fix: replace Bun.YAML with yaml package, fix Vite proxy, and improve CLAUDE.md formatting

[ghkim69]

Summary

Three changes found during local development.

Changes

1. Replace Bun.YAML with the yaml npm package

Files: packages/core/src/config/config-loader.ts, packages/workflows/src/loader.ts

Bun.YAML is not reliably available across all Bun versions and environments. The yaml package is already a project dependency and provides identical functionality with better cross-environment compatibility.

// Before
return Bun.YAML.parse(content);

// After
import { parse as yamlParse } from 'yaml';
return yamlParse(content);

2. Fix Vite dev proxy localhost → 127.0.0.1

File: packages/web/vite.config.ts

Node.js 17+ resolves localhost to ::1 (IPv6) by default, but Bun listens on 0.0.0.0 (IPv4 only). This causes ECONNREFUSED when Vite proxies API requests in a mixed Node.js/Bun dev setup.

// Before
target: `http://localhost:${apiPort}`

// After — explicit IPv4 avoids Node.js IPv6-first resolution
target: `http://127.0.0.1:${apiPort}`

3. Convert CLAUDE.md bold headers to proper markdown headings

File: CLAUDE.md

Converted section headers from **bold** style to proper markdown headings (### , ####) for better rendering in editors, GitHub, and documentation tools. Also renamed ### Testing → ### Verification Commands for clarity.

Content is unchanged — no principles added, removed, or modified. Includes the new "No Autonomous Lifecycle Mutation Across Process Boundaries" principle from upstream.

Testing

• YAML config loading and workflow loading work correctly with the yaml package
• Vite dev server proxies API requests without ECONNREFUSED
• bun run validate passes

Summary by CodeRabbit

• Chores
  • Switched YAML handling to a different parser across packages for more consistent parsing/serialization.
  • Updated dev server local API proxy to target the explicit loopback address for improved local compatibility.
• Documentation
  • Reformatted and reorganized the contributor guide for clearer headings, layout, and command-section structure.

[coderabbitai]

📝 Walkthrough

Walkthrough

Replaced Bun's YAML usage with the yaml npm package in two loader modules, changed the Vite dev server API proxy target from localhost to 127.0.0.1, and reformatted content and headers in CLAUDE.md (documentation-level edits).

Changes

Cohort / File(s)	Summary
YAML Parser Migration packages/core/src/config/config-loader.ts, packages/workflows/src/loader.ts	Replaced Bun.YAML.parse()/Bun.YAML.stringify() with yaml package parse/stringify (aliased as yamlParse/yamlStringify), updated imports and related comments. No API or control-flow changes.
Vite Proxy Configuration packages/web/vite.config.ts	Dev server proxy target changed from http://localhost:${apiPort} to http://127.0.0.1:${apiPort}; proxy behavior otherwise unchanged.
Documentation Formatting CLAUDE.md	Converted many bold labels into Markdown headers, added blank lines, renamed “Testing” to “Verification Commands”, adjusted code block language tag, and added/organized directory entries (formatting and structural documentation edits only).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibble through configs with a hop and a twirl,
Swapped Bun for yaml — see the new curl,
Localhost now hops to 127.0.0.1,
Docs tidied, headers shining like sun. 🥕✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete against the template. It lacks critical sections: UX Journey, Architecture Diagram, Label Snapshot, Change Metadata, Validation Evidence, Security Impact, Compatibility/Migration, Human Verification, Side Effects/Blast Radius, and Rollback Plan.	Complete the PR description by filling in all required template sections, especially Validation Evidence, Security Impact, Compatibility/Migration, Human Verification, Side Effects/Blast Radius, and Rollback Plan.
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the three main changes: replacing Bun.YAML with the yaml package, fixing the Vite proxy, and improving CLAUDE.md formatting.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

CLAUDE.md (1)

88-88: Optional: Remove adverb repetition.

The word "silently" appears twice in close proximity. Consider revising for clarity.

♻️ Suggested revision

-- Prefer throwing early with a clear error for unsupported or unsafe states — never silently swallow errors
-- Never silently broaden permissions or capabilities
+- Prefer throwing early with a clear error for unsupported or unsafe states — never swallow errors silently
+- Never broaden permissions or capabilities without explicit confirmation

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CLAUDE.md` at line 88, The sentence "Never silently broaden permissions or
capabilities" repeats the adverb nearby; replace it with a version that removes
the duplicated adverb, for example change the text to "Never broaden permissions
or capabilities without explicit notice" or "Do not broaden permissions or
capabilities silently" to eliminate the repeated "silently" while preserving
intent; locate the phrase "Never silently broaden permissions or capabilities"
and update it accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@CLAUDE.md`:
- Line 88: The sentence "Never silently broaden permissions or capabilities"
repeats the adverb nearby; replace it with a version that removes the duplicated
adverb, for example change the text to "Never broaden permissions or
capabilities without explicit notice" or "Do not broaden permissions or
capabilities silently" to eliminate the repeated "silently" while preserving
intent; locate the phrase "Never silently broaden permissions or capabilities"
and update it accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ddb428a9-1c61-4ef8-834a-44fecb0d6d5c

📥 Commits

Reviewing files that changed from the base of the PR and between 0eb0fba and 8af0271.

📒 Files selected for processing (1)

• CLAUDE.md

[Wirasm]

Related to #1107 — overlapping area or partial fix.