Skip to content

Fix convex bundle bug#1028

Closed
BilalG1 wants to merge 40 commits intodevfrom
convex-fix-bug
Closed

Fix convex bundle bug#1028
BilalG1 wants to merge 40 commits intodevfrom
convex-fix-bug

Conversation

@BilalG1
Copy link
Contributor

@BilalG1 BilalG1 commented Nov 24, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Added public export path ./convex/auth across multiple packages for new module resolution options
    • Added new npm script convex:check to example project

  • Documentation

    • Updated import paths in integration guides

  • Chores

    • Updated Next.js version to 16.0.0 in dashboard
    • Updated Docker build configuration and package management tools

✏️ Tip: You can customize this high-level summary in your review settings.

@vercel
Copy link

vercel bot commented Nov 24, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
stack-backend Error Error Nov 25, 2025 2:28am
stack-dashboard Error Error Nov 25, 2025 2:28am
stack-demo Error Error Nov 25, 2025 2:28am
stack-docs Ready Ready Preview Comment Nov 25, 2025 2:28am

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 24, 2025
edited
Loading

Walkthrough

This PR consolidates Convex authentication integration improvements by establishing new public export paths (./convex/auth) across multiple packages, updating import statements to reference these paths, refactoring server-side WebAuthn utilities to use static imports instead of dynamic ones, upgrading Next.js to a stable version, optimizing Docker build steps, and adding a new Convex validation script.

Changes

Cohort / File(s) Summary
WebAuthn Import Refactoring
packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts		 Replaced dynamic imports of SimpleWebAuthn utilities (startRegistration, WebAuthnError) with static top-level imports; passkey registration flow now invokes utilities directly instead of via import().
Package Export Additions
packages/js/package.json, packages/react/package.json, packages/stack/package.json, packages/template/package.json, packages/template/package-template.json		 Added new public export entry ./convex/auth with types and dual ESM/CommonJS paths across all packages, enabling structured module resolution for Convex authentication integration.
Convex Auth Module Import Updates
examples/convex/convex/auth.config.ts, packages/template/src/integrations/convex/component/README.md		 Updated import paths for getConvexProvidersConfig from generic core module to the new @stackframe/stack/convex/auth subpath; documentation examples align with new export structure.
Build Configuration
packages/template/tsup.config.ts		 Added new barrel file src/integrations/convex.ts to the barrelFiles array, converting single-line array to multi-line format.
Infrastructure & Dependencies
docker/server/Dockerfile, apps/dashboard/package.json, examples/convex/package.json		 Simplified Docker pnpm/turbo installation into single npm command with pinned versions; upgraded Next.js from canary to stable (16.0.0); added convex:check npm script.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

  • Verify all package.json export entries (./convex/auth) are consistently defined with correct file paths across all five packages
  • Confirm static WebAuthn imports in server-app-impl.ts preserve the original error handling behavior and catch block semantics
  • Validate that the new Convex auth module subpath is correctly exported and resolvable from the updated package entry points
  • Check that the tsup barrel file addition correctly exports the new Convex integration module

Possibly related PRs

Suggested reviewers

  • N2D4

Poem

🐰 Static imports hop in so clean,
Convex auth exports now convene,
Docker commands condensed with care,
New barrel files bundled there!
Build it bright, the path is right! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is empty except for a commented template link, providing no explanation of the changes, bug details, or testing information. Add a detailed description explaining what the bundle bug was, why it occurred, how the changes fix it, and any testing or verification steps performed.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Fix convex bundle bug' directly relates to the main changes which involve restructuring Convex auth imports and exports throughout the codebase.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch convex-fix-bug
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8609a5f and 17afae4.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (1)
  • examples/convex/package.json (1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-11-25T02:09:03.086Z 
Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T02:09:03.086Z
Learning: Applies to **/*.{ts,tsx} : Ensure code passes `pnpm typecheck` for TypeScript type validation

Applied to files:

  • examples/convex/package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
  • GitHub Check: restart-dev-and-test
  • GitHub Check: Vercel Agent Review
  • GitHub Check: setup-tests
  • GitHub Check: build (22.x)
  • GitHub Check: all-good
  • GitHub Check: build (22.x)
  • GitHub Check: build (22.x)
  • GitHub Check: docker
  • GitHub Check: check_prisma_migrations (22.x)
  • GitHub Check: lint_and_build (latest)
  • GitHub Check: restart-dev-and-test-with-custom-base-port

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Nov 24, 2025

Greptile Overview

Greptile Summary

Replaced dynamic imports with static imports for @simplewebauthn/browser and @stackframe/stack-shared/dist/utils/errors to resolve Convex bundling issues.

  • Changed from await import("@simplewebauthn/browser") to static import { startRegistration, WebAuthnError } from "@simplewebauthn/browser" at top of file
  • Changed from await import("@stackframe/stack-shared/dist/utils/errors") to adding captureError to existing static import
  • Updated pnpm-lock.yaml with dependency resolution changes

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • Simple refactoring that converts dynamic imports to static imports to fix bundling issues. No logic changes, only import style changes. The functionality remains identical.
  • No files require special attention

Important Files Changed

File Analysis

Filename Score Overview
packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts 5/5 Converted dynamic imports to static imports for @simplewebauthn/browser to fix Convex bundling issues

Sequence Diagram

sequenceDiagram
    participant User
    participant ServerApp as server-app-impl.ts
    participant SimpleWebAuthn as @simplewebauthn/browser
    participant API as Stack API

    Note over ServerApp: Static imports now used<br/>instead of dynamic imports

    User->>ServerApp: Request passkey registration
    ServerApp->>API: Get initiation options
    API-->>ServerApp: Return options_json + code
    ServerApp->>ServerApp: Override rpID with hostname
    ServerApp->>SimpleWebAuthn: startRegistration(optionsJSON)
    alt Success
        SimpleWebAuthn-->>ServerApp: Return attestation response
        ServerApp->>API: Complete registration
    else WebAuthnError
        SimpleWebAuthn-->>ServerApp: WebAuthnError
        ServerApp-->>User: PasskeyWebAuthnError
    else Unknown Error
        SimpleWebAuthn-->>ServerApp: Unknown error
        ServerApp->>ServerApp: captureError()
        ServerApp-->>User: PasskeyRegistrationFailed
    end
Loading

greptile-apps[bot]
greptile-apps bot reviewed Nov 24, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, no comments

Edit Code Review Agent Settings | Greptile

coderabbitai[bot]
coderabbitai bot reviewed Nov 24, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5421e6d and de04d61.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (1)
  • packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts (2 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-10-11T04:13:19.308Z 
Learnt from: N2D4
Repo: stack-auth/stack-auth PR: 943
File: examples/convex/app/action/page.tsx:23-28
Timestamp: 2025-10-11T04:13:19.308Z
Learning: In the stack-auth codebase, use `runAsynchronouslyWithAlert` from `stackframe/stack-shared/dist/utils/promises` for async button click handlers and form submissions instead of manual try/catch blocks. This utility automatically handles errors and shows alerts to users.

Applied to files:

  • packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: restart-dev-and-test-with-custom-base-port
  • GitHub Check: check_prisma_migrations (22.x)
  • GitHub Check: restart-dev-and-test
  • GitHub Check: all-good
  • GitHub Check: Vercel Agent Review
  • GitHub Check: setup-tests
🔇 Additional comments (1)
packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts (1)

16-16: Hooking unknown passkey failures into captureError looks good

Wiring the non‑WebAuthnError branch of registerPasskey through captureError integrates these “should never happen” failures with the central error pipeline without changing behavior for known error types; no issues from my side.

coderabbitai[bot]
coderabbitai bot reviewed Nov 24, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de04d61 and 108a80a.

📒 Files selected for processing (1)
  • apps/dashboard/package.json (1 hunks)
🧰 Additional context used
🪛 GitHub Actions: Dev Environment Test
apps/dashboard/package.json

[warning] 1-1: The field "pnpm.overrides" was found in /home/runner/work/stack-auth/stack-auth/apps/dashboard/package.json. This will not take effect. You should configure "pnpm.overrides" at the root of the workspace instead.

🪛 GitHub Actions: Dev Environment Test With Custom Base Port
apps/dashboard/package.json

[warning] 1-1: pnpm.overrides field found in apps/dashboard/package.json. This will not take effect. Configure "pnpm.overrides" at the root of the workspace instead.

🪛 GitHub Actions: Ensure Prisma migrations are in sync with the schema
apps/dashboard/package.json

[warning] 1-1: The field "pnpm.overrides" was found in /home/runner/work/stack-auth/stack-auth/apps/dashboard/package.json. This will not take effect. You should configure "pnpm.overrides" at the root of the workspace instead.

🪛 GitHub Actions: Lint & build
apps/dashboard/package.json

[warning] 1-1: pnpm.overrides field found in package.json will not take effect in CI. Configure pnpm.overrides at the root of the workspace.

🪛 GitHub Actions: Run setup tests
apps/dashboard/package.json

[warning] 1-1: The field 'pnpm.overrides' was found in this package.json. This will not take effect. Configure 'pnpm.overrides' at the root of the workspace instead.

🪛 GitHub Actions: Runs E2E API Tests
apps/dashboard/package.json

[warning] 1-1: pnpm.overrides field is present but will not take effect. Configure 'pnpm.overrides' at the root of the workspace.

[error] 1-1: pnpm install --frozen-lockfile failed: lockfile is not up to date with manifests. specifiers in the lockfile don't match specifiers in package.json: next (lockfile: 16.0.2-canary.33, manifest: 16.0.0). Run 'pnpm install' without --frozen-lockfile or update the lockfile.

🪛 GitHub Actions: Runs E2E API Tests with custom port prefix
apps/dashboard/package.json

[warning] 1-1: The field "pnpm.overrides" was found in /home/runner/work/stack-auth/stack-auth/apps/dashboard/package.json. This will not take effect. You should configure "pnpm.overrides" at the root of the workspace instead.

🪛 GitHub Actions: Runs E2E API Tests with external source of truth
apps/dashboard/package.json

[warning] 1-1: The field "pnpm.overrides" was found in package.json. This will not take effect. You should configure "pnpm.overrides" at the root of the workspace instead.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: Vercel Agent Review
  • GitHub Check: all-good
🔇 Additional comments (2)
apps/dashboard/package.json (2)

1-89: Missing PR context: Clarify the "convex bundle bug" and scope of changes.

The PR description is empty (only a template comment). The AI summary mentions changes to SimpleWebAuthn imports in packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts, but only apps/dashboard/package.json is provided for review. Clarify:

  1. What is the "convex bundle bug" being fixed?
  2. Are there other files in this PR (e.g., the SimpleWebAuthn import changes)?
  3. Why does fixing a convex/bundle bug require downgrading the Next.js version?

This information is essential for a comprehensive review.

49-49: Confirm Next.js 16.0.0 compatibility and verify migration of breaking changes.

Next.js 16.0.0 is compatible with React 19.2.0 and explicitly supports React 19 features. The stable version exists and addresses modern dependency requirements.

However, Next.js 16 introduces major breaking changes: async-only Dynamic Request APIs (cookies(), headers(), draftMode(), params, searchParams must be awaited), minimum Node.js >= 20.9.0, TypeScript >= 5.1.0, and removal of AMP support and next lint command. Before merging:

  1. Verify the codebase handles async Request API migrations (use provided Next.js codemods).
  2. Confirm project meets Node.js ≥ 20.9.0 and TypeScript ≥ 5.1.0.
  3. Review impact of Turbopack becoming the default bundler and image config changes.
  4. Clarify the "convex bundle bug" rationale for this version change.

vercel[bot]
vercel bot reviewed Nov 24, 2025
View reviewed changes
coderabbitai[bot]
coderabbitai bot reviewed Nov 25, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 60acfe3 and a5af274.

📒 Files selected for processing (2)
  • apps/e2e/tests/general/examples.test.ts (1 hunks)
  • examples/convex/package.json (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • apps/e2e/tests/general/examples.test.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
  • GitHub Check: Vercel Agent Review
  • GitHub Check: build (22.x)
  • GitHub Check: all-good
  • GitHub Check: lint_and_build (latest)
  • GitHub Check: restart-dev-and-test
  • GitHub Check: check_prisma_migrations (22.x)
  • GitHub Check: build (22.x)
  • GitHub Check: setup-tests
  • GitHub Check: restart-dev-and-test-with-custom-base-port
  • GitHub Check: build (22.x)
  • GitHub Check: docker

vercel[bot]
vercel bot reviewed Nov 25, 2025
View reviewed changes
@BilalG1 BilalG1 closed this Nov 25, 2025
@N2D4 N2D4 deleted the convex-fix-bug branch November 25, 2025 18:20
@N2D4 N2D4 restored the convex-fix-bug branch November 25, 2025 18:26
@N2D4 N2D4 deleted the convex-fix-bug branch November 25, 2025 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vercel vercel[bot] vercel[bot] left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@BilalG1 BilalG1

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BilalG1 @torvalds