Danijel Martinek
1108e24ea0
Add approved trace files for payload, @trpc/server, @trpc/client, zod, superjson, @payloadcms/db-postgres, @payloadcms/richtext-lexical, globals, react, react-dom, vitest, @tanstack/react-query, and all @testing-library/* packages. All traces dated 2026-05-14, decision: approved, adr: null. Establishes the baseline so the pre-commit library-decisions gate is additive (new deps require traces) rather than disruptive (old deps fail immediately). All 34 trace files pass validateTrace() from schema.mjs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3.2 KiB
package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
| package | version | tier | decision | date | deciders | adr | filter-results | verification-commands | accepted-cves | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @trpc/server | ^11.0.0 | core | approved | 2026-05-14 |
|
null |
|
|
Filter: license
npm view @trpc/server license returns MIT. MIT is on the allowlist.
Filter: types
@trpc/server is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/ package is needed.
Filter: maintenance
Actively maintained by the tRPC team. The 11.x line is the current major. Regular releases; strong community adoption in the Next.js ecosystem.
Filter: boundary-fit
@trpc/server is the workspace-standard RPC layer for type-safe client-server communication (ADR-019 references tRPC as the transport for use-case exposure). Feature packages export their tRPC routers; core-api aggregates them; apps mount the root router. Feature packages own their error middleware (integrations/api/procedures.ts). No boundary rule restricts @trpc/server to a specific tier.
Filter: shadow-check
@trpc/server is the sole RPC framework in the workspace. No competing API layer (REST, GraphQL, gRPC) is present for the same purpose.
Filter: eu-residency
@trpc/server is a pure server-side routing library with no network communication to vendor-controlled endpoints. EU residency does not apply.
Filter: cve-scan
pnpm audit --audit-level=moderate reports no advisories against @trpc/server at the time of this trace.
Filter: named-consumer
All five feature packages export a tRPC router that uses @trpc/server. @repo/core-api aggregates these routers. @repo/core-shared provides the tRPC base instance and error middleware utilities. Named, non-hypothetical consumers exist today.
Prompt: replaces
@trpc/server replaces a hypothetical hand-written REST API layer. tRPC enables end-to-end type safety between the server use cases and the Next.js client without a separate OpenAPI spec or code generation step.
Prompt: migration-cost-out
Hard. tRPC router types propagate from the server to the client via TypeScript inference. Every feature package's tRPC router, the root AppRouter type in core-api, and every client-side query in the apps reference @trpc/server types. Migrating to REST would require replacing all router definitions, regenerating types (e.g., via OpenAPI), and updating all client call sites.
Prompt: alternatives-considered
- GraphQL (Apollo/Pothos) — More complex schema layer required; the resolver pattern does not map cleanly onto the factory-function use-case pattern mandated by CLAUDE.md.
- OpenAPI + Zodios — Requires a separate schema definition step and code generation; tRPC's type inference is more direct for a monorepo where client and server share the same TypeScript project.