chore: sync plus with upstream main (conflicts)

[riderx]

Merge Conflict Resolution Required

The automatic sync of the plus branch with upstream main encountered merge conflicts.

What happened

• Claude Code attempted to resolve the merge conflicts
• The workflow created this PR so CI and manual review can finish the merge safely

Action needed: Review the branch and resolve any remaining concerns before merging.

---

This PR was created automatically by the Capacitor+ sync workflow

Summary by CodeRabbit

• Bug Fixes

  • Fixed CLI CocoaPods/SPM plugin file copying behavior
  • Resolved SystemBars padding issue on Android API ≤ 34

• Chores

  • Updated version to 8.3.3 across core packages (Android, iOS, CLI, Core)
  • Updated package metadata and branding information
  • Refreshed changelogs with latest release information

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eslint@​8.57.1
	lerna@​7.4.2
	eslint-plugin-import@​2.32.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm es-abstract is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/eslint-plugin-import@2.32.0 → npm/es-abstract@1.24.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm kind-of is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/lerna@7.4.2 → npm/kind-of@6.0.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/kind-of@6.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR migrates the monorepo from @capacitor-plus scoped packages back to @capacitor scoped packages and reduces the version from 8.3.4 to 8.3.3. Package metadata, release notes across all modules (android, cli, core, ios), and a conditional native file copying behavior for SPM builds are updated to complete the rebranding.

Changes

Package Rebranding and Version Rollback

Layer / File(s)	Summary
Root Package Version Synchronization lerna.json	Root version updated from 8.3.4 to 8.3.3 to establish the coordinated version for the monorepo.
Package Identity and Metadata Updates android/package.json, cli/package.json, core/package.json, ios/package.json	All package metadata switched from @capacitor-plus/* to @capacitor/*, versions set to 8.3.3, and descriptive fields (description, homepage, author) updated from Capgo to Ionic branding.
Release Documentation and Changelog Updates CHANGELOG.md, android/CHANGELOG.md, cli/CHANGELOG.md, core/CHANGELOG.md, ios/CHANGELOG.md	Changelog entries restructured to remove 8.3.4 capacitor-plus releases and add 8.3.3 capacitor releases with ionic-team compare links; bug-fix and version-bump-only notes updated for each platform.
Native File Copying Conditional for SPM cli/src/ios/update.ts	The plugin native file skip condition now requires isSPM to be true, so non-SPM package managers will continue copying native files for plugins marked with platformTag.$?.package.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

A rabbit hops through the monorepo,
Rebranding packages old to new,
From Cap-go to Ionic, the banners do flow,
With versions aligned and SPM made true,
Each changelog sings of this grand debut! 🐰✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'chore: sync plus with upstream main (conflicts)' accurately describes the main objective: syncing the plus branch with upstream main while managing merge conflicts.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sync/plus-upstream-20260512-060312

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

ios/package.json (1)

2-30: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Align peerDependencies scope with package name.

The package @capacitor/ios declares both @capacitor-plus/core and @capacitor/core as peer dependencies, creating a mixed scope contract. Since the package is scoped as @capacitor, remove the @capacitor-plus/core dependency to avoid forcing consumers to install both core packages.

Suggested fix

   "peerDependencies": {
-    "@capacitor-plus/core": "^8.3.0",
     "@capacitor/core": "^8.3.0"
   },

Note: The same issue exists in android/package.json and should be fixed there as well.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ios/package.json` around lines 2 - 30, The peerDependencies block in
ios/package.json mixes scopes by including "@capacitor-plus/core" alongside the
scoped package "@capacitor/ios"; remove the "@capacitor-plus/core" entry from
the "peerDependencies" object so the package only requires "@capacitor/core"
(ensure the version string stays consistent, e.g., "^8.3.0"), and apply the same
removal to android/package.json's peerDependencies to keep scope contracts
consistent.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@android/package.json`:
- Around line 2-6: package.json still lists a peer dependency on
"@capacitor-plus/core" which is inconsistent with the package's "name":
"@capacitor/android"; open package.json, locate the "peerDependencies" object
and remove the "@capacitor-plus/core" entry (or replace it with the correct
"@capacitor/core" if you intend to require the official core), then update any
related code/comments referencing "@capacitor-plus/core" and run the package
install/tests to verify there are no unresolved peer-dependency references.

In `@CHANGELOG.md`:
- Around line 6-26: The PR manually added release sections (e.g., headers "##
[8.3.3]" and "## [8.3.2]") causing duplicate entries in CHANGELOG.md; remove the
manual edits to those release blocks and any duplicated lines you added, then
regenerate the changelog via the project's release automation or revert the
CHANGELOG.md changes in this branch so CI can update it automatically; look for
the headers "## [8.3.3]" and "## [8.3.2]" and delete the duplicated blocks
introduced by this commit.

In `@cli/package.json`:
- Around line 2-6: The package.json has inconsistent identity fields: "name",
"author", and "homepage" (e.g., "name": "@capacitor/cli", "author": "Ionic
Team", "homepage") conflict with "repository" and "bugs" pointing to
"https://github.com/Cap-go/capacitor-plus.git"; decide which identity to publish
under and make fields consistent — either update "repository" and "bugs" to the
official Capacitor repo/issue URL if this is intended to be the official
`@capacitor` packages, or change "name", "author", and "homepage" (and the
matching entries in the other workspace packages like "@capacitor/android",
"@capacitor/core", "@capacitor/ios") to reflect Cap-go ownership; ensure the
"name", "author", "homepage", "repository", and "bugs" entries in package.json
are all aligned before merging/publishing.

---

Outside diff comments:
In `@ios/package.json`:
- Around line 2-30: The peerDependencies block in ios/package.json mixes scopes
by including "@capacitor-plus/core" alongside the scoped package
"@capacitor/ios"; remove the "@capacitor-plus/core" entry from the
"peerDependencies" object so the package only requires "@capacitor/core" (ensure
the version string stays consistent, e.g., "^8.3.0"), and apply the same removal
to android/package.json's peerDependencies to keep scope contracts consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5e71537a-592d-4f8b-867c-75bb2e41e1ea

📥 Commits

Reviewing files that changed from the base of the PR and between f3aefab and 51413d0.

📒 Files selected for processing (11)

• CHANGELOG.md
• android/CHANGELOG.md
• android/package.json
• cli/CHANGELOG.md
• cli/package.json
• cli/src/ios/update.ts
• core/CHANGELOG.md
• core/package.json
• ios/CHANGELOG.md
• ios/package.json
• lerna.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Find package manifests and show peerDependency references around capacitor scopes
fd -i package.json | xargs rg -n -C2 '"(`@capacitor-plus/core`|@capacitor/core)"'

Repository: Cap-go/capacitor-plus

Length of output: 797

---

Remove @capacitor-plus/core from peer dependencies to align with renamed package identity.

After renaming to @capacitor/android, the peer dependency on @capacitor-plus/core creates an inconsistent install contract. Consumers will be forced to resolve an unnecessary fork-only package despite the primary package using the @capacitor scope.

Suggested fix

   "peerDependencies": {
-    "@capacitor-plus/core": "^8.3.0",
     "@capacitor/core": "^8.3.0"
   },

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@android/package.json` around lines 2 - 6, package.json still lists a peer
dependency on "@capacitor-plus/core" which is inconsistent with the package's
"name": "@capacitor/android"; open package.json, locate the "peerDependencies"
object and remove the "@capacitor-plus/core" entry (or replace it with the
correct "@capacitor/core" if you intend to require the official core), then
update any related code/comments referencing "@capacitor-plus/core" and run the
package install/tests to verify there are no unresolved peer-dependency
references.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Remove manual changelog edits and regenerate this section via release automation.

Line 6 and Line 12 introduce new release blocks while older blocks for the same versions still remain at Line 36 and Line 47, leaving conflicting duplicate entries in the changelog.

As per coding guidelines, CHANGELOG.md: Do not manually edit CHANGELOG.md; it is managed automatically by CI/CD.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CHANGELOG.md` around lines 6 - 26, The PR manually added release sections
(e.g., headers "## [8.3.3]" and "## [8.3.2]") causing duplicate entries in
CHANGELOG.md; remove the manual edits to those release blocks and any duplicated
lines you added, then regenerate the changelog via the project's release
automation or revert the CHANGELOG.md changes in this branch so CI can update it
automatically; look for the headers "## [8.3.3]" and "## [8.3.2]" and delete the
duplicated blocks introduced by this commit.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect package identity metadata across workspace packages
fd package.json --hidden --exclude node_modules | while read -r f; do
  jq -r --arg f "$f" \
    '"\($f)\tname=\(.name // "n/a")\tversion=\(.version // "n/a")\trepo=\(.repository.url // "n/a")\tbugs=\(.bugs.url // "n/a")\tauthor=\(.author // "n/a")"' "$f"
done | sort

echo "---- `@capacitor` scoped package names ----"
rg -n '"name":\s*"@capacitor/' --glob '**/package.json'

echo "---- `@capacitor-plus` scoped package names ----"
rg -n '"name":\s*"@capacitor-plus/' --glob '**/package.json'

Repository: Cap-go/capacitor-plus

Length of output: 1267

---

🏁 Script executed:

cat -n cli/package.json | head -20

Repository: Cap-go/capacitor-plus

Length of output: 732

---

Resolve package identity inconsistency before publishing.

The package metadata uses official @capacitor/cli name and Ionic Team branding (lines 2–6), but the repository and bugs URLs (lines 10 and 13) point to https://github.com/Cap-go/capacitor-plus.git. This mismatch applies across all workspace packages (@capacitor/android, @capacitor/core, @capacitor/ios). Clarify whether this branch is intended to publish under the official @capacitor scope with Cap-go repository metadata, or if the package metadata should reflect the actual repository ownership before merging.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cli/package.json` around lines 2 - 6, The package.json has inconsistent
identity fields: "name", "author", and "homepage" (e.g., "name":
"@capacitor/cli", "author": "Ionic Team", "homepage") conflict with "repository"
and "bugs" pointing to "https://github.com/Cap-go/capacitor-plus.git"; decide
which identity to publish under and make fields consistent — either update
"repository" and "bugs" to the official Capacitor repo/issue URL if this is
intended to be the official `@capacitor` packages, or change "name", "author", and
"homepage" (and the matching entries in the other workspace packages like
"@capacitor/android", "@capacitor/core", "@capacitor/ios") to reflect Cap-go
ownership; ensure the "name", "author", "homepage", "repository", and "bugs"
entries in package.json are all aligned before merging/publishing.