feat: align aiox-pro naming, sync, and update flow

[rafaelscosta]

Summary

• align aiox-core with the renamed SynkraAI/aiox-pro repository across workflows, docs, and the pro submodule
• keep @aiox-fullstack/pro as the canonical package name with fallback support for @aios-fullstack/pro
• expose an explicit aiox pro update flow so Pro can refresh from npm without reinstalling aiox-core
• document the migration under Story 123.1 and Story 123.2

Validation

• npm run lint
• npm run typecheck
• npx jest tests/pro/pro-detector.test.js tests/pro/pro-updater.test.js tests/installer/pro-scaffolder.test.js --runInBand --no-coverage
• git diff --check

External dependency

• SynkraAI/aiox-pro#7 merged to main
• local npm auth still lacks access to the @aiox-fullstack org, so canonical publication remains dependent on npm org permissions even though the code path already supports it

Summary by CodeRabbit

• New Features

  • Automated submodule sync: daily/manual run with optional target-commit, updates submodule on a bot branch and opens/updates a PR.
  • Pro update flow: new CLI subcommand and updater to detect/install/update AIOX Pro, re-run scaffolding, and report results.
  • Pro source resolution: canonical + fallback package resolution and CLI flags to include Pro during updates.

• Documentation

  • New/updated docs and README describing Pro install/update flow, gating, and operational checklist.

• Tests

  • Added and updated tests covering Pro detection and updater logic.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
aiox-core	Ready	Preview, Comment	Apr 11, 2026 8:15pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds an automated "Sync Pro Submodule Fallback" GitHub Actions workflow that resolves a target commit from the upstream Pro repo (or uses an input SHA), compares it with this repo's pro submodule, reclones/updates the submodule when drift exists, commits/pushes a sync branch, and creates/updates a PR. Also adds Pro update tooling, detection, tests, and related docs.

Changes

Cohort / File(s)	Summary
Workflow .github/workflows/sync-pro-submodule.yml	New "Sync Pro Submodule Fallback" workflow: scheduled + manual trigger with optional target_sha; resolves upstream URL (with fallback), optionally injects PRO_SUBMODULE_TOKEN, determines target SHA, compares to current pro submodule SHA, reclones/fetches target commit when drifted, stages updated pointer, commits to bot/sync-pro-submodule, force-pushes branch, and creates/updates a PR via gh.
Pro updater & core logic .aiox-core/core/pro/pro-updater.js, .aiox-core/cli/commands/pro/index.js, bin/aiox.js	Adds a new Pro updater module and CLI integration: detects package manager, resolves installed Pro package, queries npm registry, performs semver compatibility checks, optionally updates core first, installs Pro, runs scaffolder, and surfaces formatted results; exposes aiox pro update command and hooks updater into top-level update flow.
Pro detection & loader bin/utils/pro-detector.js, packages/aiox-pro-cli/bin/aiox-pro.js, packages/installer/src/pro/pro-scaffolder.js, packages/installer/src/wizard/pro-setup.js, packages/installer/src/wizard/i18n.js	Introduce canonical+fallback npm package resolution (@aiox-fullstack/pro then @aios-fullstack/pro), new resolver APIs/constants, update module-loading and messaging to prefer npm package then submodule, and update installers/CLI to handle both package names and new commands.
Docs / Stories / READMEs docs/stories/epic-123/*, docs/guides/pro/install-gate-setup.md, README.md, README.en.md	Adds two story docs describing sync and alignment goals; updates Pro installation/branding text across docs to reference generic "AIOX Pro" and npx aiox-pro install usage; records ops details and required secrets.
Tests tests/pro/pro-detector.test.js, tests/pro/pro-updater.test.js	Updates and adds tests covering new npm-resolution in pro-detector and a new comprehensive test suite for the Pro updater (mocks for fs/https/execSync, core detection, semver checks, fetch behavior, and failure modes).
Package / manifest changes package.json, .aiox-core/install-manifest.yaml	Adds package exports subpath for pro scaffolder and package.json export; updates install manifest metadata and registers new pro-updater file.
CI workflow tweak .github/workflows/publish-pro.yml	Small change to release notes installation command from npm install @aiox-fullstack/pro`` to npx aiox-pro install.
Submodule pointer pro (gitlink)	Updated pro submodule commit pointer from c90d421... to 8f16e8e....

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Trigger as "Cron / Manual Trigger"
    participant Runner as "GH Actions Runner"
    participant Upstream as "aiox-pro (Git)"
    participant Repo as "aiox-core (repo with `pro` submodule)"
    participant GH as "GitHub API / gh CLI"

    Trigger->>Runner: start workflow
    Runner->>Upstream: resolve upstream URL (from .gitmodules or fallback)
    Runner->>Upstream: determine target SHA (input or upstream main)
    Runner->>Repo: read current `pro` submodule SHA
    Runner->>Runner: compare SHAs
    alt SHAs differ
        Runner->>Repo: remove existing `pro` dir
        Runner->>Upstream: clone/fetch target commit (authenticated if token)
        Runner->>Repo: checkout target commit in `pro`
        Runner->>Repo: stage submodule pointer, commit to bot/sync-pro-submodule
        Runner->>GH: force-push branch
        Runner->>GH: create or update PR with prior/target SHAs and trigger info
    else SHAs match
        Runner->>Runner: exit no-op
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• docs(pro): rebrand AIOS → AIOX in pro READMEs #558 — touches the pro submodule pointer and related README/docs rebranding and may overlap with the submodule pointer and documentation edits in this PR.
• fix: replace deprecated glob with fast-glob and fix pro bootstrap #560 — modifies pro bootstrap/license logic in packages/installer/src/wizard/pro-setup.js, which intersects with the pro resolution/refactor in this PR.

Suggested reviewers

• oalanicolas
• Pedrovaleriolopez

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 69.44% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main objectives of this PR: alignment of aiox-pro naming conventions, implementation of automated submodule synchronization, and introduction of a new update flow. It clearly conveys the primary changes across the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/pro-sync-automation-main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📊 Coverage Report

Coverage report not available

📈 Full coverage report available in Codecov

---

Generated by PR Automation (Story 6.1)

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/sync-pro-submodule.yml:
- Around line 22-24: The workflow sets PRO_REPO_URL to a different repository
than the submodule actually tracks, causing TARGET_SHA resolution to use the
wrong remote; change the logic so TARGET_SHA is resolved from the submodule's
actual remote (either update PRO_REPO_URL to match the submodule remote declared
in .gitmodules or compute the remote at runtime via git -C pro remote get-url
origin) and use that derived URL when fetching/checkout the submodule; update
every place that currently relies on PRO_REPO_URL/TARGET_SHA (the job steps that
set TARGET_SHA and the subsequent fetch/checkout steps) to use the corrected
remote resolution.
- Around line 26-30: The checkout step using actions/checkout@v4 currently omits
authentication and will fail when fetching the private SynkraAI/aios-pro
submodule; update the Checkout aiox-core with submodules step to pass token: ${{
secrets.PRO_SUBMODULE_TOKEN }} to actions/checkout (keeping fetch-depth: 0 and
submodules: recursive) and add a short comment noting that PRO_SUBMODULE_TOKEN
must be configured in repository secrets so the later jobs ("Resolve upstream
target" and "Update pro submodule pointer") can access the private submodule.

In `@docs/stories/epic-123/STORY-123.1-pro-sync-automation.md`:
- Around line 41-48: The markdown in STORY-123.1-pro-sync-automation.md contains
workstation-local absolute file links that must be replaced: change each
/Users/rafaelcosta/... entry to repository-safe references—use
repository-relative links for files that live in aiox-core (e.g.,
docs/stories/epic-123/STORY-123.1-pro-sync-automation.md,
.github/workflows/sync-pro-submodule.yml, .github/workflows/sync-aiox-core.yml)
and use plain inline code references (e.g., `package.json`, `squads/README.md`,
`scripts/validate-publish-surface.js`) or canonical cross-repo URLs for files
that live in the aios-pro repo (.github/workflows/ci.yml,
.github/workflows/publish.yml); update those link targets in the document so no
/Users/... paths remain.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 00f14639-db01-4347-97be-74e732f72d82

📥 Commits

Reviewing files that changed from the base of the PR and between 0df1e25 and 27ecc20.

📒 Files selected for processing (2)

• .github/workflows/sync-pro-submodule.yml
• docs/stories/epic-123/STORY-123.1-pro-sync-automation.md

Comentários endereçados nos commits d021ddc e 8a87e0d; dismiss para liberar merge.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/sync-pro-submodule.yml:
- Around line 64-73: The workflow currently may continue with an empty
TARGET_SHA when git ls-remote returns nothing; after the TARGET_SHA resolution
(the block setting TARGET_SHA and the git ls-remote call), add a validation
check that TARGET_SHA is non-empty and if empty write a clear error to stderr
(or use echo "::error::..."), and exit non-zero (e.g., exit 1) to fail fast;
likewise validate CURRENT_SHA (the git ls-tree result) and fail with an
explanatory message if it’s empty before writing outputs like "target_sha" and
"current_sha" to GITHUB_OUTPUT.
- Around line 26-32: The core checkout should not depend on PRO_SUBMODULE_TOKEN;
update the actions/checkout step that currently sets token: ${{
secrets.PRO_SUBMODULE_TOKEN || github.token }} to always use github.token so the
core-repo push/auth is decoupled from the pro remote PAT, and change the
upstream resolution step that currently uses repo_url to use auth_url instead so
upstream SHA resolution is performed with authenticated URL; locate the
actions/checkout step (uses: actions/checkout@v4) and the step referencing
repo_url/auth_url and replace token usage and repo_url with auth_url
respectively.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e14ca179-470b-4ba5-be64-e5b54ce0c56d

📥 Commits

Reviewing files that changed from the base of the PR and between d021ddc and 8a87e0d.

📒 Files selected for processing (2)

• .github/workflows/sync-pro-submodule.yml
• docs/stories/epic-123/STORY-123.1-pro-sync-automation.md

[rafaelscosta]

Atualização de contexto para review:

• SynkraAI/aiox-pro#7 já foi mergeada em main
• o submódulo pro nesta PR agora aponta para o commit mergeado 8f16e8e
• corrigi também o falso negativo de Install Manifest Validation regenerando o manifest sobre a árvore limpa (247eb76)

Neste ponto, a PR ficou alinhada com o rename para aiox-pro, com fallback transitório para @aios-fullstack/pro, e com o fluxo explícito de aiox pro update já integrado.

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (5)

docs/stories/epic-123/STORY-123.2-aiox-pro-alignment-and-update-flow.md (1)

44-44: Consider moving account-specific npm access details out of the story file.

This line is highly time-sensitive and person-specific; it may age quickly and create maintenance noise in long-lived docs.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/stories/epic-123/STORY-123.2-aiox-pro-alignment-and-update-flow.md` at
line 44, The sentence "Estado do npm em 2026-04-11: a conta local `rafaelscosta`
tem administração no org `@aios-fullstack`, mas não possui acesso ao org
`@aiox-fullstack`..." is account- and time-specific and should be removed from
the public story; replace it with a generic note such as "Verify package
publication permissions with the npm org owners" or move the detailed
account-specific info to an internal/team-only document (e.g., a private ops/or
permissions checklist) and add a short pointer in the story to that private doc;
update the story file (STORY-123.2-aiox-pro-alignment-and-update-flow.md) to use
the generic sentence or pointer and ensure no personal account names or dates
remain.

bin/utils/pro-detector.js (1)

95-107: Only treat MODULE_NOT_FOUND as “not installed”.

These broad catches also suppress real initialization errors from the resolved Pro module and silently fall back to another source. That can hide a broken npm install and load stale code from pro/ instead of surfacing the actual failure. packages/installer/src/wizard/pro-setup.js:334-346 already uses the narrower pattern.

Possible fix

+function tryRequire(requestPath) {
+  try {
+    return require(requestPath);
+  } catch (error) {
+    if (
+      error?.code === 'MODULE_NOT_FOUND'
+      && typeof error.message === 'string'
+      && error.message.includes(requestPath)
+    ) {
+      return null;
+    }
+    throw error;
+  }
+}
+
 function loadProModule(moduleName) {
   // 1. Try npm package
   const npmPro = resolveNpmProPackage();
   if (npmPro) {
-    try {
-      return require(path.join(npmPro.packagePath, moduleName));
-    } catch { /* fall through */ }
+    const loaded = tryRequire(path.join(npmPro.packagePath, moduleName));
+    if (loaded) return loaded;
   }
 
   // 2. Try submodule
   if (fs.existsSync(PRO_PACKAGE_PATH)) {
-    try {
-      return require(path.join(PRO_DIR, moduleName));
-    } catch { /* not available */ }
+    const loaded = tryRequire(path.join(PRO_DIR, moduleName));
+    if (loaded) return loaded;
   }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bin/utils/pro-detector.js` around lines 95 - 107, The try/catch blocks around
require(...) in pro-detector.js are too broad and mask real errors; update both
catches (the one after using resolveNpmProPackage()/npmPro and the one after
checking PRO_PACKAGE_PATH/PRO_DIR) to only swallow errors whose code ===
'MODULE_NOT_FOUND' and rethrow any other error so initialization issues surface;
locate the require calls that use npmPro.packagePath and path.join(PRO_DIR,
moduleName) and change the catch logic to inspect err.code and only
return/fall-through for MODULE_NOT_FOUND, otherwise throw the caught error.

tests/pro/pro-updater.test.js (1)

185-190: Add a scoped-peer fixture here too.

The updater now detects @synkra/aiox-core, but the registry fixtures in this suite still only publish peerDependencies['aiox-core']. A dedicated scoped-peer case would catch compatibility regressions for the renamed package.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/pro/pro-updater.test.js` around lines 185 - 190, The registry fixture
used by mockRegistryResponse currently sets peerDependencies['aiox-core'] only;
add a scoped-peer case so the mock also includes '@synkra/aiox-core' (e.g.
peerDependencies: { 'aiox-core': '>=5.0.0', '@synkra/aiox-core': '>=5.0.0' } or
add a separate mockRegistryResponse call that publishes '@synkra/aiox-core' with
the same version), so the pro-updater tests exercise detection of the renamed
scoped package; update the mockRegistryResponse invocation near the existing one
in the pro-updater.test.js suite to include the scoped package.

tests/pro/pro-detector.test.js (2)

209-217: Cover the new npm-first branch in the version/info tests.

getProVersion() and getProInfo() now prefer the installed npm package, but the assertions here still only exercise the submodule path. A regression in the new primary branch would leave this suite green.

Also applies to: 253-273

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/pro/pro-detector.test.js` around lines 209 - 217, The tests only
exercise the submodule path; update the test(s) around getProVersion() and
getProInfo() (including the other block at lines 253-273) to also cover the
npm-first branch by mocking the installed package/package.json lookup (simulate
the node_modules resolution used by getProVersion/getProInfo, e.g., mock
whatever check your functions use—existsSync/require.resolve/path.join—to return
true for the npm package path and return a package.json with the expected
version/info), then assert that getProVersion() and getProInfo() prefer and
return the npm-installed package values instead of the submodule values.

---

36-39: Reset the fs mock implementations, not just call history.

jest.clearAllMocks() keeps the previous fs.existsSync/fs.readFileSync implementations alive, so these cwd/tmp-dir cases can become order-dependent. jest.resetAllMocks() or explicit mockReset() calls would keep each test isolated.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/pro/pro-detector.test.js` around lines 36 - 39, The tests use
beforeEach with jest.clearAllMocks(), which leaves mocked implementations like
fs.existsSync and fs.readFileSync intact and causes order-dependent failures;
update the beforeEach to fully reset mocks (e.g., use jest.resetAllMocks()
instead of jest.clearAllMocks()) or explicitly call mockReset() on the fs mocks
(reset fs.existsSync and fs.readFileSync) so each beforeEach starting at
process.chdir(originalCwd) runs with fresh mock implementations and no stale
state.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.aiox-core/cli/commands/pro/index.js:
- Around line 717-760: The call to await updatePro(...) can throw and is not
wrapped, so add a try/catch around the updatePro invocation (the block that
requires proUpdaterPath and calls updatePro with the options object and
onProgress) to catch runtime/validation errors; in the catch log a user-friendly
error via console.error (include error.message) and call process.exit(1), and
only call formatUpdateResult(result) and inspect result.success if updatePro
completed successfully (i.e., move those uses into the try block or guard them
by checking result exists).

In @.aiox-core/core/pro/pro-updater.js:
- Around line 363-369: In the no-update re-scaffold branch, replace the raw
projectRoot with the already-validated resolvedProjectRoot when calling
applyScaffoldStep so the code uses the normalized/verified path; update the call
that sets scaffolded (the applyScaffoldStep invocation) to pass
resolvedProjectRoot (not projectRoot) to ensure callers validated relative paths
cannot scaffold into a different path.
- Around line 386-393: The compatibility check only looks up
latest.peerDependencies['aiox-core'] so it misses scoped peer keys like
'@synkra/aiox-core'; update the logic in the block around
coreVersion/requiredCore (where requiredCore is currently assigned from
latest.peerDependencies?.['aiox-core']) to also check for
latest.peerDependencies?.['@synkra/aiox-core'] (e.g. choose the scoped value if
present or fallback to the unscoped one) before calling satisfiesPeer; keep the
rest of the flow the same (use includeCoreUpdate, satisfiesPeer, and set
result.error/result.actions when incompatible).

In `@bin/aiox.js`:
- Around line 347-370: The catch block for the pro update currently swallows
errors and only logs a warning, causing --include-pro to appear successful;
update the error handling around the require(proUpdaterPath) / updatePro(...)
call so that any thrown proError is logged with full details and then causes a
non-zero exit (e.g., call process.exit(1) or rethrow) when updateArgs includes
'--include-pro'; modify the catch that references proError to both console.error
the error (message and stack) and fail fast instead of continuing.

In `@docs/guides/pro/install-gate-setup.md`:
- Around line 56-60: The "Alternativa (instalacao manual)" section incorrectly
repeats the primary installer command ("npx aiox-pro install") and should either
be removed or replaced with a true manual-install fallback; update the
heading/text titled "Alternativa (instalacao manual)" to provide explicit manual
steps (for example: install the package via the package manager, pin a version,
and any required post-install configuration or flags), or delete the redundant
subsection so only the main install command remains; locate the section by the
heading "Alternativa (instalacao manual)" and the duplicate "npx aiox-pro
install" line and change the content to actual manual install guidance (package
install/pin and config steps) or remove it entirely.

In `@docs/stories/epic-123/STORY-123.1-pro-sync-automation.md`:
- Around line 34-39: The runbook lists the expected secret as
AIOX_CORE_SYNC_TOKEN but the referenced fallback workflow actually uses
PRO_SUBMODULE_TOKEN; update the document text so the "Segredo esperado no
`aiox-pro`" entry either names the correct primary secret and mentions
`PRO_SUBMODULE_TOKEN` as the documented fallback, or replace
AIOX_CORE_SYNC_TOKEN with PRO_SUBMODULE_TOKEN if that is the canonical name,
ensuring both `AIOX_CORE_SYNC_TOKEN` and `PRO_SUBMODULE_TOKEN` references in
this section match the authentication used by the fallback workflow.

In `@packages/installer/src/wizard/pro-setup.js`:
- Around line 1224-1237: The current selection of proSourceDir uses
npmProCandidates.find(p => fs.existsSync(p)) which can pick a stale/partial
package; update the selection logic so each candidate from npmProCandidates is
validated for both a package.json and the required 'squads' directory before
being chosen (e.g., check fs.existsSync(path.join(p, 'package.json')) &&
fs.existsSync(path.join(p, 'squads'))); keep the existing bundledProDir check
(fs.existsSync(bundledProDir) && fs.existsSync(path.join(bundledProDir,
'squads'))) and only fall back to a validated npmProCandidates entry when
bundledProDir is not valid, assigning the result to proSourceDir.

---

Nitpick comments:
In `@bin/utils/pro-detector.js`:
- Around line 95-107: The try/catch blocks around require(...) in
pro-detector.js are too broad and mask real errors; update both catches (the one
after using resolveNpmProPackage()/npmPro and the one after checking
PRO_PACKAGE_PATH/PRO_DIR) to only swallow errors whose code ===
'MODULE_NOT_FOUND' and rethrow any other error so initialization issues surface;
locate the require calls that use npmPro.packagePath and path.join(PRO_DIR,
moduleName) and change the catch logic to inspect err.code and only
return/fall-through for MODULE_NOT_FOUND, otherwise throw the caught error.

In `@docs/stories/epic-123/STORY-123.2-aiox-pro-alignment-and-update-flow.md`:
- Line 44: The sentence "Estado do npm em 2026-04-11: a conta local
`rafaelscosta` tem administração no org `@aios-fullstack`, mas não possui acesso
ao org `@aiox-fullstack`..." is account- and time-specific and should be removed
from the public story; replace it with a generic note such as "Verify package
publication permissions with the npm org owners" or move the detailed
account-specific info to an internal/team-only document (e.g., a private ops/or
permissions checklist) and add a short pointer in the story to that private doc;
update the story file (STORY-123.2-aiox-pro-alignment-and-update-flow.md) to use
the generic sentence or pointer and ensure no personal account names or dates
remain.

In `@tests/pro/pro-detector.test.js`:
- Around line 209-217: The tests only exercise the submodule path; update the
test(s) around getProVersion() and getProInfo() (including the other block at
lines 253-273) to also cover the npm-first branch by mocking the installed
package/package.json lookup (simulate the node_modules resolution used by
getProVersion/getProInfo, e.g., mock whatever check your functions
use—existsSync/require.resolve/path.join—to return true for the npm package path
and return a package.json with the expected version/info), then assert that
getProVersion() and getProInfo() prefer and return the npm-installed package
values instead of the submodule values.
- Around line 36-39: The tests use beforeEach with jest.clearAllMocks(), which
leaves mocked implementations like fs.existsSync and fs.readFileSync intact and
causes order-dependent failures; update the beforeEach to fully reset mocks
(e.g., use jest.resetAllMocks() instead of jest.clearAllMocks()) or explicitly
call mockReset() on the fs mocks (reset fs.existsSync and fs.readFileSync) so
each beforeEach starting at process.chdir(originalCwd) runs with fresh mock
implementations and no stale state.

In `@tests/pro/pro-updater.test.js`:
- Around line 185-190: The registry fixture used by mockRegistryResponse
currently sets peerDependencies['aiox-core'] only; add a scoped-peer case so the
mock also includes '@synkra/aiox-core' (e.g. peerDependencies: { 'aiox-core':
'>=5.0.0', '@synkra/aiox-core': '>=5.0.0' } or add a separate
mockRegistryResponse call that publishes '@synkra/aiox-core' with the same
version), so the pro-updater tests exercise detection of the renamed scoped
package; update the mockRegistryResponse invocation near the existing one in the
pro-updater.test.js suite to include the scoped package.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: feb2c613-9176-4eeb-92b1-2429528a7a27

📥 Commits

Reviewing files that changed from the base of the PR and between 50156ec and ee29cc0.

📒 Files selected for processing (20)

• .aiox-core/cli/commands/pro/index.js
• .aiox-core/core/pro/pro-updater.js
• .aiox-core/install-manifest.yaml
• .github/workflows/publish-pro.yml
• .github/workflows/sync-pro-submodule.yml
• README.en.md
• README.md
• bin/aiox.js
• bin/utils/pro-detector.js
• docs/guides/pro/install-gate-setup.md
• docs/stories/epic-123/STORY-123.1-pro-sync-automation.md
• docs/stories/epic-123/STORY-123.2-aiox-pro-alignment-and-update-flow.md
• package.json
• packages/aiox-pro-cli/bin/aiox-pro.js
• packages/installer/src/pro/pro-scaffolder.js
• packages/installer/src/wizard/i18n.js
• packages/installer/src/wizard/pro-setup.js
• pro
• tests/pro/pro-detector.test.js
• tests/pro/pro-updater.test.js

✅ Files skipped from review due to trivial changes (6)

• .github/workflows/publish-pro.yml
• pro
• README.md
• packages/installer/src/pro/pro-scaffolder.js
• packages/installer/src/wizard/i18n.js
• .github/workflows/sync-pro-submodule.yml

Review superseded: all CodeRabbit threads resolved and latest CodeRabbit checks passed.