small component ui fix

[BilalG1]

Summary by CodeRabbit

• Refactor
  • Enhanced CLI authentication confirmation tracking to improve session persistence and state management during sign-in flows.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
stack-auth-hosted-components	Ready	Preview, Comment	May 6, 2026 4:47pm
stack-backend	Ready	Preview, Comment	May 6, 2026 4:47pm
stack-dashboard	Ready	Preview, Comment	May 6, 2026 4:47pm
stack-demo	Ready	Preview, Comment	May 6, 2026 4:47pm
stack-docs	Ready	Preview, Comment	May 6, 2026 4:47pm
stack-preview-backend	Ready	Preview, Comment	May 6, 2026 4:47pm
stack-preview-dashboard	Ready	Preview, Comment	May 6, 2026 4:47pm

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR migrates CLI authorization confirmation tracking from URL query parameters to sessionStorage. Internal helper functions are added to store, check, and clear a confirmation flag keyed by login code. The component's confirmation state computation and all auth completion flows are updated to use the new sessionStorage-based mechanism instead of URL-based tracking. The test is updated to assert against sessionStorage instead of URL parameters.

Changes

CLI Auth Confirmation Storage Migration

Layer / File(s)	Summary
Helpers & Foundation packages/template/src/components-page/cli-auth-confirm.tsx (lines 31–43)	Added markConfirmed(), isConfirmed(), and clearConfirmed() helpers to manage confirmation state via sessionStorage. Removed markUrlConfirmed() function.
State Computation packages/template/src/components-page/cli-auth-confirm.tsx (lines 87–91)	Updated confirmed derived state to check for loginCode presence and call isConfirmed(loginCode) instead of parsing URL query parameters.
Completion Flows packages/template/src/components-page/cli-auth-confirm.tsx (lines 113–116, 139–143, 171–178)	Added clearConfirmed() calls after auto-completing with current user and in authorize flows. Replaced markUrlConfirmed() with markConfirmed(loginCode) in anonymous and non-anonymous sign-in paths.
Tests packages/template/src/components-page/cli-auth-confirm.test.tsx (line 174)	Updated assertion to validate sessionStorage.getItem("stack-cli-auth-confirmed") equals "login-code" instead of checking URL query parameter.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 The bunny hops through sessions bright,
No query strings cluttering the night,
With storage keys so clear and clean,
The finest auth state ever seen! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	Description contains only the template comment with no substantive content explaining the changes, implementation details, or rationale.	Add a detailed description explaining the sessionStorage-based auth confirmation mechanism, why it replaces the URL parameter approach, and any testing or migration considerations.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	Title is vague and generic, using non-descriptive phrasing that doesn't convey the actual changes made to auth confirmation logic.	Clarify the title to reflect the actual changes, such as 'Replace URL-based CLI auth confirmation with sessionStorage mechanism' or 'Migrate CLI auth confirmation to sessionStorage-based tracking'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/small-component-ui-fix

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR replaces the URL query-parameter approach (?confirmed=true) for tracking CLI auth confirmation with a sessionStorage entry keyed by the loginCode. This avoids the previous issue where a stale confirmed=true in the URL could inadvertently trigger auto-completion for a different user.

• cli-auth-confirm.tsx: Introduces markConfirmed, isConfirmed, and clearConfirmed helpers that read/write sessionStorage[\"stack-cli-auth-confirmed\"]; the key is the loginCode value, so each auth flow can be distinguished even within the same tab.
• cli-auth-confirm.test.tsx: Updates the assertion from checking the URL search param to checking sessionStorage, but the afterEach teardown does not call sessionStorage.clear(), leaving the confirmation marker from the anonymous-session test visible to later tests that share the same login code.

Confidence Score: 4/5

Safe to merge with a minor fix: the afterEach teardown in the test file should call sessionStorage.clear() to prevent state from the anonymous-session test leaking into later tests.

The production logic is well-structured — switching to a sessionStorage key scoped to the loginCode cleanly avoids the stale-URL confirmation problem. The only concrete defect is in the test teardown: the anonymous-session test leaves sessionStorage["stack-cli-auth-confirmed"] = "login-code" intact, which would cause subsequent tests sharing the same login code URL to start with confirmed = true and trigger the auto-complete effect unexpectedly.

cli-auth-confirm.test.tsx — the afterEach block needs sessionStorage.clear() added.

Important Files Changed

Filename	Overview
packages/template/src/components-page/cli-auth-confirm.tsx	Replaces URL query-param-based confirmation marker with sessionStorage keyed by loginCode; logic and SSR guard are correct.
packages/template/src/components-page/cli-auth-confirm.test.tsx	Updates test assertion to match new sessionStorage marker, but afterEach omits sessionStorage.clear(), risking state leakage across tests.

Sequence Diagram

sequenceDiagram
    participant User
    participant CliAuthConfirmation
    participant sessionStorage
    participant StackApp

    User->>CliAuthConfirmation: click Authorize
    CliAuthConfirmation->>StackApp: postCliAuthComplete (mode: check)
    alt anonymous CLI session
        StackApp-->>CliAuthConfirmation: cli_session_state = anonymous
        CliAuthConfirmation->>StackApp: postCliAuthComplete (mode: claim-anon-session)
        StackApp-->>CliAuthConfirmation: access_token + refresh_token
        CliAuthConfirmation->>StackApp: signInWithTokens(...)
        CliAuthConfirmation->>sessionStorage: setItem(stack-cli-auth-confirmed, loginCode)
        CliAuthConfirmation->>StackApp: redirectToSignUp()
        Note over CliAuthConfirmation: Page reloads / navigates
        CliAuthConfirmation->>sessionStorage: getItem(stack-cli-auth-confirmed) == loginCode?
        sessionStorage-->>CliAuthConfirmation: true → confirmed = true
        CliAuthConfirmation->>StackApp: completeWithCurrentUser()
        CliAuthConfirmation->>sessionStorage: removeItem(stack-cli-auth-confirmed)
        CliAuthConfirmation-->>User: status = success
    else user already signed in
        StackApp-->>CliAuthConfirmation: user present
        CliAuthConfirmation->>StackApp: completeWithCurrentUser()
        CliAuthConfirmation-->>User: status = success
    else no user, not anonymous
        CliAuthConfirmation->>sessionStorage: setItem(stack-cli-auth-confirmed, loginCode)
        CliAuthConfirmation->>StackApp: redirectToSignIn()
    end

Loading

Comments Outside Diff (1)

1. packages/template/src/components-page/cli-auth-confirm.test.tsx, line 93-103 (link)

   Missing sessionStorage cleanup between tests

   The afterEach resets the URL and unmounts the root, but never clears sessionStorage. The "claims anonymous CLI sessions" test (line 150) asserts that sessionStorage.getItem("stack-cli-auth-confirmed") equals "login-code" and leaves that value behind. Any subsequent test using the same ?login_code=login-code URL will initialize confirmed = true via isConfirmed(loginCode), causing the auto-complete useEffect to fire unexpectedly — potentially triggering an extra completeWithCurrentUser() call or altering status before the authorize button is clicked.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: packages/template/src/components-page/cli-auth-confirm.test.tsx
   Line: 93-103
   
   Comment:
   **Missing `sessionStorage` cleanup between tests**
   
   The `afterEach` resets the URL and unmounts the root, but never clears `sessionStorage`. The "claims anonymous CLI sessions" test (line 150) asserts that `sessionStorage.getItem("stack-cli-auth-confirmed")` equals `"login-code"` and leaves that value behind. Any subsequent test using the same `?login_code=login-code` URL will initialize `confirmed = true` via `isConfirmed(loginCode)`, causing the auto-complete `useEffect` to fire unexpectedly — potentially triggering an extra `completeWithCurrentUser()` call or altering `status` before the authorize button is clicked.
   
   
   
   How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
packages/template/src/components-page/cli-auth-confirm.test.tsx:93-103
**Missing `sessionStorage` cleanup between tests**

The `afterEach` resets the URL and unmounts the root, but never clears `sessionStorage`. The "claims anonymous CLI sessions" test (line 150) asserts that `sessionStorage.getItem("stack-cli-auth-confirmed")` equals `"login-code"` and leaves that value behind. Any subsequent test using the same `?login_code=login-code` URL will initialize `confirmed = true` via `isConfirmed(loginCode)`, causing the auto-complete `useEffect` to fire unexpectedly — potentially triggering an extra `completeWithCurrentUser()` call or altering `status` before the authorize button is clicked.

```suggestion
  afterEach(() => {
    act(() => {
      root?.unmount();
    });
    container?.remove();
    root = null;
    container = null;
    vi.restoreAllMocks();
    sessionStorage.clear();
    window.history.replaceState({}, "", "/");
    Reflect.set(globalThis, "IS_REACT_ACT_ENVIRONMENT", previousActEnvironment);
  });
```

_{Reviews (1): Last reviewed commit: "small component ui fix" | Re-trigger Greptile}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/template/src/components-page/cli-auth-confirm.test.tsx (1)

93-103: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Clear sessionStorage in afterEach to prevent test cross-contamination.

The migration to sessionStorage means the "stack-cli-auth-confirmed" key now persists between tests in the same jsdom environment. The "claims anonymous CLI sessions…" test at line 174 writes "login-code", but the afterEach only resets window.history, mocks, and the act environment — not storage.

If a future test (or a reorder) runs after that case with login_code=login-code, the initial confirmed state in useCliAuthConfirmation will be true, the auto-complete useEffect will fire on render, and assertions like expect(sendRequest).toHaveBeenCalledOnce() in the first two tests would silently break.

🧪 Suggested cleanup

   afterEach(() => {
     act(() => {
       root?.unmount();
     });
     container?.remove();
     root = null;
     container = null;
     vi.restoreAllMocks();
     window.history.replaceState({}, "", "/");
+    sessionStorage.clear();
     Reflect.set(globalThis, "IS_REACT_ACT_ENVIRONMENT", previousActEnvironment);
   });

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/template/src/components-page/cli-auth-confirm.test.tsx` around lines
93 - 103, The tests leave the sessionStorage key "stack-cli-auth-confirmed" set
between cases which causes useCliAuthConfirmation's initial confirmed state and
subsequent effects to leak across tests; update the afterEach block (the
teardown where afterEach unmounts root, removes container, restores mocks and
resets history/act environment) to also clear sessionStorage (or explicitly
removeItem("stack-cli-auth-confirmed")) so each test starts with a clean storage
state and the auto-complete useEffect in useCliAuthConfirmation cannot fire from
prior tests.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@packages/template/src/components-page/cli-auth-confirm.test.tsx`:
- Around line 93-103: The tests leave the sessionStorage key
"stack-cli-auth-confirmed" set between cases which causes
useCliAuthConfirmation's initial confirmed state and subsequent effects to leak
across tests; update the afterEach block (the teardown where afterEach unmounts
root, removes container, restores mocks and resets history/act environment) to
also clear sessionStorage (or explicitly removeItem("stack-cli-auth-confirmed"))
so each test starts with a clean storage state and the auto-complete useEffect
in useCliAuthConfirmation cannot fire from prior tests.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ac827a5d-fba0-433a-9734-35ed8a2123c0

📥 Commits

Reviewing files that changed from the base of the PR and between 24245ae and 547540c.

📒 Files selected for processing (2)

• packages/template/src/components-page/cli-auth-confirm.test.tsx
• packages/template/src/components-page/cli-auth-confirm.tsx