Update packages & Next version

[hpware]

Summary by CodeRabbit

• Bug Fixes

  • Enhanced S3 storage configuration validation with clearer error handling and improved status responses.

• Documentation

  • Documented known issues affecting admin toggles and the edit system.
  • Updated technology stack information including Next.js 16 and Sonnar.

• Chores

  • Upgraded dependencies across packages for improved stability and compatibility.

[dokploy-hpwartwweb2]

Dokploy Preview Deployment

Name	Status	Preview	Updated (UTC)
app	✅ Done	Preview URL	2025-11-13T03:54:50.053Z

[coderabbitai]

Warning

Rate limit exceeded

@hpware has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 17 minutes and 2 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 365f4bc and 59b9c77.

📒 Files selected for processing (1)

• apps/web/src/app/api/modify/posts/route.ts (1 hunks)

Walkthrough

This PR updates dependencies across the monorepo—notably Next.js from 15.5.4 to 16.0.2, AWS S3 SDK, better-auth, and drizzle-orm—and refactors S3 configuration validation from eager (import-time) to lazy (usage-time). TypeScript JSX configuration changes from "preserve" to "react-jsx", API routes gain S3 availability checks, and documentation is updated with Next.js 16 and known issues.

Changes

Cohort / File(s)	Summary
Dependency version bumps apps/web/package.json, package.json, packages/auth/package.json, packages/db/package.json	Updated multiple dependencies: Next.js 15.5.4 → 16.0.2, AWS S3 SDK 3.913.0 → 3.930.0, better-auth 1.3.28 → 1.3.34, drizzle-orm 0.44.6 → 0.44.7, Radix UI, TanStack packages, and TypeScript tooling. Replaces catalog: placeholders with explicit semver ranges.
TypeScript & JSX configuration apps/web/tsconfig.json	Changed JSX runtime from "preserve" to "react-jsx"; added include paths .next/dev/types/**/*.ts and .next/types/**/*.ts.
S3 lazy initialization & validation apps/web/src/lib/s3.ts	Introduced isS3Configured(), getS3Client(), and s3Config.isConfigured getter for lazy S3 validation at usage time. Wrapped s3Client as Proxy, enhanced generateFileName validation (type checks, sanitization, length), and updated getSignedUploadUrl to validate config and use getS3Client().
S3 availability checks in API routes apps/web/src/app/api/data/files/[...slug]/route.ts, apps/web/src/app/api/data/publish/file/route.ts	Added S3 configuration pre-checks; return 503 status when S3 is misconfigured instead of proceeding or returning 500. Updated error messages to reflect S3 storage unavailability.
Documentation README.md	Updated Next.js reference to version 16, added "Sonnar" to tech stack, introduced "Currently known issues" section documenting admin toggle and edit system issues.

Sequence Diagram

sequenceDiagram
    participant APIRoute as API Route
    participant S3Lib as s3.ts
    participant S3Client as AWS S3

    rect rgb(230, 245, 250)
    Note over APIRoute,S3Lib: Old Flow (Eager Validation)
    APIRoute->>S3Lib: import s3Client
    S3Lib->>S3Lib: Validate config at import time
    Note over S3Lib: Fails on startup if S3 misconfigured
    end

    rect rgb(245, 235, 250)
    Note over APIRoute,S3Lib: New Flow (Lazy Validation)
    APIRoute->>APIRoute: Check s3Config.isConfigured
    alt S3 Configured
        APIRoute->>S3Lib: getSignedUploadUrl(key)
        S3Lib->>S3Lib: Validate config at call time
        S3Lib->>S3Lib: getS3Client() - lazy init
        S3Lib->>S3Client: Initialize AWS S3
        S3Client-->>S3Lib: S3Client ready
        S3Lib-->>APIRoute: Signed URL
    else S3 Not Configured
        APIRoute->>APIRoute: Return 503 error
        Note over APIRoute: S3 storage unavailable
    end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–25 minutes

• Dependency updates are homogeneous and repetitive across multiple package.json files (low individual complexity)
• S3 refactoring introduces new lazy initialization patterns, Proxy wrapping, and runtime validation logic that requires careful verification of edge cases and error handling
• API route changes follow a consistent pattern but depend on understanding the new S3 configuration API
• TypeScript configuration changes are straightforward; README updates are trivial

Areas requiring extra attention:

• Verify that lazy S3Client initialization in s3.ts handles all error paths and maintains backward compatibility with existing callers
• Ensure Proxy wrapping of s3Client correctly delegates all AWS SDK methods without breaking existing behavior
• Validate that API routes properly check s3Config.isConfigured before any S3 operations
• Confirm that the new generateFileName validation doesn't reject legitimately named files
• Review Next.js 16 upgrade implications and JSX runtime change compatibility with existing code

Poem

🐰 Dependencies dance to their newest song,
While S3 waits—no longer so long!
Lazy paths bloom where configs now hide,
From eager to deferred, we stride with pride.
Next.js sixteen hops into the fray,
Better, faster, hoppy hooray! 🎉

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes in the PR: dependency version bumps across multiple packages and a significant Next.js version upgrade from 15.5.4 to ^16.0.2.
Docstring Coverage	✅ Passed	Docstring coverage is 83.33% which is sufficient. The required threshold is 80.00%.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb5456e and 61d78c8.

📒 Files selected for processing (1)

• apps/web/src/app/item/[slug]/page.tsx (1 hunks)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

apps/web/src/app/api/data/publish/file/route.ts (1)

83-83: Consider using s3Config.bucket for consistency.

While using process.env.S3_BUCKET_NAME! directly is safe after the configuration check, consider using s3.s3Config.bucket instead to maintain consistency with the centralized configuration pattern introduced in this PR.

-        Bucket: process.env.S3_BUCKET_NAME!,
+        Bucket: s3.s3Config.bucket,

apps/web/src/lib/s3.ts (2)

62-68: Proxy pattern provides backward compatibility but could be clearer.

The Proxy-based export maintains backward compatibility for code that directly uses s3Client. The method binding on line 66 correctly preserves the this context. Consider adding a comment explaining that this Proxy is specifically for backward compatibility, as the pattern might not be immediately obvious to future maintainers.

-// Export for backward compatibility, but will throw if S3 is not configured
+// Export s3Client as a Proxy for backward compatibility with existing code.
+// The Proxy delegates all operations to getS3Client(), which validates
+// configuration and performs lazy initialization on first access.
 export const s3Client = new Proxy({} as S3Client, {

---

117-117: Consider using s3Config.bucket for consistency.

Similar to the suggestion in the route file, using s3Config.bucket here would be more consistent with the centralized configuration approach.

-    Bucket: process.env.S3_BUCKET_NAME!,
+    Bucket: s3Config.bucket,

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 61d78c8 and 79f51ea.

📒 Files selected for processing (3)

• apps/web/src/app/api/data/files/[...slug]/route.ts (1 hunks)
• apps/web/src/app/api/data/publish/file/route.ts (1 hunks)
• apps/web/src/lib/s3.ts (3 hunks)

🔇 Additional comments (5)

apps/web/src/app/api/data/publish/file/route.ts (1)

62-75: Good refactoring to centralized configuration check.

The change from direct environment variable checking to using s3.s3Config.isConfigured improves maintainability by centralizing S3 configuration logic. The HTTP status code change from 500 to 503 is more semantically appropriate, as it indicates service unavailability rather than an internal server error.

apps/web/src/lib/s3.ts (3)

5-12: LGTM - Clean configuration check.

The isS3Configured() helper provides a clear, reusable way to verify S3 configuration across the codebase.

---

31-59: Excellent lazy initialization pattern.

The lazy initialization of the S3 client is well-implemented:

• Prevents application startup failures when S3 is not configured
• Validates configuration only when S3 is actually used
• Includes retry configuration (maxAttempts) for resilience
• Supports non-AWS S3 providers via forcePathStyle

---

70-87: Well-designed configuration object with getters.

The s3Config object with dynamic getters provides a clean API for accessing S3 configuration. The bucket getter correctly validates configuration before returning the value, maintaining consistency with the client getter.

apps/web/src/app/api/data/files/[...slug]/route.ts (1)

13-22: Consistent S3 configuration guard implementation.

The early configuration check prevents unnecessary processing and returns an appropriate 503 status when S3 is not configured. This change is consistent with the refactoring in the file upload route.

[hpware]

@coderabbitai generate docstrings

[coderabbitai]

✅ Actions performed

Initiated docstring generation; will generate only if new commits exist.

[coderabbitai]

Note

Docstrings generation - SUCCESS
Generated docstrings for this pull request at #8

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/web/src/lib/s3.ts (1)

86-103: Consider converting region and endpoint to getters for consistency.

The client, bucket, and isConfigured properties use getters for lazy evaluation, but region (line 98) and endpoint (line 99) read from process.env at module load time. Converting them to getters would make the entire configuration consistently lazy.

Apply this diff for consistency:

 export const s3Config = {
   get client() {
     return getS3Client();
   },
   get bucket() {
     if (!isS3Configured()) {
       throw new Error(
         "S3 is not configured. Please set S3_BUCKET_NAME environment variable.",
       );
     }
     return process.env.S3_BUCKET_NAME!;
   },
-  region: process.env.S3_REGION || "us-east-1",
-  endpoint: process.env.S3_ENDPOINT,
+  get region() {
+    return process.env.S3_REGION || "us-east-1";
+  },
+  get endpoint() {
+    return process.env.S3_ENDPOINT;
+  },
   get isConfigured() {
     return isS3Configured();
   },
 };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 79f51ea and 365f4bc.

📒 Files selected for processing (2)

• README.md (1 hunks)
• apps/web/src/lib/s3.ts (3 hunks)

✅ Files skipped from review due to trivial changes (1)

• README.md

🔇 Additional comments (4)

apps/web/src/lib/s3.ts (4)

5-16: LGTM! Clean configuration check.

The boolean helper correctly identifies S3 availability and enables the lazy initialization pattern throughout the file.

---

41-75: Excellent lazy initialization with enhanced configuration.

The singleton pattern is correctly implemented, and the addition of retry configuration (maxAttempts: 3) and forcePathStyle support improves resilience and compatibility with various S3-compatible providers.

---

77-84: Clever Proxy pattern for backward compatibility.

The Proxy wrapper maintains type safety for consumers while delegating to the lazy-initialized client. The dynamic property access (as any) is necessary for the pattern and acceptable given the type guarantee at the Proxy level.

---

126-146: LGTM! Proper validation and lazy client usage.

The function now validates S3 configuration upfront and uses the lazy-initialized client, aligning perfectly with the refactored architecture.