========================================
- Hits         9587     9576      -11     
  Misses       1270     1270              
  Partials       84       84              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Copilot reviewed 212 out of 214 changed files in this pull request and generated no new comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[Copilot]

Pull request overview

Copilot reviewed 244 out of 246 changed files in this pull request and generated no new comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	keygrip@​1.1.0
	@​types/​encodeurl@​1.0.3
	@​types/​koa-range@​0.3.5
	@​types/​lodash.snakecase@​4.1.9
	@​types/​sqlstring@​2.3.2
	@​types/​destroy@​1.0.3
	husky@​9.1.7
	@​types/​fresh@​0.5.3
	@​types/​fs-readdir-recursive@​1.1.3
	@​types/​vary@​1.1.3
	@​types/​parseurl@​1.3.3
	@​types/​on-finished@​2.3.5
	@​types/​stack-trace@​0.0.33
	@​types/​mime-types@​3.0.1
	@​types/​type-is@​1.6.7
	@​vitest/​coverage-v8@​4.0.15
	@​types/​js-beautify@​1.14.3
	@​types/​body-parser@​1.19.6
	@​types/​express@​5.0.3
	@​types/​js-yaml@​4.0.9
	@​types/​cookies@​0.9.1
	@​typescript/​native-preview@​7.0.0-dev.20251210.1
	@​types/​nunjucks@​3.2.6
	@​types/​escape-html@​1.0.4
	assert-file@​1.0.0
	@​types/​content-type@​1.1.9
	@​types/​common-tags@​1.8.4
	egg-plugin-puml@​2.4.0
	@​eggjs/​compressible@​3.0.0
	@​types/​extend@​3.0.4
	esbuild@​0.27.0
	@​types/​safe-timers@​1.1.2
	@​types/​urijs@​1.19.25
See 86 more rows in the dashboard

View full report

[Copilot]

Pull request overview

Copilot reviewed 245 out of 247 changed files in this pull request and generated no new comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[Copilot]

Pull request overview

Copilot reviewed 247 out of 249 changed files in this pull request and generated no new comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[Copilot]

Pull request overview

Copilot reviewed 247 out of 249 changed files in this pull request and generated no new comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported