fix(clerk-js,localizations,backend): Rename passwordUntrusted to passwordCompromised

[octoper]

Description

This PR changes the naming for password untrusted to password compromised, the feature is not yet available so the renaming does not affect any flows

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features

  • Terminology updated: "untrusted" → "compromised" across sign-in flows and public APIs.

• Localization

  • Added passwordCompromised localization keys for all supported locales; en‑US strings adjusted.

• Bug Fixes

  • Error detection and messaging now consistently reflect compromised-password states; legacy keys marked deprecated with aliases for backwards compatibility.

• Tests

  • Updated tests and expectations to reference the compromised-password flow.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

🦋 Changeset detected

Latest commit: d325961

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 22 packages

Name	Type
@clerk/backend	Patch
@clerk/localizations	Patch
@clerk/clerk-js	Patch
@clerk/shared	Patch
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/remix	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch
@clerk/clerk-react	Patch
@clerk/chrome-extension	Patch
@clerk/clerk-expo	Patch
@clerk/elements	Patch
@clerk/expo-passkeys	Patch
@clerk/themes	Patch
@clerk/types	Patch
@clerk/vue	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Renames password-related identifiers and error keys from "untrusted" to "compromised" across backend API, frontend sign-in components, shared error helpers/types, and localization resources; adds deprecation notes and new localization keys for the compromised naming.

Changes

Cohort / File(s)	Summary
Changesets \.changeset/honest-pigs-move.md, \.changeset/moody-dryers-serve.md, \.changeset/some-phones-report.md	Adds patch changesets documenting renames and deprecations: passwordUntrusted → passwordCompromised, and form_password_untrusted__sign_in → form_password_compromised__sign_in.
Backend API packages/backend/src/api/endpoints/UserApi.ts	Renames public method __experimental_passwordUntrusted → __experimental_passwordCompromised and updates internal path segment password_untrusted → password_compromised.
Clerk‑JS UI packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx, packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx, packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx	Replaces mode/value passwordUntrusted → passwordCompromised; updates types (AlternativeMethodsMode, PasswordErrorCode), conditional rendering, flow/title lookups, and error handling to map to form_password_compromised__sign_in and call onPasswordError('compromised').
Flow metadata packages/clerk-js/src/ui/elements/contexts/index.tsx	Updates FlowMetadata.part literal passwordUntrustedMethods → passwordCompromisedMethods.
Shared: errors & types packages/shared/src/error.ts, packages/shared/src/errors/helpers.ts, packages/shared/src/types/localization.ts	Renames exported helper isPasswordUntrustedError → isPasswordCompromisedError; updates internal error code checks to form_password_compromised; adds passwordCompromised localization field and form_password_compromised__sign_in error key; marks old names/keys deprecated.
Localizations (many locales) packages/localizations/src/*.ts (e.g., ar-SA, be-BY, bg-BG, en-US, en-GB, de-DE, fr-FR, ja-JP, zh-CN, ...)	Adds passwordCompromised: { title: undefined } across locale files; en-US also adjusts the existing passwordUntrusted title text.
Tests packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx	Updates test expectations and descriptions from "untrusted" to "compromised" and replaces expected error codes to form_password_compromised.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Extra attention:
  • packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx — verify mode-to-flow/title mappings.
  • packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx — confirm error detection and onPasswordError('compromised') propagation.
  • packages/shared/src/types/localization.ts — validate deprecation JSDoc and compatibility of new/old error keys.
  • packages/localizations/src/en-US.ts — confirm string adjustments and no regressions.

Possibly related PRs

• feat(clerk-js): Untrusted password screen for sign-in #7331 — prior PR that introduced the "passwordUntrusted" terminology and related keys; strongly related and likely the source of these renames.

Suggested reviewers

• anagstef
• bratsos
• nikosdouvlis

Poem

🐇
I hopped through tokens, keys, and names,
From "untrusted" tunnels to "compromised" plains.
I stitched the locales and changed the signs,
Now sign‑in hums with clearer lines.
A rabbit nibbles carrots in celebration! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: renaming passwordUntrusted to passwordCompromised across multiple packages (clerk-js, localizations, backend).

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch vaggelis/rename-to-password-compromised

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Dec 3, 2025 11:36am

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (8)

packages/localizations/src/hu-HU.ts (1)

696-704: Complete the rename by removing the old passwordUntrusted key.

The PR objectives indicate this is a rename from passwordUntrusted to passwordCompromised. However, the old passwordUntrusted key still exists at lines 702-704. To properly complete the rename operation and avoid confusion, the old key should be removed.

Apply this diff to remove the deprecated key:

 passwordCompromised: {
   title: undefined,
 },
 passwordPwned: {
   title: 'Jelszó kompromitálódott',
 },
-passwordUntrusted: {
-  title: undefined,
-},

packages/localizations/src/hi-IN.ts (1)

693-706: Complete the rename by updating remaining passwordUntrusted keys

The new signIn.password.passwordCompromised entry (Lines 698-700) looks fine and matches how this locale uses undefined placeholders elsewhere. However, this file still defines:

• signIn.password.passwordUntrusted (Lines 704-706)
• unstable__errors.form_password_untrusted__sign_in (Line 914, outside this hunk)

Given the PR’s goal to rename everything from passwordUntrusted/form_password_untrusted to the passwordCompromised naming, consider updating or removing the remaining passwordUntrusted keys here as well, so this locale stays consistent with the updated types and error/localization APIs.

packages/localizations/src/ta-IN.ts (1)

701-709: Remove passwordUntrusted from all localization files as part of the rename migration.

Both passwordCompromised (new) and passwordUntrusted (old) are present across all 49 localization files. Since the PR renames passwordUntrusted to passwordCompromised, the old key should be removed from each language file to complete the migration and avoid maintaining duplicate dead code. This applies to all language files in packages/localizations/src/, not just ta-IN.ts.

packages/localizations/src/pl-PL.ts (1)

704-706: Remove the deprecated passwordUntrusted entry.

The passwordUntrusted key is explicitly marked as @deprecated in packages/shared/src/types/localization.ts with guidance to use passwordCompromised instead. No active references to this deprecated key exist in the codebase outside of type definitions and localization files. Since both entries exist in the localization file and the old key is deprecated, remove the passwordUntrusted object (lines 704-706) to complete the migration.

packages/localizations/src/es-CR.ts (1)

701-709: Incomplete rename across all localization files: passwordUntrusted key should be removed.

The new passwordCompromised key has been added across all localization files, but the old passwordUntrusted key still exists in every file. Since passwordUntrusted is not referenced anywhere in the codebase, it should be removed from all 50 localization files to eliminate orphaned keys and reduce maintenance burden.

Additionally, passwordCompromised entries have undefined values across all languages, meaning no translations are provided yet. Either provide translations for the new key or remove both keys if they're not yet in use.

packages/localizations/src/sr-RS.ts (1)

901-907: form_password_untrusted__sign_in should be renamed to form_password_compromised__sign_in in sr-RS.ts

This locale file was missed during the global key rename applied to all other locales. Update at lines 901-907:

    form_password_pwned__sign_in:
      'Ova lozinka je pronađena kao deo kompromitovanih podataka i ne može se koristiti, molimo resetuj svoju lozinku.',
    form_password_size_in_bytes_exceeded:
      'Tvoja lozinka je premašila maksimalni dozvoljeni broj bajtova, molimo skrati je ili ukloni neke specijalne znakove.',
-    form_password_untrusted__sign_in: undefined,
+    form_password_compromised__sign_in: undefined,

packages/localizations/src/es-UY.ts (1)

700-708: Remove or align passwordUntrusted and form_password_untrusted__sign_in with the new passwordCompromised naming

The file includes the new signIn.passwordCompromised entry (lines 700-702), but still retains:

• signIn.passwordUntrusted (lines 706-708)
• unstable__errors.form_password_untrusted__sign_in (line 916)

To maintain consistency across the codebase, either remove these obsolete keys or rename them to use the new passwordCompromised / form_password_compromised__sign_in naming, depending on whether they're being deprecated or replaced.

packages/localizations/src/da-DK.ts (1)

690-703: Complete the passwordUntrusted → passwordCompromised rename in this locale

The new signIn.passwordCompromised key is added, but the old identifiers are still present:

• signIn.passwordUntrusted (Line 701)
• unstable__errors.form_password_untrusted__sign_in (Line 905)

If this PR’s intent is a full rename, this locale should not keep the old keys around, otherwise the localization shape diverges from the updated API and types.

Consider applying something like:

@@ signIn: {
-    passwordUntrusted: {
-      title: undefined,
-    },
@@ unstable__errors: {
-    form_password_untrusted__sign_in: undefined,
+    form_password_compromised__sign_in: undefined,

This keeps only the new passwordCompromised naming and aligns the error key with the updated code paths.

Also applies to: 901-905

🧹 Nitpick comments (10)

packages/localizations/src/he-IL.ts (1)

688-690: passwordCompromised entry is structurally correct; consider future cleanup of legacy keys

The new signIn.password.passwordCompromised key matches the structure of neighboring password entries and should satisfy the updated localization types. Once the rename away from “untrusted” is fully rolled out, consider either:

• Removing or clearly marking the legacy passwordUntrusted entry (lines 694-696), and
• Ensuring any corresponding error keys (e.g., form_password_untrusted__sign_in under unstable__errors) are mirrored with ...password_compromised__sign_in in this locale when that flow goes live.

Not a blocker now, but aligning these later will reduce confusion for translators and callers.

packages/localizations/src/id-ID.ts (1)

699-701: Confirm intent to keep both passwordCompromised and passwordUntrusted variants

The new signIn.passwordCompromised block fits the localization structure, but signIn.passwordUntrusted (lines 705-707) and unstable__errors.form_password_untrusted__sign_in (line 915) remain. Given the PR’s goal to rename from “untrusted” to “compromised,” please confirm whether these *Untrusted keys are intentionally retained for backward compatibility, or if they should also be migrated/removed in this locale to stay consistent with the new naming.

packages/localizations/src/ca-ES.ts (1)

696-698: Align new passwordCompromised key with removal/rename of passwordUntrusted

You’ve added signIn.password.passwordCompromised, but this locale still defines both signIn.password.passwordUntrusted and unstable__errors.form_password_untrusted__sign_in. If the rest of the PR has migrated callers to passwordCompromised / form_password_compromised__sign_in, these older keys will become dead and the new error id may be untranslated here.

I’d recommend either explicitly keeping the old keys for backward compatibility (with a comment), or fully migrating this locale for parity with others:

• In the signIn.password block, drop the now‑redundant passwordUntrusted entry once nothing references it:

    passwordCompromised: {
      title: undefined,
    },
-    passwordUntrusted: {
-      title: undefined,
-    },

• In the unstable__errors section, update the error key when/if the backend error code is renamed:

    form_password_compromised__sign_in: undefined,

Please double‑check against the core error codes and the base locale before applying this so everything stays in sync.

packages/localizations/src/da-DK.ts (1)

13-15: Optional: Switch LocalizationResource import to @clerk/shared/types

Guidelines prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias. Not required for this rename-focused PR, but worth updating here (and possibly via a bulk codemod) when convenient.

-import type { LocalizationResource } from '@clerk/types';
+import type { LocalizationResource } from '@clerk/shared/types';

packages/localizations/src/pt-BR.ts (1)

705-707: pt-BR passwordCompromised placeholder is correctly wired

The signIn.passwordCompromised object with title: undefined aligns with the localization schema and other locales; it’s fine as a placeholder until a translation is provided. Given passwordPwned is already translated, you may later want a distinct phrasing here, but that can wait until the feature goes live.

packages/localizations/src/en-US.ts (1)

694-701: Rename and new key in signIn.password look consistent

• signIn.passwordCompromised is added with a clear title and matches the existing password key structure.
• Updating passwordUntrusted.title to “Password untrusted” keeps terminology aligned with the new “compromised” wording.

If you later differentiate product behavior between “pwned” vs “compromised” states, you may want to revisit the English copy so each key has a distinct user-facing message, but that’s optional and not blocking for this rename.

packages/shared/src/errors/helpers.ts (1)

124-130: isPasswordCompromisedError helper correctly targets new error code

The helper now checks for 'form_password_compromised' behind isClerkAPIResponseError, which cleanly aligns with the renamed password state and matches the surrounding helper patterns. If you want to tighten typings in new additions, you could add an explicit boolean return type:

-export function isPasswordCompromisedError(err: any) {
+export function isPasswordCompromisedError(err: any): boolean {
   return isClerkAPIResponseError(err) && err.errors?.[0]?.code === 'form_password_compromised';
 }

packages/shared/src/error.ts (1)

17-31: Public error exports updated to isPasswordCompromisedError

Re-exporting isPasswordCompromisedError from the helpers module keeps the shared error barrel aligned with the new terminology and helper implementation. If you expect any external usage of the old isPasswordUntrustedError symbol, consider temporarily re‑exporting it as an alias to isPasswordCompromisedError with a deprecation notice; otherwise this change is straightforward.

packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx (1)

21-21: Alternative methods wired for passwordCompromised mode

The new AlternativeMethodsMode value, its dedicated title (signIn.passwordCompromised.title), and the non-reset behavior (determineIsReset returning false and subtitle suppression) are internally consistent and match the new terminology. The only minor nit is that determineFlowPart still returns 'passwordUntrustedMethods' for this mode, which is fine for backward compatibility but a bit naming-inconsistent; consider aligning the flow part name in a future non-breaking cleanup if external consumers don’t rely on it.

Also applies to: 58-60, 188-189, 201-203, 213-214

packages/localizations/src/ro-RO.ts (1)

13-13: Optional: switch LocalizationResource import to @clerk/shared/types

Per the guidelines, consider migrating this type import from @clerk/types to @clerk/shared/types when convenient, to avoid relying on the deprecated alias. This can be done in a follow-up sweep across localization files rather than in this PR if you want to keep scope tight.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e89225d and 05dc23c.

📒 Files selected for processing (59)

• .changeset/honest-pigs-move.md (1 hunks)
• .changeset/moody-dryers-serve.md (1 hunks)
• .changeset/some-phones-report.md (1 hunks)
• packages/backend/src/api/endpoints/UserApi.ts (1 hunks)
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx (5 hunks)
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx (1 hunks)
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx (3 hunks)
• packages/localizations/src/ar-SA.ts (1 hunks)
• packages/localizations/src/be-BY.ts (1 hunks)
• packages/localizations/src/bg-BG.ts (1 hunks)
• packages/localizations/src/bn-IN.ts (1 hunks)
• packages/localizations/src/ca-ES.ts (1 hunks)
• packages/localizations/src/cs-CZ.ts (1 hunks)
• packages/localizations/src/da-DK.ts (1 hunks)
• packages/localizations/src/de-DE.ts (1 hunks)
• packages/localizations/src/el-GR.ts (1 hunks)
• packages/localizations/src/en-GB.ts (1 hunks)
• packages/localizations/src/en-US.ts (1 hunks)
• packages/localizations/src/es-CR.ts (1 hunks)
• packages/localizations/src/es-ES.ts (1 hunks)
• packages/localizations/src/es-MX.ts (1 hunks)
• packages/localizations/src/es-UY.ts (1 hunks)
• packages/localizations/src/fa-IR.ts (1 hunks)
• packages/localizations/src/fi-FI.ts (1 hunks)
• packages/localizations/src/fr-FR.ts (1 hunks)
• packages/localizations/src/he-IL.ts (1 hunks)
• packages/localizations/src/hi-IN.ts (1 hunks)
• packages/localizations/src/hr-HR.ts (1 hunks)
• packages/localizations/src/hu-HU.ts (1 hunks)
• packages/localizations/src/id-ID.ts (1 hunks)
• packages/localizations/src/is-IS.ts (1 hunks)
• packages/localizations/src/it-IT.ts (1 hunks)
• packages/localizations/src/ja-JP.ts (1 hunks)
• packages/localizations/src/kk-KZ.ts (1 hunks)
• packages/localizations/src/ko-KR.ts (1 hunks)
• packages/localizations/src/mn-MN.ts (1 hunks)
• packages/localizations/src/ms-MY.ts (1 hunks)
• packages/localizations/src/nb-NO.ts (1 hunks)
• packages/localizations/src/nl-BE.ts (1 hunks)
• packages/localizations/src/nl-NL.ts (1 hunks)
• packages/localizations/src/pl-PL.ts (1 hunks)
• packages/localizations/src/pt-BR.ts (1 hunks)
• packages/localizations/src/pt-PT.ts (1 hunks)
• packages/localizations/src/ro-RO.ts (1 hunks)
• packages/localizations/src/ru-RU.ts (1 hunks)
• packages/localizations/src/sk-SK.ts (1 hunks)
• packages/localizations/src/sr-RS.ts (1 hunks)
• packages/localizations/src/sv-SE.ts (1 hunks)
• packages/localizations/src/ta-IN.ts (1 hunks)
• packages/localizations/src/te-IN.ts (1 hunks)
• packages/localizations/src/th-TH.ts (1 hunks)
• packages/localizations/src/tr-TR.ts (1 hunks)
• packages/localizations/src/uk-UA.ts (1 hunks)
• packages/localizations/src/vi-VN.ts (1 hunks)
• packages/localizations/src/zh-CN.ts (1 hunks)
• packages/localizations/src/zh-TW.ts (1 hunks)
• packages/shared/src/error.ts (1 hunks)
• packages/shared/src/errors/helpers.ts (1 hunks)
• packages/shared/src/types/localization.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• packages/localizations/src/en-GB.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/es-MX.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/localizations/src/el-GR.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/be-BY.ts
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/shared/src/errors/helpers.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/ko-KR.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/pt-BR.ts
• packages/backend/src/api/endpoints/UserApi.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/zh-CN.ts
• packages/shared/src/types/localization.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/error.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/zh-TW.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/hr-HR.ts

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/localizations/src/en-GB.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/es-MX.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/localizations/src/el-GR.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/be-BY.ts
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/shared/src/errors/helpers.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/ko-KR.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/pt-BR.ts
• packages/backend/src/api/endpoints/UserApi.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/zh-CN.ts
• packages/shared/src/types/localization.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/error.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/zh-TW.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/hr-HR.ts

packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/localizations/src/en-GB.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/es-MX.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/localizations/src/el-GR.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/be-BY.ts
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/shared/src/errors/helpers.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/ko-KR.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/pt-BR.ts
• packages/backend/src/api/endpoints/UserApi.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/zh-CN.ts
• packages/shared/src/types/localization.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/error.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/zh-TW.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/hr-HR.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias

Files:

• packages/localizations/src/en-GB.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/es-MX.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/localizations/src/el-GR.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/be-BY.ts
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/shared/src/errors/helpers.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/ko-KR.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/pt-BR.ts
• packages/backend/src/api/endpoints/UserApi.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/zh-CN.ts
• packages/shared/src/types/localization.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/error.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/zh-TW.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/hr-HR.ts

packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

• packages/localizations/src/en-GB.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/es-MX.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/localizations/src/el-GR.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/be-BY.ts
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/shared/src/errors/helpers.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/ko-KR.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/pt-BR.ts
• packages/backend/src/api/endpoints/UserApi.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/zh-CN.ts
• packages/shared/src/types/localization.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/error.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/zh-TW.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/hr-HR.ts

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• packages/localizations/src/en-GB.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/es-MX.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/localizations/src/el-GR.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/be-BY.ts
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/shared/src/errors/helpers.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/ko-KR.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/pt-BR.ts
• packages/backend/src/api/endpoints/UserApi.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/zh-CN.ts
• packages/shared/src/types/localization.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/error.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/zh-TW.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/hr-HR.ts

packages/localizations/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

packages/localizations/**: Localization support must include translations for 30+ languages using a modular localization system
Support RTL languages in the localization system

Files:

• packages/localizations/src/en-GB.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/es-MX.ts
• packages/localizations/src/el-GR.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/be-BY.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/ko-KR.ts
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/pt-BR.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/zh-CN.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/en-US.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/zh-TW.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/hr-HR.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• packages/localizations/src/en-GB.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/es-MX.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/localizations/src/el-GR.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/be-BY.ts
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/shared/src/errors/helpers.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/ko-KR.ts
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/pt-BR.ts
• packages/backend/src/api/endpoints/UserApi.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/zh-CN.ts
• packages/shared/src/types/localization.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/error.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/zh-TW.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/hr-HR.ts

packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should be written in camelCase
Use useCardState for card-level state management
Use useFormState for form-level state management
Use useLoadingStatus for managing loading states
Use useFormControl hook for form field state management with validation and localization support
All rendered values must be localized using useLocalizations hook - hard coded values are not allowed
Use localizationKeys for translating UI text with support for parameters and error messages
Use handleError utility for API error handling and provide field states for proper error mapping
Use the styled system sx prop with theme tokens for custom styling instead of inline styles
Use the Card component pattern with Card.Root, Card.Header, Card.Title, Card.Content, and Card.Footer for consistent card layouts
Use FormContainer with headerTitle and headerSubtitle localization keys combined with Form.Root and FormButtons for consistent form layouts
When form submission occurs, manage loading and error states by calling status.setLoading(), card.setLoading(), and card.setError() appropriately

Files:

• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.tsx: Use error boundaries in React components
Minimize re-renders in React components

**/*.tsx: Use proper type definitions for props and state in React components
Leverage TypeScript's type inference where possible in React components
Use proper event types for handlers in React components
Implement proper generic types for reusable React components
Use proper type guards for conditional rendering in React components

Files:

• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx

**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components (e.g., UserProfile, NavigationMenu)
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Separate UI components from business logic components
Use useState for simple state management in React components
Use useReducer for complex state logic in React components
Implement proper state initialization in React components
Use proper state updates with callbacks in React components
Implement proper state cleanup in React components
Use Context API for theme/authentication state management
Implement proper state persistence in React applications
Use React.memo for expensive components
Implement proper useCallback for handlers in React components
Use proper useMemo for expensive computations in React components
Implement proper virtualization for lists in React components
Use proper code splitting with React.lazy in React applications
Implement proper cleanup in useEffect hooks
Use proper refs for DOM access in React components
Implement proper event listener cleanup in React components
Use proper abort controllers for fetch in React components
Implement proper subscription cleanup in React components
Use proper HTML elements for semantic HTML in React components
Implement proper ARIA attributes for accessibility in React components
Use proper heading hierarchy in React components
Implement proper form labels in React components
Use proper button types in React components
Implement proper focus management for keyboard navigation in React components
Use proper keyboard shortcuts in React components
Implement proper tab order in React components
Use proper ...

Files:

• packages/clerk-js/src/ui/components/SignIn/SignInFactorOne.tsx
• packages/clerk-js/src/ui/components/SignIn/AlternativeMethods.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx

🧬 Code graph analysis (1)

packages/shared/src/errors/helpers.ts (1)

packages/shared/src/error.ts (2)

• isPasswordCompromisedError (27-27)
• isClerkAPIResponseError (20-20)

🪛 LanguageTool

.changeset/moody-dryers-serve.md

[grammar] ~4-~4: Ensure spelling is correct
Context: --- '@clerk/localizations': patch --- Depricating passwordUntrusted in favour of `passw...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7352

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7352

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7352

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7352

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7352

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7352

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@7352

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@7352

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7352

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7352

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7352

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7352

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7352

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7352

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@7352

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7352

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@7352

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7352

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7352

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7352

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@7352

@clerk/types

npm i https://pkg.pr.new/@clerk/types@7352

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7352

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7352

commit: d325961

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 342fb47 and 0741b24.

📒 Files selected for processing (1)

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx (4 hunks)

🧰 Additional context used

📓 Path-based instructions (15)

packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should be written in camelCase
Use useCardState for card-level state management
Use useFormState for form-level state management
Use useLoadingStatus for managing loading states
Use useFormControl hook for form field state management with validation and localization support
All rendered values must be localized using useLocalizations hook - hard coded values are not allowed
Use localizationKeys for translating UI text with support for parameters and error messages
Use handleError utility for API error handling and provide field states for proper error mapping
Use the styled system sx prop with theme tokens for custom styling instead of inline styles
Use the Card component pattern with Card.Root, Card.Header, Card.Title, Card.Content, and Card.Footer for consistent card layouts
Use FormContainer with headerTitle and headerSubtitle localization keys combined with Form.Root and FormButtons for consistent form layouts
When form submission occurs, manage loading and error states by calling status.setLoading(), card.setLoading(), and card.setError() appropriately

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{test,spec}.{ts,tsx,js,jsx}: Unit tests are required for all new functionality
Verify proper error handling and edge cases
Include tests for all new features

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.tsx: Use error boundaries in React components
Minimize re-renders in React components

**/*.tsx: Use proper type definitions for props and state in React components
Leverage TypeScript's type inference where possible in React components
Use proper event types for handlers in React components
Implement proper generic types for reusable React components
Use proper type guards for conditional rendering in React components

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{test,spec,e2e}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use real Clerk instances for integration tests

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.test.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use React Testing Library for component testing

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components (e.g., UserProfile, NavigationMenu)
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Separate UI components from business logic components
Use useState for simple state management in React components
Use useReducer for complex state logic in React components
Implement proper state initialization in React components
Use proper state updates with callbacks in React components
Implement proper state cleanup in React components
Use Context API for theme/authentication state management
Implement proper state persistence in React applications
Use React.memo for expensive components
Implement proper useCallback for handlers in React components
Use proper useMemo for expensive computations in React components
Implement proper virtualization for lists in React components
Use proper code splitting with React.lazy in React applications
Implement proper cleanup in useEffect hooks
Use proper refs for DOM access in React components
Implement proper event listener cleanup in React components
Use proper abort controllers for fetch in React components
Implement proper subscription cleanup in React components
Use proper HTML elements for semantic HTML in React components
Implement proper ARIA attributes for accessibility in React components
Use proper heading hierarchy in React components
Implement proper form labels in React components
Use proper button types in React components
Implement proper focus management for keyboard navigation in React components
Use proper keyboard shortcuts in React components
Implement proper tab order in React components
Use proper ...

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{test,spec}.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{test,spec}.{jsx,tsx}: Use React Testing Library for unit testing React components
Test component behavior, not implementation details
Use proper test queries in React Testing Library tests
Implement proper test isolation in React component tests
Use proper test coverage in React component tests
Test component interactions in integration tests
Use proper test data in React component tests
Implement proper test setup in React component tests
Use proper test cleanup in React component tests
Implement proper test assertions in React component tests
Use proper test structure for React component tests

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (32)

• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 14)
• GitHub Check: Integration Tests (nextjs, chrome, 15, RQ)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (elements, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (expo-web, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Publish with pkg-pr-new
• GitHub Check: Unit Tests (22, **)
• GitHub Check: Static analysis
• GitHub Check: Unit Tests (22, shared, clerk-js, RQ)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (3)

packages/clerk-js/src/ui/components/SignIn/__tests__/SignInFactorOne.test.tsx (3)

369-376: LGTM!

The error code has been correctly updated from form_password_untrusted to form_password_compromised, and the corresponding test assertions (lines 388-391) verify the expected "Password compromised" messaging.

---

396-396: LGTM!

Test description correctly updated to reflect the new "compromised" terminology.

---

410-417: LGTM!

The error code has been correctly updated to form_password_compromised, and the test assertions (lines 429-431) properly verify the compromised password flow and messaging.