chore: update config, deps, and project docs

[Aspect022]

📝 Description

**Issue Reference Fixes #376 , Fixes #375

Summary of Changes (high-level)

• Updated project configuration files (package.json, jest.config.js, next.config.js, tailwind.config.js)
• Added necessary dev dependencies for testing (@playwright/test, ts-jest, @testing-library/*)
• Updated documentation files to align with the current project state

Why:
This PR establishes the foundational configuration and dependencies required for subsequent features and testing infrastructure (E2E tests, security hardening).

Impact: DevOps / Tooling, Documentation

Context / Motivation

This PR prepares the repository for end-to-end testing and improved security by ensuring all configuration files and dependencies are up-to-date and consistent. It isolates these changes to simplify the review of feature-specific PRs.

---

🏗️ Type of Change

Select the relevant categories:

• AI / Prompt Logic (Groq API integration, prompt design, story analysis, or LLM flows)
• Web3 / Smart Contracts (Solidity, Monad SDK, Minting logic, or blockchain infra)
• Frontend / UI (Next.js, Tailwind, shadcn components, accessibility)
• Backend / API (API routes, services, workers, database models, jobs)
• DevOps / Tooling (CI/CD, GitHub Actions, linting/formatting, build tooling)
• Documentation (README, Wiki, architecture docs, code comments)
• Testing (Unit, integration, e2e tests or test infra)
• Bug Fix (Functional or security repair in existing behavior)
• Refactor / Cleanup (No behavior change, only internal improvements)

---

⚙️ Technical Checklist

AI / Application Logic

• I tested story generation end-to-end with a valid GROQ_API_KEY.
• I verified that prompts, model names, and parameters are up to date with current Groq APIs.
• I confirmed that error states and empty responses are handled gracefully (no unhandled exceptions).

Web3 / Smart Contracts

• I verified contract logic on the Monad Testnet (deploy + basic flows).
• I ran the smart contract tests in smart_contracts and they passed.
• I checked for potential reentrancy / overflow / access-control issues in new or edited contracts.

Frontend / UX / Accessibility

• My changes follow the Progressive Disclosure (accordion / step-based) UX where applicable.
• I verified the UI in light and dark mode.
• I checked keyboard navigation and focus states for interactive elements I touched.
• I ensured accessible labels (aria-*, alt text) and semantic HTML for new UI.

Backend / Database

• I ran backend startup locally without runtime errors.
• I validated new API routes with both success and failure cases.
• I considered database performance (indexes, query filters) for any new queries.
• I confirmed that new logic respects existing retry/health-check behavior where relevant.

Security & Privacy

• No API keys, private keys, secrets, or .env files are committed.
• I avoided logging sensitive data (tokens, secrets, full payloads with PII).
• I considered common web vulnerabilities (XSS, CSRF, SSRF, injection) in my changes.

Code Quality

• I ran npm run lint (or equivalent) and resolved reported issues.
• I ran available tests for the areas I changed (frontend, backend, or contracts).
• I kept functions/components focused and avoided large “god” modules where possible.
• I updated or added types where necessary instead of using any by default.

---

🧪 Testing Evidence

Environment: local

Commands:

npm install
npm run lint
npm run dev

Results / Logs:

• Linting passed with 0 errors
• Application starts successfully with updated configuration
• Dependencies installed without conflicts

Manual UI Testing Steps:
N/A — No UI changes in this PR.

---

📸 Visual Proof (for UI / UX changes)

No UI changes in this PR.

---

👤 Contributor Status

• I am an open source indie contributor.
• I am an ECWoC’26 contributor.
• I am an OSGC’26 contributor.
• I am a SWOC’26 contributor.
• I am a DSWOC'26 contributor.

---

🔁 Review & Impact

Breaking Changes

• This PR introduces a breaking change (API / contract / DB).
• If yes, I have documented migration steps in the description above.

Dependencies

• I added or upgraded dependencies.
• I explained why these dependencies are needed and checked for license compatibility.

Added: @playwright/test, ts-jest for testing support.

Backward Compatibility / Migrations

• Existing users can continue using GroqTales without manual steps.
• If a migration is required, steps are clearly described (DB migrations, contract redeploys, etc.).

---

✅ Final Acknowledgements (Mandatory or will be marked invalid)

• I confirm that the information and code in this PR are my original work or appropriately credited, and I have the right to contribute them under this repository’s license.
• I understand that by submitting this PR, I take full responsibility and accountability for the changes I am proposing.
• I have read and agree to follow the project’s Code of Conduct, Security Policy, and Contribution Guidelines for all discussions and follow-up on this PR.

Summary by CodeRabbit

Release Notes

• New Features

  • Added rate limiting capability to manage request traffic and improve service stability

• Improvements

  • Enhanced API URL validation with stricter host allowlisting for improved security and reliability
  • Build process now enforces strict TypeScript type checking to catch errors earlier in development

[vercel]

@Aspect022 is attempting to deploy a commit to the Drago's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

📝 Walkthrough

Walkthrough

Reintroduces and standardizes Jest config entries and simplifies test discovery patterns; adds host allowlist validation and fallback logic for NEXT_PUBLIC_API_URL and sets TypeScript build errors to fail in Next.js config; adds @upstash/ratelimit dependency; Tailwind config reformatted only.

Changes

Cohort / File(s)	Summary
Jest config jest.config.js	Reintroduced testEnvironment, setupFilesAfterEnv, and moduleNameMapper; simplified testMatch to conventional __tests__ pattern; formatting and alignment changes.
Next.js config next.config.js	Adds host allowlist validation and URL parsing for NEXT_PUBLIC_API_URL with fallback to http://localhost:3001; logs warnings on invalid input; changes typescript.ignoreBuildErrors from true to false in public config blocks.
Dependencies package.json	Adds @upstash/ratelimit@^2.0.5; adjusts @types/jest version in devDependencies.
Tailwind config (formatting) tailwind.config.js	Reformatted/reordered theme/container/extend blocks only; no behavioral changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• test: Jest configuration upgrade and component unit tests (I-05) #351: Modifies jest.config.js and test setup/discovery; closely related to the Jest config changes here.

Suggested labels

Medium, testing

Suggested reviewers

• Drago-03

Poem

🐰 I hopped through config, neat and spry,
Jest and Next got a careful try.
A host white-list keeps routes in line,
Upstash guards the flow — all fine! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'chore: update config, deps, and project docs' directly reflects the main changes: configuration updates, dependency additions, and documentation updates.
Description check	✅ Passed	The PR description follows the required template with issue references (#376, #375), summary of changes, context/motivation, type of change selection, completed technical checklist, testing evidence, and all mandatory acknowledgements checked.
Linked Issues check	✅ Passed	The PR addresses both linked issues: #376 configuration consolidation (jest.config.js, next.config.js, tailwind.config.js) and #375 redundant file removal (documented in PR objectives), with configuration updates and dependency standardization.
Out of Scope Changes check	✅ Passed	All changes align with linked issue objectives: configuration file updates and dependency management for #376 and #375. No unrelated modifications to core application logic, business features, or UI components detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

package.json (1)

161-161: ⚠️ Potential issue | 🟠 Major

@types/jest ^30.0.0 is mismatched with the Jest 29 runtime.

@types/jest v30.0.0 is a real package on npm. However, the jest runtime stays at ^29.7.0, jest-environment-jsdom at ^29.7.0, and ts-jest at ^29.4.6. The @types/jest package is a third-party library maintained at DefinitelyTyped and may not cover the latest Jest features or versions — and using it ahead of the runtime introduces the same risk in reverse: v30-typed APIs that don't exist in the v29 runtime will typecheck fine but panic at test-run time, while v29 APIs that changed signatures in v30 will emit TypeScript errors.

The linked issue #123 clearly targets a full bump to Jest v30. Either:

• Complete the migration: bump jest, jest-environment-jsdom, and ts-jest to their v30 equivalents and follow the Jest v29→v30 migration guide, or
• Revert @types/jest to ^29.7.0 to match the current runtime until the full migration is done.

🐛 Proposed fix (complete v30 migration)

-    "@types/jest": "^30.0.0",
+    "@types/jest": "^30.0.0",   // keep
...
-    "jest": "^29.7.0",
+    "jest": "^30.0.0",
-    "jest-environment-jsdom": "^29.7.0",
+    "jest-environment-jsdom": "^30.0.0",
...
-    "ts-jest": "^29.4.6",
+    "ts-jest": "^29.4.0",      // ts-jest v29 is the last series; verify ts-jest v30 availability

Also applies to: 182-183, 191-191

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 161, The `@types/jest` entry in package.json is pinned to
^30.0.0 while the runtime packages ("jest", "jest-environment-jsdom", "ts-jest")
are v29, causing a types/runtime mismatch; either revert "@types/jest" to
^29.7.0 to match the existing runtime, or complete the upgrade by bumping
"jest", "jest-environment-jsdom", and "ts-jest" to their v30 equivalents and
follow the Jest v29→v30 migration guide; apply the chosen change consistently to
all occurrences of "@types/jest" and the related test dependencies in
package.json.

🧹 Nitpick comments (1)

jest.config.js (1)

31-31: Non-standard **tests** glob in testMatch.

**tests** is not a standard globstar — within a single path segment micromatch treats it as *tests* (matches any dir name containing "tests", including __tests__). It likely works, but it's non-idiomatic and will confuse maintainers expecting __tests__.

♻️ Proposed clarification

-    '<rootDir>/components/**/**tests**/**/*.test.{ts,tsx}',
+    '<rootDir>/components/**/__tests__/**/*.test.{ts,tsx}',

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@jest.config.js` at line 31, Replace the non‑standard glob segment "**tests**"
in the testMatch entry with the idiomatic "__tests__" directory name: update the
string '<rootDir>/components/**/**tests**/**/*.test.{ts,tsx}' to
'<rootDir>/components/**/__tests__/**/*.test.{ts,tsx}' so the testMatch (the
testMatch array entry) uses the conventional __tests__ pattern and avoids the
confusing '**tests**' segment.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@next.config.js`:
- Line 161: The build config currently sets Next.js' TypeScript option
ignoreBuildErrors: true which suppresses all TS errors; revert this to the safe
default by removing that option or setting ignoreBuildErrors: false in
next.config.js (update the ignoreBuildErrors entry) so type errors fail the
build and surface in CI/deploy pipelines; if this was intended as a temporary
workaround, add a clear comment linking to an issue or migration task tracking
why it was introduced.
- Around line 127-129: The current guard uses envUrl.startsWith('http') to set
apiUrl from NEXT_PUBLIC_API_URL, which is too permissive; replace this with
validation against an explicit allowlist of allowed hostnames or origins: parse
envUrl, extract hostname (or origin), check it is in the allowlist (e.g.,
allowedHosts array) before assigning to apiUrl, and fallback to the default
'http://localhost:3001' if validation fails; update the logic around envUrl and
apiUrl to use this hostname/origin check instead of startsWith('http') and
ensure NEXT_PUBLIC_API_URL is only used when it passes the allowlist validation.

---

Outside diff comments:
In `@package.json`:
- Line 161: The `@types/jest` entry in package.json is pinned to ^30.0.0 while the
runtime packages ("jest", "jest-environment-jsdom", "ts-jest") are v29, causing
a types/runtime mismatch; either revert "@types/jest" to ^29.7.0 to match the
existing runtime, or complete the upgrade by bumping "jest",
"jest-environment-jsdom", and "ts-jest" to their v30 equivalents and follow the
Jest v29→v30 migration guide; apply the chosen change consistently to all
occurrences of "@types/jest" and the related test dependencies in package.json.

---

Nitpick comments:
In `@jest.config.js`:
- Line 31: Replace the non‑standard glob segment "**tests**" in the testMatch
entry with the idiomatic "__tests__" directory name: update the string
'<rootDir>/components/**/**tests**/**/*.test.{ts,tsx}' to
'<rootDir>/components/**/__tests__/**/*.test.{ts,tsx}' so the testMatch (the
testMatch array entry) uses the conventional __tests__ pattern and avoids the
confusing '**tests**' segment.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
groq-tales	Error		Feb 23, 2026 6:35pm

[Drago-03]

@Aspect022 update the branch, pull the recent changes then delete your lock file and run the command npm install --legacy-peer-deps and then push again with new lock file

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

package.json (2)

22-24: ⚠️ Potential issue | 🟠 Major

Node engine floor is too low — root cause of both CI pipeline failures.

@farcaster/frame-sdk@0.1.12 requires node >=22.11.0, but engines.node is set to ">=20.0.0". This mismatch will trigger EBADENGINE warnings in CI and cause resolution failures in environments with strict engine enforcement (e.g., npm install --engine-strict).

Either bump the lower bound to >=22.11.0 or downgrade/replace @farcaster/frame-sdk to a version that supports Node 20.

🔧 Proposed fix (if bumping Node)

  "engines": {
-   "node": ">=20.0.0",
+   "node": ">=22.11.0",
    "npm": ">=10.0.0"
  },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 22 - 24, The package.json "engines.node" lower
bound is too low for the installed dependency `@farcaster/frame-sdk`@0.1.12,
causing EBADENGINE CI failures; update package.json by changing the engines.node
value from ">=20.0.0" to ">=22.11.0" (or alternatively replace/downgrade the
`@farcaster/frame-sdk` dependency to a version compatible with Node 20) and ensure
package-lock/npm lockfile is regenerated so CI uses the new engine constraint;
look for "engines" and the dependency "@farcaster/frame-sdk" in package.json to
make the change.

---

176-176: ⚠️ Potential issue | 🟡 Minor

cross-env upstream repo archived — plan for future maintenance.

cross-env's GitHub repository was archived by its owner on November 19, 2025 and is now read-only. The latest published version is 10.1.0 (released September 29, 2025), which this project pins to, so there is no immediate breakage. However, no future security patches will be issued from upstream. Consider evaluating alternatives such as Node's built-in --env-file flag (available since Node 20) or tracking if a community fork emerges.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 176, The package currently pins the archived dependency
"cross-env" at version "10.1.0"; replace it proactively by evaluating and
switching to a maintained alternative or Node-native option: audit all uses of
"cross-env" in package.json scripts, then either (A) if the runtime is Node 20+
convert scripts to use Node's built-in --env-file behavior and remove
"cross-env" from devDependencies, or (B) choose a maintained substitute (e.g.,
dotenv-cli or env-cmd), update devDependencies and rewrite scripts to use that
tool, and add a short changelog/issue note documenting the replacement plan and
compatibility testing.

🧹 Nitpick comments (1)

package.json (1)

155-158: yarn and webpack-bundle-analyzer are misplaced under dependencies.

Both are build/development tools that have no role at runtime and should not be installed in production environments. They inflate the production dependency tree unnecessarily.

♻️ Suggested move to `devDependencies`

-   "webpack-bundle-analyzer": "^5.2.0",
    "winston": "^3.19.0",
    "winston-daily-rotate-file": "^5.0.0",
-   "yarn": "^1.22.22",
    "zod": "^3.22.4"
  },
  "devDependencies": {
    ...
+   "webpack-bundle-analyzer": "^5.2.0",
+   "yarn": "^1.22.22",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 155 - 158, package.json currently lists "yarn" and
"webpack-bundle-analyzer" under dependencies; these are build/dev tools and
should be moved to devDependencies. Remove "yarn" and "webpack-bundle-analyzer"
from the dependencies block and add them to the devDependencies block (or run
the equivalent package manager commands to install them with --save-dev),
leaving runtime libs like "winston" and "winston-daily-rotate-file" in
dependencies.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@package.json`:
- Around line 22-24: The package.json "engines.node" lower bound is too low for
the installed dependency `@farcaster/frame-sdk`@0.1.12, causing EBADENGINE CI
failures; update package.json by changing the engines.node value from ">=20.0.0"
to ">=22.11.0" (or alternatively replace/downgrade the `@farcaster/frame-sdk`
dependency to a version compatible with Node 20) and ensure package-lock/npm
lockfile is regenerated so CI uses the new engine constraint; look for "engines"
and the dependency "@farcaster/frame-sdk" in package.json to make the change.
- Line 176: The package currently pins the archived dependency "cross-env" at
version "10.1.0"; replace it proactively by evaluating and switching to a
maintained alternative or Node-native option: audit all uses of "cross-env" in
package.json scripts, then either (A) if the runtime is Node 20+ convert scripts
to use Node's built-in --env-file behavior and remove "cross-env" from
devDependencies, or (B) choose a maintained substitute (e.g., dotenv-cli or
env-cmd), update devDependencies and rewrite scripts to use that tool, and add a
short changelog/issue note documenting the replacement plan and compatibility
testing.

---

Nitpick comments:
In `@package.json`:
- Around line 155-158: package.json currently lists "yarn" and
"webpack-bundle-analyzer" under dependencies; these are build/dev tools and
should be moved to devDependencies. Remove "yarn" and "webpack-bundle-analyzer"
from the dependencies block and add them to the devDependencies block (or run
the equivalent package manager commands to install them with --save-dev),
leaving runtime libs like "winston" and "winston-daily-rotate-file" in
dependencies.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 483bc61 and cdfe70d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• jest.config.js
• next.config.js
• package.json

🚧 Files skipped from review as they are similar to previous changes (2)

• next.config.js
• jest.config.js

[Drago-03]

Not mergeable. DemoComponents.tsx imports useAccount from @/lib/wagmi-mock, but lib/wagmi-mock.tsx doesn’t export a valid module (or doesn’t exist). Either implement and export useAccount (and any other used hooks) from lib/wagmi-mock.tsx, or update the import in DemoComponents.tsx to point at the real wagmi client/module so npm run vercel-build passes.