feat(#754): Phase 1 — TanStack Start SSR foundation on Cloudflare Workers (preview-only)#763
Merged
Merged
Conversation
…kers (preview-only) In-place foundation for the Next.js 15 → TanStack Start migration (Track B of #744), deployed as a SEPARATE Cloudflare Workers preview target. The live Next.js/Vercel app is untouched (only additive edits to package.json / tsconfig.json / .gitignore). What's included (all new source under src/web/): - Build: vite.config.mts (cloudflare → tanstackStart → viteReact → tsconfigPaths), wrangler.jsonc (nodejs_compat), tsconfig.tanstack.json, env.d.ts. web:* scripts. - SSR shell: router + __root + Providers (ThemeProvider → QueryClientProvider). - Auth seam: @supabase/ssr read/write clients, getUser server fn, OAuth callback (302), health route. - Vertical slice: /migration-probe SSR route → Neynar SDK (v1) + Cloudflare Cache API (withCacheAPI) + getUser, all proven on real workerd. - Primitives: next/image + next/link shims; fonts isolated in src/web/styles/fonts.css (globals.css byte-identical). Verified: web:build 578 KiB gzip (<3MB), web:typecheck + live typecheck green, wrangler dev /api/health 200 (hasProcess+hasCachesDefault), probe SSR 200, deploy:dry-run. Live run round-tripped a REAL Supabase session (getUser → real UUID) on workerd. PRD + verified state: docs/migration/phase-1.md. Deviations from the PRD draft (documented in §0): web:* script namespacing, src/web/ isolation + separate tsconfig, fonts isolated (not appended to globals.css), probe at /migration-probe (leading _ is pathless), .server.ts boundary convention for the server/client split. Cache helper does not cache failed/empty results (R13 + 402 nit). Sentry, real pages/routes, cutover, and a CI wrangler deploy are deferred (P2–P4).
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)This is an exceptionally well-executed Phase 1 migration that establishes a solid foundation for moving from Next.js to TanStack Start on Cloudflare Workers. The implementation demonstrates careful planning, thorough documentation, and defensive coding practices. 🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
…te 6)
Make the Phase 1 TanStack code host-neutral (framework migration ≠ hosting choice):
- vite.config.mts: TARGET build flag (default cloudflare). Non-CF branch drops the
cloudflare() plugin and top-level-aliases cloudflare:workers → empty stub so serverEnv()
falls back to process.env on Node/Vercel.
- trending.server.ts: refactor withCacheAPI behind a CacheBackend interface —
CloudflareCacheBackend (caches.default) + MemoryCacheBackend (Map+TTL for Node/Vercel),
chosen by runtime capability. This is the seam the 12 unstable_cache sites port onto in P3.
- env.server.ts: doc the non-CF resolution path.
Vercel spike → NO-GO on vite 6: the path is nitro({config:{preset:'vercel'}}) from
nitro/vite, but nitro v3's Vercel Build-Output finalize runs in vite 7's `buildApp` plugin
hook (vite 6 never invokes it) → build emits only static assets, not deployable. Reverted
the nitro dep + web:build:vercel script (footgun); kept the documented gate at the slot.
A vite 7 bump is small + isolated (vite is consumed ONLY by this TanStack build; Next
doesn't touch it) and unblocks Vercel — tracked separately.
CF path unchanged + green: web:build (578 KiB gzip), web:typecheck, live typecheck all 0.
Seams add zero dependencies. Docs: docs/migration/phase-1.md §0.1.
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. 🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
… Conductor wiring Local-first execution model for the Next→TanStack-on-Cloudflare migration (no GitHub issues): - docs/migration/strategy.md — the map: 13 units (status board), dependency graph, sequencing, the per-unit workspace recipe + kickoff-prompt template, and the two-tier review protocol (Tier-1 per-unit isolated /code-review; Tier-2 codex integration review at phase boundaries). - docs/migration/conventions.md — the reuse contract (anti-slop/anti-duplication): the canonical seams every unit MUST reuse (serverEnv, withCacheAPI/CacheBackend, FarcasterProvider, the navigation adapter, the .server.ts boundary, auth 302 pattern), load-bearing gotchas, do-NOT rules. - .conductor/settings.toml + .worktreeinclude — each workspace auto-installs (+ rebuild esbuild workerd) and copies .env*/.dev.vars so the canary runs. Run button stays the Next app; migration workspaces use pnpm web:dev / web:serve. Operating model: unit = a Conductor workspace (isolated branch + chat, the context-length fix); workflow = the implement→review→fix pipeline inside a unit; durable context lives in these committed files so fresh chats bootstrap from strategy.md + conventions.md + the unit spec.
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)This is an exceptionally well-executed Phase 1 migration that establishes a solid foundation for moving from Next.js to TanStack Start on Cloudflare Workers. The implementation demonstrates careful planning, thorough documentation, and defensive coding practices. 🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
…rotocol - docs/migration/phase-2-navigation-seam.md: the critical-path gate spec. Approach = adapter (@/web/lib/navigation) + TanStack-build alias (next/navigation→adapter, next/link/image/dynamic→shims), NOT re-pointing the 54 live-app sites. Adapter contract covers only the 5 APIs actually used (useRouter/usePathname/useSearchParams/useParams/ redirect; grep-verified the others are unused). Three disjoint parallel areas (A adapter, B vite aliases, C primitives+dynamic+probe) + DoD/cf-canary. - conventions.md: added the reusable "Agent execution protocol" for parallel agents in one workspace — bootstrap/stay-in-lane/.context logging/typecheck-don't-build/NO concurrent commits, and the integrator step (build → /code-review → codex review → commit → status).
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)This is an exceptionally well-executed Phase 1 migration that establishes a solid foundation for moving from Next.js to TanStack Start on Cloudflare Workers. The implementation demonstrates careful planning, thorough documentation, and defensive coding practices. 🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
…nit #2) Drop-in next/navigation adapter (@/web/lib/navigation) + next/link/image/dynamic shims, aliased in the TanStack vite build only — so shared src/ components resolve to real Next under `next build` and to these adapters under `vite build`, with ZERO edits to the 54 live-app call sites. Built by 3 parallel agents (A adapter, B vite aliases, C primitives + dynamic + probe); integrated here. Adapter covers the 5 APIs actually used (grep-verified): useRouter, usePathname, useSearchParams, useParams, redirect. /nav-probe route exercises the seam. Dual review (Claude + Codex) gate — applied: - P0: query-string hrefs misnavigated. TanStack treats `to` as a pathname only, so /feeds?channel=following folded into `to` silently no-op'd (blast radius: feed switching, inbox tabs, hotkeys). Fix: shared hrefToLocation() splits href → {to, search?, hash?}, used by push/replace/prefetch/redirect AND <Link>. Verified on canary: <Link> renders href="/nav-probe?q=linked" (query preserved), no %3F path-encoding. - P2: dynamic.tsx generic default Record<string,never>→unknown; redirect() isAbsolute now covers mailto:/tel:; corrected the vite alias comment (top-level alias propagates to every environment, not "merges"). Verified: web:build (nav-probe registered) + web:typecheck + live `pnpm typecheck` all 0; cf-canary /nav-probe 200 with ?q= read + write paths; /migration-probe still 200; zero live-app files touched. strategy.md: unit #2 → ✅.
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application.
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application.
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
…/hotkeys) — unit #3 Ports app/providers.tsx onto src/web/providers/Providers.tsx, SSR-safe on workerd + React 19: ThemeProvider → PostHog → PersistQueryClient(+IDB) → [WalletProviders if route] → AuthProvider → AppHotkeysProvider → perf/web-vitals trackers. Reuses shared src/ providers via the #2 build aliases; app-only WalletProviders ported into src/web (wagmi/rainbowkit, dynamic ssr:false, route-scoped). Built by 3 parallel agents (A tree, B wallet, C persist+analytics+probe). Foundational integration fixes (first unit to pull deep shared chains — every reuse-heavy unit needs these): - vite.config.mts: `@`→src build-wide alias (vite-tsconfig-paths only remaps @/* inside the tsconfig include=src/web; transitively-pulled shared files couldn't resolve their @/* imports). - tsconfig.tanstack.json: noImplicitAny:false to match the root Next tsconfig (the reused src/ carries pre-existing implicit-anys); strictNullChecks etc. stay on. Revisit at cutover. SSR landmines handled (verified in code + on canary): - localStorage-in-SSR: getProviderType self-guards → no localStorage read during workerd render. - PostHog: reads import.meta.env.VITE_POSTHOG_KEY (not process.env.NEXT_PUBLIC_*); window-guarded. - wallet: dynamic(ssr:false) + route-scoped → wagmi/rainbowkit never in the server graph. - IDB persister: reused as-is (window-guarded, lazy open). Dual review (Claude + Codex) applied: P1 — collapsed a duplicated/divergent persist buster to Area C's single SSR-safe source; added VITE_POSTHOG_* to env.d.ts. Deferred (recorded in strategy.md): rainbowkit Alchemy key needs VITE_* sourcing (→ #9); noImplicitAny revisit (→ cutover). Verified: web:build + web:typecheck + live `pnpm typecheck` all 0; cf-canary /providers-probe SSR 200 on workerd, zero SSR errors; nav/migration probes still 200; zero live-app files touched. strategy.md: unit #3 → ✅.
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. Review Tasks
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
Migration unit #1. Isolated to the src/web TanStack/Vite build (next.config.mjs
has zero vite refs), so it cannot affect the live Next/Vercel app.
- vite ^6.4.0 → ^7.3.5; @vitejs/plugin-react ^4.3.0 → ^5.2.0 (latest 5.x line —
6.x peer-requires vite ^8). Single vite/rollup/react in the tree. The bump also
fixes @tanstack/react-start@1.168's previously-tolerated `vite >=7` peer.
- Stretch: re-enable the Vercel host target Phase 1 left gated on vite 7. Re-added
the `nitro` devDep, wired `nitro({config:{preset:'vercel'}})` into the non-CF
host-plugin slot, added `web:build:vercel`. `pnpm web:build:vercel` now emits a
deployable Build-Output-API-v3 tree (.vercel/output/{config.json, functions/
__server.func, static/}) — vite 7's `buildApp` plugin hook fires nitro's Vercel
finalize, which vite 6 never invoked. (Function runtime tracks build-node major:
build on node ≥22 → nodejs22.x.)
Verified (node 22): web:build green @ 2.04 MB gzip (<3 MB); web:typecheck=0;
live typecheck=0; web:serve probes /migration-probe,/providers-probe,/nav-probe
all 200. Default CF/workerd path unaffected (nitro never on the CF branch;
plugin order preserved). No forbidden files touched (app/, pages/,
next.config.mjs, vercel.json, src/globals.css).
Reviews: codex SHIP-WITH-NITS + two adversarial review workflows; addressed all
CONFIRMED doc-drift. Updated phase-1.md §0.1/§8, strategy.md, conventions.md;
authored phase-2-vite7.md; flipped unit #1 → ✅. Shared-dep nits (@types/node,
engines, .nvmrc, rollup-peer, nitro-beta) documented as deliberately accepted
(out of scope for an isolated bump; would risk the live app).
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. Review Tasks
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
Unit #0 (infra). Gives every later unit a REAL deployed canary to verify against, with the live Next.js/Vercel app untouched. - .github/workflows/cf-web-canary.yml: branch-gated auto-deploy of the `herocast-web` worker. node 22 → pnpm install → rebuild esbuild/workerd → web:build → `wrangler deploy -c dist/server/wrangler.json`. Triggers only on push to hellno/cloudflare-hosting-state (+ workflow_dispatch) with a job-level ref guard, so it never runs on main/PRs and never touches Vercel. Captures the workers.dev URL and BLOCKS on a probe smoke test (probes 200 with no secrets); cf.herocast.xyz is a second, non-blocking check until DNS is live. Least-priv permissions + single-flight concurrency. - .conductor/settings.toml: branch-aware Run button — canary on migration/cloudflare branches, the live Next app (pnpm dev) everywhere else, so merging this shared config to main does not change normal dev ergonomics. setup rebuilds esbuild/workerd. - docs/migration/phase-2-infra-canary.md: unit spec + the one-time runbook (wrangler secret put NEYNAR/SUPABASE, VITE_* build vars, cf.herocast.xyz custom domain, GitHub repo secrets). No secret values committed. - strategy.md: unit #0 → ✅. Reviewed via /code-review-style multi-agent workflow + codex: no secret leak, no prod/Vercel impact, CI footguns fixed (smoke-status capture, blast-radius gating).
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. Review Tasks
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
Follow-up to fbcb868, from live gh/wrangler/env audits (via subagents): - wrangler.jsonc: add routes [{ pattern: cf.herocast.xyz, custom_domain: true }] so `wrangler deploy` provisions the custom domain itself — no manual dashboard step. (Canary's own config; Vercel never reads it. Only the new cf.herocast.xyz subdomain is touched, never the apex/www records the live app uses.) - cf-web-canary.yml: add a `guard` job that SKIPS the deploy (neutral, not red) until CLOUDFLARE_API_TOKEN/ACCOUNT_ID exist, so pushing the workflow no longer spams failed runs. Fix a false-green: `wrangler deploy | tee` masked wrangler's exit code (a tokenless deploy reported SUCCESS — verified on run 27272788790); now asserted via ${PIPESTATUS[0]}. - docs/phase-2-infra-canary.md: corrected runbook — deploy-first then `wrangler secret put` (chicken-and-egg), the 4 API-token scopes a custom_domain deploy needs, the NEXT_PUBLIC_* env reuse (zero rename), and ready `gh secret set` commands. Only the two Cloudflare secret VALUES need the human.
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. Review Tasks
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
…flare
The herocast.xyz zone is on Namecheap (dns{1,2}.registrar-servers.com → Vercel), not
Cloudflare. A Workers custom_domain requires the zone active on Cloudflare (a bare CNAME
to *.workers.dev fails — no cert, CF error 1014), so:
- wrangler.jsonc: comment OUT the cf.herocast.xyz custom_domain route. The canary serves
on its *.workers.dev URL and the deploy touches NO DNS. Inline notes explain how to
re-enable later (move the zone to Cloudflare).
- cf-web-canary.yml: header updated (canary = workers.dev); remove the cf.herocast.xyz
smoke step (the blocking *.workers.dev smoke stays as the gate).
- docs: §6 split into Path A (ship now; token needs only Workers Scripts:Edit — the
"Edit Cloudflare Workers" template as-is) and Path B (move herocast.xyz DNS to
Cloudflare later — keep the Vercel apex/www records DNS-only — ideally at cutover #13).
§2/§4/§7/§8 updated to workers.dev; token scope simplified.
Net: the only blocker is still the 2 CF secret VALUES; the token is now simpler (1 scope).
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. Review Tasks
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
The first deploy succeeded but the blocking smoke hit the brand-new *.workers.dev route before it propagated globally (404 → 200 a few seconds later). Retry each probe up to 8× (8s apart) before failing, so the canary gate tolerates post-deploy lag.
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. Review Tasks
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
…are) Nameservers propagated (damon/ximena.ns.cloudflare.com) so the herocast.xyz zone is active on Cloudflare; the Vercel apex/www records are DNS-only (live app verified still 200 via Vercel). Uncomment the custom_domain route → wrangler deploy provisions cf.herocast.xyz + cert automatically.
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. Review Tasks
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
…omain) Adding the custom_domain route disabled the *.workers.dev URL, so the smoke (which captured that URL) became a no-op. Point the blocking smoke at the canary's real URL, cf.herocast.xyz (verified serving 200), keep the 8× retry for edge propagation, and drop the now-pointless URL capture — wrangler's exit propagates without the masking `| tee`.
… path Path B completed: zone moved to Cloudflare (Vercel records DNS-only, live app unaffected), custom domain enabled, CI blocking smoke green against cf.herocast.xyz (run 27282715666). Records the token/account-id/propagation gotchas hit + fixed.
Switch the cf-web-canary trigger from the migration branch to `main`, so the canary ships on merge alongside Vercel. The Cloudflare worker (cf.herocast.xyz) is a separate target from Vercel (herocast.xyz), so deploying it from main is additive — it never runs next build or touches the Vercel deploy / live app. paths-ignore skips docs/supabase/md commits. Both ref-guards updated to refs/heads/main; the guard job still skips when CF secrets are absent. Takes effect on merge (this branch no longer auto-deploys).
…ting-state # Conflicts: # .gitignore
Contributor
|
Claude finished @hellno's task —— View job PR Review: TanStack Start SSR Migration (Phase 1)I've completed a comprehensive code review of this TanStack Start SSR migration. This is exceptionally well-executed engineering work that successfully establishes a solid foundation while maintaining zero risk to the production application. Review Tasks
🟢 StrengthsDocumentation & Planning Excellence
Build & Configuration Architecture
Authentication & Security
Performance & Caching
Error Handling & Resilience
🟡 Areas for ImprovementTest Coverage - Critical Gap
Security Considerations
Code Organization
Performance Optimizations
🔴 Minor IssuesDocumentation Inconsistencies
Development Experience
📋 Specific Code Improvements1. Enhance Error Logging Security// src/web/routes/api/auth/callback.ts:46
- console.error('Error in auth callback:', e);
+ console.error('Auth callback failed:', e instanceof Error ? e.message : 'Unknown error');2. Improve Type Safety// src/web/lib/trending.server.ts:24
- type TrendingCasts = { casts: unknown[]; next: unknown };
+ type TrendingCasts = { casts: NeynarCast[]; next: { cursor?: string } };3. Add Rate Limiting Headers// src/web/routes/api/health.ts
return Response.json({...}, {
headers: { 'X-RateLimit-Limit': '60', 'X-RateLimit-Window': '60' }
});🚀 Architecture AssessmentExcellent Patterns
Future-Proof Design
🎯 Recommendations for Phase 2
✅ Overall AssessmentThis PR represents exceptional engineering work that successfully proves the migration path while maintaining zero risk to the production application. The coexistence strategy is flawless, the documentation is thorough, and the implementation follows security best practices. Approval recommended with the understanding that test coverage should be a top priority for Phase 2. The foundation is solid and ready for the next phase of migration. Great work! 🎉 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase 1 of the Next.js 15 → TanStack Start (SSR) on Cloudflare Workers migration (Track B of #744, epic #754). Builds the foundation in-place and ships it as a separate
wrangler deploypreview target — the live Next.js/Vercel app is untouched.Full PRD + verified state:
docs/migration/phase-1.md.What's in it (all new source under
src/web/)vite.config.mts(plugin ordercloudflare → tanstackStart → viteReact → tsconfigPaths),wrangler.jsonc(nodejs_compat),tsconfig.tanstack.json,env.d.ts. Scripts namespacedweb:*.__root+Providers(ThemeProvider → QueryClientProvider).@supabase/ssrread/write clients,getUserserver fn, OAuth callback (302 so chunkedsb-*cookies survive), health route./migration-probeSSR route → Neynar SDK (v1 ctor) + Cloudflare Cache API (withCacheAPI) +getUser, proven end-to-end on realworkerd.next/image+next/linkshims; fonts isolated insrc/web/styles/fonts.css(globals.cssbyte-identical).Verified
pnpm web:buildpnpm web:typecheckpnpm typecheckwrangler dev→/api/healthhasProcess:true, hasCachesDefault:true)/migration-probeweb:deploy:dry-rungetUser()returned a real UUID on workerdCoexistence (live app untouched)
Only additive edits to tracked files:
package.json(deps /web:*scripts / engines), roottsconfig.json(exclude += src/web),.gitignore,pnpm-lock.yaml. Zero changes tonext.config.mjs,vercel.json,app/,pages/,src/globals.css.Notable decisions (details in PRD §0)
src/web/isolation + separatetsconfig.tanstack.json(root tsconfig is Next's, incompatiblejsx)..server.tsfilename convention + thin server-fn wrappers to keep server-only code (cloudflare:workers, Neynar SDK) out of the client bundle — the runtimeserver-onlymarker is unreliable undervite build(PRD §6 R13)./migration-probe(a leading_is TanStack's pathless convention).Out of scope (deferred)
wrangler deploy+ production secrets (wrangler secret put); and the worker's own OAuthexchangeCodeForSessionwrite path (this PR proved the cookie read with a real session).How to run locally
pnpm web:serve→ openhttp://localhost:8787/migration-probe. For real trending casts, add a quota'dNEYNAR_API_KEYto.dev.vars.