refactor: replace nanoid with @steebchen/id

[steebchen]

Summary

Migrate from nanoid to @steebchen/id library for ID generation. Uses id() for 20-character time-sortable IDs and random(size) for longer lengths. The new library provides nanosecond precision timestamps and simplified API.

Changes

• Updated @steebchen/id to v1.3.0 in both packages/db and apps/playground
• Modified shortid() function to use id() for defaults and random() for larger sizes
• Removed nanoid imports and customAlphabet configuration

Test Plan

• Build completes successfully
• All tests passing
• Format checks passing

Summary by CodeRabbit

• Chores
  • Switched the project-wide ID/token generation to a new, unified library for IDs, request IDs and API tokens.
  • Removed the previous ID dependency and introduced the new one for consistency.
  • Expanded recorded finish-reason values to provide broader status coverage for operations and logs.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Replaces nanoid/shortid usage with @steebchen/id across packages. ID generation sites now call id() (for shorter IDs) or random() (for longer tokens) and DB exports updated accordingly; UnifiedFinishReason enum in schema was expanded.

Changes

Cohort / File(s)	Summary
Dependency updates apps/playground/package.json, packages/db/package.json	Removed nanoid, added @steebchen/id v1.3.0.
Playground UI ID usage apps/playground/src/components/ai-elements/prompt-input.tsx	Replaced nanoid() with id() and updated imports to @steebchen/id.
DB package: schema and exports packages/db/src/schema.ts	Replaced shortid-based defaults with id() for table PK defaults and re-exported id and random from @steebchen/id; removed custom shortid/shortid generator; expanded UnifiedFinishReason enum with new values.
API auth & keys apps/api/src/auth/config.ts, apps/api/src/routes/keys-api.ts, apps/api/src/routes/playground.ts	Switched imports from shortid → random and token generation calls from shortid(40) → random(40).
Gateway request IDs apps/gateway/src/chat/chat.ts	Replaced request ID generation shortid(40) with id() (now uses id() as default x-request-id) and updated imports.

Sequence Diagram(s)

sequenceDiagram
    participant Caller as Component (API / UI / Gateway / DB)
    participant IDLib as `@steebchen/id`
    Note over Caller,IDLib `#E8F8F5`: ID/token generation (new)
    Caller->>IDLib: id() or random(size)
    IDLib-->>Caller: generated string
    Note right of Caller: Use value for DB PKs, API tokens, request IDs, UI entries

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Review packages/db/src/schema.ts carefully for export changes and enum extension impacts.
• Verify consumers compile after shortid removal and new id/random API.
• Confirm token length/charset expectations where random(40) replaces shortid(40).

Possibly related PRs

• feat: github oauth #972 — modifies apps/api/src/auth/config.ts and may overlap changes to playground API key creation/token generation.

Suggested labels

auto-merge

Suggested reviewers

• smakosh

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main change: replacing nanoid with @steebchen/id library across the codebase, which is the core objective of this refactoring PR.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch replace-nanoid-with-id

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7a3f700 and ff275dd.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (8)

• apps/api/src/auth/config.ts (2 hunks)
• apps/api/src/routes/keys-api.ts (2 hunks)
• apps/api/src/routes/playground.ts (2 hunks)
• apps/gateway/src/chat/chat.ts (2 hunks)
• apps/playground/package.json (1 hunks)
• apps/playground/src/components/ai-elements/prompt-input.tsx (3 hunks)
• packages/db/package.json (1 hunks)
• packages/db/src/schema.ts (24 hunks)

🚧 Files skipped from review as they are similar to previous changes (6)

• apps/api/src/routes/keys-api.ts
• apps/api/src/auth/config.ts
• packages/db/package.json
• apps/gateway/src/chat/chat.ts
• apps/playground/package.json
• apps/api/src/routes/playground.ts

🧰 Additional context used

🪛 ESLint

packages/db/src/schema.ts

[error] 1-1: Resolve error: EACCES: permission denied, open '/UMNFAKDtXN'
at Object.writeFileSync (node:fs:2409:20)
at l (/home/jailuser/git/node_modules/.pnpm/[email protected]/node_modules/get-tsconfig/dist/index.cjs:7:13685)
at createFilesMatcher (/home/jailuser/git/node_modules/.pnpm/[email protected]/node_modules/get-tsconfig/dist/index.cjs:7:14437)
at Object.resolve (/home/jailuser/git/node_modules/.pnpm/[email protected][email protected][email protected][email protected]_/node_modules/eslint-import-resolver-typescript/lib/index.cjs:298:107)
at withResolver (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/resolve.js:180:23)
at fullResolve (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/resolve.js:201:22)
at relative (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/resolve.js:217:10)
at resolve (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/resolve.js:233:12)
at resolveImportType (/home/jailuser/git/node_modules/.pnpm/eslint-plugin-import@2.32.0_@typescript-eslint[email protected]_eslint@[email protected]___986ec7d736a20dae59d4d473ff8a6f0d/node_modules/eslint-plugin-import/lib/core/importType.js:126:2822)
at computeRank (/home/jailuser/git/node_modules/.pnpm/eslint-plugin-import@2.32.0_@typescript-eslint[email protected]_eslint@[email protected]___986ec7d736a20dae59d4d473ff8a6f0d/node_modules/eslint-plugin-import/lib/rules/order.js:529:43)

(import/order)

---

[error] 1-1: Resolve error: EACCES: permission denied, open '/YFxumxBmJN'
at Object.writeFileSync (node:fs:2409:20)
at l (/home/jailuser/git/node_modules/.pnpm/[email protected]/node_modules/get-tsconfig/dist/index.cjs:7:13685)
at createFilesMatcher (/home/jailuser/git/node_modules/.pnpm/[email protected]/node_modules/get-tsconfig/dist/index.cjs:7:14437)
at Object.resolve (/home/jailuser/git/node_modules/.pnpm/[email protected][email protected][email protected][email protected]_/node_modules/eslint-import-resolver-typescript/lib/index.cjs:298:107)
at withResolver (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/resolve.js:180:23)
at fullResolve (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/resolve.js:201:22)
at relative (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/resolve.js:217:10)
at resolve (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/resolve.js:233:12)
at checkSourceValue (/home/jailuser/git/node_modules/.pnpm/eslint-plugin-import@2.32.0_@typescript-eslint[email protected]_eslint@[email protected]___986ec7d736a20dae59d4d473ff8a6f0d/node_modules/eslint-plugin-import/lib/rules/no-useless-path-segments.js:85:53)
at checkSourceValue (/home/jailuser/git/node_modules/.pnpm/eslint-module-utils@2.12.1_@typescript-eslint[email protected][email protected][email protected]__t_eb0afb446ca3f59399f5d681f0059e64/node_modules/eslint-module-utils/moduleVisitor.js:32:5)

(import/no-useless-path-segments)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (16)

• GitHub Check: build-split (worker, linux/amd64)
• GitHub Check: build-split (gateway, linux/amd64)
• GitHub Check: build-split (docs, linux/amd64)
• GitHub Check: build-split (playground, linux/amd64)
• GitHub Check: build-split (ui, linux/amd64)
• GitHub Check: build-split (api, linux/amd64)
• GitHub Check: build / run
• GitHub Check: test / run
• GitHub Check: generate / run
• GitHub Check: lint / run
• GitHub Check: e2e-shards (1)
• GitHub Check: e2e-shards (3)
• GitHub Check: e2e-shards (4)
• GitHub Check: e2e-shards (5)
• GitHub Check: e2e-shards (2)
• GitHub Check: autofix

🔇 Additional comments (3)

apps/playground/src/components/ai-elements/prompt-input.tsx (1)

3-3: Attachment ID generation switch to id() looks safe

Using id() from @steebchen/id for attachment IDs (both in the provider and local state) keeps the type as string and is only used for React keys and in‑memory lookups, so the change in ID shape/length should be behaviorally transparent here. No issues from a correctness or UX standpoint.

Please just confirm that @steebchen/id v1.3.0 is correctly installed in apps/playground and that bundling/runtime targets match the library’s documented support.

Also applies to: 146-154, 520-528

packages/db/src/schema.ts (2)

1-1: Centralizing ID utilities via @steebchen/id re-export is reasonable

Importing id for local defaults and re‑exporting { id, random } from this module gives consumers a single, consistent ID utility source, which aligns with the PR’s goal of standardizing on @steebchen/id. Just ensure all previous nanoid/shortid exports from packages/db have been updated at their call sites so there are no lingering imports.

Please verify against the current packages/db public surface (e.g., src/index.ts) that consumers now only import ID helpers from this new export and that @steebchen/id v1.3.0 is listed as a dependency/peer where needed.

Also applies to: 20-21

---

38-38: Switching primary key defaults to id() is consistent but watch for callers assuming old ID shape

Standardizing the id primary keys across user/session/org/projects/keys/logs/etc. to text().primaryKey().$defaultFn(id) is a clean, consistent move and should be schema‑safe since columns remain text and existing rows are untouched. The only potential impact is on any external code (APIs, clients, scripts) that might validate or parse IDs assuming the previous nanoid length/alphabet.

It would be good to:

• Re‑run a quick search in the repo for ad‑hoc ID validators/regexes that assume nanoid/shortid formats (e.g., fixed length) and confirm they were updated for the new 20‑character, time‑sortable IDs.
• Confirm that your migration/tests cover inserts into all affected tables without explicitly setting id, to ensure $defaultFn(id) behaves as expected under Drizzle in your runtime.

Also applies to: 54-54, 74-74, 97-97, 106-106, 147-147, 184-184, 211-211, 238-238, 267-267, 322-322, 349-349, 452-452, 475-475, 493-493, 514-514, 526-526, 547-547, 569-569, 647-647, 702-702, 751-751

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4f7ad10 and 7a3f700.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (8)

• apps/api/src/auth/config.ts (2 hunks)
• apps/api/src/routes/keys-api.ts (2 hunks)
• apps/api/src/routes/playground.ts (2 hunks)
• apps/gateway/src/chat/chat.ts (2 hunks)
• apps/playground/package.json (1 hunks)
• apps/playground/src/components/ai-elements/prompt-input.tsx (3 hunks)
• packages/db/package.json (1 hunks)
• packages/db/src/schema.ts (24 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• apps/playground/src/components/ai-elements/prompt-input.tsx
• packages/db/package.json
• apps/playground/package.json

🧰 Additional context used

🧬 Code graph analysis (4)

apps/api/src/routes/playground.ts (1)

packages/db/src/schema.ts (1)

• random (20-20)

apps/api/src/routes/keys-api.ts (1)

packages/db/src/schema.ts (1)

• random (20-20)

apps/gateway/src/chat/chat.ts (1)

packages/db/src/schema.ts (1)

• random (20-20)

apps/api/src/auth/config.ts (1)

packages/db/src/schema.ts (1)

• random (20-20)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (16)

• GitHub Check: build-split (docs, linux/amd64)
• GitHub Check: build-unified (linux/amd64)
• GitHub Check: build-split (playground, linux/amd64)
• GitHub Check: build-split (ui, linux/amd64)
• GitHub Check: build-split (gateway, linux/amd64)
• GitHub Check: build-split (api, linux/amd64)
• GitHub Check: build / run
• GitHub Check: test / run
• GitHub Check: lint / run
• GitHub Check: generate / run
• GitHub Check: autofix
• GitHub Check: e2e-shards (3)
• GitHub Check: e2e-shards (5)
• GitHub Check: e2e-shards (1)
• GitHub Check: e2e-shards (4)
• GitHub Check: e2e-shards (2)

🔇 Additional comments (5)

apps/api/src/routes/playground.ts (1)

5-5: Token generation change looks consistent.

The replacement of shortid(40) with random(40) follows the same pattern as in keys-api.ts. This maintains consistency across the codebase for token generation.

Also applies to: 79-79

apps/gateway/src/chat/chat.ts (1)

24-24: Request ID generation change looks good.

Using random(40) for request ID generation is appropriate. Request IDs are used for tracing/correlation and don't require the same cryptographic security as authentication tokens.

Also applies to: 362-362

apps/api/src/auth/config.ts (1)

10-10: Auto-generated API key token change is consistent.

The token generation for the auto-created playground API key now uses random(40), consistent with the other API key generation sites. Pending verification of the security properties mentioned in keys-api.ts.

Also applies to: 724-724

packages/db/src/schema.ts (2)

1-1: The package "@steebchen/id" does not appear to exist on npm registry.

The package "@steebchen/id" does not appear to be published on the npm registry, making the import in the code invalid. Verify whether the package name is correct or if this should be a different package. If this import will fail, the build/installation cannot proceed.

Likely an incorrect or invalid review comment.

---

38-38: Based on my verification of the codebase:

No issues found - the ID migration is complete and properly implemented.

✅ Change Status: The refactor from nanoid to @steebchen/id (version 1.3.0) has been fully merged (commit 7a3f700). All 23 affected tables consistently use text().primaryKey().$defaultFn(id).

✅ No Old References: Ripgrep found zero remaining references to shortid or nanoid in the codebase—the migration is complete.

✅ Database Schema: Text column types are adequate for alphanumeric IDs from @steebchen/id.

✅ No Application Code Dependencies: The search across the entire codebase revealed no code checking for specific ID format or length constraints.

✅ Foreign Keys & Constraints: All references properly use cascade deletes and are correctly configured.

The review comment flags concerns about a breaking change, but the actual migration is already finished and working correctly. No developer action is required.