Skip to content

feat(clerk-js): Introduce reset password session task #7268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 39 commits into from
Nov 28, 2025
Merged

feat(clerk-js): Introduce reset password session task #7268

merged 39 commits into from
Nov 28, 2025

Conversation

@octoper
Copy link
Member

@octoper octoper commented Nov 20, 2025
edited by coderabbitai bot
Loading

Description

This PR introduces the new reset-password session task.

This PR does not yet exports the <TaskResetPassword/> from any of the React related packages @clerk/clerk-react, @clerk/nextjs etc, this will be included in a followup PR

N+1 tasks

CleanShot.2025-11-26.at.13.18.39.mp4

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

Summary by CodeRabbit

  • New Features

    • New "Reset password" session task: users can set a new password and optionally sign out of other devices; integrated into sign-in/session-task flows.

  • Localization

    • Added multilingual labels for the reset-password flow across supported locales.

  • Tests

    • New unit and end-to-end tests covering the reset-password session task and related sign-in flows.

✏️ Tip: You can customize this high-level summary in your review settings.

@changeset-bot
Copy link

changeset-bot bot commented Nov 20, 2025
edited
Loading

🦋 Changeset detected

Latest commit: f871d5a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 22 packages
Name Type
@clerk/localizations Minor
@clerk/clerk-js Minor
@clerk/shared Minor
@clerk/backend Minor
@clerk/clerk-react Patch
@clerk/chrome-extension Patch
@clerk/clerk-expo Patch
@clerk/agent-toolkit Patch
@clerk/astro Patch
@clerk/elements Patch
@clerk/expo-passkeys Patch
@clerk/express Patch
@clerk/fastify Patch
@clerk/nextjs Patch
@clerk/nuxt Patch
@clerk/react-router Patch
@clerk/remix Patch
@clerk/tanstack-react-start Patch
@clerk/testing Patch
@clerk/themes Patch
@clerk/types Patch
@clerk/vue Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link

vercel bot commented Nov 20, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
clerk-js-sandbox Ready Ready Preview Comment Nov 28, 2025 4:48pm

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 20, 2025
edited
Loading

Walkthrough

Adds a "reset-password" session task: new task key, UI component and context, updated task guard and routing, types and localization entries across locales, backend experimental endpoint and test utilities, Playwright helpers and integration tests, plus related fixture and config updates.

Changes

Cohort / File(s) Summary
Core session mapping
packages/clerk-js/src/core/sessionTasks.ts		 Added 'reset-password' mapping to internal session task routes.
SessionTasks root & routes
packages/clerk-js/src/ui/components/SessionTasks/index.tsx		 Registered reset-password route rendering TaskResetPassword inside TaskResetPasswordContext.Provider; provider value simplified (removed navigateOnSetActive).
Task UI + tests
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx		 New TaskResetPassword component (form, validation, update flow, sign-out option) and unit tests covering rendering and flows.
Task guard & re-exports
packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts, .../shared/index.ts, .../TaskChooseOrganization/index.tsx		 withTaskGuard now accepts taskKey: SessionTask['key'], uses useSessionTasksContext, tightens predicate; re-exported via barrel; TaskChooseOrganization updated to pass task key.
SessionTasks context & types (UI)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts, packages/clerk-js/src/ui/types.ts, packages/clerk-js/src/contexts/ClerkUIComponentsContext.tsx		 Added TaskResetPasswordContext and TaskResetPasswordCtx type; adjusted SessionTasksCtx shape/navigation helper; ComponentContextProvider supports TaskResetPassword.
Shared types & appearance/localization types
packages/shared/src/types/session.ts, packages/shared/src/types/clerk.ts, packages/shared/src/types/appearance.ts, packages/shared/src/types/localization.ts		 Extended SessionTask.key union with 'reset-password'; added TaskResetPasswordProps and theme alias; added taskResetPassword block to localization types.
Localizations (many locales)
packages/localizations/src/{en-US,pt-BR,en-GB,...,zh-TW}.ts		 Added taskResetPassword localization block (title, formButtonPrimary, signOut.actionLink/actionText) across locale files; en-US and pt-BR include concrete strings.
Sign-in/Sign-up navigation wiring
packages/clerk-js/src/ui/contexts/components/SignIn.ts, .../SignUp.ts, .../TaskChooseOrganization/*		 navigateOnSetActive now composes URL with startPath + computed taskEndpoint; task screens delegate navigation to session tasks context.
Backend API & integration test utils
packages/backend/src/api/endpoints/UserApi.ts, integration/testUtils/usersService.ts, integration/testUtils/organizationsService.ts		 Added __experimental_passwordUntrusted(userId) API method and passwordUntrusted test util; added createBapiOrganization helper.
Playwright helpers & integration tests
packages/testing/src/playwright/unstable/page-objects/sessionTask.ts, integration/tests/session-tasks-sign-in-reset-password.test.ts, integration/presets/envs.ts, integration/presets/longRunningApps.ts		 Added resolveResetPasswordTask page helper; new integration tests for sign-in reset-password flows; environment/app presets for tests.
Misc / fixtures / config / changesets
packages/clerk-js/bundlewatch.config.json, packages/clerk-js/src/test/fixture-helpers.ts, .changeset/*		 Increased sessionTasks bundle size limit; made test fixture identifier optional; added changesets for package bumps.

Sequence Diagram(s)

sequenceDiagram
    participant User as User / Browser
    participant UI as Frontend UI (SessionTasks)
    participant Router as Router
    participant SessionSvc as Session Manager
    participant API as Backend API

    User->>UI: Sign in (credentials)
    UI->>API: Authenticate (may include 2FA)
    API->>SessionSvc: Create session with currentTask.key='reset-password'
    SessionSvc->>Router: Route to task endpoint
    Router->>UI: Render TaskResetPassword component (TaskResetPasswordContext)
    User->>UI: Fill newPassword / confirmPassword (+ sign-out flag)
    UI->>API: updatePassword (newPassword, signOutOfOtherSessions)
    API-->>API: Update password, optionally revoke other sessions
    API->>SessionSvc: Mark task completed / clear currentTask
    SessionSvc->>Router: Redirect to redirectUrlComplete
    Router->>User: Navigate to destination
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

  • Areas to focus:
    • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx — form validation, reverification/updatePassword flow, sign-out handling, navigation after completion.
    • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts — guard predicate, redirect behavior and signature change.
    • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts and SignIn/SignUp context changes — URL composition with startPath and getTaskEndpoint.
    • packages/backend/src/api/endpoints/UserApi.ts — __experimental_passwordUntrusted request shape and semantics.
    • Large localization additions — verify consistency across locale files and no syntax errors.

Possibly related PRs

Suggested labels

types

Suggested reviewers

  • nikosdouvlis

Poem

🐇 I hopped in code with whiskers bright,
A reset path stitched through day and night.
Forms and guards and locales learned,
Tests passed by — the rabbit turned.
Hop, confirm, redirect — joy in sight!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: introducing a new reset-password session task feature for clerk-js.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch vaggelis/user-4002-implement-the-aio-components-new-flow-and-session-task
📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 92f503b and f871d5a.

📒 Files selected for processing (1)
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx (4 hunks)
🧰 Additional context used
📓 Path-based instructions (11)
packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should be written in camelCase
Use useCardState for card-level state management
Use useFormState for form-level state management
Use useLoadingStatus for managing loading states
Use useFormControl hook for form field state management with validation and localization support
All rendered values must be localized using useLocalizations hook - hard coded values are not allowed
Use localizationKeys for translating UI text with support for parameters and error messages
Use handleError utility for API error handling and provide field states for proper error mapping
Use the styled system sx prop with theme tokens for custom styling instead of inline styles
Use the Card component pattern with Card.Root, Card.Header, Card.Title, Card.Content, and Card.Footer for consistent card layouts
Use FormContainer with headerTitle and headerSubtitle localization keys combined with Form.Root and FormButtons for consistent form layouts
When form submission occurs, manage loading and error states by calling status.setLoading(), card.setLoading(), and card.setError() appropriately

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.tsx: Use error boundaries in React components
Minimize re-renders in React components

**/*.tsx: Use proper type definitions for props and state in React components
Leverage TypeScript's type inference where possible in React components
Use proper event types for handlers in React components
Implement proper generic types for reusable React components
Use proper type guards for conditional rendering in React components

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components (e.g., UserProfile, NavigationMenu)
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Separate UI components from business logic components
Use useState for simple state management in React components
Use useReducer for complex state logic in React components
Implement proper state initialization in React components
Use proper state updates with callbacks in React components
Implement proper state cleanup in React components
Use Context API for theme/authentication state management
Implement proper state persistence in React applications
Use React.memo for expensive components
Implement proper useCallback for handlers in React components
Use proper useMemo for expensive computations in React components
Implement proper virtualization for lists in React components
Use proper code splitting with React.lazy in React applications
Implement proper cleanup in useEffect hooks
Use proper refs for DOM access in React components
Implement proper event listener cleanup in React components
Use proper abort controllers for fetch in React components
Implement proper subscription cleanup in React components
Use proper HTML elements for semantic HTML in React components
Implement proper ARIA attributes for accessibility in React components
Use proper heading hierarchy in React components
Implement proper form labels in React components
Use proper button types in React components
Implement proper focus management for keyboard navigation in React components
Use proper keyboard shortcuts in React components
Implement proper tab order in React components
Use proper ...

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
🧬 Code graph analysis (1)
packages/clerk-js/src/ui/components/SessionTasks/index.tsx (3)
packages/clerk-js/src/core/sessionTasks.ts (1)
  • INTERNAL_SESSION_TASK_ROUTE_BY_KEY (9-12)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (2)
  • TaskResetPasswordContext (59-59)
  • SessionTasksContext (9-9)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)
  • TaskResetPassword (201-203)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (32)
  • GitHub Check: Integration Tests (tanstack-react-start, chrome)
  • GitHub Check: Integration Tests (custom, chrome)
  • GitHub Check: Integration Tests (nextjs, chrome, 14)
  • GitHub Check: Integration Tests (machine, chrome, RQ)
  • GitHub Check: Integration Tests (quickstart, chrome, 16)
  • GitHub Check: Integration Tests (nextjs, chrome, 16)
  • GitHub Check: Integration Tests (quickstart, chrome, 15)
  • GitHub Check: Integration Tests (nextjs, chrome, 15, RQ)
  • GitHub Check: Integration Tests (react-router, chrome)
  • GitHub Check: Integration Tests (vue, chrome)
  • GitHub Check: Integration Tests (billing, chrome, RQ)
  • GitHub Check: Integration Tests (billing, chrome)
  • GitHub Check: Integration Tests (nextjs, chrome, 15)
  • GitHub Check: Integration Tests (nuxt, chrome)
  • GitHub Check: Integration Tests (machine, chrome)
  • GitHub Check: Integration Tests (sessions:staging, chrome)
  • GitHub Check: Integration Tests (handshake:staging, chrome)
  • GitHub Check: Integration Tests (astro, chrome)
  • GitHub Check: Integration Tests (expo-web, chrome)
  • GitHub Check: Integration Tests (handshake, chrome)
  • GitHub Check: Integration Tests (elements, chrome)
  • GitHub Check: Integration Tests (generic, chrome)
  • GitHub Check: Integration Tests (localhost, chrome)
  • GitHub Check: Integration Tests (express, chrome)
  • GitHub Check: Integration Tests (ap-flows, chrome)
  • GitHub Check: Integration Tests (sessions, chrome)
  • GitHub Check: Publish with pkg-pr-new
  • GitHub Check: Unit Tests (22, shared, clerk-js, RQ)
  • GitHub Check: Unit Tests (22, **)
  • GitHub Check: Static analysis
  • GitHub Check: semgrep-cloud-platform/scan
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (3)
packages/clerk-js/src/ui/components/SessionTasks/index.tsx (3)

11-20: Reset password task imports are consistent and correctly wired

TaskResetPasswordContext and TaskResetPassword are imported and used later in the file; there are no unused imports or obvious tree‑shaking issues here. The imports align with the context/component definitions in the related files, so this part looks good.

57-71: Reset-password route and context wiring look correct; confirm flow ordering

The new reset-password route correctly reuses INTERNAL_SESSION_TASK_ROUTE_BY_KEY['reset-password'] and wraps TaskResetPassword with TaskResetPasswordContext.Provider using the same value shape as TaskChooseOrganizationContext ({ componentName, redirectUrlComplete }). This is consistent and should integrate cleanly with the existing guards/HOCs.

Please just confirm at a high level that this route ordering matches the intended task progression (e.g., reset-password vs choose-organization) in your product flow, since that logic is centralized here.

124-127: SessionTasksContext simplification to only redirectUrlComplete

Providing only { redirectUrlComplete } via SessionTasksContext matches the new, simplified usage pattern and avoids leaking navigation logic into the context. This looks cleaner, assuming all previous consumers of additional fields (like any navigateOnSetActive-style behavior) were updated in the same PR and type checks are green.

If you haven’t already, please run the TypeScript build/ESLint pipeline to catch any remaining consumers that still expect extra fields on SessionTasksContext.

Comment @coderabbitai help to get the list of available commands and usage tips.

@octoper octoper self-assigned this Nov 20, 2025
@octoper octoper closed this Nov 20, 2025
@octoper octoper reopened this Nov 20, 2025
@octoper
Copy link
Member Author

octoper commented Nov 20, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Nov 20, 2025

Hey @octoper - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.2.3-snapshot.v20251120173355
@clerk/astro 2.16.1-snapshot.v20251120173355
@clerk/backend 2.23.1-snapshot.v20251120173355
@clerk/chrome-extension 2.8.3-snapshot.v20251120173355
@clerk/clerk-js 5.110.0-snapshot.v20251120173355
@clerk/elements 0.23.84-snapshot.v20251120173355
@clerk/clerk-expo 2.19.3-snapshot.v20251120173355
@clerk/expo-passkeys 0.4.20-snapshot.v20251120173355
@clerk/express 1.7.51-snapshot.v20251120173355
@clerk/fastify 2.6.3-snapshot.v20251120173355
@clerk/localizations 3.29.0-snapshot.v20251120173355
@clerk/nextjs 6.35.3-snapshot.v20251120173355
@clerk/nuxt 1.13.1-snapshot.v20251120173355
@clerk/clerk-react 5.56.1-snapshot.v20251120173355
@clerk/react-router 2.2.3-snapshot.v20251120173355
@clerk/remix 4.13.18-snapshot.v20251120173355
@clerk/shared 3.36.0-snapshot.v20251120173355
@clerk/tanstack-react-start 0.27.3-snapshot.v20251120173355
@clerk/testing 1.13.17-snapshot.v20251120173355
@clerk/themes 2.4.38-snapshot.v20251120173355
@clerk/types 4.101.1-snapshot.v20251120173355
@clerk/vue 1.16.1-snapshot.v20251120173355

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.2.3-snapshot.v20251120173355 --save-exact

@clerk/astro

npm i @clerk/astro@2.16.1-snapshot.v20251120173355 --save-exact

@clerk/backend

npm i @clerk/backend@2.23.1-snapshot.v20251120173355 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.8.3-snapshot.v20251120173355 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.110.0-snapshot.v20251120173355 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.84-snapshot.v20251120173355 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.19.3-snapshot.v20251120173355 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.4.20-snapshot.v20251120173355 --save-exact

@clerk/express

npm i @clerk/express@1.7.51-snapshot.v20251120173355 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.6.3-snapshot.v20251120173355 --save-exact

@clerk/localizations

npm i @clerk/localizations@3.29.0-snapshot.v20251120173355 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.35.3-snapshot.v20251120173355 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.13.1-snapshot.v20251120173355 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.56.1-snapshot.v20251120173355 --save-exact

@clerk/react-router

npm i @clerk/react-router@2.2.3-snapshot.v20251120173355 --save-exact

@clerk/remix

npm i @clerk/remix@4.13.18-snapshot.v20251120173355 --save-exact

@clerk/shared

npm i @clerk/shared@3.36.0-snapshot.v20251120173355 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.27.3-snapshot.v20251120173355 --save-exact

@clerk/testing

npm i @clerk/testing@1.13.17-snapshot.v20251120173355 --save-exact

@clerk/themes

npm i @clerk/themes@2.4.38-snapshot.v20251120173355 --save-exact

@clerk/types

npm i @clerk/types@4.101.1-snapshot.v20251120173355 --save-exact

@clerk/vue

npm i @clerk/vue@1.16.1-snapshot.v20251120173355 --save-exact

@octoper octoper force-pushed the vaggelis/user-4002-implement-the-aio-components-new-flow-and-session-task branch from 1b51682 to 9ab72aa Compare November 20, 2025 17:39
@octoper octoper marked this pull request as ready for review November 20, 2025 17:49
@octoper
Copy link
Member Author

octoper commented Nov 20, 2025

!snapshot

octoper
octoper commented Nov 20, 2025
View reviewed changes
packages/localizations/src/en-US.ts
subtitle: 'Enter the password associated with your account',
title: 'Enter your password',
},
passwordPwned: {
Copy link
Member Author

@octoper octoper Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment for the reviewers: I will generate the localizations before merging the PR

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Nov 20, 2025

Hey @octoper - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.2.3-snapshot.v20251120175123
@clerk/astro 2.16.1-snapshot.v20251120175123
@clerk/backend 2.23.1-snapshot.v20251120175123
@clerk/chrome-extension 2.8.3-snapshot.v20251120175123
@clerk/clerk-js 5.110.0-snapshot.v20251120175123
@clerk/elements 0.23.84-snapshot.v20251120175123
@clerk/clerk-expo 2.19.3-snapshot.v20251120175123
@clerk/expo-passkeys 0.4.20-snapshot.v20251120175123
@clerk/express 1.7.51-snapshot.v20251120175123
@clerk/fastify 2.6.3-snapshot.v20251120175123
@clerk/localizations 3.29.0-snapshot.v20251120175123
@clerk/nextjs 6.35.3-snapshot.v20251120175123
@clerk/nuxt 1.13.1-snapshot.v20251120175123
@clerk/clerk-react 5.56.1-snapshot.v20251120175123
@clerk/react-router 2.2.3-snapshot.v20251120175123
@clerk/remix 4.13.18-snapshot.v20251120175123
@clerk/shared 3.36.0-snapshot.v20251120175123
@clerk/tanstack-react-start 0.27.3-snapshot.v20251120175123
@clerk/testing 1.13.17-snapshot.v20251120175123
@clerk/themes 2.4.38-snapshot.v20251120175123
@clerk/types 4.101.1-snapshot.v20251120175123
@clerk/vue 1.16.1-snapshot.v20251120175123

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.2.3-snapshot.v20251120175123 --save-exact

@clerk/astro

npm i @clerk/astro@2.16.1-snapshot.v20251120175123 --save-exact

@clerk/backend

npm i @clerk/backend@2.23.1-snapshot.v20251120175123 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.8.3-snapshot.v20251120175123 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.110.0-snapshot.v20251120175123 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.84-snapshot.v20251120175123 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.19.3-snapshot.v20251120175123 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.4.20-snapshot.v20251120175123 --save-exact

@clerk/express

npm i @clerk/express@1.7.51-snapshot.v20251120175123 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.6.3-snapshot.v20251120175123 --save-exact

@clerk/localizations

npm i @clerk/localizations@3.29.0-snapshot.v20251120175123 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.35.3-snapshot.v20251120175123 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.13.1-snapshot.v20251120175123 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.56.1-snapshot.v20251120175123 --save-exact

@clerk/react-router

npm i @clerk/react-router@2.2.3-snapshot.v20251120175123 --save-exact

@clerk/remix

npm i @clerk/remix@4.13.18-snapshot.v20251120175123 --save-exact

@clerk/shared

npm i @clerk/shared@3.36.0-snapshot.v20251120175123 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.27.3-snapshot.v20251120175123 --save-exact

@clerk/testing

npm i @clerk/testing@1.13.17-snapshot.v20251120175123 --save-exact

@clerk/themes

npm i @clerk/themes@2.4.38-snapshot.v20251120175123 --save-exact

@clerk/types

npm i @clerk/types@4.101.1-snapshot.v20251120175123 --save-exact

@clerk/vue

npm i @clerk/vue@1.16.1-snapshot.v20251120175123 --save-exact

coderabbitai[bot]
coderabbitai bot reviewed Nov 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (1)

1-26: withTaskGuard implementation matches existing session task guard semantics

The guard correctly:

  • Checks for absence of clerk.session?.currentTask and redirects either to buildSignInUrl() (no session) or ctx.redirectUrlComplete ?? clerk.buildAfterSignInUrl().
  • Reuses withRedirect and warning cannotRenderComponentWhenTaskDoesNotExist.
  • Preserves component displayName, consistent with the TaskChooseOrganization guard.

One thing to double‑check: ensure TaskResetPasswordProps has been added to AvailableComponentProps, otherwise withTaskGuard(TaskResetPassword) will fail the P extends AvailableComponentProps constraint.

If more task-specific guards are added in the future, consider extracting a shared helper that takes the task context hook as a parameter to avoid near-identical HOCs.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

128-128: Consider using configured password settings for minLength.

The minLength={6} is hardcoded, but passwordSettings is available from the environment context. While the validatePassword flag on the field already uses password settings for validation, aligning the HTML5 minLength attribute with the configured minimum would provide more consistent user feedback.

Consider using:

                    <Form.PasswordInput
                      {...passwordField.props}
                      isRequired
-                      minLength={6}
+                      minLength={passwordSettings.min_length}
                    />
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 77e022f and 9ab72aa.

📒 Files selected for processing (16)
  • .changeset/loose-brooms-occur.md (1 hunks)
  • packages/clerk-js/src/core/sessionTasks.ts (1 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx (2 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/index.tsx (1 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx (1 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (1 hunks)
  • packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx (3 hunks)
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (2 hunks)
  • packages/clerk-js/src/ui/elements/contexts/index.tsx (1 hunks)
  • packages/clerk-js/src/ui/types.ts (3 hunks)
  • packages/localizations/src/en-US.ts (2 hunks)
  • packages/shared/src/types/appearance.ts (1 hunks)
  • packages/shared/src/types/clerk.ts (2 hunks)
  • packages/shared/src/types/localization.ts (2 hunks)
  • packages/shared/src/types/session.ts (2 hunks)
🧰 Additional context used
🧬 Code graph analysis (8)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx (2)
packages/clerk-js/src/test/create-fixtures.tsx (1)
  • bindCreateFixtures (28-35)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)
  • TaskResetPassword (186-188)
packages/clerk-js/src/ui/components/SessionTasks/index.tsx (3)
packages/clerk-js/src/core/sessionTasks.ts (1)
  • INTERNAL_SESSION_TASK_ROUTE_BY_KEY (9-12)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)
  • TaskResetPasswordContext (31-31)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)
  • TaskResetPassword (186-188)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (5)
packages/clerk-js/src/ui/elements/contexts/index.tsx (2)
  • useCardState (42-70)
  • withCardStateProvider (72-81)
packages/clerk-js/src/ui/utils/passwordUtils.ts (1)
  • createPasswordError (33-74)
packages/clerk-js/src/ui/hooks/usePassword.ts (1)
  • useConfirmPassword (77-110)
packages/clerk-js/src/ui/utils/errorHandler.ts (1)
  • handleError (64-86)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (1)
  • withTaskGuard (8-26)
packages/shared/src/types/clerk.ts (1)
packages/shared/src/types/appearance.ts (1)
  • TaskResetPasswordTheme (1044-1044)
packages/clerk-js/src/ui/types.ts (1)
packages/shared/src/types/clerk.ts (1)
  • TaskResetPasswordProps (2222-2228)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)
packages/clerk-js/src/ui/types.ts (1)
  • TaskResetPasswordCtx (155-157)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (4)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/withTaskGuard.ts (1)
  • withTaskGuard (8-26)
packages/clerk-js/src/ui/types.ts (1)
  • AvailableComponentProps (46-63)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)
  • useTaskResetPasswordContext (33-41)
packages/clerk-js/src/ui/common/withRedirect.tsx (1)
  • withRedirect (16-53)
packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx (2)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)
  • TaskResetPasswordContext (31-31)
packages/shared/src/types/clerk.ts (1)
  • TaskResetPasswordProps (2222-2228)
🔇 Additional comments (16)
packages/shared/src/types/appearance.ts (1)

1044-1044: TaskResetPasswordTheme alias is consistent with existing theme types

The new TaskResetPasswordTheme alias mirrors the pattern used for other component themes and keeps the public API consistent. No issues from a typing or compatibility perspective.

.changeset/loose-brooms-occur.md (1)

1-7: Changeset scope and bump levels look appropriate

The changeset correctly scopes the reset-password session task work to @clerk/clerk-js, @clerk/shared, and @clerk/localizations with minor bumps, matching the feature-level change.

packages/clerk-js/src/ui/elements/contexts/index.tsx (1)

83-105: FlowMetadata extended correctly for new task flows

Adding 'taskChooseOrganization' and 'taskResetPassword' to FlowMetadata.flow aligns with the new session task routes and existing usages like <Flow.Root flow='taskChooseOrganization'>. The union remains coherent and backward compatible.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/index.tsx (1)

11-11: Import path adjustment aligns with new task-local guard structure

Switching withTaskGuard to a sibling import ('./withTaskGuard') matches the new pattern where each session task owns its own guard implementation. The wrapping at the export site remains unchanged and correct.

packages/shared/src/types/clerk.ts (1)

2222-2228: LGTM! TaskResetPasswordProps follows established patterns.

The type definition correctly mirrors the structure of TaskChooseOrganizationProps, with appropriate fields for navigation and theming. The JSDoc comment clearly documents the purpose of the redirectUrlComplete field.

packages/clerk-js/src/core/sessionTasks.ts (1)

9-12: LGTM! Route mapping correctly added.

The new 'reset-password' entry follows the existing pattern and integrates properly with the SessionTask['key'] type union. This will enable proper URL building via getTaskEndpoint and buildTaskUrl functions.

packages/clerk-js/src/ui/components/SessionTasks/index.tsx (1)

65-71: LGTM! Route and context setup correctly implemented.

The new reset-password route follows the established pattern from the choose-organization task. The context provider properly passes componentName and redirectUrlComplete to the TaskResetPassword component.

packages/clerk-js/src/ui/types.ts (1)

155-157: LGTM! Context type properly defined.

The TaskResetPasswordCtx type correctly extends TaskResetPasswordProps and adds the required componentName literal, following the established pattern for component contexts.

packages/localizations/src/en-US.ts (1)

866-872: LGTM! Localization strings properly structured.

The taskResetPassword localization keys follow the same pattern as taskChooseOrganization, providing clear user-facing strings for the title and sign-out action. The {{identifier}} placeholder correctly enables dynamic user information display.

packages/shared/src/types/localization.ts (1)

1290-1296: LGTM! Localization types correctly defined.

The taskResetPassword type definition properly mirrors the structure in en-US.ts, with correctly typed LocalizationValue fields. The actionText field appropriately uses LocalizationValue<'identifier'> to enable type-safe interpolation of the user identifier.

packages/shared/src/types/session.ts (2)

338-338: LGTM! SessionTask key union properly extended.

The key field now correctly includes both 'choose-organization' and 'reset-password', enabling type-safe handling of the new task type throughout the session management system.

38-40: Nice documentation improvement.

The JSDoc @default true annotation clarifies the default behavior of treatPendingAsSignedOut, improving the developer experience.

packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx (1)

130-137: LGTM! Context provider case correctly implemented.

The TaskResetPassword case follows the established pattern, properly typing the props and providing the context value with the correct componentName literal. The implementation is consistent with the TaskChooseOrganization case.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx (1)

1-103: LGTM! Comprehensive test coverage.

The test suite provides excellent coverage of the TaskResetPassword component, including:

  • Guard behavior (rendering only when task exists)
  • Multi-task ordering
  • User identifier display (both email and username)
  • Sign-out interaction flow

The tests are well-structured, use appropriate testing utilities, and have clear assertions.

packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)

3-3: LGTM! Consistent context implementation.

The new TaskResetPassword context and hook follow the established pattern used by TaskChooseOrganization. The implementation is consistent with the codebase conventions and includes proper error messaging.

Also applies to: 31-41

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

186-188: LGTM! Proper HOC composition.

The component export correctly composes three higher-order components:

  • withCoreSessionSwitchGuard for session-level guards
  • withTaskGuard for task existence validation
  • withCardStateProvider for form state management

The order and composition are appropriate for this session task component.

@pkg-pr-new
Copy link

pkg-pr-new bot commented Nov 20, 2025
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7268

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7268

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7268

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7268

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7268

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7268

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@7268

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@7268

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7268

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7268

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7268

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7268

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7268

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7268

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@7268

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7268

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@7268

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7268

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7268

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7268

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@7268

@clerk/types

npm i https://pkg.pr.new/@clerk/types@7268

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7268

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7268

commit: f871d5a

coderabbitai[bot]
coderabbitai bot reviewed Nov 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (2)
packages/localizations/src/en-US.ts (1)

863-869: Confirm copy consistency with existing reset-password flows

The new taskResetPassword strings look fine and match the type, but the title here ('Reset password') differs from signIn.resetPassword.title ('Set new password'). If these flows are meant to feel like the same step, consider reusing or aligning the wording for consistency; otherwise, leaving them distinct is also reasonable.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

74-90: Use card state’s async helpers to manage loading and double-submits

resetPassword runs the async reverification/password update without going through card.runAsync or updating card loading state, so the UI can’t reflect an in-flight submission and users may trigger multiple requests by clicking rapidly.

It would be more consistent with other flows to wrap the operation with the card state helper and/or disable the submit button while a request is in progress, e.g. by using card.runAsync and adding card.isLoading into the Form.SubmitButton’s disabled condition.

Also applies to: 107-113, 147-151

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9ab72aa and 29759c4.

📒 Files selected for processing (3)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1 hunks)
  • packages/localizations/src/en-US.ts (1 hunks)
  • packages/shared/src/types/localization.ts (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (5)
packages/clerk-js/src/ui/elements/contexts/index.tsx (2)
  • useCardState (42-70)
  • withCardStateProvider (72-81)
packages/clerk-js/src/ui/utils/passwordUtils.ts (1)
  • createPasswordError (33-74)
packages/clerk-js/src/ui/hooks/usePassword.ts (1)
  • useConfirmPassword (77-110)
packages/clerk-js/src/ui/utils/errorHandler.ts (1)
  • handleError (64-86)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (1)
  • withTaskGuard (8-26)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: semgrep-cloud-platform/scan
  • GitHub Check: semgrep-cloud-platform/scan
🔇 Additional comments (2)
packages/shared/src/types/localization.ts (1)

1287-1293: taskResetPassword localization shape is consistent and correctly typed

The new taskResetPassword block (title + signOut.actionLink/actionText<'identifier'>) aligns with how it’s used in the UI and with the en-US resource; the interpolation parameter choice looks correct.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

92-177: Overall TaskResetPassword wiring, localization, and sign-out behavior look solid

The component correctly derives the identifier for display, uses the new taskResetPassword.* localization keys, integrates reverification-based password updates, and handles multi-session sign-out via useMultipleSessions + sign-out context in a way that matches existing patterns.

@LauraBeatris
Copy link
Member

LauraBeatris commented Nov 20, 2025

Let's also add some integration tests for the main flow + unit tests for the task component itself

@octoper octoper force-pushed the vaggelis/user-4002-implement-the-aio-components-new-flow-and-session-task branch from 29759c4 to 3a52a51 Compare November 24, 2025 09:09
octoper and others added 14 commits November 28, 2025 16:59
@octoper octoper force-pushed the vaggelis/user-4002-implement-the-aio-components-new-flow-and-session-task branch from b4c10ab to f4d8faa Compare November 28, 2025 15:00
coderabbitai[bot]
coderabbitai bot reviewed Nov 28, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (5)
packages/shared/src/types/appearance.ts (1)

1045-1047: Add matching taskResetPassword property to Appearance

You’ve introduced TaskResetPasswordTheme = Theme, but Appearance<T> still doesn’t expose a taskResetPassword?: T; slot alongside taskChooseOrganization?: T;, so consumers can’t scope appearance overrides specifically to <TaskResetPassword />.

     /**
      * Theme overrides that only apply to the `<TaskChooseOrganization />` component
      */
     taskChooseOrganization?: T;
+    /**
+     * Theme overrides that only apply to the `<TaskResetPassword />` component
+     */
+    taskResetPassword?: T;
     /**
      * Theme overrides that only apply to the `<EnableOrganizations/>` component
      */
     enableOrganizations?: T;
packages/localizations/src/pt-PT.ts (1)

862-869: Placeholder values follow established pattern for this community file.

This concern was already raised in a previous review. The undefined values are consistent with how this community-contributed file handles untranslated strings (many other keys like taskChooseOrganization are also undefined). The localization system should fall back to en-US defaults.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (3)

63-75: Submit gating still allows empty-password submissions

canSubmit is tied only to isPasswordMatch, which is typically true when both password fields are still empty. That enables the submit button before the user types anything, relying solely on backend validation.

Tighten canSubmit so it also requires non‑empty values (e.g. check passwordField.value and confirmField.value, or use the appropriate “has value + valid” signal from useFormControl), and keep it in sync with useConfirmPassword behavior.

Also applies to: 160-165

43-49: Password minLength should match environment password policy

The password input still hardcodes minLength={6}, even though passwordSettings is available from useEnvironment. This can diverge from the configured password policy and cause confusing UX when the backend requires a longer password.

Consider wiring the HTML constraint to the configured minimum, with a safe fallback, e.g.:

<Form.ControlRow elementId={passwordField.id}>
  <Form.PasswordInput
    {...passwordField.props}
    isRequired
    minLength={passwordSettings.min_length ?? 6}
  />
</Form.ControlRow>

Also applies to: 138-144

106-107: Hidden identifier should reuse the computed identifier for consistency

The visible identifier (line 106) uses clerk.user?.primaryEmailAddress?.emailAddress ?? clerk.user?.username, while the hidden input for password managers (line 135) repeats that logic inline. This can drift if one side changes and is harder to keep in sync.

Reuse the identifier variable for the hidden field to guarantee they always match:

const identifier = clerk.user?.primaryEmailAddress?.emailAddress ?? clerk.user?.username;

// ...

<input
  readOnly
  data-testid='hidden-identifier'
  id='identifier-field'
  name='identifier'
  value={identifier || ''}
/>

Also applies to: 128-137

🧹 Nitpick comments (9)
packages/localizations/src/ar-SA.ts (1)

13-13: Consider migrating from deprecated @clerk/types alias.

The import uses @clerk/types, but coding guidelines recommend importing from @clerk/shared/types instead. This is a pre-existing pattern across the localization files and could be addressed in a dedicated refactoring effort.

Apply this diff to use the preferred import path:

-import type { LocalizationResource } from '@clerk/types';
+import type { LocalizationResource } from '@clerk/shared/types';
packages/localizations/src/pt-BR.ts (1)

876-883: Consider using "Redefinir" instead of "Resetar" for consistency.

The rest of the file consistently uses "Redefinir" for password reset operations (lines 676, 681, 721, 724). Using "Resetar" here creates terminology inconsistency in the user interface.

Apply this diff for consistency:

  taskResetPassword: {
-    formButtonPrimary: 'Resetar Senha',
+    formButtonPrimary: 'Redefinir Senha',
    signOut: {
      actionLink: 'Sair',
      actionText: 'Conectado como {{identifier}}',
    },
-    title: 'Resetar senha',
+    title: 'Redefinir senha',
  },
packages/localizations/src/es-MX.ts (1)

872-879: Structure follows the established pattern correctly.

The taskResetPassword block is properly structured and consistent with other task blocks in this file (e.g., taskChooseOrganization). Using undefined values is the standard approach for missing translations in community-contributed locales, which will cause the UI to fall back to the default locale.

Optionally, consider adding Spanish (Mexico) translations for better UX:

 taskResetPassword: {
-  formButtonPrimary: undefined,
+  formButtonPrimary: 'Restablecer contraseña',
   signOut: {
-    actionLink: undefined,
-    actionText: undefined,
+    actionLink: 'Cerrar sesión',
+    actionText: '¿No eres tú?',
   },
-  title: undefined,
+  title: 'Restablecer contraseña',
 },
packages/localizations/src/hi-IN.ts (1)

869-876: Consider adding translations for the new taskResetPassword block.

All values in the taskResetPassword block are currently undefined. While this is acceptable for a community-contributed localization file (as noted in the disclaimer), the reset-password task flow will display untranslated keys to Hindi-speaking users until these are populated.

If this locale is actively used, consider adding translations or flagging this for follow-up localization work.

integration/testUtils/usersService.ts (1)

79-79: Consider returning the updated User from passwordUntrusted in the test service

The helper currently hides the User returned by clerkClient.users.__experimental_passwordUntrusted, which is fine for today but makes it harder to assert on the updated user state later. If you expect tests to need that data, you can expose it now to avoid a future breaking change in this utility.

 export type UserService = {
@@
-  passwordUntrusted: (userId: string) => Promise<void>;
+  passwordUntrusted: (userId: string) => Promise<User>;
@@
-    passwordUntrusted: async (userId: string) => {
-      await clerkClient.users.__experimental_passwordUntrusted(userId);
-    },
+    passwordUntrusted: async (userId: string) => {
+      return clerkClient.users.__experimental_passwordUntrusted(userId);
+    },

Also applies to: 214-216

packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)

1-43: Encapsulating task navigation in useSessionTasksContext is clean; consider normalizing path assembly

The new navigateOnSetActive helper correctly branches on session.currentTask and uses getTaskEndpoint plus router state, while keeping the raw context small. The only subtle point is "./" + basePath + startPath + taskEndpoint string math: if any of these segments already include or omit leading slashes inconsistently, you can end up with double slashes or unexpected nesting. If you start seeing routing edge cases, it may be worth centralizing this path-building in a small utility that normalizes segments before concatenation; otherwise the approach here looks good.

integration/tests/session-tasks-sign-in-reset-password.test.ts (1)

31-32: Consider using consistent OTP input approach across tests.

Test 1 uses keyboard.type with delay while Test 2 uses fill() for entering the 2FA code. For consistency and maintainability, consider standardizing on one approach.

-      await u.page.getByRole('textbox', { name: 'code' }).click();
-      await u.page.keyboard.type('424242', { delay: 100 });
+      await u.page.getByRole('textbox', { name: 'code' }).fill('424242');

Also applies to: 76-76

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

19-34: Optional: Add a guard/comment for clerk.isLoaded

The component assumes clerk.user and clerk.session are available, which is true under the current mounting strategy, but not obvious from this file alone.

Consider either:

  • Asserting if (!clerk.isLoaded) { return null; } early, or
  • Adding a brief comment noting that TaskResetPassword only renders after Clerk is loaded (via its HOCs),

so future refactors don’t accidentally use this component in an unloaded state.

packages/clerk-js/src/ui/components/SessionTasks/index.tsx (1)

86-107: Optional: currentTaskContainer ref and minHeight logic appear unused

currentTaskContainer is created but not attached to any JSX element in this file, so currentTaskContainer.current?.offsetHeight will always be undefined, making the minHeight calculation effectively a no-op.

If there’s no external wiring that assigns this ref, consider either:

  • Removing the ref and minHeight branch, or
  • Attaching the ref to the actual task container so the loading state can preserve height as intended.
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b4c10ab and f4d8faa.

📒 Files selected for processing (79)
  • .changeset/loose-brooms-occur.md (1 hunks)
  • .changeset/thick-dancers-battle.md (1 hunks)
  • integration/presets/envs.ts (2 hunks)
  • integration/presets/longRunningApps.ts (3 hunks)
  • integration/testUtils/organizationsService.ts (2 hunks)
  • integration/testUtils/usersService.ts (2 hunks)
  • integration/tests/session-tasks-sign-in-reset-password.test.ts (1 hunks)
  • packages/backend/src/api/endpoints/UserApi.ts (1 hunks)
  • packages/clerk-js/bundlewatch.config.json (1 hunks)
  • packages/clerk-js/src/core/sessionTasks.ts (1 hunks)
  • packages/clerk-js/src/test/fixture-helpers.ts (2 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx (4 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/ChooseOrganizationScreen.tsx (3 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx (3 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/index.tsx (2 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx (1 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/index.ts (1 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts (1 hunks)
  • packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx (3 hunks)
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (2 hunks)
  • packages/clerk-js/src/ui/contexts/components/SignIn.ts (2 hunks)
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts (3 hunks)
  • packages/clerk-js/src/ui/elements/contexts/index.tsx (1 hunks)
  • packages/clerk-js/src/ui/types.ts (3 hunks)
  • packages/localizations/src/ar-SA.ts (1 hunks)
  • packages/localizations/src/be-BY.ts (1 hunks)
  • packages/localizations/src/bg-BG.ts (1 hunks)
  • packages/localizations/src/bn-IN.ts (1 hunks)
  • packages/localizations/src/ca-ES.ts (1 hunks)
  • packages/localizations/src/cs-CZ.ts (1 hunks)
  • packages/localizations/src/da-DK.ts (1 hunks)
  • packages/localizations/src/de-DE.ts (1 hunks)
  • packages/localizations/src/el-GR.ts (1 hunks)
  • packages/localizations/src/en-GB.ts (1 hunks)
  • packages/localizations/src/en-US.ts (1 hunks)
  • packages/localizations/src/es-CR.ts (1 hunks)
  • packages/localizations/src/es-ES.ts (1 hunks)
  • packages/localizations/src/es-MX.ts (1 hunks)
  • packages/localizations/src/es-UY.ts (1 hunks)
  • packages/localizations/src/fa-IR.ts (1 hunks)
  • packages/localizations/src/fi-FI.ts (1 hunks)
  • packages/localizations/src/fr-FR.ts (1 hunks)
  • packages/localizations/src/he-IL.ts (1 hunks)
  • packages/localizations/src/hi-IN.ts (1 hunks)
  • packages/localizations/src/hr-HR.ts (1 hunks)
  • packages/localizations/src/hu-HU.ts (1 hunks)
  • packages/localizations/src/id-ID.ts (1 hunks)
  • packages/localizations/src/is-IS.ts (1 hunks)
  • packages/localizations/src/it-IT.ts (1 hunks)
  • packages/localizations/src/ja-JP.ts (1 hunks)
  • packages/localizations/src/kk-KZ.ts (1 hunks)
  • packages/localizations/src/ko-KR.ts (1 hunks)
  • packages/localizations/src/mn-MN.ts (1 hunks)
  • packages/localizations/src/ms-MY.ts (1 hunks)
  • packages/localizations/src/nb-NO.ts (1 hunks)
  • packages/localizations/src/nl-BE.ts (1 hunks)
  • packages/localizations/src/nl-NL.ts (1 hunks)
  • packages/localizations/src/pl-PL.ts (1 hunks)
  • packages/localizations/src/pt-BR.ts (1 hunks)
  • packages/localizations/src/pt-PT.ts (1 hunks)
  • packages/localizations/src/ro-RO.ts (1 hunks)
  • packages/localizations/src/ru-RU.ts (1 hunks)
  • packages/localizations/src/sk-SK.ts (1 hunks)
  • packages/localizations/src/sr-RS.ts (1 hunks)
  • packages/localizations/src/sv-SE.ts (1 hunks)
  • packages/localizations/src/ta-IN.ts (1 hunks)
  • packages/localizations/src/te-IN.ts (1 hunks)
  • packages/localizations/src/th-TH.ts (1 hunks)
  • packages/localizations/src/tr-TR.ts (1 hunks)
  • packages/localizations/src/uk-UA.ts (1 hunks)
  • packages/localizations/src/vi-VN.ts (1 hunks)
  • packages/localizations/src/zh-CN.ts (1 hunks)
  • packages/localizations/src/zh-TW.ts (1 hunks)
  • packages/shared/src/types/appearance.ts (1 hunks)
  • packages/shared/src/types/clerk.ts (2 hunks)
  • packages/shared/src/types/localization.ts (1 hunks)
  • packages/shared/src/types/session.ts (2 hunks)
  • packages/testing/src/playwright/unstable/page-objects/sessionTask.ts (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (48)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/index.tsx
  • packages/localizations/src/mn-MN.ts
  • packages/localizations/src/zh-TW.ts
  • packages/localizations/src/th-TH.ts
  • packages/localizations/src/ko-KR.ts
  • packages/localizations/src/bn-IN.ts
  • packages/localizations/src/cs-CZ.ts
  • packages/localizations/src/ms-MY.ts
  • packages/shared/src/types/clerk.ts
  • packages/localizations/src/vi-VN.ts
  • packages/localizations/src/sk-SK.ts
  • .changeset/thick-dancers-battle.md
  • packages/localizations/src/es-ES.ts
  • packages/localizations/src/tr-TR.ts
  • packages/clerk-js/src/test/fixture-helpers.ts
  • packages/clerk-js/src/ui/types.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/index.ts
  • packages/localizations/src/kk-KZ.ts
  • packages/clerk-js/src/core/sessionTasks.ts
  • packages/localizations/src/hr-HR.ts
  • packages/localizations/src/fi-FI.ts
  • packages/localizations/src/id-ID.ts
  • packages/localizations/src/fr-FR.ts
  • packages/localizations/src/es-UY.ts
  • packages/localizations/src/sv-SE.ts
  • packages/localizations/src/de-DE.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/tests/TaskResetPassword.test.tsx
  • packages/localizations/src/nb-NO.ts
  • packages/localizations/src/ca-ES.ts
  • packages/clerk-js/src/ui/contexts/components/SignIn.ts
  • packages/localizations/src/te-IN.ts
  • packages/localizations/src/hu-HU.ts
  • packages/localizations/src/ta-IN.ts
  • packages/localizations/src/is-IS.ts
  • packages/localizations/src/be-BY.ts
  • packages/localizations/src/en-GB.ts
  • integration/presets/envs.ts
  • packages/shared/src/types/localization.ts
  • packages/localizations/src/es-CR.ts
  • packages/localizations/src/bg-BG.ts
  • packages/localizations/src/zh-CN.ts
  • packages/clerk-js/bundlewatch.config.json
  • packages/localizations/src/it-IT.ts
  • packages/localizations/src/nl-NL.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/ChooseOrganizationScreen.tsx
  • packages/localizations/src/ro-RO.ts
  • packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx
  • integration/testUtils/organizationsService.ts
🧰 Additional context used
📓 Path-based instructions (14)
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

  • packages/localizations/src/da-DK.ts
  • integration/testUtils/usersService.ts
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
  • packages/shared/src/types/appearance.ts
  • packages/localizations/src/es-MX.ts
  • packages/localizations/src/uk-UA.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/localizations/src/ja-JP.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • integration/presets/longRunningApps.ts
  • packages/localizations/src/el-GR.ts
  • packages/localizations/src/ar-SA.ts
  • packages/localizations/src/pl-PL.ts
  • packages/localizations/src/nl-BE.ts
  • packages/backend/src/api/endpoints/UserApi.ts
  • packages/localizations/src/he-IL.ts
  • packages/shared/src/types/session.ts
  • packages/localizations/src/en-US.ts
  • packages/localizations/src/fa-IR.ts
  • packages/localizations/src/hi-IN.ts
  • packages/localizations/src/pt-BR.ts
  • packages/localizations/src/pt-PT.ts
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts
  • packages/testing/src/playwright/unstable/page-objects/sessionTask.ts
  • packages/localizations/src/ru-RU.ts
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • integration/tests/session-tasks-sign-in-reset-password.test.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
  • packages/localizations/src/sr-RS.ts
**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

  • packages/localizations/src/da-DK.ts
  • integration/testUtils/usersService.ts
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
  • packages/shared/src/types/appearance.ts
  • packages/localizations/src/es-MX.ts
  • packages/localizations/src/uk-UA.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/localizations/src/ja-JP.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • integration/presets/longRunningApps.ts
  • packages/localizations/src/el-GR.ts
  • packages/localizations/src/ar-SA.ts
  • packages/localizations/src/pl-PL.ts
  • packages/localizations/src/nl-BE.ts
  • packages/backend/src/api/endpoints/UserApi.ts
  • packages/localizations/src/he-IL.ts
  • packages/shared/src/types/session.ts
  • packages/localizations/src/en-US.ts
  • packages/localizations/src/fa-IR.ts
  • packages/localizations/src/hi-IN.ts
  • packages/localizations/src/pt-BR.ts
  • packages/localizations/src/pt-PT.ts
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts
  • packages/testing/src/playwright/unstable/page-objects/sessionTask.ts
  • packages/localizations/src/ru-RU.ts
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • integration/tests/session-tasks-sign-in-reset-password.test.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
  • packages/localizations/src/sr-RS.ts
packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

  • packages/localizations/src/da-DK.ts
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
  • packages/shared/src/types/appearance.ts
  • packages/localizations/src/es-MX.ts
  • packages/localizations/src/uk-UA.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/localizations/src/ja-JP.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • packages/localizations/src/el-GR.ts
  • packages/localizations/src/ar-SA.ts
  • packages/localizations/src/pl-PL.ts
  • packages/localizations/src/nl-BE.ts
  • packages/backend/src/api/endpoints/UserApi.ts
  • packages/localizations/src/he-IL.ts
  • packages/shared/src/types/session.ts
  • packages/localizations/src/en-US.ts
  • packages/localizations/src/fa-IR.ts
  • packages/localizations/src/hi-IN.ts
  • packages/localizations/src/pt-BR.ts
  • packages/localizations/src/pt-PT.ts
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts
  • packages/testing/src/playwright/unstable/page-objects/sessionTask.ts
  • packages/localizations/src/ru-RU.ts
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
  • packages/localizations/src/sr-RS.ts
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias

Files:

  • packages/localizations/src/da-DK.ts
  • integration/testUtils/usersService.ts
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
  • packages/shared/src/types/appearance.ts
  • packages/localizations/src/es-MX.ts
  • packages/localizations/src/uk-UA.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/localizations/src/ja-JP.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • integration/presets/longRunningApps.ts
  • packages/localizations/src/el-GR.ts
  • packages/localizations/src/ar-SA.ts
  • packages/localizations/src/pl-PL.ts
  • packages/localizations/src/nl-BE.ts
  • packages/backend/src/api/endpoints/UserApi.ts
  • packages/localizations/src/he-IL.ts
  • packages/shared/src/types/session.ts
  • packages/localizations/src/en-US.ts
  • packages/localizations/src/fa-IR.ts
  • packages/localizations/src/hi-IN.ts
  • packages/localizations/src/pt-BR.ts
  • packages/localizations/src/pt-PT.ts
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts
  • packages/testing/src/playwright/unstable/page-objects/sessionTask.ts
  • packages/localizations/src/ru-RU.ts
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • integration/tests/session-tasks-sign-in-reset-password.test.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
  • packages/localizations/src/sr-RS.ts
packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

  • packages/localizations/src/da-DK.ts
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
  • packages/shared/src/types/appearance.ts
  • packages/localizations/src/es-MX.ts
  • packages/localizations/src/uk-UA.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/localizations/src/ja-JP.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • packages/localizations/src/el-GR.ts
  • packages/localizations/src/ar-SA.ts
  • packages/localizations/src/pl-PL.ts
  • packages/localizations/src/nl-BE.ts
  • packages/backend/src/api/endpoints/UserApi.ts
  • packages/localizations/src/he-IL.ts
  • packages/shared/src/types/session.ts
  • packages/localizations/src/en-US.ts
  • packages/localizations/src/fa-IR.ts
  • packages/localizations/src/hi-IN.ts
  • packages/localizations/src/pt-BR.ts
  • packages/localizations/src/pt-PT.ts
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts
  • packages/testing/src/playwright/unstable/page-objects/sessionTask.ts
  • packages/localizations/src/ru-RU.ts
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
  • packages/localizations/src/sr-RS.ts
**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

  • packages/localizations/src/da-DK.ts
  • integration/testUtils/usersService.ts
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
  • packages/shared/src/types/appearance.ts
  • packages/localizations/src/es-MX.ts
  • packages/localizations/src/uk-UA.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/localizations/src/ja-JP.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • integration/presets/longRunningApps.ts
  • packages/localizations/src/el-GR.ts
  • packages/localizations/src/ar-SA.ts
  • packages/localizations/src/pl-PL.ts
  • packages/localizations/src/nl-BE.ts
  • packages/backend/src/api/endpoints/UserApi.ts
  • packages/localizations/src/he-IL.ts
  • packages/shared/src/types/session.ts
  • packages/localizations/src/en-US.ts
  • packages/localizations/src/fa-IR.ts
  • packages/localizations/src/hi-IN.ts
  • packages/localizations/src/pt-BR.ts
  • packages/localizations/src/pt-PT.ts
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts
  • packages/testing/src/playwright/unstable/page-objects/sessionTask.ts
  • packages/localizations/src/ru-RU.ts
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • integration/tests/session-tasks-sign-in-reset-password.test.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
  • packages/localizations/src/sr-RS.ts
packages/localizations/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

packages/localizations/**: Localization support must include translations for 30+ languages using a modular localization system
Support RTL languages in the localization system

Files:

  • packages/localizations/src/da-DK.ts
  • packages/localizations/src/es-MX.ts
  • packages/localizations/src/uk-UA.ts
  • packages/localizations/src/ja-JP.ts
  • packages/localizations/src/el-GR.ts
  • packages/localizations/src/ar-SA.ts
  • packages/localizations/src/pl-PL.ts
  • packages/localizations/src/nl-BE.ts
  • packages/localizations/src/he-IL.ts
  • packages/localizations/src/en-US.ts
  • packages/localizations/src/fa-IR.ts
  • packages/localizations/src/hi-IN.ts
  • packages/localizations/src/pt-BR.ts
  • packages/localizations/src/pt-PT.ts
  • packages/localizations/src/ru-RU.ts
  • packages/localizations/src/sr-RS.ts
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

  • packages/localizations/src/da-DK.ts
  • integration/testUtils/usersService.ts
  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
  • packages/shared/src/types/appearance.ts
  • packages/localizations/src/es-MX.ts
  • packages/localizations/src/uk-UA.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/localizations/src/ja-JP.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • integration/presets/longRunningApps.ts
  • packages/localizations/src/el-GR.ts
  • packages/localizations/src/ar-SA.ts
  • packages/localizations/src/pl-PL.ts
  • packages/localizations/src/nl-BE.ts
  • packages/backend/src/api/endpoints/UserApi.ts
  • packages/localizations/src/he-IL.ts
  • packages/shared/src/types/session.ts
  • packages/localizations/src/en-US.ts
  • packages/localizations/src/fa-IR.ts
  • packages/localizations/src/hi-IN.ts
  • packages/localizations/src/pt-BR.ts
  • packages/localizations/src/pt-PT.ts
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts
  • packages/testing/src/playwright/unstable/page-objects/sessionTask.ts
  • packages/localizations/src/ru-RU.ts
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • integration/tests/session-tasks-sign-in-reset-password.test.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
  • packages/localizations/src/sr-RS.ts
packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should be written in camelCase
Use useCardState for card-level state management
Use useFormState for form-level state management
Use useLoadingStatus for managing loading states
Use useFormControl hook for form field state management with validation and localization support
All rendered values must be localized using useLocalizations hook - hard coded values are not allowed
Use localizationKeys for translating UI text with support for parameters and error messages
Use handleError utility for API error handling and provide field states for proper error mapping
Use the styled system sx prop with theme tokens for custom styling instead of inline styles
Use the Card component pattern with Card.Root, Card.Header, Card.Title, Card.Content, and Card.Footer for consistent card layouts
Use FormContainer with headerTitle and headerSubtitle localization keys combined with Form.Root and FormButtons for consistent form layouts
When form submission occurs, manage loading and error states by calling status.setLoading(), card.setLoading(), and card.setError() appropriately

Files:

  • packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • packages/clerk-js/src/ui/contexts/components/SignUp.ts
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.tsx: Use error boundaries in React components
Minimize re-renders in React components

**/*.tsx: Use proper type definitions for props and state in React components
Leverage TypeScript's type inference where possible in React components
Use proper event types for handlers in React components
Implement proper generic types for reusable React components
Use proper type guards for conditional rendering in React components

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components (e.g., UserProfile, NavigationMenu)
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Separate UI components from business logic components
Use useState for simple state management in React components
Use useReducer for complex state logic in React components
Implement proper state initialization in React components
Use proper state updates with callbacks in React components
Implement proper state cleanup in React components
Use Context API for theme/authentication state management
Implement proper state persistence in React applications
Use React.memo for expensive components
Implement proper useCallback for handlers in React components
Use proper useMemo for expensive computations in React components
Implement proper virtualization for lists in React components
Use proper code splitting with React.lazy in React applications
Implement proper cleanup in useEffect hooks
Use proper refs for DOM access in React components
Implement proper event listener cleanup in React components
Use proper abort controllers for fetch in React components
Implement proper subscription cleanup in React components
Use proper HTML elements for semantic HTML in React components
Implement proper ARIA attributes for accessibility in React components
Use proper heading hierarchy in React components
Implement proper form labels in React components
Use proper button types in React components
Implement proper focus management for keyboard navigation in React components
Use proper keyboard shortcuts in React components
Implement proper tab order in React components
Use proper ...

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx
  • packages/clerk-js/src/ui/elements/contexts/index.tsx
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{test,spec}.{ts,tsx,js,jsx}: Unit tests are required for all new functionality
Verify proper error handling and edge cases
Include tests for all new features

Files:

  • integration/tests/session-tasks-sign-in-reset-password.test.ts
**/*.{test,spec,e2e}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use real Clerk instances for integration tests

Files:

  • integration/tests/session-tasks-sign-in-reset-password.test.ts
🧬 Code graph analysis (9)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (3)
packages/clerk-js/src/ui/types.ts (2)
  • SessionTasksCtx (144-146)
  • TaskResetPasswordCtx (152-154)
packages/clerk-js/src/core/resources/Session.ts (1)
  • currentTask (423-426)
packages/clerk-js/src/core/sessionTasks.ts (1)
  • getTaskEndpoint (17-17)
packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts (4)
packages/clerk-js/src/ui/types.ts (1)
  • AvailableComponentProps (45-62)
packages/shared/src/types/session.ts (1)
  • SessionTask (334-339)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)
  • useSessionTasksContext (15-43)
packages/clerk-js/src/ui/common/withRedirect.tsx (1)
  • withRedirect (16-53)
packages/clerk-js/src/ui/components/SessionTasks/index.tsx (3)
packages/clerk-js/src/core/sessionTasks.ts (1)
  • INTERNAL_SESSION_TASK_ROUTE_BY_KEY (9-12)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (2)
  • TaskResetPasswordContext (59-59)
  • SessionTasksContext (9-9)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)
  • TaskResetPassword (201-203)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (10)
packages/clerk-js/src/ui/elements/contexts/index.tsx (2)
  • useCardState (42-70)
  • withCardStateProvider (72-81)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (2)
  • useTaskResetPasswordContext (61-69)
  • useSessionTasksContext (15-43)
packages/clerk-js/src/ui/hooks/useMultipleSessions.ts (1)
  • useMultipleSessions (18-18)
packages/clerk-js/src/ui/utils/passwordUtils.ts (1)
  • createPasswordError (33-74)
packages/clerk-js/src/ui/utils/errorHandler.ts (1)
  • handleError (64-86)
packages/clerk-js/src/core/resources/SignIn.ts (1)
  • identifier (644-646)
packages/clerk-js/src/ui/customizables/Flow.tsx (1)
  • Flow (41-44)
packages/clerk-js/src/ui/elements/Header.tsx (1)
  • Header (103-108)
packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts (1)
  • withTaskGuard (17-38)
packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/index.ts (1)
  • withTaskGuard (1-1)
integration/presets/longRunningApps.ts (3)
integration/presets/next.ts (1)
  • next (48-54)
integration/presets/envs.ts (1)
  • envs (192-220)
integration/presets/tanstack.ts (1)
  • tanstack (15-17)
packages/backend/src/api/endpoints/UserApi.ts (1)
packages/backend/src/api/resources/User.ts (1)
  • User (11-221)
packages/clerk-js/src/ui/contexts/components/SignUp.ts (3)
packages/clerk-js/src/ui/router/RouteContext.tsx (1)
  • useRouter (33-39)
packages/clerk-js/src/core/sessionTasks.ts (1)
  • getTaskEndpoint (17-17)
packages/clerk-js/src/core/resources/Session.ts (1)
  • currentTask (423-426)
integration/tests/session-tasks-sign-in-reset-password.test.ts (2)
integration/testUtils/index.ts (2)
  • testAgainstRunningApps (88-88)
  • createTestUtils (24-86)
integration/presets/index.ts (1)
  • appConfigs (15-32)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx (1)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)
  • useSessionTasksContext (15-43)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Build Packages
  • GitHub Check: Formatting | Dedupe | Changeset
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: semgrep-cloud-platform/scan

packages/localizations/src/he-IL.ts
Comment on lines +855 to +862
taskResetPassword: {
formButtonPrimary: undefined,
signOut: {
actionLink: undefined,
actionText: undefined,
},
title: undefined,
},
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add Hebrew translations before feature release.

The taskResetPassword block structure is correct, but all translation strings are undefined. While this is acceptable for initial scaffolding and consistent with other undefined entries in this community-contributed locale file, proper Hebrew translations should be provided before the reset-password task feature is fully released to users.

Consider populating these fields with appropriate Hebrew translations:

  • formButtonPrimary: Button text for the primary action (e.g., "Reset Password")
  • signOut.actionLink: Link text for signing out
  • signOut.actionText: Descriptive text for the sign-out action
  • title: Title for the reset password task screen

Since Hebrew is an RTL language, ensure translations are culturally appropriate and properly formatted for right-to-left display.

🤖 Prompt for AI Agents 
In packages/localizations/src/he-IL.ts around lines 855 to 862, the
taskResetPassword block contains undefined values for formButtonPrimary,
signOut.actionLink, signOut.actionText, and title; replace each undefined with
appropriate Hebrew translations (e.g., formButtonPrimary: "אפס סיסמה" or
similar, signOut.actionLink: "התנתק", signOut.actionText: a short descriptive
phrase like "חזור למסך הכניסה" or equivalent, and title: a succinct screen title
such as "איפוס סיסמא"), ensuring the translations are concise, culturally
appropriate for Hebrew and suitable for RTL rendering, and follow the same
string formatting and escaping conventions used elsewhere in the file.

@octoper
Copy link
Member Author

octoper commented Nov 28, 2025

!snapshot

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Nov 28, 2025

Hey @octoper - the snapshot version command generated the following package versions:

Package Version
@clerk/agent-toolkit 0.2.6-snapshot.v20251128150741
@clerk/astro 2.16.4-snapshot.v20251128150741
@clerk/backend 2.25.0-snapshot.v20251128150741
@clerk/chrome-extension 2.8.7-snapshot.v20251128150741
@clerk/clerk-js 5.112.0-snapshot.v20251128150741
@clerk/elements 0.23.87-snapshot.v20251128150741
@clerk/clerk-expo 2.19.7-snapshot.v20251128150741
@clerk/expo-passkeys 0.4.23-snapshot.v20251128150741
@clerk/express 1.7.54-snapshot.v20251128150741
@clerk/fastify 2.6.6-snapshot.v20251128150741
@clerk/localizations 3.29.0-snapshot.v20251128150741
@clerk/nextjs 6.35.6-snapshot.v20251128150741
@clerk/nuxt 1.13.4-snapshot.v20251128150741
@clerk/clerk-react 5.57.1-snapshot.v20251128150741
@clerk/react-router 2.3.1-snapshot.v20251128150741
@clerk/remix 4.13.21-snapshot.v20251128150741
@clerk/shared 3.37.0-snapshot.v20251128150741
@clerk/tanstack-react-start 0.27.6-snapshot.v20251128150741
@clerk/testing 1.13.20-snapshot.v20251128150741
@clerk/themes 2.4.41-snapshot.v20251128150741
@clerk/types 4.101.4-snapshot.v20251128150741
@clerk/vue 1.17.1-snapshot.v20251128150741

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.2.6-snapshot.v20251128150741 --save-exact

@clerk/astro

npm i @clerk/astro@2.16.4-snapshot.v20251128150741 --save-exact

@clerk/backend

npm i @clerk/backend@2.25.0-snapshot.v20251128150741 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@2.8.7-snapshot.v20251128150741 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.112.0-snapshot.v20251128150741 --save-exact

@clerk/elements

npm i @clerk/elements@0.23.87-snapshot.v20251128150741 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@2.19.7-snapshot.v20251128150741 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@0.4.23-snapshot.v20251128150741 --save-exact

@clerk/express

npm i @clerk/express@1.7.54-snapshot.v20251128150741 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.6.6-snapshot.v20251128150741 --save-exact

@clerk/localizations

npm i @clerk/localizations@3.29.0-snapshot.v20251128150741 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@6.35.6-snapshot.v20251128150741 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@1.13.4-snapshot.v20251128150741 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.57.1-snapshot.v20251128150741 --save-exact

@clerk/react-router

npm i @clerk/react-router@2.3.1-snapshot.v20251128150741 --save-exact

@clerk/remix

npm i @clerk/remix@4.13.21-snapshot.v20251128150741 --save-exact

@clerk/shared

npm i @clerk/shared@3.37.0-snapshot.v20251128150741 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@0.27.6-snapshot.v20251128150741 --save-exact

@clerk/testing

npm i @clerk/testing@1.13.20-snapshot.v20251128150741 --save-exact

@clerk/themes

npm i @clerk/themes@2.4.41-snapshot.v20251128150741 --save-exact

@clerk/types

npm i @clerk/types@4.101.4-snapshot.v20251128150741 --save-exact

@clerk/vue

npm i @clerk/vue@1.17.1-snapshot.v20251128150741 --save-exact

@octoper octoper requested a review from LauraBeatris November 28, 2025 15:32
coderabbitai[bot]
coderabbitai bot reviewed Nov 28, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
packages/clerk-js/src/ui/components/SessionTasks/index.tsx (1)

96-104: Avoid shipping console.log in the redirect effect and double-check __internal_setActiveInProgress behavior.

This effect now redirects when there is no task, when the session is active, or when clerk.__internal_setActiveInProgress is true, and logs every time it does so. The console.log will surface in consuming apps in production; it should be removed or gated behind an internal/dev-only logger. Also, please confirm that forcing a navigate(redirectUrlComplete) while setActive is in progress cannot conflict with any redirect performed by setActive itself (e.g., causing redundant navigations), and that this is the intended place to handle that transition.

🧹 Nitpick comments (2)
packages/clerk-js/src/ui/components/SessionTasks/index.tsx (1)

90-115: currentTaskContainer ref is never attached, so minHeight is effectively a no-op.

currentTaskContainer is created with useRef and only read in the fallback <Card.Root> sx prop, but it's not passed as a ref to any element in this component. That means currentTaskContainer.current remains null and offsetHeight is always undefined, so the minHeight logic does nothing. If the goal is to preserve the previous task card height while showing the loading state, consider attaching this ref to the element that wraps the task content; otherwise, you can safely drop the ref and minHeight computation.

packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts (1)

24-33: Clarify guard behavior for mismatched task keys during __internal_setActiveInProgress.

The predicate redirects when there is no current task, or when the task key mismatches and !clerk.__internal_setActiveInProgress. This means that while setActive is in progress, a mismatched taskKey will not cause a redirect, relying instead on outer logic (e.g., SessionTasks) to handle navigation. Since the JSDoc says “Triggers a redirect if current task is not the given task key,” consider either:

  • updating the JSDoc to mention this exception, or
  • moving the __internal_setActiveInProgress check outside the mismatch clause if you really want to redirect on any mismatch regardless of activation state.

Behavior is likely fine as-is, but making this explicit would avoid confusion for future readers.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f4d8faa and 92f503b.

📒 Files selected for processing (2)
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx (5 hunks)
  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (11)
packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should be written in camelCase
Use useCardState for card-level state management
Use useFormState for form-level state management
Use useLoadingStatus for managing loading states
Use useFormControl hook for form field state management with validation and localization support
All rendered values must be localized using useLocalizations hook - hard coded values are not allowed
Use localizationKeys for translating UI text with support for parameters and error messages
Use handleError utility for API error handling and provide field states for proper error mapping
Use the styled system sx prop with theme tokens for custom styling instead of inline styles
Use the Card component pattern with Card.Root, Card.Header, Card.Title, Card.Content, and Card.Footer for consistent card layouts
Use FormContainer with headerTitle and headerSubtitle localization keys combined with Form.Root and FormButtons for consistent form layouts
When form submission occurs, manage loading and error states by calling status.setLoading(), card.setLoading(), and card.setError() appropriately

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts
  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.tsx: Use error boundaries in React components
Minimize re-renders in React components

**/*.tsx: Use proper type definitions for props and state in React components
Leverage TypeScript's type inference where possible in React components
Use proper event types for handlers in React components
Implement proper generic types for reusable React components
Use proper type guards for conditional rendering in React components

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components (e.g., UserProfile, NavigationMenu)
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Separate UI components from business logic components
Use useState for simple state management in React components
Use useReducer for complex state logic in React components
Implement proper state initialization in React components
Use proper state updates with callbacks in React components
Implement proper state cleanup in React components
Use Context API for theme/authentication state management
Implement proper state persistence in React applications
Use React.memo for expensive components
Implement proper useCallback for handlers in React components
Use proper useMemo for expensive computations in React components
Implement proper virtualization for lists in React components
Use proper code splitting with React.lazy in React applications
Implement proper cleanup in useEffect hooks
Use proper refs for DOM access in React components
Implement proper event listener cleanup in React components
Use proper abort controllers for fetch in React components
Implement proper subscription cleanup in React components
Use proper HTML elements for semantic HTML in React components
Implement proper ARIA attributes for accessibility in React components
Use proper heading hierarchy in React components
Implement proper form labels in React components
Use proper button types in React components
Implement proper focus management for keyboard navigation in React components
Use proper keyboard shortcuts in React components
Implement proper tab order in React components
Use proper ...

Files:

  • packages/clerk-js/src/ui/components/SessionTasks/index.tsx
🧬 Code graph analysis (1)
packages/clerk-js/src/ui/components/SessionTasks/index.tsx (3)
packages/clerk-js/src/core/sessionTasks.ts (1)
  • INTERNAL_SESSION_TASK_ROUTE_BY_KEY (9-12)
packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (2)
  • TaskResetPasswordContext (59-59)
  • SessionTasksContext (9-9)
packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)
  • TaskResetPassword (201-203)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Formatting | Dedupe | Changeset
  • GitHub Check: semgrep-cloud-platform/scan
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (3)
packages/clerk-js/src/ui/components/SessionTasks/index.tsx (2)

14-19: Reset-password task routing/context wiring matches existing pattern.

The added TaskResetPasswordContext import, TaskResetPassword component import, and the new <Route> block mirror the existing choose-organization wiring and correctly use INTERNAL_SESSION_TASK_ROUTE_BY_KEY['reset-password'] plus { componentName, redirectUrlComplete }. This is consistent with the new TaskResetPassword HOC setup.

Also applies to: 64-70

124-127: SessionTasksContext value narrowed to redirectUrlComplete aligns with new guard usage.

Providing only { redirectUrlComplete } here matches the updated withTaskGuard implementation that reads ctx.redirectUrlComplete for its redirect target. Assuming SessionTasksCtx was updated accordingly, this simplification looks correct and keeps the context surface minimal.

packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuard.ts (1)

1-8: withTaskGuard typing, imports, and JSDoc look solid.

Using SessionTask['key'] from @clerk/shared/types, pulling redirectUrlComplete via useSessionTasksContext, and annotating the HOC with an explicit (props: P) => null | JSX.Element return type all align with the guidelines for shared types and explicit public API typing. The added JSDoc clarifies behavior and marks the utility as @internal, which is appropriate here.

Also applies to: 9-20

@octoper octoper merged commit d4aef71 into main Nov 28, 2025
103 of 112 checks passed
@octoper octoper deleted the vaggelis/user-4002-implement-the-aio-components-new-flow-and-session-task branch November 28, 2025 18:57
@clerk-cookie clerk-cookie mentioned this pull request Nov 28, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@LauraBeatris LauraBeatris LauraBeatris approved these changes

@chanioxaris chanioxaris Awaiting requested review from chanioxaris

@panteliselef panteliselef Awaiting requested review from panteliselef

@nikosdouvlis nikosdouvlis Awaiting requested review from nikosdouvlis

@anagstef anagstef Awaiting requested review from anagstef

Assignees

@octoper octoper

Labels

backend clerk-js do not merge integration localizations testing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@octoper @clerk-cookie @LauraBeatris