feat(*): introduce /types subpath exports #7644

coderabbitai · 2026-01-27T11:16:16Z

⚠️ Potential issue | 🟠 Major

Add test/verification coverage for the localization update.

There’s no accompanying test or validation for the updated Hebrew placeholders. Please add a minimal localization snapshot/RTL verification (or document the manual verification in CI) to prevent regressions. As per coding guidelines, please add tests covering these changes.

🤖 Prompt for AI Agents

In @.changeset/blue-plums-sin.md around lines 1 - 5, Add a minimal automated test that asserts the updated Hebrew placeholders are present to prevent regressions: create a test under the localization tests (e.g., tests/localizations/hebrew.test.ts) that imports the "@clerk/localizations" Hebrew bundle or the module that exports placeholders, then snapshot or assert specific keys/values for the input placeholders (e.g., "emailPlaceholder", "passwordPlaceholder" or the actual placeholder keys used in your localization module) and run it in CI; alternatively include an RTL render test that mounts the relevant input component with the Hebrew locale and verifies the placeholder attribute text matches the new Hebrew strings. Ensure the test file references the exact export name from your localization module so it will catch any future changes.

coderabbitai · 2026-01-27T11:16:16Z

⚠️ Potential issue | 🔴 Critical

Changeset is incomplete and missing package declarations and description.

The changeset file contains only empty YAML frontmatter with no package declarations or change description. For a feature that adds /types subpath exports to multiple SDK packages, the changeset must:

List all affected packages with appropriate semver bump type (likely minor for a new feature)

Include a markdown description for the changelog

Without a proper changeset, the automated release process won't version bump the affected packages or generate changelog entries.

📝 Example of a properly formatted changeset

--- +'@clerk/react': minor +'@clerk/nextjs': minor +'@clerk/astro': minor +'@clerk/chrome-extension': minor +'@clerk/expo': minor +'@clerk/express': minor +'@clerk/fastify': minor +'@clerk/nuxt': minor +'@clerk/react-router': minor +'@clerk/tanstack-react-start': minor +'@clerk/vue': minor --- + +Introduce `/types` subpath exports for all SDK packages. You can now import Clerk types directly from your SDK package: + +```ts +import type { ClerkOptions } from '@clerk/react/types'; +``` + +This eliminates the need to install `@clerk/types` separately and ensures type versions always match your SDK version.

🤖 Prompt for AI Agents

In @.changeset/stale-gifts-jog.md around lines 1 - 2, The changeset file is empty and must be completed: update .changeset/stale-gifts-jog.md to list all affected SDK packages (e.g., each package name that receives the new /types subpath export) with the appropriate semver bump (use "minor" for the new feature) in the YAML frontmatter and add a markdown changelog description explaining the feature (e.g., "Adds /types subpath exports to X, Y, Z SDK packages so consumers no longer need to install `@clerk/types` separately"). Ensure the YAML keys use the correct package names and bump types and include a short markdown body describing the change and its impact so the release automation can generate version bumps and changelog entries.

coderabbitai · 2026-01-22T10:09:32Z

⚠️ Potential issue | 🟠 Major

Add tests for the new /types export surfaces.

No tests were added or updated; please add coverage to ensure each new /types entry resolves and type declarations are published correctly.

🤖 Prompt for AI Agents

In @.changeset/types-subpath-export.md at line 15, Add TypeScript resolution tests that import from each new "/types" subpath (e.g., "@clerk/react/types", "@clerk/nextjs/types", and re-exports from "@clerk/shared/types") to verify declarations are published and resolvable; create TypeScript-only test files (or tsd tests) that do statements like "import type { UserResource } from '@clerk/react/types'" and use tsd's expectType or a tsc compile check to ensure the types are present; place these tests under the repo's type-tests area or each SDK package's test suite and wire them into CI so the build fails if the "/types" entrypoints or re-exports break.

coderabbitai · 2026-01-27T11:16:16Z

⚠️ Potential issue | 🟠 Major

Avoid leaking secrets/PII in CI log output.

These logs can include runtime tokens or user data; printing them verbatim to CI logs is risky. Please add redaction (or gate the output) before emitting log contents.

🔒 Suggested redaction helper

- name: Print App Error Logs if: steps.integration_tests.outputs.exit_code != '0' run: | echo "=== Integration Test Failed ===" echo "" + redact() { + sed -E \ + -e 's/(sk_(live|test)_[A-Za-z0-9]+)/[REDACTED]/g' \ + -e 's/("?(api|secret|token|key)"?\s*[:=]\s*")[^"]+/\1[REDACTED]/gi' + } # Integration tests use os.tmpdir() which is /tmp on Linux if [ -d /tmp/.temp_integration ]; then echo "=== App Error Logs (.err.log files) ===" find /tmp/.temp_integration -name "*.err.log" -type f 2>/dev/null | while read f; do echo "" echo "--- $f ---" - tail -100 "$f" 2>/dev/null || echo "(empty or not readable)" + tail -100 "$f" 2>/dev/null | redact || echo "(empty or not readable)" done echo "" echo "=== App Stdout Logs (last 50 lines each) ===" find /tmp/.temp_integration -name "e2e.*.log" -type f 2>/dev/null | while read f; do echo "" echo "--- $f ---" - tail -50 "$f" 2>/dev/null || echo "(empty or not readable)" + tail -50 "$f" 2>/dev/null | redact || echo "(empty or not readable)" done else echo "=== No app logs found (directory /tmp/.temp_integration does not exist) ===" fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

# Print error logs for immediate visibility in CI

- name: Print App Error Logs

if: steps.integration_tests.outputs.exit_code != '0'

run: |

echo "=== Integration Test Failed ==="

echo ""

# Integration tests use os.tmpdir() which is /tmp on Linux

if [ -d /tmp/.temp_integration ]; then

echo "=== App Error Logs (.err.log files) ==="

find /tmp/.temp_integration -name "*.err.log" -type f 2>/dev/null | while read f; do

echo ""

echo "--- $f ---"

tail -100 "$f" 2>/dev/null || echo "(empty or not readable)"

done

echo ""

echo "=== App Stdout Logs (last 50 lines each) ==="

find /tmp/.temp_integration -name "e2e.*.log" -type f 2>/dev/null | while read f; do

echo ""

echo "--- $f ---"

tail -50 "$f" 2>/dev/null || echo "(empty or not readable)"

done

else

echo "=== No app logs found (directory /tmp/.temp_integration does not exist) ==="

fi

# Print error logs for immediate visibility in CI

- name: Print App Error Logs

if: steps.integration_tests.outputs.exit_code != '0'

run: |

echo "=== Integration Test Failed ==="

echo ""

redact() {

sed -E \

-e 's/(sk_(live|test)_[A-Za-z0-9]+)/[REDACTED]/g' \

-e 's/("?(api|secret|token|key)"?\s*[:=]\s*")[^"]+/\1[REDACTED]/gi'

}

# Integration tests use os.tmpdir() which is /tmp on Linux

if [ -d /tmp/.temp_integration ]; then

echo "=== App Error Logs (.err.log files) ==="

find /tmp/.temp_integration -name "*.err.log" -type f 2>/dev/null | while read f; do

echo ""

echo "--- $f ---"

tail -100 "$f" 2>/dev/null | redact || echo "(empty or not readable)"

done

echo ""

echo "=== App Stdout Logs (last 50 lines each) ==="

find /tmp/.temp_integration -name "e2e.*.log" -type f 2>/dev/null | while read f; do

echo ""

echo "--- $f ---"

tail -50 "$f" 2>/dev/null | redact || echo "(empty or not readable)"

done

else

echo "=== No app logs found (directory /tmp/.temp_integration does not exist) ==="

fi

🤖 Prompt for AI Agents

In @.github/workflows/nightly-checks.yml around lines 77 - 100, The "Print App Error Logs" CI step currently prints raw contents from /tmp/.temp_integration (*.err.log and e2e.*.log) which can leak secrets/PII; update this step to either (a) run a redaction filter before printing (invoke a redaction helper to replace known token patterns like bearer tokens, API keys, emails, and UUIDs from the output of the find/tail pipeline) or (b) gate the raw output behind an explicit opt-in CI variable and otherwise only print sanitized summaries (file names, timestamps, and last N lines with sensitive fields masked); modify the commands that process files returned by find so they pipe through the redaction helper (for the *.err.log and e2e.*.log handling) or check CI boolean (e.g., a REDACT_LOGS or ALLOW_RAW_LOGS flag) before emitting raw contents.

coderabbitai · 2026-01-27T11:16:16Z

⚠️ Potential issue | 🟠 Major

Scope artifacts to logs only to reduce leakage/size.

Uploading the whole temp dir risks capturing secrets or bulky files (e.g., caches, node_modules). Prefer whitelisting log files.

♻️ Suggested narrowing of artifacts

with: name: test-artifacts-${{ matrix.test-name }} path: | ${{runner.temp}}/test-output.log - /tmp/.temp_integration/ + /tmp/.temp_integration/**/*.log integration/test-results/ retention-days: 7

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

path: |

${{runner.temp}}/test-output.log

/tmp/.temp_integration/

integration/test-results/

path: |

${{runner.temp}}/test-output.log

/tmp/.temp_integration/**/*.log

integration/test-results/

🤖 Prompt for AI Agents

In @.github/workflows/nightly-checks.yml around lines 108 - 111, In the workflow's artifacts "path" list, remove broad directory entries and replace them with a tight whitelist of log file patterns (e.g., explicit CI/test log files and glob patterns that only match *.log under integration/test-results and the temporary runner log) so you only upload logs; drop any temp/cache directories and other broad globs that could include node_modules or secrets, and ensure the artifact step (the "path" key) only references these log-specific patterns.

-Original file line number
+Diff line change
@@ -0,0 +1,6 @@
+    ---
+    '@clerk/clerk-js': patch
+    '@clerk/shared': patch
+    ---
+    Add `reset` method to the sign-in resource.

-Original file line number
+Diff line change
@@ -0,0 +1,5 @@
+    ---
+    "@clerk/localizations": patch
+    ---
+    Updated Hebrew localization placeholders for user input fields

-Original file line number
+Diff line change
@@ -0,0 +1,6 @@
+    ---
+    '@clerk/clerk-js': patch
+    '@clerk/shared': patch
+    ---
+    Add `reset` method to the new signUp resource.

-Original file line number
+Diff line change
@@ -0,0 +1,5 @@
+    ---
+    '@clerk/ui': patch
+    ---
+    Fix `TaskChooseOrganization` to complete organization activation when logo upload fails

-Original file line number
+Diff line change
@@ -0,0 +1,5 @@
+    ---
+    "@clerk/clerk-js": patch
+    ---
+    fix(clerk-js): Handle missing window.location in React Native navigation

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(*): introduce /types subpath exports #7644

Uh oh!

Diff view

Diff view

There are no files selected for viewing

coderabbitai bot Jan 27, 2026

Uh oh!

coderabbitai bot Jan 27, 2026

Uh oh!

coderabbitai bot Jan 22, 2026

Uh oh!

coderabbitai bot Jan 27, 2026

Uh oh!

coderabbitai bot Jan 27, 2026

Uh oh!

Uh oh!

Uh oh!

-Original file line number
+Diff line change
@@ -0,0 +1,128 @@
+    ---
+    "@clerk/backend": minor
+    "@clerk/shared": minor
+    "@clerk/clerk-js": minor
+    "@clerk/tanstack-react-start": minor
+    "@clerk/nextjs": patch
+    "@clerk/astro": patch
+    ---
+    Add `satelliteAutoSync` option to optimize satellite app handshake behavior
+    Satellite apps currently trigger a handshake redirect on every first page load, even when no cookies exist. This creates unnecessary redirects to the primary domain for apps where most users aren't authenticated.
+    **New option: `satelliteAutoSync`** (default: `false`)
+    - When `false` (default): Skip automatic handshake if no session cookies exist, only trigger after explicit sign-in action
+    - When `true`: Satellite apps automatically trigger handshake on first load (previous behavior)
+    **New query parameter: `__clerk_sync`**
+    - `__clerk_sync=1` (NeedsSync): Triggers handshake after returning from primary sign-in
+    - `__clerk_sync=2` (Completed): Prevents re-sync loop after handshake completes
+    Backwards compatible: Still reads legacy `__clerk_synced=true` parameter.
+    **SSR redirect fix**: Server-side redirects (e.g., `redirectToSignIn()` from middleware) now correctly add `__clerk_sync=1` to the return URL for satellite apps. This ensures the handshake is triggered when the user returns from sign-in on the primary domain.
+    **CSR redirect fix**: Client-side redirects now add `__clerk_sync=1` to all redirect URL variants (`forceRedirectUrl`, `fallbackRedirectUrl`) for satellite apps, not just the default `redirectUrl`.
+    ## Usage
+    ### SSR (Next.js Middleware)
+    ```typescript
+    import { clerkMiddleware } from '@clerk/nextjs/server';
+    export default clerkMiddleware({
+      isSatellite: true,
+      domain: 'satellite.example.com',
+      signInUrl: 'https://primary.example.com/sign-in',
+      // Set to true to automatically sync auth state on first load
+      satelliteAutoSync: true,
+    });
+    ```
+    ### SSR (TanStack Start)
+    ```typescript
+    import { clerkMiddleware } from '@clerk/tanstack-react-start/server';
+    export default clerkMiddleware({
+      isSatellite: true,
+      domain: 'satellite.example.com',
+      signInUrl: 'https://primary.example.com/sign-in',
+      // Set to true to automatically sync auth state on first load
+      satelliteAutoSync: true,
+    });
+    ```
+    ### CSR (ClerkProvider)
+    ```tsx
+    <ClerkProvider
+      publishableKey="pk_..."
+      isSatellite={true}
+      domain="satellite.example.com"
+      signInUrl="https://primary.example.com/sign-in"
+      // Set to true to automatically sync auth state on first load
+      satelliteAutoSync={true}
+    >
+      {children}
+    </ClerkProvider>
+    ```
+    ### SSR (TanStack Start with callback)
+    ```typescript
+    import { clerkMiddleware } from '@clerk/tanstack-react-start/server';
+    // Options callback - receives context object, returns options
+    export default clerkMiddleware(({ url }) => ({
+      isSatellite: true,
+      domain: 'satellite.example.com',
+      signInUrl: 'https://primary.example.com/sign-in',
+      satelliteAutoSync: url.pathname.startsWith('/dashboard'),
+    }));
+    ```
+    ## Migration Guide
+    ### Behavior change: `satelliteAutoSync` defaults to `false`
+    Previously, satellite apps would automatically trigger a handshake redirect on every first page load to sync authentication state with the primary domain—even when no session cookies existed. This caused unnecessary redirects to the primary domain for users who weren't authenticated.
+    The new default (`satelliteAutoSync: false`) provides a better experience for end users. Performance-wise, the satellite app can be shown immediately without attempting to sync state first, which is the right behavior for most use cases.
+    **To preserve the previous behavior** where visiting a satellite while already signed in on the primary domain automatically syncs your session, set `satelliteAutoSync: true`:
+    ```typescript
+    export default clerkMiddleware({
+      isSatellite: true,
+      domain: 'satellite.example.com',
+      signInUrl: 'https://primary.example.com/sign-in',
+      satelliteAutoSync: true, // Opt-in to automatic sync on first load
+    });
+    ```
+    ### TanStack Start: Function props to options callback
+    The `clerkMiddleware` function no longer accepts individual props as functions. If you were using the function form for props like `domain`, `proxyUrl`, or `isSatellite`, migrate to the options callback pattern.
+    **Before (prop function form - no longer supported):**
+    ```typescript
+    import { clerkMiddleware } from '@clerk/tanstack-react-start/server';
+    export default clerkMiddleware({
+      isSatellite: true,
+      // ❌ Function form for individual props no longer works
+      domain: (url) => url.hostname,
+    });
+    ```
+    **After (options callback form):**
+    ```typescript
+    import { clerkMiddleware } from '@clerk/tanstack-react-start/server';
+    // ✅ Wrap entire options in a callback function
+    export default clerkMiddleware(({ url }) => ({
+      isSatellite: true,
+      domain: url.hostname,
+    }));
+    ```
+    The callback receives a context object with the `url` property (a `URL` instance) and can return options synchronously or as a Promise for async configuration.

-Original file line number
+Diff line change
@@ -0,0 +1,17 @@
+    ---
+    "@clerk/ui": minor
+    "@clerk/react": minor
+    "@clerk/shared": patch
+    ---
+    Add shared React variant to reduce bundle size when using `@clerk/react`.
+    Introduces a new `ui.shared.browser.js` build variant that externalizes React dependencies, allowing the host application's React to be reused instead of bundling a separate copy. This can significantly reduce bundle size for applications using `@clerk/react`.
+    **New features:**
+    - `@clerk/ui/register` module: Import this to register React on `globalThis.__clerkSharedModules` for sharing with `@clerk/ui`
+    - `clerkUIVariant` option: Set to `'shared'` to use the shared variant (automatically detected and enabled for compatible React versions in `@clerk/react`)
+    **For `@clerk/react` users:** No action required. The shared variant is automatically used when your React version is compatible.
+    **For custom integrations:** Import `@clerk/ui/register` before loading the UI bundle, then set `clerkUIVariant: 'shared'` in your configuration.

Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		---
		---
Comment on lines +1 to +2 Copy link Contributor coderabbitai bot Jan 27, 2026 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. ⚠️ Potential issue \| 🔴 Critical Changeset is incomplete and missing package declarations and description. The changeset file contains only empty YAML frontmatter with no package declarations or change description. For a feature that adds `/types` subpath exports to multiple SDK packages, the changeset must: List all affected packages with appropriate semver bump type (likely `minor` for a new feature) Include a markdown description for the changelog Without a proper changeset, the automated release process won't version bump the affected packages or generate changelog entries. 📝 Example of a properly formatted changeset --- +'@clerk/react': minor +'@clerk/nextjs': minor +'@clerk/astro': minor +'@clerk/chrome-extension': minor +'@clerk/expo': minor +'@clerk/express': minor +'@clerk/fastify': minor +'@clerk/nuxt': minor +'@clerk/react-router': minor +'@clerk/tanstack-react-start': minor +'@clerk/vue': minor --- + +Introduce `/types` subpath exports for all SDK packages. You can now import Clerk types directly from your SDK package: + +```ts +import type { ClerkOptions } from '@clerk/react/types'; +``` + +This eliminates the need to install `@clerk/types` separately and ensures type versions always match your SDK version. 🤖 Prompt for AI Agents In @.changeset/stale-gifts-jog.md around lines 1 - 2, The changeset file is empty and must be completed: update .changeset/stale-gifts-jog.md to list all affected SDK packages (e.g., each package name that receives the new /types subpath export) with the appropriate semver bump (use "minor" for the new feature) in the YAML frontmatter and add a markdown changelog description explaining the feature (e.g., "Adds /types subpath exports to X, Y, Z SDK packages so consumers no longer need to install `@clerk/types` separately"). Ensure the YAML keys use the correct package names and bump types and include a short markdown body describing the change and its impact so the release automation can generate version bumps and changelog entries.

-Original file line number
+Diff line change
@@ -0,0 +1,15 @@
+    ---
+    '@clerk/react': minor
+    '@clerk/nextjs': minor
+    '@clerk/tanstack-react-start': minor
+    '@clerk/react-router': minor
+    '@clerk/express': minor
+    '@clerk/fastify': minor
+    '@clerk/astro': minor
+    '@clerk/nuxt': minor
+    '@clerk/vue': minor
+    '@clerk/expo': minor
+    '@clerk/chrome-extension': minor
+    ---
+    Add `/types` subpath export to re-export types from `@clerk/shared/types` along with SDK-specific types. This allows importing Clerk types directly from the SDK package (e.g., `import type { UserResource } from '@clerk/react/types'`) without needing to install `@clerk/types` as a separate dependency.

-Original file line number
+Diff line change
@@ Expand Up / @@ -49,14 +49,15 @@ jobs: @@
             run: pnpm turbo build $TURBO_ARGS
           - name: Canary release
+            id: publish
             if: steps.version-packages.outputs.success == '1'
             run: pnpm release:canary
             env:
               NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
               NPM_CONFIG_PROVENANCE: true
           - name: Trigger workflows on related repos
-            if: steps.version-packages.outputs.success == '1'
+            if: steps.publish.outcome == 'success'
             uses: actions/github-script@v7
             with:
               result-encoding: string
@@ Expand Down @@

feat(*): introduce /types subpath exports #7644

Uh oh!

feat(*): introduce /types subpath exports #7644

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

coderabbitai bot Jan 27, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jan 27, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jan 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jan 27, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jan 27, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!