fix(cli): use bundle compatibility endpoint

[riderx]

Summary (AI generated)

• Routes CLI bundle compatibility checks through the backend /private/bundle_compatibility/compare endpoint when available.
• Maps backend comparison responses back to the existing CLI compatibility table/result shape.
• Keeps the existing local Supabase comparison as a fallback for older or self-hosted backends without the new endpoint.

Motivation (AI generated)

The dashboard compatibility alert now uses the backend compatibility service, but the CLI still duplicated the comparison locally. The CLI should use the same backend logic so uploads, explicit bundle compatibility, build-needed checks, and channel compatibility checks stay aligned with the dashboard.

Business Impact (AI generated)

This reduces inconsistent compatibility verdicts between CLI and dashboard, which lowers support risk around OTA safety and makes the new backend endpoint the shared source of truth for compatibility decisions.

Test Plan (AI generated)

• bunx vitest run tests/cli-backend-compatibility-map.unit.test.ts tests/upload-compatibility-summary.unit.test.ts tests/backend-bundle-compatibility.unit.test.ts tests/bundle-compatibility.unit.test.ts
• bun run cli:lint
• bun run cli:typecheck
• bun run cli:check was started and passed lint/typecheck/build plus most CLI tests, then stopped to avoid blocking the session; CI will run the full suite on this PR.

Summary by CodeRabbit

• New Features

  • Added optional backend-driven compatibility checks for native bundle uploads with graceful fallback to client-side logic if backend is unavailable.

• Tests

  • Added unit tests validating backend compatibility mapping, including version and checksum comparison scenarios.

[coderabbitai]

Warning

Review limit reached

@riderx, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 24 minutes and 22 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 44a1e449-9bf1-4018-b00d-e2c3aa97e219

📥 Commits

Reviewing files that changed from the base of the PR and between 81a8fb0 and 498d2da.

📒 Files selected for processing (2)

• cli/src/utils.ts
• tests/cli-backend-compatibility-map.unit.test.ts

📝 Walkthrough

Walkthrough

This PR adds optional backend-driven compatibility checking for native bundle uploads. The CLI now calls a Supabase Edge Function to compare baseline and candidate bundle compatibility; on success it maps and returns the backend-derived results, otherwise it falls back to the existing client-side compatibility logic.

Changes

Backend Bundle Compatibility

Layer / File(s)	Summary
Backend Compatibility Types and Mapping Function cli/src/utils.ts	Defines internal BundleCompatibilityCompareResponse type and implements mapBackendCompatibilityResponse() to translate backend package comparison data (iOS/Android checksums and baseline/candidate versions) into CLI Compatibility schema. Implements checkCompatibilityWithBackend() that fetches the baseline channel bundle id and calls the Supabase Edge Function private/bundle_compatibility/compare; returns mapped compatibility or null on errors or missing baseline.
Integration into Existing Compatibility Checks cli/src/utils.ts	checkCompatibilityCloud and checkCompatibilityNativePackages now attempt backend compatibility first and immediately return mapped results when available; otherwise they continue with existing remote-dependency and remote-native-package comparison flows.
Backend Compatibility Mapping Tests tests/cli-backend-compatibility-map.unit.test.ts	Vitest suite validates mapBackendCompatibilityResponse() correctly transforms backend package comparison data into CLI compatibility entries, testing both version-mismatch scenarios and removed-package (OTA-compatible) scenarios with expected checksum/version field presence.

Possibly related PRs

• Cap-go/capgo#2408: Introduces the backend private/bundle_compatibility/compare Supabase Edge Function that this PR's CLI code consumes.

Suggested labels

codex

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(cli): use bundle compatibility endpoint' directly summarizes the main change - routing CLI bundle compatibility checks through the backend endpoint instead of local logic.
Description check	✅ Passed	The description includes Summary, Motivation, Business Impact, and Test Plan sections, covering the key aspects. However, the Checklist section from the template is missing or not fully addressed in the provided description.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

Merging this PR will not alter performance

✅ 43 untouched benchmarks
⏩ 2 skipped benchmarks¹

---

_{Comparing codex/cli-bundle-compatibility-endpoint (498d2da) with main (f1e3ae7)}

Footnotes

1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 81a8fb0a0e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cli/src/utils.ts`:
- Around line 2066-2097: The function checkCompatibilityWithBackend should
short-circuit when nativePackages is empty to avoid the backend round trip: add
an early check at the top of checkCompatibilityWithBackend (using
nativePackages.length === 0) and return an empty Compatibility[] immediately,
before calling getChannelBaselineBundleId or supabase.functions.invoke, so
callers get an empty comparisons array without performing the network request.
- Around line 2066-2097: The checkCompatibilityWithBackend function currently
swallows all errors and backend error responses and returns null; add optional
debug logging to surface failures: when supabase.functions.invoke returns an
error or no data, call a logger/debug method (e.g., console.debug or a passed-in
logger) with contextual info (appId, channel, baselineBundleId, and the returned
error) before returning null, and in the catch block log the caught exception
similarly; reference the function checkCompatibilityWithBackend, the
supabase.functions.invoke call, and mapBackendCompatibilityResponse to locate
where to insert these logs.
- Line 2062: Replace the unsafe cast used to get the version id: instead of
(data.version as any)?.id, introduce a proper Version type or a runtime type
guard and use that to access id (e.g., declare an interface Version { id?:
string } and narrow data.version to Version, or check typeof/data.version !==
null and 'id' in data.version). Update the expression that sets bundleId to use
the narrowed type (or guarded access) so TypeScript can validate the property
access and avoid using any; target symbols: bundleId and data.version.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 59afc811-ed3b-4016-a447-dff76c0e0898

📥 Commits

Reviewing files that changed from the base of the PR and between 44e8c25 and 81a8fb0.

📒 Files selected for processing (2)

• cli/src/utils.ts
• tests/cli-backend-compatibility-map.unit.test.ts

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud