update Next.js to 16.2.1

[dimaMachina]

No description provided.

[changeset-bot]

🦋 Changeset detected

Latest commit: b4898fd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 10 packages

Name	Type
@inkeep/agents-manage-ui	Patch
@inkeep/agents-api	Patch
@inkeep/agents-cli	Patch
@inkeep/agents-core	Patch
@inkeep/agents-email	Patch
@inkeep/agents-mcp	Patch
@inkeep/agents-sdk	Patch
@inkeep/agents-work-apps	Patch
@inkeep/ai-sdk-provider	Patch
@inkeep/create-agents	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agents-api	Ready	Preview, Comment	Mar 22, 2026 9:47pm
agents-docs	Ready	Preview, Comment	Mar 22, 2026 9:47pm
agents-manage-ui	Ready	Preview, Comment	Mar 22, 2026 9:47pm

[pullfrog]

TL;DR — Bumps Next.js from ^16.1.6 to ^16.2.1 in both agents-docs and agents-manage-ui, renames PostCSS config files to .ts, cleans up stale entries in the agents-manage-ui files list, and updates coverage exclusion globs to match the new .ts config filenames.

Key changes

• Bump next to ^16.2.1 — Updates the Next.js dependency in agents-docs and agents-manage-ui to pick up the latest patch release.
• Rename PostCSS configs to TypeScript — agents-docs/postcss.config.js → postcss.config.ts and agents-manage-ui/postcss.config.mjs → postcss.config.ts (contents unchanged).
• Clean up agents-manage-ui files list — Removes stale tailwind.config.mjs entry and updates postcss.config.mjs → postcss.config.ts in the published files array.
• Update coverage.config.ts exclusion globs — Changes **/next.config.js → **/next.config.ts and **/postcss.config.js → **/postcss.config.ts so coverage correctly ignores the renamed config files.
• Add changeset for agents-manage-ui — Patch changeset documenting the Next.js upgrade.

_{Summary ｜ 7 files ｜ 5 commits ｜ base: main ← next-16.2.1}

Next.js version bump

Before: next pinned to ^16.1.6 in both apps
After: next pinned to ^16.2.1

The package.json version range is updated in both agents-docs and agents-manage-ui, with the corresponding pnpm-lock.yaml resolution changes.

agents-docs/package.json · agents-manage-ui/package.json · pnpm-lock.yaml

PostCSS config renames and files cleanup

Before: postcss.config.js (docs), postcss.config.mjs (manage-ui); tailwind.config.mjs listed in published files
After: Both use postcss.config.ts; stale tailwind.config.mjs removed from files

Next.js 16 natively supports TypeScript configuration files. This rename aligns both apps with that convention. The agents-manage-ui files array is also cleaned up — postcss.config.mjs becomes postcss.config.ts and the no-longer-existing tailwind.config.mjs entry is dropped.

agents-docs/postcss.config.ts · agents-manage-ui/postcss.config.ts · agents-manage-ui/package.json

Coverage exclusion globs updated for .ts configs

Before: **/next.config.js and **/postcss.config.js excluded from coverage
After: **/next.config.ts and **/postcss.config.ts excluded instead

The coverage config exclusion patterns in generateVitestCoverageConfig now match the renamed TypeScript config files, preventing them from appearing as uncovered in reports.

coverage.config.ts

  ^{｜ View workflow run ｜ Triggered by Pullfrog ｜ pullfrog.com ｜ 𝕏}

[pullfrog]

Clean, mechanical Next.js version bump from 16.1.6 to 16.2.1 across agents-docs and agents-manage-ui. Lockfile changes are purely resolution-string substitutions with one expected new transitive dep (baseline-browser-mapping@2.10.10). The postcss config renames (.js/.mjs → .ts) normalize file extensions with identical content. Changeset correctly scopes to @inkeep/agents-manage-ui (docs is in the ignore list). No issues found.

  ^{｜ View workflow run ｜ pullfrog.com ｜ 𝕏}

[claude]

PR Review Summary

(1) Total Issues | Risk: Medium

🟠⚠️ Major (1) 🟠⚠️

Inline Comments:

• 🟠 Major: agents-manage-ui/package.json:15 files array references postcss.config.mjs but file was renamed to postcss.config.ts

💭 Consider (1) 💭

💭 1) create-agents-template/ Template projects still use Next.js 16.1.6

Issue: The create-agents-template/apps/mcp/package.json and create-agents-template/apps/manage-ui/package.json still reference next: 16.1.6.

Why: New projects scaffolded from the template will start with an older Next.js version. This may be intentional if templates follow a separate release cadence, but worth considering for consistency.

Fix: Optionally update template projects to ^16.2.1 in a follow-up PR if templates should stay in sync with the main packages.

---

🚫 REQUEST CHANGES

Summary: The Next.js upgrade and PostCSS config TypeScript migration look good. The one blocking issue is that agents-manage-ui/package.json needs its files array updated to reference postcss.config.ts instead of the old postcss.config.mjs filename. This is a 1-click fix in the inline comment above.

Discarded (3)

Location	Issue	Reason Discarded
postcss.config.ts	PostCSS config should use .js extension not .ts	Invalid — project uses TypeScript configs consistently (next.config.ts exists), and Next.js 16+ supports .ts config files
.changeset/wet-bees-drive.md	Should include agents-docs in changeset	Invalid — agents-docs is private and in the ignored packages list per AGENTS.md
coverage.config.ts:156	References postcss.config.js glob	Invalid — this is a wildcard exclusion pattern (**/postcss.config.js) for coverage, not a direct file reference

Reviewers (2)

Reviewer	Returned	Main Findings	Consider	While You're Here	Inline Comments	Pending Recs	Discarded
pr-review-devops	1	0	0	0	1	0	0
pr-review-standards	4	0	1	0	0	0	3
Total	5	0	1	0	1	0	3

[claude]

PR Review Summary

(0) Total Issues | Risk: Low

This is a re-review following PR synchronization. The prior blocking issue has been resolved:

Prior Issue	Status
files array referenced postcss.config.mjs after rename to .ts	✅ Fixed via 4a5e37d

✅ What's Changed (Clean)

1. Next.js ^16.1.6 → ^16.2.1 in agents-docs and agents-manage-ui — patch release bump
2. PostCSS config TypeScript migration — .js/.mjs → .ts (aligns with Next.js 16's native TS config support)
3. tailwind.config.mjs removed from files array — correct for Tailwind CSS v4 which doesn't require a separate config file
4. Changeset correctly scopes to @inkeep/agents-manage-ui (docs is private/ignored)
5. Lockfile shows expected transitive dependency updates

💭 Consider (from prior review)

The create-agents-template/ still uses Next.js 16.1.6 — this can be addressed in a follow-up if templates should stay in sync with main packages.

---

✅ APPROVE

Summary: Clean, mechanical Next.js version bump with proper PostCSS config migration to TypeScript. Prior blocking issue resolved. Ship it! 🚀

Reviewers (0)

Reviewer	Returned	Main Findings	Consider	While You're Here	Inline Comments	Pending Recs	Discarded
—	—	—	—	—	—	—	—

Note: Re-review — no sub-agents dispatched as prior issues resolved and no new changes requiring deep review.

[claude]

PR Review Summary

(0) Total Issues | Risk: Low

This is a delta re-review scoped to changes since the last automated review (4a5e37d).

Delta Changes Reviewed

File	Change	Assessment
coverage.config.ts:154-155	Updated glob patterns **/next.config.js → **/next.config.ts and **/postcss.config.js → **/postcss.config.ts	✅ Correct — aligns coverage exclusions with actual file extensions after config migration

This is a mechanical follow-up to the PostCSS config TypeScript migration that was already reviewed and approved.

---

✅ APPROVE

Summary: Clean delta — coverage exclusion patterns correctly updated to match the .ts config file extensions. Ready to merge! 🚀

Reviewers (0)

Reviewer	Returned	Main Findings	Consider	While You're Here	Inline Comments	Pending Recs	Discarded
—	—	—	—	—	—	—	—

Note: Delta re-review — trivial 2-line change to glob patterns required no sub-agent dispatch.

[github-actions]

🔎💬 Inkeep AI search and chat service is syncing content for source 'Inkeep Agent Framework Docs'

[itoqa]

Ito Test Report ❌

17 test cases ran. 1 failed, 16 passed.

Across 17 executed test cases, 16 passed and 1 failed, showing strong stability across Manage and Docs coverage including login/auth redirects, returnUrl sanitization and invitation precedence, open-redirect and rapid-submit abuse handling, tenant-path isolation, docs slug/404 recovery, styling compilation, and docs API/OpenGraph/text utility routes.
The only failure was a minor but deterministic docs-home analytics defect: when NEXT_PUBLIC_POSTHOG_KEY is unset, client code initializes PostHog with an empty token and logs “PostHog was initialized without a token” on page load, which does not block content but pollutes runtime monitoring and is confirmed by code review as a pre-existing client-side guard gap (server-side analytics already guards this case).

❌ Failed (1)

Category	Summary	Screenshot
Happy-path	🟡 Docs home mounts PostHog client init with an empty-token fallback, producing runtime console errors when key is unset.

🟡 Docs home route renders with structured layout

• What failed: The app initializes PostHog with '' when the key is missing, and runtime logs PostHog was initialized without a token instead of safely skipping client analytics initialization.
• Impact: Users still see content, but every affected page load emits an avoidable runtime error that pollutes monitoring and can mask real client-side issues. This also indicates analytics initialization is misconfigured in default/local missing-key scenarios.
• Introduced by this PR: No – pre-existing bug (code not changed in this PR)
• Steps to reproduce:
  1. Ensure NEXT_PUBLIC_POSTHOG_KEY is unset in the docs runtime environment.
  2. Open http://localhost:3010/ and allow the page layout to mount.
  3. Inspect browser console and observe the PostHog initialization error about missing token.
• Code analysis: I inspected docs analytics bootstrap and layout wiring. Client instrumentation always calls posthog.init with an empty-string fallback, and the provider import/mount path ensures this executes on docs home render. In contrast, server analytics code already guards on missing key, which reinforces that the client path is missing an equivalent safety check.
• Why this is likely a bug: Production client code deterministically executes posthog.init('') when the key is absent, which directly causes the observed runtime error and should be guarded like the server path.

Relevant code:

agents-docs/src/instrumentation-client.ts (lines 5-12)

if (typeof window !== 'undefined') {
  posthog.init(process.env.NEXT_PUBLIC_POSTHOG_KEY || '', {
    api_host: process.env.NEXT_PUBLIC_POSTHOG_HOST || 'https://us.i.posthog.com',
    capture_pageview: false,
    person_profiles: 'always',
    disable_surveys: true,
    disable_external_dependency_loading: true,
    loaded: (posthog) => {

agents-docs/src/lib/analytics/posthog-provider.tsx (lines 6-9)

import '@/instrumentation-client';

export function PostHogProvider({ children }: { children: ReactNode }) {
  return <PHProvider client={posthog}>{children}</PHProvider>;
}

agents-docs/src/lib/analytics/posthog-server.ts (lines 8-15)

if (process.env.NODE_ENV === 'test' || !process.env.NEXT_PUBLIC_POSTHOG_KEY) {
  console.log(`[PostHog Server] Skipping event capture: ${event} (${distinctId})`);
  return;
}

try {
  const posthog = new PostHog(process.env.NEXT_PUBLIC_POSTHOG_KEY, {
    host: process.env.NEXT_PUBLIC_POSTHOG_HOST || 'https://us.i.posthog.com',

✅ Passed (16)

Category	Summary	Screenshot
Adversarial	Open-redirect payload variants were blocked; navigation remained on localhost with no script/dialog execution.
Adversarial	Ten rapid login submits converged to one stable authenticated transition without crash behavior.
Adversarial	Oversized email/password submission returned a safe text error and the login UI remained stable.
Adversarial	Tenant path tampering rendered a controlled empty Projects view with no cross-tenant data exposure.
Edge	Unknown docs slug returned a controlled 404 page and back navigation recovered to the prior docs page.
Edge	External returnUrl input was sanitized and post-login navigation stayed on internal /default/projects.
Edge	Root redirect interruption recovered to /default/projects without persistent spinner or crash.
Edge	Docs OpenGraph image endpoint returned HTTP 200 image responses with non-empty bodies on repeated calls.
Logic	Login UI rendered with non-default computed Tailwind styles, confirming active style compilation.
Logic	Docs prose, sidebar/top nav, and TOC styling rendered as expected, indicating styles compiled and applied correctly.
Logic	Search endpoint returned HTTP 200 with parseable JSON for both baseline and query requests.
Happy-path	Root route consistently resolved to an allowed destination (/login) and stayed stable after reload.
Happy-path	Seeded admin login completed and redirected to /default/projects with interactive UI and no client error banner.
Happy-path	Root URL with both invitation and returnUrl consistently resolved to the invitation acceptance route on first and repeat attempts.
Happy-path	Quick-start docs route rendered correctly and preserved the same slug after refresh without blank or error state.
Happy-path	Slug-based llms text routes returned expected content, and /llms.mdx root 404 aligned with route design.

Commit: b4898fd

View Full Run

---

Tell us how we did: Give Ito Feedback