feat: 2.0

[sealday]

Summary by CodeRabbit

• New Features
  • DI container and unified EventBus with async handlers; new logger and IPC/WebSocket support; Standard Core Plugin offering common server services and middleware.
• Changes
  • Core refactor toward a minimal runtime with plugin-based service wiring; many CLI/gateway responsibilities moved into pluggable modules.
• Breaking Changes
  • Core class renamed to Tego (Application alias kept); event names adopt namespaced prefixes (tego:/plugin:).
• Documentation
  • Extensive migration plans, implementation status, and architecture/DI/gateway/plugin lifecycle guides.

[coderabbitai]

Walkthrough

Core refactor introducing Tego as the DI-backed runtime, new EventBus, DI/token surface and container changes, extraction of standard services into a module-standard-core plugin, IPC client/server utilities, and extensive architecture/migration documentation; AppSupervisor and Gateway were moved out of core into plugin modules.

Changes

Cohort / File(s)	Summary
Documentation & Roadmaps packages/core/docs/* (many files, e.g., app-supervisor-analysis.*, di-container-eventbus-plan.*, gateway-removal-plan.*, implementation-status.md, phase5-*.md, plugin-lifecycle.*, refactor-*.md, src-overview.*, refactoring-complete.md)	17+ new/updated docs describing DI/EventBus design, phased migration, Gateway/AppSupervisor removal plans, plugin lifecycle, implementation status and refactor guidance.
Core runtime / API surface packages/core/src/tego.ts, packages/core/src/application.ts, packages/core/src/index.ts, packages/core/src/plugin.ts	Introduce Tego class (replacement alias for Application), expose DI container and EventBus, rewire plugin API to use Tego, and update public exports to the new surface.
Event & logging utilities packages/core/src/event-bus.ts, packages/core/src/logger.ts, packages/core/src/tokens.ts	New EventBus (IEventBus + EventBus) with emitAsync, minimal Logger interface + ConsoleLogger, and TOKENS constant for DI token keys.
IPC support packages/core/src/ipc-socket-client.ts, packages/core/src/ipc-socket-server.ts	New JSON-over-IPC client and server for inter-process CLI/command bridging and request/response handling.
Removed core modules (moved to plugin) packages/core/src/app-supervisor.ts, packages/core/src/gateway/*, packages/core/src/sync-message-manager.ts, packages/core/src/cache/index.ts, packages/core/src/commands/*, packages/core/src/gateway/types.ts	Deleted in-core implementations for AppSupervisor, Gateway (HTTP/WS), sync messaging, cache initialization and many CLI command registrations; functionality migrated to module-standard-core.
Plugin manager events packages/core/src/plugin-manager/plugin-manager.ts	Plugin lifecycle events renamed/emitted as namespaced plugin:* events plus per-plugin plugin:${name}:* variants; plugin object passed to events.
DI package rename & API changes packages/di/package.json, packages/di/src/* (decorators, container-instance, resolve-to-type-wrapper, errors, interfaces, tests)	Package renamed to @tego/di; decorator APIs simplified (Inject/InjectMany/Service unified), new convenience decorators (App, Db, InjectLog, Controller, Action), container disposal and multi-service handling hardened, and tests added/adjusted.
module-standard-core package (new) packages/module-standard-core/* (plugin, services, commands, README, package.json)	New StandardCorePlugin supplying core services (ACL, Cache, Cron, PubSub, Gateway, AppSupervisor, Notice, Locale, etc.), DI registration helpers (registerCache, registerACL, registerCron, registerPubSub, registerGateway, registerAppSupervisor, registerNoticeManager, registerSyncMessageManager), commands wired for Tego, and related service implementations.
PubSub / locale / middlewares refactor packages/module-standard-core/src/server/services/*	PubSub, Locale, Middlewares, Notice, SyncMessageManager refactored to use Tego and DI container; middleware registration helper added.
Test infra packages/test/vitest.ts	Vitest bootstrap improved to find project root, dynamic include patterns, and path alias resolution based on tsconfig.paths.json.
Package dependency updates packages/core/package.json, packages/server/package.json	Replaced dependency @tachybase/di with @tego/di across affected packages.

Sequence Diagram(s)

sequenceDiagram
    participant Tego as Tego (core)
    participant Container as DI Container
    participant EB as EventBus
    participant PM as PluginManager
    participant Plugin as Plugin

    rect rgb(220, 240, 220)
    Note over Tego,EB: Startup & event emission
    end

    Tego->>EB: emitAsync('tego:beforeLoad')
    EB->>PM: notify listeners
    Tego->>PM: load(plugin)
    PM->>EB: emitAsync('plugin:beforeLoad', plugin)
    PM->>Plugin: plugin.beforeLoad()
    Plugin->>Container: container.set(token, service)
    Plugin->>PM: plugin.load()
    PM->>EB: emitAsync('plugin:afterLoad', plugin)
    Tego->>EB: emitAsync('tego:afterLoad')

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60–90 minutes

Areas needing extra attention:

• packages/core/src/tego.ts (lifecycle sequencing, deprecated compatibility layers).
• EventBus behavior vs previous EventEmitter usage (ordering, error propagation).
• PluginManager event rename impacts across consumers.
• DI changes: decorator behavior, container disposal, multi-service removal logic.
• module-standard-core service registrations (TOKENS alignment and lifecycle hooks).
• IPC modules for correctness and security of CLI bridging.

Possibly related PRs

• refactor: di package #766 — DI internals changes (container-instance, decorators); closely overlaps DI API and behavior edits.
• refactor: rename @tachybase/server to @tego/core #773 — Core/Tego surface and import/export refactor; related to rebranding and core-api reshaping.
• test: add tests to packages/di #914 — DI tests and container exports; connected to added DI tests and container semantics.

Poem

🐰 I hopped along the code-lined trail,
Built a cozy Tego with event and scale,
Plugins now bloom from tiny tokens sown,
IPC whispers through pipes well-known,
Core grows lean — a modular home-grown.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 63.16% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'feat: 2.0' is extremely vague and does not convey meaningful information about this substantial changeset involving DI container migration, plugin architecture restructuring, and removal of Gateway/AppSupervisor from core.	Consider a more descriptive title like 'feat: Tego 2.0 refactor with DI container, plugin-based architecture, and core simplification' to clearly communicate the scope and significance of this major architectural change.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev-2.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

packages/di/src/utils/resolve-to-type-wrapper.util.ts (1)

30-40: Guard against missing identifiers

If typeOrIdentifier is undefined, neither branch executes and typeWrapper stays uninitialised. The function then returns undefined, so downstream destructuring (e.g. const { eagerType } = resolveToTypeWrapper(...)) explodes with “Cannot destructure property 'eagerType' of undefined”. Stage‑3 property decorators still hit this path whenever metadata cannot be produced (interfaces, unions, any, etc.), so this regresses the previous behaviour that raised CannotInjectValueError instead of crashing.

Please restore an explicit guard that throws the injection error (or otherwise initialises the wrapper) before returning.

@@
-  let typeWrapper!: { eagerType: ServiceIdentifier | null; lazyType: (type?: never) => ServiceIdentifier };
+  let typeWrapper: { eagerType: ServiceIdentifier | null; lazyType: (type?: never) => ServiceIdentifier } | null = null;
@@
-  if ((typeOrIdentifier && typeof typeOrIdentifier === 'string') || typeOrIdentifier instanceof Token) {
+  if ((typeOrIdentifier && typeof typeOrIdentifier === 'string') || typeOrIdentifier instanceof Token) {
     typeWrapper = { eagerType: typeOrIdentifier, lazyType: () => typeOrIdentifier };
   }
@@
-  if (typeOrIdentifier && typeof typeOrIdentifier === 'function') {
+  if (typeOrIdentifier && typeof typeOrIdentifier === 'function') {
     /** We set eagerType to null, preventing the raising of the CannotInjectValueError in decorators.  */
     typeWrapper = { eagerType: null, lazyType: () => (typeOrIdentifier as CallableFunction)() };
   }
 
-  return typeWrapper;
+  if (!typeWrapper) {
+    throw new Error('resolveToTypeWrapper requires an explicit token or factory; received undefined');
+  }
+
+  return typeWrapper;

packages/di/src/decorators.ts (1)

119-124: Restore the intended ACL default.

Passing an empty options object leaves acl undefined, undermining the documented “private” default. Merge the default before storing the action metadata.

-      actions.get(target).push({
-        type: 'action',
-        method: String(context.name),
-        actionName: name,
-        options: options || { acl: 'private' },
-      });
+      const actionOptions = { acl: 'private', ...(options ?? {}) };
+      actions.get(target).push({
+        type: 'action',
+        method: String(context.name),
+        actionName: name,
+        options: actionOptions,
+      });

packages/module-standard-core/src/server/services/pub-sub/index.ts (1)

95-104: Await the connection check before publishing

IPubSubAdapter.isConnected() returns a Promise, so the current guard always evaluates truthy and publish() runs even while the adapter is disconnected. That bypasses the intended safety check and can trigger adapter errors or drop messages when the connection is down. Please await the connectivity check before proceeding.

-    if (!this.adapter?.isConnected()) {
-      return;
-    }
+    if (!this.adapter || !(await this.adapter.isConnected())) {
+      return;
+    }

packages/core/src/application.ts (1)

5-5: Fix incorrect EventEmitter import source

EventEmitter is exported from node:events, not node:stream. With the current import the TypeScript build fails (Module '"node:stream"' has no exported member 'EventEmitter'). Please import from node:events instead.

-import { EventEmitter } from 'node:stream';
+import { EventEmitter } from 'node:events';

🧹 Nitpick comments (14)

packages/core/docs/src-overview.zh.md (1)

4-22: Consider documenting Tego and EventBus as core abstractions.

The architecture overview mentions many modules but does not reference Tego or EventBus, which the PR summary indicates are now central to the 2.0 design. If these are significant architectural changes, consider:

• Adding a brief explanation of Tego's role as the DI-container-backed runtime
• Documenting how EventBus relates to the overall system
• Clarifying how the application.ts entry point relates to Tego/EventBus in 2.0

This would help users understand the architectural shift from 1.x to 2.0.

packages/di/src/decorators/service.decorator.ts (2)

28-28: Clean signature simplification.

The single generic signature is more maintainable than multiple overloads and properly threads the type parameter through to ServiceOptions<T> and the implementation.

Minor refinement: The return type Function is quite broad. Consider using ClassDecorator or the full decorator signature for better type precision:

-export function Service<T = unknown>(options: ServiceOptions<T> = {}): Function {
+export function Service<T = unknown>(options: ServiceOptions<T> = {}): ClassDecorator {

---

29-47: Consider improving type safety for the factory option.

The type assertion (options as any).factory on line 33 bypasses type checking. Since ServiceOptions<T> is a union type, you could use a type guard to safely access the factory property.

Apply this pattern to improve type safety:

 export function Service<T = unknown>(options: ServiceOptions<T> = {}): Function {
   return (target: Constructable<T>, context: ClassDecoratorContext) => {
+    const hasFactory = 'factory' in options && typeof options.factory === 'function';
     const serviceMetadata: ServiceMetadata<T> = {
       id: options.id || target,
       type: target,
-      factory: (options as any).factory || undefined,
+      factory: hasFactory ? options.factory : undefined,
       multiple: options.multiple || false,
       eager: options.eager || false,
       scope: options.scope || 'container',
       referencedBy: new Map().set(ContainerInstance.default.id, ContainerInstance.default),
       value: EMPTY_VALUE,
     };

packages/module-standard-core/src/server/services/pub-sub/handler-manager.ts (4)

95-98: LGTM!

Extracting handlerMap into a local variable improves readability and reduces redundant map lookups.

---

102-106: LGTM!

Consistent refactoring pattern applied across the class methods.

---

113-119: LGTM!

Extracting handlerMap improves code clarity by reducing nested property access.

---

128-130: LGTM!

The destructuring pattern in the for-of loop is a clean improvement.

packages/core/src/event-bus.ts (1)

71-78: Honor the advertised handler priority.

SubscribeOptions.priority is exposed but ignored, so callers can set a priority and silently get FIFO ordering. Either implement priority or drop the option; implementing at least a simple prependListener when priority > 0 keeps behavior aligned with the API surface.

-  on<T = any>(event: string, handler: EventHandler<T>, options?: SubscribeOptions): Unsubscribe {
-    this.emitter.on(event, handler);
+  on<T = any>(event: string, handler: EventHandler<T>, options?: SubscribeOptions): Unsubscribe {
+    const priority = options?.priority ?? 0;
+    if (priority > 0) {
+      this.emitter.prependListener(event, handler);
+    } else {
+      this.emitter.on(event, handler);
+    }

packages/core/docs/refactor-shared-state.zh.md (1)

41-46: Consider adding blank lines around the table.

The markdown table at line 41 should be surrounded by blank lines for better formatting compliance.

Apply this diff:

 ## 状态共享策略示例
+
 | 策略 | 说明 | 适用场景 | 注意点 |
 | --- | --- | --- | --- |
 | **Redis / 外部存储共享** | 所有读写均走外部 store(Redis、etcd、数据库) | 多活部署、容忍网络延迟 | 需处理分布式锁、重试、数据过期 |
 | **进程内独立** | 每个 worker 从持久化源加载一份,运行期独立维护 | 单机部署、读多写少 | 需要额外机制广播刷新,可能出现短暂不一致 |
 | **单写多读** | 指定主进程写入,变更通过 IPC / PubSub 通知其他进程刷新只读副本 | 插件管理、Cron 调度等对一致性要求高但易集中写入的场景 | 要保证主进程故障时的主备切换与回退逻辑 |
+
 > 建议:插件管理与任务调度优先采用"单写多读"策略;若未来需要横向扩展,可升级到 Redis 共享。维护状态、连接类信息根据业务需要选择进程内或共享实现。

packages/module-standard-core/src/server/services/acl/index.ts (1)

6-16: Consider making resource configuration more flexible.

The configureResources array is currently hardcoded. For better flexibility, consider accepting resources as an optional parameter in createACL() or registerACL() to allow customization by consumers.

-export function createACL() {
+export function createACL(resources: string[] = configureResources) {
   const acl = new ACL();
 
   for (const [actionName, actionParams] of Object.entries(availableActions)) {
     acl.setAvailableAction(actionName, actionParams);
   }
 
-  acl.registerConfigResources(configureResources);
+  acl.registerConfigResources(resources);
 
   return acl;
 }

packages/module-standard-core/src/server/plugin.ts (1)

40-53: Consider importing TOKENS statically and clarify verification intent.

The dynamic require('@tego/core') inside verifyServices is unusual. Since this file already imports from @tego/core, consider importing TOKENS at the top for consistency and better tree-shaking.

Additionally, the verification only logs warnings without throwing errors. If this is intentional (graceful degradation), consider documenting this behavior in a comment.

Apply this diff to use a static import:

-import { Plugin } from '@tego/core';
+import { Plugin, TOKENS } from '@tego/core';

 import { registerACL, registerAdvancedLogger, registerCache, registerCron, registerPubSub } from './services';

...

   private verifyServices() {
-    const { TOKENS } = require('@tego/core');
     const { container } = this.tego;

packages/core/docs/refactor-shared-state.en.md (1)

40-47: Add blank lines around the strategy comparison table.

The markdown table should be surrounded by blank lines for better rendering and to comply with markdown best practices.

Apply this diff:

 | **Single-writer / multi-reader** | One "leader" writes; followers consume read-only snapshots via IPC/PubSub | Plugin registry, schedulers, or other strongly-consistent workloads | Needs leader election / failover and clear recovery plan |
+
 > Recommendation: start with single-writer for plugin management and cron scheduling; upgrade to Redis-backed sharing if horizontal scaling demands it. Ephemeral info (maintaining status, gateway connections) can stay process-local unless dashboards require global visibility.
+
 ## Refactor Checklist

packages/core/src/plugin.ts (1)

80-300: Consider future migration of internal this.app references to this.tego.

While the deprecated app getter provides backwards compatibility, the Plugin base class still uses this.app internally in many places (log, noticeManager, pm, db, etc.). Consider gradually migrating these to this.tego in future PRs to fully transition to the new naming convention.

packages/core/src/ipc-socket-client.ts (1)

72-76: Document request/response correlation requirements.

The write method returns a promise that resolves on the next response event. For concurrent requests, callers must check the reqId in the response to match it with their request. Consider adding JSDoc to clarify this requirement or implementing internal correlation logic.

Example JSDoc addition:

  /**
   * Write data to the IPC socket and wait for a response.
   * 
   * @param data - The data to send (should include a reqId for correlation)
   * @returns Promise that resolves with { reqId, type, payload }
   * 
   * @remarks
   * When making concurrent requests, callers should check the reqId
   * in the response to ensure it matches their request.
   */
  write(data: any) {
    // ...
  }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 62d8949 and a5d9bd4.

📒 Files selected for processing (63)

• packages/core/docs/app-supervisor-analysis.en.md (1 hunks)
• packages/core/docs/app-supervisor-analysis.zh.md (1 hunks)
• packages/core/docs/di-container-eventbus-plan.en.md (1 hunks)
• packages/core/docs/di-container-eventbus-plan.zh.md (1 hunks)
• packages/core/docs/gateway-removal-plan.en.md (1 hunks)
• packages/core/docs/gateway-removal-plan.zh.md (1 hunks)
• packages/core/docs/implementation-status.md (1 hunks)
• packages/core/docs/phase5-implementation-notes.en.md (1 hunks)
• packages/core/docs/phase5-implementation-notes.zh.md (1 hunks)
• packages/core/docs/phase5-service-migration.en.md (1 hunks)
• packages/core/docs/phase5-service-migration.zh.md (1 hunks)
• packages/core/docs/plugin-lifecycle.en.md (1 hunks)
• packages/core/docs/plugin-lifecycle.zh.md (1 hunks)
• packages/core/docs/refactor-di-plan.en.md (1 hunks)
• packages/core/docs/refactor-di-plan.zh.md (1 hunks)
• packages/core/docs/refactor-shared-state.en.md (1 hunks)
• packages/core/docs/refactor-shared-state.zh.md (1 hunks)
• packages/core/docs/refactoring-complete.md (1 hunks)
• packages/core/docs/src-overview.en.md (1 hunks)
• packages/core/docs/src-overview.zh.md (1 hunks)
• packages/core/package.json (1 hunks)
• packages/core/src/application.ts (23 hunks)
• packages/core/src/cache/index.ts (0 hunks)
• packages/core/src/event-bus.ts (1 hunks)
• packages/core/src/index.ts (2 hunks)
• packages/core/src/ipc-socket-client.ts (1 hunks)
• packages/core/src/ipc-socket-server.ts (1 hunks)
• packages/core/src/logger.ts (1 hunks)
• packages/core/src/plugin-manager/plugin-manager.ts (7 hunks)
• packages/core/src/plugin.ts (3 hunks)
• packages/core/src/pub-sub-manager/index.ts (0 hunks)
• packages/core/src/tego.ts (1 hunks)
• packages/core/src/tokens.ts (1 hunks)
• packages/di/package.json (1 hunks)
• packages/di/src/__tests__/circular-dependency.test.ts (1 hunks)
• packages/di/src/__tests__/errors.test.ts (1 hunks)
• packages/di/src/__tests__/lifecycle.test.ts (1 hunks)
• packages/di/src/container-instance.class.ts (3 hunks)
• packages/di/src/decorators.ts (2 hunks)
• packages/di/src/decorators/inject-many.decorator.ts (2 hunks)
• packages/di/src/decorators/inject.decorator.ts (1 hunks)
• packages/di/src/decorators/service.decorator.ts (1 hunks)
• packages/di/src/error/cannot-inject-value.error.ts (1 hunks)
• packages/di/src/interfaces/handler.interface.ts (2 hunks)
• packages/di/src/utils/resolve-to-type-wrapper.util.ts (1 hunks)
• packages/module-standard-core/.npmignore (1 hunks)
• packages/module-standard-core/README.md (1 hunks)
• packages/module-standard-core/package.json (1 hunks)
• packages/module-standard-core/src/client/index.ts (1 hunks)
• packages/module-standard-core/src/index.ts (1 hunks)
• packages/module-standard-core/src/server/index.ts (1 hunks)
• packages/module-standard-core/src/server/plugin.ts (1 hunks)
• packages/module-standard-core/src/server/services/acl/available-action.ts (1 hunks)
• packages/module-standard-core/src/server/services/acl/index.ts (1 hunks)
• packages/module-standard-core/src/server/services/cache/index.ts (1 hunks)
• packages/module-standard-core/src/server/services/cron/index.ts (2 hunks)
• packages/module-standard-core/src/server/services/index.ts (1 hunks)
• packages/module-standard-core/src/server/services/logger/index.ts (1 hunks)
• packages/module-standard-core/src/server/services/pub-sub/handler-manager.ts (2 hunks)
• packages/module-standard-core/src/server/services/pub-sub/index.ts (6 hunks)
• packages/module-standard-core/src/server/services/pub-sub/memory-pub-sub-adapter.ts (0 hunks)
• packages/module-standard-core/src/server/services/pub-sub/types.ts (0 hunks)
• packages/test/vitest.ts (3 hunks)

💤 Files with no reviewable changes (4)

• packages/core/src/pub-sub-manager/index.ts
• packages/core/src/cache/index.ts
• packages/module-standard-core/src/server/services/pub-sub/types.ts
• packages/module-standard-core/src/server/services/pub-sub/memory-pub-sub-adapter.ts

🧰 Additional context used

🧬 Code graph analysis (20)

packages/di/src/__tests__/circular-dependency.test.ts (3)

packages/di/src/container-instance.class.ts (2)

• ContainerInstance (17-474)
• Container (476-476)

packages/di/src/decorators/service.decorator.ts (1)

• Service (28-48)

packages/di/src/decorators/inject.decorator.ts (1)

• Inject (25-56)

packages/core/src/tokens.ts (2)

packages/core/src/event-bus.ts (1)

• IEventBus (27-57)

packages/core/src/logger.ts (1)

• Logger (6-31)

packages/module-standard-core/src/server/services/logger/index.ts (2)

packages/core/src/tego.ts (2)

• Tego (57-615)
• logger (154-156)

packages/logger/src/system-logger.ts (1)

• createSystemLogger (101-116)

packages/module-standard-core/src/server/services/cache/index.ts (3)

packages/cache/src/cache-manager.ts (1)

• CacheManagerOptions (21-26)

packages/core/src/tokens.ts (1)

• TOKENS (13-141)

packages/module-standard-core/src/server/services/index.ts (1)

• registerCache (15-15)

packages/module-standard-core/src/server/plugin.ts (8)

packages/module-standard-core/src/server/index.ts (1)

• StandardCorePlugin (1-1)

packages/module-standard-core/src/server/services/index.ts (5)

• registerAdvancedLogger (9-9)
• registerACL (12-12)
• registerCache (15-15)
• registerCron (18-18)
• registerPubSub (21-21)

packages/module-standard-core/src/server/services/logger/index.ts (1)

• registerAdvancedLogger (4-16)

packages/module-standard-core/src/server/services/acl/index.ts (1)

• registerACL (30-34)

packages/module-standard-core/src/server/services/cache/index.ts (1)

• registerCache (14-16)

packages/module-standard-core/src/server/services/cron/index.ts (1)

• registerCron (81-83)

packages/module-standard-core/src/server/services/pub-sub/index.ts (1)

• registerPubSub (113-115)

packages/core/src/tokens.ts (1)

• TOKENS (13-141)

packages/di/src/decorators.ts (1)

packages/di/src/decorators/inject.decorator.ts (1)

• Inject (25-56)

packages/module-standard-core/src/server/services/acl/available-action.ts (1)

packages/server/src/index.ts (1)

• AvailableActionOptions (141-141)

packages/module-standard-core/src/server/services/pub-sub/index.ts (5)

packages/module-standard-core/src/server/services/pub-sub/types.ts (1)

• PubSubManagerOptions (1-3)

packages/module-standard-core/src/server/services/pub-sub/memory-pub-sub-adapter.ts (1)

• MemoryPubSubAdapter (14-69)

packages/module-standard-core/src/server/services/pub-sub/handler-manager.ts (1)

• HandlerManager (7-134)

packages/core/src/tokens.ts (1)

• TOKENS (13-141)

packages/module-standard-core/src/server/services/index.ts (1)

• registerPubSub (21-21)

packages/module-standard-core/src/server/services/acl/index.ts (2)

packages/core/src/application.ts (1)

• acl (375-377)

packages/core/src/tokens.ts (1)

• TOKENS (13-141)

packages/core/src/application.ts (4)

packages/core/src/index.ts (3)

• Tego (3-3)
• Tego (4-4)
• Application (3-3)

packages/core/src/event-bus.ts (1)

• EventBus (62-114)

packages/core/src/notice/index.ts (1)

• NoticeManager (20-65)

packages/core/src/tokens.ts (1)

• TOKENS (13-141)

packages/core/src/ipc-socket-server.ts (1)

packages/core/src/ipc-socket-client.ts (1)

• writeJSON (8-10)

packages/test/vitest.ts (1)

packages/devkit/src/constants.ts (1)

• __dirname (5-5)

packages/di/src/decorators/service.decorator.ts (1)

packages/di/src/interfaces/service-options.interface.ts (1)

• ServiceOptions (7-10)

packages/core/src/plugin-manager/plugin-manager.ts (1)

packages/core/src/plugin.ts (1)

• name (91-93)

packages/di/src/decorators/inject-many.decorator.ts (3)

packages/di/src/utils/resolve-to-type-wrapper.util.ts (1)

• resolveToTypeWrapper (15-41)

packages/di/src/error/cannot-inject-value.error.ts (1)

• CannotInjectValueError (6-25)

packages/di/src/container-instance.class.ts (1)

• ContainerInstance (17-474)

packages/di/src/decorators/inject.decorator.ts (5)

packages/utils/src/types/constructable.type.ts (1)

• Constructable (10-10)

packages/di/src/types/service-identifier.type.ts (1)

• ServiceIdentifier (10-15)

packages/di/src/utils/resolve-to-type-wrapper.util.ts (1)

• resolveToTypeWrapper (15-41)

packages/di/src/error/cannot-inject-value.error.ts (1)

• CannotInjectValueError (6-25)

packages/di/src/container-instance.class.ts (1)

• ContainerInstance (17-474)

packages/module-standard-core/src/server/services/cron/index.ts (2)

packages/core/src/tokens.ts (1)

• TOKENS (13-141)

packages/module-standard-core/src/server/services/index.ts (1)

• registerCron (18-18)

packages/core/src/ipc-socket-client.ts (1)

packages/core/src/logger.ts (1)

• ConsoleLogger (36-58)

packages/core/src/plugin.ts (1)

packages/core/src/tego.ts (1)

• Tego (57-615)

packages/core/src/tego.ts (8)

packages/core/src/event-bus.ts (1)

• EventBus (62-114)

packages/core/src/environment.ts (1)

• Environment (5-39)

packages/core/src/app-command.ts (1)

• AppCommand (3-58)

packages/core/src/helpers/application-version.ts (1)

• ApplicationVersion (7-50)

packages/core/src/logger.ts (1)

• ConsoleLogger (36-58)

packages/core/src/commands/index.ts (1)

• registerCli (16-38)

packages/core/src/tokens.ts (1)

• TOKENS (13-141)

packages/core/src/plugin.ts (1)

• name (91-93)

🪛 GitHub Actions: Test Coverage

packages/core/package.json

[error] 1-1: pnpm install failed due to frozen-lockfile: lockfile is not up to date with package.json. Specifiers in the lockfile don't match specifiers in package.json: 1 dependencies were added: @tego/di@workspace:; 1 dependencies were removed: @tachybase/di@workspace:. Run 'pnpm install' or 'pnpm install --no-frozen-lockfile'.

🪛 GitHub Actions: Tests

packages/core/package.json

[error] 1-1: ERR_PNPM_OUTDATED_LOCKFILE: Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up to date with /packages/core/package.json. 1 dependencies were added: @tego/di@workspace:; 1 dependencies were removed: @tachybase/di@workspace:. The command that failed: 'pnpm install'. Run 'pnpm install --no-frozen-lockfile' to update the lockfile.

🪛 LanguageTool

packages/core/docs/phase5-implementation-notes.en.md

[uncategorized] ~225-~225: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...e 3. Lazy Loading: Services created on demand 4. Memory Usage: Container maintain...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

packages/core/docs/refactor-di-plan.en.md

[grammar] ~53-~53: Ensure spelling is correct
Context: ...eduler`, …) for existing services. 2. Pluginise implementations: move database, gatew...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

packages/core/docs/gateway-removal-plan.zh.md

[uncategorized] ~237-~237: 您的意思是“由"于"”吗？
Context: ...plugin-multi-app-gateway` - 职责：多应用路由与状态管理。 - 配置： ```typescript { ...

(YU7_YU8)

---

[uncategorized] ~270-~270: 动词的修饰一般为‘形容词（副词）+地+动词’。您的意思是否是：灵活"地"部署
Context: ...TTP/WebSocket 依赖，核心专注于插件加载和生命周期。 - 更灵活的部署：可选择不同的 HTTP 服务器实现（如基于 Fastify、Expre...

(wb4)

packages/core/docs/phase5-service-migration.zh.md

[uncategorized] ~215-~215: 您的意思是"用于"过度""？
Context: ...法中） - 服务的 getter（保留带 @deprecated 标记的版本用于过渡） ### 第五步：更新插件访问服务的方式 #### Before: ```...

(DU3_DU4)

packages/core/docs/plugin-lifecycle.zh.md

[uncategorized] ~21-~21: 动词的修饰一般为‘形容词（副词）+地+动词’。您的意思是否是：一次性"地"初始化
Context: ...nstallPlugin。 - 插件应在 install()` 中执行一次性的初始化逻辑，例如写入默认数据、迁移旧版本配置。 - 特性实例会在主插件完成后依次...

(wb4)

---

[uncategorized] ~31-~31: 您的意思是“多"于"”吗？
Context: ...升级及迁移 - plugin.upgrade()：插件在升级管线中被调用，多与迁移脚本配合执行。 - 通过 plugin.loadMigrations()...

(YU7_YU8)

---

[uncategorized] ~42-~42: 动词的修饰一般为‘形容词（副词）+地+动词’。您的意思是否是：一次性"地"初始化
Context: ...endSyncMessage()（发送）。 ## 插件编写建议 - 将一次性的初始化逻辑放在 install()，将幂等的运行期逻辑放在 load()`...

(wb4)

packages/core/docs/app-supervisor-analysis.zh.md

[uncategorized] ~124-~124: 动词的修饰一般为‘形容词（副词）+地+动词’。您的意思是否是：灵活"地"部署
Context: ... - 插件可按需依赖应用管理服务，而非强制使用全局单例。 4. 灵活的部署模式 - 单应用场景无需引入多应用管理开销。 - 多应用场景...

(wb4)

---

[uncategorized] ~170-~170: 动词的修饰一般为‘形容词（副词）+地+动词’。您的意思是否是：专门"地"插
Context: ...isor** - 单应用场景下无需应用管理器。 - 多应用场景由专门的插件提供，核心不再内置。 2. 标准化应用生命周期协议 - 定义...

(wb4)

packages/core/docs/app-supervisor-analysis.en.md

[style] ~179-~179: To form a complete sentence, be sure to include a subject.
Context: ...nant and sub-application scenarios. - Can be removed in single-app scenarios, w...

(MISSING_IT_THERE)

---

[grammar] ~182-~182: Ensure spelling is correct
Context: ... Containerise → Interface abstraction → Pluginise → Eventually remove core dependency. #...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

packages/core/docs/gateway-removal-plan.en.md

[style] ~296-~296: You have already used this phrasing in nearby sentences. Consider replacing it to add variety to your writing.
Context: ...troubleshooting. - Log Aggregation: Need to unify plugin log format and tracing mec...

(REP_NEED_TO_VB)

🪛 markdownlint-cli2 (0.18.1)

packages/core/docs/refactoring-complete.md

84-84: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

107-107: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

packages/module-standard-core/README.md

225-225: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

packages/core/docs/refactor-shared-state.zh.md

41-41: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

packages/core/docs/refactor-shared-state.en.md

41-41: Tables should be surrounded by blank lines

(MD058, blanks-around-tables)

🔇 Additional comments (37)

packages/module-standard-core/src/client/index.ts (1)

1-2: Clarify the intent of the empty client-side placeholder.

This file is marked as a placeholder with only an empty default export. Given that the server-side (server/index.ts) appears to have comprehensive implementations (service registries, plugin definitions, and re-exports), this feels incomplete or intentionally deferred.

• Is this placeholder intentional (i.e., no client-side surface is needed for the standard core)?
• If client-side implementation is planned, should this be flagged with a TODO comment or tracked in a separate issue?
• Consider removing the file entirely if it serves no purpose, or providing meaningful exports if client-side functionality is required.

packages/core/docs/src-overview.zh.md (1)

24-37: Verify event documentation reflects the new EventBus architecture.

The documentation lists Application events, but the PR summary indicates a major redesign where the event system transitions to EventBus with namespaced events and Tego replaces Application as the core runtime. This section may not accurately reflect the 2.0 architecture.

Please clarify:

• Are these Application events still emitted in 2.0, or do they map to EventBus namespaced events?
• Should this section document the new EventBus event model instead?
• Are there breaking changes to event names or subscription patterns that users need to be aware of?

packages/di/src/decorators/service.decorator.ts (1)

8-27: Excellent documentation improvements!

The expanded JSDoc with practical examples covering various use cases (simple service, scoped service, custom ID, and multiple services) significantly improves developer experience and makes the decorator's capabilities clear.

packages/module-standard-core/.npmignore (1)

1-3: LGTM!

Standard practice to exclude source and test directories from published npm packages, keeping the package size minimal.

packages/di/src/__tests__/lifecycle.test.ts (1)

231-232: LGTM!

Good improvement to ensure services are instantiated before testing disposal. The explicit comment clarifies the intent and makes the test more reliable.

packages/di/package.json (1)

2-4: LGTM!

Package rebranding from @tachybase/di to @tego/di aligns with the broader architectural changes. The added description accurately describes the DI container's capabilities.

packages/core/docs/plugin-lifecycle.en.md (1)

1-46: LGTM!

Comprehensive documentation of the plugin lifecycle with clear phase descriptions and practical authoring guidelines. The structure is logical and will be valuable for plugin developers.

packages/core/docs/src-overview.en.md (1)

1-38: LGTM!

Excellent overview documentation that provides a clear map of the TachyBase Core architecture. The two-section structure (directory overview + event hooks) is logical and will help developers navigate the codebase.

packages/module-standard-core/src/index.ts (1)

1-1: LGTM! Clean barrel export pattern.

The re-export establishes a clear public API surface for the module-standard-core package, routing through the server implementation.

packages/core/docs/gateway-removal-plan.zh.md (1)

1-317: LGTM! Comprehensive migration plan documentation.

This Chinese documentation provides a thorough gateway removal and migration plan aligned with the TachyBase 2.0 architectural refactor. The phased approach, interface definitions, and plugin-based migration strategy are well-structured and consistent with the broader PR objectives.

packages/di/src/__tests__/errors.test.ts (1)

164-165: LGTM! Test assertions align with updated error messaging.

The updated assertions correctly validate the new error guidance that instructs users to provide type functions, string identifiers, or Tokens for dependency injection, clarifying that interfaces/types don't exist at runtime.

packages/di/src/error/cannot-inject-value.error.ts (1)

10-15: LGTM! Bug fix and improved error messaging.

The change from this.target.constructor.name to this.target.name is actually a bug fix. Since target is already a Constructable<unknown> (class constructor), accessing .name directly is correct. The previous code would have incorrectly accessed the constructor of the constructor (yielding "Function").

The updated error message also provides clearer guidance about using type functions, string identifiers, or Tokens for runtime type resolution.

packages/core/docs/refactor-shared-state.zh.md (1)

1-54: LGTM! Comprehensive shared state refactoring documentation.

This Chinese documentation provides thorough coverage of database capabilities, plugin management, state sharing strategies, and refactoring recommendations aligned with the TachyBase 2.0 architecture.

packages/module-standard-core/README.md (1)

1-279: LGTM! Excellent documentation for the new module.

This README provides comprehensive documentation for the @tego/module-standard-core package, including:

• Clear overview of provided services
• Installation and usage examples
• Configuration patterns
• Migration guidance from Tego 1.x to 2.0
• Architecture diagram

The documentation is well-structured and will help users understand the new DI container-based architecture.

packages/module-standard-core/src/server/index.ts (1)

1-2: LGTM! Clean server API surface definition.

The re-exports establish a clear public API for the server module, exposing StandardCorePlugin as the default export and all plugin exports.

packages/core/docs/phase5-service-migration.zh.md (1)

1-296: LGTM! Detailed Phase 5 service migration plan.

This Chinese documentation provides a comprehensive plan for migrating core services to the module-standard-core plugin, including:

• Clear service classification (core vs. plugin)
• Step-by-step migration strategy with code examples
• Backward compatibility approach with deprecation timeline
• Risk assessment and mitigation strategies
• Testing and documentation plans

The phased approach and compatibility layer ensure a smooth migration path for existing users.

packages/di/src/interfaces/handler.interface.ts (1)

7-22: LGTM! Handler interface correctly updated for Stage 3 decorators.

The changes properly reflect Stage 3 decorator limitations:

• propertyName is now required (no longer optional) since constructor parameter decorators are not supported
• Documentation clearly states that only class and class member decorators are supported
• The removal of the index property (formerly used for constructor parameter position) is consistent with this shift

These changes align with the updated Inject and InjectMany decorators that now use context.name for property-based injection.

packages/core/docs/refactor-di-plan.en.md (1)

1-96: Excellent architectural documentation.

This comprehensive design document clearly articulates the 2.0 refactor strategy:

• Well-defined scope separating core runtime from container-registered services
• Clear migration playbook with phased approach
• Explicit acknowledgment of breaking changes
• Practical guidance on cluster compatibility

The document provides essential context for the broader refactor and will serve as valuable reference during implementation.

Note: The static analysis hint about "Pluginise" on line 53 is a false positive—this is valid British English spelling.

packages/module-standard-core/src/server/services/acl/index.ts (1)

30-34: LGTM! Clean DI integration pattern.

The registerACL function correctly follows the DI container registration pattern used throughout the module-standard-core plugin. The separation of creation (createACL) and registration (registerACL) improves testability.

packages/core/docs/phase5-implementation-notes.en.md (1)

1-242: Excellent implementation documentation.

This document provides comprehensive, practical guidance for the Phase 5 migration:

• Clear comparison of access patterns (direct properties vs DI container)
• Transparent discussion of architectural decisions and trade-offs
• Helpful code examples for plugin developers
• Realistic documentation of known issues and limitations
• Well-defined migration timeline (2.0 → 2.x → 3.0)

The documentation will be valuable for both internal development and external plugin authors.

packages/module-standard-core/src/server/services/acl/available-action.ts (2)

25-29: Verify destroy action configuration.

The destroy action is missing the allowConfigureFields property that's present in create, view, and update actions.

Is this intentional? For delete operations, field-level configuration typically doesn't apply, but please confirm this omission is by design.

---

1-32: Clean action definitions with good structure.

The available actions are well-organized with:

• Consistent structure across actions
• Proper i18n template usage
• Clear type categorization (new-data vs old-data)
• Comprehensive alias mappings

packages/di/src/__tests__/circular-dependency.test.ts (1)

1-201: Excellent test coverage for circular dependencies.

This test suite comprehensively validates circular dependency handling:

• Two-way, three-way, and multiple-instance circular dependency scenarios
• InjectMany integration with circular dependencies
• Proper error handling for undefined and Object types
• Both lazy and eager type resolution paths

The tests use proper isolation (unique container per test) and cleanup, ensuring reliable test execution.

packages/module-standard-core/src/server/services/cache/index.ts (1)

4-16: LGTM! Consistent cache integration pattern.

The cache registration follows the established DI pattern:

• Async operations properly handled with await
• Both CacheManager and default Cache registered in container
• Options with sensible defaults
• Clean separation between creation and registration logic

The pattern is consistent with other service registrations in the module-standard-core plugin.

packages/di/src/decorators/inject.decorator.ts (1)

25-56: LGTM! Clean decorator implementation aligned with Stage 3 decorators.

The updated Inject decorator correctly implements Stage 3 decorator patterns:

• Single, simplified signature (removed overloads)
• Consistent use of context.name for property identification (lines 37, 42, 48)
• Simplified type resolution via resolveToTypeWrapper(typeOrIdentifier)
• Proper error handling for both eager and lazy type validation

The changes align with the updated Handler interface (required propertyName) and support circular dependency resolution through lazy type functions.

packages/module-standard-core/src/server/plugin.ts (1)

17-25: LGTM! Service registration follows the plugin lifecycle correctly.

The beforeLoad hook properly registers all standard services (logger, ACL, cache, cron, PubSub) with appropriate fallback option resolution from plugin options to Tego options.

packages/di/src/container-instance.class.ts (3)

239-272: LGTM! Singleton delegation and multi-service cleanup implemented correctly.

The enhanced remove method properly:

• Delegates singleton service removal to the default container
• Handles multi-service groups by disposing all associated tokens
• Prevents duplicate disposal across containers

The logic correctly maintains the singleton-scoped services in the default container while allowing per-container cleanup.

---

459-463: LGTM! Defensive guard prevents dispose errors on non-object values.

The added typeof serviceMetadata.value === 'object' check correctly prevents attempting to call dispose on primitive values, avoiding potential runtime errors.

---

434-442: LGTM! Simplified property injection logic.

The updated applyPropertyHandlers method simplifies the property injection by removing unnecessary guards, making the code cleaner and more maintainable while preserving correct behavior.

packages/core/docs/di-container-eventbus-plan.zh.md (1)

1-897: LGTM! Comprehensive design documentation for DI container and EventBus migration.

This Chinese-language design document provides excellent guidance for the TachyBase 2.0 architectural refactoring, covering:

• Explicit DI container design with lifecycle management
• EventBus architecture replacing AsyncEmitter patterns
• Clear migration steps and phased rollout plan
• Practical code examples and configuration patterns

The documentation aligns well with the PR's objectives and will serve as valuable reference material for the migration.

packages/di/src/decorators/inject-many.decorator.ts (1)

9-56: LGTM! Decorator signature simplified and aligned with Stage 3 decorators.

The consolidation from multiple overloads to a single signature using typeOrIdentifier union type improves maintainability. The usage of context.name directly from the decorator context is the correct approach for Stage 3 decorators.

packages/core/src/plugin.ts (2)

40-73: LGTM! Tego migration with proper backwards compatibility.

The rename from app: Application to tego: Tego is well-executed with:

• Clear field and constructor parameter updates
• Backwards-compatible deprecated app getter
• Proper JSDoc deprecation notice

This enables a smooth migration path for existing plugins while moving toward the new Tego-centric architecture.

---

75-78: LGTM! Feature plugin instantiation updated for Tego.

The addFeature method correctly passes this.tego to feature plugin constructors, maintaining consistency with the new Tego-centric design.

packages/core/src/ipc-socket-client.ts (3)

8-10: LGTM! Simple JSON framing utility.

The writeJSON function provides newline-delimited JSON framing for IPC communication. The synchronous socket.write is appropriate for this use case, with error handling delegated to socket-level error events.

---

38-48: LGTM! Well-structured connection establishment.

The static getConnection method provides a clean Promise-based API for establishing IPC connections with proper error handling and cross-platform pipe path resolution via xpipe.

---

50-66: LGTM! Clear message handling with appropriate logging.

The handleServerMessage method properly routes messages by type and emits a response event, enabling request/response patterns over IPC.

packages/core/docs/app-supervisor-analysis.zh.md (1)

1-194: LGTM! Comprehensive AppSupervisor removal feasibility analysis.

This Chinese-language document provides thorough analysis of:

• AppSupervisor's core responsibilities and usage scenarios
• Removal feasibility across different deployment modes
• Migration strategies from singleton to DI-container-based approach
• Concrete migration checklist and recommendations

The document aligns well with the broader architectural refactoring goals in this PR.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Consider addressing the language quality issues.

The documentation structure is excellent and mirrors the English version well. However, static analysis identified minor Chinese grammar issues at lines 21, 31, and 42 regarding adverbial modifiers (形容词（副词）+地+动词). While these don't affect comprehension, correcting them would improve the documentation's polish.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~21-~21: 动词的修饰一般为‘形容词（副词）+地+动词’。您的意思是否是：一次性"地"初始化
Context: ...nstallPlugin。 - 插件应在 install()` 中执行一次性的初始化逻辑，例如写入默认数据、迁移旧版本配置。 - 特性实例会在主插件完成后依次...

(wb4)

---

[uncategorized] ~31-~31: 您的意思是“多"于"”吗？
Context: ...升级及迁移 - plugin.upgrade()：插件在升级管线中被调用，多与迁移脚本配合执行。 - 通过 plugin.loadMigrations()...

(YU7_YU8)

---

[uncategorized] ~42-~42: 动词的修饰一般为‘形容词（副词）+地+动词’。您的意思是否是：一次性"地"初始化
Context: ...endSyncMessage()（发送）。 ## 插件编写建议 - 将一次性的初始化逻辑放在 install()，将幂等的运行期逻辑放在 load()`...

(wb4)

🤖 Prompt for AI Agents

In packages/core/docs/plugin-lifecycle.zh.md around lines 21, 31 and 42, several
Chinese phrases use adjective+noun/verb patterns where an adverbial modifier is
expected; update those sentences to use proper adverbial forms (e.g. insert “地”
after adjectives or rephrase with “以便/用于/来” or convert adjectives to adverbs) so
they read grammatically correct (keep meaning unchanged and preserve technical
terms and examples).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Register services only after they exist

registerInitializedServices() runs at the end of init(), before _noticeManager is constructed (it is created immediately after init() returns in the constructor) and before _aesEncryptor / _cacheManager are set (they are assigned later during load()). As written:

• TOKENS.NoticeManager is set to undefined.
• TOKENS.AesEncryptor and TOKENS.CacheManager are never registered at all.

Any consumer resolving these tokens from the DI container now receives undefined, breaking the services provided by module-standard-core. Please defer registration until after each service is actually created—for example, set the NoticeManager token right after instantiating NoticeManager, and update the container inside load() once _aesEncryptor and _cacheManager are assigned. Also remove the premature registrations from registerInitializedServices() to avoid stale values.

@@ constructor(public options: TegoOptions) {
-    this._noticeManager = new NoticeManager(this);
+    this._noticeManager = new NoticeManager(this);
+    const { TOKENS } = require('./tokens');
+    this.container.set(TOKENS.NoticeManager, this._noticeManager);
@@
-    this.registerCoreServices();
+    this.registerCoreServices();
@@
-    this._aesEncryptor = await AesEncryptor.create(this);
+    this._aesEncryptor = await AesEncryptor.create(this);
+    const { TOKENS } = require('./tokens');
+    this.container.set(TOKENS.AesEncryptor, this._aesEncryptor);
@@
-    this._cacheManager = await createCacheManager(this, this.options.cacheManager);
+    this._cacheManager = await createCacheManager(this, this.options.cacheManager);
+    this.container.set(TOKENS.CacheManager, this._cacheManager);
@@ private registerInitializedServices() {
-    // Register NoticeManager
-    this.container.set(TOKENS.NoticeManager, this._noticeManager);
-
-    // Register AesEncryptor (if initialized)
-    if (this._aesEncryptor) {
-      this.container.set(TOKENS.AesEncryptor, this._aesEncryptor);
-    }
-
-    // Register CacheManager (if initialized)
-    if (this._cacheManager) {
-      this.container.set(TOKENS.CacheManager, this._cacheManager);
-    }
+    // NoticeManager, AesEncryptor, and CacheManager are registered when initialized

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Add error handling for JSON parsing.

The data handler should wrap JSON.parse in a try-catch block to handle malformed messages gracefully, preventing the client from crashing on invalid JSON.

Apply this diff:

       for (const message of messages) {
         if (message.length === 0) {
           continue;
         }
 
-        const dataObj = JSON.parse(message);
-
-        this.handleServerMessage(dataObj);
+        try {
+          const dataObj = JSON.parse(message);
+          this.handleServerMessage(dataObj);
+        } catch (error) {
+          this.logger.error('Failed to parse IPC message', { message, error });
+        }
       }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	this.client.on('data', (data) => {
	const dataAsString = data.toString();
	const messages = dataAsString.split('\n');
	for (const message of messages) {
	if (message.length === 0) {
	continue;
	}
	const dataObj = JSON.parse(message);
	this.handleServerMessage(dataObj);
	}
	});
	this.client.on('data', (data) => {
	const dataAsString = data.toString();
	const messages = dataAsString.split('\n');
	for (const message of messages) {
	if (message.length === 0) {
	continue;
	}
	try {
	const dataObj = JSON.parse(message);
	this.handleServerMessage(dataObj);
	} catch (error) {
	this.logger.error('Failed to parse IPC message', { message, error });
	}
	}
	});

🤖 Prompt for AI Agents

In packages/core/src/ipc-socket-client.ts around lines 22 to 35, the data
handler calls JSON.parse without error handling which can crash the client on
malformed messages; wrap the JSON.parse call in a try-catch, handle parse errors
by logging or emitting an error event (or ignoring that message) and continue
processing subsequent messages, ensuring the catch does not rethrow and that
valid messages still call this.handleServerMessage.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Handle streaming frames before parsing JSON

net.Socket delivers arbitrary chunk boundaries. Splitting every incoming chunk by \n and immediately JSON.parse‑ing each fragment will blow up as soon as a payload spans multiple chunks—JSON.parse throws, the promise chain never runs, and the server crashes. We need to buffer partial frames and only parse complete lines.

-      c.on('data', (data) => {
-        const dataAsString = data.toString();
-        const messages = dataAsString.split('\n');
-
-        for (const message of messages) {
-          if (message.length === 0) {
-            continue;
-          }
-
-          const reqId = randomUUID();
-          const dataObj = JSON.parse(message);
+      let buffer = '';
+      c.on('data', (data) => {
+        buffer += data.toString();
+        const messages = buffer.split('\n');
+        buffer = messages.pop() ?? '';
+
+        for (const message of messages) {
+          if (!message) {
+            continue;
+          }
+
+          const reqId = randomUUID();
+          let dataObj;
+          try {
+            dataObj = JSON.parse(message);
+          } catch (err) {
+            logger.warn(`Discarding malformed IPC payload: ${message}`);
+            writeJSON(c, {
+              reqId,
+              type: 'error',
+              payload: { message: 'Invalid JSON payload.' },
+            });
+            continue;
+          }

🤖 Prompt for AI Agents

In packages/core/src/ipc-socket-server.ts around lines 51 to 81, the data
handler currently splits each incoming chunk by '\n' and JSON.parse's every
fragment which fails when a payload spans multiple chunks; change it to maintain
a per-socket buffer string (define let buffer = '' in the connection closure),
on 'data' append chunk.toString() to buffer, then split buffer by '\n' and treat
all but the last element as complete frames to parse, assigning the last
(possibly partial) element back to buffer; wrap JSON.parse in try/catch for each
complete frame and respond with an error payload on parse failure instead of
letting the server crash, and ensure empty lines are skipped.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Guard against undefined meta payloads.

All log methods (and child) spread meta directly; when callers omit the second argument, ...meta raises TypeError: Cannot convert undefined or null to object. Wrap the spread with a default object (and do the same inside child) so basic logger.info('msg') continues to work.

-export class ConsoleLogger implements Logger {
-  constructor(private context: any = {}) {}
+export class ConsoleLogger implements Logger {
+  constructor(private context: any = {}) {}
 
   error(message: string, meta?: any): void {
-    console.error('[ERROR]', message, { ...this.context, ...meta });
+    const merged = { ...this.context, ...(meta ?? {}) };
+    console.error('[ERROR]', message, merged);
   }
 
   warn(message: string, meta?: any): void {
-    console.warn('[WARN]', message, { ...this.context, ...meta });
+    const merged = { ...this.context, ...(meta ?? {}) };
+    console.warn('[WARN]', message, merged);
   }
 
   info(message: string, meta?: any): void {
-    console.info('[INFO]', message, { ...this.context, ...meta });
+    const merged = { ...this.context, ...(meta ?? {}) };
+    console.info('[INFO]', message, merged);
   }
 
   debug(message: string, meta?: any): void {
-    console.debug('[DEBUG]', message, { ...this.context, ...meta });
+    const merged = { ...this.context, ...(meta ?? {}) };
+    console.debug('[DEBUG]', message, merged);
   }
 
   child(meta: any): Logger {
-    return new ConsoleLogger({ ...this.context, ...meta });
+    const merged = { ...this.context, ...(meta ?? {}) };
+    return new ConsoleLogger(merged);
   }
 }

🤖 Prompt for AI Agents

In packages/core/src/logger.ts around lines 36 to 57, the log methods and child
currently spread meta directly which throws when meta is undefined; change
spreads to use a default empty object (e.g. {...this.context, ...(meta || {})})
in error/warn/info/debug and ensure child also merges with a default object
(e.g. new ConsoleLogger({...this.context, ...(meta || {})})), so calls like
logger.info('msg') do not raise TypeError.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix typo in logger options to enable separate error output.
Line 8 sets seperateError, but createSystemLogger reads separateError; the misspelling prevents the dedicated error log file from being created. Please correct the property name so error logs remain split as intended.

     filename: 'system',
-    seperateError: true,
+    separateError: true,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	dirname: getLoggerFilePath(tego.name),
	filename: 'system',
	seperateError: true,
	dirname: getLoggerFilePath(tego.name),
	filename: 'system',
	separateError: true,

🤖 Prompt for AI Agents

In packages/module-standard-core/src/server/services/logger/index.ts around
lines 6 to 8, the logger options object uses the misspelled property
`seperateError: true` which prevents createSystemLogger from recognizing it;
rename the property to `separateError: true` so the logger will create the
dedicated error log file, and run a quick search to ensure no other instances of
the misspelling remain.

[coderabbitai]

Actionable comments posted: 9

🧹 Nitpick comments (1)

packages/module-standard-core/src/server/plugin-manager/index.ts (1)

1-1: LGTM - Clean delegation to core plugin-manager.

The re-export approach is appropriate for the 2.0 refactor architecture, where plugin-manager functionality has been consolidated in the core package. This maintains backward compatibility for consumers importing from module-standard-core.

Optionally, consider adding a brief comment explaining the delegation:

+// Re-export plugin-manager API from core package
 export * from '@tego/core/plugin-manager';

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a5d9bd4 and 4d51422.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (51)

• packages/core/src/app-supervisor.ts (0 hunks)
• packages/core/src/application.ts (1 hunks)
• packages/core/src/commands/db-auth.ts (0 hunks)
• packages/core/src/commands/index.ts (0 hunks)
• packages/core/src/commands/migrator.ts (0 hunks)
• packages/core/src/commands/stop.ts (0 hunks)
• packages/core/src/commands/upgrade.ts (0 hunks)
• packages/core/src/gateway/gateway.ts (0 hunks)
• packages/core/src/gateway/index.ts (0 hunks)
• packages/core/src/gateway/types.ts (0 hunks)
• packages/core/src/gateway/ws-server.ts (0 hunks)
• packages/core/src/locale/index.ts (0 hunks)
• packages/core/src/middlewares/index.ts (0 hunks)
• packages/core/src/sync-message-manager.ts (0 hunks)
• packages/core/src/tego.ts (1 hunks)
• packages/core/src/tokens.ts (1 hunks)
• packages/module-standard-core/package.json (1 hunks)
• packages/module-standard-core/src/server/commands/console.ts (1 hunks)
• packages/module-standard-core/src/server/commands/create-migration.ts (2 hunks)
• packages/module-standard-core/src/server/commands/db-auth.ts (1 hunks)
• packages/module-standard-core/src/server/commands/db-clean.ts (1 hunks)
• packages/module-standard-core/src/server/commands/db-sync.ts (2 hunks)
• packages/module-standard-core/src/server/commands/destroy.ts (1 hunks)
• packages/module-standard-core/src/server/commands/index.ts (1 hunks)
• packages/module-standard-core/src/server/commands/install.ts (1 hunks)
• packages/module-standard-core/src/server/commands/pm.ts (1 hunks)
• packages/module-standard-core/src/server/commands/refresh.ts (1 hunks)
• packages/module-standard-core/src/server/commands/restart.ts (1 hunks)
• packages/module-standard-core/src/server/commands/start.ts (2 hunks)
• packages/module-standard-core/src/server/commands/stop.ts (1 hunks)
• packages/module-standard-core/src/server/commands/upgrade.ts (1 hunks)
• packages/module-standard-core/src/server/commands/utils.ts (1 hunks)
• packages/module-standard-core/src/server/plugin-manager/index.ts (1 hunks)
• packages/module-standard-core/src/server/plugin.ts (1 hunks)
• packages/module-standard-core/src/server/services/aes-encryptor.ts (4 hunks)
• packages/module-standard-core/src/server/services/app-supervisor.ts (1 hunks)
• packages/module-standard-core/src/server/services/application.ts (1 hunks)
• packages/module-standard-core/src/server/services/cron/index.ts (2 hunks)
• packages/module-standard-core/src/server/services/gateway/gateway.ts (1 hunks)
• packages/module-standard-core/src/server/services/gateway/index.ts (1 hunks)
• packages/module-standard-core/src/server/services/gateway/ipc-socket-server.ts (3 hunks)
• packages/module-standard-core/src/server/services/gateway/types.ts (1 hunks)
• packages/module-standard-core/src/server/services/gateway/ws-server.ts (1 hunks)
• packages/module-standard-core/src/server/services/index.ts (1 hunks)
• packages/module-standard-core/src/server/services/locale/index.ts (1 hunks)
• packages/module-standard-core/src/server/services/locale/locale.ts (5 hunks)
• packages/module-standard-core/src/server/services/middlewares/i18n.ts (1 hunks)
• packages/module-standard-core/src/server/services/middlewares/index.ts (1 hunks)
• packages/module-standard-core/src/server/services/notice/index.ts (4 hunks)
• packages/module-standard-core/src/server/services/sync-message-manager.ts (1 hunks)
• packages/server/package.json (1 hunks)

💤 Files with no reviewable changes (13)

• packages/core/src/middlewares/index.ts
• packages/core/src/commands/index.ts
• packages/core/src/commands/upgrade.ts
• packages/core/src/commands/db-auth.ts
• packages/core/src/sync-message-manager.ts
• packages/core/src/gateway/types.ts
• packages/core/src/commands/stop.ts
• packages/core/src/gateway/gateway.ts
• packages/core/src/locale/index.ts
• packages/core/src/gateway/index.ts
• packages/core/src/commands/migrator.ts
• packages/core/src/app-supervisor.ts
• packages/core/src/gateway/ws-server.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/core/src/application.ts
• packages/module-standard-core/src/server/plugin.ts

🧰 Additional context used

🧬 Code graph analysis (27)

packages/module-standard-core/src/server/commands/install.ts (1)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/commands/db-auth.ts (3)

packages/module-standard-core/src/server/commands/db-clean.ts (1)

• app (5-17)

packages/module-standard-core/src/server/commands/db-sync.ts (1)

• app (5-28)

packages/module-standard-core/src/server/commands/utils.ts (1)

• getDatabaseOrThrow (3-8)

packages/module-standard-core/src/server/commands/console.ts (1)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/core/src/tokens.ts (2)

packages/core/src/event-bus.ts (1)

• IEventBus (27-57)

packages/core/src/logger.ts (1)

• Logger (6-31)

packages/module-standard-core/src/server/services/app-supervisor.ts (2)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/commands/utils.ts (2)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/services/middlewares/i18n.ts (2)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/services/locale/locale.ts (2)

• Locale (20-169)
• baseI18n (41-43)

packages/module-standard-core/src/server/commands/destroy.ts (3)

packages/module-standard-core/src/server/commands/console.ts (1)

• app (4-20)

packages/module-standard-core/src/server/commands/start.ts (1)

• app (9-51)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/services/sync-message-manager.ts (4)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/services/pub-sub/index.ts (1)

• PubSubManager (21-111)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/services/pub-sub/types.ts (2)

• PubSubManagerPublishOptions (5-8)
• PubSubCallback (15-15)

packages/module-standard-core/src/server/commands/db-clean.ts (2)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/commands/utils.ts (1)

• getDatabaseOrThrow (3-8)

packages/module-standard-core/src/server/commands/db-sync.ts (1)

packages/module-standard-core/src/server/commands/utils.ts (1)

• getDatabaseOrThrow (3-8)

packages/module-standard-core/src/server/services/cron/index.ts (2)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/services/index.ts (1)

• registerCron (27-27)

packages/module-standard-core/src/server/commands/index.ts (1)

packages/module-standard-core/src/server/services/index.ts (1)

• registerCommands (24-24)

packages/module-standard-core/src/server/services/locale/index.ts (2)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/services/locale/locale.ts (1)

• Locale (20-169)

packages/module-standard-core/src/server/services/gateway/gateway.ts (8)

packages/module-standard-core/src/server/services/gateway/ws-server.ts (1)

• WSServer (12-77)

packages/module-standard-core/src/server/services/gateway/ipc-socket-server.ts (1)

• IPCSocketServer (11-112)

packages/module-standard-core/src/server/services/gateway/types.ts (1)

• GatewayOptions (5-10)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/services/middlewares/index.ts (1)

• registerMiddlewares (14-74)

packages/module-standard-core/src/server/services/notice/index.ts (1)

• registerNoticeManager (67-72)

packages/module-standard-core/src/server/services/sync-message-manager.ts (1)

• registerSyncMessageManager (90-94)

packages/module-standard-core/src/server/services/app-supervisor.ts (1)

• AppSupervisor (7-104)

packages/module-standard-core/src/server/services/locale/locale.ts (2)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/services/middlewares/i18n.ts (1)

• i18n (5-27)

packages/module-standard-core/src/server/services/middlewares/index.ts (8)

packages/core/src/tego.ts (2)

• Tego (56-611)
• logger (150-152)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/logger/src/request-logger.ts (1)

• requestLogger (23-81)

packages/module-standard-core/src/server/services/middlewares/extract-client-ip.ts (1)

• extractClientIp (3-12)

packages/module-standard-core/src/server/services/middlewares/i18n.ts (1)

• i18n (5-27)

packages/module-standard-core/src/server/services/middlewares/parse-variables.ts (1)

• parseVariables (31-61)

packages/module-standard-core/src/server/services/middlewares/data-wrapping.ts (1)

• dataWrapping (4-63)

packages/module-standard-core/src/server/services/middlewares/db2resource.ts (1)

• db2resource (4-61)

packages/module-standard-core/src/server/commands/refresh.ts (2)

packages/module-standard-core/src/server/commands/console.ts (1)

• app (4-20)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/commands/create-migration.ts (2)

packages/module-standard-core/src/server/commands/console.ts (1)

• app (4-20)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/services/notice/index.ts (4)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/services/gateway/ws-server.ts (1)

• WSServer (12-77)

packages/module-standard-core/src/server/services/gateway/gateway.ts (1)

• Gateway (16-95)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/commands/pm.ts (3)

packages/module-standard-core/src/server/commands/console.ts (1)

• app (4-20)

packages/module-standard-core/src/server/commands/install.ts (1)

• app (3-19)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/services/gateway/ipc-socket-server.ts (2)

packages/module-standard-core/src/server/services/app-supervisor.ts (1)

• AppSupervisor (7-104)

packages/core/src/tego.ts (1)

• cli (164-166)

packages/module-standard-core/src/server/services/aes-encryptor.ts (2)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/module-standard-core/src/server/commands/upgrade.ts (2)

packages/module-standard-core/src/server/commands/restart.ts (1)

• app (3-17)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/commands/start.ts (1)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/module-standard-core/src/server/commands/restart.ts (1)

packages/core/src/tego.ts (1)

• Tego (56-611)

packages/core/src/tego.ts (7)

packages/core/src/event-bus.ts (1)

• EventBus (62-114)

packages/core/src/environment.ts (1)

• Environment (5-39)

packages/core/src/app-command.ts (1)

• AppCommand (3-58)

packages/core/src/helpers/application-version.ts (1)

• ApplicationVersion (7-50)

packages/core/src/logger.ts (1)

• ConsoleLogger (36-58)

packages/core/src/tokens.ts (1)

• TOKENS (13-156)

packages/core/src/plugin.ts (1)

• name (91-93)

🪛 ast-grep (0.39.9)

packages/module-standard-core/src/server/services/locale/locale.ts

[warning] 111-111: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(((plugin|module)-[a-zA-Z0-9-]+|client)/(dist|lib|src)/locale/${lang})
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html

(regexp-from-variable)

🔇 Additional comments (24)

packages/server/package.json (1)

19-20: Dependency swap aligns with new DI surface.

Adding @tego/di keeps the server package in step with the container refactor. Looks good.

packages/module-standard-core/src/server/services/aes-encryptor.ts (1)

80-94: Nice DI-friendly registration helper.

registerAesEncryptor cleanly instantiates the encryptor per app name and registers it via TOKENS.AesEncryptor; no issues spotted.

packages/module-standard-core/src/server/services/application.ts (1)

1-1: Re-export keeps legacy surface intact.

Alias to @tego/core maintains backward compatibility for consumers expecting Application. Looks good.

packages/module-standard-core/src/server/commands/install.ts (1)

1-3: Clean type migration to Tego.

The type-only import and function signature update correctly align this command with the new Tego-based runtime. All used methods (install, logger, getVersion) are available on the Tego instance.

packages/module-standard-core/src/server/commands/create-migration.ts (1)

4-4: Type migration looks good.

The migration from Application to Tego is consistent with the broader refactor. All accessed properties and methods are available on the Tego instance.

Also applies to: 18-18

packages/module-standard-core/src/server/commands/console.ts (1)

2-2: LGTM: Console command migrated correctly.

The type migration maintains the REPL functionality while correctly typing the app instance as Tego. The REPL context will now expose the Tego-typed instance.

Also applies to: 4-4

packages/module-standard-core/src/server/commands/destroy.ts (1)

1-3: Clean migration.

The type migration is straightforward and correct. The destroy method is available on the Tego instance as confirmed by the relevant code snippets.

packages/module-standard-core/src/server/commands/restart.ts (1)

1-3: Type migration approved.

The restart command correctly adopts the Tego type. Both isStarted() and restart() methods are available on the Tego instance.

packages/module-standard-core/src/server/commands/utils.ts (1)

1-8: Well-designed helper function.

The getDatabaseOrThrow utility provides a clean abstraction for DI-based database access with clear error messaging. The error message correctly references the StandardCorePlugin, aligning with the PR's goal of extracting standard services into a plugin module.

packages/module-standard-core/src/server/commands/db-auth.ts (1)

1-13: New db:auth command looks good.

The command follows the established pattern for Tego-based commands and correctly uses the getDatabaseOrThrow helper for DI-based database access. The retry default of 10 is reasonable.

packages/module-standard-core/src/server/commands/db-clean.ts (1)

1-5: Migration to Tego and DI-based database access approved.

The command correctly adopts both the Tego type and the new getDatabaseOrThrow pattern for database access. The functional behavior remains unchanged while aligning with the new DI-based architecture.

Also applies to: 12-13

packages/module-standard-core/src/server/services/gateway/types.ts (1)

5-10: LGTM!

The GatewayOptions interface is well-structured with appropriate optional properties for configuring HTTP, WebSocket, and IPC connections.

packages/module-standard-core/src/server/commands/pm.ts (2)

1-1: LGTM!

Type-only import of Tego is appropriate and aligns with the migration to the Tego-based runtime.

---

7-7: LGTM!

The parameter type change from Application to Tego correctly aligns this command module with the new DI-backed runtime architecture.

packages/module-standard-core/src/server/services/gateway/index.ts (1)

1-3: LGTM!

Standard barrel export pattern that provides a clean, single entry point for gateway-related components.

packages/module-standard-core/src/server/commands/start.ts (2)

5-5: LGTM!

Type-only import of Tego correctly supports the migration to the Tego-based runtime.

---

9-9: LGTM!

The parameter type change from Application to Tego aligns with the new DI-backed architecture while preserving all existing command functionality.

packages/module-standard-core/src/server/commands/stop.ts (1)

1-11: LGTM!

Clean implementation of the stop command that follows the established pattern for Tego-based commands. The IPC access and lifecycle method usage are appropriate.

packages/module-standard-core/src/server/commands/db-sync.ts (3)

1-3: LGTM!

Type-only import of Tego and the new getDatabaseOrThrow helper correctly support the migration to DI-based database access.

---

5-5: LGTM!

The parameter type change to Tego aligns with the new architecture.

---

14-21: LGTM!

The refactoring to use getDatabaseOrThrow(app) instead of direct app.db access correctly implements the DI-based database access pattern. This ensures the Database service is properly registered before use.

packages/module-standard-core/src/server/commands/refresh.ts (2)

1-1: LGTM!

Type-only import of Tego is appropriate for this command module.

---

3-3: LGTM!

The parameter type change from Application to Tego aligns with the migration to the Tego-based runtime.

packages/module-standard-core/src/server/commands/upgrade.ts (1)

1-13: LGTM!

Clean implementation of the upgrade command that follows the established pattern for Tego-based commands. The IPC access and lifecycle method usage are appropriate.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Add the Command DI token to avoid runtime failure.

Tego.registerCoreServices() sets { id: TOKENS.Command, value: this._cli }, but TOKENS does not define Command. As soon as the constructor runs, Container.set receives an undefined id and throws, so the app never starts. Please add the CLI token to the core section.

Apply this diff to define the missing token:

   /**
    * Plugin manager
    */
   PluginManager: Token<any>('PluginManager'),
+
+  /**
+   * Root CLI command instance
+   */
+  Command: Token<any>('Command'),

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const TOKENS = {
	// ============================================================================
	// Core Tokens (implemented by Tego core)
	// ============================================================================
	/**
	* The Tego instance itself
	*/
	Tego: Token<any>('Tego'),
	/**
	* Event bus for application-wide events
	*/
	EventBus: Token<IEventBus>('EventBus'),
	/**
	* Logger service (can be overridden by plugins)
	*/
	Logger: Token<Logger>('Logger'),
	/**
	* Configuration object
	*/
	Config: Token<any>('Config'),
	/**
	* Environment manager
	*/
	Environment: Token<any>('Environment'),
	/**
	* Plugin manager
	*/
	PluginManager: Token<any>('PluginManager'),
	// ============================================================================
	// Service Tokens (typically implemented by @tego/module-standard-core)
	// ============================================================================
	/**
	* HTTP/WebSocket Gateway
	*/
	Gateway: Token<any>('Gateway'),
	/**
	* Application supervisor (manages Tego lifecycle)
	*/
	AppSupervisor: Token<any>('AppSupervisor'),
	/**
	* WebSocket server
	*/
	WSServer: Token<any>('WSServer'),
	/**
	* IPC socket server
	*/
	IPCSocketServer: Token<any>('IPCSocketServer'),
	/**
	* Koa application instance
	*/
	KoaApp: Token<any>('KoaApp'),
	/**
	* Database instance (main data source)
	*/
	Database: Token<any>('Database'),
	/**
	* Data source manager (manages multiple data sources)
	*/
	DataSourceManager: Token<any>('DataSourceManager'),
	/**
	* Main data source
	*/
	MainDataSource: Token<any>('MainDataSource'),
	/**
	* Resource router (RESTful API)
	*/
	Resourcer: Token<any>('Resourcer'),
	/**
	* Access Control List manager
	*/
	ACL: Token<any>('ACL'),
	/**
	* Authentication manager
	*/
	AuthManager: Token<any>('AuthManager'),
	/**
	* Cache manager
	*/
	CacheManager: Token<any>('CacheManager'),
	/**
	* Default cache instance
	*/
	Cache: Token<any>('Cache'),
	/**
	* Cron job manager (scheduled tasks)
	*/
	CronJobManager: Token<any>('CronJobManager'),
	/**
	* Pub/Sub manager (message queue)
	*/
	PubSubManager: Token<any>('PubSubManager'),
	/**
	* Sync message manager (inter-process communication)
	*/
	SyncMessageManager: Token<any>('SyncMessageManager'),
	/**
	* Notice manager (notifications)
	*/
	NoticeManager: Token<any>('NoticeManager'),
	/**
	* AES encryptor utility
	*/
	AesEncryptor: Token<any>('AesEncryptor'),
	/**
	* Application version manager
	*/
	ApplicationVersion: Token<any>('ApplicationVersion'),
	/**
	* Locale/i18n manager
	*/
	Locale: Token<any>('Locale'),
	/**
	* i18next instance
	*/
	I18n: Token<any>('I18n'),
	} as const;
	export const TOKENS = {
	// ============================================================================
	// Core Tokens (implemented by Tego core)
	// ============================================================================
	/**
	* The Tego instance itself
	*/
	Tego: Token<any>('Tego'),
	/**
	* Event bus for application-wide events
	*/
	EventBus: Token<IEventBus>('EventBus'),
	/**
	* Logger service (can be overridden by plugins)
	*/
	Logger: Token<Logger>('Logger'),
	/**
	* Configuration object
	*/
	Config: Token<any>('Config'),
	/**
	* Environment manager
	*/
	Environment: Token<any>('Environment'),
	/**
	* Plugin manager
	*/
	PluginManager: Token<any>('PluginManager'),
	/**
	* Root CLI command instance
	*/
	Command: Token<any>('Command'),
	// ============================================================================
	// Service Tokens (typically implemented by @tego/module-standard-core)
	// ============================================================================
	/**
	* HTTP/WebSocket Gateway
	*/
	Gateway: Token<any>('Gateway'),
	/**
	* Application supervisor (manages Tego lifecycle)
	*/
	AppSupervisor: Token<any>('AppSupervisor'),
	/**
	* WebSocket server
	*/
	WSServer: Token<any>('WSServer'),
	/**
	* IPC socket server
	*/
	IPCSocketServer: Token<any>('IPCSocketServer'),
	/**
	* Koa application instance
	*/
	KoaApp: Token<any>('KoaApp'),
	/**
	* Database instance (main data source)
	*/
	Database: Token<any>('Database'),
	/**
	* Data source manager (manages multiple data sources)
	*/
	DataSourceManager: Token<any>('DataSourceManager'),
	/**
	* Main data source
	*/
	MainDataSource: Token<any>('MainDataSource'),
	/**
	* Resource router (RESTful API)
	*/
	Resourcer: Token<any>('Resourcer'),
	/**
	* Access Control List manager
	*/
	ACL: Token<any>('ACL'),
	/**
	* Authentication manager
	*/
	AuthManager: Token<any>('AuthManager'),
	/**
	* Cache manager
	*/
	CacheManager: Token<any>('CacheManager'),
	/**
	* Default cache instance
	*/
	Cache: Token<any>('Cache'),
	/**
	* Cron job manager (scheduled tasks)
	*/
	CronJobManager: Token<any>('CronJobManager'),
	/**
	* Pub/Sub manager (message queue)
	*/
	PubSubManager: Token<any>('PubSubManager'),
	/**
	* Sync message manager (inter-process communication)
	*/
	SyncMessageManager: Token<any>('SyncMessageManager'),
	/**
	* Notice manager (notifications)
	*/
	NoticeManager: Token<any>('NoticeManager'),
	/**
	* AES encryptor utility
	*/
	AesEncryptor: Token<any>('AesEncryptor'),
	/**
	* Application version manager
	*/
	ApplicationVersion: Token<any>('ApplicationVersion'),
	/**
	* Locale/i18n manager
	*/
	Locale: Token<any>('Locale'),
	/**
	* i18next instance
	*/
	I18n: Token<any>('I18n'),
	} as const;

🤖 Prompt for AI Agents

In packages/core/src/tokens.ts around lines 13 to 156, the TOKENS object is
missing the Command token used by Tego.registerCoreServices(), causing
Container.set to receive an undefined id and throw at runtime; add a new entry
in the core tokens section named Command that returns Token<any>('Command')
(place it near other core tokens, e.g., after PluginManager) so
Tego.registerCoreServices can set TOKENS.Command without errors.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Return value violates the declared AppStatus type.

getAppStatus promises to return AppStatus, yet the fallback branch emits 'not_found', so this file no longer type-checks. Expand the return type to include the sentinel you emit so the new supervisor can compile.

-  getAppStatus(appName: string, defaultStatus?: AppStatus): AppStatus {
+  getAppStatus(appName: string, defaultStatus?: AppStatus): AppStatus | 'not_found' {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	getAppStatus(appName: string, defaultStatus?: AppStatus): AppStatus {
	if (appName !== this.tego.name) {
	return defaultStatus ?? 'not_found';
	}
	return this.status;
	}
	getAppStatus(appName: string, defaultStatus?: AppStatus): AppStatus | 'not_found' {
	if (appName !== this.tego.name) {
	return defaultStatus ?? 'not_found';
	}
	return this.status;
	}

🤖 Prompt for AI Agents

In packages/module-standard-core/src/server/services/app-supervisor.ts around
lines 33 to 38, the function currently declares it returns AppStatus but can
return the literal 'not_found'; update the signature to return AppStatus |
'not_found' (and if defaultStatus is typed as AppStatus, widen its type to
AppStatus | 'not_found' as well) so the sentinel value is covered, then adjust
any call sites or tests if they rely on the narrower type.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Clear stale errors when status changes.

this.error is only updated when an options.error is provided, so once the supervisor records a failure, later status transitions (e.g. running) still report the old error through getAppError. Reset the field whenever no new error is supplied to avoid leaking stale failures.

     if (options?.error instanceof Error) {
       this.error = options.error;
+    } else {
+      this.error = null;
     }

🤖 Prompt for AI Agents

In packages/module-standard-core/src/server/services/app-supervisor.ts around
lines 40 to 46, the setter only assigns this.error when options.error is an
Error which leaves stale error state on later status changes; change the logic
so that if options?.error is an Error assign it to this.error, otherwise
explicitly clear this.error (set to undefined or null) before emitting the
status change, preserving current behavior when an error is provided.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Stop sharing ctx.state across requests

Assigning {} to this.koa.context.state creates a single prototype-level object that every request reuses. Any mutation from one request bleeds into others, which is a correctness and security hazard. Drop the prototype assignment and let each request own its own state (Koa already provisions a fresh object per request, and the middleware can reassign if needed).

-    (this.koa.context as any).state = {};

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	(this.koa.context as any).tego = tega;
	(this.koa.context as any).state = {};
	(tego as any).koa = this.koa;
	(tego as any).use = this.koa.use.bind(this.koa);
	(tego as any).callback = () => this.koa.callback();
	(this.koa.context as any).tego = tega;
	(tego as any).koa = this.koa;
	(tego as any).use = this.koa.use.bind(this.koa);
	(tego as any).callback = () => this.koa.callback();

🤖 Prompt for AI Agents

In packages/module-standard-core/src/server/services/gateway/gateway.ts around
lines 31 to 37, the code assigns an empty object to this.koa.context.state which
puts a single state object on the Koa context prototype and causes state to be
shared across requests; remove that prototype-level assignment (delete the line
setting this.koa.context.state = {}) and rely on Koa's per-request state object
instead; if any downstream code expects state to always exist on incoming ctx,
leave it to middleware to initialize ctx.state per-request (or set ctx.state =
ctx.state || {} inside request-local middleware), but do not assign a shared
object on the prototype.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Guard TEGO_RUNTIME_HOME when resolving the IPC socket

If process.env.TEGO_RUNTIME_HOME is unset (common on fresh installs), resolve(undefined, 'storage/gateway.sock') throws “The "path" argument must be of type string.” That prevents the gateway from ever booting. Use a safe fallback such as process.cwd() before resolving the socket path.

-    const socketPath = this.options.ipcSocketPath ?? resolve(process.env.TEGO_RUNTIME_HOME, 'storage/gateway.sock');
+    const runtimeHome = process.env.TEGO_RUNTIME_HOME ?? process.cwd();
+    const socketPath = this.options.ipcSocketPath ?? resolve(runtimeHome, 'storage/gateway.sock');

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const socketPath = this.options.ipcSocketPath ?? resolve(process.env.TEGO_RUNTIME_HOME, 'storage/gateway.sock');
	this.ipcServer = IPCSocketServer.buildServer(socketPath);
	tego.container.set({ id: TOKENS.IPCSocketServer, value: this.ipcServer });
	const runtimeHome = process.env.TEGO_RUNTIME_HOME ?? process.cwd();
	const socketPath = this.options.ipcSocketPath ?? resolve(runtimeHome, 'storage/gateway.sock');
	this.ipcServer = IPCSocketServer.buildServer(socketPath);
	tego.container.set({ id: TOKENS.IPCSocketServer, value: this.ipcServer });

🤖 Prompt for AI Agents

In packages/module-standard-core/src/server/services/gateway/gateway.ts around
lines 46 to 48, resolving the IPC socket with process.env.TEGO_RUNTIME_HOME can
throw if the env var is undefined; guard by providing a safe fallback (e.g.,
process.cwd() or a configurable default) before calling resolve, then build the
IPCSocketServer with the resolved socketPath and register it as before so the
gateway can boot on fresh installs.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Stop hard-coding 'main' when resolving the app instance.

Tego exposes get name() so callers can rename the runtime; in that case getApp('main') and getAppStatus('main') both return null, breaking every IPC command. Derive the name from the supervisor (e.g. add getManagedAppName(): string { return this.tego.name; } on AppSupervisor) or accept it from the payload, and use that value everywhere instead of 'main'.

-    const app = supervisor.getApp('main');
+    const appName = payload?.appName ?? supervisor.getManagedAppName();
+    const app = supervisor.getApp(appName);
@@
-      return supervisor.getAppStatus('main');
+      return supervisor.getAppStatus(appName);

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In
packages/module-standard-core/src/server/services/gateway/ipc-socket-server.ts
around lines 74 to 102, the code hard-codes 'main' when calling
supervisor.getApp('main') and supervisor.getAppStatus('main'); change this to
derive the managed app name instead of using the literal: obtain the app name
from the supervisor (for example a new supervisor.getManagedAppName() that
returns this.tego.name, or directly use supervisor.tego.name if available) or
accept a name from the incoming payload and store it in a local variable (e.g.
const appName = ...), then replace all occurrences of 'main' in this block with
that variable; ensure you handle a missing name with a sensible fallback and
preserve existing behavior for app not found or type-specific branches.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove unused imports.

The imports of http, IncomingMessage, ServerResponse, and ApplicationOptions are not used in this file.

Apply this diff to remove the unused imports:

-import http, { IncomingMessage, ServerResponse } from 'node:http';
-
-import { ApplicationOptions } from '../application';
-
 export interface GatewayOptions {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	import http, { IncomingMessage, ServerResponse } from 'node:http';
	import { ApplicationOptions } from '../application';
	export interface GatewayOptions {

🤖 Prompt for AI Agents

In packages/module-standard-core/src/server/services/gateway/types.ts lines 1-3,
the imports of http, IncomingMessage, ServerResponse and ApplicationOptions are
unused; remove those import statements so the file only imports what it actually
uses (delete the entire import line for node:http and the import of
ApplicationOptions), then run lint/typecheck to ensure no references remain and
commit the simplified file.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Respect explicit i18n overrides

(tego.options?.i18n || options) short-circuits as soon as tego.options.i18n is defined, so any options passed into registerI18n are silently ignored. That breaks scenarios where the plugin wants to override or extend the defaults. Merge both sources instead of discarding the function argument.

   instance.init({
     lng: 'en-US',
     resources: {},
     keySeparator: false,
     nsSeparator: false,
-    ...(tego.options?.i18n || options),
+    ...(tego.options?.i18n ?? {}),
+    ...options,
   });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	...(tego.options?.i18n || options),
	});
	...(tego.options?.i18n ?? {}),
	...options,
	});

🤖 Prompt for AI Agents

In packages/module-standard-core/src/server/services/locale/index.ts around
lines 17-18, the current expression (tego.options?.i18n || options) discards the
registerI18n argument whenever tego.options.i18n exists; change it to merge both
sources so explicit overrides win — e.g., spread the defaults first and then the
function argument (use ...(tego.options?.i18n || {}) followed by ...(options))
so options passed into registerI18n override or extend the plugin defaults.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Escape user locale before embedding in the regex.

lang comes from request-driven sources (headers/query) and is injected directly into the pattern. A crafted locale like en-US)(.* will break the regex, and catastrophic backtracking inputs can trigger ReDoS. Escape lang (or use a helper such as escape-string-regexp) before constructing the pattern. Based on static analysis hints

Apply this diff to harden the regex:

-      const regex = new RegExp(`((plugin|module)-[a-zA-Z0-9-]+|client)/(dist|lib|src)/locale/${lang}`);
+      const escapedLang = lang.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+      const regex = new RegExp(
+        `((plugin|module)-[a-zA-Z0-9-]+|client)/(dist|lib|src)/locale/${escapedLang}`,
+      );

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const regex = new RegExp(`((plugin|module)-[a-zA-Z0-9-]+|client)/(dist|lib|src)/locale/${lang}`);
	const escapedLang = lang.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
	const regex = new RegExp(
	`((plugin|module)-[a-zA-Z0-9-]+|client)/(dist|lib|src)/locale/${escapedLang}`,
	);

🤖 Prompt for AI Agents

In packages/module-standard-core/src/server/services/locale/locale.ts around
line 112, the dynamic insertion of lang into the RegExp can be abused (e.g.
"en-US)(.*") and cause regex injection/ReDoS; escape meta-characters in lang (or
validate/whitelist it) before constructing the pattern. Fix by first validating
lang against a safe pattern (e.g. allow only letters, digits, hyphens and
underscores or a strict locale format), or run it through an escape utility
(e.g. escape-string-regexp or a simple replace of regex metacharacters) and then
build the RegExp from the escaped value so untrusted input cannot alter the
regex structure or trigger catastrophic backtracking.