Prepare for v0.4.0 release

[bufferings]

Summary

Prepare for v0.4.0 release with dependency updates and cleanup.

Changes

Package Changes

• Remove zod-schema-adapter and zod-openapi-plugin packages
• Use std-schema-adapter and std-schema-openapi-plugin instead

Dependency Updates

• Runtime: hono, @hono/node-server, openapi3-ts, swagger-ui-dist, execa, p-limit
• DevDependencies: eslint, vitest, tsdown, typescript-eslint, prettier, turbo, etc.
• Align peer dependencies with dev versions

Tooling

• Use @types/node 20.x to match minimum Node.js support (>=20)
• Update mise.toml (node 20.19.6, lefthook 2.0.13)
• Remove lefthook from package.json (managed by mise only)

Cursor Commands

• Add .cursor/commands/commit.md for commit workflow
• Add .cursor/commands/create-pr.md for PR creation workflow
• Remove .cursor/rules/git.mdc (content moved to commands)

Summary by CodeRabbit

• Chores

  • Updated core dependencies including Hono and OpenAPI packages to latest versions
  • Transitioned schema adapter ecosystem from Zod-based to Standard Schema-based implementations
  • Upgraded development tooling including build, testing, and linting utilities

• Documentation

  • Added Git workflow guides for commits and pull requests

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 6424258

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR removes the zod-schema-adapter and zod-openapi-plugin packages entirely, replacing them with std-schema-adapter and std-schema-openapi-plugin. Multiple dependency versions are updated across the workspace. Cursor documentation files are added. TypeScript configuration references updated to reflect removed packages. Swagger UI asset hashes regenerated.

Changes

Cohort / File(s)	Summary
Zod-based package removal packages/zod-schema-adapter/*, packages/zod-openapi-plugin/*	Entire packages deleted including all source files, tests, configs (tsconfig.json, tsconfig.build.json, tsdown.config.js, eslint.config.js, package.json, README.md). Removes all Zod schema/validator APIs, request/response schema builders, and Zod-to-OpenAPI converter.
Std-schema package updates packages/std-schema-adapter/package.json, packages/std-schema-openapi-plugin/package.json	Dependency version updates: @standard-schema/spec (^1.0.0 → ^1.1.0), openapi3-ts (^4.4.0 → ^4.5.0), zod (4.2.0 → 4.2.1). Introduces std-schema alternatives to replaced zod packages.
Runtime dependency updates packages/kori/package.json, packages/nodejs-server/package.json, packages/openapi-plugin/package.json, packages/openapi-swagger-ui-plugin/package.json, packages/example/package.json, packages/script/package.json	Version bumps: hono (4.9.8 → 4.11.3), @hono/node-server (1.19.6 → 1.19.7), openapi3-ts (4.4.0 → 4.5.0), swagger-ui-dist (5.29.4 → 5.31.0), execa (9.6.0 → 9.6.1), p-limit (6.2.0 → 7.2.0), cross-env (7.0.3 → 10.1.0), pino-pretty (13.0.0 → 13.1.3), tsx (4.19.2 → 4.21.0).
DevDependency updates package.json, packages/eslint-config/package.json	Version bumps: @changesets/cli (2.29.5 → 2.29.8), prettier (3.4.2 → 3.7.4), turbo (2.5.4 → 2.7.2), vitepress (1.6.3 → 1.6.4), @typescript-eslint/* (8.47.0 → 8.51.0), @eslint/js (9.39.1 → 9.39.2). Removed lefthook from devDependencies.
Swagger UI assets packages/openapi-swagger-ui-plugin/src/assets/hashes.ts	Hash constants regenerated: SWAGGER\_UI\_CSS\_HASH, SWAGGER\_UI\_JS\_HASH, SWAGGER\_UI\_STANDALONE\_PRESET\_JS\_HASH reflect upgraded swagger-ui-dist version (5.31.0).
Cursor documentation & tooling .cursor/commands/commit.md, .cursor/commands/create-pr.md, .cursor/rules/git.mdc, mise.toml	Added Git commit/PR workflow documentation files. Removed legacy git.mdc rules file. Updated mise.toml: lefthook (1.13.6 → 2.0.13), node (20.19.5 → 20.19.6), added "corepack enable && lefthook install" to postinstall hook. Removed lefthook from package.json devDependencies.
TypeScript & build configuration tsconfig.json, pnpm-workspace.yaml	Updated tsconfig.json references: removed zod-openapi-plugin, zod-schema-adapter; retained std-schema-openapi-plugin. Updated pnpm-workspace.yaml catalog: @types/node (22.12.0 → 20.19.27), eslint (9.39.1 → 9.39.2), tsdown (0.16.6 → 0.18.3), vitest (4.0.13 → 4.0.16).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Add std-schema-openapi-plugin and various improvements #160: Replaces Zod-based schema/OpenAPI packages with std-schema equivalents (std-schema-adapter, std-schema-openapi-plugin), aligning with this PR's migration strategy.
• Simplify schema adapter and OpenAPI plugin APIs #132: Refactors schema adapters from Zod to std-schema, updates OpenAPI plugin exports (pluginMeta renames), and reorganizes adapter module surfaces.
• Refactor schema adapters with improved API and organization #131: Removes zod-based adapters and plugins in favor of std-schema equivalents, mirroring the core transformation in this PR.

Poem

🐰 Hop, hop, away with the Zod
Std-schema's the new golden rod
Swagger hashes dance anew
Dependencies refreshed through and through
Kori framework hops to the rescue! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly and concisely summarizes the main objective: preparing the codebase for a v0.4.0 release, which is the primary theme evident from the changeset, dependency updates, package migrations, and version bump.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR prepares the repository for v0.4.0 release by removing deprecated packages (zod-schema-adapter and zod-openapi-plugin), updating dependencies, and cleaning up configuration files. The changes align the project to use the new std-schema-adapter and std-schema-openapi-plugin packages instead.

Key Changes:

• Remove zod-schema-adapter and zod-openapi-plugin packages
• Update runtime and development dependencies to latest versions
• Downgrade @types/node from 22.x to 20.x to match minimum Node.js support (>=20)
• Remove lefthook from package.json (now managed by mise)

Reviewed changes

Copilot reviewed 65 out of 72 changed files in this pull request and generated no comments.

File	Description
tsconfig.json	Removed references to deleted packages (zod-schema-adapter, zod-openapi-plugin)
pnpm-workspace.yaml	Updated catalog versions for @types/node, eslint, tsdown, and vitest
pnpm-lock.yaml	Comprehensive lockfile update reflecting all dependency changes
packages/zod-schema-adapter/*	Deleted entire package directory and all associated files

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.changeset/v0.4.0-release.md (1)

10-20: Consider expanding the description for clarity on migration path.

The changeset content effectively lists the dependency updates and the migration from zod-based to std-schema-based packages. However, it could be more explicit about the user-facing impact and any migration steps required for consumers, especially if this is a breaking change.

Consider adding a brief note about how users should migrate if they were using the old zod-based packages, or confirming that the new std-schema equivalents provide a compatible API.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0a5bd34 and 6424258.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (71)

• .changeset/v0.4.0-release.md
• .cursor/commands/commit.md
• .cursor/commands/create-pr.md
• .cursor/rules/git.mdc
• mise.toml
• package.json
• packages/eslint-config/package.json
• packages/example/package.json
• packages/kori/package.json
• packages/nodejs-server/package.json
• packages/openapi-plugin/package.json
• packages/openapi-swagger-ui-plugin/package.json
• packages/openapi-swagger-ui-plugin/src/assets/hashes.ts
• packages/openapi-swagger-ui-plugin/src/assets/swagger-ui-bundle-js.ts
• packages/openapi-swagger-ui-plugin/src/assets/swagger-ui-css.ts
• packages/openapi-swagger-ui-plugin/src/assets/swagger-ui-standalone-preset-js.ts
• packages/script/package.json
• packages/std-schema-adapter/package.json
• packages/std-schema-openapi-plugin/package.json
• packages/zod-openapi-plugin/CHANGELOG.md
• packages/zod-openapi-plugin/README.md
• packages/zod-openapi-plugin/eslint.config.js
• packages/zod-openapi-plugin/package.json
• packages/zod-openapi-plugin/src/index.ts
• packages/zod-openapi-plugin/src/version.ts
• packages/zod-openapi-plugin/src/zod-openapi-plugin.ts
• packages/zod-openapi-plugin/src/zod-schema-converter.ts
• packages/zod-openapi-plugin/tests/placeholder.test.ts
• packages/zod-openapi-plugin/tsconfig.build.json
• packages/zod-openapi-plugin/tsconfig.json
• packages/zod-openapi-plugin/tsdown.config.js
• packages/zod-schema-adapter/CHANGELOG.md
• packages/zod-schema-adapter/README.md
• packages/zod-schema-adapter/eslint.config.js
• packages/zod-schema-adapter/package.json
• packages/zod-schema-adapter/src/index.ts
• packages/zod-schema-adapter/src/util/index.ts
• packages/zod-schema-adapter/src/util/is-zod-type.ts
• packages/zod-schema-adapter/src/zod-enable-validation/enable-zod-request-and-response-validation.ts
• packages/zod-schema-adapter/src/zod-enable-validation/enable-zod-request-validation.ts
• packages/zod-schema-adapter/src/zod-enable-validation/enable-zod-response-validation.ts
• packages/zod-schema-adapter/src/zod-enable-validation/index.ts
• packages/zod-schema-adapter/src/zod-request-schema/body-content.ts
• packages/zod-schema-adapter/src/zod-request-schema/body-transformer.ts
• packages/zod-schema-adapter/src/zod-request-schema/index.ts
• packages/zod-schema-adapter/src/zod-request-schema/schema.ts
• packages/zod-schema-adapter/src/zod-response-schema/entry-content.ts
• packages/zod-schema-adapter/src/zod-response-schema/entry-transformer.ts
• packages/zod-schema-adapter/src/zod-response-schema/entry.ts
• packages/zod-schema-adapter/src/zod-response-schema/index.ts
• packages/zod-schema-adapter/src/zod-response-schema/schema.ts
• packages/zod-schema-adapter/src/zod-schema/index.ts
• packages/zod-schema-adapter/src/zod-schema/zod-schema-provider.ts
• packages/zod-schema-adapter/src/zod-schema/zod-schema.ts
• packages/zod-schema-adapter/src/zod-validator/index.ts
• packages/zod-schema-adapter/src/zod-validator/zod-failure.ts
• packages/zod-schema-adapter/src/zod-validator/zod-validator.ts
• packages/zod-schema-adapter/tests/integration/full-validation-flow.test.ts
• packages/zod-schema-adapter/tests/integration/request-validation-flow.test.ts
• packages/zod-schema-adapter/tests/integration/response-validation-flow.test.ts
• packages/zod-schema-adapter/tests/util/is-zod-type.test.ts
• packages/zod-schema-adapter/tests/zod-request-schema/zod-request-schema.test.ts
• packages/zod-schema-adapter/tests/zod-response-schema/zod-response-schema.test.ts
• packages/zod-schema-adapter/tests/zod-schema/zod-schema.test.ts
• packages/zod-schema-adapter/tests/zod-validator/zod-failure.test.ts
• packages/zod-schema-adapter/tests/zod-validator/zod-validator.test.ts
• packages/zod-schema-adapter/tsconfig.build.json
• packages/zod-schema-adapter/tsconfig.json
• packages/zod-schema-adapter/tsdown.config.js
• pnpm-workspace.yaml
• tsconfig.json

💤 Files with no reviewable changes (49)

• packages/zod-schema-adapter/src/util/index.ts
• packages/zod-openapi-plugin/tsconfig.json
• packages/zod-schema-adapter/src/zod-schema/index.ts
• packages/zod-schema-adapter/tests/zod-response-schema/zod-response-schema.test.ts
• packages/zod-schema-adapter/src/zod-schema/zod-schema-provider.ts
• packages/zod-schema-adapter/src/zod-response-schema/entry.ts
• packages/zod-openapi-plugin/src/index.ts
• packages/zod-schema-adapter/src/zod-enable-validation/index.ts
• packages/zod-schema-adapter/tests/zod-validator/zod-validator.test.ts
• packages/zod-openapi-plugin/src/version.ts
• packages/zod-schema-adapter/tests/integration/request-validation-flow.test.ts
• packages/zod-schema-adapter/README.md
• packages/zod-schema-adapter/src/zod-enable-validation/enable-zod-request-validation.ts
• packages/zod-openapi-plugin/tsdown.config.js
• .cursor/rules/git.mdc
• packages/zod-schema-adapter/src/zod-request-schema/index.ts
• packages/zod-openapi-plugin/src/zod-schema-converter.ts
• packages/zod-schema-adapter/tests/zod-request-schema/zod-request-schema.test.ts
• packages/zod-schema-adapter/src/zod-enable-validation/enable-zod-response-validation.ts
• packages/zod-schema-adapter/tests/zod-schema/zod-schema.test.ts
• packages/zod-schema-adapter/src/zod-response-schema/index.ts
• packages/zod-schema-adapter/tsconfig.json
• packages/zod-schema-adapter/src/util/is-zod-type.ts
• packages/zod-schema-adapter/eslint.config.js
• packages/zod-schema-adapter/src/zod-response-schema/entry-content.ts
• packages/zod-schema-adapter/src/zod-validator/zod-failure.ts
• packages/zod-schema-adapter/src/index.ts
• packages/zod-schema-adapter/src/zod-validator/index.ts
• packages/zod-schema-adapter/tests/util/is-zod-type.test.ts
• packages/zod-schema-adapter/src/zod-response-schema/schema.ts
• packages/zod-schema-adapter/tests/integration/full-validation-flow.test.ts
• packages/zod-openapi-plugin/README.md
• packages/zod-schema-adapter/src/zod-enable-validation/enable-zod-request-and-response-validation.ts
• packages/zod-openapi-plugin/package.json
• packages/zod-schema-adapter/tsconfig.build.json
• packages/zod-schema-adapter/src/zod-request-schema/body-content.ts
• packages/zod-schema-adapter/src/zod-response-schema/entry-transformer.ts
• packages/zod-schema-adapter/tsdown.config.js
• packages/zod-openapi-plugin/src/zod-openapi-plugin.ts
• packages/zod-schema-adapter/tests/zod-validator/zod-failure.test.ts
• packages/zod-schema-adapter/src/zod-request-schema/body-transformer.ts
• packages/zod-openapi-plugin/tsconfig.build.json
• packages/zod-schema-adapter/src/zod-request-schema/schema.ts
• packages/zod-openapi-plugin/eslint.config.js
• packages/zod-schema-adapter/src/zod-schema/zod-schema.ts
• packages/zod-schema-adapter/src/zod-validator/zod-validator.ts
• packages/zod-schema-adapter/package.json
• packages/zod-schema-adapter/tests/integration/response-validation-flow.test.ts
• packages/zod-openapi-plugin/tests/placeholder.test.ts

🧰 Additional context used

📓 Path-based instructions (4)

.changeset/*.md

📄 CodeRabbit inference engine (.cursor/rules/changeset.mdc)

.changeset/*.md: Changeset files should be created in .changeset/[descriptive-name].md format with frontmatter specifying package name and version type (patch/minor/major)
Changeset file frontmatter should include the package name (e.g., '@korix/cors-plugin') and semantic version type (patch, minor, or major) based on the nature of the change
Changeset file content should include a clear, English-language description of the change that focuses on the difference relative to the original baseline
Use semantic versioning strategy for changeset operations: use 'patch' for bug fixes, 'minor' for backward-compatible new features, and 'major' for breaking changes
When creating changesets, focus on describing the difference relative to the original baseline, not just the current working changes

Files:

• .changeset/v0.4.0-release.md

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/coding.mdc)

**/*.{ts,tsx}: Always use type modifier for type imports in TypeScript
Use function declarations for framework public APIs in TypeScript
Avoid arrow functions for public APIs in TypeScript
Prefer type over interface for type definitions in TypeScript
Use never as default type parameter instead of {} in TypeScript
Do not use readonly modifier in type definitions, class properties, or object properties
Keep related types together in the same file
Use 'Default' suffix for permissive/wildcard generic defaults (e.g., KoriSchemaDefault, KoriRequestSchemaDefault)
Use 'Base' suffix for fixed core compositions with framework core types bound (e.g., KoriHandlerContextBase, KoriInstanceContextBase)

**/*.{ts,tsx}: Include @template descriptions for type parameters in JSDoc for public APIs
Document the purpose and constraints of type definitions in JSDoc - explain what the type represents and any limitations or special behaviors
Explain branded types in JSDoc by describing their purpose as branded objects and how they can be extended

Files:

• packages/openapi-swagger-ui-plugin/src/assets/hashes.ts

**/*.{ts,js,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/coding.mdc)

**/*.{ts,js,tsx,jsx}: Always include .js extension in import paths for ESM compatibility
Export public APIs at the end of the file
Use 'Plugin' instead of 'Middleware' in naming and APIs
Avoid 'use' prefix for adding plugins in APIs and code
Use camelCase for function names, variable names, and property names
Treat abbreviations as regular words in camelCase (API → Api, UI → Ui, URL → Url, HTTP → Http)
Plugin function names should follow the pattern <name>Plugin in camelCase
Use ESM (ECMAScript Modules) format for module system
Prefer functions over classes in architecture
Use composition over inheritance in architecture
Avoid using the 'this' keyword in code
Source code files (.ts, .js, .tsx, .jsx) must contain only ASCII characters; non-ASCII characters (emojis, Japanese, etc.) are prohibited

Files:

• packages/openapi-swagger-ui-plugin/src/assets/hashes.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/tsdoc.mdc)

**/*.{ts,tsx,js,jsx}: Write comments to explain WHY (not WHAT) - focus on the reasoning behind the code, not what the code does
Don't repeat what's obvious from function names in comments
Use minimal comments for internal implementation details
Write documentation from the user's perspective, not the implementation perspective - focus on what the API does for users, when to use it, inputs/outputs rather than internal implementation details
Include @param descriptions for all function parameters in JSDoc for public APIs
Include @returns descriptions for return values in JSDoc for public APIs
Include @example usage examples in JSDoc when the usage is not obvious from function signature - recommended for complex APIs with multiple options, chaining methods, non-obvious patterns, or common misconceptions
Highlight important details in JSDoc: performance reasons (mutation, caching), execution order (LIFO, defer), and side effects (state changes, logging)
Use @internal JSDoc tag only for exported members that are internal implementation details - do not use for non-exported constants, functions, or types
When using @internal, provide only one-line explanations for complex logic if needed
Use @packageInternal JSDoc tag for internal API that may be re-exported by folder-level index.ts files but must not be re-exported by the package public barrel (src/index.ts)
Mark test exports with @internal tag and add comment 'Exported for testing purposes only'
Comments are not needed for simple wrapper functions, functions with obvious behavior from types, standard getters/setters, or self-evident utility functions

Files:

• packages/openapi-swagger-ui-plugin/src/assets/hashes.ts

🧠 Learnings (11)

📚 Learning: 2025-11-29T04:41:59.248Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/coding.mdc:0-0
Timestamp: 2025-11-29T04:41:59.248Z
Learning: Applies to **/*.{ts,tsx} : Use function declarations for framework public APIs in TypeScript

Applied to files:

• tsconfig.json

📚 Learning: 2025-11-29T04:41:59.248Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/coding.mdc:0-0
Timestamp: 2025-11-29T04:41:59.248Z
Learning: Applies to **/*.{ts,js,tsx,jsx} : Avoid 'use' prefix for adding plugins in APIs and code

Applied to files:

• tsconfig.json

📚 Learning: 2025-11-29T04:42:38.592Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/test.mdc:0-0
Timestamp: 2025-11-29T04:42:38.592Z
Learning: Applies to **/tests/**/*.ts
**/*.test.ts
**/*.spec.ts : Always explicitly import test utilities (describe, test, expect, vi, expectTypeOf) without relying on vitest globals configuration

Applied to files:

• packages/eslint-config/package.json
• packages/script/package.json

📚 Learning: 2025-11-29T04:42:38.592Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/test.mdc:0-0
Timestamp: 2025-11-29T04:42:38.592Z
Learning: Applies to **/tests/**/*.ts
**/*.test.ts
**/*.spec.ts : Use ESM only in tests with .js extensions included in imports

Applied to files:

• packages/eslint-config/package.json

📚 Learning: 2025-11-29T04:42:38.592Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/test.mdc:0-0
Timestamp: 2025-11-29T04:42:38.592Z
Learning: Applies to **/tests/**/*.ts
**/*.test.ts
**/*.spec.ts : Use type imports for types in test files

Applied to files:

• packages/eslint-config/package.json

📚 Learning: 2025-11-29T04:41:45.858Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/changeset.mdc:0-0
Timestamp: 2025-11-29T04:41:45.858Z
Learning: Applies to .changeset/*.md : Changeset file frontmatter should include the package name (e.g., 'korix/cors-plugin') and semantic version type (patch, minor, or major) based on the nature of the change

Applied to files:

• .changeset/v0.4.0-release.md
• mise.toml
• package.json

📚 Learning: 2025-11-29T04:41:45.858Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/changeset.mdc:0-0
Timestamp: 2025-11-29T04:41:45.858Z
Learning: Applies to .changeset/*.md : Use semantic versioning strategy for changeset operations: use 'patch' for bug fixes, 'minor' for backward-compatible new features, and 'major' for breaking changes

Applied to files:

• .changeset/v0.4.0-release.md

📚 Learning: 2025-11-29T04:41:45.858Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/changeset.mdc:0-0
Timestamp: 2025-11-29T04:41:45.858Z
Learning: Applies to .changeset/*.md : Changeset files should be created in `.changeset/[descriptive-name].md` format with frontmatter specifying package name and version type (patch/minor/major)

Applied to files:

• .changeset/v0.4.0-release.md

📚 Learning: 2025-11-29T04:42:13.300Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-11-29T04:42:13.300Z
Learning: When creating PRs with GitHub CLI that have long descriptions, create a temporary file for the description and use `gh pr create --body-file temp_file.md` instead of passing the description as command line arguments to avoid zsh misinterpreting special characters

Applied to files:

• .cursor/commands/create-pr.md

📚 Learning: 2025-11-29T04:42:13.300Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-11-29T04:42:13.300Z
Learning: Use imperative mood in commit messages (e.g., 'Fix bug' not 'Fixed bug' or 'Fixes bug')

Applied to files:

• .cursor/commands/commit.md

📚 Learning: 2025-11-29T04:42:13.300Z

Learnt from: CR
Repo: bufferings/kori PR: 0
File: .cursor/rules/git.mdc:0-0
Timestamp: 2025-11-29T04:42:13.300Z
Learning: Write commit messages in English for international collaboration

Applied to files:

• .cursor/commands/commit.md

🪛 markdownlint-cli2 (0.18.1)

.cursor/commands/commit.md

36-36: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

54-54: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🔇 Additional comments (20)

.cursor/commands/create-pr.md (1)

1-47: LGTM! Clear and comprehensive PR creation workflow.

The documentation provides a well-structured step-by-step workflow for creating pull requests. The use of --body-file for the PR description aligns with best practices to avoid shell escaping issues, consistent with the learnings from previous feedback.

.cursor/commands/commit.md (1)

1-62: LGTM! Clear commit workflow documentation.

The documentation provides a comprehensive step-by-step workflow for committing changes with well-defined commit message format rules. The guidelines follow best practices including imperative mood, ASCII characters, and appropriate line length limits.

Note: The static analysis hints about missing language specifiers for the code blocks at lines 36-40 and 54-62 are false positives—these blocks demonstrate commit message format, not programming code, so language specifiers are not applicable.

packages/openapi-swagger-ui-plugin/src/assets/hashes.ts (1)

3-5: LGTM! Auto-generated hashes updated for Swagger UI 5.31.0.

The asset hashes have been correctly regenerated to match the updated swagger-ui-dist version (5.29.4 → 5.31.0). Since this is an auto-generated file, the changes are expected and appropriate.

package.json (1)

25-25: All devDependency versions are valid and exist on the npm registry.

@changesets/cli@2.29.8, prettier@3.7.4, turbo@2.7.2, and vitepress@1.6.4 have been verified as legitimate versions. No issues found.

packages/example/package.json (2)

34-35: All specified dependency versions exist on npm and are valid.

Verified: openapi3-ts@4.5.0, zod@4.2.1, pino-pretty@13.1.3, and tsx@4.21.0 are all published releases.

---

40-40: Cross-env 10.1.0 upgrade is compatible with CLI usage.

The dev scripts use cross-env only as a CLI tool in npm scripts, which remains fully supported and unchanged in v10. No breaking changes affect how it's invoked here. However, note that cross-env 10.1.0 requires Node.js >= 20; verify your project's Node.js version constraint supports this requirement.

Likely an incorrect or invalid review comment.

packages/eslint-config/package.json (1)

59-62: All ESLint tooling versions are compatible.

Verification confirms that @eslint/js@9.39.2 and all typescript-eslint@8.51.0 packages exist on npm and are compatible with each other. The peerDependencies in package.json (eslint ^9.39.0 and typescript ^5.9.0) satisfy the requirements of typescript-eslint@8.51.0.

packages/std-schema-openapi-plugin/package.json (1)

61-61: Dependencies verified and compatible. Both openapi3-ts@4.5.0 and zod@4.2.1 exist on npm at their latest versions with no known security vulnerabilities or compatibility conflicts.

packages/script/package.json (1)

41-42: No concerns. Both execa@9.6.1 and p-limit@7.2.0 are valid versions currently available on npm, and neither has known security vulnerabilities.

tsconfig.json (1)

13-13: LGTM! TypeScript references updated correctly.

The TypeScript project references have been correctly updated to reflect the migration from Zod-based packages to std-schema equivalents. The std-schema-openapi-plugin reference is properly included.

pnpm-workspace.yaml (2)

5-5: @types/node downgrade aligns with Node.js 20 requirement.

The @types/node has been intentionally downgraded from 22.12.0 to 20.19.27 to match the minimum Node.js version requirement (>=20.0.0) and the specific Node.js version 20.19.6 configured in mise.toml. This ensures type definitions are consistent with the actual runtime version.

---

6-6: All catalog dependency versions verified and correctly classified.

✓ eslint 9.39.2 exists (update from 9.39.1 — patch)
✓ tsdown 0.18.3 exists (update from 0.16.6 — minor)
✓ vitest 4.0.16 exists (update from 4.0.13 — patch)

Review the changelogs for these updates to understand any behavioral changes.

mise.toml (2)

2-2: LGTM! Lefthook installation added to postinstall hook.

The postinstall hook now includes "lefthook install" after enabling corepack. This aligns with the PR objective to manage lefthook via mise instead of package.json, ensuring the Git hooks are properly installed during setup.

---

8-9: Tool versions are available and properly aligned.

The updated tool versions in mise.toml are confirmed:

• lefthook 2.0.13 (released December 26, 2025)
• node 20.19.6 (released November 25, 2025 as LTS)

The Node.js version 20.19.6 correctly aligns with @types/node 20.19.27 in pnpm-workspace.yaml. No known critical issues in the release notes for either tool.

packages/nodejs-server/package.json (1)

58-58: @hono/node-server 1.19.7 exists in the npm registry.

Version 1.19.7 is published and valid.

packages/openapi-plugin/package.json (1)

60-60: openapi3-ts 4.5.0 is compatible with no breaking changes. Version 4.5.0 exists on npm and the changelog shows only additive changes: updated libraries, added missing PathItems component, and extended $ref support in OpenAPI 3.1 SchemaObjects. The version bump is safe to proceed.

packages/std-schema-adapter/package.json (1)

59-59: Both @standard-schema/spec 1.1.0 and zod 4.2.1 are published in npm registry with no breaking changes:

• @standard-schema/spec 1.1.0 is a minor bump with no breaking changes (project policy guarantees breaking changes only in major versions)
• zod 4.2.1 is a patch release with no new breaking changes

These updates are safe and compatible.

packages/openapi-swagger-ui-plugin/package.json (1)

77-77: swagger-ui-dist 5.31.0 is available and safe to use.

Version 5.31.0 exists in npm registry (released 2025-12-11). The main feature is dark mode support. No breaking changes or security vulnerabilities are reported. Note: version 5.30.0 also exists in the registry; the upgrade from 5.29.4 to 5.31.0 does not represent a skipped unavailable version.

packages/kori/package.json (1)

58-58: Hono 4.11.3 upgrade is compatible; focus testing on TypeScript types and specific middleware.

Verified that Hono 4.11.3 exists and contains no breaking changes from 4.9.8. The upgrade includes TypeScript middleware type improvements (v4.10.0), CORS security fixes (v4.10.3), and client enhancements (v4.11.0). Test areas that warrant attention:

• TypeScript middleware typing changes in v4.10.0 (may require type adjustments)
• CORS middleware if in use (security fix applied)
• Bearer-auth middleware if used (some option names are deprecated but still functional)

.changeset/v0.4.0-release.md (1)

1-8: Verify semantic versioning for package removals.

All packages are marked as 'minor', but the changeset mentions removing zod-schema-adapter and zod-openapi-plugin packages (line 19). If these were part of the public API or exports of any of these packages, their removal is a breaking change and should be marked as 'major' per semantic versioning guidelines.

Based on learnings and coding guidelines, please clarify:

1. Were zod-schema-adapter and zod-openapi-plugin part of the public API/exports of any of the packages listed in the frontmatter?
2. If yes, the version type should be 'major' rather than 'minor' for those packages.
3. If they were internal implementation details only, 'minor' is appropriate.

Alternatively, if you intend to treat this as a pre-1.0 breaking change under a unified minor bump (0.3.x → 0.4.0), please document this intention in the changeset content for clarity.