merge dev to main (v3.0.0-beta.2)

[ymc9]

Summary by CodeRabbit

• Bug Fixes
  • Enforced single-result semantics for findFirst/findUnique (take is fixed to 1); invalid values now raise an input validation error.
• New Features
  • Exposed a dedicated InputValidationError for clearer client-side error handling.
• Editor/IDE
  • VS Code extension update with improved zmodel v3 grammar and a patch version bump.
• Tests
  • Switched to a multi-project test setup; temporarily skipped slow CLI tests in CI.
• Chores
  • Bumped package versions to 3.0.0-beta.2 across the monorepo.
  • Updated release workflow environment configuration.

[coderabbitai]

Walkthrough

Introduces telemetry env vars in release workflow, updates VSCode settings and extension grammar, bumps versions across packages, restructures Vitest config, skips two CLI test suites, and modifies runtime find/validation logic to add a findOne flag, adjust validateFindArgs signature/behavior, and update related tests and error exports.

Changes

Cohort / File(s)	Summary
Release workflow telemetry env .github/workflows/publish-release.yml	Added top-level env: TELEMETRY_TRACKING_TOKEN (from secrets) and DO_NOT_TRACK=1.
VSCode settings cleanup .vscode/settings.json	Removed Vitest workspaceConfig entry; file now an empty object.
Monorepo version bumps package.json, packages/*/package.json (cli, common-helpers, create-zenstack, dialects/sql.js, eslint-config, language, runtime, sdk, tanstack-query, testtools, typescript-config, vitest-config, zod), samples/blog/package.json, tests/e2e/package.json	Bumped versions: root and many packages from 3.0.0-beta.1 → 3.0.0-beta.2; VSCode extension 3.0.5 → 3.0.6. No functional changes.
VSCode extension grammar update packages/ide/vscode/package.json	Updated extension version and changed zmodel-v3 grammar scopeName from "source.zmodel" to "source.zmodel-v3".
Runtime find/validation changes packages/runtime/src/client/crud/operations/find.ts, packages/runtime/src/client/crud/validator.ts, packages/runtime/test/client-api/find.test.ts, packages/runtime/test/client-api/computed-fields.test.ts, packages/runtime/src/client/errors.ts (implied export)	Added findOne flag; changed validateFindArgs signature to accept options and possibly return undefined; enforced take=1 for findFirst/findUnique paths; adjusted result handling; tests updated to validate take rules; InputValidationError used/exported.
CLI tests skipped packages/cli/test/init.test.ts, packages/cli/test/migrate.test.ts	Marked top-level describe blocks as skipped due to CI timeouts; test bodies unchanged.
Vitest config restructure vitest.config.ts, vitest.base.config.ts, vitest.workspace.ts, .vscode/settings.json (related)	Replaced workspace/base configs by a single vitest.config.ts using test.projects: ['packages/*']; removed old base/workspace configs; removed VSCode Vitest workspace setting.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix: findFirst args validation issues #233 — Also introduces findOne and updates validateFindArgs and related tests in runtime, indicating overlapping logic changes.
• fix: optimize findFirst #229 — Modifies find operation behavior to enforce single-result semantics, closely matching the find.ts updates here.
• fix: vscode extension syntax language id #231 — Updates VSCode extension version and grammar scopeName similar to the manifest changes in this PR.

Poem

A rabbit taps keys with a rhythmic delight,
Flips find to findOne, keeps queries tight.
Versions hop forward, configs realign,
Tests take a breather, all by design.
In the warren of code, carrots of green,
Telemetry whispers, DO_NOT_TRACK seen.
Thump—release day! Shiny and clean. 🥕✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[claude]

Claude finished @ymc9's task —— View job

---

PR Review Analysis

I'll conduct a comprehensive review of this dev → main merge PR, focusing on:

Review Checklist:

• Analyze version bump changes across all packages
• Review core runtime changes in find operations
• Examine validator logic updates
• Check vitest configuration restructuring
• Review GitHub workflow changes
• Assess security implications
• Check for breaking changes
• Evaluate test coverage impact
• Provide overall feedback and recommendations

🔍 Detailed Review Findings

✅ Positive Changes

1. FindFirst Optimization (packages/runtime/src/client/crud/operations/find.ts:20-24)

• Good: Automatic take: 1 enforcement for findFirst operations improves performance
• Good: Cleaner separation between findFirst/findUnique vs findMany operations
• Good: Type safety maintained with proper casting

2. Validator Improvements (packages/runtime/src/client/crud/validator.ts:43-48)

• Good: Enhanced validateFindArgs method signature with findOne option
• Good: Specific validation for findFirst with take: 1 constraint at schema level
• Good: Better type inference with FindArgs<Schema, GetModels<Schema>, true> | undefined

3. Version Management

• Good: Consistent version bump to 3.0.0-beta.2 across all packages
• Good: Proper semver usage for beta release

4. Vitest Configuration Simplification

• Good: Removed complex vitest.workspace.ts and vitest.base.config.ts
• Good: Cleaner project-based configuration in root vitest.config.ts
• Good: Maintains proper test discovery with projects: ['packages/*']

⚠️ Areas of Concern

1. Logic Issue in Find Operations (find.ts:10-24)

const findOne = operation === 'findFirst' || operation === 'findUnique';
// ...
if (findOne) {
    parsedArgs = parsedArgs ?? {};
    parsedArgs.take = 1;  // This overwrites any existing take value!
}

Issue: The current logic forcefully sets take: 1 for both findFirst AND findUnique operations. However:

• findUnique should not have a take limit as it's uniquely identified
• This overwrites any user-specified take value, which might be unexpected behavior

2. VSCode Extension Version Mismatch

• Issue: VSCode extension version is 3.0.6 while all other packages are 3.0.0-beta.2
• Impact: Version inconsistency could cause confusion in deployment/release tracking

3. Missing Test Updates

While find.test.ts was modified, the changes are minimal. The findFirst optimization should include:

• Tests verifying take: 1 is automatically applied
• Tests ensuring user-specified take values are handled correctly
• Performance tests comparing old vs new implementation

🛡️ Security Assessment

Low Risk Issues:

1. GitHub Workflow: Added DO_NOT_TRACK: '1' environment variable - good privacy practice
2. Telemetry: Uses TELEMETRY_TRACKING_TOKEN secret properly
3. No sensitive data exposure in the changes

🔧 Recommendations

Critical:

1. Fix Logic Issue: The findUnique operation should not have take: 1 applied:

   if (operation === 'findFirst') {
       parsedArgs = parsedArgs ?? {};
       parsedArgs.take = 1;
   }

High Priority:

2. Version Alignment: Update VSCode extension to 3.0.0-beta.2 for consistency
3. Add Comprehensive Tests: Include tests for the new optimization logic

Medium Priority:

4. Performance Validation: Add benchmarks to verify the optimization actually improves performance
5. Documentation: Update any relevant docs about findFirst behavior changes

📊 Breaking Changes Assessment

No breaking changes detected - all changes are internal optimizations that maintain the same API surface.

🎯 Overall Assessment

This PR includes valuable optimizations, particularly the findFirst performance improvement. However, there's a logic issue that needs to be addressed before merging to main. The code quality is generally good, and the architectural decisions (simplified vitest config, consistent versioning) are sound.

Recommendation: Request changes to fix the findUnique logic issue before approving.

---

[Copilot]

Pull Request Overview

This PR merges development changes to main, primarily focusing on version bumps and test configuration improvements. The changes update all packages from version 3.0.0-beta.1 to 3.0.0-beta.2 and refactor the Vitest configuration from a workspace-based setup to a project-based approach.

Key changes include:

• Version bump across all packages from beta.1 to beta.2
• Vitest configuration refactoring from workspace to project-based setup
• Input validation improvements for findFirst operations to enforce take=1 limit
• Test stability improvements by skipping timeout-prone CLI tests

Reviewed Changes

Copilot reviewed 28 out of 28 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
vitest.workspace.ts	Removed workspace configuration file
vitest.config.ts	Added new project-based Vitest configuration
vitest.base.config.ts	Removed base configuration file
Multiple package.json files	Version bumps from 3.0.0-beta.1 to 3.0.0-beta.2
packages/runtime/src/client/crud/validator.ts	Enhanced input validation for findFirst operations
packages/runtime/src/client/crud/operations/find.ts	Improved findFirst logic to enforce take=1
Test files	Updated tests and skipped timeout-prone CLI tests
.vscode/settings.json	Removed Vitest workspace configuration
.github/workflows/publish-release.yml	Added telemetry environment variables

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (9)

.github/workflows/publish-release.yml (1)

12-14: Optional: Enable provenance for npm publish.

If publish-all supports npm provenance, grant OIDC and set the env flag.

Apply:

 permissions:
-    contents: write
+    contents: write
+    id-token: write
@@
             - name: Publish packages
               run: pnpm run publish-all
               env:
                   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+                  NPM_CONFIG_PROVENANCE: 'true'

packages/cli/test/migrate.test.ts (1)

12-13: Prefer conditional skip to retain local coverage and only skip in CI.

Avoid permanently skipping the entire suite. Gate it by CI and keep it runnable locally; also consider per-test longer timeouts instead of blanket skip.

Apply within this hunk:

-// skip due to timeout in CI
-describe.skip('CLI migrate commands test', () => {
+// run locally; skip in CI to avoid timeouts
+describe.runIf(!process.env.CI)('CLI migrate commands test', () => {

Follow-ups:

• Increase timeouts for slow tests (e.g., it('...', { timeout: 120_000 }, ...)).
• Add a scheduled GitHub Actions job to run this suite nightly with relaxed timeouts to preserve signal.

.vscode/settings.json (1)

1-1: Empty settings file—consider deleting to reduce repo noise.

packages/cli/test/init.test.ts (1)

7-8: Avoid permanent skip; conditionally skip in CI and raise timeout

Skip only on CI and keep the suite runnable locally. Also raise the timeout to reduce flakes.

-// skipping due to timeout during CI
-describe.skip('Cli init command tests', () => {
+const inCI = process.env.CI === 'true';
+// Skip only on CI, run locally with a higher timeout
+const suite = inCI ? describe.skip : describe;
+
+suite('Cli init command tests', { timeout: 120_000 }, () => {

vitest.config.ts (1)

3-7: Set CI-friendly timeouts to reduce flakes and avoid blanket skips

Add higher timeouts for CI so long-running suites don’t need to be skipped.

 export default defineConfig({
     test: {
-        projects: ['packages/*'],
+        projects: ['packages/*'],
+        testTimeout: process.env.CI ? 120_000 : 30_000,
+        hookTimeout: 120_000,
     },
 });

packages/runtime/src/client/crud/validator.ts (1)

196-229: Return parsed data and default take = 1 for findOne
z.literal(1).optional() enforces take === 1 but doesn’t inject it when args are omitted. Update validate() to return parsed.data so Zod defaults flow, and in makeFindSchema wrap the non-unique, findOne schema with .optional().default({ take: 1 }). (Operation layer’s parsedArgs.take = 1 fallback remains intact.)

Apply both diffs:

@@ packages/runtime/src/client/crud/validator.ts
-        const { error } = schema.safeParse(args);
-        if (error) {
-            throw new InputValidationError(`Invalid ${operation} args: ${error.message}`, error);
-        }
-        return args as T;
+        const parsed = schema.safeParse(args);
+        if (!parsed.success) {
+            throw new InputValidationError(
+                `Invalid ${operation} args: ${parsed.error.message}`,
+                parsed.error
+            );
+        }
+        return parsed.data as T;

@@ packages/runtime/src/client/crud/validator.ts
-        if (!options.unique) {
-            result = result.optional();
-        }
+        if (!options.unique) {
+            // For findOne, default to { take: 1 } even when args are omitted
+            result = options.findOne
+                ? (result as any).optional().default({ take: 1 })
+                : result.optional();
+        }

packages/runtime/src/client/crud/operations/find.ts (1)

13-24: Avoid mutating validated args; tighten typing for parsedArgs

Two tweaks:

• Don’t mutate the object returned by the validator; it could become readonly in the future. Build a new args object for the read path.
• Cast/annotate to FindArgs<Schema, GetModels<Schema>, true> | undefined so take is type-safe and you don’t rely on implicit any.

Proposed diff:

-        let parsedArgs = validateArgs
-            ? this.inputValidator.validateFindArgs(this.model, normalizedArgs, {
-                  unique: operation === 'findUnique',
-                  findOne,
-              })
-            : (normalizedArgs as FindArgs<Schema, GetModels<Schema>, true> | undefined);
-
-        if (findOne) {
-            // ensure "limit 1"
-            parsedArgs = parsedArgs ?? {};
-            parsedArgs.take = 1;
-        }
+        const parsedArgs = validateArgs
+            ? (this.inputValidator.validateFindArgs(this.model, normalizedArgs, {
+                  unique: operation === 'findUnique',
+                  findOne,
+              }) as FindArgs<Schema, GetModels<Schema>, true> | undefined)
+            : (normalizedArgs as FindArgs<Schema, GetModels<Schema>, true> | undefined);
+
+        // ensure "limit 1" for single-result ops without mutating validated input
+        const argsForRead = findOne ? { ...(parsedArgs ?? {}), take: 1 } : parsedArgs;
@@
-        const result = await this.read(this.client.$qb, this.model, parsedArgs);
+        const result = await this.read(this.client.$qb, this.model, argsForRead);
@@
-        const finalResult = findOne ? (result[0] ?? null) : result;
+        const finalResult = findOne ? (result[0] ?? null) : result;

Also applies to: 27-27, 29-29

packages/runtime/test/client-api/computed-fields.test.ts (1)

76-79: Explicit take: 1 is fine but redundant

findFirst is now enforced to single-row; this assertion still adds value, but consider removing the explicit take here to test the default single-result path and keep one dedicated “take must be 1” test in find.test.ts.

packages/runtime/test/client-api/find.test.ts (1)

57-60: Broaden validation coverage for findFirst's take

Add cases for take: 0 and take: -1 to assert they reject with InputValidationError, and a case with no take to assert it succeeds (implicitly 1).

Apply:

         // findFirst's take must be 1
         await expect(client.user.findFirst({ take: 2 })).rejects.toThrow(InputValidationError);
+        await expect(client.user.findFirst({ take: 0 })).rejects.toThrow(InputValidationError);
+        await expect(client.user.findFirst({ take: -1 })).rejects.toThrow(InputValidationError);
         await expect(client.user.findFirst({ take: 1 })).toResolveTruthy();
+        await expect(client.user.findFirst()).toResolveTruthy();

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 31d2626 and cc8af45.

📒 Files selected for processing (28)

• .github/workflows/publish-release.yml (1 hunks)
• .vscode/settings.json (1 hunks)
• package.json (1 hunks)
• packages/cli/package.json (1 hunks)
• packages/cli/test/init.test.ts (1 hunks)
• packages/cli/test/migrate.test.ts (1 hunks)
• packages/common-helpers/package.json (1 hunks)
• packages/create-zenstack/package.json (1 hunks)
• packages/dialects/sql.js/package.json (1 hunks)
• packages/eslint-config/package.json (1 hunks)
• packages/ide/vscode/package.json (2 hunks)
• packages/language/package.json (1 hunks)
• packages/runtime/package.json (1 hunks)
• packages/runtime/src/client/crud/operations/find.ts (1 hunks)
• packages/runtime/src/client/crud/validator.ts (3 hunks)
• packages/runtime/test/client-api/computed-fields.test.ts (1 hunks)
• packages/runtime/test/client-api/find.test.ts (2 hunks)
• packages/sdk/package.json (1 hunks)
• packages/tanstack-query/package.json (1 hunks)
• packages/testtools/package.json (1 hunks)
• packages/typescript-config/package.json (1 hunks)
• packages/vitest-config/package.json (1 hunks)
• packages/zod/package.json (1 hunks)
• samples/blog/package.json (1 hunks)
• tests/e2e/package.json (1 hunks)
• vitest.base.config.ts (0 hunks)
• vitest.config.ts (1 hunks)
• vitest.workspace.ts (0 hunks)

💤 Files with no reviewable changes (2)

• vitest.base.config.ts
• vitest.workspace.ts

🧰 Additional context used

📓 Path-based instructions (2)

{packages,samples,tests}/**

📄 CodeRabbit inference engine (CLAUDE.md)

Packages are located in packages/, samples/, and tests/

Files:

• packages/sdk/package.json
• samples/blog/package.json
• packages/common-helpers/package.json
• packages/vitest-config/package.json
• packages/typescript-config/package.json
• packages/zod/package.json
• packages/cli/package.json
• packages/cli/test/init.test.ts
• packages/runtime/package.json
• packages/testtools/package.json
• packages/language/package.json
• packages/eslint-config/package.json
• packages/tanstack-query/package.json
• packages/dialects/sql.js/package.json
• packages/create-zenstack/package.json
• packages/runtime/src/client/crud/operations/find.ts
• packages/cli/test/migrate.test.ts
• packages/runtime/src/client/crud/validator.ts
• packages/runtime/test/client-api/computed-fields.test.ts
• packages/ide/vscode/package.json
• tests/e2e/package.json
• packages/runtime/test/client-api/find.test.ts

tests/e2e/**

📄 CodeRabbit inference engine (CLAUDE.md)

E2E tests are in tests/e2e/ directory

Files:

• tests/e2e/package.json

🧠 Learnings (1)

📚 Learning: 2025-08-04T08:43:33.161Z

Learnt from: CR
PR: zenstackhq/zenstack-v3#0
File: CLAUDE.md:0-0
Timestamp: 2025-08-04T08:43:33.161Z
Learning: `zenstack generate` compiles ZModel to TypeScript schema (`schema.ts`)

Applied to files:

• packages/language/package.json

🧬 Code graph analysis (3)

packages/runtime/src/client/crud/operations/find.ts (2)

packages/runtime/src/client/crud-types.ts (1)

• FindArgs (646-662)

packages/sdk/src/schema/schema.ts (1)

• GetModels (108-108)

packages/runtime/src/client/crud/validator.ts (2)

packages/sdk/src/schema/schema.ts (1)

• GetModels (108-108)

packages/runtime/src/client/crud-types.ts (1)

• FindArgs (646-662)

packages/runtime/test/client-api/find.test.ts (1)

packages/runtime/src/client/errors.ts (1)

• InputValidationError (4-8)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: claude-review
• GitHub Check: build-test (20.x)

🔇 Additional comments (22)

packages/vitest-config/package.json (1)

4-4: Version bump to 3.0.0-beta.2 looks good.

No export map changes; safe to publish.

packages/language/package.json (1)

4-4: Version bump acknowledged.

Downstream workspace dependents should resolve seamlessly.

packages/testtools/package.json (1)

3-3: Version bump looks good.

No API surface or exports changed here.

samples/blog/package.json (1)

3-3: Sample version updated.

Dependencies already reference workspace ranges; no further action.

packages/cli/package.json (1)

6-6: Version bump consistency verified. All 15 package.json files now use 3.0.0-beta.2, no 3.0.0-beta.1 references remain, all internal deps use workspace:*, and Vitest config migration is in place.

packages/eslint-config/package.json (1)

3-3: LGTM: version bump only.

Private package; safe metadata update.

packages/create-zenstack/package.json (1)

3-3: LGTM: version bump aligns with repo-wide release.

No functional/package boundary changes.

package.json (1)

3-3: Bump looks good; verify all packages are aligned to 3.0.0-beta.2.

Process substitution isn’t available here—use this instead:

#!/bin/bash
set -euo pipefail
target="3.0.0-beta.2"
echo "Verifying all package.json versions == $target"
find . -type f -name package.json \
  -not -path '*/node_modules/*' \
  -not -path '*/dist/*' \
  -not -path '*/build/*' \
  -not -path '*/.turbo/*' \
  -print0 | while IFS= read -r -d '' f; do
    name=$(jq -r '.name // empty' "$f")
    version=$(jq -r '.version // empty' "$f")
    if [[ -n "$name" && -n "$version" && "$version" != "$target" ]]; then
      echo "Mismatch: $f -> $name@$version"
      exit 1
    fi
  done
echo "All package versions aligned to $target."

packages/tanstack-query/package.json (1)

3-3: LGTM: version bump only.

No impact on peer dependency constraints.

packages/zod/package.json (1)

3-3: LGTM: version bump only.

No API/external-facing changes in this package.

packages/sdk/package.json (1)

3-3: Approve version bump. All @zenstackhq/* packages are at 3.0.0-beta.2; no functional changes—safe to merge.

.github/workflows/publish-release.yml (1)

8-10: Confirm intent: DO_NOT_TRACK=1 alongside TELEMETRY token.

This combo disables many CLIs’ telemetry while enabling your own tracking via token. Confirm this is intended.

packages/common-helpers/package.json (1)

3-3: LGTM: version bump aligns with release.

No API/surface changes.

packages/dialects/sql.js/package.json (1)

3-3: LGTM: version bump only.

Ensure publish includes matching peer ranges; looks consistent.

packages/typescript-config/package.json (1)

3-3: LGTM: private package version bump.

Harmless for a private config package; fine to keep in sync with the release train.

tests/e2e/package.json (1)

3-3: Version bump aligns with the repo release. LGTM.

packages/runtime/package.json (1)

3-3: Runtime package version bump looks good.

packages/ide/vscode/package.json (1)

4-4: Extension version bump is fine.

packages/runtime/src/client/crud/validator.ts (1)

43-47: validateFindArgs usage verified; no action required

packages/runtime/src/client/crud/operations/find.ts (2)

10-11: Good consolidation of single-result ops into a findOne flag

This improves readability and centralizes behavior for findFirst/findUnique.

---

29-29: Confirm read always returns an array
Double-check that protected async read in packages/runtime/src/client/crud/operations/base.ts is both typed and implemented to always return an array of records—otherwise indexing into result[0] will break.

packages/runtime/test/client-api/find.test.ts (1)

3-3: Importing InputValidationError looks correct

Matches the new public export in src/client/errors.ts.

[coderabbitai]

🛠️ Refactor suggestion

Scope the secret to the step that needs it.

Placing TELEMETRY_TRACKING_TOKEN at the workflow level exposes it to all steps, including third‑party actions. Scope it to the publish step; keep DO_NOT_TRACK at the top if you want global effect.

Apply:

-env:
-    TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}
-    DO_NOT_TRACK: '1'
+env:
+    DO_NOT_TRACK: '1'
@@
             - name: Publish packages
               run: pnpm run publish-all
               env:
                   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+                  TELEMETRY_TRACKING_TOKEN: ${{ secrets.TELEMETRY_TRACKING_TOKEN }}

Also applies to: 48-52

🤖 Prompt for AI Agents

.github/workflows/publish-release.yml lines 8-10 (and similarly lines 48-52):
TELEMETRY_TRACKING_TOKEN is currently defined at the workflow/env level which
exposes it to all steps; remove TELEMETRY_TRACKING_TOKEN from the top-level env,
keep DO_NOT_TRACK there if you want global effect, and add
TELEMETRY_TRACKING_TOKEN as an env only on the publish step that needs it (set
to ${{ secrets.TELEMETRY_TRACKING_TOKEN }}), ensuring other steps and
third‑party actions cannot access the secret.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Grammar scope rename: verify tmLanguage and references updated to match.

Ensure syntaxes/zmodel.tmLanguage.json uses the same scopeName and that no code still references "source.zmodel".

Run:

Expected:

• Printed scopeName equals "source.zmodel-v3".
• No matches for source.zmodel.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Confirm tmLanguage scopeName matches
GRAMMAR_FILE="$(fd -a 'zmodel.tmLanguage.json' packages/ide/vscode | head -n1)"
echo "Grammar file: ${GRAMMAR_FILE}"
jq -r '.scopeName' "${GRAMMAR_FILE}"
test "$(jq -r '.scopeName' "${GRAMMAR_FILE}")" = "source.zmodel-v3"

# 2) Find remaining references to old scope
rg -nP '\bsource\.zmodel\b' -g '!**/node_modules/**'

Length of output: 219

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Finding zmodel grammar file(s)..."
find . -type f -name 'zmodel.tmLanguage.json'

echo -e "\nChecking scopeName in found file(s)..."
for f in $(find . -type f -name 'zmodel.tmLanguage.json'); do
  echo "$f: $(jq -r '.scopeName' "$f")"
done

echo -e "\nSearching for references to old scope 'source.zmodel'..."
rg -nP '\bsource\.zmodel\b' -g '!**/node_modules/**' || echo "No references found"

Length of output: 557

---

Missing tmLanguage grammar file

The path packages/ide/vscode/syntaxes/zmodel.tmLanguage.json referenced in package.json doesn’t exist; add the grammar file (or correct its path), then confirm its scopeName is "source.zmodel-v3" and that no code still references "source.zmodel".

🤖 Prompt for AI Agents

In packages/ide/vscode/package.json around lines 78-79, the extension references
a missing grammar file at ./syntaxes/zmodel.tmLanguage.json and a scopeName
"source.zmodel-v3"; add the missing zmodel.tmLanguage.json file at
packages/ide/vscode/syntaxes with scopeName set to "source.zmodel-v3" (or update
the path in package.json to the correct existing file), and then search the
codebase to replace any remaining references to "source.zmodel" with
"source.zmodel-v3" so all references and the package.json entry are consistent.