chores: upgrade to pnpm 11 and vite 7

[ab-smith]

Summary by CodeRabbit

• Chores

  • Updated frontend build tooling and package manager to newer pnpm and updated Vite/Svelte plugin versions
  • Added workspace configuration enforcing engine checks and pinned transitive dependency overrides
  • Updated CI workflows and local build scripts to use the newer pnpm setup

• Bug Fixes

  • Adjusted redirect behavior on an internal page to improve navigation flow

• Documentation

  • Clarified explanatory text in the experimental multi-file editing UX

[coderabbitai]

📝 Walkthrough

Walkthrough

Upgrades pnpm to v11 across GitHub Actions, adds workspace engine-strict and dependency overrides, updates frontend dev dependencies and packageManager to pnpm@11.1.2, tweaks Makefile pnpm install logic, and makes small route redirect and Svelte UI text edits.

Changes

pnpm 11 Upgrade and Workspace Configuration

Layer / File(s)	Summary
Workspace Engine & Dependency Configuration frontend/pnpm-workspace.yaml	Introduces engine-strict: true, allowBuilds whitelist for @tailwindcss/oxide, esbuild, maplibre-gl, and adds overrides pinning multiple transitive dependency versions.
Package Manager & Local Config frontend/.npmrc, frontend/package.json, enterprise/frontend/Makefile	Removes engine-strict=true from .npmrc, updates packageManager to pnpm@11.1.2, bumps @sveltejs/vite-plugin-svelte and vite dev dependencies, and pins Makefile ensure-pnpm fallback to the frontend packageManager value.
CI/CD Workflow Updates .github/workflows/*.yaml, .github/workflows/*.yml	Replaces pnpm/action-setup@v5 with pnpm/action-setup@v6 and sets pnpm version: 11 across coverage, linters, unit tests, functional tests, rpm-build, and startup-tests workflows; get_playwright_test_files now sets up Node then pnpm.
Application Logic and UI frontend/src/routes/(app)/(internal)/[model=urlmodel]/+page.server.ts, frontend/src/routes/(app)/(internal)/experimental/evidence-multifile/+page.svelte	Adds quantitative-risk-hypotheses to redirectToWrittenObject checks and updates explanatory text wrapping in the evidence-multifile prototype.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A rabbit hops through workflows bright,
pnpm eleven takes a flight,
Workspace strict and pins in place,
Dev deps bumped, CI finds its pace,
Tiny UI notes — a tidy sight 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main changes: upgrading pnpm from version 10 to 11 and vite from version 6 to 7 across multiple workflow files and package configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch upgrade_pnpm_11_vite_7

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

frontend/package.json (1)

31-31: 💤 Low value

CI pnpm version is unpinned while packageManager specifies an exact version.

The workflows install version: 11 (resolves to the latest 11.x patch), but packageManager is locked to pnpm@11.0.8. Any patch bump on the 11.x line between lock-file generation and a future CI run could surface subtle differences (e.g., new pnpm 11 behaviour changes). Consider pinning the workflow version to 11.0.8 (or the exact installed patch) to keep both in sync.

Also applies to: 62-62, 86-86

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/package.json` at line 31, Your CI pnpm installer is unpinned while
package.json's packageManager is locked to pnpm@11.0.8; update the GitHub
Actions workflow steps that install pnpm (the occurrences referenced at lines
31, 62, 86 in your diff) to pin the exact patch version 11.0.8 (replace version:
11 or similar with 11.0.8 or pnpm@11.0.8) so the CI installer matches
packageManager and avoids patch-level drift.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@frontend/package.json`:
- Line 31: Your CI pnpm installer is unpinned while package.json's
packageManager is locked to pnpm@11.0.8; update the GitHub Actions workflow
steps that install pnpm (the occurrences referenced at lines 31, 62, 86 in your
diff) to pin the exact patch version 11.0.8 (replace version: 11 or similar with
11.0.8 or pnpm@11.0.8) so the CI installer matches packageManager and avoids
patch-level drift.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8f2c43b4-4c00-4c8d-a69b-c642f0fb5e7d

📥 Commits

Reviewing files that changed from the base of the PR and between 6e9b08a and 491d136.

⛔ Files ignored due to path filters (1)

• frontend/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (11)

• .github/workflows/frontend-coverage.yaml
• .github/workflows/frontend-linters.yaml
• .github/workflows/frontend-unit-tests.yml
• .github/workflows/functional-tests.yml
• .github/workflows/rpm-build.yml
• .github/workflows/startup-tests.yml
• frontend/.npmrc
• frontend/package.json
• frontend/pnpm-workspace.yaml
• frontend/src/routes/(app)/(internal)/[model=urlmodel]/+page.server.ts
• frontend/src/routes/(app)/(internal)/experimental/evidence-multifile/+page.svelte

💤 Files with no reviewable changes (1)

• frontend/.npmrc

[coderabbitai]

🧹 Nitpick comments (2)

enterprise/frontend/Makefile (1)

22-27: ⚡ Quick win

Consider adding defensive validation for node availability and packageManager field extraction.

The ensure-pnpm target depends on node to extract the version from package.json. While the packageManager field exists and is properly formatted in the current codebase, the script lacks error handling if node is unavailable or if the extraction fails, which could produce cryptic error messages for developers.

🛡️ Proposed defensive validation

 ensure-pnpm:
 	`@command` -v pnpm >/dev/null 2>&1 || { \
+		command -v node >/dev/null 2>&1 || { \
+			echo "Error: node is required to extract pnpm version from package.json"; \
+			exit 1; \
+		}; \
 		PNPM_VER=$$(node -p "require('$(COMMUNITY_DIR)/package.json').packageManager.split('@')[1]"); \
+		if [ -z "$$PNPM_VER" ]; then \
+			echo "Error: Could not extract pnpm version from $(COMMUNITY_DIR)/package.json packageManager field"; \
+			exit 1; \
+		fi; \
 		echo "pnpm not found, installing pnpm@$$PNPM_VER (pinned in $(COMMUNITY_DIR)/package.json)"; \
 		npm install -g "pnpm@$$PNPM_VER"; \
 	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@enterprise/frontend/Makefile` around lines 22 - 27, The ensure-pnpm Makefile
target currently assumes node is present and that node -p
"require('$(COMMUNITY_DIR)/package.json').packageManager.split('@')[1]" will
always succeed; add defensive checks so the recipe first verifies node exists
(use command -v node) and fails with a clear error if not, capture the
packageManager extraction into PNPM_VER and verify it is non-empty and matches
the expected pattern (contains a version after '@'), and only proceed to
echo/install pnpm if PNPM_VER is valid otherwise print a helpful error and exit
non-zero; reference ensure-pnpm, PNPM_VER, COMMUNITY_DIR and the packageManager
extraction when implementing these checks.

.github/workflows/startup-tests.yml (1)

84-86: Consider pinning pnpm version to exact 11.1.2 for consistency across jobs.

The workflow correctly uses pnpm/action-setup@v6, which supports pnpm v11. All four jobs specify version: 11, which resolves to the latest v11.x release (currently 11.1.2, matching the exact version pinned in frontend/package.json).

However, version: 11 will auto-resolve to any future v11.x release. To ensure consistent behavior across community and enterprise jobs, consider pinning to the exact version:

version: 11.1.2

This eliminates the small risk of version drift if pnpm releases a future 11.2.0 or patch, which community jobs (using the action directly) would adopt before enterprise jobs (which invoke ensure-pnpm from the Makefile).

Also applies to: 137-139, 219-222, 290-293

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/startup-tests.yml around lines 84 - 86, The workflow uses
pnpm/action-setup@v6 with a floating major version ("version: 11") which can
drift; change each "version: 11" occurrence to the exact patch release used in
frontend/package.json (e.g., "version: 11.1.2") so all jobs (the four places
currently set to version: 11) pin the same pnpm release for deterministic builds
and to avoid cross-job/version drift when pnpm publishes 11.x updates.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/startup-tests.yml:
- Around line 84-86: The workflow uses pnpm/action-setup@v6 with a floating
major version ("version: 11") which can drift; change each "version: 11"
occurrence to the exact patch release used in frontend/package.json (e.g.,
"version: 11.1.2") so all jobs (the four places currently set to version: 11)
pin the same pnpm release for deterministic builds and to avoid
cross-job/version drift when pnpm publishes 11.x updates.

In `@enterprise/frontend/Makefile`:
- Around line 22-27: The ensure-pnpm Makefile target currently assumes node is
present and that node -p
"require('$(COMMUNITY_DIR)/package.json').packageManager.split('@')[1]" will
always succeed; add defensive checks so the recipe first verifies node exists
(use command -v node) and fails with a clear error if not, capture the
packageManager extraction into PNPM_VER and verify it is non-empty and matches
the expected pattern (contains a version after '@'), and only proceed to
echo/install pnpm if PNPM_VER is valid otherwise print a helpful error and exit
non-zero; reference ensure-pnpm, PNPM_VER, COMMUNITY_DIR and the packageManager
extraction when implementing these checks.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ec298704-043f-44eb-8a21-befbe1c8a6f2

📥 Commits

Reviewing files that changed from the base of the PR and between e712fca and 8d6a3aa.

⛔ Files ignored due to path filters (1)

• frontend/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/workflows/functional-tests.yml
• .github/workflows/startup-tests.yml
• enterprise/frontend/Makefile
• frontend/package.json
• frontend/pnpm-workspace.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• frontend/package.json
• frontend/pnpm-workspace.yaml
• .github/workflows/functional-tests.yml