Migrates to NX native scripts

[pm-McFly]

Summary by CodeRabbit

• Build System

  • Migrated to Nx-based monorepo for improved build performance and incremental compilation.
  • Updated build tooling to use esbuild for faster bundling.

• Development Workflow

  • Changed npm scripts to Nx-based commands for building, testing, and linting.
  • Updated Jest test runner configuration for improved test execution.

• Infrastructure

  • Removed Docker Compose configuration.
  • Removed Git hooks for pre-commit formatting checks.

• Documentation

  • Updated README files with new build and test commands.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This pull request migrates the repository from a Lerna-based monorepo setup to an NX-powered build system. Key changes include: replacing Rollup bundling with NX esbuild/swc tooling, restructuring package.json files across all packages to use NX targets and explicit export mappings, transitioning TypeScript configurations to use project references, updating Jest test setup to use SWC transformers per package, removing legacy CI/CD (GitLab CI, docker-compose), and adopting NX's plugin-driven configuration. Build scripts in package.json are consolidated into NX commands, and Husky pre-commit/pre-push hooks are removed. Configuration files like lerna.json, flake.nix, and rollup-template.js are deleted.

Suggested labels

severity::major, type::refactor, package::monorepo, tooling::nx, tooling::build

Suggested reviewers

• Monorepo maintainers
• Build system owners
• Package maintainers across all workspaces

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main objective of this large-scale migration PR—transitioning the monorepo from multiple build/test tooling systems to NX-native scripts.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

package.json (1)

107-108: Version mismatch between Nx core and native binaries.

The nx dependency is at ^22.3.3, but the optional native binaries (@nx/nx-darwin-arm64, @nx/nx-linux-x64-gnu) are still at ^19.4.0. This mismatch can cause compatibility issues or unexpected behavior.

🔎 Suggested fix

   "optionalDependencies": {
-    "@nx/nx-darwin-arm64": "^19.4.0",
-    "@nx/nx-linux-x64-gnu": "^19.4.0"
+    "@nx/nx-darwin-arm64": "^22.3.3",
+    "@nx/nx-linux-x64-gnu": "^22.3.3"
   },

🤖 Fix all issues with AI Agents

In @scripts/clean.cjs:
- Around line 23-38: Install the glob package as a dev dependency and update the
loop that processes args (variables: args, cwd, join, rm, existsSync) to expand
globs: require('glob') and for each arg call glob.sync(arg, { cwd }) to get
matching paths; if matches.length === 0 fall back to the existing literal path
check (existsSync) and print "does not exist" as before, otherwise iterate
matches, compute fullPath = join(cwd, match) and await rm(fullPath, { recursive:
true, force: true }) for each match, logging success or catching errors as
currently done.
- Line 6: Update the usage comment in the top of the script to reference the
actual filename: change the string "node scripts/clean.js <dir1> <dir2> ..." to
"node scripts/clean.cjs <dir1> <dir2> ..." in the comment inside
scripts/clean.cjs so the documentation matches the file name.

🧹 Nitpick comments (1)

nx.json (1)

66-66: Consider moving the Nx Cloud token to an environment variable.

While Nx Cloud access tokens in nx.json are common and the token appears to be the standard Nx Cloud format (not a secret API key), storing tokens in version control is generally discouraged. The static analysis flagged this as a potential API key exposure.

Nx supports the NX_CLOUD_ACCESS_TOKEN environment variable as an alternative. This approach keeps the token out of the repository while still enabling Nx Cloud in CI environments.

🔎 Suggested approach

1. Remove the token from nx.json:

-  "nxCloudAccessToken": "MDE1ZWJkYTktMzFhMi00NGZiLWFhMGMtZTM0NDU5ZWI3MGY2fHJlYWQtd3JpdGU="

2. Set the NX_CLOUD_ACCESS_TOKEN environment variable in your CI pipelines (GitHub Actions secrets, GitLab CI variables).

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1f64194 and a28e32d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (23)

• .github/workflows/build-and-test.yml
• .gitignore
• .gitlab-ci.yml
• .husky/pre-commit
• .husky/pre-push
• landing/package.json
• landing/remix.config.cjs
• lerna.json
• nx.json
• package.json
• packages/amqp-connector/package.json
• packages/common-settings/package.json
• packages/config-parser/package.json
• packages/crypto/package.json
• packages/federated-identity-service/package.json
• packages/logger/package.json
• packages/matrix-identity-server/package.json
• packages/matrix-invite/package.json
• packages/matrix-resolve/package.json
• packages/retry-promise/package.json
• packages/tom-server/package.json
• packages/utils/package.json
• scripts/clean.cjs

💤 Files with no reviewable changes (3)

• .husky/pre-commit
• .husky/pre-push
• lerna.json

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-12-16T16:08:30.680Z

Learnt from: pm-McFly
Repo: linagora/ToM-server PR: 302
File: packages/amqp-connector/package.json:26-33
Timestamp: 2025-12-16T16:08:30.680Z
Learning: To ensure consistency across the monorepo, advertise the Node.js version by adding an engines.node field to package.json in all packages (e.g., "engines": {"node": "18.20.8"}). This makes the runtime expectation explicit for reviewers and CI. Apply this across all packages in the repo, not just the one mentioned, and plan an upgrade in a future PR once the packages are stabilized and rationalized.

Applied to files:

• packages/utils/package.json
• packages/amqp-connector/package.json
• packages/retry-promise/package.json
• packages/matrix-identity-server/package.json
• packages/crypto/package.json
• packages/matrix-invite/package.json
• packages/matrix-resolve/package.json
• packages/federated-identity-service/package.json
• landing/package.json
• package.json
• packages/tom-server/package.json
• packages/logger/package.json
• packages/common-settings/package.json
• packages/config-parser/package.json

🪛 Gitleaks (8.30.0)

nx.json

[high] 66-66: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: update

🔇 Additional comments (22)

.github/workflows/build-and-test.yml (1)

11-22: LGTM!

The new lint job is well-structured and consistent with the existing build/test jobs. Running lint in parallel with build is appropriate since they are independent operations.

.gitlab-ci.yml (1)

4-4: LGTM!

The lint stage and job are well-integrated into the GitLab CI pipeline, following the existing job patterns and running before the build stage.

Also applies to: 20-26

.gitignore (2)

154-160: LGTM!

The Svelte/SvelteKit gitignore entries are appropriate for the landing page component using SvelteKit.

---

426-426: No action needed. The **/[Pp]ackages/* pattern is designed for NuGet package restoration directories and does not conflict with your monorepo's workspace structure. The pattern matches only direct children of packages/ (e.g., packages/file.txt), not nested files in workspace subdirectories like packages/amqp-connector/src/. Your tracked files are safely nested and unaffected.

Likely an incorrect or invalid review comment.

package.json (1)

23-39: LGTM!

The Nx-based scripts are well-organized with clear separation between:

• build:all/test:all/lint:all for running all targets
• build/test/lint for affected-only execution
• clean and softClean for different cleanup scenarios

nx.json (2)

3-24: LGTM!

The plugin-based configuration with inference plugins is a modern Nx pattern. The plugins for rollup, jest, and eslint are correctly configured with appropriate target names.

---

42-47: LGTM!

Setting cache: false for clean and watch targets is correct—these operations should not be cached as they have side effects or need to run continuously.

packages/amqp-connector/package.json (1)

10-11: LGTM!

The clean script follows the consistent pattern across the monorepo, targeting the appropriate build and test artifacts.

packages/matrix-identity-server/package.json (2)

42-42: Verify the intended logging behavior change.

The test script now uses LOG_TRANSPORTS=Console instead of the previous LOG_TRANSPORTS=File LOG_FILE=/dev/null. This means test runs will output logs to the console rather than discarding them. While this may aid debugging, it could make test output more verbose.

If suppressing logs during tests was intentional, you might want to use a mechanism to quiet console output or keep the /dev/null approach with cross-platform compatibility.

---

43-43: LGTM!

The clean script appropriately includes example build artifacts (example/*.js, example/*.js.map) in addition to the standard dist and coverage directories.

packages/matrix-invite/package.json (1)

16-16: LGTM! Clean script added appropriately.

The new clean script properly targets Svelte-specific build artifacts (.svelte-kit) along with common output directories (build, dist, coverage), which aligns with the package's SvelteKit build setup.

packages/logger/package.json (1)

41-41: LGTM! Clean script includes example artifacts.

The clean script appropriately includes example build outputs (example/.js, example/.js.map) in addition to standard dist and coverage directories, aligning with the package's build:example script.

packages/crypto/package.json (1)

38-38: LGTM! Standard clean script added.

The clean script appropriately targets standard build artifacts (dist, coverage).

packages/config-parser/package.json (1)

56-56: LGTM! Standard clean script added.

The clean script appropriately targets standard build artifacts (dist, coverage).

packages/retry-promise/package.json (1)

38-38: Cleanup script verified and properly implemented.

The referenced scripts/clean.cjs exists and is correctly implemented with proper error handling. The path reference from packages/retry-promise/package.json correctly resolves to the root scripts/clean.cjs. The script uses Node.js built-in fs/promises.rm for cross-platform cleanup, gracefully handles non-existent directories, and includes proper error handling with appropriate exit codes.

landing/package.json (1)

11-12: LGTM! Clean script addition aligns with NX migration.

The new clean script correctly references the centralized cleanup utility and includes appropriate targets for a Remix-based landing package (build, dist, coverage, .cache).

packages/utils/package.json (1)

49-50: LGTM! Clean script addition follows monorepo pattern.

The clean script correctly uses the relative path for a nested package and targets standard build artifacts.

packages/common-settings/package.json (1)

10-11: LGTM! Consistent cleanup implementation.

The clean script follows the same pattern as other packages in the monorepo.

packages/matrix-resolve/package.json (1)

37-38: LGTM! Clean script properly configured.

Consistent with the standardized cleanup approach across the monorepo.

packages/tom-server/package.json (2)

42-42: LGTM! Clean script includes package-specific artifacts.

The clean script appropriately includes example build artifacts in addition to standard targets.

---

41-41: cross-env is available, but verify Console logging doesn't break CI/CD pipelines.

The test script uses cross-env, which is available in the project. However, the change to LOG_TRANSPORTS=Console (from File/dev/null) alters logging behavior—test output will now stream to console instead of being discarded. While this improves visibility, it may increase log verbosity in CI runs or conflict with pipelines that expect minimal output. Confirm this change is compatible with your CI/CD configuration and developer workflows.

packages/federated-identity-service/package.json (1)

40-40: The test script's use of cross-env is correct. The package relies on workspace-level dependencies from the root package.json, where cross-env version ^7.0.3 is already declared. This is a standard and valid pattern in monorepo structures—shared dev tools are managed at the root level and available to all packages.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI Agents

In @.github/workflows/build-and-test.yml:
- Around line 11-24: The workflow uses actions/checkout@v4 with the default
shallow clone which breaks nrwl/nx-set-shas; update each checkout step that
appears before the nrwl/nx-set-shas action (in the lint, build, and test jobs)
to include a with: fetch-depth: 0 block so the full git history is available to
the nx-set-shas action.

🧹 Nitpick comments (3)

scripts/clean.cjs (1)

22-40: Consider accumulating errors instead of failing fast.

The script currently exits on the first deletion failure (line 37), which means subsequent files won't be processed. This requires developers to run the script multiple times if multiple deletions fail.

Consider collecting errors and reporting them all at the end, allowing partial cleanup to complete.

🔎 Proposed refactor to accumulate errors

  const cwd = process.cwd();
+ const errors = [];

  for (const dir of args) {
    // Expand glob patterns
    const matches = await glob(dir, { cwd, absolute: true, dot: true });

    if (matches.length === 0) {
      console.log(`⊘ ${dir} (no matches found)`);
      continue;
    }

    for (const fullPath of matches) {
      try {
        await rm(fullPath, { recursive: true, force: true });
        console.log(`✓ Removed ${fullPath}`);
      } catch (err) {
        console.error(`✗ Failed to remove ${fullPath}:`, err.message);
-       process.exit(1);
+       errors.push({ path: fullPath, error: err.message });
      }
    }
  }

- console.log('Clean complete');
+ if (errors.length > 0) {
+   console.error(`\nClean completed with ${errors.length} error(s)`);
+   process.exit(1);
+ } else {
+   console.log('Clean complete');
+ }
}

.github/workflows/njsscan.yml (1)

33-40: Consider updating action versions for consistency.

This workflow uses actions/checkout@v3 and github/codeql-action/upload-sarif@v2, while other workflows in this PR (e.g., build-and-test.yml, codeql.yml) use @v4 and @v3 respectively. Consider aligning versions across workflows.

🔎 Suggested version updates

     - name: Checkout the code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: nodejsscan scan
       id: njsscan
       uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
       with:
         args: '. --sarif --output results.sarif || true'
     - name: Upload njsscan report
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: results.sarif

.github/workflows/devskim.yml (1)

27-35: Consider updating action versions for consistency with other workflows.

Similar to njsscan.yml, this workflow uses older action versions (actions/checkout@v3, github/codeql-action/upload-sarif@v2) compared to other workflows in this PR.

🔎 Suggested version updates

       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@v1
         with:
           ignore-globs: "**/docs/**,**/__testData__/**,**/*.test.ts"
 
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: devskim-results.sarif

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a28e32d and 3ebccaa.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• .github/workflows/build-and-test.yml
• .github/workflows/codeql.yml
• .github/workflows/devskim.yml
• .github/workflows/njsscan.yml
• package.json
• scripts/clean.cjs

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: update

🔇 Additional comments (9)

scripts/clean.cjs (3)

1-8: LGTM! Documentation is accurate.

The shebang and documentation are correct, and the filename references have been properly updated per previous review feedback.

---

45-48: LGTM! Proper error handling for async entry point.

The top-level error handler correctly catches any unhandled errors from the async function and ensures the process exits with a non-zero code.

---

9-10: No action required. The project's minimum Node.js version (18.20.8) exceeds the requirement for fs/promises.rm() (Node.js 14.14.0+), and the glob package is already listed in devDependencies (^10.5.0). The imports are compatible with the project's configuration.

.github/workflows/njsscan.yml (1)

12-16: LGTM - Trigger expansion is appropriate.

Expanding push triggers to include dev and allowing pull_request from all branches ensures security scans run consistently across your development workflow. This aligns with the changes in other workflow files in this PR.

.github/workflows/devskim.yml (1)

10-13: LGTM - Consistent trigger expansion.

The branch trigger changes align with the other security scanning workflows in this PR, ensuring DevSkim runs on both master and dev pushes and all pull requests.

.github/workflows/build-and-test.yml (2)

29-35: Same fetch-depth consideration applies to build job.

The build job also uses nx-set-shas but may need fetch-depth: 0 on the checkout step for Nx to correctly determine affected projects.

🔎 Potential fix if fetch-depth is required

     - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
     - name: Set up Node LTS

---

47-53: Same fetch-depth consideration applies to test job.

If the verification confirms fetch-depth: 0 is needed, apply the same fix to the checkout step in the test job.

.github/workflows/codeql.yml (2)

14-19: LGTM - Trigger expansion and formatting are correct.

The push trigger expansion to include dev and the unrestricted pull_request trigger are consistent with the other security workflows in this PR. This ensures CodeQL analysis runs across your development workflow.

---

71-75: Paths-ignore configuration looks correct.

The paths-ignore block properly excludes documentation, test data directories, and test files from CodeQL analysis, which reduces noise and focuses scanning on production code.

[nx-cloud]

🤖 Nx Cloud AI Fix Eligible

An automatically generated fix could have helped fix failing tasks for this run, but Self-healing CI is disabled for this workspace. Visit workspace settings to enable it and get automatic fixes in future runs.

_{To disable these notifications, a workspace admin can disable them in workspace settings.}

---

View your CI Pipeline Execution ↗ for commit 9bbc1fe

Command	Status	Duration	Result
nx affected -t lint	❌ Failed	12s	View ↗
nx affected -t test	✅ Succeeded	<1s	View ↗
nx affected -t build	✅ Succeeded	3s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-01-06 16:04:06 UTC

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/build-and-test.yml (1)

49-51: Consider sharing build artifacts or making test independent.

The test job depends on build but doesn't consume any artifacts from it. This means the test job will re-checkout code, re-install dependencies, and likely rebuild, making the dependency inefficient.

Consider one of these approaches:

1. Share artifacts: Have the build job upload build artifacts and the test job download them
2. Remove dependency: If Nx handles incremental builds efficiently, make test independent to run in parallel with build
3. Keep as-is: If the intent is to validate that the build succeeds before running tests (as a quality gate), document this reasoning

Example: Sharing build artifacts

In the build job, after the build step:

- run: npm run build
- uses: actions/upload-artifact@v4
  with:
    name: build-output
    path: dist/  # Adjust path to match your build output

In the test job, after checkout and before tests:

- uses: actions/download-artifact@v4
  with:
    name: build-output
    path: dist/

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3ebccaa and 9bbc1fe.

📒 Files selected for processing (1)

• .github/workflows/build-and-test.yml

🧰 Additional context used

🪛 GitHub Check: devskim

.github/workflows/build-and-test.yml

[notice] 70-70: Accessing localhost could indicate debug code, or could hinder scaling.
Do not leave debug code in production

---

[notice] 70-70: Accessing localhost could indicate debug code, or could hinder scaling.
Do not leave debug code in production

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build And Test / test
• GitHub Check: update

🔇 Additional comments (4)

.github/workflows/build-and-test.yml (4)

11-28: LGTM! Lint job properly configured.

The new lint job correctly includes fetch-depth: 0, which resolves the issue from the previous review. The combination of fetch-depth: 0 and filter: tree:0 provides full Git history for nx-set-shas while optimizing blob fetching. The job runs independently in parallel with the build job, which improves CI performance.

---

30-47: LGTM! Build job properly configured.

The build job correctly includes fetch-depth: 0, which resolves the issue from the previous review. The job structure mirrors the lint job with proper caching and Nx integration.

---

70-70: LGTM! Hosts configuration is valid for integration testing.

The hosts setup is standard practice for integration tests that require domain resolution. The domains (auth.example.com, matrix.example.com, etc.) are test fixtures for federated identity and matrix server testing. The static analysis warning about "localhost" is a false positive in this context.

---

22-22: Node.js 18.20.8 has reached end-of-life and should be upgraded.

Node.js 18 LTS reached end-of-life on April 30, 2025 (upstream). As of January 2026, it no longer receives upstream security fixes despite known CVEs (CVE-2024-21892, CVE-2024-22019, CVE-2025-23083/23084/23085). Upgrade to a supported LTS version (20 or 22+) to maintain security coverage.

Also applies to: 41-41, 61-61

⛔ Skipped due to learnings

Learnt from: pm-McFly
Repo: linagora/ToM-server PR: 302
File: packages/federated-identity-service/package.json:56-63
Timestamp: 2025-12-16T16:08:44.519Z
Learning: The ToM-server project intentionally pins Node.js to version 18.20.8 temporarily for stability reasons, as the codebase was originally developed on Node 18 and has not been tested on newer versions. An upgrade to a supported Node.js LTS version (20 or 22) is planned for a future PR once packages are stable and rationalized.

Learnt from: pm-McFly
Repo: linagora/ToM-server PR: 302
File: packages/amqp-connector/package.json:26-33
Timestamp: 2025-12-16T16:08:39.865Z
Learning: In the ToM-server project, Node.js 18.20.8 is intentionally pinned across all packages because the code was developed on Node 18 and hasn't been tested on newer versions. A future PR is planned to upgrade Node and other system requirements once the packages are stable and rationalized.

[pm-McFly]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 13

Note

Due to the large number of review comments, Critical, Major severity comments were prioritized as inline comments.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

packages/matrix-identity-server/src/main.ts (1)

45-50: Potential TypeError: accessing .toLocaleLowerCase() on undefined.

process.env.SMTP_TLS and process.env.SMTP_VERIFY_CERTIFICATE may be undefined, causing a runtime crash when calling .toLocaleLowerCase().

🐛 Proposed fix with null-safe access

-  smtp_tls: process.env.SMTP_TLS.toLocaleLowerCase() === 'true' ? true : false,
+  smtp_tls: process.env.SMTP_TLS?.toLocaleLowerCase() === 'true',
   smtp_user: process.env.SMTP_USER,
   smtp_verify_certificate:
-    process.env.SMTP_VERIFY_CERTIFICATE.toLocaleLowerCase() === 'true'
-      ? true
-      : false,
+    process.env.SMTP_VERIFY_CERTIFICATE?.toLocaleLowerCase() === 'true',

packages/matrix-identity-server/package.json (1)

1-99: Add missing dependencies to matrix-identity-server package.json.

The matrix-identity-server package imports external production dependencies (express, sqlite3, redis, node-cache, node-fetch, express-rate-limit, validator, pg) and test dependencies (supertest) but declares no dependencies or devDependencies section. Internal workspace packages (@twake/crypto, @twake/utils, @twake/logger, @twake/config-parser) are properly referenced but don't resolve the missing external package declarations. These dependencies must be added directly to this package's package.json to ensure proper installation and prevent runtime failures.

🤖 Fix all issues with AI agents

In @nx.json:
- Line 18: Remove the nxCloudAccessToken entry from nx.json and stop committing
tokens; instead configure NX_CLOUD_ACCESS_TOKEN as an environment variable in
CI/CD or via local npx nx login, update any CI configs or scripts that relied on
the nxCloudAccessToken key to read process.env.NX_CLOUD_ACCESS_TOKEN, and
revoke/rotate the exposed token in the Nx Cloud dashboard immediately.

In @packages/common-settings/eslint.config.mjs:
- Around line 15-17: The dynamic import for the ESLint parser is using the
module object instead of its default export; update the languageOptions.parser
assignment from using await import('jsonc-eslint-parser') to using the default
export (e.g., set languageOptions.parser to (await
import('jsonc-eslint-parser')).default) wherever this pattern appears across
eslint.config.mjs files so the parser object passed to ESLint is the actual
parser instance.

In @packages/config-parser/tsconfig.lib.json:
- Around line 3-10: Add the required TypeScript compiler options for project
references by setting "composite": true and "declaration": true inside the
"compilerOptions" object of tsconfig.lib.json (the same object that currently
contains "baseUrl", "rootDir", "outDir", and "tsBuildInfoFile"); ensure these
flags are present so the library supports cross-project type checking and
incremental builds alongside the existing "tsBuildInfoFile" setting.
- Line 8: tsconfig.lib.json is not emitting .d.ts files because "declaration":
true is missing; update the compilerOptions in tsconfig.lib.json to add
"declaration": true so the build emits type declarations required by consumers
(keep emitDeclarationOnly as needed for your build pipeline or set to true
during declaration-only builds), ensuring downstream packages can import types
like ConfigDescription from this package.

In @packages/crypto/jest.config.ts:
- Around line 5-7: Wrap the JSON.parse(readFileSync(...)) logic that initializes
swcJestConfig in a try/catch to handle file read or parse errors; catch any
exception thrown by readFileSync or JSON.parse, log a clear error message
including the caught error (e.g., "Error loading .spec.swcrc") and exit the
process, so failures initializing swcJestConfig are surfaced instead of crashing
silently.

In @packages/crypto/package.json:
- Around line 35-37: package.json is missing cryptographic libs used by the
code; add dependencies for js-nacl, tweetnacl, and tweetnacl-util to the
"dependencies" section so imports of js-nacl, tweetnacl, and tweetnacl-util
resolve at runtime; use appropriate semver ranges compatible with the project
(e.g., recent stable releases) and run your lockfile install to update
package-lock/yarn.lock after adding them.

In @packages/federated-identity-service/jest.config.ts:
- Around line 5-7: The code that builds swcJestConfig by calling
readFileSync(...) and JSON.parse(...) can throw if .spec.swcrc is missing or
contains invalid JSON; wrap the read+parse in a try/catch, check existence
(fs.existsSync) before reading, and on error either provide a clear, descriptive
throw/log message that includes the filename and original error or fall back to
a safe default config; update the symbol swcJestConfig initialization in
jest.config.ts to use this guarded logic so initialization failures produce
actionable diagnostics instead of cryptic crashes.

In @packages/logger/package.json:
- Around line 36-38: Add the missing runtime dependency for winston in the
logger package by updating package.json's "dependencies" to include "winston"
(e.g., a semver like "^3.x") so imports such as "createLogger" and type "Logger"
from 'winston' resolve at install/runtime; ensure you run npm/yarn install and
update lockfile after adding the dependency.

In @packages/matrix-resolve/jest.config.ts:
- Around line 5-7: Wrap the synchronous read+parse that produces swcJestConfig
in a try/catch around readFileSync(`${__dirname}/.spec.swcrc`, 'utf-8') and
JSON.parse(...) so missing file or invalid JSON is handled; in the catch, detect
ENOENT (file missing) and SyntaxError (malformed JSON) and either provide a
sensible fallback/default object for swcJestConfig or throw a new Error with a
clear message including the original error, and ensure any logging uses that
error information; update the code that consumes swcJestConfig to tolerate the
fallback/default.

In @packages/matrix-resolve/package.json:
- Around line 35-37: The package.json dependency list accidentally replaced the
runtime dependency "node-fetch" with "tslib", but the source imports and uses
node-fetch (import in src/index.ts and tests mock it), causing runtime failures;
restore "node-fetch" as a dependency in package.json (add "node-fetch" with an
appropriate semver instead of or in addition to "tslib") so imports and tests
resolve correctly and then run npm install to update lockfiles.

In @packages/retry-promise/package.json:
- Around line 35-37: The package.json is missing the "retry" dependency required
by the RetryPromise implementation; add "retry": "^0.13.1" to the "dependencies"
object so imports like import { operation } from 'retry' and runtime uses of
operation(), op.attempt(), op.retry(), and op.mainError() in the RetryPromise
class resolve correctly.

In @packages/tom-server/tsconfig.app.json:
- Around line 3-8: The tsconfig for the app is missing the "composite": true
compiler option required for TypeScript project references; update the
"compilerOptions" object in tsconfig.app.json to include "composite": true so
the project can be referenced and support incremental builds and proper
cross-project resolution.

In @packages/utils/jest.config.ts:
- Around line 1-21: The jest config currently reads a missing `.spec.swcrc`
using readFileSync which causes failures; either add a `.spec.swcrc` file in the
same package (packages/utils/) with the SWC options needed for tests, or modify
the code around readFileSync and swcJestConfig (the readFileSync call and the
swcJestConfig object used in the transform) to fall back to a hard-coded default
SWC config or skip reading the file when it does not exist so swcJestConfig is
always defined before setting swcJestConfig.swcrc = false and passing it to
'@swc/jest'.

🟡 Minor comments (9)

packages/matrix-identity-server/README.md-30-32 (1)

30-32: Bug in example code: POST handler references GET.

The example uses idServer.api.get[k] for POST routes instead of idServer.api.post[k].

📝 Proposed fix

   Object.keys(idServer.api.post).forEach((k) => {
-    app.post(k, idServer.api.get[k]);
+    app.post(k, idServer.api.post[k]);
   });

packages/matrix-identity-server/src/main.ts-122-124 (1)

122-124: Error re-throwing loses original stack trace.

Wrapping e in new Error(e) converts the original error to a string (potentially "[object Object]"), losing the stack trace and error details.

🐛 Proposed fix to preserve error context

   .catch((e) => {
-    throw new Error(e);
+    throw e;
   });

Alternatively, if you need to wrap it, use error chaining:

   .catch((e) => {
-    throw new Error(e);
+    throw new Error('Failed to initialize identity server', { cause: e });
   });

packages/tom-server/README.md-18-18 (1)

18-18: Fix inconsistent API class name.

Lines 18 and 21 still reference TwakeVaultAPI, but the API has been renamed to TwakeServer (as correctly used on Line 14). Update these lines to use the new class name.

📝 Proposed fix

 // else if configuration is in a different file, set TWAKE_SERVER_CONF
 process.env.TWAKE_SERVER_CONF = '/path/to/config/file';
-const twakeServer = new TwakeVaultAPI();
+const twakeServer = new TwakeServer();

 // You can also give configuration directly
-const twakeServer = new TwakeVaultAPI(config);
+const twakeServer = new TwakeServer(config);

Also applies to: 21-21

packages/federated-identity-service/README.md-61-61 (1)

61-61: Fix typo in documentation.

The word "interseting" should be "interesting".

📝 Proposed fix

-A federation server is also a [Matrix Identity Service](matrix-identity-server/README.md), thus all parameters of this service can also be enabled but this is interseting only if this instance is also used as ToM-Server.
+A federation server is also a [Matrix Identity Service](matrix-identity-server/README.md), thus all parameters of this service can also be enabled but this is interesting only if this instance is also used as ToM-Server.

packages/logger/README.md-60-60 (1)

60-60: Remove trailing space in code span.

The inline code span has a trailing space that triggers a markdown linting error (MD038). Remove the space after "message".

📝 Proposed fix

-Any other detail can be added and it will be displayed after `log message `
+Any other detail can be added and it will be displayed after `log message`

packages/federated-identity-service/README.md-56-56 (1)

56-56: Fix typo in documentation.

The word "odentity" should be "identity" in "federated-odentity-service".

📝 Proposed fix

-  - `CRON_SERVICE` _(true/false)_: enable ot disable cron tasks. It is required to have at least one active federated-odentity-service with `CRON_SERVICE` active per database
+  - `CRON_SERVICE` _(true/false)_: enable or disable cron tasks. It is required to have at least one active federated-identity-service with `CRON_SERVICE` active per database

Note: Also fixed "ot" → "or" in the same line.

README.md-51-51 (1)

51-51: Typo in link path.

The path .packages/utils is missing the leading dot for the relative path. Should be ./packages/utils.

📝 Proposed fix

-- [@twake/utils](.packages/utils): utilitary methods for Twake Chat
++ [@twake/utils](./packages/utils): utilitary methods for Twake Chat

README.md-103-105 (1)

103-105: Documentation references removed Lerna tooling.

This section still mentions lerna run watch, but the PR removes Lerna in favor of NX. Update to reflect the new NX-based workflow.

📝 Proposed fix

 This will:
 
-- Watch and rebuild all packages automatically (`lerna run watch`)
-- Launch the backend server via `nodemon`
+- Watch and rebuild all packages automatically via NX
+- Launch the backend server with auto-reload
 - Load environment variables from `.env` automatically

package.json-30-33 (1)

30-33: Move retry and express dependencies to the packages that use them.

Runtime dependencies should be declared in the packages that import them, not hoisted at the root workspace level. Currently:

• retry is used only in packages/retry-promise but not declared there
• express is used in packages/tom-server, packages/matrix-identity-server, packages/federated-identity-service, and packages/utils, but not declared in any of them

Declaring dependencies locally makes each package self-contained and prevents issues if it's extracted from the monorepo. Add these dependencies to each package's package.json and remove them from the root.

🧹 Nitpick comments (11)

packages/config-parser/.spec.swcrc (1)

1-22: Configuration looks good, but consider modern decorator syntax.

The SWC configuration is appropriate for Jest test transforms. However, legacyDecorator: true (line 11) uses deprecated legacy decorator syntax. If your codebase supports it, consider migrating to the TC39 standard decorators.

💡 Optional: Migrate to standard decorators

If you're not constrained by legacy decorator usage, consider removing the legacy flag:

     "transform": {
       "decoratorMetadata": true,
-      "legacyDecorator": true
     },

Note: This requires ensuring your codebase uses TC39 standard decorators rather than the legacy TypeScript/Babel decorator syntax.

packages/federated-identity-service/.spec.swcrc (2)

1-22: Consider documenting SWC configuration choices.

Since similar SWC configurations are added across many packages, consider adding a comment at the top of this file explaining why these specific settings were chosen (e.g., legacy decorators for compatibility, loose mode for performance). This helps future maintainers understand the rationale.

📝 Example documentation comment

 {
+  // SWC configuration for Jest test transformation
+  // - legacyDecorator: Required for existing decorator usage in codebase
+  // - loose: Enabled for faster test execution (trade-off: reduced spec compliance)
   "jsc": {
     "target": "es2017",

---

9-15: These settings are intentional monorepo standardization but may include unnecessary configuration.

The legacyDecorator: true and loose: true settings are applied uniformly across all .spec.swcrc files in the monorepo as part of a standardized test configuration. However:

• legacyDecorator: true — No decorator usage was detected in the codebase. This setting may be unnecessary legacy configuration that could be removed to simplify the test build setup.
• loose: true — This is an intentional choice across all test configurations. It's acceptable for test builds as a known trade-off between spec compliance and performance, though worth documenting in a comment if not already explained.

Consider removing the legacyDecorator setting if decorators aren't used, or document why it's retained.

.gitignore (1)

632-674: Consider consolidating duplicate ignore patterns.

The newly added patterns introduce some duplication with existing entries in this file:

• dist (line 42 vs 634)
• node_modules (line 505 vs 639)
• .DS_Store (line 91 vs 668)
• .vscode/* patterns (lines 176-181 vs 651-655)
• /coverage (line 611 vs 660)

While duplicates don't cause functional issues, consolidating them would improve maintainability.

packages/common-settings/package.json (1)

26-30: Consider using workspace protocol for internal dependencies.

The internal dependencies @twake/logger and @twake/amqp-connector use fixed version 0.0.1. In NX/modern monorepos, using workspace protocol (e.g., "workspace:*") is often preferred to ensure these always resolve to the local workspace packages and avoid version mismatch issues.

♻️ Suggested change

 "dependencies": {
   "tslib": "^2.3.0",
-  "@twake/logger": "0.0.1",
-  "@twake/amqp-connector": "0.0.1"
+  "@twake/logger": "workspace:*",
+  "@twake/amqp-connector": "workspace:*"
 }

packages/federated-identity-service/package.json (1)

83-87: Consider if passWithNoTests is intentional.

The test target has passWithNoTests: true, which will silently pass if no tests exist. If this service should have tests, consider removing this option to ensure test coverage is enforced.

packages/amqp-connector/.spec.swcrc (1)

2-16: Consider updating the SWC target in coordination with the planned Node.js upgrade.

The target: "es2017" is outdated given that Node.js 18.20.8 (your pinned version) natively supports ES2021 and ES2022. Updating the target would enable better performance optimizations and native language features. However, since this appears to be an intentional project-wide decision for stability—and a future PR is planned to upgrade Node.js and related configurations once packages are rationalized—consider making this change as part of that broader upgrade effort rather than in isolation.

packages/federated-identity-service/tsconfig.json (1)

5-24: Consider adding nx configuration for consistency.

Unlike packages/crypto/tsconfig.json, this configuration lacks the nx block with addTypecheckTarget setting. For consistency across the monorepo, consider whether this package should also explicitly configure this NX option.

packages/tom-server/tsconfig.json (1)

1-28: Add nx configuration for consistency.

This configuration is missing the nx block with addTypecheckTarget setting that appears in packages/crypto/tsconfig.json. For consistency across the monorepo during the NX migration, consider adding explicit NX configuration.

♻️ Suggested addition

     {
       "path": "./tsconfig.spec.json"
     }
-  ]
+  ],
+  "nx": {
+    "addTypecheckTarget": false
+  }
 }

packages/federated-identity-service/jest.config.ts (1)

1-21: Consider extracting common Jest config pattern.

This configuration pattern is duplicated across multiple packages (federated-identity-service, tom-server, logger). While NX typically expects per-package Jest configs, the repeated logic could be extracted into a helper function.

♻️ Example helper approach

Create a shared helper at scripts/create-jest-config.ts:

import { readFileSync } from 'fs';

export function createJestConfig(displayName: string, packageDir: string) {
  const swcJestConfig = JSON.parse(
    readFileSync(`${packageDir}/.spec.swcrc`, 'utf-8'),
  );
  swcJestConfig.swcrc = false;

  return {
    displayName,
    preset: '../../jest.preset.js',
    testEnvironment: 'node',
    transform: {
      '^.+\\.[tj]s$': ['@swc/jest', swcJestConfig],
    },
    moduleFileExtensions: ['ts', 'js', 'html'],
    coverageDirectory: 'test-output/jest/coverage',
  };
}

Then use in each package:

import { createJestConfig } from '../../scripts/create-jest-config';
export default createJestConfig('@twake/federated-identity-service', __dirname);

packages/common-settings/jest.config.ts (1)

1-2: Missing /* eslint-disable */ comment for consistency.

Other Jest config files in this PR (e.g., amqp-connector, matrix-identity-server, utils) include a /* eslint-disable */ comment at the top. Consider adding it here for consistency across the monorepo.

♻️ Suggested fix

+/* eslint-disable */
 import { readFileSync } from 'fs';

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9bbc1fe and 817cdff.

⛔ Files ignored due to path filters (2)

• flake.lock is excluded by !**/*.lock
• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (149)

• .editorconfig
• .envrc
• .eslintrc.cjs
• .gitignore
• .gitlab-ci.yml
• .husky/pre-commit
• .husky/pre-push
• .njsscan
• .prettierignore
• .prettierrc
• .vscode/extensions.json
• README.md
• docker-compose.yml
• eslint.config.mjs
• flake.nix
• jest-base.config.js
• jest.config.ts
• jest.preset.js
• lerna.json
• nx.json
• package.json
• packages/amqp-connector/.spec.swcrc
• packages/amqp-connector/README.md
• packages/amqp-connector/eslint.config.mjs
• packages/amqp-connector/jest.config.js
• packages/amqp-connector/jest.config.ts
• packages/amqp-connector/package.json
• packages/amqp-connector/rollup.config.js
• packages/amqp-connector/tsconfig.json
• packages/amqp-connector/tsconfig.lib.json
• packages/amqp-connector/tsconfig.spec.json
• packages/common-settings/.spec.swcrc
• packages/common-settings/README.md
• packages/common-settings/eslint.config.mjs
• packages/common-settings/jest.config.js
• packages/common-settings/jest.config.ts
• packages/common-settings/package.json
• packages/common-settings/rollup.config.js
• packages/common-settings/tsconfig.json
• packages/common-settings/tsconfig.lib.json
• packages/common-settings/tsconfig.spec.json
• packages/config-parser/.spec.swcrc
• packages/config-parser/README.md
• packages/config-parser/eslint.config.mjs
• packages/config-parser/jest.config.js
• packages/config-parser/jest.config.ts
• packages/config-parser/package.json
• packages/config-parser/rollup.config.js
• packages/config-parser/tsconfig.json
• packages/config-parser/tsconfig.lib.json
• packages/config-parser/tsconfig.spec.json
• packages/crypto/.spec.swcrc
• packages/crypto/README.md
• packages/crypto/eslint.config.mjs
• packages/crypto/jest.config.js
• packages/crypto/jest.config.ts
• packages/crypto/package.json
• packages/crypto/rollup.config.js
• packages/crypto/tsconfig.json
• packages/crypto/tsconfig.lib.json
• packages/crypto/tsconfig.spec.json
• packages/federated-identity-service/.spec.swcrc
• packages/federated-identity-service/README.md
• packages/federated-identity-service/eslint.config.mjs
• packages/federated-identity-service/example/federated-identity-service.ts
• packages/federated-identity-service/jest.config.js
• packages/federated-identity-service/jest.config.ts
• packages/federated-identity-service/jest.globals.ts
• packages/federated-identity-service/package.json
• packages/federated-identity-service/rollup.config.js
• packages/federated-identity-service/src/main.ts
• packages/federated-identity-service/tsconfig.app.json
• packages/federated-identity-service/tsconfig.json
• packages/federated-identity-service/tsconfig.spec.json
• packages/logger/.spec.swcrc
• packages/logger/README.md
• packages/logger/eslint.config.mjs
• packages/logger/example/logger.ts
• packages/logger/jest.config.js
• packages/logger/jest.config.ts
• packages/logger/jest.globals.ts
• packages/logger/package.json
• packages/logger/rollup.config.js
• packages/logger/tsconfig.json
• packages/logger/tsconfig.lib.json
• packages/logger/tsconfig.spec.json
• packages/matrix-identity-server/.spec.swcrc
• packages/matrix-identity-server/README.md
• packages/matrix-identity-server/eslint.config.mjs
• packages/matrix-identity-server/example/identity-server.ts
• packages/matrix-identity-server/jest.config.js
• packages/matrix-identity-server/jest.config.ts
• packages/matrix-identity-server/package.json
• packages/matrix-identity-server/rollup.config.js
• packages/matrix-identity-server/src/main.ts
• packages/matrix-identity-server/tsconfig.app.json
• packages/matrix-identity-server/tsconfig.json
• packages/matrix-identity-server/tsconfig.spec.json
• packages/matrix-resolve/.spec.swcrc
• packages/matrix-resolve/README.md
• packages/matrix-resolve/eslint.config.mjs
• packages/matrix-resolve/jest.config.js
• packages/matrix-resolve/jest.config.ts
• packages/matrix-resolve/package.json
• packages/matrix-resolve/rollup.config.js
• packages/matrix-resolve/tsconfig.json
• packages/matrix-resolve/tsconfig.lib.json
• packages/matrix-resolve/tsconfig.spec.json
• packages/retry-promise/.spec.swcrc
• packages/retry-promise/README.md
• packages/retry-promise/eslint.config.mjs
• packages/retry-promise/jest.config.js
• packages/retry-promise/jest.config.ts
• packages/retry-promise/package.json
• packages/retry-promise/rollup.config.js
• packages/retry-promise/tsconfig.json
• packages/retry-promise/tsconfig.lib.json
• packages/retry-promise/tsconfig.spec.json
• packages/tom-server/.gitignore
• packages/tom-server/.spec.swcrc
• packages/tom-server/Dockerfile
• packages/tom-server/README.md
• packages/tom-server/eslint.config.mjs
• packages/tom-server/example/tom-server.ts
• packages/tom-server/jest.config.js
• packages/tom-server/jest.config.ts
• packages/tom-server/jest.setup.ts
• packages/tom-server/package.json
• packages/tom-server/rollup.config.js
• packages/tom-server/src/main.ts
• packages/tom-server/tsconfig.app.json
• packages/tom-server/tsconfig.json
• packages/tom-server/tsconfig.spec.json
• packages/tsconfig-test.json
• packages/utils/.spec.swcrc
• packages/utils/README.md
• packages/utils/eslint.config.mjs
• packages/utils/jest.config.js
• packages/utils/jest.config.ts
• packages/utils/package.json
• packages/utils/rollup.config.js
• packages/utils/tsconfig.json
• packages/utils/tsconfig.lib.json
• packages/utils/tsconfig.spec.json
• rollup-template.js
• scripts/clean.cjs
• tsconfig-build.json
• tsconfig-test.json
• tsconfig.json

💤 Files with no reviewable changes (43)

• .njsscan
• packages/logger/jest.config.js
• packages/matrix-identity-server/rollup.config.js
• packages/federated-identity-service/jest.globals.ts
• packages/config-parser/jest.config.js
• packages/crypto/rollup.config.js
• packages/matrix-resolve/jest.config.js
• tsconfig-test.json
• packages/federated-identity-service/jest.config.js
• flake.nix
• .husky/pre-push
• packages/logger/rollup.config.js
• packages/config-parser/rollup.config.js
• packages/logger/example/logger.ts
• packages/tom-server/jest.config.js
• rollup-template.js
• packages/amqp-connector/rollup.config.js
• packages/tom-server/.gitignore
• packages/logger/jest.globals.ts
• packages/common-settings/jest.config.js
• packages/retry-promise/jest.config.js
• docker-compose.yml
• packages/tom-server/jest.setup.ts
• .envrc
• packages/amqp-connector/jest.config.js
• packages/matrix-resolve/rollup.config.js
• jest-base.config.js
• packages/matrix-identity-server/example/identity-server.ts
• .eslintrc.cjs
• lerna.json
• tsconfig-build.json
• packages/federated-identity-service/example/federated-identity-service.ts
• packages/common-settings/rollup.config.js
• packages/federated-identity-service/rollup.config.js
• packages/utils/jest.config.js
• packages/matrix-identity-server/jest.config.js
• packages/retry-promise/rollup.config.js
• .gitlab-ci.yml
• .husky/pre-commit
• packages/utils/rollup.config.js
• packages/tom-server/example/tom-server.ts
• packages/crypto/jest.config.js
• packages/tom-server/rollup.config.js

✅ Files skipped from review due to trivial changes (17)

• packages/amqp-connector/README.md
• packages/retry-promise/tsconfig.lib.json
• .editorconfig
• packages/logger/.spec.swcrc
• packages/retry-promise/README.md
• packages/crypto/README.md
• .vscode/extensions.json
• packages/matrix-resolve/README.md
• packages/tom-server/.spec.swcrc
• packages/utils/.spec.swcrc
• packages/utils/tsconfig.spec.json
• packages/matrix-identity-server/tsconfig.app.json
• packages/matrix-identity-server/.spec.swcrc
• tsconfig.json
• packages/tom-server/src/main.ts
• packages/common-settings/README.md
• packages/config-parser/README.md

🚧 Files skipped from review as they are similar to previous changes (3)

• scripts/clean.cjs
• packages/config-parser/package.json
• packages/amqp-connector/package.json

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-12-16T16:08:30.680Z

Learnt from: pm-McFly
Repo: linagora/ToM-server PR: 302
File: packages/amqp-connector/package.json:26-33
Timestamp: 2025-12-16T16:08:30.680Z
Learning: To ensure consistency across the monorepo, advertise the Node.js version by adding an engines.node field to package.json in all packages (e.g., "engines": {"node": "18.20.8"}). This makes the runtime expectation explicit for reviewers and CI. Apply this across all packages in the repo, not just the one mentioned, and plan an upgrade in a future PR once the packages are stabilized and rationalized.

Applied to files:

• packages/retry-promise/package.json
• packages/tom-server/package.json
• packages/utils/package.json
• packages/federated-identity-service/package.json
• packages/logger/package.json
• packages/crypto/package.json
• package.json
• packages/common-settings/package.json
• packages/matrix-identity-server/package.json
• packages/matrix-resolve/package.json

📚 Learning: 2025-12-16T16:08:44.519Z

Learnt from: pm-McFly
Repo: linagora/ToM-server PR: 302
File: packages/federated-identity-service/package.json:56-63
Timestamp: 2025-12-16T16:08:44.519Z
Learning: The ToM-server project intentionally pins Node.js to version 18.20.8 temporarily for stability reasons, as the codebase was originally developed on Node 18 and has not been tested on newer versions. An upgrade to a supported Node.js LTS version (20 or 22) is planned for a future PR once packages are stable and rationalized.

Applied to files:

• packages/retry-promise/package.json
• packages/tom-server/package.json
• README.md
• packages/tom-server/README.md
• packages/matrix-resolve/package.json

📚 Learning: 2025-12-16T16:08:39.865Z

Learnt from: pm-McFly
Repo: linagora/ToM-server PR: 302
File: packages/amqp-connector/package.json:26-33
Timestamp: 2025-12-16T16:08:39.865Z
Learning: In the ToM-server project, Node.js 18.20.8 is intentionally pinned across all packages because the code was developed on Node 18 and hasn't been tested on newer versions. A future PR is planned to upgrade Node and other system requirements once the packages are stable and rationalized.

Applied to files:

• README.md
• packages/tom-server/README.md

🧬 Code graph analysis (2)

packages/matrix-identity-server/src/main.ts (1)

packages/matrix-identity-server/src/index.ts (1)

• MatrixIdentityServer (72-274)

packages/federated-identity-service/src/main.ts (1)

packages/federated-identity-service/src/index.ts (1)

• FederatedIdentityService (17-79)

🪛 LanguageTool

README.md

[style] ~28-~28: To make your writing flow more naturally, try moving ‘also’ before the verb.
Context: ..., for autocompletion for example - it extends also [Matrix Identity Service](https://spec....

(ALSO_PLACEMENT)

---

[style] ~29-~29: To make your writing flow more naturally, try moving ‘also’ before the verb.
Context: ...responses by adding inactive users - it provide also an "application service" that allows ad...

(ALSO_PLACEMENT)

---

[style] ~30-~30: To make your writing flow more naturally, try moving ‘also’ before the verb.
Context: ...reate channels with automatic join - it implements also the [federated identity mechanism](http...

(ALSO_PLACEMENT)

packages/federated-identity-service/README.md

[grammar] ~43-~43: Use a hyphen to join words.
Context: ...ix_token` is the token retrieved on sign in. For more details see [Matrix specifi...

(QB_NEW_EN_HYPHEN)

---

[grammar] ~52-~52: Use a hyphen to join words.
Context: ...- TRUSTED_SERVERS_ADDRESSES: the space separated list of Tom-Servers allowed to...

(QB_NEW_EN_HYPHEN)

---

[grammar] ~56-~56: Ensure spelling is correct
Context: ...d to have at least one active federated-odentity-service with CRON_SERVICE active per ...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

---

[grammar] ~61-~61: Ensure spelling is correct
Context: ...service can also be enabled but this is interseting only if this instance is also used as T...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

packages/logger/README.md

[grammar] ~54-~54: Ensure spelling is correct
Context: ...mes from - matrixUserId: id of the user which sent the request - requestURL: requeste...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🪛 markdownlint-cli2 (0.18.1)

packages/logger/README.md

60-60: Spaces inside code span elements

(MD038, no-space-in-code)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

NX Cloud access token security best practices repository commit

💡 Result:

Here are concise security best practices for Nx Cloud access tokens and preventing commits of them:

1. Don't commit tokens to repo files (nxCloudAccessToken). Use nxCloudId for workspace connection instead. [1][2]
2. Use personal access tokens for local dev (via npx nx login) and CI-specific tokens for pipelines. Personal tokens let you revoke per-user access. [1][4]
3. Put CI tokens in protected environment variables/secrets (e.g., NX_CLOUD_ACCESS_TOKEN in GitHub/GitLab/CI settings) rather than nx.json. Let the env var override local config. [3]
4. Scope tokens by use: read-only for untrusted/unprotected branches; read-write only for protected/trusted CI contexts. [3]
5. Rotate and revoke tokens regularly and immediately after any suspected leak; Nx Cloud invalidates artifacts from revoked CI tokens. [5]
6. Prevent accidental commits:
   • Add nx.json (or any local credential file) entries to .gitignore.
   • Use pre-commit hooks (pre-commit, husky) to run secret scans.
   • Enable repository secret scanning (GitHub/GitLab) and block merges if secrets detected. [7]
7. Use automated secret-detection tools (e.g., GitGuardian, truffleHog, GitHub’s secret scanning) in CI and locally to find Nx Cloud tokens in history. [7]
8. If a token is committed: revoke it immediately, rotate the token, remove it from history (git filter-repo/BFG), and force-push branches only after coordinating the team and CI. Verify no builds used the leaked token after revocation. [2][5]

Sources: Nx docs on personal & CI access tokens, cache security, and CLI login; secret-detection guidance. [1][2][3][4][5][7]

---

Revoke and move NX Cloud access token to environment variable.

Remove the nxCloudAccessToken from nx.json. Per Nx Cloud security best practices, access tokens must not be committed to repository files. Use the NX_CLOUD_ACCESS_TOKEN environment variable in your CI/CD pipeline instead, or configure via npx nx login locally. If this token is in a protected branch or released version, revoke it immediately in your Nx Cloud dashboard and rotate to a new token.

🤖 Prompt for AI Agents

In @nx.json at line 18, Remove the nxCloudAccessToken entry from nx.json and
stop committing tokens; instead configure NX_CLOUD_ACCESS_TOKEN as an
environment variable in CI/CD or via local npx nx login, update any CI configs
or scripts that relied on the nxCloudAccessToken key to read
process.env.NX_CLOUD_ACCESS_TOKEN, and revoke/rotate the exposed token in the Nx
Cloud dashboard immediately.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the package.json exports and main entry of jsonc-eslint-parser
if [ -f "node_modules/jsonc-eslint-parser/package.json" ]; then
  echo "=== jsonc-eslint-parser package.json exports ==="
  cat node_modules/jsonc-eslint-parser/package.json | jq '.main, .exports' 2>/dev/null || cat node_modules/jsonc-eslint-parser/package.json | grep -A 5 '"main"'
else
  echo "jsonc-eslint-parser not found in node_modules"
fi

# Search for other uses of jsonc-eslint-parser in the repo
echo -e "\n=== Uses of jsonc-eslint-parser in the repo ==="
rg -n "jsonc-eslint-parser" -C 3

Repository: linagora/ToM-server

Length of output: 5501

---

🏁 Script executed:

#!/bin/bash
# Also check the actual import method ESLint uses in other config examples
echo "=== Checking eslint.config.mjs for parser usage context ==="
if [ -f "packages/common-settings/eslint.config.mjs" ]; then
  cat -n "packages/common-settings/eslint.config.mjs" | head -30
fi

Repository: linagora/ToM-server

Length of output: 629

---

🌐 Web query:

jsonc-eslint-parser ESLint flat config import usage

💡 Result:

Short answer + example:

Use the parser object in languageOptions when using ESLint flat config. Import jsonc-eslint-parser and assign it to languageOptions.parser for a config block matching JSON files. Example:

import jsoncParser from "jsonc-eslint-parser";
export default [
{
files: ["/*.json", "/*.json5"],
languageOptions: {
parser: jsoncParser,
parserOptions: {
// optional parser-specific options here
},
},
plugins: {
// optionally include eslint-plugin-jsonc or other plugins
},
rules: {
// json/jsonc rules
},
},
];

References:

• jsonc-eslint-parser README (flat config example). [1]
• ESLint flat config: configure a parser / languageOptions. [2]

---

🌐 Web query:

jsonc-eslint-parser module exports .default parser

💡 Result:

Short answer: jsonc-eslint-parser is published as an ES module that exports the parser as the default export, so if you load it with CommonJS you must use .default; if you load it as an ESM import you can use the imported value directly.

Fixes:

• ESM config (recommended)

  • import parser from "jsonc-eslint-parser";
  • use languageOptions.parser: parser. [ESLint configure parser docs][1], [eslint-plugin-jsonc docs][2]

• CommonJS config (if your config file is CJS)

  • const parser = require("jsonc-eslint-parser").default;
  • put parser into languageOptions.parser (or in overrides: parser: parser for legacy .eslintrc usage). [1][2]

References:
[1] ESLint — Configure a Parser.
[2] eslint-plugin-jsonc — parser configuration (npm / project docs).

---

Access the .default export from the dynamic import of jsonc-eslint-parser.

The dynamic import returns a module object, and jsonc-eslint-parser exports the parser as a default export. ESLint's flat config expects the parser object directly, so this should be parser: (await import('jsonc-eslint-parser')).default. This pattern appears across multiple eslint.config.mjs files and needs to be corrected everywhere it is used.

🤖 Prompt for AI Agents

In @packages/common-settings/eslint.config.mjs around lines 15 - 17, The dynamic
import for the ESLint parser is using the module object instead of its default
export; update the languageOptions.parser assignment from using await
import('jsonc-eslint-parser') to using the default export (e.g., set
languageOptions.parser to (await import('jsonc-eslint-parser')).default)
wherever this pattern appears across eslint.config.mjs files so the parser
object passed to ESLint is the actual parser instance.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Add required compiler options for library project references.

Library configurations consumed via TypeScript project references must include "composite": true and "declaration": true to enable proper cross-project type checking and incremental builds.

🔧 Proposed fix

 {
   "extends": "../../tsconfig.base.json",
   "compilerOptions": {
+    "composite": true,
+    "declaration": true,
+    "declarationMap": true,
     "baseUrl": ".",
     "rootDir": "src",
     "outDir": "dist",
     "tsBuildInfoFile": "dist/tsconfig.lib.tsbuildinfo",
-    "emitDeclarationOnly": false,
     "types": ["node"]
   },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"compilerOptions": {
	"baseUrl": ".",
	"rootDir": "src",
	"outDir": "dist",
	"tsBuildInfoFile": "dist/tsconfig.lib.tsbuildinfo",
	"emitDeclarationOnly": false,
	"types": ["node"]
	},
	{
	"extends": "../../tsconfig.base.json",
	"compilerOptions": {
	"composite": true,
	"declaration": true,
	"declarationMap": true,
	"baseUrl": ".",
	"rootDir": "src",
	"outDir": "dist",
	"tsBuildInfoFile": "dist/tsconfig.lib.tsbuildinfo",
	"types": ["node"]
	},

🤖 Prompt for AI Agents

In @packages/config-parser/tsconfig.lib.json around lines 3 - 10, Add the
required TypeScript compiler options for project references by setting
"composite": true and "declaration": true inside the "compilerOptions" object of
tsconfig.lib.json (the same object that currently contains "baseUrl", "rootDir",
"outDir", and "tsBuildInfoFile"); ensure these flags are present so the library
supports cross-project type checking and incremental builds alongside the
existing "tsBuildInfoFile" setting.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat packages/config-parser/tsconfig.lib.json

Repository: linagora/ToM-server

Length of output: 433

---

🏁 Script executed:

#!/bin/bash
# Check if config-parser is consumed by other packages
rg -nP '@tom-server/config-parser|from ['\''"].*config-parser' packages/ -g '!packages/config-parser/**' -A 2

Repository: linagora/ToM-server

Length of output: 4326

---

🏁 Script executed:

# Check the parent tsconfig to understand the inherited configuration
if [ -f "tsconfig.json" ]; then
  cat tsconfig.json
fi

Repository: linagora/ToM-server

Length of output: 760

---

🏁 Script executed:

cat tsconfig.base.json

Repository: linagora/ToM-server

Length of output: 113

---

🏁 Script executed:

# Check if declaration files exist in config-parser dist
find packages/config-parser/dist -name "*.d.ts" 2>/dev/null | head -10

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check package.json of config-parser to see what's exported
cat packages/config-parser/package.json

Repository: linagora/ToM-server

Length of output: 1709

---

🏁 Script executed:

find . -name "tsconfig.base.json" -type f

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Also check what the parent tsconfig extends
head -20 packages/config-parser/tsconfig.lib.json | grep extends

Repository: linagora/ToM-server

Length of output: 103

---

🏁 Script executed:

# Check all tsconfig files in the repo
find . -name "tsconfig*.json" -type f | head -20

Repository: linagora/ToM-server

Length of output: 924

---

🏁 Script executed:

# Check from packages/config-parser, what is ../../tsconfig.base.json
ls -la ../../tsconfig* 2>/dev/null || echo "File not found from packages/config-parser"
# Alternative: check from repo root
ls -la tsconfig* 2>/dev/null || echo "File not found from repo root"

Repository: linagora/ToM-server

Length of output: 167

---

🏁 Script executed:

cat ./tsconfig.json

Repository: linagora/ToM-server

Length of output: 760

---

🏁 Script executed:

# Search for tsconfig.base.json in the entire repo
find . -name "*tsconfig.base*" -o -name "*tsconfig*base*"

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check if there's a shared tsconfig in a tools or config directory
find . -path ./node_modules -prune -o -name "tsconfig*.json" -type f -print | xargs grep -l "compilerOptions" | head -5

Repository: linagora/ToM-server

Length of output: 285

---

🏁 Script executed:

# Check if tsconfig.base.json exists - maybe it's dynamically created
ls -la | grep tsconfig

Repository: linagora/ToM-server

Length of output: 128

---

🏁 Script executed:

# Check another package's tsconfig.lib.json to compare configuration patterns
cat packages/logger/tsconfig.lib.json

Repository: linagora/ToM-server

Length of output: 499

---

🏁 Script executed:

# Check if the config-parser package actually has declaration files in dist
ls -la packages/config-parser/dist/ 2>/dev/null | head -20

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check git to see if tsconfig.base.json exists or is ignored
git ls-files | grep tsconfig

Repository: linagora/ToM-server

Length of output: 1399

---

🏁 Script executed:

# Check if there's an NX or workspace configuration that might be defining base configs
ls -la | grep -E "nx|turbo|workspace"

Repository: linagora/ToM-server

Length of output: 122

---

🏁 Script executed:

# Look at a generated or ignored files
cat .gitignore | grep -i tsconfig

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check if config-parser dist actually exists and has content
stat packages/config-parser/dist 2>/dev/null || echo "dist does not exist"

Repository: linagora/ToM-server

Length of output: 82

---

🏁 Script executed:

# Check NX configuration to understand TypeScript setup
cat nx.json

Repository: linagora/ToM-server

Length of output: 1642

---

🏁 Script executed:

# Check if there's a default TypeScript configuration in NX plugins
find . -path ./node_modules -prune -o -name "*tsconfig*" -type f -print | grep -E "tools|scripts|config" | head -10

Repository: linagora/ToM-server

Length of output: 481

---

🏁 Script executed:

# Look at the actual TypeScript compiler defaults by checking another similar library package
cat packages/utils/tsconfig.lib.json

Repository: linagora/ToM-server

Length of output: 492

---

🏁 Script executed:

# Check if tsconfig.base.json might be in node_modules or generated by NX
find node_modules -name "tsconfig.base.json" 2>/dev/null | head -5

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Look at the actual NX TypeScript plugin defaults
cat node_modules/@nx/js/src/utils/typescript.ts 2>/dev/null || echo "File not found"

Repository: linagora/ToM-server

Length of output: 77

---

🏁 Script executed:

# Check package-lock or node_modules for any tsconfig base files
ls -la node_modules/@nx/js/tsconfig* 2>/dev/null || echo "Not found"

Repository: linagora/ToM-server

Length of output: 72

---

🏁 Script executed:

# The key question: does the package.json "types" field require declaration files to exist?
# And does emitDeclarationOnly: false prevent them? Let's check the actual build setup
cat packages/config-parser/package.json | grep -A 10 '"types"'

Repository: linagora/ToM-server

Length of output: 441

---

🏁 Script executed:

# Let's look for any build or npm scripts that might configure TS compilation
grep -r "declaration" packages/config-parser/ --include="*.json" --include="*.js"

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# The key insight: check if declaration: true is in the PARENT config
# Since tsconfig.base.json is not found, let's search for it more carefully
find . -type f -name "*.json" -exec grep -l "tsconfig.base" {} \; | head -5

Repository: linagora/ToM-server

Length of output: 1367

---

🏁 Script executed:

# Check if there's any CI/build configuration that might set declaration
find . -name ".github" -o -name "scripts" | head -5
cat .github/workflows/* 2>/dev/null | grep -i declaration || echo "Not found in workflows"

Repository: linagora/ToM-server

Length of output: 105

---

🏁 Script executed:

# Key question: what does emitDeclarationOnly: false WITHOUT declaration: true actually do?
# Let's check NX's default TS configuration for library builds
cat node_modules/@nx/js/src/executors/tsc/tsc.impl.ts 2>/dev/null | head -50 || echo "File not found"

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check if there's any tsconfig that IS referenced and visible
git show HEAD:tsconfig.base.json 2>/dev/null | head -30 || echo "Not in git history"

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# The crucial test: does config-parser actually need to build?
cat packages/config-parser/project.json 2>/dev/null || echo "No project.json"

Repository: linagora/ToM-server

Length of output: 78

---

🏁 Script executed:

# Let's understand NX better - check if it has a default tsconfig base template
cat node_modules/@nx/js/tsconfig.base.json 2>/dev/null || cat node_modules/@nx/js/preset.json 2>/dev/null || echo "Not in standard location"

Repository: linagora/ToM-server

Length of output: 87

---

🏁 Script executed:

# The critical question: in TypeScript composite projects, what is the default for declaration?
# Let's check what other packages in the monorepo do
grep -h "declaration" packages/*/tsconfig.lib.json 2>/dev/null

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check if there's any configuration inheritance pattern
cat packages/crypto/tsconfig.lib.json 2>/dev/null | head -20

Repository: linagora/ToM-server

Length of output: 433

---

🏁 Script executed:

# Most importantly: what does the NX build actually produce?
# Let's check if there's a dist folder in any built package
find packages -type d -name "dist" | head -5

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check git history for tsconfig.base.json
git log --oneline --all -- "tsconfig.base.json" 2>/dev/null | head -10

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check if it might be in a different location - maybe at workspace root but dynamically referenced
git log --name-only --oneline 2>/dev/null | grep -i "tsconfig.base" | head -10

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Let's check what the NX TypeScript plugin actually does by default
# Check if there's documentation or examples
cat node_modules/@nx/js/README.md 2>/dev/null | grep -A 20 "declaration\|tsconfig" | head -30

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Critical: Check if there's any build script that sets declaration
cat package.json | grep -A 20 '"scripts"'

Repository: linagora/ToM-server

Length of output: 750

---

🏁 Script executed:

# Check if the parent directories have a tsconfig
cd packages/config-parser && ls -la ../../ | grep tsconfig

Repository: linagora/ToM-server

Length of output: 128

---

🏁 Script executed:

# Check if tsconfig.base.json was recently deleted or renamed
git log --diff-filter=D --summary 2>/dev/null | grep tsconfig.base || echo "Not deleted"

Repository: linagora/ToM-server

Length of output: 74

---

🏁 Script executed:

# Search the entire git history for tsconfig.base.json
git log -p --all -S "declaration" -- "*tsconfig*.json" 2>/dev/null | head -50 || echo "Not in history"

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check NX's generated/temporary files
find . -name "tsconfig.base.json" -o -path "*/dist/*tsconfig*" 2>/dev/null | head -10

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Critical: Look at what NX actually uses as the base - check the @nx package
cat node_modules/@nx/workspace/src/core/config/configuration.ts 2>/dev/null | grep -i "tsconfig" | head -20 || echo "Not found"

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Let's try a different approach: check if there's an nx-generated directory
ls -la .nx 2>/dev/null || echo ".nx not found"

Repository: linagora/ToM-server

Length of output: 76

---

🏁 Script executed:

# Search for any file that sets declaration: true
rg "declaration.*true" packages/ --type json 2>/dev/null | head -10

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Let's check what the actual TypeScript default is for declaration
# and understand the relationship between emitDeclarationOnly and declaration

# First, let's see if declaration is specified anywhere implicitly
rg "declaration" packages/config-parser/ --type json

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Check NX's actual TypeScript configuration by looking at what it documents
cat node_modules/@nx/js/package.json 2>/dev/null | grep -A 5 '"description"'

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Let's try to understand: when extends points to a non-existent file, 
# what does TypeScript do? Check if there's a fallback or error handling
cat packages/config-parser/tsconfig.lib.json | jq .

Repository: linagora/ToM-server

Length of output: 469

---

🏁 Script executed:

# Let's check if the tsconfig.base.json is expected to be generated or if it's a configuration error
# by looking at similar monorepos or seeing if there's a template
cat node_modules/@nx/js/src/generators/library/files/tsconfig.lib.json.template 2>/dev/null || echo "Template not found"

Repository: linagora/ToM-server

Length of output: 81

---

🏁 Script executed:

# Check what @nx/js version is installed and if it has documentation
cat node_modules/@nx/js/package.json 2>/dev/null | head -20

Repository: linagora/ToM-server

Length of output: 45

---

🏁 Script executed:

# Most importantly: check if the build system actually WORKS by looking at build artifacts
# or checking if there's a CI that shows successful builds
ls -la .github/workflows/ | head -10
cat .github/workflows/*.yml 2>/dev/null | grep -A 10 "build\|tsc" | head -30

Repository: linagora/ToM-server

Length of output: 1615

---

🏁 Script executed:

# Let me check what the TypeScript documentation says about declaration defaults
# But first, let's verify: does the repo actually build successfully?
# Check recent commits to see if builds pass
git log --oneline -10 2>/dev/null

Repository: linagora/ToM-server

Length of output: 128

---

🏁 Script executed:

# Let's verify the TypeScript behavior: what does declaration default to?
# and check if the tsconfig.base.json extends is causing the issue
python3 << 'EOF'
import json

# Read the tsconfig
with open('packages/config-parser/tsconfig.lib.json', 'r') as f:
    config = json.load(f)

# Check if declaration is explicitly set
has_declaration = 'declaration' in config.get('compilerOptions', {})
declaration_value = config.get('compilerOptions', {}).get('declaration')
emit_only = config.get('compilerOptions', {}).get('emitDeclarationOnly')

print(f"declaration explicitly set: {has_declaration}")
print(f"declaration value: {declaration_value}")
print(f"emitDeclarationOnly: {emit_only}")
print()
print("TypeScript defaults when declaration is not set:")
print("- declaration defaults to false")
print("- emitDeclarationOnly: false means: don't ONLY emit declarations (also emit JS)")
print("- Result: with no declaration: true, NO .d.ts files will be generated")
print()

# Check package.json expectation
with open('packages/config-parser/package.json', 'r') as f:
    pkg = json.load(f)
    
types_field = pkg.get('types')
exports_types = pkg.get('exports', {}).get('.', {}).get('types')
print(f"package.json types field: {types_field}")
print(f"package.json exports.types field: {exports_types}")
print()
print("CONTRADICTION: package.json expects .d.ts files but tsconfig won't emit them")
EOF

Repository: linagora/ToM-server

Length of output: 149

---

Add declaration: true to emit type declarations required by consuming packages.

The configuration emitDeclarationOnly: false combined with no explicit declaration: true means no .d.ts files will be generated. However, package.json declares "types": "./dist/index.d.ts" and multiple packages import types from @twake/config-parser (e.g., ConfigDescription in matrix-identity-server, tom-server, federated-identity-service, and logger). Without generated declaration files, downstream packages using this library via project references will fail type checking.

The extended tsconfig.base.json does not exist in the repository. Add "declaration": true to the compilerOptions in tsconfig.lib.json to ensure type declarations are emitted.

🤖 Prompt for AI Agents

In @packages/config-parser/tsconfig.lib.json at line 8, tsconfig.lib.json is not
emitting .d.ts files because "declaration": true is missing; update the
compilerOptions in tsconfig.lib.json to add "declaration": true so the build
emits type declarations required by consumers (keep emitDeclarationOnly as
needed for your build pipeline or set to true during declaration-only builds),
ensuring downstream packages can import types like ConfigDescription from this
package.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Same error handling issue as matrix-resolve package.

This file has the same missing error handling for .spec.swcrc loading as identified in packages/matrix-resolve/jest.config.ts. Consider applying the same error handling pattern here.

🤖 Prompt for AI Agents

In @packages/crypto/jest.config.ts around lines 5 - 7, Wrap the
JSON.parse(readFileSync(...)) logic that initializes swcJestConfig in a
try/catch to handle file read or parse errors; catch any exception thrown by
readFileSync or JSON.parse, log a clear error message including the caught error
(e.g., "Error loading .spec.swcrc") and exit the process, so failures
initializing swcJestConfig are surfaced instead of crashing silently.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add error handling for missing or malformed .spec.swcrc file.

The synchronous file read and JSON parsing lack error handling. If .spec.swcrc is missing or contains invalid JSON, the Jest configuration will fail to load, blocking all tests for this package.

🛡️ Proposed fix with error handling

 // Reading the SWC compilation config for the spec files
-const swcJestConfig = JSON.parse(
-  readFileSync(`${__dirname}/.spec.swcrc`, 'utf-8'),
-);
+let swcJestConfig;
+try {
+  swcJestConfig = JSON.parse(
+    readFileSync(`${__dirname}/.spec.swcrc`, 'utf-8'),
+  );
+} catch (error) {
+  throw new Error(
+    `Failed to load .spec.swcrc for matrix-resolve: ${error.message}`
+  );
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const swcJestConfig = JSON.parse(
	readFileSync(`${__dirname}/.spec.swcrc`, 'utf-8'),
	);
	let swcJestConfig;
	try {
	swcJestConfig = JSON.parse(
	readFileSync(`${__dirname}/.spec.swcrc`, 'utf-8'),
	);
	} catch (error) {
	throw new Error(
	`Failed to load .spec.swcrc for matrix-resolve: ${error.message}`
	);
	}

🤖 Prompt for AI Agents

In @packages/matrix-resolve/jest.config.ts around lines 5 - 7, Wrap the
synchronous read+parse that produces swcJestConfig in a try/catch around
readFileSync(`${__dirname}/.spec.swcrc`, 'utf-8') and JSON.parse(...) so missing
file or invalid JSON is handled; in the catch, detect ENOENT (file missing) and
SyntaxError (malformed JSON) and either provide a sensible fallback/default
object for swcJestConfig or throw a new Error with a clear message including the
original error, and ensure any logging uses that error information; update the
code that consumes swcJestConfig to tolerate the fallback/default.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check how matrix-resolve makes HTTP requests
echo "=== HTTP/fetch usage in matrix-resolve ==="
rg -n "fetch|http|request|axios" packages/matrix-resolve/src --type ts

echo ""
echo "=== Check package source structure ==="
fd . packages/matrix-resolve/src --type f

echo ""
echo "=== DNS resolution code ==="
rg -n "dns|resolve|lookup|SRV" packages/matrix-resolve/src --type ts

Repository: linagora/ToM-server

Length of output: 8431

---

Restore node-fetch dependency — it is actively used in the code.

The package source code imports and uses node-fetch at line 1 of packages/matrix-resolve/src/index.ts and makes HTTP requests to https://<hostname>/.well-known/matrix/server (line 58). The tests also mock node-fetch. Replacing it with tslib (a TypeScript utility library) will cause immediate runtime failures when the module attempts to import node-fetch. Add node-fetch back to the dependencies in package.json.

🤖 Prompt for AI Agents

In @packages/matrix-resolve/package.json around lines 35 - 37, The package.json
dependency list accidentally replaced the runtime dependency "node-fetch" with
"tslib", but the source imports and uses node-fetch (import in src/index.ts and
tests mock it), causing runtime failures; restore "node-fetch" as a dependency
in package.json (add "node-fetch" with an appropriate semver instead of or in
addition to "tslib") so imports and tests resolve correctly and then run npm
install to update lockfiles.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the main implementation file
echo "=== Main implementation file ==="
cat packages/retry-promise/src/index.ts 2>/dev/null || echo "File not found"

echo -e "\n=== Check for 'retry' package imports ==="
rg -n "from ['\"]retry['\"]|require\(['\"]retry['\"]" packages/retry-promise/ 2>/dev/null || echo "No imports found"

echo -e "\n=== Check all source files in retry-promise ==="
find packages/retry-promise/src -type f -name "*.ts" -o -name "*.js" 2>/dev/null | head -20

Repository: linagora/ToM-server

Length of output: 2284

---

Restore retry dependency to package.json.

The source code imports and uses the retry package (line 1: import { operation } from 'retry'), but this dependency has been removed from package.json. The RetryPromise class relies on operation(), op.attempt(), op.retry(), and op.mainError() from the retry package. Without it listed as a dependency, the package will fail at runtime with a module resolution error. Restore "retry": "^0.13.1" to the dependencies.

🤖 Prompt for AI Agents

In @packages/retry-promise/package.json around lines 35 - 37, The package.json
is missing the "retry" dependency required by the RetryPromise implementation;
add "retry": "^0.13.1" to the "dependencies" object so imports like import {
operation } from 'retry' and runtime uses of operation(), op.attempt(),
op.retry(), and op.mainError() in the RetryPromise class resolve correctly.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Add "composite": true for project references.

When using TypeScript project references, the "composite" compiler option must be set to true in referenced projects. This enables incremental builds and ensures TypeScript can properly resolve cross-project dependencies.

🔧 Proposed fix

 {
   "extends": "../../tsconfig.base.json",
   "compilerOptions": {
+    "composite": true,
+    "declaration": true,
     "outDir": "dist",
     "types": ["node"],
     "rootDir": "src",
     "tsBuildInfoFile": "dist/tsconfig.app.tsbuildinfo"
   },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"compilerOptions": {
	"outDir": "dist",
	"types": ["node"],
	"rootDir": "src",
	"tsBuildInfoFile": "dist/tsconfig.app.tsbuildinfo"
	},
	"compilerOptions": {
	"composite": true,
	"declaration": true,
	"outDir": "dist",
	"types": ["node"],
	"rootDir": "src",
	"tsBuildInfoFile": "dist/tsconfig.app.tsbuildinfo"
	},

🤖 Prompt for AI Agents

In @packages/tom-server/tsconfig.app.json around lines 3 - 8, The tsconfig for
the app is missing the "composite": true compiler option required for TypeScript
project references; update the "compilerOptions" object in tsconfig.app.json to
include "composite": true so the project can be referenced and support
incremental builds and proper cross-project resolution.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

fd -t f '.spec.swcrc' packages/utils

Repository: linagora/ToM-server

Length of output: 45

---

.spec.swcrc file is missing and must be created before tests can run.

The jest.config.ts attempts to load .spec.swcrc via readFileSync at runtime (line 5-6), but the file does not exist in packages/utils/. This will cause Jest to fail when executing. Either create the .spec.swcrc file or remove the dependency on it.

🤖 Prompt for AI Agents

In @packages/utils/jest.config.ts around lines 1 - 21, The jest config currently
reads a missing `.spec.swcrc` using readFileSync which causes failures; either
add a `.spec.swcrc` file in the same package (packages/utils/) with the SWC
options needed for tests, or modify the code around readFileSync and
swcJestConfig (the readFileSync call and the swcJestConfig object used in the
transform) to fall back to a hard-coded default SWC config or skip reading the
file when it does not exist so swcJestConfig is always defined before setting
swcJestConfig.swcrc = false and passing it to '@swc/jest'.

[pm-McFly]

superseded by #314 due to 2026-01 branch refactoring