Skip to content

chore(deps): upgrade workspace to TypeScript 6#5167

Draft
rschlaefli wants to merge 8 commits into
feature/upgrade-next-reactfrom
feature/upgrade-typescript
Draft

chore(deps): upgrade workspace to TypeScript 6#5167
rschlaefli wants to merge 8 commits into
feature/upgrade-next-reactfrom
feature/upgrade-typescript

Conversation

@rschlaefli

@rschlaefli rschlaefli commented Jul 12, 2026

Copy link
Copy Markdown
Member

Summary

This PR upgrades the main workspace to TypeScript 6.0.3 while leaving the Office Add-in on 5.6.3.

  • Updates all 28 in-scope TypeScript consumers and regenerates the lockfile with pnpm 11.5.0.
  • Removes deprecated baseUrl use and makes path mappings explicit. Frontend targets move from ES5 to the TypeScript 6 minimum of ES2015.
  • Adds a fail-closed Prisma generated-code patch with four invariant tests and a narrow peer override for prisma-json-types-generator@3.6.0.
  • Keeps GraphQL declaration builds separate from no-emit checks and exports the generated PrismaTypes directly.
  • Adds Cypress, Playwright, and Prisma compatibility checks to the root typecheck graph.
  • Documents the compiler, Prisma generation, and verification workflow in the engineering wiki and existing skills.

How it works

  • Syncpack ignores only the Office Add-in TypeScript version. Its manifest, source, and lockfile importer remain unchanged.
  • Prisma generation patches three generated null-enum declarations. The script is idempotent and fails when expected declarations are missing or duplicated.
  • GraphQL and Prisma use dedicated no-emit check configs so declaration output remains part of production builds without weakening root typechecks.
  • Vitest resolves the same @/* GraphQL alias as TypeScript. The Prisma check generates its client before typechecking, so clean CI jobs do not rely on an earlier build or cache restore.
  • Cypress explicitly preserves its TypeScript 5 non-strict baseline. Playwright remains strict.
  • Existing source imports use repository-standard aliases after baseUrl removal. Manage and PWA retain narrow public/* mappings for existing asset imports.

Branch coverage

  • Base: feature/upgrade-next-react
  • Head: 81812b892
  • Reviewed: 8 commits, 88 files, 1,031 insertions, 418 deletions
  • Plan: PR #5167 TypeScript 6 upgrade plan
  • Covered: plan, dependency upgrade, compiler configuration, Prisma and GraphQL compatibility, verification gates, wiki and skill updates, security review, maintainability review, and final simplification

Review focus

  • Check the Prisma generated-code patch, its exact-cardinality guard, and the documented removal conditions.
  • Review the narrow compatibility exceptions for Cypress, Docs, Office Add-in, and existing public/* imports.
  • Confirm the GraphQL check/build split preserves declaration output while keeping root typechecks clean.
  • Confirm the clean CI checks cover both GraphQL runtime imports and generated Prisma client recovery.

Verification

Current head:

  • Missing-client pnpm --filter @klicker-uzh/prisma check in Node 24.16.0: passed generation, typecheck, and all four patch invariants.
  • Root Node 24.16.0 typecheck graph: passed, 25/25 tasks before removal of the redundant Prisma self-build edge.
  • Pre-commit pnpm run check:all: passed on current head, including 24/24 typecheck tasks and all four Prisma patch tests.
  • Pre-push pnpm run build: passed on current head, 21/21 tasks.
  • PR check-types: passed on current head.
  • PR test-graphql and test-graphql-status: passed on current head.

Earlier branch verification that still applies:

  • Fresh DevPod install with Node 24.16.0, pnpm 11.5.0, and TypeScript 6.0.3: passed the 3,995-entry lockfile policy.
  • Cold production build: 21/21 tasks. Test build: 19/19 tasks. Docs production build: passed.
  • pnpm --filter @klicker-uzh/graphql check and production build in Node 24.16.0: passed; production build retains the existing Pothos declaration warnings.
  • Browser smoke: delegated manage login, PWA login, control course list, and logged-out chat rendered without page errors.
  • Scoped Opengrep scan of the two new Prisma script files: zero findings across 200 rules.
  • Security and strict maintainability reviews: no remaining code findings.

Warnings and limits:

  • The formerly blocked GraphQL suite now passes in the clean PR test environment. The direct shared-DevPod run remains unsuitable as a full-suite result because its database, Redis addresses, and Hatchet worker state are not test-isolated.
  • Repository-wide Opengrep and package-audit findings remain existing baseline debt. The scoped Prisma-script scan found no new issue, and the registry audit reported no TypeScript advisory.
  • The unchanged Hatchet SDK exposes an existing heartbeat logger TypeError during local worker startup.

Security / privacy

  • The Prisma patch reads and writes one fixed generated file and fails closed on unexpected source shape.
  • The TypeScript package is pinned with lockfile integrity, and the peer override is scoped to one generator version.
  • No secrets, private payloads, or credentials are included.

Blocking before merge

  • PR CI passes, including the GraphQL runtime test.

Follow-up after merge

  • Remove the Prisma patch and generator peer override when upstream releases compile cleanly under TypeScript 6.
  • Upgrade the Office Add-in compiler in its separate rework PR.

@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ec1b1429-090b-4462-9e78-1a0cdf5bb4c9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps

greptile-apps Bot commented Jul 12, 2026

Copy link
Copy Markdown

Confidence Score: 4/5

This is close, but the remaining GraphQL script runtime break should be fixed before merging.

  • The latest GraphQL alias fix covers Vitest.
  • A direct tsx script still imports through @, which can fail at startup.
  • The remaining issue is narrow and has a small local fix.

packages/graphql/src/scripts/2024-04-19_check_open_instance_results.ts

Important Files Changed

Filename Overview
packages/graphql/src/scripts/2024-04-19_check_open_instance_results.ts One maintenance script now imports through @, which is not resolved by its direct runtime path.
packages/graphql/vitest.config.ts Adds a Vitest resolver alias for the GraphQL @ path mapping.
packages/prisma/scripts/patchPrismaNamespace.mjs Adds a fail-closed Prisma namespace patch for TypeScript 6 generated declarations.

Fix All in Codex Fix All in Claude Code

Reviews (2): Last reviewed commit: "fix(ci): make TypeScript checks clean-st..." | Re-trigger Greptile

@@ -1,11 +1,11 @@
import { ContextWithUser } from '@/lib/context.js'

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 GraphQL Alias Has No Runtime Resolver

When GraphQL is built, tested, or run through tsx scripts, the new @/... imports are not covered by the package tooling. tsconfig.json teaches TypeScript about @/*, but Rollup, Vitest, and direct tsx script execution have no matching alias, so changed imports like @/lib/context.js, @/ops.js, and @/services/... can pass tsc and then fail with Cannot find module '@/...'.

Context Used: CLAUDE.md (source)

Fix in Codex Fix in Claude Code

@@ -1,3 +1,4 @@
import { FreeTextQuestionOptions, NumericalQuestionOptions } from '@/ops.js'

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Script Alias Still Breaks

This script is still run through the package's direct tsx script path, but tsx does not resolve compilerOptions.paths at runtime. The new @/ops.js import can pass typechecking and then fail before the script starts with Cannot find module '@/ops.js'. The Vitest alias fixes the test runner path, but this direct script path still needs a runtime resolver or a relative import.

Suggested change
import { FreeTextQuestionOptions, NumericalQuestionOptions } from '@/ops.js'
import { FreeTextQuestionOptions, NumericalQuestionOptions } from '../ops.js'

Fix in Codex Fix in Claude Code

@rschlaefli

Copy link
Copy Markdown
Member Author

Greptile finding verified as a false positive on current head. The project's direct Node 24 tsx runtime resolves this exact alias. From packages/graphql, pnpm exec tsx -e "import('@/ops.js').then(() => console.log('ops alias resolved'))" prints ops alias resolved. The production Rollup build also passes, so no code change is warranted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant