Syncpack setup v2

[ryanbas21]

JIRA Ticket

N/A

Description

sets up syncpack so it automatically keeps our versions aligned and everything.

Summary by CodeRabbit

• Updates
  • Davinci Client API: Polling method renamed from poll() to pollStatus() for improved consistency
  • Dependency Management: Enhanced tooling for managing and verifying dependency versions across the monorepo
  • CI/CD: Integrated automated dependency constraint validation into the build pipeline

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4ff7f04

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@ryanbas21 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 9 minutes and 3 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ec8baefe-721f-4002-a300-330d10618d37

📥 Commits

Reviewing files that changed from the base of the PR and between 8cffe6b and 4ff7f04.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (19)

• .github/workflows/ci.yml
• .syncpackrc
• e2e/am-mock-api/package.json
• e2e/davinci-app/main.ts
• e2e/davinci-app/package.json
• e2e/davinci-app/tsconfig.app.json
• e2e/davinci-suites/src/basic.test.ts
• e2e/device-client-app/package.json
• e2e/protect-app/package.json
• lefthook.yml
• package.json
• packages/davinci-client/api-report/davinci-client.api.md
• packages/davinci-client/api-report/davinci-client.types.api.md
• packages/device-client/package.json
• packages/journey-client/package.json
• pnpm-workspace.yaml
• scratchpad/package.json
• tools/api-report/package.json
• tools/interface-mapping-validator/package.json

📝 Walkthrough

Walkthrough

This PR establishes centralized dependency version management using Syncpack across the monorepo and updates the davinci-client's public API, renaming its polling method from poll to pollStatus. The Syncpack setup includes workspace catalog configuration, linting automation in CI and git hooks, and migration of package dependencies to catalog-based version references.

Changes

Syncpack Dependency Version Management

Layer / File(s)	Summary
Workspace Catalog pnpm-workspace.yaml	Added new catalog entries for @forgerock/javascript-sdk (4.9.0), @types/express (5.0.6), tsx (4.21.0), and tslib (^2.5.0).
Syncpack Configuration .syncpackrc	Introduced Syncpack config with JSON schema reference and source list covering root and all workspace package.json files.
Automation Setup .github/workflows/ci.yml, lefthook.yml	Added pnpm syncpack:lint step to CI workflow after project setup; added new syncpack pre-commit hook with glob-scoped file targeting.
Package Scripts package.json	Added syncpack:lint and syncpack:fix scripts targeting root and all workspace package.json files.
Monorepo Package Updates e2e/am-mock-api/package.json, e2e/davinci-app/package.json, e2e/device-client-app/package.json, e2e/protect-app/package.json, packages/device-client/package.json, packages/journey-client/package.json, scratchpad/package.json, tools/api-report/package.json, tools/interface-mapping-validator/package.json	Updated dependency version specifiers to use catalog references (e.g., ^4.7.0 → catalog:, ^2.3.0 → catalog:\*) for @forgerock/javascript-sdk, @types/express, tsx, tslib, and @vitest/coverage-v8.

DaVinci Client API Update

Layer / File(s)	Summary
Public API Reports packages/davinci-client/api-report/davinci-client.api.md, packages/davinci-client/api-report/davinci-client.types.api.md	Renamed polling method from poll(collector: PollingCollector) => Poller to pollStatus(collector: PollingCollector) => Poller; reordered return-type union members in start, getClient, and getNode without changing the set of possible types.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• ForgeRock/ping-javascript-sdk#622: Implements the same davinci client polling API rename (poll → pollStatus) in the client implementation and e2e usage.
• ForgeRock/ping-javascript-sdk#509: Modifies packages/journey-client/package.json and pnpm-workspace.yaml catalog entries with similar dependency specification changes.
• ForgeRock/ping-javascript-sdk#422: Updates pnpm workspace configuration in pnpm-workspace.yaml for monorepo-wide dependency management.

Suggested reviewers

• cerebrl
• ancheetah

---

🐰 Syncpack hops through the monorepo with glee,
Cataloging versions, setting dependencies free!
While davinci's poll becomes pollStatus bright,
All dependencies aligned—oh, what a sight! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides a brief explanation of what syncpack does, but lacks detail about how it works and which files were modified.	Expand description to briefly explain syncpack's purpose, configuration approach, and mention key files changed (e.g., .syncpackrc, pnpm-workspace.yaml) or link to relevant documentation.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Syncpack setup v2' directly reflects the main change: adding and configuring syncpack for automated version management.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch syncpack-setup-v2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 54a6cfe

Command	Status	Duration	Result
nx run-many -t build --no-agents	✅ Succeeded	<1s	View ↗
nx affected -t build lint test typecheck e2e-ci	✅ Succeeded	1m 26s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-05-05 22:44:25 UTC

[nx-cloud]

Important

At least one additional CI pipeline execution has run since the conclusion below was written and it may no longer be applicable.

Nx Cloud is proposing a fix for your failed CI:

We updated the signoff assertion in basic.test.ts to use page.waitForRequest instead of page.waitForResponse for the /signoff check, which fixes the 30s timeout. With @forgerock/javascript-sdk 4.9.0 (introduced by this PR), endSession now uses window.location.assign() rather than fetch(), meaning the 302 redirect is a document navigation that Playwright's CDP-based waitForResponse does not capture. Switching to waitForRequest correctly intercepts the navigation request to /signoff, and the subsequent expect(page.getByText('Username/Password Form')).toBeVisible() continues to verify the full logout redirect completed.

Tip

✅ We verified this fix by re-running @forgerock/davinci-suites:e2e-ci--src/basic.test.ts.

Warning

The suggested diff is too large to display here, but you can view it on Nx Cloud ↗

  

Or Apply changes locally with:

npx nx-cloud apply-locally DTyA-1GFB

Apply fix locally with your editor ↗   View interactive diff ↗

_{🎓 Learn more about Self-Healing CI on nx.dev}

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/@forgerock/davinci-client@624

@forgerock/device-client

pnpm add https://pkg.pr.new/@forgerock/device-client@624

@forgerock/journey-client

pnpm add https://pkg.pr.new/@forgerock/journey-client@624

@forgerock/oidc-client

pnpm add https://pkg.pr.new/@forgerock/oidc-client@624

@forgerock/protect

pnpm add https://pkg.pr.new/@forgerock/protect@624

@forgerock/sdk-types

pnpm add https://pkg.pr.new/@forgerock/sdk-types@624

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/@forgerock/sdk-utilities@624

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/@forgerock/iframe-manager@624

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/@forgerock/sdk-logger@624

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/@forgerock/sdk-oidc@624

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/@forgerock/sdk-request-middleware@624

@forgerock/storage

pnpm add https://pkg.pr.new/@forgerock/storage@624

commit: 4ff7f04

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 17.61%. Comparing base (5d6747a) to head (4ff7f04).
⚠️ Report is 94 commits behind head on main.

❌ Your project status has failed because the head coverage (17.61%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #624       +/-   ##
===========================================
- Coverage   70.90%   17.61%   -53.29%     
===========================================
  Files          53      154      +101     
  Lines        2021    24243    +22222     
  Branches      377     1160      +783     
===========================================
+ Hits         1433     4271     +2838     
- Misses        588    19972    +19384     

see 101 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Deployed 9bc8071 to https://ForgeRock.github.io/ping-javascript-sdk/pr-624/9bc8071025d8c7dd8240d84ecea0109f9379ea22 branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/device-client - 0.0 KB (-10.0 KB, -100.0%)
🔻 @forgerock/journey-client - 0.0 KB (-91.9 KB, -100.0%)

📊 Minor Changes

📉 @forgerock/device-client - 10.0 KB (-0.0 KB)
📉 @forgerock/journey-client - 91.9 KB (-0.0 KB)

➖ No Changes

➖ @forgerock/davinci-client - 48.9 KB
➖ @forgerock/oidc-client - 25.2 KB
➖ @forgerock/sdk-utilities - 11.2 KB
➖ @forgerock/sdk-types - 7.9 KB
➖ @forgerock/protect - 144.6 KB
➖ @forgerock/storage - 1.5 KB
➖ @forgerock/sdk-oidc - 4.8 KB
➖ @forgerock/sdk-request-middleware - 4.5 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB

---

14 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}