chore: update package versions to exact matches and add bunfig configuration

[yordis]

No description provided.

[cursor]

PR Summary

Pins dependencies to exact versions, enforces exact installs via bunfig, switches build script to use bun build CLI with improved error handling, and tweaks TypeScript config flags.

• Dependencies & Config:
  • Pin all dependencies, devDependencies, and peerDependencies in package.json to exact versions; update bun.lock accordingly.
  • Add bunfig.toml with [install] exact = true to enforce exact installs.
• Build:
  • Replace Bun.build API with bun build --compile CLI in script/build.ts and add quiet/nothrow handling plus stdout/stderr logging on failure.
• TypeScript:
  • Adjust tsconfig.json strictness flags (e.g., keep unused checks; update advanced options like noPropertyAccessFromIndexSignature).

^{Written by Cursor Bugbot for commit 415be88. This will update automatically on new commits. Configure here.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds a new bunfig.toml with an install.exact flag, pins dependency versions in package.json to exact values, replaces Bun.build() usage with shell-invoked bun build in the build script (adjusting error handling), and updates tsconfig.json by removing several strict flags and adding noPropertyAccessFromIndexSignature:false.

Changes

Cohort / File(s)	Summary
Dependency pinning package.json	Replaced caret/range versions with exact versions for devDependencies, runtime dependencies, and peerDependencies (typescript pinned to 5.9.3).
Bun install config bunfig.toml	Added bunfig.toml containing [install] with exact = true.
Build script update script/build.ts	Replaced usage of Bun.build() with shell-style $bun build ...`` invocations; switched success checks to result.exitCode and print `stdout`/`stderr` on failure.
TypeScript config changes tsconfig.json	Removed noImplicitReturns, allowUnusedLabels, allowUnreachableCode; added noPropertyAccessFromIndexSignature: false and a nearby comment about stricter flags.

Sequence Diagram(s)

sequenceDiagram
  participant BuildScript as script/build.ts
  participant Shell as /bin/sh
  participant BunCLI as bun
  participant FS as Filesystem
  participant Logger as Console

  BuildScript->>Shell: execute `bun build --compile --target=... ./src/cli.ts --outfile dist/${binary}`
  Shell->>BunCLI: spawn bun process with args
  BunCLI->>FS: read source `./src/cli.ts`
  BunCLI->>FS: write output `dist/${binary}`
  BunCLI-->>Shell: exit with code (0 or non-zero), stdout/stderr
  Shell-->>BuildScript: return result (exitCode, stdout, stderr)
  alt exitCode == 0
    BuildScript->>Logger: proceed (success)
  else exitCode != 0
    BuildScript->>Logger: print stdout (if any) and stderr
    BuildScript->>Logger: exit with failure
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review script/build.ts for correct handling of asynchronous shell invocation, exit codes, and consistent logging compared to previous Bun.build() semantics.
• Verify package.json pinned versions for compatibility (especially TypeScript) and check lockfile regeneration.
• Validate tsconfig.json changes do not hide real type issues; run a local build/test to confirm.
• Confirm bunfig.toml exact = true aligns with intended install behavior and CI expectations.

Poem

🐇 I hopped through pins and build-time dirt,

Exact versions snug, no semver skirt.
Shells now call bun with a confident thump,
Type flags trimmed—I tidy the clump.
Clap paws, new config—let the binaries jump!

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to evaluate relatedness to the changeset.	Add a description explaining the motivation and scope of these dependency pinning and configuration changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: updating package versions to exact matches and adding bunfig configuration. Both aspects are clearly present in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/deps-2

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ace2361 and 415be88.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• bunfig.toml (1 hunks)
• package.json (1 hunks)
• script/build.ts (1 hunks)
• tsconfig.json (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• bunfig.toml

🚧 Files skipped from review as they are similar to previous changes (2)

• tsconfig.json
• package.json

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx,js,jsx}: Use bun <file> instead of node <file> or ts-node <file> for running scripts
Bun automatically loads .env files, so don't use the dotenv package
Use Bun.serve() with built-in WebSocket, HTTPS, and routes support instead of express
Use bun:sqlite for SQLite database access instead of better-sqlite3
Use Bun.redis for Redis client instead of ioredis
Use Bun.sql for Postgres database access instead of pg or postgres.js
Use the built-in WebSocket API instead of the ws package
Prefer Bun.file over node:fs's readFile/writeFile methods
Use Bun.$ for shell command execution instead of execa

Files:

• script/build.ts

**/*.{html,ts,tsx,css}

📄 CodeRabbit inference engine (CLAUDE.md)

Use bun build <file.html|file.ts|file.css> instead of webpack or esbuild for building

Files:

• script/build.ts

**/*.{tsx,jsx,ts,js}

📄 CodeRabbit inference engine (CLAUDE.md)

Import .css files directly in TypeScript/JavaScript frontend files and Bun's CSS bundler will handle bundling

Files:

• script/build.ts

**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

Use bun --hot <file.ts> for hot module reloading during development

Files:

• script/build.ts

🧠 Learnings (10)

📓 Common learnings

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to {package.json,package-lock.json,yarn.lock,pnpm-lock.yaml} : Use `bun install` instead of `npm install`, `yarn install`, or `pnpm install`

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to package.json : Use `bun run <script>` instead of `npm run <script>`, `yarn run <script>`, or `pnpm run <script>`

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `bun <file>` instead of `node <file>` or `ts-node <file>` for running scripts

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{html,ts,tsx,css} : Use `bun build <file.html|file.ts|file.css>` instead of `webpack` or `esbuild` for building

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `Bun.$` for shell command execution instead of execa

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.test.{ts,tsx,js,jsx} : Use `bun test` instead of `jest` or `vitest` for running tests

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.ts : Use `bun --hot <file.ts>` for hot module reloading during development

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `bun:sqlite` for SQLite database access instead of `better-sqlite3`

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Prefer `Bun.file` over `node:fs`'s readFile/writeFile methods

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Bun automatically loads .env files, so don't use the dotenv package

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `Bun.$` for shell command execution instead of execa

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `bun <file>` instead of `node <file>` or `ts-node <file>` for running scripts

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{html,ts,tsx,css} : Use `bun build <file.html|file.ts|file.css>` instead of `webpack` or `esbuild` for building

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.ts : Use `bun --hot <file.ts>` for hot module reloading during development

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to package.json : Use `bun run <script>` instead of `npm run <script>`, `yarn run <script>`, or `pnpm run <script>`

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.test.{ts,tsx,js,jsx} : Use `bun test` instead of `jest` or `vitest` for running tests

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to {package.json,package-lock.json,yarn.lock,pnpm-lock.yaml} : Use `bun install` instead of `npm install`, `yarn install`, or `pnpm install`

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Prefer `Bun.file` over `node:fs`'s readFile/writeFile methods

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `Bun.serve()` with built-in WebSocket, HTTPS, and routes support instead of `express`

Applied to files:

• script/build.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cursor Bugbot

🔇 Additional comments (2)

script/build.ts (2)

41-43: LGTM! Previous issue resolved.

The .nothrow() method has been added, which correctly prevents the shell command from throwing an exception on non-zero exit codes. This allows the error handling code on lines 45-56 to execute properly when builds fail.

---

47-54: LGTM! Previous issue resolved.

The error handling now correctly captures and prints both stdout and stderr, ensuring that build errors and warnings are not lost regardless of which stream they're written to.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4e478e7 and ace2361.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• bunfig.toml (1 hunks)
• package.json (1 hunks)
• script/build.ts (1 hunks)
• tsconfig.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx,js,jsx}: Use bun <file> instead of node <file> or ts-node <file> for running scripts
Bun automatically loads .env files, so don't use the dotenv package
Use Bun.serve() with built-in WebSocket, HTTPS, and routes support instead of express
Use bun:sqlite for SQLite database access instead of better-sqlite3
Use Bun.redis for Redis client instead of ioredis
Use Bun.sql for Postgres database access instead of pg or postgres.js
Use the built-in WebSocket API instead of the ws package
Prefer Bun.file over node:fs's readFile/writeFile methods
Use Bun.$ for shell command execution instead of execa

Files:

• script/build.ts

**/*.{html,ts,tsx,css}

📄 CodeRabbit inference engine (CLAUDE.md)

Use bun build <file.html|file.ts|file.css> instead of webpack or esbuild for building

Files:

• script/build.ts

**/*.{tsx,jsx,ts,js}

📄 CodeRabbit inference engine (CLAUDE.md)

Import .css files directly in TypeScript/JavaScript frontend files and Bun's CSS bundler will handle bundling

Files:

• script/build.ts

**/*.ts

📄 CodeRabbit inference engine (CLAUDE.md)

Use bun --hot <file.ts> for hot module reloading during development

Files:

• script/build.ts

{package.json,package-lock.json,yarn.lock,pnpm-lock.yaml}

📄 CodeRabbit inference engine (CLAUDE.md)

Use bun install instead of npm install, yarn install, or pnpm install

Files:

• package.json

package.json

📄 CodeRabbit inference engine (CLAUDE.md)

Use bun run <script> instead of npm run <script>, yarn run <script>, or pnpm run <script>

Files:

• package.json

🧠 Learnings (12)

📓 Common learnings

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to {package.json,package-lock.json,yarn.lock,pnpm-lock.yaml} : Use `bun install` instead of `npm install`, `yarn install`, or `pnpm install`

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to package.json : Use `bun run <script>` instead of `npm run <script>`, `yarn run <script>`, or `pnpm run <script>`

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `Bun.$` for shell command execution instead of execa

Applied to files:

• script/build.ts
• package.json

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `bun <file>` instead of `node <file>` or `ts-node <file>` for running scripts

Applied to files:

• script/build.ts
• package.json

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{html,ts,tsx,css} : Use `bun build <file.html|file.ts|file.css>` instead of `webpack` or `esbuild` for building

Applied to files:

• script/build.ts
• package.json

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.test.{ts,tsx,js,jsx} : Use `bun test` instead of `jest` or `vitest` for running tests

Applied to files:

• script/build.ts
• package.json

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.ts : Use `bun --hot <file.ts>` for hot module reloading during development

Applied to files:

• script/build.ts
• package.json

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to package.json : Use `bun run <script>` instead of `npm run <script>`, `yarn run <script>`, or `pnpm run <script>`

Applied to files:

• script/build.ts
• package.json

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to {package.json,package-lock.json,yarn.lock,pnpm-lock.yaml} : Use `bun install` instead of `npm install`, `yarn install`, or `pnpm install`

Applied to files:

• script/build.ts
• package.json

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Prefer `Bun.file` over `node:fs`'s readFile/writeFile methods

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `Bun.serve()` with built-in WebSocket, HTTPS, and routes support instead of `express`

Applied to files:

• script/build.ts

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Bun automatically loads .env files, so don't use the dotenv package

Applied to files:

• package.json

📚 Learning: 2025-11-24T17:14:51.342Z

Learnt from: CR
Repo: TrogonStack/aipm PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:14:51.342Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `bun:sqlite` for SQLite database access instead of `better-sqlite3`

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cursor Bugbot

🔇 Additional comments (3)

bunfig.toml (1)

1-2: LGTM! Configuration aligns with exact versioning strategy.

The exact = true setting ensures Bun installs exact versions specified in package.json, which is consistent with the exact version pinning introduced in this PR.

script/build.ts (1)

41-48: LGTM! Refactor aligns with Bun best practices.

The change from Bun.build() API to shell-based bun build command using Bun.$ follows the project's coding guidelines and simplifies the build logic. The error handling correctly checks exitCode and logs stderr on failure.

Based on coding guidelines, using Bun.$ for shell command execution is the preferred approach.

package.json (1)

33-36: All pinned versions should be verified for existence on npm before merge.

The shift to exact versions ensures installation determinism. Confirm the following are available: zod@4.1.12 exists as a released version, and prettier@3.6.2 was published and has no direct vulnerabilities. Additionally verify @straw-hat/prettier-config@3.1.5, @types/bun@1.2.2, @types/lodash.merge@4.6.9, typescript@5.9.3, lodash.merge@4.6.2, and yaml@2.8.1 are valid npm versions before deploying.