roninforge-hono：解决LLM生成Hono v4代码的59种常见错误

roninforge-hono is a Cursor plugin designed to address 59 frequent errors LLMs make when generating Hono v4 code. It uses BAD/CORRECT code comparisons to cover key areas like v3→v4 API changes, Express code leaks, TypeScript type inference traps, Cloudflare Workers-specific issues, security vulnerabilities, and production best practices.

Source: GitHub (https://github.com/RoninForge/roninforge-hono), author RoninForge, license MIT, released 2026-06-10.

Hono is a lightweight TypeScript edge framework for runtimes like Cloudflare Workers. With v4's release (Feb 2024), many breaking API changes were introduced, but LLMs' training data is mostly based on v3, leading to outdated code generation. Hono maintainers created GitHub issues (#3906, #4812) noting LLMs lack knowledge of latest Hono. roninforge-hono was built as a Cursor plugin to solve this via 59 BAD/CORRECT code pairs.

v3→v4 API Changes

v3 API	v4替代方案	说明
c.jsonT()	c.json()	v4起c.json()始终返回类型
c.stream() / c.streamText()	hono/streaming	流式处理移至独立模块
c.env()	c.env属性	运行时检测使用getRuntimeKey()
c.req.cookie()	getCookie(c)	从hono/cookie导入
app.showRoutes()	hono/dev	开发工具移至独立模块
app.fire()	fire(app)	从hono/service-worker导入
hono/nextjs	hono/vercel	Next.js支持改为Vercel适配器
hono/middleware	子路径导入	中间件需单独导入
addEventListener('fetch')	export default { fetch: app.fetch }	Service Worker语法变更
Deno URL导入	jsr:@hono/hono	v4.4.0起使用JSR

Express Code Leaks

• Route Handling: Express uses (req, res, next) vs Hono's (c, next) with return
• Error Handling: Hono uses app.onError instead of Express-style error middleware
• Body Parser: Hono uses native c.req.json() instead of express.json()
• CORS: Use hono/cors instead of npm cors package

Generic Params Missing

BAD: const app = new Hono(); (c.env type is {}) CORRECT: Define Bindings/Variables and pass to Hono generic

Chained Routes

BAD: Statement-style (loses RPC types) CORRECT: Chained .get()/.post() calls

Sub-app Routes

BAD: Statement-style sub-app definition CORRECT: Chained sub-app creation

Validator Position

BAD: Validator as middleware CORRECT: Validator as route param

Client Type Imports

BAD: Importing server app instance (bundle bloat) CORRECT: Import only type AppType

Cloudflare Workers

• Env Vars: Use c.env instead of process.env
• Static Assets: Deprecated serveStatic, use Workers Static Assets binding
• D1 DB: Always await prepare.run()
• Execution Context: Direct c.executionCtx.waitUntil() without check

Runtime-Specific

• Node.js: Use serve({ fetch: app.fetch })
• Workers: Export { fetch: app.fetch }
• Bun: Use Bun.serve({ fetch: app.fetch })

CVE-2025-59139

• Add bodyLimit({ maxSize: ... }) to POST/PUT routes
• Use Hono >=4.9.7

CORS Config

• Avoid origin: '*' with credentials: true

Cookie Security

• Set httpOnly, secure, sameSite

Streaming Responses

• Use streamText for large data instead of memory JSON

Compared to existing community rules:

1. Covers v3→v4 API changes (existing rules don't)
2. Addresses Express code leaks (existing rules ignore)
3. Provides BAD/CORRECT examples (not just best practices)

Usage Tips

1. Install roninforge-hono plugin
2. Fix Hono version to ^4.12.19
3. Enable TypeScript strict mode
4. Use Zod with @hono/zod-validator

Code Review Checklist

• Return c.json() results
• No req/res (use c)
• Chained route definitions
• Validator as route param
• Use c.env for env vars
• Secure cookies
• bodyLimit for POST/PUT
• No Node.js modules in Workers
• Client imports only types

Summary

roninforge-hono systematically fixes LLM errors in Hono v4 code, helping LLMs learn correct usage. It's essential for AI-assisted Hono development.