feat(workflow): add versioned stream event schema system

[BjornMelin]

This pull request introduces a robust and documented Bun-first build policy, refactors build scripts for reliability, upgrades dependencies, and updates several workflow and code conventions to improve maintainability and error handling. The most significant changes focus on the build process, schema versioning, and dependency management.

Build Process Modernization and Policy

• Introduced a new documented build runtime policy (docs/ops/build-runtime.md) outlining a Bun-first, deterministic fallback strategy, including details on transient failure handling and CI/Vercel policies.
• Added scripts/build-next.sh to encapsulate the new build logic: attempts Bun build, retries on known transient errors, and falls back to Node only for specific failure signatures.
• Updated package.json scripts to use the new build entrypoints and fallback logic, including build:next:auto, build:next:bun, build:next:node, and build:strict-bun.
• Added a new non-blocking CI job (build-bun-strict) to run strict Bun-only builds and upload logs for canary signal.
• Clarified Bun version handling in CI setup and documentation. [1] [2]

Dependency and Package Management

• Upgraded multiple dependencies and devDependencies to their latest versions, and added overrides in package.json to ensure consistent versions for critical packages. [1] [2] [3]
• Disabled Turbopack filesystem cache for builds in next.config.ts to improve build reliability pending further benchmarking.

Schema and Versioning Updates

• Updated event and message schemas across chat, code-mode, and run-stream clients to include domain and version: 2 fields, and updated storage key versioning for session data. (src/app/(app)/projects/[projectId]/chat/chat-client.tsxL96-R102, src/app/(app)/projects/[projectId]/chat/chat-client.tsxR151-R153, src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsxR34, src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsxR51, src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsxL200-R202, src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsxL215-R217, src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsxL99-R99, src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsxR51-R56, src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsxR97-R102, [1] [2]

Codebase and Linting Cleanup

• Removed unused TypeScript ESLint plugin import from eslint.config.js for cleanup. [1] [2]
• Updated import paths for workflow stream events to reflect new shared location. (src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsxL21-R21)

Documentation and Developer Experience

• Updated developer docs to clarify build commands and their purposes, distinguishing between fallback and strict Bun builds.

These changes collectively improve build reliability, observability, and developer clarity, while modernizing dependencies and enforcing clearer schema versioning throughout the codebase.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
ai-agent-builder	Ready	Preview, Comment	Feb 17, 2026 9:46am

[coderabbitai]

Walkthrough

This PR centralizes workflow stream event schemas into a new shared module, replacing removed per-file schemas, and updates producers/consumers to use domain + version-enveloped events (schemaVersion: 2). It adds a server-only workflow runtime re-export module and updates many imports to that path. Network policy constants and shapes were changed, and build/CI was extended with a Bun strict build path and documentation for Bun-first builds. Multiple package versions and package.json scripts/overrides were updated.

Possibly related PRs

• feat: implementation runs code mode; sandbox; ctx-zip + bash tooling; repo + deploy agent automation #29 — Consolidates run/code-mode stream schemas and usages that this PR replaces with the shared workflow-stream-events module.
• feat: agent registry research mcp + tools #26 — Modifies run-stream event types and exports that overlap with this PR’s refactor of run stream types/imports.
• feat: unify durable runs workflow devkit #17 — Touches run streaming and project-run workflow surfaces that are migrated here to the new shared event schema and runtime imports.

Suggested labels

workflow

🚥 Pre-merge checks | ✅ 6 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 44.44% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (6 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(workflow): add versioned stream event schema system' is partially related to the changeset but does not capture the main change, which is a comprehensive modernization of the build process, dependency upgrades, and schema versioning.
Description check	✅ Passed	The description is well-related to the changeset, providing detailed explanations of the build process modernization, dependency management, schema and versioning updates, and codebase cleanups that align with the actual changes.
React + Next.Js Best Practices	✅ Passed	PR demonstrates strong React + Next.js best practices with schema versioning, proper error handling in storage migrations, bundle optimization through import consolidation, and no detected waterfalls.
Docstring & Research Standards	✅ Passed	Pull request passes all mandatory quality gates including Biome CI, linting, promise handling, test hygiene, documentation coverage, formatting, and character policies.
Web Interface Guidelines	✅ Passed	PR modifications are limited to type definitions, storage key versioning, and import paths with no impact on UI behavior, form interactions, accessibility, or animations.
Google Python Style Compliance	✅ Passed	No Python files outside node_modules were found; Google Python Style Guide compliance check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/upgrade-deps

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

Review Summary by Qodo

Standardize workflow stream events with versioning and implement Bun-first build strategy

✨ Enhancement 🧪 Tests

Walkthroughs

Description

• Centralize workflow runtime imports and standardize stream event schemas with versioning
• Add Bun-first build strategy with deterministic Node fallback for transient failures
• Update approval and chat hooks to include schemaVersion field for compatibility
• Migrate stream event definitions to unified workflow-stream-events module
• Refactor sandbox network policy to use new Vercel SDK API (string literals and allow field)

Diagram

flowchart LR
  A["Build Scripts"] -->|"auto/bun/node modes"| B["build-next.sh"]
  B -->|"Bun primary"| C["Next.js Build"]
  B -->|"Known transient failure"| D["Bun Retry"]
  D -->|"Still fails"| E["Node Fallback"]
  F["Stream Events"] -->|"Unified schema v2"| G["workflow-stream-events"]
  G -->|"domain + version"| H["Run/Chat/CodeMode Events"]
  I["Workflow Runtime"] -->|"Centralized imports"| J["workflow-runtime.server"]
  J -->|"Used by"| K["Route Handlers & Helpers"]

Loading

File Changes

1. scripts/build-next.sh ✨ Enhancement +128/-0

New Bun-first build script with fallback logic

scripts/build-next.sh

---

2. src/workflows/_shared/workflow-runtime.server.ts ✨ Enhancement +13/-0

Centralized server-side Workflow DevKit runtime exports

src/workflows/_shared/workflow-runtime.server.ts

---

3. src/workflows/_shared/workflow-stream-events.ts ✨ Enhancement +217/-0

Unified stream event schemas with domain and version fields

src/workflows/_shared/workflow-stream-events.ts

---

View more (45)

4. next.config.ts ⚙️ Configuration changes +3/-0

Disable Turbopack filesystem cache for build reliability

next.config.ts

---

5. package.json Dependencies +42/-27

Update dependencies and add build script variants

package.json

---

6. src/workflows/approvals/hooks/approval.ts ✨ Enhancement +1/-0

Add schemaVersion literal to approval resume payload

src/workflows/approvals/hooks/approval.ts

---

7. src/workflows/chat/hooks/chat-message.ts ✨ Enhancement +1/-0

Add schemaVersion literal to chat message hook schema

src/workflows/chat/hooks/chat-message.ts

---

8. src/lib/runs/code-mode-stream.ts Miscellaneous +0/-49

Remove file, migrate to unified workflow-stream-events

src/lib/runs/code-mode-stream.ts

---

9. src/lib/runs/run-stream.ts Miscellaneous +0/-63

Remove file, migrate to unified workflow-stream-events

src/lib/runs/run-stream.ts

---

10. src/lib/sandbox/network-policy.server.ts ✨ Enhancement +3/-5

Update to new Vercel SDK NetworkPolicy API format

src/lib/sandbox/network-policy.server.ts

---

11. src/lib/sandbox/network-policy.server.test.ts 🧪 Tests +14/-12

Update tests for new NetworkPolicy string and allow field

src/lib/sandbox/network-policy.server.test.ts

---

12. src/workflows/chat/steps/writer.step.ts ✨ Enhancement +4/-3

Use createChatUserMessageMarker for envelope fields

src/workflows/chat/steps/writer.step.ts

---

13. src/workflows/code-mode/steps/writer.step.ts ✨ Enhancement +9/-3

Use createCodeModeStreamEvent for envelope fields

src/workflows/code-mode/steps/writer.step.ts

---

14. src/workflows/runs/steps/writer.step.ts ✨ Enhancement +9/-3

Use createRunStreamEvent for envelope fields

src/workflows/runs/steps/writer.step.ts

---

15. src/app/api/chat/[runId]/route.ts ✨ Enhancement +1/-0

Add schemaVersion to chat message resume payload

src/app/api/chat/[runId]/route.ts

---

16. src/app/api/approvals/route.ts ✨ Enhancement +1/-0

Add schemaVersion to approval hook resume payload

src/app/api/approvals/route.ts

---

17. src/app/(app)/projects/[projectId]/chat/chat-client.tsx ✨ Enhancement +6/-2

Update UserMessageMarker type with domain and version

src/app/(app)/projects/[projectId]/chat/chat-client.tsx

---

18. src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx ✨ Enhancement +5/-3

Update event schema and storage key versioning to v2

src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

---

19. src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx ✨ Enhancement +2/-2

Update storage key versioning and import from unified module

src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx

---

20. .github/workflows/ci.yml ⚙️ Configuration changes +31/-0

Add non-blocking build-bun-strict canary job

.github/workflows/ci.yml

---

21. docs/ops/build-runtime.md 📝 Documentation +49/-0

Document Bun-first build policy and fallback strategy

docs/ops/build-runtime.md

---

22. AGENTS.md 📝 Documentation +2/-1

Document new build script variants and Bun-first approach

AGENTS.md

---

23. .github/actions/ci-setup/action.yml Additional files +1/-1

...

.github/actions/ci-setup/action.yml

---

24. eslint.config.js Additional files +0/-2

...

eslint.config.js

---

25. src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx Additional files +4/-0

...

src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx

---

26. src/app/api/approvals/__tests__/route.test.ts Additional files +1/-0

...

src/app/api/approvals/tests/route.test.ts

---

27. src/app/api/chat/[runId]/__tests__/route.test.ts Additional files +4/-0

...

src/app/api/chat/[runId]/tests/route.test.ts

---

28. src/app/api/chat/[runId]/cancel/route.ts Additional files +1/-2

...

src/app/api/chat/[runId]/cancel/route.ts

---

29. src/app/api/chat/[runId]/stream/route.ts Additional files +1/-1

...

src/app/api/chat/[runId]/stream/route.ts

---

30. src/app/api/chat/route.ts Additional files +1/-1

...

src/app/api/chat/route.ts

---

31. src/app/api/code-mode/[runId]/stream/route.ts Additional files +1/-1

...

src/app/api/code-mode/[runId]/stream/route.ts

---

32. src/app/api/runs/[runId]/stream/route.ts Additional files +1/-1

...

src/app/api/runs/[runId]/stream/route.ts

---

33. src/app/api/skills/registry/install/route.ts Additional files +5/-2

...

src/app/api/skills/registry/install/route.ts

---

34. src/app/api/skills/registry/status/route.ts Additional files +1/-1

...

src/app/api/skills/registry/status/route.ts

---

35. src/lib/runs/code-mode-stream.test.ts Additional files +49/-7

...

src/lib/runs/code-mode-stream.test.ts

---

36. src/lib/runs/code-mode.server.ts Additional files +1/-2

...

src/lib/runs/code-mode.server.ts

---

37. src/lib/runs/project-run.server.ts Additional files +1/-2

...

src/lib/runs/project-run.server.ts

---

38. src/lib/sandbox/sandbox-runner.server.test.ts Additional files +2/-2

...

src/lib/sandbox/sandbox-runner.server.test.ts

---

39. src/workflows/chat/hooks/chat-message.test.ts Additional files +13/-5

...

src/workflows/chat/hooks/chat-message.test.ts

---

40. src/workflows/chat/steps/writer.step.test.ts Additional files +6/-0

...

src/workflows/chat/steps/writer.step.test.ts

---

41. src/workflows/code-mode/steps/code-mode.step.test.ts Additional files +16/-6

...

src/workflows/code-mode/steps/code-mode.step.test.ts

---

42. src/workflows/code-mode/steps/code-mode.step.ts Additional files +9/-3

...

src/workflows/code-mode/steps/code-mode.step.ts

---

43. src/workflows/code-mode/steps/writer.step.test.ts Additional files +9/-3

...

src/workflows/code-mode/steps/writer.step.test.ts

---

44. src/workflows/runs/project-run.workflow.ts Additional files +2/-2

...

src/workflows/runs/project-run.workflow.ts

---

45. src/workflows/runs/steps/writer.step.test.ts Additional files +2/-0

...

src/workflows/runs/steps/writer.step.test.ts

---

46. src/workflows/runs/workflow-errors.test.ts Additional files +1/-1

...

src/workflows/runs/workflow-errors.test.ts

---

47. src/workflows/runs/workflow-errors.ts Additional files +1/-1

...

src/workflows/runs/workflow-errors.ts

---

48. vercel.json Additional files +2/-1

...

vercel.json

---

[Copilot]

Pull request overview

This PR introduces a robust, documented Bun-first build strategy with fallback mechanisms, upgrades dependencies, and implements schema versioning (v2) across workflow stream events. The changes focus on improving build reliability, maintainability, and establishing clear API versioning.

Changes:

• Implemented Bun-first build policy with deterministic Node fallback for known transient failures
• Added schema version 2 with domain and version fields to all workflow stream events
• Upgraded 40+ dependencies and added package overrides for version consistency
• Centralized workflow runtime imports and updated network policy API usage

Reviewed changes

Copilot reviewed 48 out of 49 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
scripts/build-next.sh	New build orchestration script with transient error detection and runtime fallback logic
package.json	Updated build scripts, dependency upgrades, added overrides section
docs/ops/build-runtime.md	Comprehensive build policy documentation
.github/workflows/ci.yml	Added non-blocking strict-Bun canary build job
vercel.json	Added frozen lockfile install command
next.config.ts	Disabled Turbopack filesystem cache pending benchmarking
src/workflows/_shared/workflow-stream-events.ts	New centralized stream event schemas with v2 versioning
src/workflows/*/writer.step.ts	Updated to use centralized event creators with envelope fields
src/lib/sandbox/network-policy.server.ts	Updated to new Vercel Sandbox network policy API
src/workflows/_shared/workflow-runtime.server.ts	New centralized workflow runtime imports
eslint.config.js	Removed unused TypeScript ESLint plugin import
Multiple test files	Updated assertions for v2 schema with domain/version fields
Multiple client files	Updated storage keys and schema validation for v2

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (2) 📎 Requirement gaps (0)

✅ 1. build scripts invoke node 📘 Rule violation ⛯ Reliability

Description

The PR introduces a Node-based build path via build:next:node and scripts/build-next.sh, which
conflicts with the Bun-only scripts policy. This increases tooling drift risk and undermines having
a single supported runtime for repo scripts.

Code

package.json[R14-18]

+    "build": "bun run build:next:auto",
+    "build:next:auto": "bash scripts/build-next.sh auto",
+    "build:next:bun": "bun --bun next build",
+    "build:next:node": "node node_modules/next/dist/bin/next build",
+    "build:strict-bun": "bash scripts/build-next.sh bun",

Evidence

Compliance requires repo scripts and documented commands to use Bun only. The changed scripts
explicitly add a Node build command and implement Node fallback execution.

AGENTS.md
package.json[14-18]
scripts/build-next.sh[61-63]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The PR adds a Node-based build path (`build:next:node`) and a Node fallback in `scripts/build-next.sh`, which violates the repo policy to use Bun only for installs and scripts.
## Issue Context
Compliance requires avoiding alternative runtime/script paths to prevent tooling drift and inconsistent behavior.
## Fix Focus Areas
- package.json[14-18]
- scripts/build-next.sh[61-95]
- docs/ops/build-runtime.md[14-23]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

✅ 2. CI uses unsupported action versions 📘 Rule violation ⛯ Reliability

Description

The new CI job references actions/checkout@v6.0.2 and actions/upload-artifact@v6.0.0, which are
likely invalid versions and can break CI execution. This risks failing required quality gates for
the PR.

Code

.github/workflows/ci.yml[R145-168]

+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+        with:
+          fetch-depth: 1
+
+      - name: Setup
+        uses: ./.github/actions/ci-setup
+
+      - name: Ensure clean build output
+        run: rm -rf .next
+
+      - name: Build (strict Bun)
+        run: |
+          set -o pipefail
+          mkdir -p .artifacts
+          bun run build:strict-bun 2>&1 | tee .artifacts/build-bun-strict.log
+
+      - name: Upload strict Bun build logs
+        if: ${{ !cancelled() }}
+        uses: actions/upload-artifact@v6.0.0
+        with:
+          name: build-bun-strict-log
+          path: .artifacts/build-bun-strict.log
+          retention-days: 7

Evidence

Compliance requires PR quality gates to pass; a workflow that references non-existent/unsupported
action versions can cause CI failures. The added job uses major versions (v6) that are not the
standard supported majors for these official actions.

AGENTS.md
.github/workflows/ci.yml[145-168]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow uses `actions/checkout@v6.0.2` and `actions/upload-artifact@v6.0.0`, which are likely invalid and can fail CI.
## Issue Context
Compliance requires PR quality gates to pass; CI failures caused by incorrect action version pins violate this requirement.
## Fix Focus Areas
- .github/workflows/ci.yml[145-168]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. TS ESLint plugin missing 🐞 Bug ⛯ Reliability

Description

The TS/TSX ESLint override enables @typescript-eslint/* rules but does not register the
@typescript-eslint plugin in this repo-owned config, which can make linting fail with unknown rule
errors depending on how extended configs merge plugins. This is likely to break CI lint or local
lint in a non-obvious way.

Code

eslint.config.js[R54-57]

   plugins: {
-      "@typescript-eslint": tseslint,
     drizzle,
     jsdoc,
     tsdoc,

Evidence

In the TypeScript override, the plugins map does not include @typescript-eslint, yet rules
reference @typescript-eslint/no-explicit-any and @typescript-eslint/no-unused-vars. The earlier
explicit plugin registration was removed, so unless another applied config provides the plugin
mapping, ESLint will not be able to resolve these rule IDs.

eslint.config.js[1-7]
eslint.config.js[41-66]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`eslint.config.js` configures `@typescript-eslint/*` rules for TS/TSX files, but the TS/TSX override’s `plugins` map does not include `@typescript-eslint`. This can cause ESLint to error with “Definition for rule … was not found” depending on how plugin definitions are provided/merged.
### Issue Context
The config uses a flat config array and spreads `eslint-config-next/core-web-vitals`. Relying on an external config to supply plugin mappings can be brittle; making the TS override self-contained prevents CI/local lint drift.
### Fix Focus Areas
- eslint.config.js[1-7]
- eslint.config.js[41-66]
### Suggested change
- Re-introduce `const tseslint = require("@typescript-eslint/eslint-plugin");`
- Add `"@typescript-eslint": tseslint` to the `plugins` object in the TS/TSX override
- Alternatively (if intentional), remove the `@typescript-eslint/*` rules from this override and rely entirely on an upstream config (but ensure that config is applied to TS/TSX files).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 76963b80e6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)

src/lib/sandbox/network-policy.server.ts (1)

5-31: ⚠️ Potential issue | 🟠 Major

Add required TSDoc blocks for exported network policy constants.

These exported constants are in a TS source file and must have immediately preceding TSDoc; otherwise lint/typecheck will fail.

✍️ Proposed fix

+/** Defines the deny-all network policy used when outbound traffic is blocked. */
 export const SANDBOX_NETWORK_POLICY_NONE: NetworkPolicy = "deny-all";

+/** Defines the default restricted allowlist for Node-based sandboxes. */
 export const SANDBOX_NETWORK_POLICY_RESTRICTED_DEFAULT: NetworkPolicy = {
   allow: [
     "*.github.com",
     "*.githubusercontent.com",
     "*.npmjs.org",
     "api.github.com",
     "codeload.github.com",
     "github.com",
     "raw.githubusercontent.com",
     "registry.npmjs.org",
   ],
 };

+/** Defines the default restricted allowlist for Python sandboxes. */
 export const SANDBOX_NETWORK_POLICY_RESTRICTED_PYTHON_DEFAULT: NetworkPolicy = {
   allow: [
     "*.github.com",
     "*.githubusercontent.com",
     "api.github.com",
     "codeload.github.com",
     "files.pythonhosted.org",
     "github.com",
     "pypi.org",
     "raw.githubusercontent.com",
   ],
 };

As per coding guidelines, "Every changed or added exported declaration (export function, export async function, export const, export class, export interface, export type, export enum, Next.js route handlers, re-exports) MUST have an immediately preceding doc comment /** ... */ with no blank line separating it."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/sandbox/network-policy.server.ts` around lines 5 - 31, Add
immediately preceding TSDoc comments for each exported constant
(SANDBOX_NETWORK_POLICY_NONE, SANDBOX_NETWORK_POLICY_RESTRICTED_DEFAULT,
SANDBOX_NETWORK_POLICY_RESTRICTED_PYTHON_DEFAULT) with no blank line between
comment and export; the TSDoc should briefly describe the purpose of the
constant (e.g., deny-all default policy, restricted npm/JS policy, restricted
Python/pip policy) and any noteworthy details (allowed hosts). Ensure each
exported declaration has its own /** ... */ block directly above it to satisfy
the lint/typecheck rule.

src/workflows/approvals/hooks/approval.ts (1)

15-15: ⚠️ Potential issue | 🟡 Minor

Missing TSDoc for exported type ApprovalResumePayload.

Per coding guidelines, every exported declaration must have an immediately preceding doc comment. The ApprovalResumePayload type is exported but lacks documentation.

📝 Proposed fix

+/** Payload structure for resuming an approval gate with versioned schema. */
 export type ApprovalResumePayload = z.infer<typeof approvalResumeSchema>;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/workflows/approvals/hooks/approval.ts` at line 15, Add a TSDoc comment
immediately above the exported type ApprovalResumePayload describing what the
payload represents and its relation to approvalResumeSchema (e.g., "Payload for
resuming an approval flow, inferred from approvalResumeSchema"). Ensure the
comment is a proper /** ... */ block placed directly before the line exporting
ApprovalResumePayload so it satisfies the exported-declaration documentation
rule and references approvalResumeSchema for context.

src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx (1)

200-206: 🧹 Nitpick | 🔵 Trivial

Consider migrating or clearing stale v1 storage keys.

The storage key was updated from v1 to v2 (workflow:code-mode:v2:...). Per coding guidelines, storage versioning should include migrations. If users have existing v1 keys in sessionStorage, they will remain as stale data. Since this is sessionStorage (not localStorage), the impact is limited to the current browser session, but a one-time cleanup could prevent confusion during debugging.

🧹 Optional cleanup for v1 keys

// Optional: Clear stale v1 keys on component mount
useEffect(() => {
  try {
    const keysToRemove: string[] = [];
    for (let i = 0; i < window.sessionStorage.length; i++) {
      const key = window.sessionStorage.key(i);
      if (key?.startsWith("workflow:code-mode:v1:")) {
        keysToRemove.push(key);
      }
    }
    keysToRemove.forEach((k) => window.sessionStorage.removeItem(k));
  } catch {
    // Ignore storage access errors
  }
}, []);

Also applies to: 217-217

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/app/`(app)/projects/[projectId]/code-mode/code-mode-client.tsx around
lines 200 - 206, The current cleanup only removes the v2 key
(`workflow:code-mode:v2:${parsedRunId}:startIndex`) but doesn't clear stale v1
keys; update the component (e.g., in the same mount logic or useEffect around
where window.sessionStorage.removeItem is called in code-mode-client.tsx) to
also enumerate sessionStorage keys inside a try/catch and remove any key that
startsWith "workflow:code-mode:v1:" (collect keys first then remove to avoid
iteration issues); apply the same migration/cleanup logic where the other v2
removal occurs (the other occurrence around line 217) so v1 keys are cleared
consistently.

src/app/api/skills/registry/install/route.ts (1)

71-71: 🧹 Nitpick | 🔵 Trivial

Consider logging the suppressed cancelRun error for observability.

The .catch(() => undefined) silently swallows any cancellation failure. While this is acceptable for best-effort cleanup, logging the error would help diagnose issues with orphaned workflow runs.

🔧 Proposed improvement

-      await cancelRun(world, run.runId).catch(() => undefined);
+      await cancelRun(world, run.runId).catch((cancelErr) => {
+        log.warn("project_skill_registry_install_cancel_failed", {
+          cancelErr,
+          runId: run.runId,
+        });
+      });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/app/api/skills/registry/install/route.ts` at line 71, The current
best-effort cleanup call await cancelRun(world, run.runId).catch(() =>
undefined) swallows errors silently; change the catch to log the error (e.g.,
.catch(err => { /* use existing logger or console.error */ logger?.error ?
logger.error({ err, world, runId: run.runId }, "cancelRun failed") :
console.error("cancelRun failed", { err, world, runId: run.runId }); })) so the
error is recorded for observability while still suppressing it from bubbling;
reference cancelRun(world, run.runId), world and run.runId when adding the log
message.

src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx (1)

99-116: ⚠️ Potential issue | 🟡 Minor

Add a migration for the v1 startIndex storage key.
Bumping to v2 drops any existing resume position and leaves the legacy key behind; migrate or clear it on first read.

🔁 Suggested migration for legacy startIndex

-    let startIndex = readStartIndex(storageKey);
+    const legacyStorageKey = `workflow:runs:v1:${props.runId}:startIndex`;
+    let startIndex = readStartIndex(storageKey);
+    if (startIndex === 0) {
+      const legacyStartIndex = readStartIndex(legacyStorageKey);
+      if (legacyStartIndex > 0) {
+        startIndex = legacyStartIndex;
+        persistStartIndex(storageKey, legacyStartIndex);
+        try {
+          window.sessionStorage.removeItem(legacyStorageKey);
+        } catch {
+          // Ignore.
+        }
+      }
+    }

As per coding guidelines: For localStorage/sessionStorage: version keys, store minimal data, wrap get/set in try/catch, and implement migrations.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/app/`(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx around
lines 99 - 116, The v2 storageKey (`workflow:runs:v2:${props.runId}:startIndex`)
ignores any legacy v1 key and drops resume position; update the startup logic
around readStartIndex/storageKey to detect the legacy key (e.g.,
`workflow:runs:${props.runId}:startIndex`), wrap storage reads/writes in
try/catch, migrate the legacy value into the v2 key (or clear it) on first read,
and then proceed using readStartIndex; modify or add a small migration helper
called from the effect (referencing storageKey and readStartIndex) to perform
the copy+delete (or clear) and ensure only minimal/versioned data is stored.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5434413 and 76963b8.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (48)

• .github/actions/ci-setup/action.yml
• .github/workflows/ci.yml
• AGENTS.md
• docs/ops/build-runtime.md
• eslint.config.js
• next.config.ts
• package.json
• scripts/build-next.sh
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/app/api/approvals/__tests__/route.test.ts
• src/app/api/approvals/route.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/app/api/chat/[runId]/route.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/app/api/chat/route.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/app/api/skills/registry/install/route.ts
• src/app/api/skills/registry/status/route.ts
• src/lib/runs/code-mode-stream.test.ts
• src/lib/runs/code-mode-stream.ts
• src/lib/runs/code-mode.server.ts
• src/lib/runs/project-run.server.ts
• src/lib/runs/run-stream.ts
• src/lib/sandbox/network-policy.server.test.ts
• src/lib/sandbox/network-policy.server.ts
• src/lib/sandbox/sandbox-runner.server.test.ts
• src/workflows/_shared/workflow-runtime.server.ts
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/approvals/hooks/approval.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/workflows/chat/hooks/chat-message.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/chat/steps/writer.step.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/workflows/runs/project-run.workflow.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/workflows/runs/workflow-errors.test.ts
• src/workflows/runs/workflow-errors.ts
• vercel.json

💤 Files with no reviewable changes (3)

• src/lib/runs/run-stream.ts
• src/lib/runs/code-mode-stream.ts
• eslint.config.js

🧰 Additional context used

📓 Path-based instructions (15)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{js,jsx,ts,tsx}: No promise-valued statement may be left unhandled. A Promise is handled ONLY if it is awaited, returned, terminated with .catch(...), terminated with .then(onFulfilled, onRejected) (rejection handler required), or explicitly ignored with void AND meets additional requirements.
For files importing or referencing AI SDK / Vercel AI modules (ai, @ai-sdk/*, @vercel/ai, openai, @openai/*), fire-and-forget is forbidden by default. If using void someAsyncCall(...), it MUST include an inline comment explaining why detaching is safe AND errors must be surfaced via .catch(...) or a dedicated error sink (logging/telemetry).

Files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/workflows/chat/hooks/chat-message.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/workflows/_shared/workflow-runtime.server.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/workflows/runs/project-run.workflow.ts
• src/app/api/chat/route.ts
• src/lib/sandbox/sandbox-runner.server.test.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/workflows/runs/workflow-errors.test.ts
• src/lib/runs/code-mode.server.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/lib/runs/project-run.server.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/lib/sandbox/network-policy.server.test.ts
• next.config.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/workflows/runs/workflow-errors.ts
• src/app/api/skills/registry/install/route.ts
• src/workflows/chat/steps/writer.step.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/approvals/hooks/approval.ts
• src/lib/sandbox/network-policy.server.ts
• src/lib/runs/code-mode-stream.test.ts
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{ts,tsx,js,jsx}: Hard FAIL if the PR introduces any test-only helpers, shims, mocks, or conditional branches intended only for tests in production source files. All test scaffolding must live in test suites and test configuration (Vitest and/or Playwright).
Doc comment formatting must satisfy Biome, including violations of useSingleJsDocAsterisk. Hard FAIL if Biome reports any issue with JSDoc/TSDoc formatting.
The first non-empty line inside a doc comment MUST be a single-sentence summary ending with a period .. The summary must describe behavior and intent, not just the symbol name. Hard FAIL if any condition is violated.
Only these tags are allowed in doc comments: @remarks, @param, @typeParam, @returns, @throws, @example, @see, @deprecated. Hard FAIL if any other @tag appears.
Doc comment tags must appear in this strict order (skip unused): @remarks, all @typeParam, all @param, @returns, all @throws, all @example, all @see, @deprecated. Hard FAIL if tags are out of order.
@remarks must be separated from the summary by a blank line and must have non-empty content. Hard FAIL if present but empty or not separated by a blank line.
For every exported function (including route handlers), document EVERY parameter with @param. Each @param line MUST match the exact pattern: @param <name> - <description> where <name> matches an actual parameter name, the literal separator - is present, and <description> is non-empty and explains semantics and constraints. JSDoc type braces are forbidden in TS/TSX. Hard FAIL if violations exist.
@returns is required for every exported function whose return type is not void and not Promise<void>, and for all Next.js route handlers. It must have non-empty semantic description. JSDoc type braces are forbidden in TS/TSX. Hard FAIL if required but missing, empty, or typed via braces.
If an exported function body contains the token throw in newly added or modified lines, at lea...

Files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/workflows/chat/hooks/chat-message.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/workflows/_shared/workflow-runtime.server.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/workflows/runs/project-run.workflow.ts
• src/app/api/chat/route.ts
• src/lib/sandbox/sandbox-runner.server.test.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/workflows/runs/workflow-errors.test.ts
• src/lib/runs/code-mode.server.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/lib/runs/project-run.server.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/lib/sandbox/network-policy.server.test.ts
• next.config.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/workflows/runs/workflow-errors.ts
• src/app/api/skills/registry/install/route.ts
• src/workflows/chat/steps/writer.step.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/approvals/hooks/approval.ts
• src/lib/sandbox/network-policy.server.ts
• src/lib/runs/code-mode-stream.test.ts
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{ts,tsx}: Every changed or added exported declaration (export function, export async function, export const, export class, export interface, export type, export enum, Next.js route handlers, re-exports) MUST have an immediately preceding doc comment /** ... */ with no blank line separating it. Hard FAIL if any required export lacks a doc comment.
If an exported function/type/class introduces generic type parameters AND they are not self-explanatory, require @typeParam per generic parameter following the pattern: @typeParam <name> - <description>. Hard FAIL if required generics are undocumented, or if @typeParam does not follow the hyphen pattern, or is empty.
In TS/TSX doc comments, these tags are forbidden: @type, @typedef, @property, @template, @enum, @memberof. Hard FAIL if any appear.
Server Actions are public endpoints. Inside every Server Action: validate input, authenticate, authorize. Never rely only on middleware/layout guards.
Minimize RSC→client serialization: pass only fields the client uses. Avoid sending multiple derived copies of large primitive arrays; derive in client unless the server compute is expensive or the client must not see the raw data.
Avoid duplicate serialization by reference: transformations like toSorted(), filter(), map(), spreads create new references. Prefer passing one reference across the RSC/client boundary.
Use react cache() for per-request deduplication of DB/auth/heavy compute within a single request. Avoid inline object args (cache hits require stable identity). Note: Next.js fetch is already memoized per request.
Use Next.js after() for non-blocking work (logging, analytics, notifications, cleanup). Do not block responses on side effects.

**/*.{ts,tsx}: Enforce strict TypeScript with no use of 'any' type
Code must pass bun run typecheck clean (TypeScript compiler)

Files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/workflows/chat/hooks/chat-message.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/workflows/_shared/workflow-runtime.server.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/workflows/runs/project-run.workflow.ts
• src/app/api/chat/route.ts
• src/lib/sandbox/sandbox-runner.server.test.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/workflows/runs/workflow-errors.test.ts
• src/lib/runs/code-mode.server.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/lib/runs/project-run.server.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/lib/sandbox/network-policy.server.test.ts
• next.config.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/workflows/runs/workflow-errors.ts
• src/app/api/skills/registry/install/route.ts
• src/workflows/chat/steps/writer.step.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/approvals/hooks/approval.ts
• src/lib/sandbox/network-policy.server.ts
• src/lib/runs/code-mode-stream.test.ts
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/app/**/*

📄 CodeRabbit inference engine (AGENTS.md)

Use Next.js App Router patterns only (no Pages Router)

Files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/app/api/chat/[runId]/stream/route.ts
• src/app/api/chat/route.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/api/skills/registry/install/route.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Enable Cache Components with 'use cache' directive and use cacheTag/revalidateTag for stable server reads

Files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/app/api/chat/[runId]/stream/route.ts
• src/app/api/chat/route.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/api/skills/registry/install/route.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.{ts,tsx}: Use memoization (useMemo, useCallback, React.memo) only for expensive computations or to prevent costly re-renders; avoid memo for simple primitives/cheap work; hoist stable non-primitive defaults
Provide TSDoc documentation for all exported APIs
Use Neon Auth only (@neondatabase/auth) for authentication
Prefer AI SDK's gateway(...) / createGateway(...) provider for model routing
Use AI SDK Gateway provider base URL https://ai-gateway.vercel.sh/v3/ai (default; configurable via AI_GATEWAY_BASE_URL)
Use OpenAI-compatible base URL https://ai-gateway.vercel.sh/v1 for OpenAI SDK compatibility and GET /models
Public/exported APIs must have valid TSDoc documentation

Files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/workflows/chat/hooks/chat-message.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/workflows/_shared/workflow-runtime.server.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/workflows/runs/project-run.workflow.ts
• src/app/api/chat/route.ts
• src/lib/sandbox/sandbox-runner.server.test.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/workflows/runs/workflow-errors.test.ts
• src/lib/runs/code-mode.server.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/lib/runs/project-run.server.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/lib/sandbox/network-policy.server.test.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/workflows/runs/workflow-errors.ts
• src/app/api/skills/registry/install/route.ts
• src/workflows/chat/steps/writer.step.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/approvals/hooks/approval.ts
• src/lib/sandbox/network-policy.server.ts
• src/lib/runs/code-mode-stream.test.ts
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.{ts,tsx,js,jsx}: Do not use package barrel imports by default; use explicit imports
Use barrel imports only for packages listed in next.config.ts experimental.optimizePackageImports (currently radix-ui and lucide-react)
Code must pass bun run format with no changes
Code must pass bun run lint clean (Biome + ESLint for TSDoc syntax and JSDoc on exported APIs)
No console spam in production paths

Files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/workflows/chat/hooks/chat-message.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/workflows/_shared/workflow-runtime.server.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/workflows/runs/project-run.workflow.ts
• src/app/api/chat/route.ts
• src/lib/sandbox/sandbox-runner.server.test.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/workflows/runs/workflow-errors.test.ts
• src/lib/runs/code-mode.server.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/lib/runs/project-run.server.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/lib/sandbox/network-policy.server.test.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/workflows/runs/workflow-errors.ts
• src/app/api/skills/registry/install/route.ts
• src/workflows/chat/steps/writer.step.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/approvals/hooks/approval.ts
• src/lib/sandbox/network-policy.server.ts
• src/lib/runs/code-mode-stream.test.ts
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/app/api/chat/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Follow-ups during active durable chat sessions must use POST /api/chat/:runId accepting optional files alongside message (messageId required)

Files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/app/api/chat/route.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/app/api/chat/[runId]/cancel/route.ts

src/workflows/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Place workflow-only shared helpers in src/workflows/_shared/ instead of src/lib/; avoid index.ts re-export facades and import concrete modules directly

Files:

• src/workflows/chat/hooks/chat-message.ts
• src/workflows/_shared/workflow-runtime.server.ts
• src/workflows/runs/project-run.workflow.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/workflows/runs/workflow-errors.test.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/workflows/runs/workflow-errors.ts
• src/workflows/chat/steps/writer.step.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/approvals/hooks/approval.ts

**/*.{tsx,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{tsx,jsx}: Pure presentational React components exported only for JSX composition may omit doc comments ONLY if they have no non-obvious behavior (no IO, no side effects, no caching semantics, no security checks, no data fetching, no tool calls). If in doubt, require doc comment.
Defer non-critical third-party code (analytics, error tracking) until after hydration: next/dynamic(..., { ssr:false }) or client-only boundary.
Dynamically import heavy components not needed for initial paint (editors, charts, maps). Use ssr:false when they require the DOM.
Preload based on user intent (hover/focus) or feature flags to reduce perceived latency. Preload should be optional and non-blocking.
Prefer SWR (or an equivalent) for client fetching to get caching, deduplication, revalidation, and mutation helpers.
Deduplicate global event listeners. Avoid "N components = N listeners" patterns; centralize subscriptions and fan out callbacks.
Do not subscribe to reactive sources you only need in callbacks (e.g., search params). Read at the point of use when possible.
Put early returns before expensive computations. If needed, extract expensive work into memoized components so "loading" paths skip the work.
Narrow effect dependencies: depend on primitives and derived booleans, not entire objects.
Subscribe to derived state rather than continuous signals (use media queries instead of window width pixels when only a breakpoint matters).
Use functional state updates when new state depends on previous state (setX(curr => ...)). This prevents stale closures and stabilizes callbacks.
Use lazy state initialization for expensive initial values (useState(() => expensive())), especially storage parsing or index building.
Use transitions for frequent non-urgent updates (startTransition) to preserve responsiveness (scroll tracking, large filtering).
Forms: keep inputs hydration-safe (no lost focus/value). Never block paste in <input>/<textarea>. Loading buttons show spinner and...

Files:

• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.tsx

📄 CodeRabbit inference engine (Custom checks)

Parallelize server data fetches with component composition: split independent async server components so they can run concurrently. Avoid "parent awaits, child awaits" chains.

Files:

• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{css,tsx,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{css,tsx,jsx}: Honor prefers-reduced-motion in animations (provide reduced variant or disable).
Prefer CSS > Web Animations API > JS libraries for animations.
Animate only compositor-friendly props (transform, opacity). Never animate layout props (top, left, width, height).
Animate only to clarify cause/effect or add deliberate delight. Animations must be interruptible and input-driven (no autoplay).
Use optical alignment; adjust ±1px when perception beats geometry.
Ensure deliberate alignment to grid/baseline/edges – no accidental placement. Verify mobile, laptop, ultra-wide (simulate ultra-wide at 50% zoom).
Balance icon/text lockups (weight/size/spacing/color). Respect safe areas (env(safe-area-inset-*)). Avoid unwanted scrollbars; fix overflows.
Prefer Flex/Grid over JS measurement for layout.
Full keyboard support per WAI-ARIA APG. Must have visible focus rings (:focus-visible; group with :focus-within). Manage focus (trap, move, return) per APG patterns. Never use outline: none without visible focus replacement.
Hit target ≥24px (mobile ≥44px); if visual <24px, expand hit area. Mobile <input> font-size ≥16px to prevent iOS zoom. Never disable browser zoom. Use touch-action: manipulation to prevent double-tap zoom. Set -webkit-tap-highlight-color to match design.
Touch & Drag: generous targets, clear affordances; avoid finicky interactions. Delay first tooltip; subsequent peers instant. Use overscroll-behavior: contain in modals/drawers. During drag, disable text selection and set inert on dragged elements. If it looks clickable, it must be clickable.
Use curly quotes (" "); avoid widows/orphans (text-wrap: balance). Use font-variant-numeric: tabular-nums for number comparisons. Redundant status cues (not color-only); icons have text labels.
Text containers handle long content (truncate, line-clamp-*, break-words). Flex children need min-w-0 to allow truncation. Handle empty states – no broken UI for empty stri...

Files:

• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{css,tsx,jsx,svg}

📄 CodeRabbit inference engine (Custom checks)

Set correct transform-origin for animations (motion starts where it "physically" should). For SVG transforms, use <g> wrapper with transform-box: fill-box.

Files:

• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{tsx,jsx,css}

📄 CodeRabbit inference engine (Custom checks)

**/*.{tsx,jsx,css}: Forms: accept free text, validate after – don't block typing. Allow incomplete form submission to surface validation. Errors inline next to fields; on submit, focus first error. Use autocomplete + meaningful name; correct type and inputmode.
Inline help first; tooltips last resort. Skeletons mirror final content to avoid layout shift. <title> matches current context. No dead ends; always offer next step/recovery. Design empty/sparse/dense/error states.
For dark themes, use color-scheme: dark on <html>. Set <meta name="theme-color"> to match page background. For native <select>: explicit background-color and color (Windows fix).

Files:

• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{test,spec}.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Code must pass bun run test clean (Vitest)

Files:

• src/lib/sandbox/sandbox-runner.server.test.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/workflows/runs/workflow-errors.test.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/lib/sandbox/network-policy.server.test.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/app/api/approvals/__tests__/route.test.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/lib/runs/code-mode-stream.test.ts

🧠 Learnings (2)

📚 Learning: 2026-02-04T07:05:13.147Z

Learnt from: BjornMelin
Repo: BjornMelin/ai-agent-builder PR: 13
File: next.config.ts:5-21
Timestamp: 2026-02-04T07:05:13.147Z
Learning: This repository now uses the unified radix-ui package. Ensure that all new and existing components import from 'radix-ui' directly and do not use any 'radix-ui/react-*' import paths. Configure optimizePackageImports to include only 'radix-ui' to limit bundle size and ensure correct subpackage resolution. Apply this guideline across all TypeScript files in the project.

Applied to files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/workflows/chat/hooks/chat-message.ts
• src/workflows/_shared/workflow-runtime.server.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/workflows/runs/project-run.workflow.ts
• src/app/api/chat/route.ts
• src/lib/sandbox/sandbox-runner.server.test.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/workflows/runs/workflow-errors.test.ts
• src/lib/runs/code-mode.server.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/lib/runs/project-run.server.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/lib/sandbox/network-policy.server.test.ts
• next.config.ts
• src/workflows/runs/workflow-errors.ts
• src/app/api/skills/registry/install/route.ts
• src/workflows/chat/steps/writer.step.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/approvals/hooks/approval.ts
• src/lib/sandbox/network-policy.server.ts
• src/lib/runs/code-mode-stream.test.ts

📚 Learning: 2026-02-04T07:05:13.147Z

Learnt from: BjornMelin
Repo: BjornMelin/ai-agent-builder PR: 13
File: next.config.ts:5-21
Timestamp: 2026-02-04T07:05:13.147Z
Learning: Standardize Radix UI imports by using the top-level 'radix-ui' package instead of scoped imports like 'radix-ui/react-use-controllable-state'. In reviews, flag and update any files that import from 'radix-ui/*' and replace with the corresponding import from 'radix-ui'. This improves consistency and reduces potential version drift.

Applied to files:

• src/app/api/chat/[runId]/route.ts
• src/app/api/approvals/route.ts
• src/workflows/chat/hooks/chat-message.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx
• src/workflows/_shared/workflow-runtime.server.ts
• src/app/api/chat/[runId]/stream/route.ts
• src/workflows/runs/project-run.workflow.ts
• src/app/api/chat/route.ts
• src/lib/sandbox/sandbox-runner.server.test.ts
• src/app/api/code-mode/[runId]/stream/route.ts
• src/app/api/runs/[runId]/stream/route.ts
• src/workflows/code-mode/steps/writer.step.ts
• src/app/api/chat/[runId]/__tests__/route.test.ts
• src/workflows/runs/workflow-errors.test.ts
• src/lib/runs/code-mode.server.ts
• src/workflows/code-mode/steps/writer.step.test.ts
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/workflows/_shared/workflow-stream-events.ts
• src/workflows/code-mode/steps/code-mode.step.test.ts
• src/workflows/code-mode/steps/code-mode.step.ts
• src/lib/runs/project-run.server.ts
• src/workflows/chat/hooks/chat-message.test.ts
• src/app/api/skills/registry/status/route.ts
• src/app/api/chat/[runId]/cancel/route.ts
• src/workflows/runs/steps/writer.step.test.ts
• src/workflows/runs/steps/writer.step.ts
• src/lib/sandbox/network-policy.server.test.ts
• next.config.ts
• src/app/(app)/projects/[projectId]/runs/[runId]/run-stream-client.test.tsx
• src/workflows/runs/workflow-errors.ts
• src/app/api/skills/registry/install/route.ts
• src/workflows/chat/steps/writer.step.ts
• src/app/api/approvals/__tests__/route.test.ts
• src/workflows/chat/steps/writer.step.test.ts
• src/workflows/approvals/hooks/approval.ts
• src/lib/sandbox/network-policy.server.ts
• src/lib/runs/code-mode-stream.test.ts
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

🧬 Code graph analysis (7)

src/workflows/runs/project-run.workflow.ts (1)

src/workflows/_shared/workflow-stream-events.ts (1)

• RunStreamEventInput (165-165)

src/workflows/code-mode/steps/writer.step.ts (1)

src/workflows/_shared/workflow-stream-events.ts (2)

• CodeModeStreamEventInput (169-169)
• createCodeModeStreamEvent (209-217)

src/workflows/code-mode/steps/code-mode.step.test.ts (1)

src/workflows/_shared/workflow-stream-events.ts (1)

• CodeModeStreamEvent (156-156)

src/workflows/code-mode/steps/code-mode.step.ts (1)

src/workflows/_shared/workflow-stream-events.ts (2)

• CodeModeStreamEventInput (169-169)
• createCodeModeStreamEvent (209-217)

src/workflows/runs/steps/writer.step.ts (1)

src/workflows/_shared/workflow-stream-events.ts (2)

• RunStreamEventInput (165-165)
• createRunStreamEvent (177-185)

src/lib/sandbox/network-policy.server.test.ts (1)

src/lib/sandbox/network-policy.server.ts (3)

• SANDBOX_NETWORK_POLICY_NONE (5-5)
• SANDBOX_NETWORK_POLICY_RESTRICTED_DEFAULT (7-18)
• SANDBOX_NETWORK_POLICY_RESTRICTED_PYTHON_DEFAULT (20-31)

src/workflows/chat/steps/writer.step.ts (1)

src/workflows/_shared/workflow-stream-events.ts (1)

• createChatUserMessageMarker (193-201)

🔍 Remote MCP Firecrawl

Based on the information gathered from my tool searches, I can now provide a comprehensive review context:

Gathered Context Summary

1. Turbopack FileSystem Cache Configuration(#)

The turbopackFileSystemCacheForBuild flag is currently experimental for production builds, though it is enabled by default for development in Next.js 16.1.0. The PR sets this to false, which is actually the default value in Next.js. This is a deliberate choice that contradicts the example documentation, suggesting this PR either:

• Disables the experimental feature intentionally for stability reasons
• Or documents that it should remain off during builds

This warrants clarification in comments about the rationale for disabling it explicitly when it's already the default.

2. Bun Build Reliability and Transient Failures ::Firecrawl_firecrawl_search::

The search results confirm that Bun build failures with Next.js projects are documented issues, validating the PR's approach of implementing a fallback mechanism. The scripts/build-next.sh script with its "transient failure detection → retry → Node fallback" pattern aligns with industry best practices for handling build tool instability.

3. Event Schema Versioning Pattern ::Firecrawl_firecrawl_scrape::

Adding version metadata to events and domain identifiers is a recognized pattern in event-driven architecture for managing schema evolution without breaking changes. The PR's addition of domain and version fields to workflow stream events follows standard practices. However, the pattern typically requires:

• Consumer code to gracefully handle both versioned and unversioned events during transition
• Documentation of the migration path for old event consumers

4. Dependency Upgrade Status ::gh_grep_searchGitHub::

The PR upgrades @ai-sdk/react from ^3.0.79 to ^3.0.88, which aligns with real-world usage patterns in the Vercel AI ecosystem (examples show versions 3.0.81-3.0.84 in production).

---

Key Findings for Code Review

1. Build Strategy: The Bun-first fallback approach with transient error detection is technically sound and addresses known Bun/Turbopack instability.

2. Event Schema Migration: The addition of domain and version fields follows established event versioning patterns, but consumers must be verified to handle the envelope fields correctly.

3. Configuration Change: The explicit turbopackFileSystemCacheForBuild: false should be documented with the reason (e.g., "disabled to avoid build cache corruption with Bun").

4. Sandbox Policy Changes: The refactoring of SANDBOX_NETWORK_POLICY_NONE from { type: "no-access" } to "deny-all" is a breaking change that requires verification that all consumers (tests, integrations) handle the string type correctly.

5. Import Consolidation: The new src/workflows/_shared/workflow-runtime.server.ts provides a clean canonical import boundary for server-only workflow functions, improving maintainability.

⏰ Context from checks skipped due to timeout of 30000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Agent

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/app/`(app)/projects/[projectId]/chat/chat-client.tsx:
- Around line 95-103: The UserMessageMarker type and its runtime checks
currently require domain==="chat" and version===2, which drops legacy markers;
relax the validation to accept markers that lack domain/version during migration
by: update the runtime guard(s) that consume UserMessageMarker to treat objects
with the expected shape (id, content, type==="user-message", timestamp, optional
files) as valid even if domain or version is missing, while still
preferring/handling version===2 when present; apply the same relaxed-check
change to the other marker/type validation near the second marker definition so
older threads resume correctly; keep strict checks when you detect a persisted
schema version indicating only v2 markers should be allowed.

---

Outside diff comments:
In `@src/app/`(app)/projects/[projectId]/code-mode/code-mode-client.tsx:
- Around line 200-206: The current cleanup only removes the v2 key
(`workflow:code-mode:v2:${parsedRunId}:startIndex`) but doesn't clear stale v1
keys; update the component (e.g., in the same mount logic or useEffect around
where window.sessionStorage.removeItem is called in code-mode-client.tsx) to
also enumerate sessionStorage keys inside a try/catch and remove any key that
startsWith "workflow:code-mode:v1:" (collect keys first then remove to avoid
iteration issues); apply the same migration/cleanup logic where the other v2
removal occurs (the other occurrence around line 217) so v1 keys are cleared
consistently.

In `@src/app/`(app)/projects/[projectId]/runs/[runId]/run-stream-client.tsx:
- Around line 99-116: The v2 storageKey
(`workflow:runs:v2:${props.runId}:startIndex`) ignores any legacy v1 key and
drops resume position; update the startup logic around readStartIndex/storageKey
to detect the legacy key (e.g., `workflow:runs:${props.runId}:startIndex`), wrap
storage reads/writes in try/catch, migrate the legacy value into the v2 key (or
clear it) on first read, and then proceed using readStartIndex; modify or add a
small migration helper called from the effect (referencing storageKey and
readStartIndex) to perform the copy+delete (or clear) and ensure only
minimal/versioned data is stored.

In `@src/app/api/skills/registry/install/route.ts`:
- Line 71: The current best-effort cleanup call await cancelRun(world,
run.runId).catch(() => undefined) swallows errors silently; change the catch to
log the error (e.g., .catch(err => { /* use existing logger or console.error */
logger?.error ? logger.error({ err, world, runId: run.runId }, "cancelRun
failed") : console.error("cancelRun failed", { err, world, runId: run.runId });
})) so the error is recorded for observability while still suppressing it from
bubbling; reference cancelRun(world, run.runId), world and run.runId when adding
the log message.

In `@src/lib/sandbox/network-policy.server.ts`:
- Around line 5-31: Add immediately preceding TSDoc comments for each exported
constant (SANDBOX_NETWORK_POLICY_NONE,
SANDBOX_NETWORK_POLICY_RESTRICTED_DEFAULT,
SANDBOX_NETWORK_POLICY_RESTRICTED_PYTHON_DEFAULT) with no blank line between
comment and export; the TSDoc should briefly describe the purpose of the
constant (e.g., deny-all default policy, restricted npm/JS policy, restricted
Python/pip policy) and any noteworthy details (allowed hosts). Ensure each
exported declaration has its own /** ... */ block directly above it to satisfy
the lint/typecheck rule.

In `@src/workflows/approvals/hooks/approval.ts`:
- Line 15: Add a TSDoc comment immediately above the exported type
ApprovalResumePayload describing what the payload represents and its relation to
approvalResumeSchema (e.g., "Payload for resuming an approval flow, inferred
from approvalResumeSchema"). Ensure the comment is a proper /** ... */ block
placed directly before the line exporting ApprovalResumePayload so it satisfies
the exported-declaration documentation rule and references approvalResumeSchema
for context.

[BjornMelin]

Resolved threads: 5 | Files: .github/workflows/ci.yml, package.json, docs/ops/build-runtime.md, next.config.ts, src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx, src/app/(app)/projects/[projectId]/chat/chat-client.tsx | Tests: bun run format, bun run lint, bun run typecheck, bun run test, bun run build | Notes: CI action pins fixed; strict-Bun logs now upload with always(); legacy stream/marker compatibility restored; Bun-only script path maintained with stable webpack build mode.

[coderabbitai]

Actionable comments posted: 5

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 76963b8 and e12f0c9.

📒 Files selected for processing (6)

• .github/workflows/ci.yml
• docs/ops/build-runtime.md
• next.config.ts
• package.json
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{js,jsx,ts,tsx}: No promise-valued statement may be left unhandled. A Promise is handled ONLY if it is awaited, returned, terminated with .catch(...), terminated with .then(onFulfilled, onRejected) (rejection handler required), or explicitly ignored with void AND meets additional requirements.
For files importing or referencing AI SDK / Vercel AI modules (ai, @ai-sdk/*, @vercel/ai, openai, @openai/*), fire-and-forget is forbidden by default. If using void someAsyncCall(...), it MUST include an inline comment explaining why detaching is safe AND errors must be surfaced via .catch(...) or a dedicated error sink (logging/telemetry).

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx
• next.config.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{ts,tsx,js,jsx}: Hard FAIL if the PR introduces any test-only helpers, shims, mocks, or conditional branches intended only for tests in production source files. All test scaffolding must live in test suites and test configuration (Vitest and/or Playwright).
Doc comment formatting must satisfy Biome, including violations of useSingleJsDocAsterisk. Hard FAIL if Biome reports any issue with JSDoc/TSDoc formatting.
The first non-empty line inside a doc comment MUST be a single-sentence summary ending with a period .. The summary must describe behavior and intent, not just the symbol name. Hard FAIL if any condition is violated.
Only these tags are allowed in doc comments: @remarks, @param, @typeParam, @returns, @throws, @example, @see, @deprecated. Hard FAIL if any other @tag appears.
Doc comment tags must appear in this strict order (skip unused): @remarks, all @typeParam, all @param, @returns, all @throws, all @example, all @see, @deprecated. Hard FAIL if tags are out of order.
@remarks must be separated from the summary by a blank line and must have non-empty content. Hard FAIL if present but empty or not separated by a blank line.
For every exported function (including route handlers), document EVERY parameter with @param. Each @param line MUST match the exact pattern: @param <name> - <description> where <name> matches an actual parameter name, the literal separator - is present, and <description> is non-empty and explains semantics and constraints. JSDoc type braces are forbidden in TS/TSX. Hard FAIL if violations exist.
@returns is required for every exported function whose return type is not void and not Promise<void>, and for all Next.js route handlers. It must have non-empty semantic description. JSDoc type braces are forbidden in TS/TSX. Hard FAIL if required but missing, empty, or typed via braces.
If an exported function body contains the token throw in newly added or modified lines, at lea...

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx
• next.config.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{ts,tsx}: Every changed or added exported declaration (export function, export async function, export const, export class, export interface, export type, export enum, Next.js route handlers, re-exports) MUST have an immediately preceding doc comment /** ... */ with no blank line separating it. Hard FAIL if any required export lacks a doc comment.
If an exported function/type/class introduces generic type parameters AND they are not self-explanatory, require @typeParam per generic parameter following the pattern: @typeParam <name> - <description>. Hard FAIL if required generics are undocumented, or if @typeParam does not follow the hyphen pattern, or is empty.
In TS/TSX doc comments, these tags are forbidden: @type, @typedef, @property, @template, @enum, @memberof. Hard FAIL if any appear.
Server Actions are public endpoints. Inside every Server Action: validate input, authenticate, authorize. Never rely only on middleware/layout guards.
Minimize RSC→client serialization: pass only fields the client uses. Avoid sending multiple derived copies of large primitive arrays; derive in client unless the server compute is expensive or the client must not see the raw data.
Avoid duplicate serialization by reference: transformations like toSorted(), filter(), map(), spreads create new references. Prefer passing one reference across the RSC/client boundary.
Use react cache() for per-request deduplication of DB/auth/heavy compute within a single request. Avoid inline object args (cache hits require stable identity). Note: Next.js fetch is already memoized per request.
Use Next.js after() for non-blocking work (logging, analytics, notifications, cleanup). Do not block responses on side effects.

**/*.{ts,tsx}: Enforce strict TypeScript with no use of 'any' type
Code must pass bun run typecheck clean (TypeScript compiler)

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx
• next.config.ts

**/*.{tsx,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{tsx,jsx}: Pure presentational React components exported only for JSX composition may omit doc comments ONLY if they have no non-obvious behavior (no IO, no side effects, no caching semantics, no security checks, no data fetching, no tool calls). If in doubt, require doc comment.
Defer non-critical third-party code (analytics, error tracking) until after hydration: next/dynamic(..., { ssr:false }) or client-only boundary.
Dynamically import heavy components not needed for initial paint (editors, charts, maps). Use ssr:false when they require the DOM.
Preload based on user intent (hover/focus) or feature flags to reduce perceived latency. Preload should be optional and non-blocking.
Prefer SWR (or an equivalent) for client fetching to get caching, deduplication, revalidation, and mutation helpers.
Deduplicate global event listeners. Avoid "N components = N listeners" patterns; centralize subscriptions and fan out callbacks.
Do not subscribe to reactive sources you only need in callbacks (e.g., search params). Read at the point of use when possible.
Put early returns before expensive computations. If needed, extract expensive work into memoized components so "loading" paths skip the work.
Narrow effect dependencies: depend on primitives and derived booleans, not entire objects.
Subscribe to derived state rather than continuous signals (use media queries instead of window width pixels when only a breakpoint matters).
Use functional state updates when new state depends on previous state (setX(curr => ...)). This prevents stale closures and stabilizes callbacks.
Use lazy state initialization for expensive initial values (useState(() => expensive())), especially storage parsing or index building.
Use transitions for frequent non-urgent updates (startTransition) to preserve responsiveness (scroll tracking, large filtering).
Forms: keep inputs hydration-safe (no lost focus/value). Never block paste in <input>/<textarea>. Loading buttons show spinner and...

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.tsx

📄 CodeRabbit inference engine (Custom checks)

Parallelize server data fetches with component composition: split independent async server components so they can run concurrently. Avoid "parent awaits, child awaits" chains.

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{css,tsx,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{css,tsx,jsx}: Honor prefers-reduced-motion in animations (provide reduced variant or disable).
Prefer CSS > Web Animations API > JS libraries for animations.
Animate only compositor-friendly props (transform, opacity). Never animate layout props (top, left, width, height).
Animate only to clarify cause/effect or add deliberate delight. Animations must be interruptible and input-driven (no autoplay).
Use optical alignment; adjust ±1px when perception beats geometry.
Ensure deliberate alignment to grid/baseline/edges – no accidental placement. Verify mobile, laptop, ultra-wide (simulate ultra-wide at 50% zoom).
Balance icon/text lockups (weight/size/spacing/color). Respect safe areas (env(safe-area-inset-*)). Avoid unwanted scrollbars; fix overflows.
Prefer Flex/Grid over JS measurement for layout.
Full keyboard support per WAI-ARIA APG. Must have visible focus rings (:focus-visible; group with :focus-within). Manage focus (trap, move, return) per APG patterns. Never use outline: none without visible focus replacement.
Hit target ≥24px (mobile ≥44px); if visual <24px, expand hit area. Mobile <input> font-size ≥16px to prevent iOS zoom. Never disable browser zoom. Use touch-action: manipulation to prevent double-tap zoom. Set -webkit-tap-highlight-color to match design.
Touch & Drag: generous targets, clear affordances; avoid finicky interactions. Delay first tooltip; subsequent peers instant. Use overscroll-behavior: contain in modals/drawers. During drag, disable text selection and set inert on dragged elements. If it looks clickable, it must be clickable.
Use curly quotes (" "); avoid widows/orphans (text-wrap: balance). Use font-variant-numeric: tabular-nums for number comparisons. Redundant status cues (not color-only); icons have text labels.
Text containers handle long content (truncate, line-clamp-*, break-words). Flex children need min-w-0 to allow truncation. Handle empty states – no broken UI for empty stri...

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{css,tsx,jsx,svg}

📄 CodeRabbit inference engine (Custom checks)

Set correct transform-origin for animations (motion starts where it "physically" should). For SVG transforms, use <g> wrapper with transform-box: fill-box.

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

**/*.{tsx,jsx,css}

📄 CodeRabbit inference engine (Custom checks)

**/*.{tsx,jsx,css}: Forms: accept free text, validate after – don't block typing. Allow incomplete form submission to surface validation. Errors inline next to fields; on submit, focus first error. Use autocomplete + meaningful name; correct type and inputmode.
Inline help first; tooltips last resort. Skeletons mirror final content to avoid layout shift. <title> matches current context. No dead ends; always offer next step/recovery. Design empty/sparse/dense/error states.
For dark themes, use color-scheme: dark on <html>. Set <meta name="theme-color"> to match page background. For native <select>: explicit background-color and color (Windows fix).

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/app/**/*

📄 CodeRabbit inference engine (AGENTS.md)

Use Next.js App Router patterns only (no Pages Router)

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Enable Cache Components with 'use cache' directive and use cacheTag/revalidateTag for stable server reads

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.{ts,tsx}: Use memoization (useMemo, useCallback, React.memo) only for expensive computations or to prevent costly re-renders; avoid memo for simple primitives/cheap work; hoist stable non-primitive defaults
Provide TSDoc documentation for all exported APIs
Use Neon Auth only (@neondatabase/auth) for authentication
Prefer AI SDK's gateway(...) / createGateway(...) provider for model routing
Use AI SDK Gateway provider base URL https://ai-gateway.vercel.sh/v3/ai (default; configurable via AI_GATEWAY_BASE_URL)
Use OpenAI-compatible base URL https://ai-gateway.vercel.sh/v1 for OpenAI SDK compatibility and GET /models
Public/exported APIs must have valid TSDoc documentation

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.{ts,tsx,js,jsx}: Do not use package barrel imports by default; use explicit imports
Use barrel imports only for packages listed in next.config.ts experimental.optimizePackageImports (currently radix-ui and lucide-react)
Code must pass bun run format with no changes
Code must pass bun run lint clean (Biome + ESLint for TSDoc syntax and JSDoc on exported APIs)
No console spam in production paths

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

🧠 Learnings (26)

📓 Common learnings

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Use Bun toolchain for installs, scripts, and CI; run Vercel Functions on Bun runtime where supported (IR-010).

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Enforce CI quality gates with Bun-only commands for format, lint, typecheck, test, and build (NFR-010).

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/workflows/**/*.{ts,tsx} : Place workflow-only shared helpers in src/workflows/_shared/ instead of src/lib/; avoid index.ts re-export facades and import concrete modules directly

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/workflows/**/*.{ts,tsx} : Place workflow-only shared helpers in src/workflows/_shared/ instead of src/lib/; avoid index.ts re-export facades and import concrete modules directly

Applied to files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• package.json
• next.config.ts

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Ensure runs and interactive chat streams resume after client disconnects/timeouts and continue to completion (PR-004).

Applied to files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

📚 Learning: 2026-02-04T07:05:13.147Z

Learnt from: BjornMelin
Repo: BjornMelin/ai-agent-builder PR: 13
File: next.config.ts:5-21
Timestamp: 2026-02-04T07:05:13.147Z
Learning: Standardize Radix UI imports by using the top-level 'radix-ui' package instead of scoped imports like 'radix-ui/react-use-controllable-state'. In reviews, flag and update any files that import from 'radix-ui/*' and replace with the corresponding import from 'radix-ui'. This improves consistency and reduces potential version drift.

Applied to files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx
• src/app/(app)/projects/[projectId]/chat/chat-client.tsx
• next.config.ts

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Use Bun toolchain for installs, scripts, and CI; run Vercel Functions on Bun runtime where supported (IR-010).

Applied to files:

• docs/ops/build-runtime.md
• .github/workflows/ci.yml
• package.json

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Use Bun only for installs and scripts (not npm/yarn/pnpm)

Applied to files:

• docs/ops/build-runtime.md
• package.json

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Enforce CI quality gates with Bun-only commands for format, lint, typecheck, test, and build (NFR-010).

Applied to files:

• docs/ops/build-runtime.md
• .github/workflows/ci.yml
• package.json

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Code must pass bun run build clean

Applied to files:

• docs/ops/build-runtime.md
• .github/workflows/ci.yml
• package.json

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Run all command execution touching untrusted inputs or code in Vercel Sandbox; keep app runtime minimal (NFR-014).

Applied to files:

• docs/ops/build-runtime.md

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Implement durable Implementation Run workflow for structured plan → code → verify → deploy execution using Vercel Workflow DevKit (FR-023).

Applied to files:

• docs/ops/build-runtime.md

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Enforce default-deny command allowlists in sandbox execution, confine workspace path to `/vercel/sandbox`, and restrict package-exec tools (npx, bunx) to explicit allowlist (NFR-016).

Applied to files:

• docs/ops/build-runtime.md

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/app/api/chat/**/*.{ts,tsx} : Follow-ups during active durable chat sessions must use POST /api/chat/:runId accepting optional files alongside message (messageId required)

Applied to files:

• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/app/api/upload/**/*.{ts,tsx} : Project chat attachments must support document uploads (PDF/DOCX/PPTX/XLSX/TXT/MD) via POST /api/upload with maxFileSize = budgets.maxUploadBytes (default 25 MB) and maxFiles = 5 per message

Applied to files:

• src/app/(app)/projects/[projectId]/chat/chat-client.tsx

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/**/*.{ts,tsx,js,jsx} : Code must pass bun run format with no changes

Applied to files:

• .github/workflows/ci.yml
• package.json

📚 Learning: 2026-01-30T23:33:55.730Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-01-30T23:33:55.730Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Hard FAIL if the PR introduces any test-only helpers, shims, mocks, or conditional branches intended only for tests in production source files. All test scaffolding must live in test suites and test configuration (Vitest and/or Playwright).

Applied to files:

• package.json

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Optimize repository conventions for AI coding agents: include AGENTS.md documentation, maintain strict doc requirements, and use deterministic scripts (NFR-011).

Applied to files:

• package.json

📚 Learning: 2026-01-30T23:33:55.730Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-01-30T23:33:55.730Z
Learning: Applies to **/*.{js,jsx,ts,tsx} : For files importing or referencing AI SDK / Vercel AI modules (`ai`, `ai-sdk/*`, `vercel/ai`, `openai`, `openai/*`), fire-and-forget is forbidden by default. If using `void someAsyncCall(...)`, it MUST include an inline comment explaining why detaching is safe AND errors must be surfaced via `.catch(...)` or a dedicated error sink (logging/telemetry).

Applied to files:

• package.json

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/**/*.{ts,tsx,js,jsx} : Use barrel imports only for packages listed in next.config.ts experimental.optimizePackageImports (currently radix-ui and lucide-react)

Applied to files:

• next.config.ts

📚 Learning: 2026-01-30T23:33:55.731Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-01-30T23:33:55.731Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Avoid barrel imports from large libs (icons, UI kits, utilities) in React/Next.js. Prefer direct subpath imports or configure `experimental.optimizePackageImports` when supported.

Applied to files:

• next.config.ts

📚 Learning: 2026-01-30T23:33:55.730Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-01-30T23:33:55.730Z
Learning: Applies to **/*.{ts,tsx} : Every changed or added exported declaration (export function, export async function, export const, export class, export interface, export type, export enum, Next.js route handlers, re-exports) MUST have an immediately preceding doc comment `/** ... */` with no blank line separating it. Hard FAIL if any required export lacks a doc comment.

Applied to files:

• next.config.ts

📚 Learning: 2026-01-30T23:33:55.731Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-01-30T23:33:55.731Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Eliminate waterfalls in React/Next.js: defer `await` until the branch that truly needs it; use early returns to skip expensive work. Start independent async work immediately, then await later. Use `Promise.all()` for independent operations. Maximize overlap for dependency graphs.

Applied to files:

• next.config.ts

📚 Learning: 2026-01-30T23:33:55.731Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-01-30T23:33:55.731Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use conditional module loading: only `import()` big modules or data when a feature is enabled. Guard browser-only loads (`typeof window !== 'undefined'`) to avoid server bundle bloat in Next.js.

Applied to files:

• next.config.ts

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/app/**/* : Use Next.js App Router patterns only (no Pages Router)

Applied to files:

• next.config.ts

📚 Learning: 2026-01-30T23:33:55.731Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-01-30T23:33:55.731Z
Learning: Applies to **/*.{ts,tsx} : Use Next.js `after()` for non-blocking work (logging, analytics, notifications, cleanup). Do not block responses on side effects.

Applied to files:

• next.config.ts

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/**/*.{ts,tsx,js,jsx} : No console spam in production paths

Applied to files:

• next.config.ts

📚 Learning: 2026-02-04T07:05:13.147Z

Learnt from: BjornMelin
Repo: BjornMelin/ai-agent-builder PR: 13
File: next.config.ts:5-21
Timestamp: 2026-02-04T07:05:13.147Z
Learning: This repository now uses the unified radix-ui package. Ensure that all new and existing components import from 'radix-ui' directly and do not use any 'radix-ui/react-*' import paths. Configure optimizePackageImports to include only 'radix-ui' to limit bundle size and ensure correct subpackage resolution. Apply this guideline across all TypeScript files in the project.

Applied to files:

• next.config.ts

🔍 Remote MCP Firecrawl

Additional review context (concise)

• Next.js Turbopack filesystem cache behavior

  • Turbopack filesystem caching is enabled by default for dev but is opt-in/experimental for production builds; the config keys are experimental.turbopackFileSystemCacheForDev and experimental.turbopackFileSystemCacheForBuild (the latter must be enabled explicitly). Source: Next.js docs (Turbopack / turbopackFileSystemCache).

• Using Webpack vs Turbopack for production builds

  • Next.js documents that you can opt out of Turbopack and use Webpack for builds by passing the --webpack flag (e.g., next build --webpack). This validates the PR's approach of offering a --webpack fallback in build scripts. Source: Next.js Turbopack docs (usage / --webpack).

• Bun + Next.js / Turbopack build instability is a known practical issue

  • Community issues and discussions indicate Bun can trigger intermittent build failures with Next.js/Turbopack (examples: GitHub issues and Vercel community threads). This supports the PR’s retry + Node fallback strategy and the non-blocking Bun-only CI canary. Sources: GitHub and Vercel community threads (example issues/discussions) found via Firecrawl search,,.

Citations:

• Next.js Turbopack docs / turbopackFileSystemCache (experimental flag details) — Firecrawl_firecrawl_search: https://nextjs.org/docs/app/api-reference/config/next-config-js/turbopackFileSystemCache
• Next.js Turbopack overview / --webpack note — Firecrawl_firecrawl_search: https://nextjs.org/docs/app/api-reference/turbopack
• Community reports of Bun + Next.js/Turbopack build problems — Firecrawl_firecrawl_search results (GitHub issues / Vercel community),,.

⏰ Context from checks skipped due to timeout of 30000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build (Next.js, Bun Strict Canary)
• GitHub Check: Build (Next.js)

🔇 Additional comments (10)

src/app/(app)/projects/[projectId]/chat/chat-client.tsx (1)

95-103: LGTM! Backward compatibility for pre-v2 markers is correctly implemented.

The UserMessageMarker type now makes domain and version optional, and the isUserMessageMarker type guard accepts markers where these fields are either their expected values or undefined. This correctly preserves compatibility with older thread markers when resuming sessions, addressing the backward compatibility concern from the previous review.

Also applies to: 146-161

.github/workflows/ci.yml (1)

139-161: LGTM!

The non-blocking canary job is well-structured: continue-on-error: true ensures CI doesn't fail on Bun-specific issues, pipefail catches pipeline failures, and logs are captured for analysis. This aligns with the Bun-first strategy while maintaining CI reliability. Based on learnings, this satisfies NFR-010 (Bun-only commands for CI gates).

docs/ops/build-runtime.md (1)

1-32: LGTM!

The documentation clearly establishes the Bun-only build policy with well-organized sections covering goals, entrypoints, CI, and Vercel deployment. This aligns with the project's IR-010 and NFR-010 requirements for Bun toolchain usage. Based on learnings, this supports the Bun-first strategy mandated by project specifications.

next.config.ts (3)

15-17: LGTM!

Disabling turbopackFileSystemCacheForBuild is appropriate given the documented instability of Turbopack filesystem caching for production builds. The inline comment provides clear rationale for revisiting this decision once benchmark data is collected.

---

45-55: LGTM!

The turbopack rules consistently apply the node_modules exclusion across all relevant file extensions. This ensures workflow-related processing is limited to project source files.

---

56-72: LGTM!

The webpack configuration defensively filters out the workflow loader with proper type guards. The nullable chaining (config.module?.rules) and runtime type checks ensure robustness against varying webpack configurations.

package.json (2)

38-94: LGTM!

The dependency updates are routine patch/minor version bumps. The use of beta versions for workflow aligns with the project's adoption of the workflow SDK. Based on learnings, the project uses Bun toolchain which these dependencies support.

---

126-136: Remove incorrect lodash-es version claim.

The lodash-es version ^4.17.23 does exist in npm registry (it's the latest stable version). No actionable issues remain with the overrides block as presented — the versions are all valid and the override paths follow standard npm syntax for nested dependency pinning.

Likely an incorrect or invalid review comment.

src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx (2)

32-52: Schema version/domain alignment looks good.

The stricter schema makes event validation explicit and matches the shared stream event versioning.

---

317-322: Expanded chunk-type acceptance is correct.

Accepting both data-workflow and data-code-mode keeps compatibility with the shared stream envelope while still validating the inner payload.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 162-168: The artifact upload step named "Upload strict Bun build
logs" is using actions/upload-artifact@v4 while other jobs use
actions/upload-artifact@v6.0.0; update the step that currently references
actions/upload-artifact@v4 to actions/upload-artifact@v6.0.0 (the same version
used in the `test` and `test-merge` jobs) to ensure consistent artifact behavior
across workflows.
- Around line 24-25: The lint job's Checkout step is using actions/checkout@v4
while other jobs use actions/checkout@v6.0.2; update the Checkout step in the
lint job (the step with name "Checkout" and uses "actions/checkout@v4") to use
actions/checkout@v6.0.2 so all jobs use the same checkout action version.

In `@docs/ops/build-runtime.md`:
- Around line 13-16: The two scripts `bun run build` and `bun run
build:strict-bun` both show the same command; update the docs to clarify why
both exist and when to use each by adding a short note after the command list
explaining the intent: indicate that `bun run build` is the general/local build
entry, `bun run build:strict-bun` is the CI/strict-environment (or future
stricter behavior) alias for reproducible builds, and mention any semantic
differences or planned divergence (e.g., stricter flags or environment
enforcement) so readers understand why both scripts are provided.

In `@package.json`:
- Around line 14-15: The package.json defines two scripts, "build" and
"build:strict-bun", that currently run the identical command (`bun --bun next
build --webpack`); either make their intent explicit or differentiate them:
update the "build:strict-bun" or "build" script to the intended different
command (e.g., add stricter flags or CI-specific env vars) or add a clarifying
comment in docs/README describing why both exist and are identical for now;
reference the "build" and "build:strict-bun" script names when making the change
so future maintainers understand the semantic distinction.

In `@src/app/`(app)/projects/[projectId]/code-mode/code-mode-client.tsx:
- Around line 200-203: The code removes the v2 key
`workflow:code-mode:v2:${parsedRunId}:startIndex` without migrating the legacy
key, so resume state is lost; update the logic around parsedRunId/startIndex to
first try reading the v2 sessionStorage key inside a try/catch, if absent
fallback to the legacy key `workflow:code-mode:${parsedRunId}:startIndex`, copy
that value into the v2 key (set it) and then remove the legacy key, and ensure
all sessionStorage get/set/remove uses are wrapped in try/catch; apply the same
migration/fallback for the other occurrence referenced (around lines 217-219)
and use consistent key names so reconnects preserve startIndex.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Scripts build and build:strict-bun are identical.

Both scripts run the exact same command: bun --bun next build --webpack. If they're intended to serve different purposes (e.g., CI canary vs. standard build), consider differentiating them or adding a comment in the documentation explaining the semantic distinction. If they're intentionally identical for now, this is acceptable but worth noting for future maintainers.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 14 - 15, The package.json defines two scripts,
"build" and "build:strict-bun", that currently run the identical command (`bun
--bun next build --webpack`); either make their intent explicit or differentiate
them: update the "build:strict-bun" or "build" script to the intended different
command (e.g., add stricter flags or CI-specific env vars) or add a clarifying
comment in docs/README describing why both exist and are identical for now;
reference the "build" and "build:strict-bun" script names when making the change
so future maintainers understand the semantic distinction.

[coderabbitai]

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e12f0c9 and b494028.

📒 Files selected for processing (3)

• .github/workflows/ci.yml
• docs/ops/build-runtime.md
• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{js,jsx,ts,tsx}: No promise-valued statement may be left unhandled. A Promise is handled ONLY if it is awaited, returned, terminated with .catch(...), terminated with .then(onFulfilled, onRejected) (rejection handler required), or explicitly ignored with void AND meets additional requirements.
For files importing or referencing AI SDK / Vercel AI modules (ai, @ai-sdk/*, @vercel/ai, openai, @openai/*), fire-and-forget is forbidden by default. If using void someAsyncCall(...), it MUST include an inline comment explaining why detaching is safe AND errors must be surfaced via .catch(...) or a dedicated error sink (logging/telemetry).

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{ts,tsx,js,jsx}: Hard FAIL if the PR introduces any test-only helpers, shims, mocks, or conditional branches intended only for tests in production source files. All test scaffolding must live in test suites and test configuration (Vitest and/or Playwright).
Doc comment formatting must satisfy Biome, including violations of useSingleJsDocAsterisk. Hard FAIL if Biome reports any issue with JSDoc/TSDoc formatting.
The first non-empty line inside a doc comment MUST be a single-sentence summary ending with a period .. The summary must describe behavior and intent, not just the symbol name. Hard FAIL if any condition is violated.
Only these tags are allowed in doc comments: @remarks, @param, @typeParam, @returns, @throws, @example, @see, @deprecated. Hard FAIL if any other @tag appears.
Doc comment tags must appear in this strict order (skip unused): @remarks, all @typeParam, all @param, @returns, all @throws, all @example, all @see, @deprecated. Hard FAIL if tags are out of order.
@remarks must be separated from the summary by a blank line and must have non-empty content. Hard FAIL if present but empty or not separated by a blank line.
For every exported function (including route handlers), document EVERY parameter with @param. Each @param line MUST match the exact pattern: @param <name> - <description> where <name> matches an actual parameter name, the literal separator - is present, and <description> is non-empty and explains semantics and constraints. JSDoc type braces are forbidden in TS/TSX. Hard FAIL if violations exist.
@returns is required for every exported function whose return type is not void and not Promise<void>, and for all Next.js route handlers. It must have non-empty semantic description. JSDoc type braces are forbidden in TS/TSX. Hard FAIL if required but missing, empty, or typed via braces.
If an exported function body contains the token throw in newly added or modified lines, at lea...

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{ts,tsx}: Every changed or added exported declaration (export function, export async function, export const, export class, export interface, export type, export enum, Next.js route handlers, re-exports) MUST have an immediately preceding doc comment /** ... */ with no blank line separating it. Hard FAIL if any required export lacks a doc comment.
If an exported function/type/class introduces generic type parameters AND they are not self-explanatory, require @typeParam per generic parameter following the pattern: @typeParam <name> - <description>. Hard FAIL if required generics are undocumented, or if @typeParam does not follow the hyphen pattern, or is empty.
In TS/TSX doc comments, these tags are forbidden: @type, @typedef, @property, @template, @enum, @memberof. Hard FAIL if any appear.
Server Actions are public endpoints. Inside every Server Action: validate input, authenticate, authorize. Never rely only on middleware/layout guards.
Minimize RSC→client serialization: pass only fields the client uses. Avoid sending multiple derived copies of large primitive arrays; derive in client unless the server compute is expensive or the client must not see the raw data.
Avoid duplicate serialization by reference: transformations like toSorted(), filter(), map(), spreads create new references. Prefer passing one reference across the RSC/client boundary.
Use react cache() for per-request deduplication of DB/auth/heavy compute within a single request. Avoid inline object args (cache hits require stable identity). Note: Next.js fetch is already memoized per request.
Use Next.js after() for non-blocking work (logging, analytics, notifications, cleanup). Do not block responses on side effects.

**/*.{ts,tsx}: Enforce strict TypeScript with no use of 'any' type
Code must pass bun run typecheck clean (TypeScript compiler)

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

**/*.{tsx,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{tsx,jsx}: Pure presentational React components exported only for JSX composition may omit doc comments ONLY if they have no non-obvious behavior (no IO, no side effects, no caching semantics, no security checks, no data fetching, no tool calls). If in doubt, require doc comment.
Defer non-critical third-party code (analytics, error tracking) until after hydration: next/dynamic(..., { ssr:false }) or client-only boundary.
Dynamically import heavy components not needed for initial paint (editors, charts, maps). Use ssr:false when they require the DOM.
Preload based on user intent (hover/focus) or feature flags to reduce perceived latency. Preload should be optional and non-blocking.
Prefer SWR (or an equivalent) for client fetching to get caching, deduplication, revalidation, and mutation helpers.
Deduplicate global event listeners. Avoid "N components = N listeners" patterns; centralize subscriptions and fan out callbacks.
Do not subscribe to reactive sources you only need in callbacks (e.g., search params). Read at the point of use when possible.
Put early returns before expensive computations. If needed, extract expensive work into memoized components so "loading" paths skip the work.
Narrow effect dependencies: depend on primitives and derived booleans, not entire objects.
Subscribe to derived state rather than continuous signals (use media queries instead of window width pixels when only a breakpoint matters).
Use functional state updates when new state depends on previous state (setX(curr => ...)). This prevents stale closures and stabilizes callbacks.
Use lazy state initialization for expensive initial values (useState(() => expensive())), especially storage parsing or index building.
Use transitions for frequent non-urgent updates (startTransition) to preserve responsiveness (scroll tracking, large filtering).
Forms: keep inputs hydration-safe (no lost focus/value). Never block paste in <input>/<textarea>. Loading buttons show spinner and...

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

**/*.tsx

📄 CodeRabbit inference engine (Custom checks)

Parallelize server data fetches with component composition: split independent async server components so they can run concurrently. Avoid "parent awaits, child awaits" chains.

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

**/*.{css,tsx,jsx}

📄 CodeRabbit inference engine (Custom checks)

**/*.{css,tsx,jsx}: Honor prefers-reduced-motion in animations (provide reduced variant or disable).
Prefer CSS > Web Animations API > JS libraries for animations.
Animate only compositor-friendly props (transform, opacity). Never animate layout props (top, left, width, height).
Animate only to clarify cause/effect or add deliberate delight. Animations must be interruptible and input-driven (no autoplay).
Use optical alignment; adjust ±1px when perception beats geometry.
Ensure deliberate alignment to grid/baseline/edges – no accidental placement. Verify mobile, laptop, ultra-wide (simulate ultra-wide at 50% zoom).
Balance icon/text lockups (weight/size/spacing/color). Respect safe areas (env(safe-area-inset-*)). Avoid unwanted scrollbars; fix overflows.
Prefer Flex/Grid over JS measurement for layout.
Full keyboard support per WAI-ARIA APG. Must have visible focus rings (:focus-visible; group with :focus-within). Manage focus (trap, move, return) per APG patterns. Never use outline: none without visible focus replacement.
Hit target ≥24px (mobile ≥44px); if visual <24px, expand hit area. Mobile <input> font-size ≥16px to prevent iOS zoom. Never disable browser zoom. Use touch-action: manipulation to prevent double-tap zoom. Set -webkit-tap-highlight-color to match design.
Touch & Drag: generous targets, clear affordances; avoid finicky interactions. Delay first tooltip; subsequent peers instant. Use overscroll-behavior: contain in modals/drawers. During drag, disable text selection and set inert on dragged elements. If it looks clickable, it must be clickable.
Use curly quotes (" "); avoid widows/orphans (text-wrap: balance). Use font-variant-numeric: tabular-nums for number comparisons. Redundant status cues (not color-only); icons have text labels.
Text containers handle long content (truncate, line-clamp-*, break-words). Flex children need min-w-0 to allow truncation. Handle empty states – no broken UI for empty stri...

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

**/*.{css,tsx,jsx,svg}

📄 CodeRabbit inference engine (Custom checks)

Set correct transform-origin for animations (motion starts where it "physically" should). For SVG transforms, use <g> wrapper with transform-box: fill-box.

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

**/*.{tsx,jsx,css}

📄 CodeRabbit inference engine (Custom checks)

**/*.{tsx,jsx,css}: Forms: accept free text, validate after – don't block typing. Allow incomplete form submission to surface validation. Errors inline next to fields; on submit, focus first error. Use autocomplete + meaningful name; correct type and inputmode.
Inline help first; tooltips last resort. Skeletons mirror final content to avoid layout shift. <title> matches current context. No dead ends; always offer next step/recovery. Design empty/sparse/dense/error states.
For dark themes, use color-scheme: dark on <html>. Set <meta name="theme-color"> to match page background. For native <select>: explicit background-color and color (Windows fix).

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

src/app/**/*

📄 CodeRabbit inference engine (AGENTS.md)

Use Next.js App Router patterns only (no Pages Router)

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

src/app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Enable Cache Components with 'use cache' directive and use cacheTag/revalidateTag for stable server reads

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.{ts,tsx}: Use memoization (useMemo, useCallback, React.memo) only for expensive computations or to prevent costly re-renders; avoid memo for simple primitives/cheap work; hoist stable non-primitive defaults
Provide TSDoc documentation for all exported APIs
Use Neon Auth only (@neondatabase/auth) for authentication
Prefer AI SDK's gateway(...) / createGateway(...) provider for model routing
Use AI SDK Gateway provider base URL https://ai-gateway.vercel.sh/v3/ai (default; configurable via AI_GATEWAY_BASE_URL)
Use OpenAI-compatible base URL https://ai-gateway.vercel.sh/v1 for OpenAI SDK compatibility and GET /models
Public/exported APIs must have valid TSDoc documentation

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.{ts,tsx,js,jsx}: Do not use package barrel imports by default; use explicit imports
Use barrel imports only for packages listed in next.config.ts experimental.optimizePackageImports (currently radix-ui and lucide-react)
Code must pass bun run format with no changes
Code must pass bun run lint clean (Biome + ESLint for TSDoc syntax and JSDoc on exported APIs)
No console spam in production paths

Files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

🧠 Learnings (13)

📓 Common learnings

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/workflows/**/*.{ts,tsx} : Place workflow-only shared helpers in src/workflows/_shared/ instead of src/lib/; avoid index.ts re-export facades and import concrete modules directly

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Implement durable, multi-step 'Run' workflows using Vercel Workflow DevKit for interactive runs and Upstash QStash for background jobs, serving as the base pattern for all workflow execution (FR-010, IR-004).

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Use Bun toolchain for installs, scripts, and CI; run Vercel Functions on Bun runtime where supported (IR-010).

Applied to files:

• docs/ops/build-runtime.md
• .github/workflows/ci.yml

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Use Bun only for installs and scripts (not npm/yarn/pnpm)

Applied to files:

• docs/ops/build-runtime.md

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Enforce CI quality gates with Bun-only commands for format, lint, typecheck, test, and build (NFR-010).

Applied to files:

• docs/ops/build-runtime.md
• .github/workflows/ci.yml

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Optimize repository conventions for AI coding agents: include AGENTS.md documentation, maintain strict doc requirements, and use deterministic scripts (NFR-011).

Applied to files:

• docs/ops/build-runtime.md

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Code must pass bun run build clean

Applied to files:

• docs/ops/build-runtime.md
• .github/workflows/ci.yml

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Run all command execution touching untrusted inputs or code in Vercel Sandbox; keep app runtime minimal (NFR-014).

Applied to files:

• docs/ops/build-runtime.md

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Implement durable Implementation Run workflow for structured plan → code → verify → deploy execution using Vercel Workflow DevKit (FR-023).

Applied to files:

• docs/ops/build-runtime.md
• .github/workflows/ci.yml

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Enforce default-deny command allowlists in sandbox execution, confine workspace path to `/vercel/sandbox`, and restrict package-exec tools (npx, bunx) to explicit allowlist (NFR-016).

Applied to files:

• docs/ops/build-runtime.md

📚 Learning: 2026-01-30T23:33:55.731Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-01-30T23:33:55.731Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : For localStorage/sessionStorage: version keys, store minimal data, wrap get/set in try/catch, and implement migrations. Never store secrets, tokens, or PII unless explicitly required.

Applied to files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

📚 Learning: 2026-02-11T08:17:14.613Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: docs/specs/requirements.md:0-0
Timestamp: 2026-02-11T08:17:14.613Z
Learning: Ensure runs and interactive chat streams resume after client disconnects/timeouts and continue to completion (PR-004).

Applied to files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

📚 Learning: 2026-02-04T07:05:13.147Z

Learnt from: BjornMelin
Repo: BjornMelin/ai-agent-builder PR: 13
File: next.config.ts:5-21
Timestamp: 2026-02-04T07:05:13.147Z
Learning: Standardize Radix UI imports by using the top-level 'radix-ui' package instead of scoped imports like 'radix-ui/react-use-controllable-state'. In reviews, flag and update any files that import from 'radix-ui/*' and replace with the corresponding import from 'radix-ui'. This improves consistency and reduces potential version drift.

Applied to files:

• src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx

📚 Learning: 2026-02-11T08:17:44.398Z

Learnt from: CR
Repo: BjornMelin/ai-agent-builder PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-11T08:17:44.398Z
Learning: Applies to src/**/*.{ts,tsx,js,jsx} : Code must pass bun run format with no changes

Applied to files:

• .github/workflows/ci.yml

🔍 Remote MCP Firecrawl

Summary of web-sourced facts relevant to this PR (from Next.js docs via Firecrawl):

• Next.js supports opting out of Turbopack and using Webpack by passing the --webpack flag to next build/dev (docs show examples using next build --webpack).

• Turbopack’s filesystem cache for production builds is opt-in: experimental.turbopackFileSystemCacheForBuild must be enabled to persist filesystem caching across next build; turbopackFileSystemCacheForDev is enabled by default for dev. (Docs explicitly describe turbopackFileSystemCacheForBuild as opt-in/experimental.)

• Turbopack configuration exposes a turbopack.rules option (mapping globs like '*.svg' to loaders) and other turbopack options in next.config.js/ts; the PR’s addition of turbopack.rules and disabling turbopackFileSystemCacheForBuild aligns with documented config fields.

Additional note for reviewers: these docs support the PR’s approach to (a) adding --webpack fallbacks in build scripts, (b) adding explicit turbopack.rules entries, and (c) disabling the experimental filesystem cache for builds to avoid cache-related nondeterminism during CI.

⏰ Context from checks skipped due to timeout of 30000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build (Next.js)
• GitHub Check: Build (Next.js, Bun Strict Canary)

🔇 Additional comments (5)

.github/workflows/ci.yml (1)

139-168: Bun strict canary job looks solid.

Non-blocking canary build with log capture and artifact upload is well-structured.

docs/ops/build-runtime.md (1)

1-37: Clear and consistent Bun-first policy doc.

The build entrypoints and CI/Vercel policy are explained cleanly.

src/app/(app)/projects/[projectId]/code-mode/code-mode-client.tsx (3)

32-52: Schema versioning changes look correct.

The addition of domain: z.literal("code-mode") and version: z.literal(2) aligns with the PR's introduction of domain-based envelopes and schema versioning across workflow stream events. The Zod 4 syntax with z.looseObject and z.literal is used correctly.

---

357-362: Backward-compatible chunk type handling.

Accepting both data-workflow and data-code-mode chunk types ensures compatibility during the transition to the new domain-based envelope system while maintaining support for existing event formats.

---

246-247: Migration and cleanup integration is correct.

• Line 246: void migrateStartIndexStorage(parsedRunId) performs migration as a side-effect on start, discarding the return value since the actual index is read later.
• Lines 257-259: Properly uses v2 storage key and calls migration when connecting to the stream.
• Line 455: clearStartIndexStorage(currentRunId) cleans up both legacy and v2 keys on completion.

The flow ensures migration happens before reading and cleanup happens on successful completion.

Also applies to: 257-259, 455-456

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@src/app/`(app)/projects/[projectId]/code-mode/code-mode-client.tsx:
- Around line 91-135: There is a duplicate review comment/marker present
([duplicate_comment]) for the storage migration utilities; remove the duplicate
approval marker or consolidate the redundant review comment so only one
approval/comment remains for the changes around getStartIndexStorageKeys,
migrateStartIndexStorage, and clearStartIndexStorage to avoid repeated reviewer
noise.