Fix yarn install warnings, update unit tests, and update libraries. #235

[swensel]

Description

'Grab bag' PR to follow up on lower priority items from previous PRs:

• #82 - Upgrade to React 19 and Reactflow 12 in MAUI. #152
• #139 - Fix race condition for tests in MAUI and add coverage. #223
• Address new dependabot alerts in MAUI #171 #233

[swensel]

Move jest.useRealTimers() to beforeEach. Was suggested in #223.

[dsargent]

Any tests that break due to this, should break as it means they are making unholy assumptions.

It's a bit like the saying, "Anything that can be destroyed by the truth, should be destroyed by the truth."

[swensel]

Addressing some of the warnings on yarn install. They aren't eliminated entirely but here's the before and after.

Before

971999 neuro-san-ui grab-bag-PR $ yarn install
➤ YN0000: · Yarn 4.12.0
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Post-resolution validation
➤ YN0060: │ eslint is listed by your project with version 10.0.2 (p8b6f96), which doesn't satisfy what eslint-plugin-import and other dependencies request (but they have non-overlapping ranges!).
➤ YN0002: │ @cognizant-ai-lab/neuro-san-web@workspace:apps/main doesn't provide @mui/system (p35b046), requested by @cognizant-ai-lab/ui-common and other dependencies.
➤ YN0002: │ @cognizant-ai-lab/neuro-san-web@workspace:apps/main doesn't provide @types/react (p85dc55), requested by @emotion/react and other dependencies.
➤ YN0002: │ @cognizant-ai-lab/neuro-san-web@workspace:apps/main doesn't provide eslint (p594c2a), requested by eslint-config-next.
➤ YN0002: │ @cognizant-ai-lab/neuro-san-web@workspace:apps/main doesn't provide next (p50ffad), requested by @cognizant-ai-lab/ui-common and other dependencies.
➤ YN0002: │ @cognizant-ai-lab/neuro-san-web@workspace:apps/main doesn't provide react (p24db38), requested by @cognizant-ai-lab/ui-common and other dependencies.
➤ YN0002: │ @cognizant-ai-lab/neuro-san-web@workspace:apps/main doesn't provide react-dom (p671935), requested by @mui/material and other dependencies.
➤ YN0002: │ @cognizant-ai-lab/neuro-san-web@workspace:apps/main doesn't provide typescript (p4325d6), requested by @cognizant-ai-lab/ui-common and other dependencies.
➤ YN0002: │ @cognizant-ai-lab/ui-common@workspace:packages/ui-common doesn't provide react (p28b486), requested by @xyflow/react and other dependencies.
➤ YN0002: │ @cognizant-ai-lab/ui-common@workspace:packages/ui-common doesn't provide typescript (pdc71d9), requested by openapi-typescript.
➤ YN0086: │ Some peer dependencies are incorrectly met by your project; run yarn explain peer-requirements for details, where is the six-letter p-prefixed code.
➤ YN0086: │ Some peer dependencies are incorrectly met by dependencies; run yarn explain peer-requirements for details.
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed in 0s 423ms
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed
➤ YN0000: · Done with warnings in 0s 656ms

After

971999 neuro-san-ui grab-bag-PR $ yarn install
➤ YN0000: · Yarn 4.12.0
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Post-resolution validation
➤ YN0060: │ eslint is listed by your project with version 10.0.2 (p8b6f96), which doesn't satisfy what eslint-plugin-import and other dependencies request (but they have non-overlapping ranges!).
➤ YN0002: │ @cognizant-ai-lab/neuro-san-web@workspace:apps/main doesn't provide eslint (p594c2a), requested by eslint-config-next.
➤ YN0086: │ Some peer dependencies are incorrectly met by your project; run yarn explain peer-requirements for details, where is the six-letter p-prefixed code.
➤ YN0086: │ Some peer dependencies are incorrectly met by dependencies; run yarn explain peer-requirements for details.
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed in 0s 418ms
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed
➤ YN0000: · Done with warnings in 0s 654ms

[swensel]

From #152.

[swensel]

I took another look at this.

Here is the new after

971999 neuro-san-ui grab-bag-PR $ yarn install
➤ YN0000: · Yarn 4.12.0
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Post-resolution validation
➤ YN0060: │ eslint is listed by your project with version 10.0.2 (p594c2a), which doesn't satisfy what eslint-plugin-import (via eslint-config-next) and other dependencies request (^9.7.0).
➤ YN0060: │ eslint is listed by your project with version 10.0.2 (p8b6f96), which doesn't satisfy what eslint-plugin-import and other dependencies request (but they have non-overlapping ranges!).
➤ YN0086: │ Some peer dependencies are incorrectly met by your project; run yarn explain peer-requirements for details, where is the six-letter p-prefixed code.
➤ YN0086: │ Some peer dependencies are incorrectly met by dependencies; run yarn explain peer-requirements for details.
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed in 0s 407ms
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed
➤ YN0000: · Done with warnings in 0s 637ms

These are both expected since eslint-plugin-import doesn't specify eslint v10 yet, but otherwise it appears to work fine in our setup:

➤ YN0060: │ eslint is listed by your project with version 10.0.2 (p594c2a), which doesn't satisfy what eslint-plugin-import (via eslint-config-next) and other dependencies request (^9.7.0).
➤ YN0060: │ eslint is listed by your project with version 10.0.2 (p8b6f96), which doesn't satisfy what eslint-plugin-import and other dependencies request (but they have non-overlapping ranges!).

That will eventually be resolved once eslint-plugin-import releases a new version. I did see there is this issue in their GitHub for tracking the eslint upgrade.

These seem to be generic warnings that are shown if any peer dependency warnings are shown:

➤ YN0086: │ Some peer dependencies are incorrectly met by your project; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code.
➤ YN0086: │ Some peer dependencies are incorrectly met by dependencies; run yarn explain peer-requirements for details.

In the end I went with what I consider to be the right change to make, rather than just suppressing warnings. This applies to all of the package.json changes in this PR.

[swensel]

Without this, knip was complaining about next being an unused dependency. It was suggested to move next to the root package.json in #233.

[dsargent]

Why now?

[swensel]

You suggested to move this to the root package.json (and that made sense to me), but when I did, knip complained, so I needed to add this here.

[dsargent]

so I needed to add this here

Again, this "makes the angry red squigglies go away", but is it right? Why is knip complaining? It's not impossible for knip to have false positives but very very rare. Is it telling us something here?

[swensel]

I ended up removing next from the root package.json. I don't think it should be there. It is appropriate to have it in apps/main/package.json, since it's used there. Based on that it this no longer needs to be in knip.config.ts.

[swensel]

Same as this comment. Applies to the other instances where I moved jest.useRealTimers() as well.

[swensel]

I think this test makes sense to add. There are also these in GraphLayouts.test.ts:

    describe("Plasma edges and known message types", () => {
        it.each([
            {layoutFunction: layoutRadial, name: "radial"},
            {layoutFunction: layoutLinear, name: "linear"},
        ])("$name layout: creates plasma edge for all supported conversation types", ({layoutFunction}) => {
....
        it.each([
            {layoutFunction: layoutRadial, name: "radial"},
            {layoutFunction: layoutLinear, name: "linear"},
        ])("$name layout: does NOT create plasma edge for excluded conversation type (HUMAN)", ({layoutFunction}) => {
....

Unfortunately, even with toBeVisible() used in this AgentFlow.test.tsx, it wouldn't have caught the issue that I fixed with #228. We have had some discussions on Slack about taking a different approach to testing, in terms of what the user really sees. We may need to depend on something like that in order to do this properly.

[dsargent]

Are you saying there's no test we can write here that would catch that and similar issue?

[swensel]

I'm saying that I haven't been able to write a successful test yet that would catch the issue from #228 .

[dsargent]

That is concerning.

[swensel]

I'm considering doing a test with Playwright to cover this case.

[swensel]

This was a quick test I did with an LLM on Playwright - #239. Seems to work fine, but, not for this PR.

[swensel]

I can remove this TODO if we are OK keeping this test, otherwise, I'll remove the entire test case.

[dsargent]

Seems like it would be trivial to verify whether it catches that issue or not?! Just reintroduce the issue and see if it fails? If I saw this comment in random code I'd think, "Why didn't they just try it?!

[swensel]

What I meant is that I did try reintroducing the issue, and this definitely did not catch it.

[dsargent]

Ah, that's not how your comment was worded.

[swensel]

@dsargent mentioned that these are repeated in #223. I don't see other code exercising the agentIconSuggestion prop? Am I missing something?

[dsargent]

I might have been getting it confused with these tests:

neuro-san-ui/packages/ui-common/__tests__/components/Common/CustomerLogo.test.tsx

Line 38 in 6216e34

it("Falls back to supplied fallbackText logoSource is 'generic' but iconSuggestion is invalid", () => {

But the test here is testing different code so maybe still valuable. I think you said removing these reduces coverage, which is pretty telling.

[swensel]

Removing these tests does reduce coverage. I will remove this comment in the code though.

[swensel]

Moved to the root package.json.

[dsargent]

Seems weird to have next as a devDep. But I admit I'm still a bit confused about the whole Workspaces thing and how it plays out with dependencies.

[swensel]

I thought the same thing. And actually, everything in the root package.json is a dev dep, including react, which also doesn't seem right. Perhaps we should split out the prod deps and dev deps there.

[dsargent]

I think this was how Copilot advised setting it up, and I couldn't find any useful info elsewhere (StackOverflow etc.) so I went with that. But now we know a bit more about workspaces.

[swensel]

I did end up removing next from the root package.json as per this comment. The root only holds the workspace declaration and shared tooling, so it makes sense that everything goes into devDependencies there. The Yarn docs also say this about dev deps:

Set of dependencies that must be made available to the current package in order for it to work properly as a workspace.

Unlike regular dependencies, those listed in devDependencies will only be required when the package is installed as part of a workspace project - usually by cloning the project repository then running yarn install inside it.

[swensel]

More changes to reduce yarn install warnings.

[dsargent]

Again, target fixation. I appreciate the attempt to reduce warnings, but is it right?!

Wrong: "What can I shuffle around to placate the volcano god and make the warnings go away?" ❌
Right: "What is this warning telling me? What is the right way to fix it?" ✅

Do you see the difference in mindset?

[swensel]

Yes, I think I need to expand my mindset to not just reduce warnings or to up test coverage, but to consider the right way, and deeper intention, behind doing either of those things.

[dsargent]

As a fellow martial arts fan, a Bruce Lee simile is appropriate:

“It's like a finger pointing away to the moon. Don't concentrate on the finger or you will miss all that heavenly glory.”

Here, the "moon" is: better code, better ways of doing things. The finger pointing to is: test coverage numbers, yarn/lint warnings, ...

[swensel]

This was helpful. I looked at this PR today without so much target fixation and came to better conclusions and IMO a better outcome.

[Copilot]

Pull request overview

Follow-up “grab bag” maintenance PR focused on dependency alignment in the monorepo and test-suite hygiene (especially around Jest timers), plus a small addition of UI behavior coverage.

Changes:

• Updated several dev tooling/runtime dependencies (e.g., eslint-plugin-jest, eslint-plugin-testing-library, zustand), and adjusted workspace dependency declarations (including adding next at the root and as a ui-common peer dependency).
• Centralized Jest timer cleanup by moving jest.useRealTimers() into the shared withStrictMocks() test helper and removing redundant per-file timer resets.
• Added/adjusted a few tests and comments (including a new AgentFlow plasma-edge assertion).

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
yarn.lock	Lockfile updates reflecting dependency bumps and workspace dependency graph changes.
package.json	Root devDependency updates (notably adding next).
knip.config.ts	Ignore list updated to account for next being declared at the root.
apps/main/package.json	Adjusted app dependency declarations (added @mui/system, react, react-dom, TS typing/dev tooling entries).
packages/ui-common/package.json	Shifted next to a peer dependency and updated dev deps (e.g., react, typescript), plus zustand bump.
__tests__/common/strictMocks.ts	Centralized timer reset (jest.useRealTimers()) in the shared strict-mocks helper.
packages/ui-common/__tests__/components/**	Removed redundant afterEach(jest.useRealTimers) blocks; added/adjusted a few assertions/comments and one new AgentFlow test.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Adding @mui/system as an app dependency pinned to 7.3.1 introduces two installed versions in the lockfile (7.3.1 and 7.3.9 via ^7.3.1). Mixing MUI package patch versions can lead to duplicated bundles and subtle runtime incompatibilities; align @mui/system to the same resolved version as the other @mui/* packages (or use the same version specifier) so Yarn can dedupe to a single version.

Suggested change

	"@mui/system": "7.3.1",
	"@mui/system": "^7.3.1",

[swensel]

This was added to reduce yarn install warnings. Also, we pin our deps.

[dsargent]

"reducing warnings" is a bit blinkered -- are you sure this is the right thing to do? Just because it "makes the red squigglies go away" doesn't mean it's correct.

[dsargent]

I'm not saying your changes to remove yarn warnings are right or wrong. I haven't investigated enough to say. But it sounds like you weren't focusing on that either, just whatever it takes to get the warnings to go away.

[swensel]

As I mentioned in other comments I took a fresh look at things today to make sure I had the right perspective.

Anyway, about this item, the right fix is to pin @mui/system to 7.3.9. This is the version that @mui/material ^7.3.1 already resolves to. With that, Yarn can dedupe to a single copy and the peer dep requirement is satisfied.

yarn why @mui/system confirms every requester lands on the same 7.3.9 so there is no duplication:

├─ @cognizant-ai-lab/neuro-san-web@workspace:apps/main
│  └─ @mui/system@npm:7.3.9 (via npm:7.3.9)
│
├─ @mui/material@npm:7.3.1
│  └─ @mui/system@npm:7.3.9 (via npm:^7.3.1)
│
└─ @mui/material@npm:7.3.1 [bf2e4]
   └─ @mui/system@npm:7.3.9 [bf2e4] (via npm:^7.3.1)

[dsargent]

General comment, the title is one of those that represents "developer's state of mind at one particular instance in time" and will not age well. The title should be something "eternal", summarizing what's in the PR, as an independent entity that can stand on its own. Imagine looking through a list of PRs a year from now and seeing this title...

That said, what you currently have as the title would be fine as context within the description, with a cross ref to "previous PRs".

[dsargent]

Please see comments

[dsargent]

Any tests that break due to this, should break as it means they are making unholy assumptions.

It's a bit like the saying, "Anything that can be destroyed by the truth, should be destroyed by the truth."

[dsargent]

"reducing warnings" is a bit blinkered -- are you sure this is the right thing to do? Just because it "makes the red squigglies go away" doesn't mean it's correct.

[dsargent]

Seems like it would be trivial to verify whether it catches that issue or not?! Just reintroduce the issue and see if it fails? If I saw this comment in random code I'd think, "Why didn't they just try it?!

[dsargent]

Are you saying there's no test we can write here that would catch that and similar issue?

[dsargent]

Again, target fixation. I appreciate the attempt to reduce warnings, but is it right?!

Wrong: "What can I shuffle around to placate the volcano god and make the warnings go away?" ❌
Right: "What is this warning telling me? What is the right way to fix it?" ✅

Do you see the difference in mindset?

[dsargent]

Why now?

[dsargent]

Seems weird to have next as a devDep. But I admit I'm still a bit confused about the whole Workspaces thing and how it plays out with dependencies.

[dsargent]

I might have been getting it confused with these tests:

neuro-san-ui/packages/ui-common/__tests__/components/Common/CustomerLogo.test.tsx

Line 38 in 6216e34

it("Falls back to supplied fallbackText logoSource is 'generic' but iconSuggestion is invalid", () => {

But the test here is testing different code so maybe still valuable. I think you said removing these reduces coverage, which is pretty telling.

[swensel]

We need to bring our own version of @mui/system since it's a required peer dep of @mui/x-tree-view.

[swensel]

This comment is also relevant.

[swensel]

See comment. This admittedly was added by an LLM but I reasoned through with it and this seems correct to me.

[dsargent]

Why would anything dev-related be a peer dep? I don't understand this.

[dsargent]

Also, this will now make it so that if eslint is ever included as a dep where it's not actually needed, knip will be blind to it.

[swensel]

There are some other libraries already in this file though? Are those OK but not this one?

[dsargent]

Every one should be (and has been) challenged. Disabling/Ignoring is a last resort. So now I'm challenging this one and "why now?" and "isn't there a better way rather than blindfolding knip?"

[swensel]

Another option could be to only disable it for apps/main in knip.config.ts:

workspaces: {
        "apps/main": {
            ignoreDependencies: [
                // Declared to satisfy eslint-config-next peer dep; lint itself runs from root
                "eslint",

                // Declared to satisfy @mui/x-tree-view required peer dep; not directly imported
                "@mui/system",
            ],
        },
    },

I'm also looking into if there's any other way around this.

[swensel]

So far I've just moved these to:

workspaces: {
        "apps/main": {
            ignoreDependencies: [
...

I can look more into this but this PR has been open for a while.

[swensel]

Are you OK with this solution @dsargent ?

[swensel]

Move to consts for these data-testids.

[swensel]

Upgrade @emotion/react and @emotion/styled to the latest versions.

Side note: @emotion/react and @emotion/styled are optional peer deps of @mui/x-tree-view but they do need to be included unless styled-components is included instead.

[dsargent]

I guess they are "optional depending which styling library you're using, but if you're using emotion they are not optional".

[swensel]

Removed @emotion/react, @emotion/styled, and @mui/system from ui-common's peerDependencies. They are redundant. Yarn 4 propagates transitive peer requirements, so a consuming app already gets told about these by the packages that actually need them:

• @emotion/react and @emotion/styled are required peers of @mui/material. Any app consuming ui-common has to install @mui/material anyway, and Yarn will tell them about @emotion from there.
• @mui/system is a required peer of @mui/x-tree-view. Same thing as above, the app has to install @mui/x-tree-view, and Yarn propagates the @mui/system requirement automatically.

No need for ui-common to repeat constraints the consuming app is already going to see.

[swensel]

I'm wondering why @mui/system and next-auth were added here? I was more looking at @mui/system in this PR, but I'm also not sure why we are including next-auth? Does smoother integration mean recommending a version for the end consumer?

[dsargent]

next-auth is used for local testing, both in Neuro UI and MAUI.

If we don't make it a peer dep, you end up with two installations of next-auth in Neuro UI and next-auth doesn't like that.

@mui/system -- I don't remember but it fixed something.

[swensel]

Thanks, that makes sense for next-auth. I'll do a closer check for @mui/system.

[swensel]

Based on neuro-ui being fine, I don't think we need @mui/system in the peer deps here.

[swensel]

These should be in the production deps not the peer deps.

[swensel]

typescript should be in the dev deps in the app.

[dsargent]

I'm still not sure about his. Don't we want to set a common Typesript version in the root package.json to make sure all packages in the workspace use the same version?

[swensel]

We need typescript in the dev deps here because ui-common declares typescript as a peer dep. Yarn 4 enforces peer dependencies at every level of the dependency tree, so the consuming package must explicitly provide it, otherwise we get YN0002 warnings.

[dsargent]

Then what's the point of having it as a common dep under the root if each package still has to redeclare it? That doesn't sound right.

[swensel]

If I remove typescript at root I get ➤ YN0002: │ @cognizant-ai-lab/neuro-san-ui@workspace:. doesn't provide typescript (p84aa70), requested by @typescript-eslint/eslint-plugin and other dependencies.

That seems like a legit warning to me.

[dsargent]

The LLMs say the right way is each package independently declares the thing they need, and use yarn constraints to ensure version consistency.

[swensel]

@dsargent Is there a good way to test these changes on local with Neuro AI without publishing a new package? I know there is file:, but that seemed unreliable?

[dsargent]

Yes.

In this repo:

yarn workspace @cognizant-ai-lab/ui-common pack

In Neuro UI:

yarn remove @cognizant-ai-lab/ui-common
yarn add @cognizant-ai-lab/ui-common@file:../neuro-san-ui/packages/ui-common/package.tgz

That will give the true "npm repo" experience since it gets packaged and bundled exactly as in the real deployment case.

I think if you change neuro-san-ui you have to repeat the above steps.

[swensel]

This didn't work for me on the neuro-ui side. I'll reach out on Slack.

[swensel]

I figured it out. Running the command directly works fine (yarn workspace @cognizant-ai-lab/ui-common pack). I was trying to add yarn pack for convenience but that created the package.tgz at the root.

Anyway, this is the only new relevant warning in neuro-ui:

➤ YN0060: │ next is listed by your project with version 16.1.6 (pf1c754), which doesn't satisfy what @cognizant-ai-lab/ui-common and other dependencies request (^16.2.1).

We should upgrade next in neuro-ui anyway.

[swensel]

Tested this in Neuro UI now that Nick resolved the CORS issue. Looks fine.

[swensel]

next makes more sense in the peer deps for the ui-common package since it's not directly used in this package, but it would be used by the consumers of this package (for now).

[dsargent]

?! This package depends on the router from Next.js:

import {useRouter} from "next/router.js"

Also depends indirectly on Next.js via next-auth (dev dep though).

We used to use NextImage but I think I removed all those from ui-common.

[swensel]

True, we do have import {useRouter} from "next/router.js". I spoke too soon, I was searching for "next".

[swensel]

next is used by ui-common but the consumer should still provide it, as far as I can tell.

[dsargent]

Which is exactly what peer deps are for.

[dsargent]

Same here, this seems drastic. Once something like this gets added to an "ignore" config, it tends to stay there forever, causing blind spots in the tooling.

[swensel]

There are some other libraries already here though?

[dsargent]

See my previous comment on the same point.

[swensel]

Adding this to .gitignore.

[swensel]

I was getting these knip errors since these packages were used by another workspace:

971999 neuro-san-ui grab-bag-PR $ yarn knip
Unused exports (2)
MultiAgentAccelerator  packages/ui-common/components/MultiAgentAccelerator/MultiAgentAccelerator.tsx:85:14
getTitleBase           packages/ui-common/utils/title.ts:19:14                                            
Unused exported types (1)
NavbarProps  interface  packages/ui-common/components/Common/Navbar.tsx:49:18

[dsargent]

I think we're at the "good enough" stage (Probably way beyond)

Thanks for your patience with all the back and forth and discussions.

If you feel there are loose ends or things that still trouble you, please open a follow-up ticket.