Stabilize Node workspace manifests and restore monorepo validation flow#11
Stabilize Node workspace manifests and restore monorepo validation flow#11Pmaster-dev with Copilot wants to merge 7 commits into
Conversation
PR Summary by QodoStabilize npm workspaces and restore monorepo validation (Services/ casing)
AI Description
Diagram
High-Level Assessment
Files changed (28)
|
There was a problem hiding this comment.
Pull request overview
This PR restores the repository to a runnable npm-workspaces monorepo by resolving merge-conflict remnants and aligning tooling/scripts with the actual Services/ directory layout, while also addressing several TypeScript/runtime blockers across backend and AI services.
Changes:
- Repaired workspace setup and validation flow (root
package.jsonworkspaces/scripts, OpenAPI validator + SDK generator updated toServices/). - Cleaned up merge-conflict artifacts and normalized docs/tests/config formatting (tests, Jest config, workflow YAML, Husky hooks).
- Fixed ESM/TypeScript runtime issues (added
.jsimport extensions in backend TS, added Vite env types, corrected AI port handling).
Reviewed changes
Copilot reviewed 24 out of 29 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/README.md | Removes conflict remnants; keeps testing docs (needs Services/ path alignment in text). |
| tests/pinksync/pinksync.test.js | Removes conflict remnants from PinkSync tests. |
| tests/openapi.test.js | Updates OpenAPI test harness to use Services/ and broadens base URL validation. |
| tests/magicians/magicians.test.js | Removes conflict remnants from Magicians tests. |
| tests/fibonrose/fibonrose.test.js | Removes conflict remnants from Fibonrose tests. |
| tests/deafauth/deafauth.test.js | Removes conflict remnants from DeafAUTH tests. |
| tests/dao/dao.test.js | Removes conflict remnants from DAO tests. |
| Services/pinksync/package.json | Updates service dev dependencies (notably Vitest). |
| Services/fibonrose/package.json | Updates service dev dependencies (notably Vitest). |
| Services/deafauth/package.json | Cleans duplicated deps and updates dev dependencies (notably Vitest). |
| Services/accessibility-nodes/package.json | Updates service dev dependencies (notably Vitest). |
| scripts/validate-openapi.js | Aligns validator to Services/ and changes behavior for missing specs (now warns). |
| scripts/generate-sdk.js | Aligns SDK generator to Services/. |
| README.md | Large documentation consolidation; still contains broken paths/formatting typos (e.g., stray ===, services/ vs Services/). |
| package.json | Repaired root manifest/workspaces; restores validation scripts and lint flow. |
| jest.config.js | Removes conflict remnants; retains Jest settings. |
| frontend/src/vite-env.d.ts | Adds Vite client type reference to fix TS builds. |
| eslint.config.js | Adds minimal flat ESLint config to allow ESLint v9+ to run. |
| backend/src/webhooks/webhook.service.ts | Switches to ESM .js type imports; webhook signature verification logic is sensitive to malformed input. |
| backend/src/routes/webhook.routes.ts | Switches to ESM .js imports and adds route-param normalization helper. |
| backend/src/routes/incoming-webhook.routes.ts | Switches to ESM .js import for types. |
| backend/src/index.ts | Switches to ESM .js route imports. |
| backend/package.json | Updates backend dependency versions (notably bcrypt). |
| ai/src/index.ts | Fixes invalid port placeholder and removes invalid placeholder text logic (aslGloss). |
| ai/package.json | Updates AI dev dependencies (notably Vitest). |
| .husky/pre-push | Normalizes Husky hook file formatting. |
| .husky/pre-commit | Normalizes Husky hook file formatting. |
| .github/workflows/api-tests.yml | Normalizes workflow and updates upload-artifact action major version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - **Location**: `services/deafauth/` | ||
| - **Base URL**: `https://api.mbtq.dev/auth` auth.mbtq.dev | ||
| - **Documentation**: [DeafAUTH README](services/deafauth/README.md) | ||
| - **OpenAPI Spec**: [openapi.yaml](services/deafauth/openapi/openapi.yaml) | ||
|
|
||
| ### 2. **PinkSync - Accessibility Engine** | ||
| Real-time accessibility features and synchronization. | ||
|
|
||
| - **Location**: `services/pinksync/` | ||
| - **Base URL**: `https://api.mbtq.dev/sync`sync.mbtq.dev | ||
| - **Documentation**: [PinkSync README](services/pinksync/README.md) | ||
| - **OpenAPI Spec**: [openapi.yaml](services/pinksync/openapi/openapi.yaml) | ||
|
|
||
| ### 3. **Fibonrose - Trust & Blockchain** | ||
| Decentralized trust and verification layer. | ||
|
|
||
| - **Location**: `services/fibonrose/` | ||
| - **Base URL**: `https://api.mbtq.dev/trust` trust.mbtq.dev | ||
| - **Documentation**: [Fibonrose README](services/fibonrose/README.md) | ||
| - **OpenAPI Spec**: [openapi.yaml](services/fibonrose/openapi/openapi.yaml) |
| ### 4. **360Magicians - AI Agents** | ||
| Intelligent automation and assistance agents. | ||
| === | ||
| - **Location**: `services/magicians/` | ||
| - **Base URL**: `https://api.mbtq.dev/magicians` magicians.mbtq.dev | ||
| - **Documentation**: [360Magicians README](services/magicians/README.md) | ||
| - **OpenAPI Spec**: [openapi.yaml](services/magicians/openapi/openapi.yaml) | ||
|
|
||
| ### 5. **MBTQ DAO - Governance** | ||
| Decentralized governance and community management. | ||
|
|
||
| - **Location**: `services/dao/` | ||
| - **Base URL**: `https://api.mbtq.dev/dao` | ||
| - **Documentation**: [DAO README](services/dao/README.md) | ||
| - **OpenAPI Spec**: [openapi.yaml](services/dao/openapi/openapi.yaml) |
| verifySignature(payload: string, signature: string, secret: string): boolean { | ||
| const expectedSignature = this.generateSignature(payload, secret); | ||
| // Normalize signatures to ensure they're in the same format (hex) | ||
| const normalizedSignature = signature.toLowerCase().trim(); | ||
| const normalizedExpected = expectedSignature.toLowerCase().trim(); | ||
|
|
||
| // Ensure both signatures have the same length before comparison | ||
| if (normalizedSignature.length !== normalizedExpected.length) { | ||
| return false; | ||
| } | ||
|
|
||
| return crypto.timingSafeEqual( | ||
| Buffer.from(normalizedSignature, 'hex'), | ||
| Buffer.from(normalizedExpected, 'hex') | ||
| ); | ||
| } |
Code Review by Qodo
Context used✅ Cross-repo context Explored:
repo: Pmaster-dev/pinkflow (sha: 5c8214d8) 1. OpenAPI validator false-pass
|
| const tsParser = require('@typescript-eslint/parser'); | ||
|
|
||
| module.exports = [ | ||
| { | ||
| ignores: ['**/dist/**', '**/node_modules/**', '**/coverage/**'], | ||
| }, | ||
| { | ||
| files: ['**/*.{ts,tsx}'], | ||
| languageOptions: { | ||
| parser: tsParser, | ||
| parserOptions: { | ||
| ecmaVersion: 'latest', | ||
| sourceType: 'module', | ||
| ecmaFeatures: { | ||
| jsx: true, | ||
| }, | ||
| }, | ||
| }, | ||
| rules: {}, | ||
| }, | ||
| ]; |
There was a problem hiding this comment.
1. Root eslint deps missing 🐞 Bug ☼ Reliability
Repo-root linting (via lint-staged) runs eslint --fix, but the root package.json does not declare eslint or @typescript-eslint/parser even though eslint.config.js requires the parser. This makes hooks/linting depend on workspace hoisting and can fail on installs/layouts where those binaries/modules aren’t available at the root.
Agent Prompt
### Issue description
Repo-root ESLint is invoked by lint-staged (`eslint --fix`) and uses `eslint.config.js`, which `require`s `@typescript-eslint/parser`. However, the root `package.json` does not declare `eslint` nor `@typescript-eslint/parser`, so successful execution relies on workspace hoisting.
### Issue Context
- Husky pre-commit runs `npm run lint-staged`.
- lint-staged executes `eslint --fix` from the repo root.
- ESLint loads `eslint.config.js` which requires `@typescript-eslint/parser`.
### Fix Focus Areas
- package.json[50-62]
- eslint.config.js[1-21]
- .lintstagedrc.json[1-5]
### Suggested fix
- Add `eslint` and `@typescript-eslint/parser` to root `devDependencies` (optionally `@typescript-eslint/eslint-plugin` if you plan to enable TS rules at root).
- Alternatively (or additionally), change `.lintstagedrc.json` to run `npm run lint --workspaces --if-present` instead of `eslint --fix`, if you want linting to be workspace-scoped.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| const results = []; | ||
|
|
||
| for (const service of services) { | ||
| const specPath = path.join(SERVICES_DIR, service, 'openapi', 'openapi.yaml'); | ||
|
|
||
| if (fs.existsSync(specPath)) { | ||
| const result = await validateOpenAPISpec(service, specPath); | ||
| results.push(result); | ||
| } else { | ||
| console.log(`\n⚠️ ${service}: No OpenAPI spec found`); | ||
| } | ||
| } | ||
|
|
||
| // Summary | ||
| console.log('\n═══════════════════════════════════════════════════════════'); | ||
| const validCount = results.filter((r) => r.valid).length; | ||
| const totalEndpoints = results | ||
| .filter((r) => r.valid) | ||
| .reduce((sum, r) => sum + r.endpointCount, 0); | ||
|
|
||
| console.log(`\n📊 Summary:`); | ||
| console.log(` Services validated: ${results.length}`); | ||
| console.log(` Valid specifications: ${validCount}`); | ||
| console.log(` Total endpoints: ${totalEndpoints}`); | ||
|
|
||
| if (validCount === results.length) { | ||
| console.log('\n✅ All OpenAPI specifications are valid!'); | ||
| process.exit(0); | ||
| } else { | ||
| console.log('\n❌ Some specifications have errors'); | ||
| process.exit(1); | ||
| } |
There was a problem hiding this comment.
2. Openapi validator false-pass 🐞 Bug ≡ Correctness
scripts/validate-openapi.js only adds to results when a spec file exists, but the exit condition compares validCount to results.length. If no service has an openapi.yaml, results stays empty and the script exits 0, reporting success despite validating nothing.
Agent Prompt
### Issue description
The OpenAPI validation script can exit successfully without validating any specs when `results.length === 0` (e.g., when no `openapi/openapi.yaml` files exist under `Services/`).
### Issue Context
The script logs a warning for missing specs but does not record them in `results`, and the final success condition is `validCount === results.length`, which is true when both are 0.
### Fix Focus Areas
- scripts/validate-openapi.js[53-84]
### Suggested fix
- Track `missingCount` and/or use `services.length` in the final decision.
- At minimum, add a guard:
- If `results.length === 0`, print an error like `No OpenAPI specs found` and `process.exit(1)`.
- Optionally, update the summary to print both `services.length` (directories scanned) and `results.length` (specs validated) for clarity.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Pmaster-dev <8pinkycollie8@gmail.com>
|
#/#change alll base url to github page n prod vr4deaf.org .........mbtq.dev is github@mbtq-dev @copilot |
| const fs = require('fs'); | ||
| const path = require('path'); | ||
| const yaml = require('yaml'); | ||
| const SwaggerParser = require('@apidevtools/swagger-parser'); | ||
|
|
| // Count endpoints | ||
| const pathCount = Object.keys(api.paths || {}).length; | ||
| let endpointCount = 0; | ||
|
|
||
| for (const path in api.paths) { | ||
| const methods = api.paths[path]; | ||
| endpointCount += Object.keys(methods).filter((m) => | ||
| ['get', 'post', 'put', 'patch', 'delete'].includes(m) | ||
| ).length; | ||
| } |
| - **Location**: `Services/deafauth/` | ||
| - **Base URL**: `https://api.mbtq.dev/auth` auth.mbtq.dev | ||
| - **Documentation**: [DeafAUTH README](Services/deafauth/README.md) | ||
| - **OpenAPI Spec**: [openapi.yaml](Services/deafauth/openapi/openapi.yaml) |
|
|
||
| - **Location**: `Services/pinksync/` | ||
| - **Base URL**: `https://api.mbtq.dev/sync`sync.mbtq.dev | ||
| - **Documentation**: [PinkSync README](Services/pinksync/README.md) | ||
| - **OpenAPI Spec**: [openapi.yaml](Services/pinksync/openapi/openapi.yaml) |
| # TypeScript SDK | ||
| openapi-generator-cli generate \ | ||
| -i services/deafauth/openapi/openapi.yaml \ | ||
| -g typescript-axios \ | ||
| -o sdks/typescript/deafauth |
| This is a monorepo managed with npm workspaces containing: | ||
|
|
||
| - **frontend**: React-based accessible user interface | ||
| - **backend**: Express API server | ||
| - **services/deafauth**: DeafAUTH authentication service with MCP server support | ||
| - **services/pinksync**: Real-time synchronization service | ||
| - **services/fibonrose**: Mathematical optimization engine | ||
| - **services/accessibility-nodes**: Modular accessibility features | ||
| - **ai**: AI services for deaf-first workflows |
| app.post('/api/process/text', (req, res) => { | ||
| const { text, operation } = req.body; | ||
|
|
||
| let result = ''; | ||
| switch (operation) { | ||
| case 'summarize': | ||
| result = text.substring(0, 100) + '...'; | ||
| break; | ||
| case 'translate': | ||
| result = `[Translated] ${text}`; | ||
| break; | ||
| case 'simplify': | ||
| result = text.toLowerCase(); | ||
| break; |
|
|
||
| ## 🔐 Authentication | ||
|
|
||
| All MBTQ Universe services use DeafAUTH for authentication. Include the Bearer token in the Authorization header: |
| To run MCP servers individually: | ||
| ```bash | ||
| npm run mcp --workspace=services/deafauth | ||
| npm run mcp --workspace=services/pinksync | ||
| npm run mcp --workspace=services/fibonrose | ||
| npm run mcp --workspace=services/accessibility-nodes | ||
| npm run mcp --workspace=ai | ||
| ``` |
| // Export singleton instance | ||
| export const webhookService = new WebhookService(); | ||
| import crypto from 'crypto'; | ||
| import { WebhookConfig, WebhookEvent, WebhookDelivery } from '../types/webhook.types.js'; |
This change restores the repository to a runnable Node/npm workspace by removing merge-conflict remnants and fixing configuration/runtime blockers that were breaking install, build, and validation paths. It also aligns the repo layout and validation scripts with the actual
Services/directory structure.Workspace and manifest repair
package.jsonconflict and consolidated the intended workspace scriptsServices/*locationsConflict cleanup across repo tooling
Validation and toolchain compatibility
eslint.config.jsso current ESLint versions can run across workspacesfrontend/src/vite-env.d.tsso Vite CSS side-effect imports type-check and build correctlyTypeScript/runtime fixes
Example of the backend typing fix: