refactor

[prdai]

Summary by CodeRabbit

• New Features

  • Dashboard route protection via a new request proxy.
  • Added Cloudflare environment type definitions for improved type safety.

• Chores

  • Updated project dependencies and CLI scripts.
  • Adjusted commit lint rules and pre-commit hooks.

• Refactor

  • Simplified client-side API initialization (TRPC).

• Documentation

  • Removed installation, quickstart, and project summary guides.

• Style/Config

  • Removed GitHub social provider and updated auth cookie/session settings.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The pull request removes Husky pre-commit hook and simplifies the commit-msg hook, deletes multiple documentation and database seed/reset scripts, adds a Cloudflare environment type definition, introduces a /dashboard proxy middleware, refactors the tRPC client to direct client initialization, updates auth cookie/session settings, removes DATABASE_URL from env, updates commitlint rules, removes "type": "module" and adds a cf-typegen script in package.json, and applies dependency/version updates and minor formatting changes.

Changes

Cohort / File(s)	Change Summary
Git Hooks .husky/commit-msg, .husky/pre-commit	.husky/commit-msg had Husky bootstrap removed and left a direct bunx --no -- commitlint --edit $1 call; .husky/pre-commit was deleted.
Documentation Removed INSTALLATION.md, PROJECT_SUMMARY.md, QUICKSTART.md	Deleted comprehensive installation, project summary, and quick-start documentation files.
Cloudflare types & config cloudflare-env.d.ts, wrangler.jsonc	Added cloudflare-env.d.ts exporting CloudflareEnv interface (KV, R2, D1, ASSETS, ENV vars); wrangler.jsonc only had formatting/trailing-comma adjustments.
Commit linting commitlint.config.js	Switched string quoting to double quotes; disabled subject-case rule and added body-max-line-length: [0], relaxing commit message constraints.
Package manifest & deps package.json	Removed top-level "type": "module"; added "cf-typegen" script; bumped many dependencies/devDependencies.
Environment schema src/env.ts	Removed DATABASE_URL from server zod schema and runtimeEnv mapping.
Authentication config src/lib/auth.ts	Removed GitHub social provider; added advanced.cookiePrefix, advanced.useSecureCookies, and session.cookieCache with strategy: "jwt".
Proxy middleware src/proxy.ts	New proxy(request: NextRequest) function exported; checks session cookie and redirects to / if absent; exports config with matcher: ["/dashboard"].
Database utilities removed src/server/db/reset.ts, src/server/db/seed.ts	Deleted DB reset and seed scripts that used Drizzle/D1 and drizzle-seed.
tRPC client refactor src/trpc/client.ts	Replaced createTRPCReact usage and exported api with direct createTRPCClient<AppRouter>({...}) client creation; QueryClient remains; provider composition updated accordingly.
tRPC route log message src/app/api/trpc/[trpc]/route.ts	Changed development error log from a prefixed emoji message to plain text ("❌ tRPC failed on ..." → "tRPC failed on ...").

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

• Areas needing attention:
  • TRPC client refactor and provider composition (ensure consumers and hooks are updated).
  • Auth changes: cookie settings, JWT session strategy, and removed GitHub provider effects.
  • Removal of DATABASE_URL and deleted seed/reset scripts (confirm no runtime reliance elsewhere).
  • Dependency bumps and type: "module" removal — check build/runtime on ESM/CJS boundaries.

Poem

🐰 With hooks trimmed and docs set free,
A cloudly type hops into the tree,
Cookies snug, sessions now JWT,
TRPC runs lean, components meet,
The rabbit cheers: "New paths to flee!"

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'refactor' is vague and does not clearly convey the specific changes made in the pull request, which include removing Husky hooks, documentation files, database scripts, restructuring environment configuration, updating dependencies, and refactoring tRPC client integration.	Replace the generic 'refactor' title with a specific description of the main change, such as 'Restructure project: remove Husky hooks, update dependencies, and refactor tRPC client' or focus on the most significant change if narrowing scope.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 19adec7 and 8f8210b.

📒 Files selected for processing (1)

• src/app/api/trpc/[trpc]/route.ts (1 hunks)

🔇 Additional comments (1)

src/app/api/trpc/[trpc]/route.ts (1)

17-20: LGTM! Improved log consistency.

Removing the emoji prefix from the error log message is a minor but useful improvement that enhances log parsing and searchability while maintaining the same diagnostic information.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Cloudflare Deployment

Status: ❌ Deployment failed
Commit: 6ff5c2e
Branch: refactor

The deployment to Cloudflare failed. Please check the workflow logs for more details.

---

Last updated: 12/02/2025, 21:07:10 +05:30 GMT

[gemini-code-assist]

Summary of Changes

Hello @prdai, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on a comprehensive maintenance and refinement effort across the project. It updates numerous dependencies to their latest versions, streamlines development workflows by adjusting Git hooks and commit linting rules, and enhances Cloudflare integration with improved type generation. The changes also include significant updates to authentication configurations for better security and session management, alongside a simplification of the project's documentation and database management scripts. The overall goal is to improve the project's stability, developer experience, and alignment with modern best practices.

Highlights

• Dependency Updates: Numerous project dependencies have been updated to their latest versions, including core frameworks like Next.js and React, as well as various libraries for authentication, data fetching, and UI components. This ensures the project benefits from the latest features, performance improvements, and security patches.
• Documentation Streamlining: Several documentation files, specifically INSTALLATION.md, PROJECT_SUMMARY.md, and QUICKSTART.md, have been removed. This indicates a consolidation or deprecation of these specific guides, likely to centralize information or simplify the project's documentation structure.
• Cloudflare Integration Enhancements: A new cloudflare-env.d.ts file and a cf-typegen script have been introduced to generate types for the Cloudflare Worker environment. This improves type safety and developer experience when working with Cloudflare resources like KV, R2, and D1.
• Authentication Configuration Refinement: The better-auth configuration in src/lib/auth.ts has been updated to include cookiePrefix, useSecureCookies, and session.cookieCache settings, enhancing the security and management of user sessions. Additionally, a new src/proxy.ts file introduces a basic authentication proxy for routes like /dashboard.
• Development Workflow Adjustments: Git hooks have been streamlined by simplifying .husky/commit-msg and removing .husky/pre-commit. The commitlint.config.js has also been adjusted to relax commit message formatting rules, providing more flexibility for commit subjects and body line lengths.
• Database Management Simplification: The dedicated src/server/db/reset.ts and src/server/db/seed.ts files have been removed, suggesting that database reset and seeding functionalities might now be handled through alternative methods or are no longer part of the core project setup.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request includes a wide range of changes, from dependency updates and configuration adjustments to the removal of several documentation and script files. While many of the dependency updates are welcome, there are several critical issues that need to be addressed.

Key issues identified:

• Broken tRPC Client: The tRPC client setup in src/trpc/client.ts is broken and will prevent the application from fetching data.
• Broken npm Scripts: The db:seed and db:reset scripts in package.json are now broken as the files they point to have been removed.
• Removed Pre-commit Hook: The pre-commit hook for linting has been removed, which could impact code quality.
• Hardcoded Resource ID: A hardcoded Cloudflare KV namespace ID has been committed in wrangler.jsonc.
• Documentation Removal: A significant amount of documentation (INSTALLATION.md, PROJECT_SUMMARY.md, QUICKSTART.md) has been removed without explanation.

These issues should be resolved before merging to ensure the project remains functional and maintainable.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/trpc/client.ts (1)

3-52: TRPC client/provider is currently broken—missing imports, undefined identifiers, and incomplete configuration

This file has several correctness issues that will prevent compilation and runtime execution:

• The file is named client.ts but contains JSX (<api.Provider>, <QueryClientProvider>). With jsx: preserve in tsconfig, JSX is only allowed in .tsx/.jsx files.
• api is referenced in the JSX on line 50 but is never defined or imported.
• QueryClientProvider is used on line 51 but never imported (only QueryClient is imported on line 4).
• createTRPCClient<AppRouter>({}) on line 47 is called with an empty config; TRPC v11 requires at least one link (e.g., httpBatchLink) and typically a transformer like superjson.
• getBaseUrl, httpBatchLink, and superjson are all imported but unused, indicating the client wiring is incomplete.

To fix this, switch to createTRPCReact (already available in package.json as @trpc/react-query@^11.7.2) and properly configure the links and transformer:

+"use client";
+
+import { AppRouter } from "@/server/routers/_app";
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+import { httpBatchLink } from "@trpc/client";
+import { createTRPCReact } from "@trpc/react-query";
+import { useState } from "react";
+import superjson from "superjson";
+
+export const api = createTRPCReact<AppRouter>();

 export function TRPCProvider({ children }: { children: React.ReactNode }) {
   const queryClient = getQueryClient();
 
   const [trpcClient] = useState(() =>
-    createTRPCClient<AppRouter>({}),
+    api.createClient({
+      transformer: superjson,
+      links: [
+        httpBatchLink({
+          url: `${getBaseUrl()}/api/trpc`,
+        }),
+      ],
+    }),
   );
+
   return (
-    <api.Provider client= { trpcClient } queryClient = { queryClient } >
-      <QueryClientProvider client={ queryClient }> { children } </QueryClientProvider>
-        </api.Provider>
+    <QueryClientProvider client={queryClient}>
+      <api.Provider client={trpcClient} queryClient={queryClient}>
+        {children}
+      </api.Provider>
+    </QueryClientProvider>
   );
 }

Also rename this file to client.tsx so JSX parses cleanly.

🧹 Nitpick comments (2)

src/lib/auth.ts (1)

13-19: Cookie/session options look good; confirm they don’t break HTTP dev

cookiePrefix and enabling session.cookieCache with strategy: "jwt" make sense. With advanced.useSecureCookies: true, cookies won’t be sent over plain HTTP, so if you ever run the app over http://localhost (not behind HTTPS/CF), auth may silently fail. Consider gating this on environment if you expect non-HTTPS local runs, or confirm everything is always served over HTTPS.

package.json (1)

18-92: Align scripts/deps with actual tooling and DB files

A couple of things to double‑check around these script and dependency changes:

• db:seed / db:reset still point at src/server/db/seed.ts and reset.ts. If those files were removed in this PR, these scripts will now just error; either restore the scripts or delete/repurpose these commands.
• You’ve added prepare: "husky install" and still depend on husky / lint-staged. If you intended to drop Git hooks from this repo, consider removing the prepare script and those devDeps; otherwise, make sure there’s a .husky directory with actual hooks so prepare does something useful.
• With all the major version bumps (Next 15, React 19, TRPC 11, TanStack Query 5, ESLint 9, TypeScript 5.9, Wrangler 3.x, etc.), it’s worth re-running bun run type-check, bun run lint, and your test suite to catch any incompatibilities. Also make sure your @types/react* versions are compatible with the chosen React version.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 89a94d3 and 19adec7.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

• .husky/commit-msg (0 hunks)
• .husky/pre-commit (0 hunks)
• INSTALLATION.md (0 hunks)
• PROJECT_SUMMARY.md (0 hunks)
• QUICKSTART.md (0 hunks)
• cloudflare-env.d.ts (1 hunks)
• commitlint.config.js (1 hunks)
• package.json (1 hunks)
• src/env.ts (0 hunks)
• src/lib/auth.ts (1 hunks)
• src/proxy.ts (1 hunks)
• src/server/db/reset.ts (0 hunks)
• src/server/db/seed.ts (0 hunks)
• src/trpc/client.ts (2 hunks)
• wrangler.jsonc (1 hunks)

💤 Files with no reviewable changes (8)

• .husky/pre-commit
• src/env.ts
• INSTALLATION.md
• src/server/db/reset.ts
• QUICKSTART.md
• src/server/db/seed.ts
• .husky/commit-msg
• PROJECT_SUMMARY.md

🧰 Additional context used

🧬 Code graph analysis (1)

src/trpc/client.ts (1)

src/server/routers/_app.ts (1)

• AppRouter (8-8)

🪛 Biome (2.1.2)

src/trpc/client.ts

[error] 50-50: expected > but instead found client

Remove client

(parse)

---

[error] 50-50: Invalid assignment to <api.Provider client

This expression cannot be assigned to

(parse)

---

[error] 50-50: expected ) but instead found queryClient

Remove queryClient

(parse)

---

[error] 51-51: expected > but instead found client

Remove client

(parse)

---

[error] 50-51: Invalid assignment to { queryClient } > <QueryClientProvider client

This expression cannot be assigned to

(parse)

---

[error] 51-51: unterminated regex literal

...but the line ends here

a regex literal starts there...

(parse)

---

[error] 52-52: unterminated regex literal

...but the line ends here

a regex literal starts there...

(parse)

---

[error] 50-50: Can't assign queryClient because it's a constant.

This is where the variable is defined as constant.

Unsafe fix: Replace const with let if you assign it to a new value.

(lint/correctness/noConstAssign)

🔇 Additional comments (5)

commitlint.config.js (1)

2-22: Commitlint rules relaxed; only subject/body checks now disabled

• Line 2 and the type-enum block (Lines 4-20) only change quote style; behavior stays the same and looks fine.
• Lines 21-22 set subject-case and body-max-line-length to [0], which fully disables those checks. That means commit subjects can use any casing and body lines can be arbitrarily long.

If the goal is to reduce friction around commit formatting, this config is consistent with that. If you still want some guardrails, you might instead use non‑zero levels (e.g., warnings) and keep a max body length.

src/proxy.ts (2)

17-19: Remove or correct the middleware matcher—the protected /dashboard route does not exist in the application.

The matcher currently protects a non-existent /dashboard route, making the middleware ineffective. The actual application routes are / (home), /api/auth/[...all], and /api/trpc/[trpc]. Additionally, the proxy function itself includes a comment warning "THIS IS NOT SECURE!" and recommends handling auth checks in each page/route rather than via middleware. Either remove the middleware configuration if auth is handled per-route, or update the matcher to protect the routes that actually require authentication (e.g., /api/trpc or /).

Likely an incorrect or invalid review comment.

---

4-15: Clarify the middleware comment—the cookie presence check pattern is correct.

The proxy middleware is correctly implemented according to better-auth recommendations. Middleware should only check for cookie presence using getSessionCookie() for optimistic routing; authoritative session validation happens server-side (as evidenced by your protectedProcedure in tRPC that checks ctx.session?.userId).

The comment "THIS IS NOT SECURE!" is misleading. The middleware pattern is secure when paired with server-side validation—which you already have. Consider updating the comment to clarify that this middleware provides UX-level routing only and that actual authorization checks occur in server components and procedures.

Do not replace getSessionCookie() with auth.api.getSession() in middleware; that would cause Edge runtime errors since full session validation requires database/server calls.

Likely an incorrect or invalid review comment.

wrangler.jsonc (1)

8-35: Wrangler bindings + vars are consistent with CloudflareEnv

The added R2_PUBLIC_URL and updated commas look fine, and the bindings (DB, R2_STORAGE, CACHE_KV, ASSETS) align with the new CloudflareEnv interface. Just keep this file and cloudflare-env.d.ts in sync whenever you add/change bindings.

cloudflare-env.d.ts (1)

1-10: Generated CloudflareEnv matches Wrangler config

The generated CloudflareEnv interface lines up with the bindings and vars in wrangler.jsonc (CACHE_KV, R2_STORAGE, DB, ASSETS, ENVIRONMENT, R2_PUBLIC_URL). This looks good as a type source of truth—just avoid hand-editing and rely on the cf-typegen/wrangler types command when config changes.