regression: apps semver validation broke with pre-release identifier

[d-gubert]

Proposed changes (including videos or screenshots)

Introduced by #40343

When moving app management code to the packages/apps workspace, the AppPackageParser inadvertedly stopped discarding the pre-release portion of the apps-engine version, which makes range comparisons like ^1.44.0 invalid. The issue only came up after the candidate bumped the apps-engine version to 1.63.0-rc.0.

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Refactor
  • Simplified internal version handling and removed a redundant exported version value.
  • Parser now derives and normalizes the engine version directly for compatibility checks, improving reliability of version comparisons without changing user-facing behavior.

ARCH-2129
CORE-2222

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9793e92

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 67037238-0d62-470a-82e4-bfbf35b07f87

📥 Commits

Reviewing files that changed from the base of the PR and between 1720445 and 9793e92.

📒 Files selected for processing (2)

• packages/apps-engine/src/definition/version.ts
• packages/apps/src/server/compiler/AppPackageParser.ts

💤 Files with no reviewable changes (1)

• packages/apps-engine/src/definition/version.ts

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: 🔎 Code Check / TypeScript
• GitHub Check: 🔎 Code Check / Code Lint
• GitHub Check: 🔨 Test Storybook / Test Storybook
• GitHub Check: 📦 Meteor Build (coverage)
• GitHub Check: 🔨 Test Unit / Unit Tests
• GitHub Check: cubic · AI code reviewer
• GitHub Check: Hacktron Security Check

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• packages/apps/src/server/compiler/AppPackageParser.ts

🧠 Learnings (4)

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In the Rocket.Chat repository, do not reference Biome lint rules in code review feedback. Biome is not used even if biome.json exists; only reference Biome rules if there is explicit, project-wide usage documented. For TypeScript files, review lint implications without Biome guidance unless the project enables Biome rules.

Applied to files:

• packages/apps/src/server/compiler/AppPackageParser.ts

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In this repository (RocketChat/Rocket.Chat), Biome lint rules are not used even if a biome.json exists. When reviewing TypeScript files (e.g., packages/ui-voip/src/providers/useMediaSession.ts), ensure lint suggestions do not reference Biome-specific rules. Rely on general ESLint/TypeScript lint rules and project conventions instead.

Applied to files:

• packages/apps/src/server/compiler/AppPackageParser.ts

📚 Learning: 2026-05-06T12:21:44.083Z

Learnt from: juliajforesti
Repo: RocketChat/Rocket.Chat PR: 40256
File: apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx:121-149
Timestamp: 2026-05-06T12:21:44.083Z
Learning: Field wrappers in rocket.chat/fuselage-forms (Field, FieldLabel, FieldRow, FieldError, FieldHint) auto-create htmlFor/id associations, aria-describedby, and role="alert" for errors. Do not manually set htmlFor, id, aria-describedby, or role attributes when using these wrappers. This automatic wiring does not apply to plain rocket.chat/fuselage components, which require explicit ID wiring per the accessibility docs. In code reviews, prefer using fuselage-forms wrappers for form fields and verify there is no unnecessary manual ID/aria wiring in files that use these wrappers. If a component uses plain fuselage components, ensure proper id wiring as per docs.

Applied to files:

• packages/apps/src/server/compiler/AppPackageParser.ts

📚 Learning: 2026-05-11T21:46:23.471Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 40463
File: packages/apps/src/lib/SecureFields.ts:17-19
Timestamp: 2026-05-11T21:46:23.471Z
Learning: In Rocket.Chat’s `packages/apps/tsconfig.json`, TypeScript `"strict"` is set to `false`, which disables strict type-checking (including `noImplicitAny`) for `packages/apps`. When reviewing, do not flag TS7053 (and similar strict-mode indexing/type errors) in files under `packages/apps/src/` that are a consequence of this relaxed strictness—e.g., patterns like indexing an `unknown`/`object` via optional chaining such as `object?.[kSecureFields]`.

Applied to files:

• packages/apps/src/server/compiler/AppPackageParser.ts

🔇 Additional comments (1)

packages/apps/src/server/compiler/AppPackageParser.ts (1)

5-5: LGTM!

Also applies to: 18-22

---

Walkthrough

The PR removes the ENGINE_VERSION export from apps-engine and updates AppPackageParser to import version from @rocket.chat/apps-engine/package.json, strip any pre-release suffix after -, and use that value for appsEngineVersion.

Changes

Version Resolution Refactor

Layer / File(s)	Summary
Update AppPackageParser to direct package.json version packages/apps/src/server/compiler/AppPackageParser.ts	Import version from @rocket.chat/apps-engine/package.json and initialize appsEngineVersion in a constructor by splitting the version string on - to discard pre-release/build suffixes, replacing the removed ENGINE_VERSION constant.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

type: bug, type: chore

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: fixing semver validation that broke due to pre-release identifiers in the apps-engine version.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• ARCH-2129: Request failed with status code 401

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.64%. Comparing base (f3c2b83) to head (9793e92).

Additional details and impacted files

@@                Coverage Diff                @@
##           release-8.5.0   #40643      +/-   ##
=================================================
- Coverage          69.64%   69.64%   -0.01%     
=================================================
  Files               3338     3338              
  Lines             123232   123232              
  Branches           21949    21966      +17     
=================================================
- Hits               85830    85827       -3     
- Misses             34046    34047       +1     
- Partials            3356     3358       +2     

Flag	Coverage Δ
unit	70.46% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[d-gubert]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/apps/src/server/compiler/AppPackageParser.ts`:
- Around line 20-22: The inline implementation comment on the constructor
assignment should be removed to comply with the repository guideline prohibiting
code comments in implementation files; edit the constructor in AppPackageParser
to keep the assignment [this.appsEngineVersion] = version.split('-') (or
equivalent) but delete the trailing inline comment explaining the split, leaving
no code comments in that method.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 90db3484-67cb-4f09-86bf-8e9835ff9df7

📥 Commits

Reviewing files that changed from the base of the PR and between 6cd9662 and 1720445.

📒 Files selected for processing (2)

• packages/apps-engine/src/definition/version.ts
• packages/apps/src/server/compiler/AppPackageParser.ts

💤 Files with no reviewable changes (1)

• packages/apps-engine/src/definition/version.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: 📦 Meteor Build (coverage)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• packages/apps/src/server/compiler/AppPackageParser.ts

🧠 Learnings (4)

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In the Rocket.Chat repository, do not reference Biome lint rules in code review feedback. Biome is not used even if biome.json exists; only reference Biome rules if there is explicit, project-wide usage documented. For TypeScript files, review lint implications without Biome guidance unless the project enables Biome rules.

Applied to files:

• packages/apps/src/server/compiler/AppPackageParser.ts

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In this repository (RocketChat/Rocket.Chat), Biome lint rules are not used even if a biome.json exists. When reviewing TypeScript files (e.g., packages/ui-voip/src/providers/useMediaSession.ts), ensure lint suggestions do not reference Biome-specific rules. Rely on general ESLint/TypeScript lint rules and project conventions instead.

Applied to files:

• packages/apps/src/server/compiler/AppPackageParser.ts

📚 Learning: 2026-05-06T12:21:44.083Z

Learnt from: juliajforesti
Repo: RocketChat/Rocket.Chat PR: 40256
File: apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx:121-149
Timestamp: 2026-05-06T12:21:44.083Z
Learning: Field wrappers in rocket.chat/fuselage-forms (Field, FieldLabel, FieldRow, FieldError, FieldHint) auto-create htmlFor/id associations, aria-describedby, and role="alert" for errors. Do not manually set htmlFor, id, aria-describedby, or role attributes when using these wrappers. This automatic wiring does not apply to plain rocket.chat/fuselage components, which require explicit ID wiring per the accessibility docs. In code reviews, prefer using fuselage-forms wrappers for form fields and verify there is no unnecessary manual ID/aria wiring in files that use these wrappers. If a component uses plain fuselage components, ensure proper id wiring as per docs.

Applied to files:

• packages/apps/src/server/compiler/AppPackageParser.ts

📚 Learning: 2026-05-11T21:46:23.471Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 40463
File: packages/apps/src/lib/SecureFields.ts:17-19
Timestamp: 2026-05-11T21:46:23.471Z
Learning: In Rocket.Chat’s `packages/apps/tsconfig.json`, TypeScript `"strict"` is set to `false`, which disables strict type-checking (including `noImplicitAny`) for `packages/apps`. When reviewing, do not flag TS7053 (and similar strict-mode indexing/type errors) in files under `packages/apps/src/` that are a consequence of this relaxed strictness—e.g., patterns like indexing an `unknown`/`object` via optional chaining such as `object?.[kSecureFields]`.

Applied to files:

• packages/apps/src/server/compiler/AppPackageParser.ts

🔇 Additional comments (1)

packages/apps/src/server/compiler/AppPackageParser.ts (1)

5-5: LGTM!

[cubic-dev-ai]

No issues found across 2 files

_{Re-trigger cubic}

[hacktron-app]

1 issue found across 1 file

Severity	Count
🚨 Critical	1

View full scan results