feat:desinger support upload to OBS

[discreted66]

PR

feat:设计器支持上传到obs桶

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our Commit Message Guidelines
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Documentation content changes
• Other... Please describe:

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

• Yes
• No

Other information

Summary by CodeRabbit

• New Features

  • Integrated low-code designer with environment-configurable URL and enable/disable functionality for flexible deployment

• Build

  • Enhanced deployment workflow to build and integrate the designer alongside main application

• Chores

  • Updated package dependencies to newer compatible versions

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request integrates a low-code designer into the deployment workflow and build toolchain. It adds environment-based configuration for enabling/disabling the designer and specifying its URL. Dependency versions are pinned via pnpm overrides, build configurations are updated to support designer assets, and UI components are modified to use configurable designer URLs.

Changes

Cohort / File(s)	Summary
Deployment Workflow .github/workflows/deploy-obs.yml	Adds build and integration steps for low-code designer: new "Build lowcode-designer" step with increased Node memory, new "Copy lowcode-designer to vue-pro/designer" step, and wiring into main Build site job to include designer assets in final dist before copying pages.
Dependency Management package.json	Adds pnpm overrides block pinning multiple @opentiny/* packages' transitive @opentiny/vue-renderless dependency to ~3.20.0.
Designer Package template/lowcode-designer/package.json	Downgrades @opentiny/* public dependencies from ^3.27.0 to ~3.20.0 (vue, vue-design-smb, vue-icon, vue-locale, vue-renderless, vue-theme).
Designer Build Config template/lowcode-designer/vite.config.js	Adds loadEnv import, environment-driven base path (VITE_DESIGNER_BASE), explicit base and build.outDir/build.assetsDir configuration.
TinyVue Base Build Config template/tinyvue/config/vite.config.base.ts	Updates @opentiny/vue-icon alias to use __dirname-based resolution, adds @opentiny/vue-theme alias, extends resolve.extensions to include .css, adds resolve.preserveSymlinks: false, and introduces optimizeDeps.esbuildOptions.resolveExtensions.
TinyVue Dev Config template/tinyvue/config/vite.config.dev.ts	Loads development environment via loadEnv, refactors to use env object for API/proxy settings, and injects two new define entries for VITE_LOWCODE_DESIGNER_ENABLED and VITE_LOWCODE_DESIGNER_URL with defaults.
TinyVue Prod Config template/tinyvue/config/vite.config.prod.ts	Adds define block injecting VITE_LOWCODE_DESIGNER_ENABLED (default 'false') and VITE_LOWCODE_DESIGNER_URL (default '/designer') into client code.
Development Environment template/tinyvue/dev.env	Enables designer with VITE_LOWCODE_DESIGNER_ENABLED=true and sets VITE_LOWCODE_DESIGNER_URL=http://localhost:8090.
TinyVue Package template/tinyvue/package.json	Updates @opentiny/vue, @opentiny/vue-huicharts, @opentiny/vue-icon, @opentiny/vue-locale, @opentiny/vue-theme to ^3.28.0 or ~3.28.0 versions.
UI Component template/tinyvue/src/components/navbar/index.vue	Refactors openLowCodeDesigner() to use environment-configurable VITE_LOWCODE_DESIGNER_URL (default http://localhost:8090) instead of hardcoded URL.
Type Definitions template/tinyvue/src/env.d.ts	Adds readonly VITE_LOWCODE_DESIGNER_URL: string to ImportMetaEnv interface.

Sequence Diagram(s)

sequenceDiagram
    participant Build as Build System
    participant Designer as lowcode-designer<br/>(template/)
    participant App as TinyVue App
    participant Runtime as Runtime Environment
    participant DesignerApp as Designer App<br/>(localhost:8090)
    
    Build->>Designer: Build designer bundle<br/>(increased Node memory)
    Designer-->>Build: dist/ ready
    Build->>App: Copy designer dist to<br/>vue-pro/designer path
    Build->>App: Include designer assets<br/>in final dist
    Build->>Runtime: Deploy with env vars<br/>VITE_LOWCODE_DESIGNER_ENABLED<br/>VITE_LOWCODE_DESIGNER_URL
    
    rect rgb(200, 220, 240)
    Note over App,Runtime: Development Mode
    Runtime->>App: Load with dev.env<br/>(ENABLED=true, URL=localhost:8090)
    App->>App: navbar component initialized
    end
    
    User->>App: Click "Open Designer"
    App->>DesignerApp: Navigate to<br/>VITE_LOWCODE_DESIGNER_URL<br/>/?type=app&id=1&...
    DesignerApp-->>User: Designer interface

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A designer low-code comes to play,
Through build steps and env vars it finds its way,
Dependencies pinned with override care,
Configurable URLs floating through air,
The navbar now opens a world to create—
Hop along, tiny apps, your design awaits!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	Title references 'designer upload to OBS' but changes focus on integrating a low-code designer into deployment workflow and managing @opentiny package dependencies.	Update title to reflect the actual primary changes: integrating low-code designer into deployment workflow and aligning @opentiny package versions across template dependencies.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch lk0107

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 6

🤖 Fix all issues with AI agents

In @.github/workflows/deploy-obs.yml:
- Around line 65-68: Replace the absolute external URL for the environment
variable VITE_LOWCODE_DESIGNER_URL with the local relative path used in
production (e.g., /designer or /designer/) so it matches the default in
vite.config.prod.ts and the workflow that builds/deploys the designer; update
the value for VITE_LOWCODE_DESIGNER_URL accordingly in the workflow.

In @package.json:
- Around line 34-45: The template's package.json contains a yarn/npm
"resolutions" field which pnpm ignores; remove the "resolutions" object from
template/tinyvue/package.json and either delete those entries or migrate the
specific overrides ("bin-wrapper": "npm:bin-wrapper-china" and "gifsicle":
"5.2.0") into the workspace root's pnpm.overrides using pnpm's override syntax
(pnpm.overrides) so pnpm will apply them and eliminate the pipeline warning.

In @template/tinyvue/config/vite.config.base.ts:
- Around line 42-48: The alias entries for '@opentiny/vue-icon' and
'@opentiny/vue-theme' in vite.config.base.ts are using fragile hard-coded
../node_modules paths; replace those replacement values so resolution uses Node
rather than a relative path (e.g., use require.resolve('@opentiny/vue-icon') and
require.resolve('@opentiny/vue-theme') for the replacement fields) or remove the
alias entries entirely so Vite/Node can resolve the packages normally; update
the objects with find: '@opentiny/vue-icon' and find: '@opentiny/vue-theme' to
use require.resolve-based replacements (or delete those alias objects) to fix
pnpm workspace resolution issues.
- Line 50: Remove the unnecessary ".css" entry from the module resolution lists:
update the resolve.extensions array in vite config (symbol: resolve.extensions)
and the optimizeDeps.esbuildOptions.resolveExtensions array (symbol:
optimizeDeps.esbuildOptions.resolveExtensions) to only include '.ts' and '.js'
so CSS is not treated as a resolution extension by Vite.

In @template/tinyvue/config/vite.config.dev.ts:
- Around line 15-34: The proxyConfig rewrite handlers use RegExp constructions
for simple literal path replacements; update the two rewrite functions inside
proxyConfig to use direct string replacement instead of new RegExp: replace the
rewrite for env.VITE_BASE_API to use path.replace(env.VITE_BASE_API, '') and
update the mock rewrite to use path.replace(env.VITE_MOCK_SERVER_HOST, '/mock'),
keeping the same behavior but simplifying the code (look for proxyConfig and the
rewrite handlers referencing env.VITE_BASE_API and env.VITE_MOCK_SERVER_HOST).

In @template/tinyvue/package.json:
- Around line 42-47: Update the @opentiny/vue dependency in
template/tinyvue/package.json to match the version range used across templates
(make it the same as lowcode-designer, e.g., change "@opentiny/vue": "^3.28.0"
to "@opentiny/vue": "~3.20.0" or to the agreed common range) so all templates
use a consistent @opentiny/vue version; modify the dependency entry for
"@opentiny/vue" accordingly and run a quick workspace install to verify no
version conflicts.

🧹 Nitpick comments (2)

template/tinyvue/src/components/navbar/index.vue (1)

248-252: Implementation looks good with environment-based configuration.

The function correctly reads the designer URL from the environment variable with a sensible fallback. The hardcoded query parameters (id=1, tenant=1, pageid=1) appear to be for demo purposes.

If these parameters need to vary by user/context in production, consider making them configurable in a future iteration.

template/tinyvue/config/vite.config.base.ts (1)

51-51: Remove redundant preserveSymlinks configuration.

Setting preserveSymlinks: false is unnecessary as this is already Vite's default behavior. Consider removing this line to reduce configuration noise.

♻️ Proposed refactor

    extensions: ['.ts', '.js', '.css'],
-    preserveSymlinks: false,
  },

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12f464b and a6d7b77.

📒 Files selected for processing (11)

• .github/workflows/deploy-obs.yml
• package.json
• template/lowcode-designer/package.json
• template/lowcode-designer/vite.config.js
• template/tinyvue/config/vite.config.base.ts
• template/tinyvue/config/vite.config.dev.ts
• template/tinyvue/config/vite.config.prod.ts
• template/tinyvue/dev.env
• template/tinyvue/package.json
• template/tinyvue/src/components/navbar/index.vue
• template/tinyvue/src/env.d.ts

🧰 Additional context used

🧬 Code graph analysis (1)

template/tinyvue/config/vite.config.dev.ts (1)

template/lowcode-designer/vite.config.js (1)

• env (7-7)

🪛 ast-grep (0.40.3)

template/tinyvue/config/vite.config.dev.ts

[warning] 21-21: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(${env.VITE_BASE_API})
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html

(regexp-from-variable)

---

[warning] 30-30: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(${env.VITE_MOCK_SERVER_HOST})
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html

(regexp-from-variable)

🪛 GitHub Actions: Playwright E2E Tests

template/tinyvue/package.json

[warning] 1-1: WARN: The field "resolutions" was found in /home/runner/work/tiny-pro/tiny-pro/template/tinyvue/package.json. This will not take effect. You should configure "resolutions" at the root of the workspace instead.

package.json

[warning] 1-1: WARN: The field "resolutions" was found in /home/runner/work/tiny-pro/tiny-pro/template/tinyvue/package.json. This will not take effect. You should configure "resolutions" at the root of the workspace instead.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (10)

template/lowcode-designer/vite.config.js (2)

2-11: LGTM!

The environment variable loading is correctly implemented using Vite's loadEnv API with appropriate defaults.

---

25-42: The VITE_DESIGNER_BASE environment variable is already documented in the code comments (lines 9-10). The inline documentation explains that it defaults to '/' and provides an example of how to set it for custom deployment paths.

package.json (1)

34-45: LGTM with concern about version alignment.

The pnpm.overrides block is correctly placed at the workspace root. However, these overrides force @opentiny/vue-renderless to ~3.20.0, which conflicts with the 3.28.0 versions specified in template/tinyvue/package.json (as flagged in that file's review).

Ensure all @opentiny/vue packages use consistent version ranges across the workspace.

template/lowcode-designer/package.json (1)

19-24: Part of the critical version conflict issue.

These version changes to ~3.20.0 conflict with template/tinyvue/package.json using ^3.28.0 for the same @opentiny/vue packages. This is part of the critical version mismatch already flagged in the review of template/tinyvue/package.json.

All @opentiny/vue packages must use consistent versions across the designer and main application to avoid runtime errors.

Likely an incorrect or invalid review comment.

template/tinyvue/dev.env (1)

9-11: Designer configuration is correctly implemented.

Port 8090 is properly aligned with the lowcode-designer development server configuration. The environment variables VITE_LOWCODE_DESIGNER_ENABLED and VITE_LOWCODE_DESIGNER_URL are defined in dev.env and properly consumed throughout the codebase:

• Development config (vite.config.dev.ts) defaults to http://localhost:8090
• Production config (vite.config.prod.ts) defaults to /designer
• Type definitions declared in env.d.ts
• Active usage in navbar component (src/components/navbar/index.vue) and initialization logic

template/tinyvue/src/env.d.ts (1)

17-17: LGTM!

The environment variable type declaration is correct and follows the existing pattern.

template/tinyvue/config/vite.config.prod.ts (1)

11-19: LGTM!

The define block correctly injects environment variables into client code with sensible production defaults. The relative path /designer for the URL default is appropriate for same-origin deployments.

.github/workflows/deploy-obs.yml (1)

69-81: LGTM!

The designer build and copy steps are correctly implemented:

• Memory limit is appropriately increased for the build
• The VITE_DESIGNER_BASE is correctly set to /designer/ for proper asset path resolution
• The build output is properly copied to the deployment directory

template/tinyvue/config/vite.config.dev.ts (2)

4-13: LGTM!

The environment variable loading approach is correct:

• configDotenv properly loads the dev.env file
• loadEnv retrieves Vite environment variables for development mode
• The resulting env object is consistently used throughout the configuration

---

47-56: LGTM!

The define block correctly injects environment variables with appropriate development defaults. The http://localhost:8090 default for the designer URL is suitable for local development and matches the fallback in the navbar component.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/deploy-obs.yml | sed -n '50,90p'

Repository: opentiny/tiny-pro

Length of output: 2046

---

🏁 Script executed:

rg "VITE_LOWCODE_DESIGNER_URL" --type yaml --type javascript --type typescript

Repository: opentiny/tiny-pro

Length of output: 95

---

🏁 Script executed:

cat -n .github/workflows/deploy-obs.yml

Repository: opentiny/tiny-pro

Length of output: 5076

---

🏁 Script executed:

rg "VITE_LOWCODE_DESIGNER" -A 2 -B 2

Repository: opentiny/tiny-pro

Length of output: 3636

---

🏁 Script executed:

rg "ai.opentiny.design/designer" -A 2 -B 2

Repository: opentiny/tiny-pro

Length of output: 43

---

🏁 Script executed:

find . -name "*.md" -o -name "*.txt" | head -20 | xargs grep -l "designer" 2>/dev/null | head -5

Repository: opentiny/tiny-pro

Length of output: 43

---

Update VITE_LOWCODE_DESIGNER_URL to use the locally deployed designer path.

Line 67's comment correctly states to use relative path /designer after deployment, but line 68 sets an absolute external URL. The production build config in vite.config.prod.ts defaults to /designer, and the workflow explicitly builds and deploys the designer locally (lines 69-81). Change line 68 to:

-          VITE_LOWCODE_DESIGNER_URL: https://ai.opentiny.design/designer/
+          VITE_LOWCODE_DESIGNER_URL: /designer/

🤖 Prompt for AI Agents

In @.github/workflows/deploy-obs.yml around lines 65 - 68, Replace the absolute
external URL for the environment variable VITE_LOWCODE_DESIGNER_URL with the
local relative path used in production (e.g., /designer or /designer/) so it
matches the default in vite.config.prod.ts and the workflow that builds/deploys
the designer; update the value for VITE_LOWCODE_DESIGNER_URL accordingly in the
workflow.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check for resolutions field in template/tinyvue/package.json
if [ -f "template/tinyvue/package.json" ]; then
  echo "=== Checking for resolutions field ==="
  if grep -q '"resolutions"' template/tinyvue/package.json; then
    echo "Found resolutions field in template/tinyvue/package.json"
    echo "=== Content ==="
    cat template/tinyvue/package.json | jq '.resolutions // empty'
  else
    echo "No resolutions field found in template/tinyvue/package.json"
  fi
else
  echo "template/tinyvue/package.json not found"
fi

# Also check the root package.json structure for comparison
echo -e "\n=== Root package.json pnpm section (first 50 lines) ==="
cat package.json | jq '.pnpm // empty' | head -50

Repository: opentiny/tiny-pro

Length of output: 949

---

Remove the ineffective "resolutions" field from template/tinyvue/package.json.

The resolutions field in template/tinyvue/package.json is ignored in pnpm workspaces. pnpm does not recognize the resolutions field (which is yarn/npm syntax) and only applies overrides configured in pnpm.overrides at the workspace root.

The resolutions currently in template/tinyvue/package.json are:

• "bin-wrapper": "npm:bin-wrapper-china" (npm alias syntax)
• "gifsicle": "5.2.0" (version pin)

If these overrides are still needed, they must be migrated to pnpm.overrides in the root package.json using pnpm's syntax. Otherwise, remove the resolutions field entirely to resolve the pipeline warning.

🤖 Prompt for AI Agents

In @package.json around lines 34 - 45, The template's package.json contains a
yarn/npm "resolutions" field which pnpm ignores; remove the "resolutions" object
from template/tinyvue/package.json and either delete those entries or migrate
the specific overrides ("bin-wrapper": "npm:bin-wrapper-china" and "gifsicle":
"5.2.0") into the workspace root's pnpm.overrides using pnpm's override syntax
(pnpm.overrides) so pnpm will apply them and eliminate the pipeline warning.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, let's check the repository root structure and workspace configuration
ls -la | head -20

Repository: opentiny/tiny-pro

Length of output: 1276

---

🏁 Script executed:

# Check for workspace/monorepo configuration files
echo "=== Checking for workspace files ==="
ls -la pnpm-workspace.yaml lerna.json package-lock.json yarn.lock package.json 2>/dev/null | grep -v "cannot access"

echo "=== Checking package.json workspaces ==="
if [ -f "package.json" ]; then
  cat package.json | jq -r '.workspaces // "No workspaces field"' 2>/dev/null || cat package.json | grep -A 5 '"workspaces"' || echo "No workspaces"
fi

Repository: opentiny/tiny-pro

Length of output: 289

---

🏁 Script executed:

# Examine the actual vite.config.base.ts file
if [ -f "template/tinyvue/config/vite.config.base.ts" ]; then
  echo "=== File exists, reading content ==="
  wc -l template/tinyvue/config/vite.config.base.ts
  echo ""
  echo "=== Full file content ==="
  cat -n template/tinyvue/config/vite.config.base.ts
else
  echo "File not found at template/tinyvue/config/vite.config.base.ts"
  find . -name "vite.config.base.ts" -type f 2>/dev/null
fi

Repository: opentiny/tiny-pro

Length of output: 2556

---

🏁 Script executed:

# Check if @opentiny packages are installed
echo "=== Searching for @opentiny packages ==="
find . -type d -name "@opentiny" 2>/dev/null | head -10

echo "=== Checking package.json for @opentiny dependencies ==="
if [ -f "template/tinyvue/package.json" ]; then
  cat template/tinyvue/package.json | jq '.dependencies, .devDependencies' | grep -i "@opentiny" || echo "Not found in template/tinyvue"
fi

if [ -f "package.json" ]; then
  cat package.json | jq '.dependencies, .devDependencies' | grep -i "@opentiny" || echo "Not found in root"
fi

Repository: opentiny/tiny-pro

Length of output: 443

---

🏁 Script executed:

# Check the directory structure relative to vite.config.base.ts
echo "=== Directory structure from template/tinyvue/config/ ==="
ls -la template/tinyvue/config/ 2>/dev/null || echo "Directory not accessible"

echo "=== Checking relative paths from template/tinyvue/config/ ==="
cd template/tinyvue/config && pwd
echo "=== From config dir, checking ../node_modules ==="
ls -la ../node_modules/@opentiny 2>/dev/null | head -20 || echo "Path ../node_modules/@opentiny not found"
cd - > /dev/null 2>&1

Repository: opentiny/tiny-pro

Length of output: 932

---

🏁 Script executed:

# Check if @opentiny packages are in root node_modules
echo "=== Checking root node_modules for @opentiny ==="
ls -la node_modules/@opentiny 2>/dev/null | head -20 || echo "Not found in root node_modules"

# Check pnpm-workspace.yaml content
echo "=== pnpm-workspace.yaml content ==="
cat pnpm-workspace.yaml

# Check template/tinyvue package.json
echo "=== template/tinyvue/package.json ==="
if [ -f "template/tinyvue/package.json" ]; then
  head -50 template/tinyvue/package.json
else
  echo "File not found"
fi

# Verify the vite.config structure more carefully
echo "=== Checking if template/tinyvue is a standalone project or workspace package ==="
ls -la template/tinyvue/ | grep -E "package.json|node_modules"

Repository: opentiny/tiny-pro

Length of output: 1807

---

🏁 Script executed:

# Check if template/tinyvue has its own node_modules with @opentiny packages
echo "=== Checking template/tinyvue/node_modules ==="
ls -la template/tinyvue/node_modules/@opentiny 2>/dev/null | head -20 || echo "Not found in template/tinyvue/node_modules"

# Verify the actual structure
echo "=== Checking if template/tinyvue/node_modules exists ==="
if [ -d "template/tinyvue/node_modules" ]; then
  echo "Directory exists"
  ls -la template/tinyvue/node_modules/ | head -20
else
  echo "No node_modules directory in template/tinyvue"
fi

# Check .pnpm structure
echo "=== Checking for .pnpm directory ==="
if [ -d ".pnpm" ]; then
  echo "Found .pnpm directory"
  ls .pnpm | grep -i "@opentiny" | head -10
fi

Repository: opentiny/tiny-pro

Length of output: 247

---

Hard-coded node_modules paths are fragile in this pnpm workspace setup.

The alias entries for @opentiny/vue-icon and @opentiny/vue-theme resolve to ../node_modules/@opentiny/* from the config directory. In pnpm workspaces (configured in pnpm-workspace.yaml), packages may be located elsewhere depending on installation strategy (hoisted to root, symlinked, or in .pnpm stores), making these hard-coded paths unreliable.

Consider using require.resolve() for package resolution instead:

{
  find: '@opentiny/vue-icon',
  replacement: require.resolve('@opentiny/vue-icon'),
},
{
  find: '@opentiny/vue-theme',
  replacement: require.resolve('@opentiny/vue-theme'),
},

Or remove the aliases entirely and let Node/Vite resolve them naturally if the packages are properly installed.

🤖 Prompt for AI Agents

In @template/tinyvue/config/vite.config.base.ts around lines 42 - 48, The alias
entries for '@opentiny/vue-icon' and '@opentiny/vue-theme' in
vite.config.base.ts are using fragile hard-coded ../node_modules paths; replace
those replacement values so resolution uses Node rather than a relative path
(e.g., use require.resolve('@opentiny/vue-icon') and
require.resolve('@opentiny/vue-theme') for the replacement fields) or remove the
alias entries entirely so Vite/Node can resolve the packages normally; update
the objects with find: '@opentiny/vue-icon' and find: '@opentiny/vue-theme' to
use require.resolve-based replacements (or delete those alias objects) to fix
pnpm workspace resolution issues.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# First, let's examine the vite.config.base.ts file to see the full context
cat -n template/tinyvue/config/vite.config.base.ts | head -80

Repository: opentiny/tiny-pro

Length of output: 2445

---

🏁 Script executed:

# Search for CSS imports that might require this configuration
echo "=== Checking for explicit .css imports ==="
rg -n "import.*\.css" --type ts --type vue -C 2

# Search for dynamic CSS imports
echo "=== Checking for dynamic CSS imports ==="
rg -n "import\(['\"].*\.css" --type ts --type vue -C 2

Repository: opentiny/tiny-pro

Length of output: 217

---

🏁 Script executed:

# Also check if there are designer-related files or CSS modules that might require this
echo "=== Checking for designer-related files ==="
fd -type f -name "*designer*" -o -name "*theme*" | head -20

echo "=== Checking for CSS modules or style imports ==="
rg -n "\.module\.css|\.css\?" --type ts --type vue | head -20

Repository: opentiny/tiny-pro

Length of output: 370

---

🏁 Script executed:

# Search for CSS imports without explicit .css extension (normal Vite way)
echo "=== CSS imports without explicit .css extension ==="
rg -n "\.css['\"]" -A 2 -B 2 | head -50

# Search for any imports from @opentiny/vue-theme
echo "=== Checking @opentiny/vue-theme imports ==="
rg -n "@opentiny/vue-theme" -C 2 | head -50

# Check for CSS-related configuration or comments in the config file
echo "=== Checking for CSS-related comments or patterns in vite.config ==="
rg -n "css|CSS" template/tinyvue/config/vite.config.base.ts -C 2

# Look for any similar projects or documentation files
echo "=== Checking for README or docs about vite config ==="
fd -name "*.md" | xargs grep -l "vite\|CSS" | head -10

Repository: opentiny/tiny-pro

Length of output: 7036

---

🏁 Script executed:

# Check node_modules/@opentiny/vue-theme to understand if it exports CSS
echo "=== Checking @opentiny/vue-theme package contents ==="
if [ -d "node_modules/@opentiny/vue-theme" ]; then
  ls -la node_modules/@opentiny/vue-theme/ | head -20
  cat node_modules/@opentiny/vue-theme/package.json 2>/dev/null | grep -A 10 '"main"\|"exports"' | head -20
else
  echo "Package not found in node_modules (expected in sandbox)"
fi

Repository: opentiny/tiny-pro

Length of output: 170

---

🏁 Script executed:

# Check if there are any build errors or warnings logs that mention CSS resolution
echo "=== Looking for any error handling or CSS import handling ==="
rg -n "resolveExtensions|resolve.extensions" -C 3 | head -50

Repository: opentiny/tiny-pro

Length of output: 566

---

🏁 Script executed:

# Check if other vite configs in the project have similar patterns
echo "=== Other vite configs in the project ==="
fd -name "vite.config.*" -type f

# Check each vite config for CSS in extensions
for config in $(fd -name "vite.config.*" -type f); do
  echo "=== Checking $config ==="
  grep -n "extensions\|resolveExtensions" "$config" || echo "No match found"
done

# Check git history or comments to see when/why this was added
echo "=== Checking for comments in vite config about CSS ==="
cat template/tinyvue/config/vite.config.base.ts | grep -i "css\|theme\|designer" -B 2 -A 2

Repository: opentiny/tiny-pro

Length of output: 1258

---

🏁 Script executed:

# Let's check if @opentiny/vue-theme has any unusual export patterns
echo "=== Checking imports from @opentiny/vue-theme in the codebase ==="
rg "@opentiny/vue-theme" --no-heading | sort -u

# Check env.d.ts to see module declarations
echo "=== Module declarations for vue-theme ==="
grep "@opentiny/vue-theme" template/tinyvue/src/env.d.ts -A 1 -B 1

Repository: opentiny/tiny-pro

Length of output: 9930

---

🏁 Script executed:

# Research Vite's standard CSS handling
echo "=== Checking Vite documentation patterns in comments ==="
rg -i "vite.*css|css.*vite" --type ts --max-count 20

Repository: opentiny/tiny-pro

Length of output: 195

---

🏁 Script executed:

# Check for dynamic imports or require statements that might import CSS
echo "=== Checking for dynamic imports of CSS files ==="
rg "import\s*\(\s*['\"].*\.css" -C 2
rg "require\s*\(\s*['\"].*\.css" -C 2

# Check for any build error logs or issue comments
echo "=== Looking for issue/bug-related comments ==="
rg -i "bug|issue|fix|todo|hack|workaround" template/tinyvue/config/ -B 2 -A 2

# Check if @opentiny/vue-theme is being imported with .css in any way
echo "=== Checking theme imports more carefully ==="
rg "@opentiny/vue-theme" -C 3 | grep -i "\.css\|style\|theme" -B 2 -A 2

Repository: opentiny/tiny-pro

Length of output: 50374

---

🏁 Script executed:

# Check if this could be related to CommonJS or bundler compatibility
echo "=== Checking for CommonJS usage ==="
rg "require\(" template/tinyvue/config/ -C 2

# Look for any optimizeDeps includes/excludes that might hint at the reason
echo "=== Full optimizeDeps configuration ==="
cat template/tinyvue/config/vite.config.base.ts | sed -n '56,65p'

Repository: opentiny/tiny-pro

Length of output: 364

---

Remove .css from both resolve.extensions and optimizeDeps.esbuildOptions.resolveExtensions.

Adding .css to resolution extensions is unnecessary. Vite handles CSS imports automatically without requiring this configuration. The codebase contains no CSS imports or dynamic patterns that would require this setting. This may also cause unexpected module resolution behavior.

    extensions: ['.ts', '.js'],

    resolveExtensions: ['.ts', '.js'],

🤖 Prompt for AI Agents

In @template/tinyvue/config/vite.config.base.ts at line 50, Remove the
unnecessary ".css" entry from the module resolution lists: update the
resolve.extensions array in vite config (symbol: resolve.extensions) and the
optimizeDeps.esbuildOptions.resolveExtensions array (symbol:
optimizeDeps.esbuildOptions.resolveExtensions) to only include '.ts' and '.js'
so CSS is not treated as a resolution extension by Vite.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find . -name "vite.config.dev.ts" -o -name "vite.config.ts" | head -20

Repository: opentiny/tiny-pro

Length of output: 105

---

🏁 Script executed:

# Find the exact file and read it
fd -t f "vite.config" | grep -E "dev|vite" | head -10

Repository: opentiny/tiny-pro

Length of output: 387

---

🏁 Script executed:

# List files in template/tinyvue/config directory
ls -la template/tinyvue/config/ 2>/dev/null || find . -path "*/template/tinyvue/config*" -type d

Repository: opentiny/tiny-pro

Length of output: 719

---

🏁 Script executed:

cat -n template/tinyvue/config/vite.config.dev.ts

Repository: opentiny/tiny-pro

Length of output: 2138

---

🏁 Script executed:

# Also check the base config to understand env setup
cat -n template/tinyvue/config/vite.config.base.ts

Repository: opentiny/tiny-pro

Length of output: 2445

---

🏁 Script executed:

# Check for env files to see what patterns are used
find . -name ".env*" -o -name "dev.env" | head -20

Repository: opentiny/tiny-pro

Length of output: 392

---

🏁 Script executed:

# Look for the dev.env file mentioned in the code
cat template/tinyvue/dev.env 2>/dev/null || echo "File not found"

Repository: opentiny/tiny-pro

Length of output: 478

---

🏁 Script executed:

# Check if there's a .env.development file
cat template/tinyvue/.env.development 2>/dev/null || echo "File not found"

Repository: opentiny/tiny-pro

Length of output: 75

---

🏁 Script executed:

# Search for any .env files in template/tinyvue
find template/tinyvue -name ".env*" -o -name "*env*" | grep -E "\.(env|example)" | head -10

Repository: opentiny/tiny-pro

Length of output: 135

---

🏁 Script executed:

# Check for other usages of similar RegExp patterns in the codebase
rg "new RegExp" template/tinyvue/config/ -A 2 -B 2

Repository: opentiny/tiny-pro

Length of output: 734

---

🏁 Script executed:

# Verify that the env values are only in configuration files and not loaded from user input
rg "VITE_BASE_API|VITE_MOCK_SERVER_HOST" template/tinyvue/ --type ts --type js | head -20

Repository: opentiny/tiny-pro

Length of output: 2104

---

🏁 Script executed:

# Check if env variables can be overridden at runtime
git log --oneline -5 -- template/tinyvue/dev.env template/tinyvue/.env 2>/dev/null | head -10

Repository: opentiny/tiny-pro

Length of output: 86

---

🏁 Script executed:

# Double-check if there are any dynamic sources that could feed into these env values
rg "VITE_BASE_API|VITE_MOCK_SERVER_HOST" template/tinyvue -B 3 -A 1 --type ts | grep -E "(process\.env|process\.argv|require\(|import)" | head -20

Repository: opentiny/tiny-pro

Length of output: 2186

---

🏁 Script executed:

# Check if loadEnv can load from user input or just from .env files
rg "loadEnv" template/tinyvue --type ts -A 2 -B 2

Repository: opentiny/tiny-pro

Length of output: 2295

---

Simplify path replacement to improve code clarity.

The proxy configuration uses new RegExp() with environment variables to rewrite paths. While the actual vulnerability risk is minimal (the values are committed configuration: /api and /mock), using string replacement is simpler and equally effective for literal path patterns.

Consider using direct string replacement instead of RegExp on lines 21-24 and 31:

Suggested improvements

// Line 21-24: Instead of
rewrite: (path: string) =>
  path.replace(
    new RegExp(`${env.VITE_BASE_API}`),
    '',
  ),

// Use
rewrite: (path: string) => path.replace(env.VITE_BASE_API, ''),

// Line 31: Instead of
return path.replace(new RegExp(`${env.VITE_MOCK_SERVER_HOST}`), '/mock')

// Use
return path.replace(env.VITE_MOCK_SERVER_HOST, '/mock')

Both approaches replace only the first occurrence, so they're functionally equivalent.

🧰 Tools

🪛 ast-grep (0.40.3)

[warning] 21-21: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(${env.VITE_BASE_API})
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html

(regexp-from-variable)

---

[warning] 30-30: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(${env.VITE_MOCK_SERVER_HOST})
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html

(regexp-from-variable)

🤖 Prompt for AI Agents

In @template/tinyvue/config/vite.config.dev.ts around lines 15 - 34, The
proxyConfig rewrite handlers use RegExp constructions for simple literal path
replacements; update the two rewrite functions inside proxyConfig to use direct
string replacement instead of new RegExp: replace the rewrite for
env.VITE_BASE_API to use path.replace(env.VITE_BASE_API, '') and update the mock
rewrite to use path.replace(env.VITE_MOCK_SERVER_HOST, '/mock'), keeping the
same behavior but simplifying the code (look for proxyConfig and the rewrite
handlers referencing env.VITE_BASE_API and env.VITE_MOCK_SERVER_HOST).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check @opentiny/vue versions in all package.json files

echo "=== template/tinyvue/package.json (lines 40-50) ==="
if [ -f "template/tinyvue/package.json" ]; then
  sed -n '40,50p' template/tinyvue/package.json
else
  echo "File not found"
fi

echo -e "\n=== template/lowcode-designer/package.json ==="
if [ -f "template/lowcode-designer/package.json" ]; then
  cat template/lowcode-designer/package.json | jq '.dependencies | select(.) | to_entries[] | select(.key | startswith("@opentiny/vue")) | "\(.key): \(.value)"' 2>/dev/null || echo "No @opentiny/vue dependencies found or jq not available"
else
  echo "File not found"
fi

echo -e "\n=== Root package.json overrides ==="
if [ -f "package.json" ]; then
  cat package.json | jq '.pnpm.overrides | select(.)' 2>/dev/null || echo "No overrides found or jq not available"
else
  echo "File not found"
fi

Repository: opentiny/tiny-pro

Length of output: 1400

---

🏁 Script executed:

# Verify if tinyvue and lowcode-designer are separate deployments or shared
echo "=== Checking if templates are separate applications ==="
find template -name "package.json" -type f | while read f; do
  echo "File: $f"
  head -20 "$f" | grep -E "\"name\"|\"description\"" || echo "  (checking structure)"
done

echo -e "\n=== Checking for shared workspace configuration ==="
if [ -f "pnpm-workspace.yaml" ]; then
  cat pnpm-workspace.yaml
fi

Repository: opentiny/tiny-pro

Length of output: 476

---

🏁 Script executed:

# Check if templates share any dependencies or are meant to run together
echo "=== Checking template build/deployment configurations ==="
ls -la template/tinyvue/ | grep -E "\.config\.|tsconfig|vite|webpack|build"
echo ""
ls -la template/lowcode-designer/ | grep -E "\.config\.|tsconfig|vite|webpack|build"

echo -e "\n=== Checking if templates reference each other ==="
echo "tinyvue package.json dependencies:"
cat template/tinyvue/package.json | jq '.dependencies, .devDependencies | keys[]' 2>/dev/null | grep -i designer || echo "(no designer references)"

echo -e "\ndesigner-demo package.json dependencies:"
cat template/lowcode-designer/package.json | jq '.dependencies, .devDependencies | keys[]' 2>/dev/null | grep -i vue || echo "(no vue app references)"

echo -e "\n=== Checking root package.json bundling/deployment config ==="
cat package.json | jq '.scripts | to_entries[] | select(.key | contains("build") or contains("deploy"))' 2>/dev/null | head -20

Repository: opentiny/tiny-pro

Length of output: 1296

---

Version inconsistency: @opentiny/vue differs between templates.

The tinyvue template uses @opentiny/vue@^3.28.0 while the lowcode-designer template uses @opentiny/vue@~3.20.0. This inconsistency across the monorepo should be aligned to avoid maintenance issues and ensure consistent behavior across dependent packages.

Note: The root package.json overrides only apply to @opentiny/vue-renderless in conditional dependency chains (e.g., @opentiny/tiny-engine-common>@opentiny/vue-renderless), not to @opentiny/vue itself across the workspace.

Recommendation: Align @opentiny/vue versions across templates to use the same version range.

🤖 Prompt for AI Agents

In @template/tinyvue/package.json around lines 42 - 47, Update the @opentiny/vue
dependency in template/tinyvue/package.json to match the version range used
across templates (make it the same as lowcode-designer, e.g., change
"@opentiny/vue": "^3.28.0" to "@opentiny/vue": "~3.20.0" or to the agreed common
range) so all templates use a consistent @opentiny/vue version; modify the
dependency entry for "@opentiny/vue" accordingly and run a quick workspace
install to verify no version conflicts.