feat(tsconfig): add tsconfig.build.json for distribution

[DaxServer]

This commit adds a tsconfig.build.json file to the project, which is a
specialized TypeScript configuration for building the distribution package.
The key changes include:

• Setting noEmit to false to enable compilation
• Enabling declaration and declarationMap to generate type definitions
• Setting sourceMap to true to generate source maps
• Configuring outDir and rootDir to output the compiled files to the
  dist directory
• Excluding test files, distribution, and node_modules from the build

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• New Features
  • Package is now publishable to npm with ESM exports and bundled TypeScript definitions.
  • Releases automatically version from Git tags; prereleases publish as “canary,” stable as “latest.”
• Chores
  • Added automated release pipeline to build and publish on new releases.
  • Build process compiles to a dist output for cleaner installs.
  • Linting excludes build artifacts to speed checks and reduce noise.

Walkthrough

Introduces a GitHub Actions release workflow to publish to NPM, updates ESLint to ignore the dist output, restructures package.json for public distribution from dist with build/publish scripts, and adds a dedicated TypeScript build config (tsconfig.build.json) for emitting compiled JS and type declarations.

Changes

Cohort / File(s)	Summary of Changes
Release automation .github/workflows/release.yml	Adds Release workflow triggered on release: published; sets permissions; runs on Ubuntu; steps: checkout, setup Bun (1.2.21), set package.json version from github.ref_name, install deps with Bun, publish to NPM using NPM_TOKEN with tag canary for prereleases else latest.
Lint configuration eslint.config.ts	Prepends config to ignore dist/**/* during linting; existing rules/configs unchanged.
Packaging and build package.json, tsconfig.build.json	Switches package to public, dist-based outputs (main/module to dist/index.js, types to dist/index.d.ts, adds exports and files: ["dist"]); adds author and publishConfig (public, provenance); adds build and prepublishOnly scripts; updates dependencies (adds graphology packages, adds tsc-alias, removes wikibase-sdk); adds tsconfig.build.json to emit JS, d.ts, and maps to dist, includes src/**/*, excludes tests/dist/node_modules.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Maintainer
  participant GitHub as GitHub Release Event
  participant Workflow as Release Workflow
  participant Job as release (ubuntu-latest)
  participant NPM as npm Registry

  Maintainer->>GitHub: Publish Release (tag)
  GitHub-->>Workflow: Trigger on release: published
  Workflow->>Job: Start job with permissions

  rect rgb(245,245,255)
    Job->>Job: Checkout repository
    Job->>Job: Setup Bun (1.2.21)
    Job->>Job: Set package.json version = github.ref_name
    Job->>Job: bun install --frozen-lockfile
  end

  alt Prerelease
    Job->>NPM: bun publish --tag canary
  else Release
    Job->>NPM: bun publish --tag latest
  end

  NPM-->>Job: Publish result
  Job-->>Workflow: Complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (8)

eslint.config.ts (1)

8-10: Ignore pattern LGTM; consider a simpler glob

dist/**/* works, but **/dist/** is a bit more robust if any sub-packages or future folders appear.

   {
-    ignores: ['dist/**/*'],
+    ignores: ['**/dist/**'],
   },

tsconfig.build.json (2)

10-14: Use NodeNext + verbatimModuleSyntax for ESM packages

With "type": "module" and publishing ESM, "moduleResolution": "NodeNext" and "verbatimModuleSyntax": true are the safer defaults. This avoids subtle interop issues and aligns TS emit with Node ESM.

-    "moduleResolution": "node",
-    "module": "ESNext",
-    "target": "ES2022",
-    "allowImportingTsExtensions": false,
-    "verbatimModuleSyntax": false
+    "moduleResolution": "NodeNext",
+    "module": "ESNext",
+    "target": "ES2022",
+    "allowImportingTsExtensions": false,
+    "verbatimModuleSyntax": true

---

7-9: Ship usable source maps by embedding sources (or disable maps)

Since only dist is published, external consumers won’t have src by default. Either turn off sourceMap or embed sources into the maps.

-    "sourceMap": true,
+    "sourceMap": true,
+    "inlineSources": true,

package.json (4)

3-13: “dev” isn’t a valid publishable version

Your workflow overwrites version at release time, but a manual publish would fail. Optional: switch to a prerelease-like placeholder (e.g., 0.0.0-dev) to remain valid SemVer.

-  "version": "dev",
+  "version": "0.0.0-dev",

---

24-26: Align with source maps plan

If you keep sourceMap: true, embedding sources (tsconfig suggestion) avoids broken stack traces without shipping src/. Otherwise consider excluding *.map from the published files.

   "files": [
-    "dist"
+    "dist"
   ],
+  "sideEffects": false,

Note: sideEffects: false is optional but helps tree-shaking if applicable.

---

63-68: Make lint script target the workspace root explicitly

eslint without a path may lint nothing depending on the environment/ESLint version. Use eslint .. Also consider adding a clean script.

-    "build": "tsc --project tsconfig.build.json && tsc-alias -p tsconfig.build.json",
+    "build": "tsc --project tsconfig.build.json && tsc-alias -p tsconfig.build.json",
     "format": "prettier --cache --write .",
-    "lint": "eslint",
+    "lint": "eslint .",
     "prepublishOnly": "bun run build",
     "typecheck": "tsc --noEmit"

Additional (outside changed range):

+  "engines": {
+    "node": ">=18"
+  },

---

59-61: Is TypeScript truly a peer?

If the runtime requires typescript (e.g., codegen uses it), keeping as a peer is fine. If not, remove it from peerDependencies. You can also mark it optional to reduce install friction.

   "peerDependencies": {
-    "typescript": "~5.9.2"
+    "typescript": "~5.9.2"
   },
+  "peerDependenciesMeta": {
+    "typescript": { "optional": true }
+  },

.github/workflows/release.yml (1)

36-40: Optional: use npm CLI for provenance if Bun lacks it

If verification shows Bun doesn’t support provenance, switch to npm with OIDC.

-      - name: Publish
-        env:
-          NPM_CONFIG_TOKEN: ${{ secrets.NPM_TOKEN }}
-          TAG: ${{ github.event.release.prerelease && 'canary' || 'latest' }}
-        run: bun publish --tag=${{ env.TAG }}
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Publish (npm with provenance)
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          TAG: ${{ github.event.release.prerelease && 'canary' || 'latest' }}
+        run: npm publish --provenance --tag "${TAG}"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between cef66dc and ee322d5.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• .github/workflows/release.yml (1 hunks)
• eslint.config.ts (1 hunks)
• package.json (2 hunks)
• tsconfig.build.json (1 hunks)

🔇 Additional comments (3)

tsconfig.build.json (1)

1-26: Path aliases are correctly configured
tsconfig.json defines "baseUrl": "." and "paths": { "@daxserver/validation-schema-codegen/*": ["./src/*"], … }, which tsconfig.build.json inherits—covering all non-relative imports under @daxserver/validation-schema-codegen/*. No changes needed.

package.json (2)

15-23: Exports/entrypoints look good for ESM + types

Mapping main/module to dist/index.js and exposing types in exports is consistent.

---

56-58: Good call adding tsc-alias; ensure it’s needed

If you rely on TS path aliases at runtime, keep it. If not, consider removing to simplify the toolchain.

[coderabbitai]

🛠️ Refactor suggestion

Build explicitly before publish (don’t rely on lifecycle)

To avoid CLI/lifecycle discrepancies, run the build step explicitly.

       - name: Install Dependencies
         run: bun install --frozen-lockfile

+      - name: Build dist
+        run: bun run build
+
       - name: Publish

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Install Dependencies
	run: bun install --frozen-lockfile
	- name: Install Dependencies
	run: bun install --frozen-lockfile
	- name: Build dist
	run: bun run build
	- name: Publish

🤖 Prompt for AI Agents

.github/workflows/release.yml lines 33-35: the workflow currently only installs
dependencies and relies on package lifecycle to build before publishing; add an
explicit build step after installing (e.g., run: bun build or the project's
build command) so the artifact is produced deterministically before publish, and
ensure the build command runs before any publish/publish-related steps in the
job.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Provenance + Bun publish: verify support

publishConfig.provenance: true requires provenance-aware publish. Please confirm bun publish supports npm provenance for your version; otherwise use npm publish --provenance.

---

🌐 Web query:

Does "bun publish" support npm provenance attestations equivalently to "npm publish --provenance" as of Bun 1.2.21?

💡 Result:

Short answer: No.

Evidence:

• Bun's publish docs (current CLI docs) don't mention a --provenance flag or NPM_CONFIG_PROVENANCE support for bun publish. [2]
• There is an open GitHub issue requesting implementation of a bun publish --provenance feature (issue #15601), indicating it was not implemented at the time of that issue. [1]
• npm documents how third‑party publishers can enable provenance (NPM_CONFIG_PROVENANCE, publishConfig, or calling npm publish --provenance). Bun's docs do not list those compatibility workarounds. [3]

If you want, I can check the exact bun 1.2.21 release notes or test a local bun 1.2.21 install to confirm behavior.

---

Remove publishConfig.provenance or switch to npm publish --provenance
Bun CLI (v1.2.21) does not support npm provenance attestations via bun publish (no --provenance flag) (bun.com, github.com) Use npm publish --provenance or drop the provenance field to enable attestations.

🤖 Prompt for AI Agents

In package.json around lines 28 to 32, the publishConfig currently includes
"provenance": true which Bun CLI does not support; either remove the
"provenance" property from publishConfig to allow bun publish to work, or keep
it but document and switch your publishing step to use npm (npm publish
--provenance) instead of bun so the provenance attestation can be produced;
update package.json accordingly (remove the field) or update CI/release scripts
to invoke npm publish --provenance and leave a comment in package.json
explaining the choice.