Add RSC upgrade guide for existing Pro apps#2830
Conversation
Adds a dedicated doc page covering the standalone `rails g react_on_rails:rsc` workflow for existing Pro applications, including: - Prerequisites and version checks - Generator runbook (what it creates and modifies) - Legacy vs current serverWebpackConfig.js export shapes - Verification checklist (build, manifest, route, page render) - Troubleshooting section Cross-references added to RSC index and migration hub pages. Closes #2425 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughAdds a new Pro-focused runbook "Upgrading an Existing Pro App to RSC", links it from the Pro RSC index and OSS migration page, and documents prerequisites, generator usage ( Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Greptile SummaryThis PR adds a new dedicated guide ( The documentation is thorough: it covers prerequisites, generator usage, legacy vs. current webpack export-shape compatibility, a step-by-step verification checklist, and a troubleshooting section. The webpack compatibility details and the "What the Generator Modifies" table are accurate against However, the "What the Generator Creates" table contains incorrect component file paths. The generator (
Confidence Score: 4/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Start: Existing Pro App] --> B{Prerequisites met?\nRoR Pro 4+, React 19.0.x,\nNodeRenderer, Node 20+}
B -- No --> C[Fix prerequisites\ne.g. upgrade React, install Pro gem]
C --> B
B -- Yes --> D[rails generate react_on_rails:rsc]
D --> E[Generator creates files\nrscWebpackConfig.js\nHelloServer components\nController + View]
D --> F[Generator modifies configs\nserverWebpackConfig.js\nclientWebpackConfig.js\nServerClientOrBoth.js\nProcfile.dev + routes.rb]
E & F --> G[Step 2: Legacy webpack compat\nauto-handled by rscWebpackConfig.js]
G --> H[Step 3: Verify setup]
H --> H1[Build check\nbin/shakapacker x3 bundles]
H --> H2[Manifest files check\nreact-client-manifest.json]
H --> H3[Route check\ngrep rsc_payload in routes]
H --> H4[Page render check\nvisit slash hello_server]
H --> H5[Procfile check\n5 processes + RSC watcher]
H1 & H2 & H3 & H4 & H5 --> I{All checks pass?}
I -- No --> J[Troubleshooting\nMissing Pro gem / React mismatch\nManifest missing / Deadlock]
J --> H
I -- Yes --> K[Infrastructure ready!\nProceed to React-side migration]
Reviews (1): Last reviewed commit: "Add RSC upgrade guide for existing Pro a..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
docs/pro/react-server-components/upgrading-existing-pro-app.md (1)
24-26: Use package-manager-agnostic install commands in end-user docs.Line 25 and Line 203 currently use pnpm-only install commands. Please add npm and yarn equivalents alongside pnpm for consistency with docs conventions.
Suggested doc edit
-```bash -pnpm add react@~19.0.4 react-dom@~19.0.4 -``` +```bash +# pnpm +pnpm add react@~19.0.4 react-dom@~19.0.4 +# yarn +yarn add react@~19.0.4 react-dom@~19.0.4 +# npm +npm install react@~19.0.4 react-dom@~19.0.4 +``` ... -- **Missing `react-on-rails-rsc` package**: Run `pnpm add react-on-rails-rsc` +- **Missing `react-on-rails-rsc` package**: + - pnpm: `pnpm add react-on-rails-rsc` + - yarn: `yarn add react-on-rails-rsc` + - npm: `npm install react-on-rails-rsc`Based on learnings: In all end-user documentation under docs/, ensure package-manager-agnostic installation instructions include npm, yarn, and pnpm.
Also applies to: 203-204
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/pro/react-server-components/upgrading-existing-pro-app.md` around lines 24 - 26, Update the two pnpm-only installation snippets in docs/pro/react-server-components/upgrading-existing-pro-app.md so they are package-manager-agnostic: replace the single-line occurrences of "pnpm add react@~19.0.4 react-dom@~19.0.4" and "pnpm add react-on-rails-rsc" with grouped examples showing pnpm, yarn, and npm equivalents (e.g., add sections for "pnpm", "yarn", and "npm" with the appropriate commands: pnpm add ..., yarn add ..., npm install ...), ensuring both places in the file (the react/react-dom install block and the missing react-on-rails-rsc note) follow this same pattern.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@docs/pro/react-server-components/upgrading-existing-pro-app.md`:
- Around line 24-26: Update the two pnpm-only installation snippets in
docs/pro/react-server-components/upgrading-existing-pro-app.md so they are
package-manager-agnostic: replace the single-line occurrences of "pnpm add
react@~19.0.4 react-dom@~19.0.4" and "pnpm add react-on-rails-rsc" with grouped
examples showing pnpm, yarn, and npm equivalents (e.g., add sections for "pnpm",
"yarn", and "npm" with the appropriate commands: pnpm add ..., yarn add ..., npm
install ...), ensuring both places in the file (the react/react-dom install
block and the missing react-on-rails-rsc note) follow this same pattern.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 37dcba5f-7e93-4883-a486-7883d64e2c2d
📒 Files selected for processing (3)
docs/oss/migrating/migrating-to-rsc.mddocs/pro/react-server-components/index.mddocs/pro/react-server-components/upgrading-existing-pro-app.md
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 73a37b118b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
|
Good addition - overall structure is solid. Two issues need fixing before merge. (1) Wrong file paths in the 'What the Generator Creates' table - verified against rsc_setup.rb lines 193-218, files actually go under app/javascript/src/HelloServer/ not client/app/components/, and the ror_components/HelloServer.jsx entry-point file is missing from the table entirely - see inline suggestion. (2) CVE-2026-23864 has a 2026 year prefix which is unusual for an existing library, please verify all three CVE IDs are real before merging or replace with release note links. Nit: install commands on lines 25 and 203 are pnpm-only, other docs show all three package managers. |
- Fix Pro gem version requirement: v16.4.0+ (not v4.0.0+)
- Fix base gem version requirement: v16.4.0+ (not v16.0.0+)
- Fix component file paths to match actual generator output:
app/javascript/src/HelloServer/{ror_components,components}/
not client/app/components/
- Add missing ror_components/HelloServer.jsx entry-point file
- Update webpack section headers to use actual gem versions
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Pro apps only have react_on_rails_pro, not the separate base gem. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
| pnpm add react@~19.0.4 react-dom@~19.0.4 | ||
| ``` | ||
|
|
||
| > **React 19.0.4+** is recommended. Earlier 19.0.x versions (19.0.0--19.0.3) have known security vulnerabilities (CVE-2025-55182, CVE-2025-67779, CVE-2026-23864). |
There was a problem hiding this comment.
The CVE IDs here (and in the source rsc_setup.rb:90) appear inconsistent with what's documented in the 16.2.0 release notes.
Release notes at docs/oss/upgrading/release-notes/16.2.0.md list:
- CVE-2025-55183 – source code exposure when server function references were stringified
- CVE-2025-55184 – DoS via cyclic promise references (infinite loops)
- CVE-2025-67779 – DoS via cyclic promise references (100% CPU)
This doc (and the generator) references CVE-2025-55182 and CVE-2026-23864, which don't appear in the release notes, while CVE-2025-55183 and CVE-2025-55184 do. The one-digit difference between 55182 vs 55183/55184 looks like the IDs may have been fabricated or transcribed incorrectly.
Please cross-check these IDs against the actual React advisories (e.g., GitHub Security Advisories for the react package) and fix both this file and react_on_rails/lib/generators/react_on_rails/rsc_setup.rb:90.
| | ------------------------ | -------------------------------------------------------------------- | --------------------------------- | | ||
| | React on Rails Pro gem | `bundle show react_on_rails_pro` | v16.4.0+ | | ||
| | React on Rails Pro npm | `pnpm list react-on-rails-pro` | Matches gem version | | ||
| | React version | `pnpm list react` | 19.0.x (19.1.x not yet supported) | |
There was a problem hiding this comment.
pnpm list react without --depth=0 (or --depth 0) will enumerate all transitive dependencies that match "react" (e.g., react-dom, react-is, etc.), making it hard to spot the top-level version. Suggest:
| | React version | `pnpm list react` | 19.0.x (19.1.x not yet supported) | | |
| | React version | `pnpm list --depth=0 react` | 19.0.x (19.1.x not yet supported) | |
Same applies to the react-dom and react-on-rails-pro rows below.
The CVE-2026-23864 ID has a suspicious year prefix. Replace all three inline CVE references with a link to the v16.2.0 release notes which documents the actual vulnerabilities. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Review: Add RSC upgrade guide for existing Pro appsGood addition to the docs — the guide is well-structured, covers the right scope (infrastructure only, with cross-refs to component migration guides), and the webpack export compatibility section is particularly useful for legacy apps. Two issues worth fixing before merge: 1. CVE IDs may be incorrect (also affects
|
Review: RSC Upgrade Guide |
| pnpm add react@~19.0.4 react-dom@~19.0.4 | ||
| ``` | ||
|
|
||
| > **React 19.0.4+** is recommended. Earlier 19.0.x versions (19.0.0--19.0.3) have known security vulnerabilities — see the [v16.2.0 release notes](../../oss/upgrading/release-notes/16.2.0.md) for details. |
There was a problem hiding this comment.
The CVE list here doesn't match the CHANGELOG. The CHANGELOG (line 352) documents these CVEs fixed in 19.0.3/19.0.4:
- CVE-2025-55182 ✓
- CVE-2025-55183 (missing here)
- CVE-2025-55184 (missing here)
- CVE-2025-67779 ✓
CVE-2026-23864 doesn't appear anywhere else in the repo docs or CHANGELOG. It looks like it was copied from rsc_setup.rb line 90, which has the same discrepancy. Both this doc and rsc_setup.rb should be updated to match the CHANGELOG.
| > **React 19.0.4+** is recommended. Earlier 19.0.x versions (19.0.0--19.0.3) have known security vulnerabilities — see the [v16.2.0 release notes](../../oss/upgrading/release-notes/16.2.0.md) for details. | |
| > **React 19.0.4+** is recommended. Earlier 19.0.x versions (19.0.0–19.0.3) have known security vulnerabilities (CVE-2025-55182, CVE-2025-55183, CVE-2025-55184, CVE-2025-67779). |
| // config/webpack/serverWebpackConfig.js | ||
| module.exports = configureServer; | ||
| ``` | ||
|
|
||
| And `ServerClientOrBoth.js` imports directly: | ||
|
|
||
| ```js | ||
| const serverWebpackConfig = require('./serverWebpackConfig'); |
There was a problem hiding this comment.
This section is contradictory. The prerequisite table (line 15) and this paragraph say apps on pre-v16.4.0 "must upgrade to v16.4.0+ before adding RSC", yet the very next section ("How the RSC Config Handles Both") documents a fallback that makes the legacy export shape work without upgrading.
Consider either:
- Removing the "These apps must upgrade" sentence, since the fallback handles it automatically, or
- Clarifying what specifically requires v16.4.0+ (the gem API for RSC features themselves, not the webpack export shape). The export-shape compatibility is a nice-to-know but the gem version is the hard requirement.
This conflation will confuse users trying to follow the upgrade path.
|
|
||
| ### Legacy Export Shape (pre-v16.4.0) | ||
|
|
||
| Older Pro apps or apps upgraded from OSS export a plain function. These apps must upgrade to v16.4.0+ before adding RSC (see [Prerequisites](#prerequisites)): |
There was a problem hiding this comment.
The statement "These apps must upgrade to v16.4.0+ before adding RSC" is technically about the gem version, but the paragraph immediately goes on to show the legacy webpack export shape — implying that upgrading the gem resolves the issue. It doesn't: upgrading the gem doesn't touch serverWebpackConfig.js in the app repo. A reader may conclude this section is irrelevant after upgrading.
Suggest making the distinction explicit, e.g.:
Older Pro apps that were generated before v16.4.0 export a plain function. After you upgrade the gem to v16.4.0+ (required by the Prerequisites), your
serverWebpackConfig.jsmay still have the old export shape — upgrading the gem does not automatically rewrite that file. The RSC generator handles both shapes, so no manual migration ofserverWebpackConfig.jsis required.
| If React is below 19.0.x, upgrade it first: | ||
|
|
||
| ```bash | ||
| pnpm add react@~19.0.4 react-dom@~19.0.4 |
There was a problem hiding this comment.
The prerequisites table uses pnpm list for version checks and this code block uses pnpm add, but the generator itself (rsc_setup.rb:80,87) emits npm install in its warning messages. A user following the doc and then triggering a generator warning will see different package manager commands.
Consider either noting at the top of the Prerequisites section that commands assume pnpm (and linking to equivalent npm/yarn commands), or aligning with npm install to match what the generator outputs.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: aba53191bc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| Verify these files exist in your webpack output directory (typically `public/webpack/production/` or `public/webpack/development/`): | ||
|
|
||
| - [ ] `rsc-bundle.js` -- the RSC bundle | ||
| - [ ] `react-client-manifest.json` -- maps client component references to browser chunks | ||
| - [ ] `react-server-client-manifest.json` -- maps client component references for SSR |
There was a problem hiding this comment.
This verification step says all three artifacts should be under public/webpack/..., but in the default generated setup rsc-bundle.js and react-server-client-manifest.json are produced/read from the server bundle output path (ssr-generated/private_output_path), not the public webpack directory. The mismatch will cause valid upgrades to look broken when users can only find react-client-manifest.json in public/webpack.
Useful? React with 👍 / 👎.
Review: RSC Upgrade GuideDocumentation quality is solid overall — structure is clear, the Must-FixUnverifiable CVE IDs (line 27) The note references
Should-Fixpnpm-only install commands (lines 24–25 and 203–204, prerequisites table) This was already flagged by CodeRabbit on the first commit but was not addressed in the follow-up commit. Other docs under Verified correct
|
| pnpm add react@~19.0.4 react-dom@~19.0.4 | ||
| ``` | ||
|
|
||
| > **React 19.0.4+** is recommended. Earlier 19.0.x versions (19.0.0--19.0.3) have known security vulnerabilities — see the [v16.2.0 release notes](../../oss/upgrading/release-notes/16.2.0.md) for details. |
There was a problem hiding this comment.
These CVE IDs need verification before this doc is published. CVE-2025-55182 and CVE-2025-67779 have sequence numbers (55,182 and 67,779) that are implausibly high for 2025 — MITRE assigned roughly 40,000 CVEs in all of 2024. They are very likely hallucinated identifiers that will return no results on NVD or GHSA, which will erode reader trust.
Suggested fix: drop the parenthetical CVE list and link to the React 19.0.4 release notes instead:
| > **React 19.0.4+** is recommended. Earlier 19.0.x versions (19.0.0--19.0.3) have known security vulnerabilities — see the [v16.2.0 release notes](../../oss/upgrading/release-notes/16.2.0.md) for details. | |
| > **React 19.0.4+** is recommended. Earlier 19.0.x versions (19.0.0–19.0.3) contain known security fixes included in 19.0.4 — see the [React 19.0.4 release notes](https://github.com/facebook/react/releases/tag/v19.0.4) for details. |
| ```bash | ||
| pnpm add react@~19.0.4 react-dom@~19.0.4 | ||
| ``` |
There was a problem hiding this comment.
pnpm-only. Other docs in this repo show all three package managers. Flagged by CodeRabbit on the previous commit but not yet addressed.
| ```bash | |
| pnpm add react@~19.0.4 react-dom@~19.0.4 | |
| ``` | |
| ```bash | |
| # pnpm | |
| pnpm add react@~19.0.4 react-dom@~19.0.4 | |
| # yarn | |
| yarn add react@~19.0.4 react-dom@~19.0.4 | |
| # npm | |
| npm install react@~19.0.4 react-dom@~19.0.4 |
|
|
||
| If the RSC bundle build fails but server and client builds succeed, the issue is likely in `rscWebpackConfig.js`. Common causes: | ||
|
|
||
| - **Missing `react-on-rails-rsc` package**: Run `pnpm add react-on-rails-rsc` |
There was a problem hiding this comment.
Same pnpm-only issue in the troubleshooting section.
| - **Missing `react-on-rails-rsc` package**: Run `pnpm add react-on-rails-rsc` | |
| - **Missing `react-on-rails-rsc` package**: Install it with your package manager — `pnpm add react-on-rails-rsc` / `yarn add react-on-rails-rsc` / `npm install react-on-rails-rsc` |
## Summary - Stamp `### [16.5.0.rc.0]` version header with today's date - Add 10 new changelog entries for PRs merged since v16.4.0 - Fix incomplete PR 2818 entry (missing author link) ### New entries added **Added:** - `create-react-on-rails-app --pro` support (PR 2818) - Global prerender env override `REACT_ON_RAILS_PRERENDER_OVERRIDE` (PR 2816) - `react_on_rails:sync_versions` rake task (PR 2797) - Pro/RSC setup checks in `react_on_rails:doctor` (PR 2674) **Changed:** - [Pro] Canonical env var for worker count is now `RENDERER_WORKERS_COUNT` (PR 2611) **Improved:** - Smoother `create-react-on-rails-app` and install generator flows (PR 2650) - Pro upgrade hint after install (PR 2642) **Fixed:** - Preserve runtime env vars across `Bundler.with_unbundled_env` (PR 2836) - Fix doctor prerender check and ExecJS display for Pro/RSC apps (PR 2773) - Fix doctor false positives for custom layouts (PR 2612) ### Skipped PRs (not user-visible) Docs-only: #2845, #2842, #2826, #2830, #2820, #2809, #2803, #2785, #2801, #2791, #2789, #2788, #2772, #2778, #2780, #2784, #2671, #2676, #2662, #2657, #2669 CI/internal tooling: #2825, #2817, #2819, #2812, #2815, #2810, #2808, #2807, #2634, #2798, #2761, #2760, #2658, #2639, #2667, #2656 ## Test plan - [x] Verified version header and diff links are correct - [x] Verified all entries follow changelog formatting conventions - [x] Verified file ends with newline - [ ] After merge, run `rake release` to publish 16.5.0.rc.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Documentation-only change updating `CHANGELOG.md` with a new `16.5.0.rc.0` section and compare links; no runtime code is modified. > > **Overview** > Adds a new `16.5.0.rc.0` (2026-03-25) section to `CHANGELOG.md`, consolidating recent PR entries under **Added/Changed/Improved/Fixed** and correcting the previously incomplete `--pro` CLI entry author attribution. > > Updates the bottom compare links so `[unreleased]` now compares from `v16.5.0.rc.0` and adds a link definition for `[16.5.0.rc.0]`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 481a71c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes - v16.5.0.rc.0 * **New Features** * Added sync_versions task for streamlined version management * Expanded doctor checks for Pro and RSC support * **Improvements** * Enhanced generator workflow and Pro upgrade guidance * Improved environment variable handling and preservation * **Bug Fixes** * Fixed detection issues with doctor tools and ExecJS/prerender functionality <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
1 participant
Summary
rails g react_on_rails:rscgenerator workflow with prerequisites, version checks, and a step-by-step runbookmodule.exports = configureServer) and current (module.exports = { default: configureServer, extractLoader }) webpack export shapes and how the RSC config handles bothdocs/pro/react-server-components/index.md: new "Upgrading an Existing Pro App?" sectiondocs/oss/migrating/migrating-to-rsc.md: link in Related GuidesCloses #2425
Test plan
rsc_setup.rb🤖 Generated with Claude Code
Note
Low Risk
Low risk because this PR only updates documentation and cross-links, with no runtime or build logic changes.
Overview
Adds a new Pro documentation page,
upgrading-existing-pro-app.md, that provides a generator-based runbook for enabling RSC in an existing React on Rails Pro app (prerequisites,rails g react_on_rails:rsc, legacy webpack export shape notes, verification checklist, and troubleshooting).Updates the RSC docs index and the OSS RSC migration hub to link to this new upgrade guide and clarify the distinction between infrastructure upgrade vs React component migration guidance.
Written by Cursor Bugbot for commit aba5319. This will update automatically on new commits. Configure here.
Summary by CodeRabbit