feat(clerk-js): Introduce reset password after auth task

[octoper]

Description

This PR introduces the new reset-password session task

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features

  • Added a reset-password session task flow with secure password validation, reverification, and optional "sign out of other sessions".
  • UI and localization strings added for the password reset experience.

• Tests

  • Added comprehensive tests covering rendering, interactions, and sign-out behavior for the reset-password flow.

• Chores

  • Minor version bumps for related packages.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 29759c4

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 22 packages

Name	Type
@clerk/localizations	Minor
@clerk/clerk-js	Minor
@clerk/shared	Minor
@clerk/clerk-react	Patch
@clerk/chrome-extension	Patch
@clerk/clerk-expo	Patch
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/elements	Patch
@clerk/expo-passkeys	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/remix	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch
@clerk/themes	Patch
@clerk/types	Patch
@clerk/vue	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Nov 20, 2025 5:54pm

[coderabbitai]

Walkthrough

Adds a new "reset-password" session task: UI component, context, guard HOC, routing key, types, localization, tests, and a changeset entry.

Changes

Cohort / File(s)	Summary
Changeset /.changeset/loose-brooms-occur.md	Adds changeset documenting minor version bumps and the new reset-password session task.
Core session routing packages/clerk-js/src/core/sessionTasks.ts	Added 'reset-password': 'reset-password' to INTERNAL_SESSION_TASK_ROUTE_BY_KEY.
SessionTasks entry & exports packages/clerk-js/src/ui/components/SessionTasks/index.tsx	Integrated TaskResetPassword route and TaskResetPasswordContext.Provider; exported TaskResetPasswordContext.
TaskResetPassword component & HOCs packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx, .../withTaskGuard.ts	New TaskResetPassword component implementing password form, validation, reverification update, optional cross-session sign-out; wrapped with withCardStateProvider, withTaskGuard, withCoreSessionSwitchGuard. Added withTaskGuard HOC that redirects when task missing.
TaskResetPassword tests packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx	New test suite covering rendering, task presence/order, identifier display, sign-out flow, and username fallback.
Import path fix packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/index.tsx	Adjusted withTaskGuard import path from ../withTaskGuard to ./withTaskGuard.
UI contexts & providers packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx, packages/clerk-js/src/ui/contexts/components/SessionTasks.ts	Added TaskResetPasswordContext, useTaskResetPasswordContext, and wired provider case into ComponentContextProvider.
Flow metadata & elements packages/clerk-js/src/ui/elements/contexts/index.tsx	Extended FlowMetadata.flow union to include 'taskResetPassword'.
Types — UI & shared packages/clerk-js/src/ui/types.ts, packages/shared/src/types/clerk.ts, packages/shared/src/types/appearance.ts, packages/shared/src/types/session.ts, packages/shared/src/types/localization.ts	Added TaskResetPasswordProps, TaskResetPasswordCtx, TaskResetPasswordTheme; extended AvailableComponentCtx union and SessionTask.key to include 'reset-password'; added taskResetPassword localization schema; minor JSDoc update for treatPendingAsSignedOut.
Localization resource packages/localizations/src/en-US.ts	Added taskResetPassword localization block (title and signOut entries) and passwordUntrusted message.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant SessionTasks
    participant Context as TaskResetPasswordContext
    participant Guard as withTaskGuard
    participant Component as TaskResetPassword
    participant API as updatePassword API

    User->>SessionTasks: open session tasks
    SessionTasks->>Context: provide TaskResetPasswordContext
    Context->>Guard: mount wrap
    Guard->>Guard: check session task 'reset-password' exists?
    alt task exists
        Guard->>Component: render
        User->>Component: enter & submit new password
        Component->>API: update password (reverification)
        API-->>Component: success / error
        Component->>User: optional sign-out and redirect to redirectUrlComplete
    else task missing
        Guard->>User: redirect to sign-in or after-sign-in URL (warn)
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25–30 minutes

• Pay attention to: password update / reverification flow and error handling in TaskResetPassword.
• Validate redirect logic and auth checks in withTaskGuard.
• Confirm types propagated consistently (TaskResetPasswordCtx, SessionTask.key) and localization keys match usage.

Poem

🐰 A tiny hop to mend a key,
Reset-password springs for you and me,
Context snug, guards keeping watch,
New strings hum soft — no need to scotch,
A rabbit cheers: secure and free! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main feature being introduced: a new reset password task in the clerk-js auth flow.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch vaggelis/user-4002-implement-the-aio-components-new-flow-and-session-task

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[octoper]

!snapshot

[clerk-cookie]

Hey @octoper - the snapshot version command generated the following package versions:

Package	Version
@clerk/agent-toolkit	0.2.3-snapshot.v20251120173355
@clerk/astro	2.16.1-snapshot.v20251120173355
@clerk/backend	2.23.1-snapshot.v20251120173355
@clerk/chrome-extension	2.8.3-snapshot.v20251120173355
@clerk/clerk-js	5.110.0-snapshot.v20251120173355
@clerk/elements	0.23.84-snapshot.v20251120173355
@clerk/clerk-expo	2.19.3-snapshot.v20251120173355
@clerk/expo-passkeys	0.4.20-snapshot.v20251120173355
@clerk/express	1.7.51-snapshot.v20251120173355
@clerk/fastify	2.6.3-snapshot.v20251120173355
@clerk/localizations	3.29.0-snapshot.v20251120173355
@clerk/nextjs	6.35.3-snapshot.v20251120173355
@clerk/nuxt	1.13.1-snapshot.v20251120173355
@clerk/clerk-react	5.56.1-snapshot.v20251120173355
@clerk/react-router	2.2.3-snapshot.v20251120173355
@clerk/remix	4.13.18-snapshot.v20251120173355
@clerk/shared	3.36.0-snapshot.v20251120173355
@clerk/tanstack-react-start	0.27.3-snapshot.v20251120173355
@clerk/testing	1.13.17-snapshot.v20251120173355
@clerk/themes	2.4.38-snapshot.v20251120173355
@clerk/types	4.101.1-snapshot.v20251120173355
@clerk/vue	1.16.1-snapshot.v20251120173355

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/[email protected] --save-exact

@clerk/astro

npm i @clerk/[email protected] --save-exact

@clerk/backend

npm i @clerk/[email protected] --save-exact

@clerk/chrome-extension

npm i @clerk/[email protected] --save-exact

@clerk/clerk-js

npm i @clerk/[email protected] --save-exact

@clerk/elements

npm i @clerk/[email protected] --save-exact

@clerk/clerk-expo

npm i @clerk/[email protected] --save-exact

@clerk/expo-passkeys

npm i @clerk/[email protected] --save-exact

@clerk/express

npm i @clerk/[email protected] --save-exact

@clerk/fastify

npm i @clerk/[email protected] --save-exact

@clerk/localizations

npm i @clerk/[email protected] --save-exact

@clerk/nextjs

npm i @clerk/[email protected] --save-exact

@clerk/nuxt

npm i @clerk/[email protected] --save-exact

@clerk/clerk-react

npm i @clerk/[email protected] --save-exact

@clerk/react-router

npm i @clerk/[email protected] --save-exact

@clerk/remix

npm i @clerk/[email protected] --save-exact

@clerk/shared

npm i @clerk/[email protected] --save-exact

@clerk/tanstack-react-start

npm i @clerk/[email protected] --save-exact

@clerk/testing

npm i @clerk/[email protected] --save-exact

@clerk/themes

npm i @clerk/[email protected] --save-exact

@clerk/types

npm i @clerk/[email protected] --save-exact

@clerk/vue

npm i @clerk/[email protected] --save-exact

[octoper]

!snapshot

[octoper]

Comment for the reviewers: I will generate the localizations before merging the PR

[clerk-cookie]

Hey @octoper - the snapshot version command generated the following package versions:

Package	Version
@clerk/agent-toolkit	0.2.3-snapshot.v20251120175123
@clerk/astro	2.16.1-snapshot.v20251120175123
@clerk/backend	2.23.1-snapshot.v20251120175123
@clerk/chrome-extension	2.8.3-snapshot.v20251120175123
@clerk/clerk-js	5.110.0-snapshot.v20251120175123
@clerk/elements	0.23.84-snapshot.v20251120175123
@clerk/clerk-expo	2.19.3-snapshot.v20251120175123
@clerk/expo-passkeys	0.4.20-snapshot.v20251120175123
@clerk/express	1.7.51-snapshot.v20251120175123
@clerk/fastify	2.6.3-snapshot.v20251120175123
@clerk/localizations	3.29.0-snapshot.v20251120175123
@clerk/nextjs	6.35.3-snapshot.v20251120175123
@clerk/nuxt	1.13.1-snapshot.v20251120175123
@clerk/clerk-react	5.56.1-snapshot.v20251120175123
@clerk/react-router	2.2.3-snapshot.v20251120175123
@clerk/remix	4.13.18-snapshot.v20251120175123
@clerk/shared	3.36.0-snapshot.v20251120175123
@clerk/tanstack-react-start	0.27.3-snapshot.v20251120175123
@clerk/testing	1.13.17-snapshot.v20251120175123
@clerk/themes	2.4.38-snapshot.v20251120175123
@clerk/types	4.101.1-snapshot.v20251120175123
@clerk/vue	1.16.1-snapshot.v20251120175123

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/[email protected] --save-exact

@clerk/astro

npm i @clerk/[email protected] --save-exact

@clerk/backend

npm i @clerk/[email protected] --save-exact

@clerk/chrome-extension

npm i @clerk/[email protected] --save-exact

@clerk/clerk-js

npm i @clerk/[email protected] --save-exact

@clerk/elements

npm i @clerk/[email protected] --save-exact

@clerk/clerk-expo

npm i @clerk/[email protected] --save-exact

@clerk/expo-passkeys

npm i @clerk/[email protected] --save-exact

@clerk/express

npm i @clerk/[email protected] --save-exact

@clerk/fastify

npm i @clerk/[email protected] --save-exact

@clerk/localizations

npm i @clerk/[email protected] --save-exact

@clerk/nextjs

npm i @clerk/[email protected] --save-exact

@clerk/nuxt

npm i @clerk/[email protected] --save-exact

@clerk/clerk-react

npm i @clerk/[email protected] --save-exact

@clerk/react-router

npm i @clerk/[email protected] --save-exact

@clerk/remix

npm i @clerk/[email protected] --save-exact

@clerk/shared

npm i @clerk/[email protected] --save-exact

@clerk/tanstack-react-start

npm i @clerk/[email protected] --save-exact

@clerk/testing

npm i @clerk/[email protected] --save-exact

@clerk/themes

npm i @clerk/[email protected] --save-exact

@clerk/types

npm i @clerk/[email protected] --save-exact

@clerk/vue

npm i @clerk/[email protected] --save-exact

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (1)

1-26: withTaskGuard implementation matches existing session task guard semantics

The guard correctly:

• Checks for absence of clerk.session?.currentTask and redirects either to buildSignInUrl() (no session) or ctx.redirectUrlComplete ?? clerk.buildAfterSignInUrl().
• Reuses withRedirect and warning cannotRenderComponentWhenTaskDoesNotExist.
• Preserves component displayName, consistent with the TaskChooseOrganization guard.

One thing to double‑check: ensure TaskResetPasswordProps has been added to AvailableComponentProps, otherwise withTaskGuard(TaskResetPassword) will fail the P extends AvailableComponentProps constraint.

If more task-specific guards are added in the future, consider extracting a shared helper that takes the task context hook as a parameter to avoid near-identical HOCs.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

128-128: Consider using configured password settings for minLength.

The minLength={6} is hardcoded, but passwordSettings is available from the environment context. While the validatePassword flag on the field already uses password settings for validation, aligning the HTML5 minLength attribute with the configured minimum would provide more consistent user feedback.

Consider using:

                    <Form.PasswordInput
                      {...passwordField.props}
                      isRequired
-                      minLength={6}
+                      minLength={passwordSettings.min_length}
                    />

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 77e022f and 9ab72aa.

📒 Files selected for processing (16)

• .changeset/loose-brooms-occur.md (1 hunks)
• packages/clerk-js/src/core/sessionTasks.ts (1 hunks)
• packages/clerk-js/src/ui/components/SessionTasks/index.tsx (2 hunks)
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/index.tsx (1 hunks)
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx (1 hunks)
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1 hunks)
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (1 hunks)
• packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx (3 hunks)
• packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (2 hunks)
• packages/clerk-js/src/ui/elements/contexts/index.tsx (1 hunks)
• packages/clerk-js/src/ui/types.ts (3 hunks)
• packages/localizations/src/en-US.ts (2 hunks)
• packages/shared/src/types/appearance.ts (1 hunks)
• packages/shared/src/types/clerk.ts (2 hunks)
• packages/shared/src/types/localization.ts (2 hunks)
• packages/shared/src/types/session.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (8)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx (2)

packages/clerk-js/src/test/create-fixtures.tsx (1)

• bindCreateFixtures (28-35)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

• TaskResetPassword (186-188)

packages/clerk-js/src/ui/components/SessionTasks/index.tsx (3)

packages/clerk-js/src/core/sessionTasks.ts (1)

• INTERNAL_SESSION_TASK_ROUTE_BY_KEY (9-12)

packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)

• TaskResetPasswordContext (31-31)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

• TaskResetPassword (186-188)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (5)

packages/clerk-js/src/ui/elements/contexts/index.tsx (2)

• useCardState (42-70)
• withCardStateProvider (72-81)

packages/clerk-js/src/ui/utils/passwordUtils.ts (1)

• createPasswordError (33-74)

packages/clerk-js/src/ui/hooks/usePassword.ts (1)

• useConfirmPassword (77-110)

packages/clerk-js/src/ui/utils/errorHandler.ts (1)

• handleError (64-86)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (1)

• withTaskGuard (8-26)

packages/shared/src/types/clerk.ts (1)

packages/shared/src/types/appearance.ts (1)

• TaskResetPasswordTheme (1044-1044)

packages/clerk-js/src/ui/types.ts (1)

packages/shared/src/types/clerk.ts (1)

• TaskResetPasswordProps (2222-2228)

packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)

packages/clerk-js/src/ui/types.ts (1)

• TaskResetPasswordCtx (155-157)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (4)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/withTaskGuard.ts (1)

• withTaskGuard (8-26)

packages/clerk-js/src/ui/types.ts (1)

• AvailableComponentProps (46-63)

packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)

• useTaskResetPasswordContext (33-41)

packages/clerk-js/src/ui/common/withRedirect.tsx (1)

• withRedirect (16-53)

packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx (2)

packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)

• TaskResetPasswordContext (31-31)

packages/shared/src/types/clerk.ts (1)

• TaskResetPasswordProps (2222-2228)

🔇 Additional comments (16)

packages/shared/src/types/appearance.ts (1)

1044-1044: TaskResetPasswordTheme alias is consistent with existing theme types

The new TaskResetPasswordTheme alias mirrors the pattern used for other component themes and keeps the public API consistent. No issues from a typing or compatibility perspective.

.changeset/loose-brooms-occur.md (1)

1-7: Changeset scope and bump levels look appropriate

The changeset correctly scopes the reset-password session task work to @clerk/clerk-js, @clerk/shared, and @clerk/localizations with minor bumps, matching the feature-level change.

packages/clerk-js/src/ui/elements/contexts/index.tsx (1)

83-105: FlowMetadata extended correctly for new task flows

Adding 'taskChooseOrganization' and 'taskResetPassword' to FlowMetadata.flow aligns with the new session task routes and existing usages like <Flow.Root flow='taskChooseOrganization'>. The union remains coherent and backward compatible.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/index.tsx (1)

11-11: Import path adjustment aligns with new task-local guard structure

Switching withTaskGuard to a sibling import ('./withTaskGuard') matches the new pattern where each session task owns its own guard implementation. The wrapping at the export site remains unchanged and correct.

packages/shared/src/types/clerk.ts (1)

2222-2228: LGTM! TaskResetPasswordProps follows established patterns.

The type definition correctly mirrors the structure of TaskChooseOrganizationProps, with appropriate fields for navigation and theming. The JSDoc comment clearly documents the purpose of the redirectUrlComplete field.

packages/clerk-js/src/core/sessionTasks.ts (1)

9-12: LGTM! Route mapping correctly added.

The new 'reset-password' entry follows the existing pattern and integrates properly with the SessionTask['key'] type union. This will enable proper URL building via getTaskEndpoint and buildTaskUrl functions.

packages/clerk-js/src/ui/components/SessionTasks/index.tsx (1)

65-71: LGTM! Route and context setup correctly implemented.

The new reset-password route follows the established pattern from the choose-organization task. The context provider properly passes componentName and redirectUrlComplete to the TaskResetPassword component.

packages/clerk-js/src/ui/types.ts (1)

155-157: LGTM! Context type properly defined.

The TaskResetPasswordCtx type correctly extends TaskResetPasswordProps and adds the required componentName literal, following the established pattern for component contexts.

packages/localizations/src/en-US.ts (1)

866-872: LGTM! Localization strings properly structured.

The taskResetPassword localization keys follow the same pattern as taskChooseOrganization, providing clear user-facing strings for the title and sign-out action. The {{identifier}} placeholder correctly enables dynamic user information display.

packages/shared/src/types/localization.ts (1)

1290-1296: LGTM! Localization types correctly defined.

The taskResetPassword type definition properly mirrors the structure in en-US.ts, with correctly typed LocalizationValue fields. The actionText field appropriately uses LocalizationValue<'identifier'> to enable type-safe interpolation of the user identifier.

packages/shared/src/types/session.ts (2)

338-338: LGTM! SessionTask key union properly extended.

The key field now correctly includes both 'choose-organization' and 'reset-password', enabling type-safe handling of the new task type throughout the session management system.

---

38-40: Nice documentation improvement.

The JSDoc @default true annotation clarifies the default behavior of treatPendingAsSignedOut, improving the developer experience.

packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx (1)

130-137: LGTM! Context provider case correctly implemented.

The TaskResetPassword case follows the established pattern, properly typing the props and providing the context value with the correct componentName literal. The implementation is consistent with the TaskChooseOrganization case.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/__tests__/TaskResetPassword.test.tsx (1)

1-103: LGTM! Comprehensive test coverage.

The test suite provides excellent coverage of the TaskResetPassword component, including:

• Guard behavior (rendering only when task exists)
• Multi-task ordering
• User identifier display (both email and username)
• Sign-out interaction flow

The tests are well-structured, use appropriate testing utilities, and have clear assertions.

packages/clerk-js/src/ui/contexts/components/SessionTasks.ts (1)

3-3: LGTM! Consistent context implementation.

The new TaskResetPassword context and hook follow the established pattern used by TaskChooseOrganization. The implementation is consistent with the codebase conventions and includes proper error messaging.

Also applies to: 31-41

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

186-188: LGTM! Proper HOC composition.

The component export correctly composes three higher-order components:

• withCoreSessionSwitchGuard for session-level guards
• withTaskGuard for task existence validation
• withCardStateProvider for form state management

The order and composition are appropriate for this session task component.

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7268

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7268

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7268

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7268

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7268

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7268

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@7268

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@7268

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7268

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7268

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7268

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7268

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7268

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7268

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@7268

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7268

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@7268

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7268

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7268

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7268

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@7268

@clerk/types

npm i https://pkg.pr.new/@clerk/types@7268

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7268

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7268

commit: 29759c4

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packages/localizations/src/en-US.ts (1)

863-869: Confirm copy consistency with existing reset-password flows

The new taskResetPassword strings look fine and match the type, but the title here ('Reset password') differs from signIn.resetPassword.title ('Set new password'). If these flows are meant to feel like the same step, consider reusing or aligning the wording for consistency; otherwise, leaving them distinct is also reasonable.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

74-90: Use card state’s async helpers to manage loading and double-submits

resetPassword runs the async reverification/password update without going through card.runAsync or updating card loading state, so the UI can’t reflect an in-flight submission and users may trigger multiple requests by clicking rapidly.

It would be more consistent with other flows to wrap the operation with the card state helper and/or disable the submit button while a request is in progress, e.g. by using card.runAsync and adding card.isLoading into the Form.SubmitButton’s disabled condition.

Also applies to: 107-113, 147-151

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9ab72aa and 29759c4.

📒 Files selected for processing (3)

• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1 hunks)
• packages/localizations/src/en-US.ts (1 hunks)
• packages/shared/src/types/localization.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (5)

packages/clerk-js/src/ui/elements/contexts/index.tsx (2)

• useCardState (42-70)
• withCardStateProvider (72-81)

packages/clerk-js/src/ui/utils/passwordUtils.ts (1)

• createPasswordError (33-74)

packages/clerk-js/src/ui/hooks/usePassword.ts (1)

• useConfirmPassword (77-110)

packages/clerk-js/src/ui/utils/errorHandler.ts (1)

• handleError (64-86)

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/withTaskGuard.ts (1)

• withTaskGuard (8-26)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (2)

packages/shared/src/types/localization.ts (1)

1287-1293: taskResetPassword localization shape is consistent and correctly typed

The new taskResetPassword block (title + signOut.actionLink/actionText<'identifier'>) aligns with how it’s used in the UI and with the en-US resource; the interpolation parameter choice looks correct.

packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskResetPassword/index.tsx (1)

92-177: Overall TaskResetPassword wiring, localization, and sign-out behavior look solid

The component correctly derives the identifier for display, uses the new taskResetPassword.* localization keys, integrates reverification-based password updates, and handles multi-session sign-out via useMultipleSessions + sign-out context in a way that matches existing patterns.

[LauraBeatris]

Let's also add some integration tests for the main flow + unit tests for the task component itself