chore(forms): make Zod a peer dep (support ^3 || ^4), add dev dep + docs dep; patch bump per Cursor rules

[codegen-sh]

Jake Ruesink — this PR moves Zod out of the runtime bundle contract and aligns packaging with how we already externalize zod in the build.

What changed

• packages/components ("@lambdacurry/forms")
  • Move zod from dependencies → peerDependencies (^3.24.1 || ^4.0.0)
  • Add zod to devDependencies for local build/typecheck
  • Patch bump to 0.22.1 per .cursor/rules/versioning-with-npm.mdc
• apps/docs (Storybook)
  • Add zod to dependencies so docs don’t rely on workspace hoisting

Why

• Components export Zod-powered helpers (e.g., data-table filter schemas), so consumers should provide their own Zod. We already mark zod as external in the Vite config; peerDependency is the correct contract.

Build health

• Ran yarn build then yarn typecheck to ensure healthy workspace
• Lint passes

Notes

• Consider a follow-up to split Zod helpers into an opt‑in subpath if we want the core UI to be Zod-free at import-time.

---

💻 View my work • About Codegen
⛔ Remove Codegen from PR • 🚫 Ban action checks

Summary by CodeRabbit

• Chores
  • Bumped Components package version to 0.22.1.
  • Standardized validation library handling by making it a peer dependency for components and using it as a dev dependency internally.
  • Updated the docs app dependencies to ensure consistency with the new setup.
  • General dependency housekeeping to improve compatibility and maintainability.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[coderabbitai]

Walkthrough

Adds zod as a runtime dependency to apps/docs. In packages/components, bumps version to 0.22.1, moves zod from dependencies to devDependencies, and adds it to peerDependencies. No source code changes.

Changes

Cohort / File(s)	Summary of changes
Docs dependencies apps/docs/package.json	Added zod to dependencies with version ^3.24.1.
Components versioning and peer/dev deps packages/components/package.json	Bumped version 0.22.0 → 0.22.1. Moved zod from dependencies to devDependencies (^3.24.1) and added to peerDependencies (`^3.24.1

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A rabbit taps its tiny paws—hip-hop hooray!
Zod hops to docs, components tidy the way.
Peer deps aligned, versions nibble and climb,
Dev deps burrow, all neat and sublime.
Carrot-shaped semvers gleam—merge time! 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly and accurately summarizes the primary change—making Zod a peer dependency with support for ^3 and ^4—and concisely notes the added dev/docs deps and the patch bump; the "chore(forms):" scope makes the affected package obvious, so it communicates the main intent to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codegen-bot/move-zod-to-peer-9c2c3f

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📝 Storybook Preview: View Storybook

This preview will be updated automatically when you push new changes to this PR.

Note: The preview will be available after the workflow completes and the PR is approved for deployment.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/components/package.json (1)

39-45: Avoid duplicating peers in dependencies (risk of duplicate routers/contexts).

react-router, react-router-dom, and remix-hook-form are listed in both peerDependencies and dependencies (see Lines 75-77). This can install second copies and break hooks/context. Keep them as peers + devDeps only.

   "peerDependencies": {
     "react": "^19.0.0",
     "react-router": "^7.0.0",
     "react-router-dom": "^7.0.0",
     "remix-hook-form": "7.1.0",
     "zod": "^3.24.1 || ^4.0.0"
   },
   "dependencies": {
-    ...
-    "react-router": "^7.6.3",
-    "react-router-dom": "^7.6.3",
-    "remix-hook-form": "7.1.0",
+    ...
   },
   "devDependencies": {
+    "react-router": "^7.6.3",
+    "react-router-dom": "^7.6.3",
+    "remix-hook-form": "7.1.0",

🧹 Nitpick comments (2)

apps/docs/package.json (2)

24-26: Add Zod with a range matching the library’s peerDependency to dogfood v4 as well.

Keeps docs independent of hoisting—good. Consider aligning to the same semver union so Storybook can validate both majors.

-    "zod": "^3.24.1"
+    "zod": "^3.24.1 || ^4.0.0"

---

24-24: Move Storybook to devDependencies (app-only tool).

Smaller prod install; no runtime need.

-    "storybook": "^9.0.6",
+    // (remove from dependencies)

And under devDependencies:

+    "storybook": "^9.0.6",

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ab7dde3 and 46c983a.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• apps/docs/package.json (1 hunks)
• packages/components/package.json (4 hunks)

🧰 Additional context used

📓 Path-based instructions (5)

{package.json,packages/**/package.json,apps/**/package.json}

📄 CodeRabbit inference engine (.cursor/rules/monorepo-organization.mdc)

Use consistent versioning across packages

Files:

• apps/docs/package.json
• packages/components/package.json

apps/**/package.json

📄 CodeRabbit inference engine (.cursor/rules/monorepo-organization.mdc)

Use workspace version for internal dependencies in apps (e.g., "@lambdacurry/forms": "*")

Files:

• apps/docs/package.json

{packages/**/package.json,apps/**/package.json}

📄 CodeRabbit inference engine (.cursor/rules/monorepo-organization.mdc)

Define peerDependencies, dependencies, and devDependencies appropriately in package.json

Files:

• apps/docs/package.json
• packages/components/package.json

apps/docs/**

📄 CodeRabbit inference engine (.cursor/rules/storybook-testing.mdc)

apps/docs/**: Build Storybook static files before running Playwright tests locally.
Install Playwright browsers and system dependencies before running interaction tests.

Storybook docs, examples, and UI tests live in apps/docs

Files:

• apps/docs/package.json

packages/components/package.json

📄 CodeRabbit inference engine (.cursor/rules/versioning-with-npm.mdc)

Version bumps for @lambdacurry/forms update packages/components/package.json

Files:

• packages/components/package.json

🔇 Additional comments (4)

packages/components/package.json (4)

3-3: Patch bump looks right.

Matches the stated Cursor versioning rule.

---

97-99: Dev dependency for local typecheck is correct.

No action needed.

---

80-80: No behavioral change.

Nothing to do.

---

43-45: Confirm Zod v4 compatibility before advertising it — add CI matrix for v3/v4

Zod 4 is stable (announced July 8, 2025) and includes breaking changes to imports/versioning, error maps/error formats, some z.infer/type-inference edge cases, and transform/refine behavior — verify runtime behavior and TypeScript typings under v4.

• Action: add a CI matrix to test zod@^3.24.1 and zod@^4.0.0 and run type-check/build/tests. Example:

strategy:
  matrix:
    zod: ["^3.24.1", "^4.0.0"]
steps:
  - run: yarn add -D zod@${{ matrix.zod }}
  - run: yarn type-check && yarn build

Location: packages/components/package.json (lines 43–45) — current range "zod": "^3.24.1 || ^4.0.0" is semver-valid but requires the above verification.