fix: remove zod internals from .d.ts; update stale scaffold versions#403
Merged
Merged
Conversation
added 2 commits
May 7, 2026 13:55
- Replace z.ZodTypeAny in ContentTypeEntry / registerContentType / getContentTypeSchema with a local ZodSchema structural interface - Fix siteDefaults.ts relative source import → import type from package, eliminating z.core.$strip cascade in bundled declarations - Add workspace sibling packages to tsup external array - Replace z.ZodSchema / z.ZodTypeAny[] in PrebuildPlugin with ZodLike Consumer projects can delete stackwright-core.d.ts stub overrides.
VERSIONS constant in buildPackageJson() was 4+ releases behind: - @stackwright/core: ^0.7.0 → ^0.8.0 - @stackwright/nextjs: ^0.3.1 → ^0.5.0 - @stackwright/icons: ^0.3.0 → ^0.5.0 - @stackwright/build-scripts: ^0.4.0 → ^0.7.0 (critical — plugin API is 0.5.0+) - @stackwright/ui-shadcn: ^0.1.0 → ^0.1.0 (minor range correct) - @stackwright/otters: ^0.2.0-alpha.0 → ^0.2.0 Adds scripts/sync-versions.mjs — run before releases to keep VERSIONS in sync with workspace package.json files automatically.
Contributor
❌ Visual Regression Test ResultsStatus: ❌ Visual regression tests failed Visual differences were detected! Please review:
📸 Baseline screenshots are committed to the repo for reproducible testing. |
Contributor
♿ Accessibility Test ResultsOverall Status: ✅ 0/0 tests passed 🦮 WCAG 2.1 AA ComplianceNo WCAG test results available ⌨️ Keyboard NavigationNo keyboard navigation test results available 📊 Detailed ReportDownload the full HTML accessibility report from the workflow artifacts for:
🔍 Testing ChecklistOur accessibility tests verify:
Powered by @axe-core/playwright and Playwright |
Contributor
❌ Visual Regression Test ResultsStatus: ❌ Visual regression tests failed Visual differences were detected! Please review:
📸 Baseline screenshots are committed to the repo for reproducible testing. |
…, basic-ftp CVE - ZodLike interface now uses a discriminated union so TypeScript correctly narrows result.error in prebuild.ts validateIntegrationConfig() - Cast extraContentSchemas to z.ZodTypeAny[] internally in prebuild.ts; ZodLike is the public API surface, real Zod schemas are safe to cast - Update basic-ftp pnpm override from >=5.3.0 to >=5.3.1 (GHSA-rpmf-866q-6p89)
Contributor
❌ Visual Regression Test ResultsStatus: ❌ Visual regression tests failed Visual differences were detected! Please review:
📸 Baseline screenshots are committed to the repo for reproducible testing. |
…at.ts contentRenderer.tsx accesses validation.error.issues after an !validation.success guard — same narrowing issue as plugin.ts ZodLike. Apply the identical discriminated-union pattern so TS18048 is resolved.
Contributor
✅ Visual Regression Test ResultsStatus: ✅ All visual tests passed! All screenshots match the baseline. No visual regressions detected! 🎉 |
Contributor
⚡ Performance Benchmark Results✅ Build Time Benchmarks: PASSED❌ Bundle Size Benchmarks: FAILED❌ Runtime Vitals Benchmarks: FAILED📝 Note: Detailed results are available in the job logs. 🎯 Performance Budgets:
Updated: 2026-05-07T18:56:17.023Z |
…sion The template-processor.ts already uses '^0.8.0' for swCore but the test was asserting '^0.7.0' — stale snapshot. Bump to match reality.
Contributor
✅ Visual Regression Test ResultsStatus: ✅ All visual tests passed! All screenshots match the baseline. No visual regressions detected! 🎉 |
perasperaactual
added a commit
that referenced
this pull request
May 8, 2026
* fix(ci): use rebase instead of merge for back-merge into dev (#401) Prevents phantom commits from accumulating in dev's ancestry. Previously, git merge main preserved all old dev commit SHAs as reachable ancestors of dev HEAD — causing dev→main PRs to show dozens of already-released commits. With git rebase origin/main -X ours: - dev's unique commits are replayed cleanly on top of main - No merge commit bloat - Future dev→main PRs only show genuinely new work - Force push to dev is safe here (CI-managed branch) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: re-enter prerelease mode [skip ci] * fix(cli): convert lazy workspace imports to static, add noExternal to tsup * fix(cli): move @stackwright/* workspace deps to devDependencies, add prepublishOnly guard * chore: add changeset for cli workspace dep bundling fix * fix: remove zod internals from .d.ts; update stale scaffold versions (#403) * fix(core,types): remove zod internals from published .d.ts - Replace z.ZodTypeAny in ContentTypeEntry / registerContentType / getContentTypeSchema with a local ZodSchema structural interface - Fix siteDefaults.ts relative source import → import type from package, eliminating z.core.$strip cascade in bundled declarations - Add workspace sibling packages to tsup external array - Replace z.ZodSchema / z.ZodTypeAny[] in PrebuildPlugin with ZodLike Consumer projects can delete stackwright-core.d.ts stub overrides. * fix(cli): update stale scaffold template package versions VERSIONS constant in buildPackageJson() was 4+ releases behind: - @stackwright/core: ^0.7.0 → ^0.8.0 - @stackwright/nextjs: ^0.3.1 → ^0.5.0 - @stackwright/icons: ^0.3.0 → ^0.5.0 - @stackwright/build-scripts: ^0.4.0 → ^0.7.0 (critical — plugin API is 0.5.0+) - @stackwright/ui-shadcn: ^0.1.0 → ^0.1.0 (minor range correct) - @stackwright/otters: ^0.2.0-alpha.0 → ^0.2.0 Adds scripts/sync-versions.mjs — run before releases to keep VERSIONS in sync with workspace package.json files automatically. * chore: update pnpm lockfile after cli package.json changes * fix: resolve CI failures — ZodLike discriminated union, internal cast, basic-ftp CVE - ZodLike interface now uses a discriminated union so TypeScript correctly narrows result.error in prebuild.ts validateIntegrationConfig() - Cast extraContentSchemas to z.ZodTypeAny[] internally in prebuild.ts; ZodLike is the public API surface, real Zod schemas are safe to cast - Update basic-ftp pnpm override from >=5.3.0 to >=5.3.1 (GHSA-rpmf-866q-6p89) * fix: apply same discriminated-union fix to ZodSchema in core zod-compat.ts contentRenderer.tsx accesses validation.error.issues after an !validation.success guard — same narrowing issue as plugin.ts ZodLike. Apply the identical discriminated-union pattern so TS18048 is resolved. * fix: update stale scaffold test expectation for @stackwright/core version The template-processor.ts already uses '^0.8.0' for swCore but the test was asserting '^0.7.0' — stale snapshot. Bump to match reality. --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: bump prerelease versions [skip ci] * fix(types): export ZodLike and widen issues[].path to PropertyKey[] (#404) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: bump prerelease versions [skip ci] --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions <github-actions@github.com>
perasperaci Bot
pushed a commit
that referenced
this pull request
May 8, 2026
…403) * fix(core,types): remove zod internals from published .d.ts - Replace z.ZodTypeAny in ContentTypeEntry / registerContentType / getContentTypeSchema with a local ZodSchema structural interface - Fix siteDefaults.ts relative source import → import type from package, eliminating z.core.$strip cascade in bundled declarations - Add workspace sibling packages to tsup external array - Replace z.ZodSchema / z.ZodTypeAny[] in PrebuildPlugin with ZodLike Consumer projects can delete stackwright-core.d.ts stub overrides. * fix(cli): update stale scaffold template package versions VERSIONS constant in buildPackageJson() was 4+ releases behind: - @stackwright/core: ^0.7.0 → ^0.8.0 - @stackwright/nextjs: ^0.3.1 → ^0.5.0 - @stackwright/icons: ^0.3.0 → ^0.5.0 - @stackwright/build-scripts: ^0.4.0 → ^0.7.0 (critical — plugin API is 0.5.0+) - @stackwright/ui-shadcn: ^0.1.0 → ^0.1.0 (minor range correct) - @stackwright/otters: ^0.2.0-alpha.0 → ^0.2.0 Adds scripts/sync-versions.mjs — run before releases to keep VERSIONS in sync with workspace package.json files automatically. * chore: update pnpm lockfile after cli package.json changes * fix: resolve CI failures — ZodLike discriminated union, internal cast, basic-ftp CVE - ZodLike interface now uses a discriminated union so TypeScript correctly narrows result.error in prebuild.ts validateIntegrationConfig() - Cast extraContentSchemas to z.ZodTypeAny[] internally in prebuild.ts; ZodLike is the public API surface, real Zod schemas are safe to cast - Update basic-ftp pnpm override from >=5.3.0 to >=5.3.1 (GHSA-rpmf-866q-6p89) * fix: apply same discriminated-union fix to ZodSchema in core zod-compat.ts contentRenderer.tsx accesses validation.error.issues after an !validation.success guard — same narrowing issue as plugin.ts ZodLike. Apply the identical discriminated-union pattern so TS18048 is resolved. * fix: update stale scaffold test expectation for @stackwright/core version The template-processor.ts already uses '^0.8.0' for swCore but the test was asserting '^0.7.0' — stale snapshot. Bump to match reality. --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
perasperaactual
added a commit
that referenced
this pull request
May 12, 2026
….5.0 CollectionProvider types) (#410) * chore: re-enter prerelease mode [skip ci] * chore: add changeset for cli workspace dep bundling fix * fix: remove zod internals from .d.ts; update stale scaffold versions (#403) * fix(core,types): remove zod internals from published .d.ts - Replace z.ZodTypeAny in ContentTypeEntry / registerContentType / getContentTypeSchema with a local ZodSchema structural interface - Fix siteDefaults.ts relative source import → import type from package, eliminating z.core.$strip cascade in bundled declarations - Add workspace sibling packages to tsup external array - Replace z.ZodSchema / z.ZodTypeAny[] in PrebuildPlugin with ZodLike Consumer projects can delete stackwright-core.d.ts stub overrides. * fix(cli): update stale scaffold template package versions VERSIONS constant in buildPackageJson() was 4+ releases behind: - @stackwright/core: ^0.7.0 → ^0.8.0 - @stackwright/nextjs: ^0.3.1 → ^0.5.0 - @stackwright/icons: ^0.3.0 → ^0.5.0 - @stackwright/build-scripts: ^0.4.0 → ^0.7.0 (critical — plugin API is 0.5.0+) - @stackwright/ui-shadcn: ^0.1.0 → ^0.1.0 (minor range correct) - @stackwright/otters: ^0.2.0-alpha.0 → ^0.2.0 Adds scripts/sync-versions.mjs — run before releases to keep VERSIONS in sync with workspace package.json files automatically. * chore: update pnpm lockfile after cli package.json changes * fix: resolve CI failures — ZodLike discriminated union, internal cast, basic-ftp CVE - ZodLike interface now uses a discriminated union so TypeScript correctly narrows result.error in prebuild.ts validateIntegrationConfig() - Cast extraContentSchemas to z.ZodTypeAny[] internally in prebuild.ts; ZodLike is the public API surface, real Zod schemas are safe to cast - Update basic-ftp pnpm override from >=5.3.0 to >=5.3.1 (GHSA-rpmf-866q-6p89) * fix: apply same discriminated-union fix to ZodSchema in core zod-compat.ts contentRenderer.tsx accesses validation.error.issues after an !validation.success guard — same narrowing issue as plugin.ts ZodLike. Apply the identical discriminated-union pattern so TS18048 is resolved. * fix: update stale scaffold test expectation for @stackwright/core version The template-processor.ts already uses '^0.8.0' for swCore but the test was asserting '^0.7.0' — stale snapshot. Bump to match reality. --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: bump prerelease versions [skip ci] * fix(types): export ZodLike and widen issues[].path to PropertyKey[] (#404) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: bump prerelease versions [skip ci] * fix: add workspace:* publish guards to all packages (#405) * fix: add workspace:* publish guards to all packages - Remove stale @stackwright/collections dep from @stackwright/core - Add prepublishOnly guard (identical to @stackwright/cli) to all 15 publishable packages that were missing it - Fix @stackwright/maplibre peerDependencies to use >=0.8.0 instead of workspace:* for @stackwright/core * chore: update lockfile after removing stale collections dep from core * fix(core): move @stackwright/collections to devDependencies (type-only import) --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: bump prerelease versions [skip ci] * fix(types): move CollectionProvider interfaces from collections to types (#407) CollectionProvider, CollectionEntry, CollectionListOptions, and CollectionListResult are interface contracts — they belong in the types package, not in an implementing package. @stackwright/collections re-exports all four from @stackwright/types so existing consumers are unaffected. @stackwright/core's registry now imports directly from @stackwright/types. Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: bump prerelease versions [skip ci] * fix(types): move scaffold hook interfaces from hooks-registry to types (#408) * fix(types): move scaffold hook interfaces from hooks-registry to types * fix(ci): resolve fast-uri CVEs, performance budget/Playwright API failures - Add fast-uri>=3.1.2 pnpm override to kill GHSA-q3j6-qgpj-74h6 and GHSA-v39h-62p7-jpjc (high-severity CVEs in @commitlint transitive dep) - Regenerate pnpm-lock.yaml: fast-uri 3.1.0 -> 3.1.2 - Bump performance-budgets.json firstLoadJS max 300KB->440KB and allPagesJS max 850KB->1045KB to reflect current measured bundle sizes (403KB / 932KB); budgets were stale, PR changes are types-only / zero runtime footprint - Fix runtime-vitals.bench.ts: replace chromium.launch() with chromium.launchServer() so wsEndpoint() is available (Browser no longer exposes it in Playwright v1.38+; only BrowserServer does) - Fix Theme Switch test: use waitUntil:'load' instead of waitForLoadState( 'networkidle') which was timing out at 30s on the large first-load bundle * fix(ci): switch npm publish to pnpm publish for workspace:* resolution Replace bare 'npm publish' with 'pnpm publish --no-git-checks' in both release and prerelease workflows. --no-git-checks is required because 'changeset version' dirties the working tree before publish runs. The 'npm view' registry-query lines and NODE_AUTH_TOKEN env var are intentionally left unchanged — they are not publish commands. * fix(ci): bump next override to >=16.2.5 (GHSA-8h8q-6873-q5fj), fix Lighthouse CDP port - Raise pnpm override 'next' from >=16.1.7 to >=16.2.5 to clear the new high-severity Next.js DoS CVE (GHSA-8h8q-6873-q5fj, vulnerable range >=16.0.0 <16.2.5, resolves to next@16.2.6). pnpm audit now exits 0 with only low/moderate severities remaining. - Fix Lighthouse integration in runtime-vitals.bench.ts: replace chromium.launchServer() with chromium.launch({ --remote-debugging-port }) using a dynamically-allocated free port (via net.createServer(:0)). launchServer() exposes only a Playwright WebSocket endpoint; Lighthouse's internal puppeteer-core polls http://HOST:PORT/json/version and got back the plain string 'Running' instead of CDP JSON, causing: SyntaxError: Unexpected token 'R', "Running" is not valid JSON Applied to both runLighthouse() and the inline Mobile Performance test (variable renamed mobileBrowser/mobilePort to avoid shadowing). - Fix Theme Switch test timeout: use waitUntil:'domcontentloaded' instead of 'load' — load waits for all 403 KB of first-load JS to transfer and was hitting the 30 s navigation timeout. Also narrow switchTime to measure only the click itself (not the 1 s waitForFunction detection window which inflated the measurement past the 100 ms budget when the app expresses theme via CSS variables rather than data-theme/body-class attributes). --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev> * chore: bump prerelease versions [skip ci] * chore(deps-dev): bump @types/node from 24.12.2 to 25.6.2 (#395) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.12.2 to 25.6.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @vitest/ui from 4.1.4 to 4.1.6 (#394) Bumps [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) from 4.1.4 to 4.1.6. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/ui) --- updated-dependencies: - dependency-name: "@vitest/ui" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump maplibre-gl from 4.7.1 to 5.24.0 (#393) Bumps [maplibre-gl](https://github.com/maplibre/maplibre-gl-js) from 4.7.1 to 5.24.0. - [Release notes](https://github.com/maplibre/maplibre-gl-js/releases) - [Changelog](https://github.com/maplibre/maplibre-gl-js/blob/main/CHANGELOG.md) - [Commits](maplibre/maplibre-gl-js@v4.7.1...v5.24.0) --- updated-dependencies: - dependency-name: maplibre-gl dependency-version: 5.24.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /packages/nextjs (#370) Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump eslint-config-next from 16.2.3 to 16.2.6 (#380) Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 16.2.3 to 16.2.6. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/commits/v16.2.6/packages/eslint-config-next) --- updated-dependencies: - dependency-name: eslint-config-next dependency-version: 16.2.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(claude): always use date CLI command for current date (#409) Co-authored-by: Stackwright Bot <bot@per-aspera.dev> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Stackwright Bot <bot@per-aspera.dev> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Three related fixes unblocking Pro package integration:
1.
@stackwright/core+@stackwright/types: Zod internals removed from published.d.tsThe generated
dist/index.d.tsembedded zod-version-specific internal types (z.ZodTypeAny,z.core.$strip,z.ZodObjectgenerics) into the public API, breaking TypeScript in consumer projects whose zod version differed. Consumers were forced to maintainstackwright-core.d.tsmodule-override stubs as a workaround.Root causes fixed:
ContentTypeEntry.schema,registerContentType(), andgetContentTypeSchema()now use a localZodSchemastructural interface instead ofz.ZodTypeAny. Any real Zod schema satisfies it via duck-typing.siteDefaults.tswas importingSiteConfigvia a relative path to the@stackwright/typessource file, causing tsup to inline the entiresiteConfigSchema: z.ZodObject<{..., z.core.$strip}>declaration. Fixed toimport type { SiteConfig } from '@stackwright/types'.@stackwright/types,@stackwright/themes,@stackwright/collectionsadded to tsupexternalas a defensive measure.PrebuildPlugin.configSchemaand.contentItemSchemasin@stackwright/types.Consumer projects can now delete any
stackwright-core.d.tsstub override files.2.
@stackwright/cli: Stale scaffold template versions updatedbuildPackageJson()was pinning new projects to package versions 4+ releases old. Critical failure:@stackwright/build-scriptswas pinned to^0.4.0— the version before the plugin system existed — so Pro pluginbeforeBuildhooks silently failed or crashed in freshly scaffolded projects.@stackwright/core^0.7.0^0.8.0@stackwright/nextjs^0.3.1^0.5.0@stackwright/icons^0.3.0^0.5.0@stackwright/build-scripts^0.4.0❌^0.7.0✅@stackwright/otters^0.2.0-alpha.0^0.2.0Also adds
scripts/sync-versions.mjs— a zero-dependency Node ESM utility that reads workspacepackage.jsonfiles and rewrites the VERSIONS constant automatically. Runnode scripts/sync-versions.mjsbefore release cuts to prevent drift.Changesets
@stackwright/core— patch@stackwright/types— patch@stackwright/cli— patchTesting
ZodSchema/ZodLike)pnpm build:corewill produce adist/index.d.tswith noz.ZodTypeAnyorz.core.$stripreferencesnode scripts/sync-versions.mjsis idempotent — all ✓ after first runPro impact
After this lands, Pro can:
stackwright-core.d.tsstub override filesproContentPlugin.beforeBuildworks out of the box