Release: v1.0.0

[warengonzaga]

Summary by CodeRabbit

• Chores
  • Migrated tooling from Yarn to pnpm across the repo, including lockfiles, enforcement, and .gitignore updates.
  • Updated CI workflow to use pnpm for install, type-check, and build.
  • Switched Docker build to pnpm with optimized caching via PNPM store.
• Documentation
  • Updated README and CONTRIBUTING to use pnpm commands and setup guidance.
• Refactor
  • Strengthened type safety for the Redis client.

[Copilot]

Pull Request Overview

This PR prepares the repository for the v1.0.0 release by standardizing on pnpm, aligning build and CI tooling, and tightening TypeScript typings for Redis.

• Switch package manager from Yarn to pnpm across code, docs, CI, and Docker.
• Add explicit Redis client typing and minor config adjustments.
• Update Dockerfile and GitHub Actions to use pnpm for deterministic installs and builds.

Reviewed Changes

Copilot reviewed 8 out of 11 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/config/redis.ts	Adds RedisClientType and annotates the Redis client for stronger typing.
package.json	Replaces Yarn engine and scripts with pnpm equivalents; pins packageManager to [email protected].
README.md	Updates Quick Start and build commands from Yarn to pnpm (documentation).
Dockerfile	Enables pnpm via corepack and updates install/build steps to pnpm with cache mounts.
CONTRIBUTING.md	Replaces Yarn usage with pnpm in contributor workflow (documentation).
.yarnrc	Removes Yarn configuration as part of migration.
.npmrc	Adds pnpm configuration for hoisting and peer dependency behavior.
.github/workflows/validate.yml	Updates CI to set up pnpm, cache with pnpm, and run pnpm commands.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

[nitpick] Importing a type as a value can lead to unnecessary runtime imports. Prefer using a type-only import to ensure the identifier is erased at compile time: split into import { createClient } from 'redis'; and import type { RedisClientType } from 'redis';.

Suggested change

	import { createClient, RedisClientType } from 'redis';
	import { createClient } from 'redis';
	import type { RedisClientType } from 'redis';

[Copilot]

Using pnpm@latest makes builds non-deterministic. Pin pnpm to the same version declared in package.json (packageManager: \"[email protected]\") for reproducible builds, e.g., corepack prepare [email protected] --activate.

Suggested change

	corepack prepare pnpm@latest --activate
	corepack prepare pnpm@9.15.4 --activate

[Copilot]

The comment contradicts the configuration: strict-peer-dependencies=false disables strict peer dependency enforcement. Update the comment or set strict-peer-dependencies=true to match the stated intent.

Suggested change

	strict-peer-dependencies=false
	strict-peer-dependencies=true

[Copilot]

For supply-chain security, pin actions to a full commit SHA instead of a floating tag. Replace @v4 with the corresponding immutable SHA from the action's releases.

Suggested change

	uses: actions/checkout@v4
	- name: Setup pnpm
	uses: pnpm/action-setup@v4
	with:
	version: 9.15.4
	- name: Setup Node.js
	uses: actions/setup-node@v4
	uses: actions/checkout@v4.1.6 # 4.1.6 is the latest v4 release as of June 2024
	- name: Setup pnpm
	uses: pnpm/action-setup@v4.0.0 # 4.0.0 is the latest v4 release as of June 2024
	with:
	version: 9.15.4
	- name: Setup Node.js
	uses: actions/setup-node@v4.0.2 # 4.0.2 is the latest v4 release as of June 2024

[coderabbitai]

📝 Walkthrough

Walkthrough

Sir/Ma’am, this change replaces Yarn with pnpm across CI, Docker, repository configs, and documentation, adds a .npmrc, removes .yarnrc, updates package.json enforcement, adjusts .gitignore, and introduces an explicit Redis client type in src/config/redis.ts.

Changes

Cohort / File(s)	Summary of changes
CI workflow .github/workflows/validate.yml	Added pnpm setup action; replaced Yarn cache/install/type-check/build steps with pnpm equivalents.
Package manager config & enforcement package.json, .npmrc, .yarnrc, .gitignore	Switched engines/preinstall/packageManager to pnpm; added pnpm-oriented .npmrc; removed Yarn settings; ignored yarn.lock alongside package-lock.json.
Docker build pipeline Dockerfile	Enabled Corepack and pnpm; replaced Yarn installs/build with pnpm; adjusted mounts/caches to pnpm store and pnpm-lock.yaml; included .npmrc.
Documentation README.md, CONTRIBUTING.md	Updated setup and commands from Yarn to pnpm across install, dev, build, type-check, clean, and start.
Runtime typing src/config/redis.ts	Imported RedisClientType and explicitly typed the exported client as RedisClientType; no logic changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• 🚀 release: v1.0.0-beta.2 #4 — Similar migration of CI workflow and Dockerfile from Yarn to pnpm.

Suggested labels

maintainers only, release

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title “Release: v1.0.0” only signals a version bump but the PR diff is focused on migrating from Yarn to pnpm (and no explicit version change is shown), making the title misleading and too generic to convey the primary work.	Please revise the title to succinctly describe the core change—such as “Migrate project from Yarn to pnpm and prepare v1.0.0 release”—and ensure the version bump itself is included in the diff if a release is intended.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit's high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.npmrc (1)

4-10: A word of caution regarding the hoisting configuration, Sir.

The combination of shamefully-hoist=true and auto-install-peers=true provides maximum convenience but sacrifices dependency isolation guarantees. Whilst this resolves TypeScript type inference issues with nested @redis packages (as noted in your comments), it may mask dependency version conflicts and create phantom dependency access patterns.

For production environments, Sir, you might consider the more disciplined approach:

-shamefully-hoist=true
+shamefully-hoist=false

 # Public hoist pattern - hoist @redis packages to resolve TypeScript type issues
 public-hoist-pattern[]=@redis/*

-# Auto-install peers to prevent missing peer dependency warnings
-auto-install-peers=true
+# Manual peer dependency management for better control
+auto-install-peers=false

-# Use strict peer dependencies to maintain dependency integrity
-strict-peer-dependencies=false
+# Enable strict peer dependencies for dependency integrity
+strict-peer-dependencies=true

However, if the current configuration serves your development velocity without issues, the existing settings remain perfectly serviceable for this project's scale.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7ca114d and 9a52c61.

⛔ Files ignored due to path filters (2)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (9)

• .github/workflows/validate.yml (1 hunks)
• .gitignore (1 hunks)
• .npmrc (1 hunks)
• .yarnrc (0 hunks)
• CONTRIBUTING.md (5 hunks)
• Dockerfile (3 hunks)
• README.md (3 hunks)
• package.json (2 hunks)
• src/config/redis.ts (2 hunks)

💤 Files with no reviewable changes (1)

• .yarnrc

🔇 Additional comments (5)

.gitignore (1)

135-137: Sir, the lockfile exclusion strategy appears sound.

The updated comment and ignore patterns correctly enforce pnpm as the sole package manager while ensuring pnpm-lock.yaml remains tracked for reproducible builds. The existing yarn.lock and package-lock.json entries are now properly documented as blocked artifacts.

src/config/redis.ts (1)

1-1: Excellent work on the type safety enhancement, Sir.

The explicit RedisClientType annotation aligns perfectly with the redis library's v4.x TypeScript-first design. This provides superior IDE integration and compile-time guarantees without altering runtime behaviour.

Based on learnings: The redis library documentation explicitly recommends using these exported TypeScript types (RedisClientType, RedisClusterType) for stronger typing in v4.x applications.

Also applies to: 40-40

.github/workflows/validate.yml (1)

16-19: The CI pipeline has been flawlessly reconfigured, Sir.

The GitHub Actions workflow now employs pnpm 9.15.4 via the official pnpm/action-setup@v4 action, with cache configuration and installation flags correctly adapted. The version matches the packageManager specification in package.json, ensuring consistency between local development and continuous integration environments.

Also applies to: 25-25, 28-28, 31-31, 34-34

CONTRIBUTING.md (1)

29-31: The contributor documentation has been comprehensively updated, Sir.

All development workflows, commands, and enforcement messaging now accurately reflect the pnpm-based development environment. The preinstall script warning and development guidelines correctly communicate the package manager requirements to potential contributors.

Also applies to: 55-76, 106-106, 125-127

Dockerfile (1)

53-56: The Docker build stages are otherwise expertly configured, Sir.

The migration from Yarn to pnpm across all build stages maintains proper layer caching through bind mounts, correctly references pnpm-lock.yaml and .npmrc, and utilizes the appropriate pnpm store cache path. The --frozen-lockfile flag ensures reproducible builds, and the multi-stage structure remains optimal for minimal production image size.

Once the version pinning concern is addressed, this Dockerfile will provide rock-solid containerized builds.

Also applies to: 66-69, 73-73

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Sir, I've detected a rather amusing contradiction in the documentation.

The comment states "Use strict peer dependencies to maintain dependency integrity" whilst the setting is strict-peer-dependencies=false, which does quite the opposite. This setting actually disables strict peer dependency checking, permitting version mismatches that auto-install-peers might introduce.

May I suggest a more accurate comment, Sir?

-# Use strict peer dependencies to maintain dependency integrity
+# Disable strict peer dependencies to allow auto-install-peers flexibility
 strict-peer-dependencies=false

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	strict-peer-dependencies=false
	# Disable strict peer dependencies to allow auto-install-peers flexibility
	strict-peer-dependencies=false

🤖 Prompt for AI Agents

.npmrc around line 13: the inline comment claims "Use strict peer dependencies
to maintain dependency integrity" but the config sets
strict-peer-dependencies=false, which contradicts that statement; either flip
the value to true to enable strict peer dependency checks or update the comment
to accurately state that strict peer dependency checking is disabled (e.g.,
"Disable strict peer dependency checking to allow auto-install-peers to resolve
mismatches"); make the file consistent by choosing one of those two options and
applying the matching value and comment.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Sir, I must bring a critical inconsistency to your attention.

The Dockerfile installs pnpm@latest via Corepack, whilst package.json specifies [email protected]. This version drift will cause subtle build inconsistencies between local development and containerized deployments, potentially invalidating Railway cache mounts and introducing hard-to-diagnose dependency resolution differences.

I strongly recommend pinning to the same version specified in package.json:

 # Enable and install pnpm via corepack
 RUN corepack enable && \
-    corepack prepare pnpm@latest --activate
+    corepack prepare [email protected] --activate

This ensures perfect parity across all development and deployment environments, Sir.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Enable and install pnpm via corepack
	RUN corepack enable && \
	corepack prepare pnpm@latest --activate
	# Enable and install pnpm via corepack
	RUN corepack enable && \
	corepack prepare pnpm@9.15.4 --activate

🤖 Prompt for AI Agents

In Dockerfile around lines 37 to 39, the Dockerfile uses corepack to prepare
pnpm@latest which conflicts with package.json pin of [email protected]; change the
corepack prepare command to explicitly pin the same version ([email protected]) so
container builds match local development, e.g. use corepack prepare [email protected]
--activate, and add a short comment noting this must be kept in sync with
package.json (or read the version from package.json during Docker build if you
prefer a single source of truth).

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

The package manager configuration appears properly structured, Sir.

The migration from Yarn 1.22.22 to pnpm 9.15.4 is consistently applied across engines requirements, preinstall enforcement, and packageManager field. The version constraint >=8.0.0 provides reasonable forward compatibility whilst the pinned 9.15.4 ensures reproducible environments.

However, Sir, I've noticed the Dockerfile references pnpm@latest rather than the pinned 9.15.4 version. This could introduce build inconsistencies between local development and containerized deployments. Shall we verify version alignment across all installation points?

Also applies to: 27-27, 52-52

---

🏁 Script executed:

#!/bin/bash
# Description: Verify pnpm version consistency across project files

echo "=== Checking pnpm version references ==="

# Check package.json
echo -e "\n📦 package.json:"
rg -A 1 '"pnpm":|"packageManager":' package.json

# Check Dockerfile
echo -e "\n🐳 Dockerfile:"
rg 'pnpm@' Dockerfile

# Check GitHub workflows
echo -e "\n⚙️ GitHub workflows:"
rg 'version:.*[0-9]' .github/workflows/validate.yml | grep -i pnpm

# Check .npmrc for any version specifications
echo -e "\n📝 .npmrc:"
rg 'pnpm' .npmrc || echo "No pnpm version specified in .npmrc"

Length of output: 239

---

Pin pnpm version in Dockerfile and workflows
Sir, the Dockerfile invokes pnpm@latest and the CI workflow lacks a pinned version—align both to 9.15.4 for reproducible builds.

🤖 Prompt for AI Agents

In package.json around line 24, the pnpm engine is loose (">=8.0.0") while
Dockerfile and CI use unpinned/latest pnpm; pin pnpm to 9.15.4 for reproducible
builds by: update the Dockerfile to install or reference [email protected] (e.g., use
corepack to enable and set pnpm 9.15.4 or run npm/pnpm install -g [email protected]),
modify CI workflows to pin the action/setup step to install [email protected] (or add
a step that runs npm/pnpm install -g [email protected] before install commands), and
optionally update package.json engines to "pnpm": "9.15.4" (or a strict range
that includes only 9.15.4) so all three places are consistent.