Skip to content

feat(ui-kit): add CI guardrail against app-logic imports#4902

Merged
JSONbored merged 1 commit into
mainfrom
claude/ui-kit-lint-guardrail-4865
Jul 11, 2026
Merged

feat(ui-kit): add CI guardrail against app-logic imports#4902
JSONbored merged 1 commit into
mainfrom
claude/ui-kit-lint-guardrail-4865

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Summary

Closes #4865 (part of the packages/ui-kit extraction epic, #4867).

The entire point of packages/ui-kit is that it's a real, standalone, dependency-free library — the moment a component inside it imports something app-specific (@tanstack/react-router, @tanstack/react-query, an apps/ui-local file), the extraction has silently regressed back into the exact problem this epic exists to fix. Nothing in #4862/#4863/#4864 structurally prevented that from creeping back in over time. This adds the enforced boundary.

What this adds

  • packages/ui-kit/eslint.config.js — a dedicated flat-config ESLint setup for the package (mirrors apps/ui/eslint.config.js's shape: @eslint/js + typescript-eslint + eslint-plugin-react-hooks + eslint-plugin-prettier). Its no-restricted-imports rule fails on:

    • @tanstack/react-router (exact package match)
    • @tanstack/react-query (exact package match)
    • any import resolving into apps/ui/** (pattern match — catches relative-path escapes too, e.g. ../../../apps/ui/...)

    Each violation gets an actionable message pointing at the fix (accept as a prop instead of importing app infrastructure).

  • CI wiring: a new "Lint packages/ui-kit (app-logic import guardrail)" step in validate.yml, alongside the existing typecheck/test/build-drift steps for the package — a violation fails the PR the same way any other lint error does, no separate opt-in.

  • Docs: packages/ui-kit/README.md now states the boundary rule in plain language (also fixed its stale "scaffold only" status left over from Scaffold packages/ui-kit as a real buildable library package #4860, and removed the reference to PlaceholderCard, which Migrate components/ui/* primitives (8 files) into packages/ui-kit #4862 already deleted — found while updating the file for this PR). The metagraphed skill's reference.md also documents the new CI step.

Confirmed the rule actually fires

Per the issue's explicit requirement — didn't just trust the config compiles. Added a temporary file with all three violation types:

import { Link } from "@tanstack/react-router";
import { useQuery } from "@tanstack/react-query";
import { formatNumber } from "../../../../apps/ui/src/lib/metagraphed/format";

Ran npm run lint --workspace=packages/ui-kit — all three errored correctly with their custom messages. Removed the file, confirmed clean again.

Validation

  • npm run lint --workspace=packages/ui-kit — clean against the existing (real) codebase, confirming Migrate components/ui/* primitives (8 files) into packages/ui-kit #4862-Migrate chart primitives (components/metagraphed/charts/*) into packages/ui-kit #4864 never actually introduced a violation
  • Guardrail fire-test as described above (added violation → 3 errors → removed → clean)
  • npm run typecheck --workspace=packages/ui-kit — clean
  • npm run build --workspace=packages/ui-kit — clean
  • npm test --workspace=packages/ui-kit — 9/9 files, 52/52 tests passing
  • npm run typecheck --workspace=apps/ui — clean (untouched by this PR, sanity-checked anyway)
  • npx prettier --check on all touched files — clean
  • Confirmed the root-level eslint.config.mjs doesn't conflict — it only ever covered .mjs files repo-wide (never .ts/.tsx, not even for packages/client), so packages/ui-kit's new config is purely additive, no double-linting or config clash

No visual changes — this PR touches only tooling config, CI workflow, and docs, not apps/ui component code.

Adds a dedicated packages/ui-kit/eslint.config.js whose
no-restricted-imports rule fails on @tanstack/react-router,
@tanstack/react-query, or any import resolving into apps/ui/** -- the
package's whole point is staying a real, standalone library, and
without an enforced boundary that regresses silently as components
keep getting added.

Verified the rule actually fires (not just that the config compiles):
added a temporary file importing all three restricted patterns, ran
the lint, confirmed all three error correctly with actionable
messages, then removed it.

Wires a new "Lint packages/ui-kit (app-logic import guardrail)" step
into validate.yml alongside the existing typecheck/test/build-drift
steps for the package. Documents the boundary in packages/ui-kit's own
README (also fixing its stale "scaffold only" status left over from
#4860, and the reference to PlaceholderCard which #4862 already
removed) and in the metagraphed skill's reference.md.
@superagent-security

Copy link
Copy Markdown

Superagent didn't find any vulnerabilities or security issues in this PR.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 11, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
metagraphed-data-api eddb063 Commit Preview URL

Branch Preview URL
Jul 11 2026, 03:12 PM

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 11, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
metagraphed-registry-sync-api eddb063 Jul 11 2026, 03:12 PM

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 11, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
metagraphed-ui eddb063 Commit Preview URL

Branch Preview URL
Jul 11 2026, 03:13 PM

@codecov

codecov Bot commented Jul 11, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.87%. Comparing base (241ec7c) to head (eddb063).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4902   +/-   ##
=======================================
  Coverage   97.87%   97.87%           
=======================================
  Files         162      162           
  Lines       19872    19872           
  Branches     7451     7451           
=======================================
  Hits        19449    19449           
  Misses         59       59           
  Partials      364      364           
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@JSONbored JSONbored self-assigned this Jul 11, 2026
@JSONbored JSONbored merged commit b15be61 into main Jul 11, 2026
16 checks passed
@JSONbored JSONbored deleted the claude/ui-kit-lint-guardrail-4865 branch July 11, 2026 15:20
@github-project-automation github-project-automation Bot moved this from Backlog to Done in Block-Explorer Completion Jul 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

CI guardrail: block app-logic imports from leaking into packages/ui-kit

1 participant