chore(imports): trial TanStack Start import protection on git token functions#283
chore(imports): trial TanStack Start import protection on git token functions#283jaredglaser wants to merge 2 commits into
Conversation
…unctions The repo-wide rule that server-only modules load via await import() inside handlers predates import protection in TanStack Start. The installed version (1.167.16) ships the plugin enabled by default with build behavior "error", plus a server-only marker module and compiler dead code elimination of handler-only imports in the client environment. Convert src/data/git-tokens.functions.tsx to static imports as the trial module and mark src/lib/clients/database-client.ts server-only so a pg leak into the client graph fails the build with an import trace instead of breaking at runtime with node:async_hooks errors. Verified: client assets contain no pg, repository, or keyring identifiers; a deliberate client-side import of database-client fails the build; demo build unaffected. SSE route handlers keep the dynamic import rule because their closures live in route modules that ship to the client. Details and a conversion checklist in docs/import-protection.md; CLAUDE.md rule 4 updated to match. Closes #251 Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Warning Review limit reached
More reviews will be available in 18 minutes and 27 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (4)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Summary
Evaluates TanStack Start import protection (closes #251). Static imports are safe in
createServerFnmodules; SSE route handlers (src/routes/api/) keep the dynamic import rule.src/data/git-tokens.functions.tsxfrom dynamic imports inside handlers to static top-level imports.@tanstack/react-start/server-onlytosrc/lib/clients/database-client.tsso pg leaking into the client graph fails the build instead of breaking at runtime.docs/import-protection.mdwith verification steps and a conversion checklist.createServerFnmodules.Testing
bun run typecheckpasses.git-tokens.functions7 tests,database-client19 tests).bun run buildpasses; client assets contain no server-only module identifiers.database-clientfrom a client component fails the build with[import-protection] Import denied in client environment.bun run build:demopasses.Closes #251
🤖 Generated with Claude Code