refactor(koa): use @eggjs/cookies instead of cookies

[fengmk2]

close #5735

Summary by CodeRabbit

• New Features

  • Koa constructor now accepts an optional options object to configure cookie signing keys: new Koa({ keys: [...] })
  • Koa instances now expose a public keys property for accessing signing key configuration

• Changes

  • Updated error message validation for cookie signing configuration

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The pull request migrates the Koa package dependency from the standard cookies library to a custom @eggjs/cookies implementation. The Context class is updated to use the new library's API with adjusted constructor parameters, and the Koa class now accepts a keys configuration option at initialization.

Changes

Cohort / File(s)	Change Summary
Dependency Migration packages/koa/package.json, pnpm-workspace.yaml	Replaced cookies and @types/cookies dependencies with @eggjs/cookies workspace dependency; added @eggjs/cookies version ^3.1.0 to pnpm catalog.
Context Cookies Initialization packages/koa/src/context.ts	Updated Cookies import source and constructor invocation; changed arguments from (this.req, this.res, { keys }) to (this, this.app.keys ?? [], { secure }) to align with new library API.
API and Tests packages/koa/test/context/cookies.test.ts	Extended Koa constructor to accept optional keys option; updated test expectations for new error message when signed cookies lack keys.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Constructor API change: Verify the Koa constructor's new keys option integrates correctly with existing initialization flows across the codebase.
• Cookies library migration: Review the differences between the old and new Cookies constructor signatures, particularly the context-first parameter and options structure.
• Error messaging: Confirm the updated error message for missing keys aligns with the new library's exception behavior.

Possibly related PRs

• feat(cookies): migrate cookies package into monorepo #5543: Main upstream PR performing equivalent migration of Koa from cookies to @eggjs/cookies with matching Context and constructor API adjustments.

Poem

🐰 A cookie jar once sealed so tight,
Now guards its treasures with new might.
With eggs and keys in harmony,
Our fluffy friend hops wild and free! 🥕🍪

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: replacing the cookies package with @eggjs/cookies in the Koa module, as evidenced by dependency updates and import changes throughout the changeset.
Linked Issues check	✅ Passed	All coding requirements from issue #5735 are met: the cookies package is replaced with @eggjs/cookies, dependency graph is updated in pnpm-workspace.yaml, imports are migrated in context.ts, and tests are updated accordingly.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the package replacement objective: dependency updates, import changes, constructor signature updates for Koa keys support, and corresponding test updates are all necessary for the migration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch use-egg-cookies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @fengmk2, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request undertakes a significant refactoring within the Koa package, transitioning its cookie handling mechanism from an external cookies library to the @eggjs/cookies package. This change aims to standardize cookie management across the Egg.js ecosystem, ensuring consistent behavior and potentially leveraging internal optimizations. The modifications span dependency updates, adjustments to the core Context class for cookie initialization, and corresponding updates to the test suite to validate the new implementation.

Highlights

• Dependency Migration: The koa package has been refactored to replace the cookies npm package with the internal @eggjs/cookies package for cookie management.
• Context Cookie Initialization: The Context class in koa now initializes the @eggjs/cookies instance by passing the Koa context itself, along with an explicit fallback to an empty array for app.keys if not provided, ensuring proper cookie handling.
• Test Suite Updates: Existing cookie-related tests have been updated to align with the new @eggjs/cookies implementation, including adding keys to the Koa app configuration for unsigned cookie tests and adjusting expected error messages for signed cookies without keys.
• Build System Updates: The pnpm-lock.yaml and pnpm-workspace.yaml files have been updated to reflect the removal of the cookies dependency and its types, and the addition of @eggjs/cookies as a workspace dependency.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[cloudflare-workers-and-pages]

Deploying egg with    Cloudflare Pages

Latest commit:	b70ba8a
Status:	✅  Deploy successful!
Preview URL:	https://6fd46078.egg-cci.pages.dev
Branch Preview URL:	https://use-egg-cookies.egg-cci.pages.dev

View logs

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.60%. Comparing base (e900acd) to head (b70ba8a).
⚠️ Report is 1 commits behind head on next.

Additional details and impacted files

@@            Coverage Diff             @@
##             next    #5744      +/-   ##
==========================================
- Coverage   87.61%   87.60%   -0.01%     
==========================================
  Files         563      563              
  Lines       10930    10930              
  Branches     1238     1239       +1     
==========================================
- Hits         9576     9575       -1     
- Misses       1270     1271       +1     
  Partials       84       84              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gemini-code-assist]

Code Review

This pull request refactors the Koa package to use @eggjs/cookies instead of the cookies package. The changes are mostly straightforward dependency and API usage updates. I've identified a couple of areas for improvement: one regarding a FIXME comment that should be removed for better code clarity, and another in a test case to make its intent clearer and more robust after the dependency change. Overall, the refactoring is well-executed.

[cloudflare-workers-and-pages]

Deploying egg-v3 with    Cloudflare Pages

Latest commit:	b70ba8a
Status:	✅  Deploy successful!
Preview URL:	https://cacae6bb.egg-v3.pages.dev
Branch Preview URL:	https://use-egg-cookies.egg-v3.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e900acd and b70ba8a.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (4)

• packages/koa/package.json (1 hunks)
• packages/koa/src/context.ts (2 hunks)
• packages/koa/test/context/cookies.test.ts (2 hunks)
• pnpm-workspace.yaml (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

pnpm-workspace.yaml

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Define dependencies in pnpm-workspace.yaml catalog section and reference catalog entries with 'package-name': 'catalog:' or internal workspace dependencies with 'package-name': 'workspace:*'

Files:

• pnpm-workspace.yaml

packages/**/*.ts

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

packages/**/*.ts: Use TypeScript throughout all packages in the Eggjs monorepo
Use strict TypeScript mode in all packages

Files:

• packages/koa/src/context.ts
• packages/koa/test/context/cookies.test.ts

**/*.{ts,tsx,js,mjs}

📄 CodeRabbit inference engine (AGENTS.md)

Use .ts sources over CommonJS and prefer ESM for exports

Files:

• packages/koa/src/context.ts
• packages/koa/test/context/cookies.test.ts

{packages,plugins}/**/*.{ts,tsx,js,mjs}

📄 CodeRabbit inference engine (AGENTS.md)

Name files in lowercase with hyphens (e.g. loader-context.ts)

Files:

• packages/koa/src/context.ts
• packages/koa/test/context/cookies.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Name classes in PascalCase
Name functions and variables in camelCase

**/*.{ts,tsx}: Use explicit return types for all exported functions, methods, and getters to support TypeScript's --isolatedDeclarations flag
Avoid computed property names with symbols in class declarations; use override methods instead for compatibility with --isolatedDeclarations
Add explicit type annotations for class properties, particularly for exported symbols which should use unique symbol type
Enable strict mode in all TypeScript packages and use explicit return types for public APIs
Prefer interfaces over type aliases for object shapes in TypeScript
Use readonly modifiers where appropriate in TypeScript classes and interfaces
Avoid any type; use unknown when type is truly unknown

Files:

• packages/koa/src/context.ts
• packages/koa/test/context/cookies.test.ts

packages/**/test/**/*.test.ts

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

packages/**/test/**/*.test.ts: Use Vitest as the standard test runner for all packages; test files follow pattern 'test/**/*.test.ts'
Use 'import { describe, it } from "vitest"' for test functions in Vitest test files
Use Node.js built-in 'assert' module for assertions in tests

Files:

• packages/koa/test/context/cookies.test.ts

**/test/**/*.test.ts

📄 CodeRabbit inference engine (AGENTS.md)

Configure Vitest to discover **/test/**/*.test.ts within each package and mirror this pattern when adding test suites

Files:

• packages/koa/test/context/cookies.test.ts

🧠 Learnings (15)

📚 Learning: 2025-12-21T03:05:13.313Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-21T03:05:13.313Z
Learning: Applies to tegg/**/package.json : Use `workspace:*` protocol for internal monorepo dependencies (both tegg and egg packages)

Applied to files:

• packages/koa/package.json
• pnpm-workspace.yaml

📚 Learning: 2025-12-21T03:05:13.313Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-21T03:05:13.313Z
Learning: Applies to tegg/plugin/*/package.json : New plugins should define `eggPlugin` in `package.json` with dependencies

Applied to files:

• packages/koa/package.json
• pnpm-workspace.yaml

📚 Learning: 2025-12-21T03:05:13.313Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-21T03:05:13.313Z
Learning: Applies to tegg/**/package.json : Egg.js version must be >= 4.1.0

Applied to files:

• packages/koa/package.json
• pnpm-workspace.yaml

📚 Learning: 2025-12-21T03:04:53.982Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-21T03:04:53.982Z
Learning: Applies to package.json : Use `workspace:*` for internal package dependencies and `catalog:` for external dependencies defined in pnpm-workspace.yaml

Applied to files:

• packages/koa/package.json
• pnpm-workspace.yaml

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/**/*.ts : Use TypeScript throughout all packages in the Eggjs monorepo

Applied to files:

• packages/koa/package.json

📚 Learning: 2025-12-21T03:05:13.313Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-21T03:05:13.313Z
Learning: Applies to tegg/core/*/package.json : New core packages should include standard scripts in `package.json` with `typecheck` script using tsgo

Applied to files:

• packages/koa/package.json

📚 Learning: 2025-12-21T03:04:53.982Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-21T03:04:53.982Z
Learning: All packages must include TypeScript type checking with `tsc --noEmit` in the `typecheck` script

Applied to files:

• packages/koa/package.json

📚 Learning: 2025-12-21T03:04:53.982Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-21T03:04:53.982Z
Learning: All packages must define a `src/types.ts` file that extends the Egg module declarations using `declare module 'egg'` pattern

Applied to files:

• packages/koa/package.json

📚 Learning: 2025-12-21T03:05:13.313Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-21T03:05:13.313Z
Learning: Applies to tegg/**/pnpm-workspace.yaml : Use pnpm workspaces with `catalog:` protocol for shared external dependencies

Applied to files:

• packages/koa/package.json
• pnpm-workspace.yaml

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to pnpm-workspace.yaml : Define dependencies in pnpm-workspace.yaml catalog section and reference catalog entries with 'package-name': 'catalog:' or internal workspace dependencies with 'package-name': 'workspace:*'

Applied to files:

• packages/koa/package.json
• pnpm-workspace.yaml

📚 Learning: 2025-12-21T03:04:53.982Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-21T03:04:53.982Z
Learning: All new packages must use Vitest for testing; Exception: egg-bin and cookies packages use Mocha

Applied to files:

• packages/koa/package.json

📚 Learning: 2025-11-27T14:37:59.711Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-27T14:37:59.711Z
Learning: Applies to packages/**/test/**/*.test.ts : Use Node.js built-in 'assert' module for assertions in tests

Applied to files:

• packages/koa/package.json

📚 Learning: 2025-12-21T03:05:13.313Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: tegg/CLAUDE.md:0-0
Timestamp: 2025-12-21T03:05:13.313Z
Learning: Applies to tegg/**/pnpm-workspace.yaml : Centralize all shared dependency versions in the root `pnpm-workspace.yaml` rather than in individual tegg package files

Applied to files:

• pnpm-workspace.yaml

📚 Learning: 2025-12-20T09:24:59.960Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-20T09:24:59.960Z
Learning: Maintain Egg as a pnpm monorepo with core runtime code in `packages/egg`, supporting modules in `packages/core`, `packages/cluster`, and `packages/utils`, optional integrations under `plugins/`, examples in `examples/`, documentation site in `site/`, and unit tests beside packages under `test/` directories with fixtures in `test/fixtures/`

Applied to files:

• pnpm-workspace.yaml

📚 Learning: 2025-12-21T03:04:53.982Z

Learnt from: CR
Repo: eggjs/egg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-21T03:04:53.982Z
Learning: Applies to plugins/*/package.json : All plugins must include egg in peerDependencies and define `build`, `clean`, and `prepublishOnly` scripts in package.json

Applied to files:

• pnpm-workspace.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (18)

• GitHub Check: Test (macos-latest, 24, 2/3)
• GitHub Check: Test (windows-latest, 24, 1/3)
• GitHub Check: Test (macos-latest, 20, 3/3)
• GitHub Check: Test (windows-latest, 22, 1/3)
• GitHub Check: Test (windows-latest, 20, 3/3)
• GitHub Check: Test (ubuntu-latest, 24, 3/3)
• GitHub Check: Test (ubuntu-latest, 24, 2/3)
• GitHub Check: Test (ubuntu-latest, 22, 2/3)
• GitHub Check: Test (macos-latest, 24, 3/3)
• GitHub Check: Test bin (ubuntu-latest, 24, 0/3)
• GitHub Check: Test bin (windows-latest, 24, 2/3)
• GitHub Check: Test bin (ubuntu-latest, 24, 1/3)
• GitHub Check: Test bin (ubuntu-latest, 24, 2/3)
• GitHub Check: Test bin (windows-latest, 24, 0/3)
• GitHub Check: typecheck
• GitHub Check: cnpmcore E2E test
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Cloudflare Pages: egg-v3

🔇 Additional comments (5)

packages/koa/src/context.ts (1)

5-5: LGTM: Import updated to named export.

The change from default import to named import correctly aligns with the @eggjs/cookies API.

packages/koa/test/context/cookies.test.ts (2)

11-13: LGTM: Tests updated for new Koa constructor API.

The test correctly demonstrates the new public API where Koa accepts an options object with a keys property. This is a useful ergonomic improvement over setting app.keys separately.

---

45-45: LGTM: Error message reflects @eggjs/cookies validation.

The updated error message "keys must be provided and should be an array" accurately reflects the validation from the @eggjs/cookies library. This test confirms that the error is thrown when attempting to set signed cookies without keys, not during Cookies initialization.

packages/koa/package.json (1)

43-43: LGTM: Dependency correctly uses workspace protocol.

The addition of "@eggjs/cookies": "workspace:*" correctly follows the monorepo convention for internal workspace dependencies. The removal of the external cookies package and @types/cookies (as noted in the AI summary) properly completes the migration to the internal @eggjs/cookies implementation.

Based on learnings about using workspace:* for internal monorepo dependencies.

pnpm-workspace.yaml (1)

14-14: Remove or correct the @eggjs/cookies version specification.

The version ^3.1.0 appears not to exist as a stable release. Latest releases show @eggjs/cookies at 4.0.0-beta.x. Verify and pin to an actual stable version.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's look at the actual file to understand the context
echo "=== Viewing packages/koa/src/context.ts around lines 226-229 ==="
sed -n '220,235p' packages/koa/src/context.ts

# Check for @eggjs/cookies type definitions or documentation in the codebase
echo -e "\n=== Looking for @eggjs/cookies references ==="
rg -n "@eggjs/cookies" --type ts packages/

# Search for Cookies constructor usage across the codebase
echo -e "\n=== All Cookies constructor usage ==="
rg -n "new Cookies\(" --type ts -C 3

# Check the package.json to see the @eggjs/cookies version
echo -e "\n=== Checking @eggjs/cookies dependency ==="
rg "@eggjs/cookies" packages/koa/package.json -A 2 -B 2

Repository: eggjs/egg

Length of output: 2438

---

🌐 Web query:

@eggjs/cookies constructor API documentation

💡 Result:

Brief summary — constructor and its API

• Constructor signature: new Cookies(ctx, keys[, defaultCookieOptions]) — or call Cookies(ctx, keys, defaultCookieOptions). [1]

• Parameters:

  • ctx: Koa/Egg context (request/response wrapper). [1][2]
  • keys: signing/encryption keys (string(s) / Keygrip). First key used for signing/encryption; additional keys used to verify/decrypt. [1][2]
  • defaultCookieOptions (optional): defaults applied to set/get if not overridden. Common options include:
    • maxAge (Number, ms), expires (Date), path (String), domain (String). [2]
    • httpOnly (Boolean), signed (Boolean), encrypt (Boolean), secure (Boolean), sameSite (String). [2]
    • (Egg docs/releases also note newer cookie attrs such as partitioned, priority, removeUnpartitioned for recent versions). [2][3]

• Notes:

  • encrypt behaves like signed but encrypts the value (requires keys). Use same option on get and set. [1][2]
  • When cookie value length > ~4093 bytes an event is emitted (cookieLimitExceed). [1]

Example:

• import { Cookies } from '@eggjs/cookies';
  const cookies = new Cookies(ctx, keys, { httpOnly: true, encrypt: true });
  cookies.set('foo', 'bar', { maxAge: 24 * 3600 * 1000 }); [1]

Sources:

• @eggjs/cookies README (npm). [1]
• Egg.js documentation — Cookie & Session (core docs). [2]
• Egg.js release notes mentioning added cookie options (partitioned / priority / removeUnpartitioned). [3]

---

Address the empty keys fallback behavior.

The FIXME comment indicates keys are required for signed/encrypted cookies, yet the code provides an empty array fallback (this.app.keys ?? []). While this prevents initialization errors, it could lead to runtime failures when developers attempt to use signed or encrypted cookies without configuring keys.

Consider either:

1. Throwing an error during initialization if keys are required for your use case, or
2. Documenting that keys can be set via app.keys before using signed/encrypted cookies

🤖 Prompt for AI Agents

In packages/koa/src/context.ts around lines 226 to 229, the code falls back to
an empty array for this.app.keys which masks the fact that keys are required for
signed/encrypted cookies; change the initialization to fail fast by throwing a
clear Error when this.app.keys is null/undefined (instead of using []), with a
message instructing developers to set app.keys (e.g. "app.keys is required for
signed/encrypted cookies; set app.keys before creating the app"), so
initialization surfaces the misconfiguration and prevents later runtime
failures.

[Copilot]

Pull request overview

This PR refactors the @eggjs/koa package to use the internal @eggjs/cookies package instead of the external cookies package, closing issue #5735. The change modernizes the cookie handling by adopting the in-house implementation that extends the original pillarjs/cookies with additional features like encryption.

• Replaced external cookies package with workspace package @eggjs/cookies
• Updated Cookies API usage to match the new constructor signature
• Updated test expectations to match new error messages

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pnpm-workspace.yaml	Added @eggjs/cookies to the catalog for version documentation
pnpm-lock.yaml	Removed external cookies and @types/cookies dependencies, added workspace link to internal @eggjs/cookies package
packages/koa/package.json	Replaced cookies dependency with workspace reference to @eggjs/cookies, removed @types/cookies from devDependencies
packages/koa/src/context.ts	Changed import from default to named export, updated Cookies constructor to use new API signature (ctx, keys, options)
packages/koa/test/context/cookies.test.ts	Added keys initialization to unsigned cookie test, updated error message assertion to match new Keygrip validation message

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported