Add @ingram-tech/nk-cli and bot-protection /react export#5
Merged
Jerome Leclanche (jleclanche) merged 2 commits intoMay 25, 2026
Merged
Conversation
nk-cli: the `nk` command. `nk dev` boots local Supabase (wiring its env in)
before `next dev` when supabase/config.toml is present, replacing per-site
dev.sh. Adds `nk format` (Biome for code, bundled Prettier for SQL — so Prettier
never enters app deps), plus lint/check/type-check/build. The code formatter is
behind a small indirection so it can move to oxc later via package.json
{ "nk": { "formatter": "oxc" } }.
bot-protection: new /react client export (useBotProtection + HoneypotInput) to
replace the src/lib/bot-protection.tsx copy that had been duplicated across
malinamore.studio, aidefencesummit.eu and ingram.tech.
agent-guide: mention nk-cli; clarify that Prettier is used only for SQL.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot started reviewing on behalf of
Jerome Leclanche (jleclanche)
May 25, 2026 15:35
View session
The CI job ran type-check before build, but newsletter's type-check resolves @ingram-tech/email's types from its built dist/*.d.ts — which didn't exist yet. This is why CI had been red. Reorder to check → build → type-check → test (check still runs first on the clean tree, so Biome never sees dist/). Same fix applied to the root `ci` script for local parity. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR centralizes two previously duplicated patterns into nextkit: a new nk CLI package for consistent dev/format/lint/build workflows across sites, and a new @ingram-tech/bot-protection/react client export for JSON-posting client components. It also updates the agent guide to reference nk and clarify SQL-only Prettier usage.
Changes:
- Add new
@ingram-tech/nk-clipackage implementingnk dev/format/lint/check/type-check/build(Biome for code + Prettier-for-SQL). - Add
@ingram-tech/bot-protection/reactexport withuseBotProtection()+HoneypotInput, plus docs and TS config updates. - Update agent guide and workspace metadata/changesets to reflect the new package and releases.
Reviewed changes
Copilot reviewed 16 out of 18 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/nk-cli/README.md | Documents the new nk CLI and its command behaviors. |
| packages/nk-cli/package.json | Defines the new publishable CLI package, bin entry, deps (Prettier SQL). |
| packages/nk-cli/bin/nk.js | Implements CLI command dispatch/help. |
| packages/nk-cli/lib/run.js | Provides bunx-based process execution helpers. |
| packages/nk-cli/lib/dev.js | Implements nk dev (optional Supabase start + env wiring + Next dev). |
| packages/nk-cli/lib/format.js | Implements nk format and SQL formatting/checking via Prettier plugin. |
| packages/nk-cli/lib/formatter.js | Adds formatter indirection (biome default, oxc sketch). |
| packages/nk-cli/lib/passthrough.js | Implements lint/check/type-check/build wrappers. |
| packages/nk-cli/lib/config.js | Reads optional per-site package.json nk config. |
| packages/bot-protection/src/react.tsx | Adds the new client hook/component export. |
| packages/bot-protection/package.json | Exposes the new ./react subpath export. |
| packages/bot-protection/tsconfig.json | Enables DOM libs needed by the client export. |
| packages/bot-protection/README.md | Documents client JSON-post usage with /react export. |
| packages/agent-guide/guide.md | References nk CLI and clarifies SQL-only Prettier usage. |
| bun.lock | Updates workspace/package lock metadata for new/updated packages. |
| .changeset/nk-cli-initial.md | Changeset for initial nk-cli release. |
| .changeset/bot-protection-react.md | Changeset for bot-protection /react export release. |
| .changeset/agent-guide-nk.md | Changeset for agent-guide text update. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+43
to
+45
| const prettier = require("prettier"); | ||
| const pluginPath = require.resolve("prettier-plugin-sql"); | ||
|
|
Comment on lines
+34
to
+36
| if (res.status !== 0) { | ||
| fail(`\`${tool} ${args.join(" ")}\` exited with ${res.status}`); | ||
| } |
Comment on lines
+43
to
+47
| const res = spawnSync("bunx", ["next", "dev", "--turbopack", ...extraArgs], { | ||
| stdio: "inherit", | ||
| env, | ||
| }); | ||
| process.exit(res.status ?? 0); |
Comment on lines
+15
to
+39
| * | ||
| * @param tokenEndpoint - GET route that mints the token (e.g. "/api/contact"). | ||
| * | ||
| * @example | ||
| * const { honeypotRef, botFields } = useBotProtection("/api/contact"); | ||
| * // ...in the form: <HoneypotInput inputRef={honeypotRef} /> | ||
| * // ...on submit: body: JSON.stringify({ ...values, ...botFields() }) | ||
| */ | ||
| export function useBotProtection(tokenEndpoint: string) { | ||
| const [token, setToken] = useState(""); | ||
| const honeypotRef = useRef<HTMLInputElement>(null); | ||
|
|
||
| useEffect(() => { | ||
| fetch(tokenEndpoint) | ||
| .then((res) => res.json()) | ||
| .then((data: { token?: string }) => setToken(data.token ?? "")) | ||
| .catch(() => {}); | ||
| }, [tokenEndpoint]); | ||
|
|
||
| const botFields = (): Record<string, string> => ({ | ||
| [HONEYPOT_FIELD]: honeypotRef.current?.value ?? "", | ||
| [TOKEN_FIELD]: token, | ||
| }); | ||
|
|
||
| return { honeypotRef, botFields }; |
| * // ...in the form: <HoneypotInput inputRef={honeypotRef} /> | ||
| * // ...on submit: body: JSON.stringify({ ...values, ...botFields() }) | ||
| */ | ||
| export function useBotProtection(tokenEndpoint: string) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two upstream wins, pulling per-site duplication into nextkit.
@ingram-tech/nk-cli(new) — thenkcommandnk dev— startsnext dev --turbopack; ifsupabase/config.tomlis present, runssupabase startand readssupabase statusinto the env var names our apps expect (SUPABASE_URL,NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY,SUPABASE_SECRET_KEY) first. Replaces per-sitescripts/dev.sh(generalized from peppost's).nk format/--check— Biome for code; Prettier for SQL only, bundled as nk-cli's own deps so Prettier never lands in any app'spackage.json. Honors a site's existing prettier config, else defaults to tabs + Postgres dialect.nk lint/check/type-check/build— thin wrappers so every site's scripts are uniform.{ "nk": { "formatter": "oxc" } }for the eventual oxc switch.@ingram-tech/bot-protection— new/reactexportuseBotProtection(tokenEndpoint)+HoneypotInputfor client components that POST JSON. Replaces the hand-copiedsrc/lib/bot-protection.tsxtriplicated across malinamore.studio, aidefencesummit.eu and ingram.tech — keeping the honeypot field name and timing token in lockstep with the server verifier.agent-guide
Mentions nk-cli; clarifies Prettier is used only for SQL (Biome can't format it).
Verification
bun run build+bun run type-checkgreen across the workspace."use client"preserved indist/react.js.--checkand write both verified against peppost migrations (incl. the non-git fs-walk fallback).Changesets included: nk-cli (minor → first publish at 0.1.0), bot-protection (minor), agent-guide (patch).
🤖 Generated with Claude Code