`LEGACY_WRAPPER_FALLBACK_VERSIONS.vitest` was set to `^${VITEST_VERSION}`,
while fresh migrations write the exact `VITEST_VERSION` via
`VITE_PLUS_OVERRIDE_PACKAGES`. Projects cleaned up from a stale
`@voidzero-dev/vite-plus-test` alias should land on the same exact
pin as fresh migrations, not a caret range that allows unintended
drift on reinstall.

The workflow's VP_OVERRIDE_PACKAGES JSON hardcodes the vitest
family at "4.1.5" ten times. Without rewriting this file on
bump, CI's vp create tests pin a stale vitest version after the
next daily upgrade. Add updateTestVpCreateWorkflow alongside
the constants.ts + pnpm-workspace.yaml rewrites.

es-module-lexer's `s`/`e` offsets bound the specifier name *without*
quotes for static imports but include the quotes (as part of the
expression) for dynamic imports. The previous splice replaced
specifier-plus-quotes with a bare `vitest`, producing
`import(vitest)` instead of `import('vitest')`. Branch on `d` to
wrap dynamic replacements in quotes.

The mocker's static hoister hardcodes `hoistedModule = "vitest"` and bails
on any other source, leaving `vi.mock(...)` un-hoisted and producing TDZ
errors at runtime (`Cannot access '__vi_import_0__' before initialization`).

After `vp migrate` rewrites `import { vi } from 'vitest'` to
`'vite-plus/test'`, the user's `vi.mock(...)` calls hit this path. Patch
the hoister to also recognize `'vite-plus/test'` so the public test API
works without forcing a runtime source rewrite.

To be replaced by an upstream PR that exposes `hoistedModule` as
`string | string[]`.

…/TSX

The vite-plus/test→vitest rewrite relied on es-module-lexer to scope
replacements to real import statements, but the lexer cannot parse JSX
syntax. For .tsx test files containing `import { vi } from 'vite-plus/test'`
plus JSX in the body, parse() threw, our silent catch left `imports`
undefined, and the source flowed through unchanged. Downstream
@vitest/mocker then bailed on the unknown specifier, dropped the
`vi.mock(...)` hoist, and crashed with
`Cannot access '__vi_import_0__' before initialization`.

Detect the throw and fall back to two tight regexes targeting
`from 'vite-plus/test'` and `import('vite-plus/test')`. The backreferenced
quote forbids subpath matches like `vite-plus/test/browser`, and both
contexts require statement-position keywords so string-literal noise is
left alone.

Add JSX/TSX coverage to the unit tests so this regression is locked down.

…kages

Three breaking changes carried over from the wrapper deletion are
addressed:

1. `./test/client`, `./test/locators`, `./test/matchers`, `./test/utils`,
   `./test/context` exports were dropped in the wrapper removal but
   `packages/cli/src/oxlint-plugin.ts:36-37` still autofixes
   `@vitest/browser/client` and `@vitest/browser/locators` to those
   exact paths. Without the exports, `vp lint --fix` produced
   unresolvable imports. Restore them as shims projecting the matching
   `@vitest/browser/<sub>` subpaths.

2. `./test/browser-compat` is restored as a shim re-exporting
   `asLocator`, `defineBrowserCommand`, `defineBrowserProvider`,
   `parseKeyDef`, `resolveScreenshotPath` from `@vitest/browser`. The
   path is used by downstream consumers that point `@vitest/browser` at
   vite-plus via a package-manager override; restoring it preserves the
   wrapper-era surface.

3. `@testing-library/jest-dom`, `@storybook/test`, and `jest-extended`
   are auto-merged into `test.server.deps.inline` (root + per-project)
   so `expect.extend()` matcher registrations land on the same `expect`
   instance the test runtime uses. The previous wrapper applied this as
   a build-time patch to vitest's CLI chunk (vitest issue #897); the
   wrapper-free architecture re-applies it inside `defineConfig`.

The auto-inline merge is idempotent, respects `inline: true` opt-in,
deduplicates string entries, and recognises regexp entries that already
match an auto-inline package.

`packages/cli/src/index.ts` deliberately uses a curated re-export from
`vitest/config` that omits `mergeConfig` to avoid colliding with the
`mergeConfig` re-exported from `@voidzero-dev/vite-plus-core`. The CJS
entry still spread the full `vitest/config` namespace, so CJS consumers
ended up with vitest's `mergeConfig` (which delegates to upstream `vite`)
instead of vite-plus-core's. ESM and CJS now expose the same identifiers.

- Drop `?? {}` spread fallbacks (unicorn/no-useless-fallback-in-spread):
  optional chaining already guards the spread, the fallback is dead.
- Wrap single-statement `continue` in braces (eslint/curly).

No behavior change.

The previous regex fallback (`/from\s+['"]vite-plus\/test['"]/g`) ran on
raw source when `es-module-lexer` threw on JSX/TSX, so it could mutate
the same substring inside string literals or JSX text. Switched to
`oxc-parser` which understands TSX and exposes precise specifier offsets
for static imports, dynamic imports, and `export … from` re-exports —
all three are needed because the fast-path lexer reports them in one
list while oxc separates them into staticImports / dynamicImports /
staticExports.

Consolidates the @emnapi/core 1.9.2 / 1.10.0 split that the oxc-parser
install introduced, so `pnpm dedupe --check` passes in CI.

…ojects

Browser-mode tests failed in established vite-plus projects (those that
depend only on `vite-plus`, with `vitest`/`@vitest/browser` transitive).
pnpm's isolated layout only exposes a package's direct deps, so the
browser-mode Vite dev server — rooted at the consumer project — could not
resolve `vitest/internal/browser` and the `@vitest/*` family, crashing
with "Failed to resolve import vitest/internal/browser".

Adds `vite-plus:vitest-resolver`, an enforce:'pre' resolveId plugin
injected alongside the specifier-rewrite plugin. It is a pure fallback:
it defers to the default resolver first (skipSelf) so projects that
already resolve fine see zero change, and only when that returns null
does it resolve from vite-plus's own dependency tree — `vitest` /
`@vitest/browser*` via a require anchored at this module, and the nested
`@vitest/*` family (deps of vitest) via a require anchored at vitest.

Bumps the `vitest` / `@vitest/browser*` catalog pins, the `VITEST_VERSION`
constant (which drives migration-injected overrides), and the
`VP_OVERRIDE_PACKAGES` workflow env from 4.1.5 to the latest stable 4.1.7.
The `@vitest/mocker` hoist patch is renamed to track the new version and
still applies cleanly (the patched context is unchanged in 4.1.7).

… exports

The blanket `@vitest/` → `vite-plus/test/` swap produced targets that
do not exist in the `vite-plus` package `exports` map, so migrated code
failed at runtime with ERR_PACKAGE_PATH_NOT_EXPORTED:

- `@vitest/browser/{client,locators,matchers,utils}` mapped to
  `vite-plus/test/browser/*` (only the bare `./test/*` keys exist).
- `@vitest/browser-<provider>/provider` mapped to
  `vite-plus/test/browser-<provider>/provider` (no such export).

Replace the single naive ast-grep rule with 12 mutually-exclusive
enumerated rules and split the triple-slash reference regex into five,
so `vp migrate` produces the same canonical targets as the
`oxlint-plugin.ts` autofix. Add the missing `matchers`/`utils` entries
to `oxlint-plugin.ts` so both implementations stay in sync.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

The tgz-based create/e2e workflows reference fixed `*-0.0.0.tgz`
filenames (`repack-vite-tgz` input, `VP_VERSION`, `install-global-cli`,
`VP_OVERRIDE_PACKAGES`). A release commit bumped `packages/core` and
`packages/cli` to a published version, so `pnpm pack` emitted
`*-0.1.22.tgz` and the `Build vite-plus packages` job failed with
ENOENT on `voidzero-dev-vite-plus-core-0.0.0.tgz`.

Pin both packages to 0.0.0 with `pnpm pkg set` right before packing so
the emitted tgz names stay stable regardless of the committed version.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

`replaceInstalledCheckoutPackages` symlinked `node_modules/vitest` and
`node_modules/@voidzero-dev/vite-plus-test` to `packages/test`, which
this branch deletes. The entries are never matched by the current snap
suite (only `create-framework-shim-vue` sets `linkCheckoutPackages` and
it installs neither package), but a future global snap test that does
install vitest would `rmSync` the real package and symlink it to the
now-missing `packages/test`. Remove both stale entries.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

`pnpm pkg set` is not implemented (ERR_PNPM_NOT_IMPLEMENTED); pnpm
points to the npm CLI for `pkg` operations. Switch the version pin in
the tgz pack steps to `npm pkg set version=0.0.0`.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

The ecosystem-ci pack step pins packages/cli to 0.0.0 before packing, so
the installed local build reports 0.0.0. verify-install.ts still compared
against the committed packages/cli/package.json version (0.1.22 after the
release bump), failing every ecosystem E2E project with
"expected version 0.1.22, got 0.0.0". Pin the expected version to 0.0.0,
matching the fixed `vite-plus-0.0.0.tgz` that patch-project.ts references.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

`externalDtsTypeOnlyPlugin` blindly prepended `import type ` to every
import line in postcss/lightningcss `.d.ts` files. For the
`import D, { N } from 'x'` shape that produced `import type D, { N }`,
which is invalid — a type-only import statement cannot mix a default
binding with named bindings. The dts bundler then failed with
`[PARSE_ERROR]` (surfaced by the `vp-config` ecosystem-ci project,
whose dependency graph routes postcss's `.d.ts` through this plugin).

Fold the default binding into the named clause as `{ default as D, N }`
before the generic prepend, in both the internal-file and
consumer-file branches.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

The daily upgrade script bumped the vitest catalog, VITEST_VERSION, and
the test-vp-create.yml pins, but never touched the @vitest/mocker entry
in patchedDependencies. pnpm keys patchedDependencies by exact version
and fails ERR_PNPM_PATCHED_PKG_DOES_NOT_MATCH on drift, so each vitest
bump broke the auto-upgrade PR. Rewrite the key + patch path and rename
the version-suffixed patch file as part of the upgrade run.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>