Skip to content

Comments

feat(upgrade): Sign-in Client Trust status handling#7446

Merged
tmilewski merged 6 commits intomainfrom
tom/user-4211-needs-client-status-upgrade
Feb 20, 2026
Merged

feat(upgrade): Sign-in Client Trust status handling#7446
tmilewski merged 6 commits intomainfrom
tom/user-4211-needs-client-status-upgrade

Conversation

@tmilewski
Copy link
Member

@tmilewski tmilewski commented Dec 12, 2025
edited by coderabbitai bot
Loading

Description

  • Adds handling for new Sign-in Client Trust status: needs_client_trust
  • Adds ability to exclude the matcher frontmatter to indicate that the change should always be displayed.
  • Documentation will update appropriately with: feat: Add needs_client_trust status clerk-docs#3096

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

Summary by CodeRabbit

  • New Features

    • Scanner now always reports changes that lack matcher criteria and skips scanning when no matchers are present.

  • Documentation

    • Added guidance and examples for the new Sign-in Client Trust Status, including prerequisites and handling patterns.

  • Tests

    • Expanded integration tests to cover changes both with and without matchers.

  • Chores

    • Added a changeset entry to support versioning and publishing metadata.

@tmilewski tmilewski self-assigned this Dec 12, 2025
@changeset-bot
Copy link

changeset-bot bot commented Dec 12, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 456bc24

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@clerk/upgrade Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link

vercel bot commented Dec 12, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Feb 20, 2026 9:26pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 12, 2025
edited
Loading

No actionable comments were generated in the recent review. 🎉

📝 Walkthrough

Walkthrough

Adds a changeset entry and documentation for a new Sign-in status needs_client_trust. Refactors runScans() to separate changes with and without matchers; changes without matchers are pre-populated into results with empty instances. Scanning now iterates only over matcher-bearing changes, accumulates matches per matcher title with de-duplication, and returns early if no matcher-bearing changes exist. Updates loadMatchers selection logic. Expands integration tests to cover changes with and without matchers. No public API signatures were changed.

Changes

Cohort / File(s) Summary
Versioning
.changeset/small-dots-scream.md		 Adds a changeset entry for a patch release of the upgrade package describing the new Sign-in Client Trust Status.
Documentation
packages/upgrade/src/versions/core-3/changes/needs-client-trust-sign-in-status-added.md		 Adds documentation for a new needs_client_trust sign-in status, with prerequisites, example handling, and support contact guidance.
Core Runner Logic
packages/upgrade/src/runner.js		 Refactors runScans() to separate changes with and without matchers; changes without matchers are included in results with empty instances. Scanning iterates only over matcher-bearing changes, accumulates matches per matcher title with de-duplication, and returns early if no matcher-bearing changes exist. loadMatchers logic is adjusted to include changes whose packages match the SDK.
Tests
packages/upgrade/src/__tests__/integration/runner.test.js		 Filters an existing test to focus on matcher-bearing changes and adds tests asserting that changes without matchers are always included and that matcher and non-matcher changes can coexist in results.

Estimated code review effort

Medium — ~25 minutes

Areas requiring focused review:

  • Separation of changes into matcher-bearing vs non-matcher groups and the early-return path
  • Per-matcher accumulation and de-duplication of instances
  • loadMatchers change that broadens which changes are considered for scanning
🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'feat(upgrade): Sign-in Client Trust status handling' directly aligns with the primary changes in the PR, which adds handling for a new Sign-in Client Trust status and introduces a force-display capability for upgrade documentation.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@tmilewski tmilewski requested a review from brkalow December 12, 2025 22:24
@tmilewski tmilewski marked this pull request as ready for review December 12, 2025 22:24
@tmilewski
Copy link
Member Author

tmilewski commented Dec 12, 2025

@brkalow Added the "force display" option we were discussing earlier.

coderabbitai[bot]
coderabbitai bot reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (3)
packages/upgrade/src/versions/core-3/changes/needs-client-trust-sign-in-status-added.md (2)

8-8: TODO reminder: Documentation link placeholder.

The documentation link is pending. Per the PR description, this will be updated when documentation is ready.

Would you like me to open an issue to track this TODO, or is this already being handled as part of the PR workflow?

15-15: Minor: Improve phrasing for clarity.

The phrasing "If ... aren't enabled" in the prerequisite list could be clearer. Consider rewording to "If Email or SMS sign-in verification is not enabled."

Apply this diff:

-- If [Email](https://dashboard.clerk.com/~/user-authentication/user-and-authentication) or [SMS](https://dashboard.clerk.com/~/user-authentication/user-and-authentication?user_auth_tab=phone) sign-in verification aren't enabled.
+- If [Email](https://dashboard.clerk.com/~/user-authentication/user-and-authentication) or [SMS](https://dashboard.clerk.com/~/user-authentication/user-and-authentication?user_auth_tab=phone) sign-in verification is not enabled.
packages/upgrade/src/runner.js (1)

137-146: Consider renaming loadMatchers to reflect its broader purpose.

The function loadMatchers now returns all changes (both with and without matchers) that match the SDK, not just those with matchers. Consider renaming to loadChanges or loadApplicableChanges for better clarity.

Apply this diff:

-function loadMatchers(config, sdk) {
+function loadChanges(config, sdk) {
   if (!config.changes) {
     return [];
   }

   return config.changes.filter(change => {
     const packages = change.packages || ['*'];
     return packages.includes('*') || packages.includes(sdk);
   });
 }

And update the call site:

 export async function runScans(config, sdk, options) {
-  const changes = loadMatchers(config, sdk);
+  const changes = loadChanges(config, sdk);
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8c8873d and 3a4a7e4.

📒 Files selected for processing (4)
  • .changeset/small-dots-scream.md (1 hunks)
  • packages/upgrade/src/__tests__/integration/runner.test.js (2 hunks)
  • packages/upgrade/src/runner.js (2 hunks)
  • packages/upgrade/src/versions/core-3/changes/needs-client-trust-sign-in-status-added.md (1 hunks)
🧰 Additional context used
📓 Path-based instructions (9)
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

  • packages/upgrade/src/__tests__/integration/runner.test.js
  • packages/upgrade/src/runner.js
**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

  • packages/upgrade/src/__tests__/integration/runner.test.js
  • packages/upgrade/src/runner.js
  • packages/upgrade/src/versions/core-3/changes/needs-client-trust-sign-in-status-added.md
**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Files:

  • packages/upgrade/src/__tests__/integration/runner.test.js
  • packages/upgrade/src/runner.js
packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

  • packages/upgrade/src/__tests__/integration/runner.test.js
  • packages/upgrade/src/runner.js
**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{test,spec}.{ts,tsx,js,jsx}: Unit tests are required for all new functionality
Verify proper error handling and edge cases
Include tests for all new features

Files:

  • packages/upgrade/src/__tests__/integration/runner.test.js
**/*.{test,spec,e2e}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use real Clerk instances for integration tests

Files:

  • packages/upgrade/src/__tests__/integration/runner.test.js
**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use ESLint with custom configurations tailored for different package types

Files:

  • packages/upgrade/src/__tests__/integration/runner.test.js
  • packages/upgrade/src/runner.js
**/*.{js,ts,jsx,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use Prettier for code formatting across all packages

Files:

  • packages/upgrade/src/__tests__/integration/runner.test.js
  • packages/upgrade/src/runner.js
  • packages/upgrade/src/versions/core-3/changes/needs-client-trust-sign-in-status-added.md
**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

  • packages/upgrade/src/versions/core-3/changes/needs-client-trust-sign-in-status-added.md
🧬 Code graph analysis (1)
packages/upgrade/src/runner.js (1)
packages/upgrade/src/config.js (3)
  • config (29-29)
  • config (53-53)
  • matcher (164-168)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: semgrep-cloud-platform/scan
🔇 Additional comments (7)
.changeset/small-dots-scream.md (1)

1-5: LGTM!

The changeset is correctly formatted with an appropriate patch version bump for adding the new Sign-in Client Trust Status entry.

packages/upgrade/src/versions/core-3/changes/needs-client-trust-sign-in-status-added.md (1)

19-27: LGTM!

The code example effectively demonstrates how to handle the new needs_client_trust status alongside the existing complete status. The diff format makes the required changes clear.

packages/upgrade/src/runner.js (2)

62-82: LGTM! Clear separation of concerns.

The refactoring correctly splits changes into those with and without matchers, ensuring changes without matchers are always included in results with empty instances. The early return optimization when there are no changes with matchers is a good performance improvement.

99-126: LGTM! Scanning logic correctly handles matcher-based changes.

The scanning loop now correctly iterates only over changesWithMatchers, accumulating matches into the results object that was pre-populated with changes without matchers. The duplicate detection logic ensures clean results.

packages/upgrade/src/__tests__/integration/runner.test.js (3)

59-60: LGTM! Important fix for the ignore patterns test.

Filtering to only changes with matchers ensures this test validates the ignore functionality correctly without being affected by changes without matchers that would always appear in results.

72-97: LGTM! Comprehensive test for changes without matchers.

The test correctly validates that changes without matchers are always included in results with an empty instances array, which is the core new behavior introduced in this PR.

99-135: Good test coverage for mixed scenarios.

The test validates that both changes with and without matchers appear in results. The assertions correctly verify the presence of the change without a matcher and its empty instances array.

One minor observation: Line 131 uses toBeGreaterThanOrEqual(1) which is somewhat weak. However, given the dynamic nature of the matcher-based change (it may or may not find matches in the fixture), this assertion level is acceptable.

@tmilewski tmilewski force-pushed the tom/user-4211-needs-client-status-upgrade branch from 3a4a7e4 to 363c26c Compare February 17, 2026 19:46
@tmilewski tmilewski requested a review from dstaley February 17, 2026 19:46
@pkg-pr-new
Copy link

pkg-pr-new bot commented Feb 17, 2026
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7446

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7446

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7446

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7446

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7446

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7446

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7446

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7446

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7446

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7446

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@7446

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7446

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7446

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7446

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7446

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7446

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7446

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7446

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7446

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7446

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7446

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7446

commit: 456bc24

@tmilewski tmilewski requested a review from jacekradko February 17, 2026 21:03
jacekradko
jacekradko approved these changes Feb 20, 2026
View reviewed changes
Copy link
Member

@jacekradko jacekradko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dstaley
dstaley reviewed Feb 20, 2026
View reviewed changes
packages/upgrade/src/versions/core-3/changes/needs-client-trust-sign-in-status-added.md Outdated
- signIn.attemptFirstFactor({ strategy: 'password', password: '...' })
- if (signIn.status === 'complete') {/* ... */ }
+ const { signIn } = useSignIn()
+ signIn.attemptFirstFactor({ strategy: 'password', password: '...' })
Copy link
Member

@dstaley dstaley Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we remove this line the example will be compatible for both the new hooks and the included legacy hooks

Suggested change
+ signIn.attemptFirstFactor({ strategy: 'password', password: '...' })

Copy link
Member

@dstaley dstaley Feb 20, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also maybe this is a better way to visualize this?

const { signIn } = useSignIn()
// ...
- if (signIn.status === 'complete') { /* ... */ }
+ if (signIn.status === 'needs_client_trust') { /* ... */ }
+ else if (signIn.status === 'complete') {  /* ... */ }
```diff
const { signIn } = useSignIn()
// ...
- if (signIn.status === 'complete') { /* ... */ }
+ if (signIn.status === 'needs_client_trust') { /* ... */ }
+ else if (signIn.status === 'complete') {  /* ... */ }
```

Copy link
Member Author

@tmilewski tmilewski Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I definitely like this more. Thanks!

@tmilewski tmilewski force-pushed the tom/user-4211-needs-client-status-upgrade branch from 1841056 to 456bc24 Compare February 20, 2026 21:25
@tmilewski tmilewski enabled auto-merge (squash) February 20, 2026 21:25
@tmilewski tmilewski merged commit df93ad9 into main Feb 20, 2026
41 checks passed
@tmilewski tmilewski deleted the tom/user-4211-needs-client-status-upgrade branch February 20, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dstaley dstaley dstaley left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@jacekradko jacekradko jacekradko approved these changes

@brkalow brkalow Awaiting requested review from brkalow

Assignees

@tmilewski tmilewski

Labels

core-3

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tmilewski @dstaley @jacekradko