fix: backward-compat for ESM etherpad

[SamTV12345]

This PR makes the plugin backward-compatible with the upcoming ESM etherpad branch (ether/etherpad#7605).

Change: Migrate log4js from require("ep_etherpad-lite/node_modules/log4js") to ep_plugin_helpers/logger

This change is backward-compatible with the current CJS etherpad release.

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[qodo-free-for-open-source-projects]

Review Summary by Qodo

Migrate to ep_plugin_helpers/logger for ESM compatibility

🐞 Bug fix ✨ Enhancement

Walkthroughs

Description

• Migrate log4js from direct node_modules path to ep_plugin_helpers/logger
• Ensures ESM etherpad compatibility with stricter exports resolution
• Maintains backward compatibility with current CJS etherpad release
• Add ep_plugin_helpers dependency to package.json

Diagram

flowchart LR
  A["Direct log4js require<br/>ep_etherpad-lite/node_modules/log4js"] -->|Migrate| B["ep_plugin_helpers/logger<br/>createLogger function"]
  B -->|Compatible with| C["ESM etherpad<br/>stricter exports"]
  B -->|Compatible with| D["CJS etherpad<br/>current release"]

Loading

File Changes

1. index.js 🐞 Bug fix +2/-2

Replace log4js import with ep_plugin_helpers/logger

• Replace require('ep_etherpad-lite/node_modules/log4js') with
 require('ep_plugin_helpers/logger')
• Update logger initialization from log4js.getLogger() to createLogger() function
• Maintains same logger functionality with cleaner import path

index.js

---

2. package.json Dependencies +4/-1

Add ep_plugin_helpers dependency and bump version

• Bump version from 1.1.58 to 1.1.59
• Add ep_plugin_helpers ^0.6.7 as a new dependency
• Ensure proper dependency declaration for logger helper

package.json

---

[qodo-free-for-open-source-projects]

Code Review by Qodo

🐞 Bugs (2) 📘 Rule violations (1)

1. No regression test for logger change 📘 Rule violation ☼ Reliability

Description

This PR changes runtime behavior by switching logging from log4js to ep_plugin_helpers/logger,
but it does not add or update any automated regression test to verify the compatibility fix. Without
a test, the backward-compat behavior can silently break in future refactors or dependency updates.

Code

index.js[R18-20]

Evidence

PR Compliance ID 1 requires a regression test to accompany each bug fix. The diff shows a functional
change to logging (createLogger) and a new runtime dependency, but there are no corresponding test
additions/updates in the PR diff.

AGENTS.md: Every Bug Fix Must Include a Regression Test
index.js[18-20]
package.json[38-40]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The PR introduces a bug fix/compatibility change (logger import + logger creation) but does not include a regression test that would fail before the change and pass after it.

## Issue Context
`index.js` now uses `ep_plugin_helpers/logger` instead of requiring Etherpad's bundled `log4js`. Add a backend test that loads the plugin and exercises at least one exported hook to ensure the module loads and runs successfully with the new logger dependency.

## Fix Focus Areas
- index.js[18-20]
- static/tests/backend/specs/[add new spec file to cover plugin load + basic hook execution]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Stale pnpm lockfile 🐞 Bug ☼ Reliability

Description

package.json adds ep_plugin_helpers but pnpm-lock.yaml is not updated, so `pnpm i
--frozen-lockfile` will fail and block CI/release installs. This can prevent publishing and/or
running workflows that enforce lockfile consistency.

Code

package.json[R38-40]

Evidence

The PR introduces a new dependency in package.json, but the lockfile’s importer section does not
list it, and the release workflow uses pnpm i --frozen-lockfile, which requires the lockfile to
match package.json exactly.

package.json[35-40]
pnpm-lock.yaml[7-20]
.github/workflows/npmpublish.yml[61-73]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
A new dependency (`ep_plugin_helpers`) was added to `package.json`, but `pnpm-lock.yaml` was not regenerated. Workflows that run `pnpm i --frozen-lockfile` will fail because the lockfile no longer matches `package.json`.

## Issue Context
This repo uses pnpm and has a committed `pnpm-lock.yaml`. The release workflow explicitly enforces lockfile consistency.

## Fix
- Run `pnpm install` (or `pnpm i`) in the repo root to regenerate `pnpm-lock.yaml`.
- Commit the updated `pnpm-lock.yaml` alongside `package.json`.

## Fix Focus Areas
- package.json[35-40]
- pnpm-lock.yaml[1-40]
- .github/workflows/npmpublish.yml[61-73]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. AGENTS.md outdated note 🐞 Bug ⚙ Maintainability

Description

Documentation still states that ep_plugin_helpers is not a dependency, but the PR adds it to
package.json. This creates misleading project guidance for future maintainers and contributors.

Code

package.json[R38-40]

Evidence

AGENTS.md explicitly says ep_plugin_helpers is not a dependency, but package.json now declares
it under dependencies, making the documentation inaccurate after this change.

AGENTS.md[22-25]
package.json[38-40]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`AGENTS.md` claims `ep_plugin_helpers` is not a dependency, but the PR adds it as a runtime dependency. This documentation is now incorrect.

## Issue Context
The doc appears to be used as a guide for agents/maintainers and explicitly calls out helper adoption status.

## Fix
- Update the `## Helpers used` section in `AGENTS.md` to reflect that `ep_plugin_helpers` is now used (and optionally mention which helper module is used: `ep_plugin_helpers/logger`).

## Fix Focus Areas
- AGENTS.md[22-25]
- package.json[38-40]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[qodo-free-for-open-source-projects]

1. No regression test for logger change 📘 Rule violation ☼ Reliability

This PR changes runtime behavior by switching logging from log4js to ep_plugin_helpers/logger,
but it does not add or update any automated regression test to verify the compatibility fix. Without
a test, the backward-compat behavior can silently break in future refactors or dependency updates.

Agent Prompt

## Issue description
The PR introduces a bug fix/compatibility change (logger import + logger creation) but does not include a regression test that would fail before the change and pass after it.

## Issue Context
`index.js` now uses `ep_plugin_helpers/logger` instead of requiring Etherpad's bundled `log4js`. Add a backend test that loads the plugin and exercises at least one exported hook to ensure the module loads and runs successfully with the new logger dependency.

## Fix Focus Areas
- index.js[18-20]
- static/tests/backend/specs/[add new spec file to cover plugin load + basic hook execution]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

[qodo-free-for-open-source-projects]

2. Stale pnpm lockfile 🐞 Bug ☼ Reliability

package.json adds ep_plugin_helpers but pnpm-lock.yaml is not updated, so `pnpm i
--frozen-lockfile` will fail and block CI/release installs. This can prevent publishing and/or
running workflows that enforce lockfile consistency.

Agent Prompt

## Issue description
A new dependency (`ep_plugin_helpers`) was added to `package.json`, but `pnpm-lock.yaml` was not regenerated. Workflows that run `pnpm i --frozen-lockfile` will fail because the lockfile no longer matches `package.json`.

## Issue Context
This repo uses pnpm and has a committed `pnpm-lock.yaml`. The release workflow explicitly enforces lockfile consistency.

## Fix
- Run `pnpm install` (or `pnpm i`) in the repo root to regenerate `pnpm-lock.yaml`.
- Commit the updated `pnpm-lock.yaml` alongside `package.json`.

## Fix Focus Areas
- package.json[35-40]
- pnpm-lock.yaml[1-40]
- .github/workflows/npmpublish.yml[61-73]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools