fix: add a missing dependency to language package

[ymc9]

Summary by CodeRabbit

• Chores
  • Updated Prisma version in the workspace catalog to 6.19.0.
  • Adjusted dependency placements: a helper package promoted from dev to runtime dependency; Prisma-related entry moved between dependency sections.
  • Minor manifest formatting cleanups for consistent package metadata.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Moves and reorganizes a few workspace package dependencies: shifts prisma from peerDependencies to devDependencies in the CLI package, adds @zenstackhq/common-helpers to the language package dependencies, and updates the Prisma version in the workspace catalog from ^6.10.0 to ^6.19.0.

Changes

Cohort / File(s)	Summary
CLI package changes packages/cli/package.json	Removes peerDependencies.prisma and adds devDependencies.prisma using the catalog syntax; minor formatting adjustments.
Language package changes packages/language/package.json	Moves @zenstackhq/common-helpers from devDependencies into dependencies (workspace:*).
Workspace catalog pnpm-workspace.yaml	Bumps Prisma catalog entry from ^6.10.0 to ^6.19.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Check that the Prisma version bump is compatible with any code/gen pipelines or schema expectations.
• Verify CLI package behavior where prisma was moved from peer to dev dependency (build/test/runtime implications).
• Ensure the @zenstackhq/common-helpers move to dependencies doesn't introduce bundling or circular dependency issues.

Poem

🐇 I nibble at package.json leaves so neat,

Prisma leaps upward on nimble feet.
Helpers hop in to join the crew,
Workspace stitched fresh, shiny and new. ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: moving @zenstackhq/common-helpers from devDependencies to dependencies in the language package.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/missing-deps

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a3ff263 and cbfc16d.

📒 Files selected for processing (1)

• packages/language/package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/language/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build-test (20.x, sqlite)
• GitHub Check: build-test (20.x, postgresql)
• GitHub Check: claude-review

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Add Missing Dependency to Language Package

Review Checklist:

• Analyze changed files to understand what dependency was added
• Review dependency appropriateness and compatibility
• Check for potential security concerns
• Assess impact on performance and bundle size
• Verify alignment with monorepo architecture
• Check if tests or documentation need updates
• Provide comprehensive review feedback

Review Findings

✅ Correctly Identified Issue
The PR correctly addresses a dependency misconfiguration. The @zenstackhq/common-helpers package was being imported and used in the language package's runtime code (src/validators/datamodel-validator.ts:1 and src/validators/attribute-application-validator.ts:1) but was only listed in devDependencies. This would cause runtime failures when the published package is used.

✅ Proper Solution
However, the fix was applied to the wrong location. The dependency should be moved from devDependencies to dependencies in packages/language/package.json, not added to the root package.json.

Issues Found

1. Wrong Location: The dependency was added to the root package.json instead of packages/language/package.json
2. Incomplete Fix: The dependency is still in devDependencies in the language package, which doesn't resolve the original issue

Expected Fix

The correct fix should:

1. Move "@zenstackhq/common-helpers": "workspace:*" from devDependencies to dependencies in packages/language/package.json
2. Remove the dependency from the root package.json (as it's not needed there)

Security & Performance Assessment

• Security: ✅ No concerns - workspace dependency to internal package
• Performance: ✅ Minimal impact - common-helpers is a lightweight utility package
• Architecture: ✅ Aligns with monorepo workspace pattern

Recommendation

❌ Changes Required: The fix needs to be applied to the correct package. The language package should have @zenstackhq/common-helpers as a runtime dependency since it's imported in source code.

---

[Copilot]

Pull Request Overview

This PR attempts to fix a missing dependency issue by adding @zenstackhq/common-helpers as a dependency. However, the dependency is being added to the root package.json instead of to the packages/language/package.json file where it's actually needed.

Key Changes:

• Added @zenstackhq/common-helpers as a workspace dependency in the root package.json
• Updated pnpm-lock.yaml to reflect the new dependency and its transitive dependencies

Reviewed Changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Adds @zenstackhq/common-helpers to root dependencies, but should be added to packages/language/package.json instead
pnpm-lock.yaml	Updates lockfile with new dependency resolution and snapshots for eslint-related packages

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1d4011b and bcff207.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Upload results
• GitHub Check: claude-review
• GitHub Check: build-test (20.x, sqlite)
• GitHub Check: build-test (20.x, postgresql)

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Missing Dependency Fix

Review Checklist:

• Analyze changed files to understand dependency changes
• Review dependency placement and monorepo best practices
• Check for potential security concerns
• Assess impact on performance and bundle size
• Verify alignment with ZenStack architecture
• Check if tests or documentation need updates
• Provide comprehensive review feedback

---

Review Summary

❌ Critical Issue - Wrong Dependency Placement

The fix addresses a real problem but applies it incorrectly:

Problem Correctly Identified

• @zenstackhq/common-helpers is imported in runtime source files:
  • packages/language/src/validators/datamodel-validator.ts:1
  • packages/language/src/validators/attribute-application-validator.ts:1
• But it's currently listed as a devDependency in packages/language/package.json:66
• This would cause runtime failures when the published package is used

Solution Applied Incorrectly

Current approach: Added dependency to root package.json:23
Correct approach: Move dependency from devDependencies to dependencies in packages/language/package.json

Issues Found

1. Violates Monorepo Best Practices

   • Root package.json dependencies should only be for build tools/scripts used across all packages
   • Runtime dependencies belong in individual package manifests
   • 6 other packages already correctly declare @zenstackhq/common-helpers in their individual package.json files

2. Incomplete Fix

   • The dependency remains in devDependencies in language package
   • Adding to root doesn't resolve the original runtime dependency issue
   • Could create version resolution conflicts

Security Assessment ✅

• No security concerns - workspace dependency to internal package
• No external dependencies introduced

Performance Assessment ✅

• Minimal impact - @zenstackhq/common-helpers is a lightweight utility package
• No bundle size concerns for internal workspace dependency

Architecture Alignment ✅

• The dependency itself aligns with ZenStack's modular architecture
• Just needs correct placement

Recommended Fix

# Root package.json - REMOVE
- "dependencies": {
-     "@zenstackhq/common-helpers": "workspace:*"
- },

# packages/language/package.json - MOVE FROM devDependencies TO dependencies
"dependencies": {
    "langium": "catalog:",
    "pluralize": "^8.0.0",
    "ts-pattern": "catalog:",
    "vscode-languageserver": "^9.0.1",
+   "@zenstackhq/common-helpers": "workspace:*"
},
"devDependencies": {
    "@types/pluralize": "^0.0.33",
    "@types/tmp": "catalog:",
-   "@zenstackhq/common-helpers": "workspace:*",
    ...
}

Verdict: ❌ Changes Required - Apply fix to correct package location

---

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Missing Dependency Fix ✅

Review Checklist:

• Analyze changed files to understand dependency changes
• Review dependency placement and monorepo best practices
• Check for potential security concerns
• Assess impact on performance and bundle size
• Verify alignment with ZenStack architecture
• Check if tests or documentation need updates
• Provide comprehensive review feedback

---

🔍 Review Summary

This PR correctly fixes a missing dependency issue in the @zenstackhq/language package, where @zenstackhq/common-helpers was incorrectly listed as a devDependency instead of a runtime dependency. The package is imported in production source files (packages/language/src/validators/datamodel-validator.ts:1 and packages/language/src/validators/attribute-application-validator.ts:1).

✅ What's Good

1. Correctly Identified Issue: The dependency was indeed missing from the runtime dependencies of the language package
2. Proper Resolution: Moving @zenstackhq/common-helpers from devDependencies to dependencies in packages/language/package.json is the correct fix
3. Clean Dependencies: Removed incorrect root-level dependency declaration that violated monorepo best practices
4. Prisma Update: Also includes a beneficial update from Prisma 6.14.0 to 6.19.0 and moves it from peer to regular dependency in CLI package

📋 Technical Analysis

File Changes:

• packages/language/package.json: ✅ Added @zenstackhq/common-helpers to dependencies
• packages/cli/package.json: ✅ Moved prisma from peerDependencies to dependencies
• package.json: ✅ Removed incorrect root-level dependency
• pnpm-workspace.yaml: ✅ Updated Prisma catalog version

Security Assessment: ✅ No Concerns

• All dependencies are workspace-internal packages or well-established libraries
• No introduction of external security risks

Performance Impact: ✅ Minimal

• @zenstackhq/common-helpers is a lightweight utility package with no external dependencies
• Bundle size impact negligible

Architecture Alignment: ✅ Excellent

• Follows monorepo workspace patterns correctly
• Dependencies declared at appropriate package levels
• Aligns with ZenStack's modular architecture

🎯 Recommendation

✅ APPROVE - This PR successfully resolves the missing dependency issue with proper monorepo practices. The changes are minimal, targeted, and follow best practices for pnpm workspace dependency management.

📝 Minor Notes

• The Prisma update from 6.14.0 to 6.19.0 is beneficial for bug fixes and improvements
• Moving Prisma from peer to regular dependency in CLI package simplifies installation
• All changes align with the repository's established patterns

---

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bcff207 and a3ff263.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• packages/cli/package.json (2 hunks)
• packages/language/package.json (1 hunks)
• pnpm-workspace.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-test (20.x, sqlite)
• GitHub Check: build-test (20.x, postgresql)

🔇 Additional comments (2)

packages/cli/package.json (1)

35-35: Clarify Prisma placement in both dependencies and devDependencies.

Prisma is now listed in both dependencies (line 35) and devDependencies (line 57). Typically, a package should be in one or the other depending on whether it's needed at runtime or only during development. Confirm that dual placement is intentional and necessary for the CLI package.

Also applies to: 57-57

pnpm-workspace.yaml (1)

8-8: No action required — Prisma v6.19.0 upgrade is safe.

This codebase uses ZenStack, which abstracts Prisma for migrations only. The breaking changes introduced between v6.10.0 and v6.19.0 (prisma.config.ts, runtime alias removal, generator config changes) do not apply here since there are no Prisma schema files, generator configurations, or runtime settings. The migration improvements and tooling enhancements are additions rather than breaking changes. ZenStack's CLI commands (prisma migrate dev, prisma migrate deploy, etc.) will continue to work as expected.

[claude]

Claude finished @ymc9's task —— View job

---

PR Review: Missing Dependency Fix ✅

Review Checklist:

• Analyze changed files to understand dependency changes
• Review dependency placement and monorepo best practices
• Check for potential security concerns
• Assess impact on performance and bundle size
• Verify alignment with ZenStack architecture
• Check if tests or documentation need updates
• Provide comprehensive review feedback

---

🔍 Review Summary

This PR correctly fixes a missing dependency issue in the @zenstackhq/language package, where @zenstackhq/common-helpers was incorrectly listed as a devDependency instead of a runtime dependency. The package is imported in production source files (packages/language/src/validators/datamodel-validator.ts:1 and packages/language/src/validators/attribute-application-validator.ts:1).

✅ What's Good

1. Correctly Identified Issue: The dependency was indeed missing from the runtime dependencies of the language package
2. Proper Resolution: Moving @zenstackhq/common-helpers from devDependencies to dependencies in packages/language/package.json is the correct fix
3. Clean Dependencies: Removed incorrect root-level dependency declaration that violated monorepo best practices
4. Prisma Update: Also includes a beneficial update from Prisma 6.14.0 to 6.19.0 and moves it from peer to regular dependency in CLI package

📋 Technical Analysis

File Changes:

• packages/language/package.json: ✅ Added @zenstackhq/common-helpers to dependencies
• packages/cli/package.json: ✅ Moved prisma from peerDependencies to dependencies
• package.json: ✅ Removed incorrect root-level dependency
• pnpm-workspace.yaml: ✅ Updated Prisma catalog version

Security Assessment: ✅ No Concerns

• All dependencies are workspace-internal packages or well-established libraries
• No introduction of external security risks

Performance Impact: ✅ Minimal

• @zenstackhq/common-helpers is a lightweight utility package with no external dependencies
• Bundle size impact negligible

Architecture Alignment: ✅ Excellent

• Follows monorepo workspace patterns correctly
• Dependencies declared at appropriate package levels
• Aligns with ZenStack's modular architecture

🎯 Recommendation

✅ APPROVE - This PR successfully resolves the missing dependency issue with proper monorepo practices. The changes are minimal, targeted, and follow best practices for pnpm workspace dependency management.

📝 Minor Notes

• The Prisma update from 6.14.0 to 6.19.0 is beneficial for bug fixes and improvements
• Moving Prisma from peer to regular dependency in CLI package simplifies installation
• All changes align with the repository's established patterns

---