feat: scaffold apps/web/ Next.js app shell

[robertocarlous]

Closes #64

Summary by CodeRabbit

• New Features

  • Launched the SafeTrust web application with site metadata (title/description).
  • App entry now redirects users to the login page.
  • Global styling and Tailwind utilities enabled for UI layout and design.
  • Added a local environment template to simplify local configuration.

• Chores

  • Included initial GraphQL type stubs and tooling support for development.

[drips-wave]

@robertocarlous Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 983bf080-f532-40ad-8cdf-9bd4e3d4cbbf

📥 Commits

Reviewing files that changed from the base of the PR and between 92d0d0b and acd756c.

⛔ Files ignored due to path filters (1)

• packages/graphql/generated/index.ts is excluded by !**/generated/**

📒 Files selected for processing (4)

• apps/web/.env.local.example
• apps/web/codegen.ts
• apps/web/graphql-codegen.schema.graphql
• package.json

✅ Files skipped from review due to trivial changes (4)

• apps/web/graphql-codegen.schema.graphql
• apps/web/codegen.ts
• apps/web/.env.local.example
• package.json

---

📝 Walkthrough

Walkthrough

Scaffolds a Next.js 14 app at apps/web/ inside a pnpm/Turborepo monorepo, adds workspace packages @safetrust/types and @safetrust/graphql, and includes configs for TypeScript, Tailwind, PostCSS, GraphQL Codegen, and workspace tooling (pnpm, turbo).

Changes

Cohort / File(s)	Summary
Monorepo Root \.gitignore, package.json, pnpm-workspace.yaml, turbo.json	Adds workspace manifest, Turbo task config, pnpm workspace globs, Node/pnpm engine pin, and global ignore rules.
Web app manifest & env apps/web apps/web/package.json, apps/web/.env.local.example, apps/web/.gitignore	Creates @safetrust/web package with dev/build/start/codegen scripts, workspace deps, and example env variables for Hasura and Firebase; web-specific .gitignore.
Next/Tailwind/PostCSS config apps/web/next.config.mjs, apps/web/tailwind.config.ts, apps/web/postcss.config.js, apps/web/tsconfig.json	Next.js config enabling reactStrictMode and transpilePackages; Tailwind and PostCSS configs; app TypeScript configuration with strict settings and path alias.
GraphQL Codegen & stub schema apps/web/codegen.ts, apps/web/graphql-codegen.schema.graphql	Adds codegen config using env CODEGEN_SCHEMA_URL fallback to committed stub schema; includes minimal local schema to allow codegen without Hasura.
App router scaffold apps/web/next-env.d.ts, apps/web/src/app/globals.css, apps/web/src/app/layout.tsx, apps/web/src/app/page.tsx	Adds Next.js app router files: TS declarations, Tailwind directives, RootLayout with metadata and Providers wrapper, and root page redirecting to /login.
Shared package: types packages/types/package.json, packages/types/tsconfig.json, packages/types/src/index.ts	Adds @safetrust/types package scaffold configured to emit declarations only; exports root ./src/index.ts (empty module).
Shared package: graphql packages/graphql/package.json, packages/graphql/tsconfig.json	Adds @safetrust/graphql package scaffold configured for declaration-only output; main/types/exports point to ./generated/index.ts.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• #63 — Scaffolds monorepo/apps/web and workspace configuration with overlapping workspace/package and tooling changes.

Poem

🐇 I hopped into branches, laid configs with care,

Next, Tailwind, and codegen — a burrow to share,
Types and GraphQL tucked snug in the hay,
Root now redirects where logins will play,
A tiny rabbit cheers: build and run away! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: scaffolding the apps/web/ Next.js app shell as specified in the linked issue.
Linked Issues check	✅ Passed	The PR successfully implements all coding requirements from issue #64: creates apps/web/ structure, includes correct package.json with workspace dependencies, provides required scripts, implements root redirect, and includes root layout with providers.
Out of Scope Changes check	✅ Passed	All changes are within scope and directly address issue #64 scaffolding requirements; no unrelated changes introduced.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[robertocarlous]

@sotoJ24

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (5)

apps/web/src/app/globals.css (1)

1-3: Stylelint false positives: Configure linter to recognize Tailwind directives.

The @tailwind directives are valid Tailwind CSS syntax processed by PostCSS. The static analysis errors are false positives. To suppress them, configure Stylelint to recognize Tailwind:

🔧 Add Stylelint configuration for Tailwind

Create or update .stylelintrc.json or stylelint.config.js:

{
  "rules": {
    "at-rule-no-unknown": [
      true,
      {
        "ignoreAtRules": ["tailwind"]
      }
    ],
    "scss/at-rule-no-unknown": [
      true,
      {
        "ignoreAtRules": ["tailwind"]
      }
    ]
  }
}

Or if using stylelint-config-standard:

{
  "extends": ["stylelint-config-standard"],
  "rules": {
    "at-rule-no-unknown": [
      true,
      {
        "ignoreAtRules": ["tailwind", "apply", "variants", "responsive", "screen"]
      }
    ]
  }
}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/src/app/globals.css` around lines 1 - 3, Stylelint is flagging
Tailwind's top-level directives (`@tailwind`) as unknown at-rules; update the
Stylelint configuration (e.g., .stylelintrc.json or stylelint.config.js) to
whitelist Tailwind and related directives so these PostCSS directives in
globals.css are not treated as errors — add "tailwind" (and optionally "apply",
"variants", "responsive", "screen") to the ignoreAtRules for at-rule-no-unknown
and scss/at-rule-no-unknown rules (or extend stylelint-config-standard and
adjust the same rule) so `@tailwind` base/components/utilities pass linting.

.gitignore (1)

19-23: Optional: Simplify redundant .env patterns.

Lines 19-22 are redundant since line 23's .env*.local pattern already matches all of them. You could remove lines 19-22 and keep only line 23, or remove line 23 and keep the explicit list for clarity.

♻️ Option 1: Keep only the broader pattern

 # Environment & secrets (commit only *.example templates)
 .env
-.env.local
-.env.development.local
-.env.test.local
-.env.production.local
 .env*.local

♻️ Option 2: Keep explicit patterns only

 # Environment & secrets (commit only *.example templates)
 .env
 .env.local
 .env.development.local
 .env.test.local
 .env.production.local
-.env*.local

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.gitignore around lines 19 - 23, The .gitignore currently lists both
explicit env files (.env.local, .env.development.local, .env.test.local,
.env.production.local) and the broader pattern (.env*.local) which is redundant;
remove the explicit entries and keep only the .env*.local pattern (or conversely
remove .env*.local and keep the explicit list if you prefer clarity) so the
ignore rules are not duplicated—update the file to contain just the chosen form
(reference: .env.local, .env.development.local, .env.test.local,
.env.production.local, .env*.local).

apps/web/postcss.config.js (1)

1-6: LGTM! Standard PostCSS configuration for Tailwind.

The CommonJS module export is valid. As an optional enhancement, Next.js 14 also supports ESM syntax:

export default {
  plugins: {
    tailwindcss: {},
    autoprefixer: {},
  },
};

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/postcss.config.js` around lines 1 - 6, The current config uses a
CommonJS export (module.exports) in postcss.config.js; optionally convert to ESM
by replacing the module.exports object with an export default of the same
plugins object to align with Next.js 14 ESM support — locate the module.exports
assignment and swap it to an export default for the identical plugins structure
(tailwindcss, autoprefixer) so behavior remains unchanged.

apps/web/next-env.d.ts (1)

1-6: Consider gitignoring auto-generated next-env.d.ts.

This file is auto-generated by Next.js. While committing it is valid, many projects add it to .gitignore since it regenerates on next dev. Both approaches work; this is purely a team preference.

📝 Optional: Add to .gitignore

If you prefer to gitignore auto-generated files, add to apps/web/.gitignore:

 # next.js
 /.next/
 /out/
+next-env.d.ts

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/next-env.d.ts` around lines 1 - 6, Decide whether to stop committing
the auto-generated next-env.d.ts; if you choose to gitignore it, add
"next-env.d.ts" to apps/web/.gitignore and remove the tracked file from git with
git rm --cached next-env.d.ts so it remains locally but is no longer committed;
otherwise leave the committed file as-is (do not edit its contents) — reference
file: next-env.d.ts.

apps/web/package.json (1)

19-19: Pin lucide-react to a semver range instead of latest.

Using latest makes installs non-reproducible across environments and can cause unexpected breakage when new versions release. Prefer an explicit version or semver range (e.g., ^0.XXX.0).

Suggested fix

-    "lucide-react": "latest"
+    "lucide-react": "^0.xxx.0"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/package.json` at line 19, The dependency "lucide-react" is pinned to
"latest" making installs non-reproducible; update the apps' package.json entry
for lucide-react to a concrete semver range (e.g., "^0.x.x" or the specific
version you want) instead of "latest", then run your package manager
(npm/yarn/pnpm) to regenerate the lockfile and commit both package.json and the
updated lockfile; locate the dependency by the exact key "lucide-react" in
package.json to change its value.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/web/codegen.ts`:
- Line 6: Replace the incorrect output path string
'../packages/graphql/generated/index.ts' used in the codegen mapping with the
correct workspace-relative path '../../packages/graphql/generated/index.ts' so
the generated file targets the top-level packages/graphql/generated directory
(update the mapping entry where that string appears).

In `@package.json`:
- Around line 16-17: Update the Node.js engine requirement in package.json by
changing the "engines" -> "node" value from ">=18" to ">=18.17.0" so CI/dev
environments meet Next.js 14.2.x minimum; locate the "engines" block (the "node"
field) and set its version string to ">=18.17.0".

---

Nitpick comments:
In @.gitignore:
- Around line 19-23: The .gitignore currently lists both explicit env files
(.env.local, .env.development.local, .env.test.local, .env.production.local) and
the broader pattern (.env*.local) which is redundant; remove the explicit
entries and keep only the .env*.local pattern (or conversely remove .env*.local
and keep the explicit list if you prefer clarity) so the ignore rules are not
duplicated—update the file to contain just the chosen form (reference:
.env.local, .env.development.local, .env.test.local, .env.production.local,
.env*.local).

In `@apps/web/next-env.d.ts`:
- Around line 1-6: Decide whether to stop committing the auto-generated
next-env.d.ts; if you choose to gitignore it, add "next-env.d.ts" to
apps/web/.gitignore and remove the tracked file from git with git rm --cached
next-env.d.ts so it remains locally but is no longer committed; otherwise leave
the committed file as-is (do not edit its contents) — reference file:
next-env.d.ts.

In `@apps/web/package.json`:
- Line 19: The dependency "lucide-react" is pinned to "latest" making installs
non-reproducible; update the apps' package.json entry for lucide-react to a
concrete semver range (e.g., "^0.x.x" or the specific version you want) instead
of "latest", then run your package manager (npm/yarn/pnpm) to regenerate the
lockfile and commit both package.json and the updated lockfile; locate the
dependency by the exact key "lucide-react" in package.json to change its value.

In `@apps/web/postcss.config.js`:
- Around line 1-6: The current config uses a CommonJS export (module.exports) in
postcss.config.js; optionally convert to ESM by replacing the module.exports
object with an export default of the same plugins object to align with Next.js
14 ESM support — locate the module.exports assignment and swap it to an export
default for the identical plugins structure (tailwindcss, autoprefixer) so
behavior remains unchanged.

In `@apps/web/src/app/globals.css`:
- Around line 1-3: Stylelint is flagging Tailwind's top-level directives
(`@tailwind`) as unknown at-rules; update the Stylelint configuration (e.g.,
.stylelintrc.json or stylelint.config.js) to whitelist Tailwind and related
directives so these PostCSS directives in globals.css are not treated as errors
— add "tailwind" (and optionally "apply", "variants", "responsive", "screen") to
the ignoreAtRules for at-rule-no-unknown and scss/at-rule-no-unknown rules (or
extend stylelint-config-standard and adjust the same rule) so `@tailwind`
base/components/utilities pass linting.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3ef3986e-ffe2-4ae0-8d21-9476f3c9edae

📥 Commits

Reviewing files that changed from the base of the PR and between decc85f and 92d0d0b.

⛔ Files ignored due to path filters (2)

• packages/graphql/generated/index.ts is excluded by !**/generated/**
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (22)

• .gitignore
• apps/web/.env.local.example
• apps/web/.gitignore
• apps/web/codegen.ts
• apps/web/next-env.d.ts
• apps/web/next.config.mjs
• apps/web/package.json
• apps/web/postcss.config.js
• apps/web/src/app/globals.css
• apps/web/src/app/layout.tsx
• apps/web/src/app/page.tsx
• apps/web/src/lib/.gitkeep
• apps/web/tailwind.config.ts
• apps/web/tsconfig.json
• package.json
• packages/graphql/package.json
• packages/graphql/tsconfig.json
• packages/types/package.json
• packages/types/src/index.ts
• packages/types/tsconfig.json
• pnpm-workspace.yaml
• turbo.json

[sotoJ24]

Good job @robertocarlous