[codex] fix onboarding updater sync recovery

[riderx]

Summary

• require the onboarding updater step to verify @capgo/capacitor-updater is declared in the selected package.json and resolvable from node_modules
• wait for manual ready confirmation and re-check when automatic updater install, manual install, build, or sync needs recovery
• verify updater readiness before onboarding cap sync, preserve iOS sync validation, and avoid marking the updater step complete just from selecting package.json
• add recovery tests for updater declaration/install state and update the TanStack Intent skill docs

Root Cause

The onboarding flow trusted getInstalledVersion(...), which can succeed from stale native project files or existing node_modules state without proving the selected package.json declares @capgo/capacitor-updater. Manual install paths also continued without waiting for the user to finish and without re-checking.

Validation

• bun run lint
• bun run build
• bun run test:mcp
• bun run test:bundle
• bun run test:onboarding-recovery

Summary by CodeRabbit

• New Features

  • Verifies the updater package during onboarding, blocks progress until readiness is confirmed, and supports automatic install + retry with a user “type ready” confirmation when needed
  • Ensures updater readiness before build/sync and retries installer flow on failure

• Documentation

  • Updated initialization guide to describe the new updater verification, remediation flow, and reordered iOS sync guidance

• Tests

  • Added tests for updater declaration vs. installed-state resolution and readiness scenarios

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e106ea5c-1a29-4c46-92d4-6eeae314456f

📥 Commits

Reviewing files that changed from the base of the PR and between 0cc78a6 and fe86925.

📒 Files selected for processing (4)

• skills/usage/SKILL.md
• src/init/command.ts
• src/init/updater.ts
• test/test-onboarding-recovery.mjs

✅ Files skipped from review due to trivial changes (1)

• src/init/updater.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• skills/usage/SKILL.md

---

📝 Walkthrough

Walkthrough

Onboarding now enforces and verifies an explicit @capgo/capacitor-updater prerequisite: it checks declaration in the selected package.json and resolvability in node_modules, supports auto-install/retry, and requires a user “type ready” confirmation before continuing build/sync when remediation is needed.

Changes

Cohort / File(s)	Summary
Docs skills/usage/SKILL.md	Documented the new updater verification gate, auto-install/retry behavior, and manual remediation flow with the user typing ready.
Init logic src/init/command.ts	Refactored onboarding flow: selection/persistence of package.json, added waitForReadyConfirmation/delegates, integrated updater readiness into encryption and build/sync loops, centralized installer/version selection and blocking install flow with retry and “type ready” prompt.
Updater helper src/init/updater.ts	New module exporting CAPGO_UPDATER_PACKAGE, UpdaterInstallState, and getUpdaterInstallState(packageJsonPath) returning declared vs installed versions, readiness boolean, and diagnostic details.
Tests test/test-onboarding-recovery.mjs	Added temp-project scaffolding and three assertions for updater state: missing declaration, missing installation, and both present (validates declared/installed versions and ready=true).

Sequence Diagram

sequenceDiagram
    participant User
    participant Init as Init Workflow
    participant State as Updater State Checker
    participant PkgMgr as Package Manager
    participant BuildSync as Build/Sync

    User->>Init: start onboarding
    Init->>Init: select & remember package.json
    Init->>State: getUpdaterInstallState(packageJsonPath)
    alt updater ready
        State->>Init: ready
        Init->>BuildSync: run build/sync
    else updater not ready
        State->>Init: details (missing declaration / not resolvable)
        Init->>User: show remediation command(s)
        User->>PkgMgr: run install or fix files
        User->>Init: type "ready"
        Init->>State: re-check updater state
        alt ready after fix
            State->>Init: ready
            Init->>BuildSync: run build/sync
        else still not ready
            Init->>User: prompt manual fix or additional retry
        end
    end

Loading

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• [codex] Improve onboarding recovery flows #586: Overlapping changes to init/onboarding recovery and interactive retry logic touching src/init/command.ts.

Poem

🐰 I hopped through package trees and logs,

I peeked for updater files in nested groves,
I nudged a user to type "ready" with tiny paws,
Then watched installs settle and builds find cause,
Hooray — onboarding hops onward with cheer and carrots! 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title '[codex] fix onboarding updater sync recovery' directly addresses the main change: fixing the onboarding updater sync recovery by adding explicit updater prerequisite verification and manual confirmation workflows.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/onboarding-updater-sync-guard

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/init/command.ts (1)

1604-1696: Split getAssistedDependencies into smaller path-selection helpers.

This function now mixes auto-detection, native picker fallback, tree navigation, manual entry, validation, and state mutation in one body, which makes the onboarding recovery path hard to change safely. Extracting the picker/tree/manual branches behind a resolvePackageJsonPath()-style helper would bring the complexity back under control. As per coding guidelines, "Prefer small reusable helpers for parsing and normalization logic instead of repeating ad hoc parsing inside command bodies."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/init/command.ts` around lines 1604 - 1696, getAssistedDependencies is too
large and mixes auto-detection, native file picker, tree selector, and manual
entry plus validation and state mutation; extract the interactive selection
logic into a new helper (e.g., resolvePackageJsonPath) and keep
getAssistedDependencies focused on orchestration. Specifically, create
resolvePackageJsonPath() that encapsulates the branches that call
canUseFilePicker(), openPackageJsonPicker(), the tree selector loop using
pSelect(), and the manual pText() path (including their validation and pIsCancel
handling), return a normalized selected path or null, and update
getAssistedDependencies to call resolvePackageJsonPath(), call
rememberPackageJsonPath(selectedPath) where appropriate, and then reuse
getAllPackagesDependencies(undefined, selectedPath) — keep existing helper names
(rememberPackageJsonPath, openPackageJsonPicker, pConfirm, pSelect, pText,
canUseFilePicker, getAllPackagesDependencies) so callers remain identifiable.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/init/command.ts`:
- Around line 2521-2537: After waitForReadyConfirmation returns, do not proceed
to mark the step completed; instead force the outer loop to re-run the
build/sync by returning 'retry'. Concretely, change the branch after
waitForReadyConfirmation (where buildAndSyncCommand is referenced) so it returns
'retry' immediately rather than calling validateIosUpdaterSync,
handleBrokenIosSync, or promoteEncryptionSummaryToEnabled; keep
validateIosUpdaterSync, handleBrokenIosSync, promoteEncryptionSummaryToEnabled,
platform, pm.runner, cwd(), and globalPathToPackageJson available for the
subsequent retry flow.

---

Nitpick comments:
In `@src/init/command.ts`:
- Around line 1604-1696: getAssistedDependencies is too large and mixes
auto-detection, native file picker, tree selector, and manual entry plus
validation and state mutation; extract the interactive selection logic into a
new helper (e.g., resolvePackageJsonPath) and keep getAssistedDependencies
focused on orchestration. Specifically, create resolvePackageJsonPath() that
encapsulates the branches that call canUseFilePicker(), openPackageJsonPicker(),
the tree selector loop using pSelect(), and the manual pText() path (including
their validation and pIsCancel handling), return a normalized selected path or
null, and update getAssistedDependencies to call resolvePackageJsonPath(), call
rememberPackageJsonPath(selectedPath) where appropriate, and then reuse
getAllPackagesDependencies(undefined, selectedPath) — keep existing helper names
(rememberPackageJsonPath, openPackageJsonPicker, pConfirm, pSelect, pText,
canUseFilePicker, getAllPackagesDependencies) so callers remain identifiable.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 22c9d84b-3c9a-4ef4-9e03-2bd067139d80

📥 Commits

Reviewing files that changed from the base of the PR and between d73aa0c and 5da5414.

📒 Files selected for processing (4)

• skills/usage/SKILL.md
• src/init/command.ts
• src/init/updater.ts
• test/test-onboarding-recovery.mjs

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5da5414883

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/init/command.ts`:
- Line 1761: The inline regex in the destructuring assignment "const [command,
...args] = pm.installCommand.split(/\s+/).filter(Boolean)" should be hoisted to
module scope to satisfy the e18e/prefer-static-regex lint rule; add a top-level
constant (e.g. SPLIT_WHITESPACE_REGEX = /\s+/) and replace the inline /\s+/ with
that constant when calling pm.installCommand.split(...), leaving the rest of the
expression intact.
- Around line 1684-1701: The current getAssistedDependencies always calls
rememberPackageJsonPath(root) and returns dependencies for root, which
overwrites a valid globalPathToPackageJson and reverts to the repo root; change
the flow so if packageJsonPath (computed from globalPathToPackageJson ?? root)
points to a valid nested app (i.e. globalPathToPackageJson is set and produced
non-empty/adequate dependencies), call rememberPackageJsonPath(packageJsonPath)
and return dependencies for packageJsonPath instead of always using root; ensure
uses of getAllPackagesDependencies, packageJsonPath, root,
globalPathToPackageJson, rememberPackageJsonPath, and resolvePackageJsonPath are
updated accordingly so the previously selected package.json is preserved.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 69079b94-da50-46a1-a4b3-31363654abe8

📥 Commits

Reviewing files that changed from the base of the PR and between 5da5414 and b8efbe8.

📒 Files selected for processing (4)

• skills/usage/SKILL.md
• src/init/command.ts
• src/init/updater.ts
• test/test-onboarding-recovery.mjs

🚧 Files skipped from review as they are similar to previous changes (1)

• skills/usage/SKILL.md

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b8efbe82d2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

🧹 Nitpick comments (1)

src/init/updater.ts (1)

44-46: Use Object.hasOwn() instead of hasOwnProperty.

The static analysis correctly identifies that the modern Object.hasOwn() should be preferred over Object.prototype.hasOwnProperty.call().

Suggested fix

-    if (!dependencies || !Object.prototype.hasOwnProperty.call(dependencies, packageName))
+    if (!dependencies || !Object.hasOwn(dependencies, packageName))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/init/updater.ts` around lines 44 - 46, Replace the legacy hasOwnProperty
pattern with Object.hasOwn: in src/init/updater.ts where you check dependencies
and packageName (variables packageJson, section, dependencies, packageName),
change the guard that currently uses
Object.prototype.hasOwnProperty.call(dependencies, packageName) to use
Object.hasOwn(dependencies, packageName) so the condition becomes a check for
missing dependencies or missing package via Object.hasOwn and then continue.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/init/updater.ts`:
- Around line 44-46: Replace the legacy hasOwnProperty pattern with
Object.hasOwn: in src/init/updater.ts where you check dependencies and
packageName (variables packageJson, section, dependencies, packageName), change
the guard that currently uses Object.prototype.hasOwnProperty.call(dependencies,
packageName) to use Object.hasOwn(dependencies, packageName) so the condition
becomes a check for missing dependencies or missing package via Object.hasOwn
and then continue.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 984368f3-adb2-4b63-9739-1b2da6f5fb4a

📥 Commits

Reviewing files that changed from the base of the PR and between b8efbe8 and 0cc78a6.

📒 Files selected for processing (4)

• skills/usage/SKILL.md
• src/init/command.ts
• src/init/updater.ts
• test/test-onboarding-recovery.mjs

🚧 Files skipped from review as they are similar to previous changes (1)

• skills/usage/SKILL.md

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud