fraqtal/agentic-dev
Template
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
6606b59d1e900d080663cb94104c20c19e722bf4
agentic-dev/docs/library-decisions/2026-05-14-react.md
Danijel Martinek 98d96d2e19 docs(tooling): add sub-processor discriminated union to ADR-022 and traces 
Amends ADR-022 §9 with the `is-sub-processor` / `processes-pii` discriminated
union spec, including the five conditional fields required when a library is a
true GDPR sub-processor. Updates the evaluate-library skill to prompt for these
fields during every trace authoring pass and adds the updated frontmatter
template. Backfills all nine existing library-decision traces with the new
fields; payload gets `processes-pii: true` (self-hosted CMS that stores user
data); all pure in-process libraries get `false / false`.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 18:44:09 +00:00

88 lines
2.8 KiB
Markdown
Raw Blame History

---
package: react
version: "^19.0.0"
tier: core
decision: approved
date: 2026-05-14
deciders: [Danijel Martinek]
adr: null
lastRevalidated: null
is-sub-processor: false
processes-pii: false
filter-results:
license: MIT
types: native
maintenance: active
boundary-fit: pass
shadow-check: pass
eu-residency: n/a
cve-scan: clean
named-consumer: pass
verification-commands:
- npm view react license
- npm view react version
- pnpm audit --audit-level=moderate
accepted-cves: []
---
## Filter: license
<!-- Result: MIT -->
`npm view react license` returns `MIT`. MIT is on the allowlist.
## Filter: types
<!-- Result: native -->
React 19 ships its own TypeScript declaration files bundled in the package. No separate `@types/react` package is required at runtime (though `@types/react` is still used as a devDependency for type-checking in some packages).
## Filter: maintenance
<!-- Result: active -->
Actively maintained by Meta. React 19 is the current stable major release. Long-term support commitment from Meta; used in production by millions of applications.
## Filter: boundary-fit
<!-- Result: pass -->
`react` is a dependency of `@repo/core-testing` to support React component rendering in test environments via `@testing-library/react`. The Next.js and TanStack Start apps consume React through their framework packages. No boundary rule restricts React usage in the testing tier.
## Filter: shadow-check
<!-- Result: pass -->
React is the sole UI rendering library in the workspace. No competing component library (Vue, Svelte, Solid, etc.) is present.
## Filter: eu-residency
<!-- Result: n/a -->
`react` is a pure runtime library for UI rendering with no network communication to vendor-controlled endpoints. EU residency does not apply.
## Filter: cve-scan
<!-- Result: clean -->
`pnpm audit --audit-level=moderate` reports no advisories against `react` at the time of this trace.
## Filter: named-consumer
<!-- Result: pass -->
`@repo/core-testing` uses `react` as a peer for `@testing-library/react`. The Next.js and TanStack Start apps consume React through their framework layers. Named, non-hypothetical consumers exist today.
## Prompt: replaces
React replaces no prior UI framework — it is the founding choice for the web layer of this monorepo.
## Prompt: migration-cost-out
Impossible. React's component model and JSX syntax are used throughout both frontend apps and the testing layer. Replacing React would require rewriting all UI components, routing layers, and testing utilities across two apps.
## Prompt: alternatives-considered
1. **Vue** — Different component model; incompatible with the Next.js and tRPC ecosystem choices made at project inception.
2. **Solid** — Excellent performance characteristics but smaller ecosystem; Next.js and the established tRPC/React Query integration made React the pragmatic choice.
Reference in New Issue View Git Blame Copy Permalink