fix: migrate auth views to Apsara v1 and add /client subpath export

[rohanchkrabrty]

Summary

• Migrated auth views (SignIn, SignUp, MagicLinkVerify, Subscribe, Updates) to Apsara v1 under views-new/auth, organized as per-view folders with a shared auth/components/ directory
• Added a new @raystack/frontier/client subpath export for v1-only views/components, with separate tsup entries to keep /react (legacy) and /client (new) bundles fully independent
• Trimmed views-new/* and v1 component exports out of react/index.ts so the legacy entry only exposes the old API
• Updated client-demo to import auth pages and views from /client, and to use Apsara v1 directly (no alias) — including DropdownMenu→Menu, toast→toastManager, and adding Toast.Provider
• Auth views are router-agnostic (use window.location for redirects) so they work outside any router context

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
frontier	Ready	Preview, Comment	Apr 30, 2026 9:37am

[coderabbitai]

Warning

Rate limit exceeded

@rohanchkrabrty has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 42 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b518becc-030d-432d-83f4-6c0b6fdcd487

📥 Commits

Reviewing files that changed from the base of the PR and between 45a40ed and a5871ca.

⛔ Files ignored due to path filters (1)

• web/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (26)

• web/apps/admin/src/layout/auth.tsx
• web/apps/client-demo/src/App.tsx
• web/apps/client-demo/src/Router.tsx
• web/apps/client-demo/src/pages/Home.tsx
• web/apps/client-demo/src/pages/Organization.tsx
• web/sdk/package.json
• web/sdk/react/client.ts
• web/sdk/react/components/auth-container/auth-container.tsx
• web/sdk/react/components/auth-header/auth-header.module.css
• web/sdk/react/components/auth-header/auth-header.tsx
• web/sdk/react/components/auth-oidc-button/auth-oidc-button.module.css
• web/sdk/react/hooks/useSessionsV1.ts
• web/sdk/react/hooks/useTokensV1.ts
• web/sdk/react/views-new/auth/sign-in/sign-in-view.module.css
• web/sdk/react/views-new/auth/sign-in/sign-in-view.tsx
• web/sdk/react/views-new/auth/sign-up/sign-up-view.module.css
• web/sdk/react/views-new/auth/sign-up/sign-up-view.tsx
• web/sdk/react/views-new/billing/components/confirm-cycle-switch-dialog.tsx
• web/sdk/react/views-new/create-organization/create-organization-view.module.css
• web/sdk/react/views-new/create-organization/create-organization-view.tsx
• web/sdk/react/views-new/create-organization/index.ts
• web/sdk/react/views-new/preferences/preferences-view.tsx
• web/sdk/react/views-new/sessions/components/revoke-session-dialog.tsx
• web/sdk/react/views-new/sessions/sessions-view.tsx
• web/sdk/react/views-new/tokens/tokens-view.tsx
• web/sdk/tsup.config.ts

📝 Walkthrough

Walkthrough

The PR introduces a new ./client export entrypoint for the Frontier SDK that re-exports UI components, views, and hooks optimized for client-side usage. It updates the client-demo app and SDK to use this entrypoint instead of the React package entry, adds Toast.Provider to the root component hierarchy with conditional rendering capabilities, upgrades the APSARA dependency to v1.0.0-rc.2, and expands the build configuration to generate a separate client bundle with the 'use client' banner.

Changes

Cohort / File(s)	Summary
Dependency updates web/apps/client-demo/package.json	Upgrades @raystack/apsara from 0.56.6 to 1.0.0-rc.2 pre-release version.
SDK configuration and exports web/sdk/package.json, web/sdk/react/index.ts, web/sdk/react/client.ts, web/sdk/tsup.config.ts	Adds ./client subpath export wiring to built client artifacts, creates new client.ts entrypoint re-exporting all view components and hooks, removes v1-specific imports from main barrel, and extends tsup to build separate client bundle with 'use client' banner and CSS modules support.
FrontierProvider enhancements web/sdk/react/contexts/FrontierProvider.tsx, web/sdk/shared/types.ts	Adds conditional ThemeProvider and Toast.Provider rendering via new renderThemeProvider and renderToastProvider boolean props, introduces OptionalProvider helper component for generic provider wrapping.
New auth UI components web/sdk/react/components/auth-container/..., web/sdk/react/components/auth-header/..., web/sdk/react/components/auth-oidc-button/...	Introduces reusable auth layout containers, headers with logo/title, and OIDC provider buttons with logo mapping and styling.
New auth views web/sdk/react/views-new/auth/sign-in/..., web/sdk/react/views-new/auth/sign-up/...	Adds SignInView and SignUpView components that list auth strategies, render OIDC buttons, conditionally include magic-link auth, and handle authentication mutations with redirects.
New supplementary auth views web/sdk/react/views-new/auth/magic-link/..., web/sdk/react/views-new/auth/magic-link-verify/..., web/sdk/react/views-new/auth/subscribe/..., web/sdk/react/views-new/auth/updates/...	Adds magic-link OTP flow views, prospect subscription form with Yup validation, and newsletter preference toggle with loading state.
Client-demo app core setup web/apps/client-demo/src/App.tsx, web/apps/client-demo/src/config/frontier.ts, web/apps/client-demo/src/contexts/auth/provider.tsx	Initializes Toast.Provider at root level inside FrontierProvider, switches all imports from @raystack/frontier/react to @raystack/frontier/client.
Client-demo auth pages web/apps/client-demo/src/pages/Login.tsx, web/apps/client-demo/src/pages/Signup.tsx, web/apps/client-demo/src/pages/MagiclinkVerify.tsx, web/apps/client-demo/src/pages/Subscribe.tsx, web/apps/client-demo/src/pages/Updates.tsx	Replaces React-facing components (SignIn, SignUp, MagicLinkVerify, Subscribe, Updates) with client view exports (*View), switches to client import entrypoint.
Client-demo home page web/apps/client-demo/src/pages/Home.tsx	Migrates navbar dropdowns from DropdownMenu to Menu component, updates toast notifications to use toastManager.add with structured title/description, switches imports to client entrypoint.
Client-demo settings pages web/apps/client-demo/src/pages/settings/...	Uniformly switches all view component imports from @raystack/frontier/react to @raystack/frontier/client (BillingView, GeneralView, MembersView, TokensView, ProfileView, SecurityView, ProjectsView, etc.).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: members page revamp #1488: Both PRs add and export new client-side views and UI components (ImageUpload, ViewContainer, ViewHeader, various views) and update client-demo imports to the new client entrypoint.
• feat: preferences settings revamp #1483: Both PRs introduce and wire the same SDK view components (GeneralView, PreferencesView, ViewContainer, ViewHeader, ImageUpload) and adjust client-demo to consume these client-side view exports.
• feat: SDK general page design revamp #1480: This PR creates the new ./client export entrypoint re-exporting view components and hooks that were introduced in the retrieved PR.

Suggested reviewers

• rsbh
• rohilsurana

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 8 minutes and 42 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 10

🧹 Nitpick comments (9)

web/sdk/react/views-new/auth/components/auth-header.module.css (1)

11-15: Consider preventing logo stretching for non-square assets.

With fixed dimensions, non-square logos can appear distorted. Adding object-fit makes this more resilient.

Proposed tweak

 .logo {
   border-radius: var(--rs-space-3);
   width: 80px;
   height: 80px;
+  object-fit: contain;
 }

web/sdk/react/views-new/auth/components/oidc-button.tsx (1)

13-31: Props from HTMLProps<HTMLButtonElement> are not forwarded to the Button.

The component type accepts HTMLProps<HTMLButtonElement>, but only onClick and provider are destructured and used. Other props like className, disabled, aria-*, and custom data-test-id passed by callers (e.g., sign-up-view.tsx line 72 passes data-test-id="frontier-sdk-signup-page-oidc-btn") are silently ignored.

Additionally, the hardcoded data-test-id="frontier-sdk-oidc-logo-btn" on line 19 conflicts with caller-provided test IDs.

♻️ Spread remaining props to the Button

-export const OIDCButton = ({ onClick, provider }: OIDCButtonProps) => (
+export const OIDCButton = ({ onClick, provider, ...rest }: OIDCButtonProps) => (
   <Button
     variant="outline"
     color="neutral"
     className={styles.button}
     onClick={onClick}
-    data-test-id="frontier-sdk-oidc-logo-btn"
+    data-test-id="frontier-sdk-oidc-logo-btn"
+    {...rest}
   >

web/sdk/react/views-new/auth/sign-up/sign-up-view.tsx (1)

66-75: Use strategy name as key instead of array index.

Using index as key can cause issues if the strategies list changes order or items are added/removed. Strategy names are unique identifiers and should be used as keys.

♻️ Use strategy name as key

         {filteredOIDC.map((s, index) => {
           return (
             <OIDCButton
-              key={index}
+              key={s.name}
               onClick={() => clickHandler(s.name)}
               provider={s.name || ''}
               data-test-id="frontier-sdk-signup-page-oidc-btn"
             />
           );
         })}

web/sdk/react/views-new/auth/sign-in/sign-in-view.tsx (2)

68-77: Use strategy name as key instead of array index.

Same issue as in sign-up-view.tsx - using index as key can cause rendering issues.

♻️ Use strategy name as key

         {filteredOIDC.map((s, index) => {
           return (
             <OIDCButton
-              key={index}
+              key={s.name}
               onClick={() => clickHandler(s.name)}
               provider={s.name || ''}
               data-test-id="frontier-sdk-oidc-btn"
             />
           );
         })}

---

41-57: Consider extracting shared authentication logic.

SignInView and SignUpView share nearly identical code for:

• Strategy querying and filtering (lines 32-35, 59-62)
• The clickHandler implementation (lines 41-57)
• OIDC button rendering pattern

Consider extracting this into a shared hook (e.g., useAuthStrategies) to reduce duplication and ensure consistent behavior.

web/sdk/react/views-new/auth/subscribe/subscribe-view.tsx (1)

26-42: Phone number validation regex is overly permissive.

The regex /^[+\d\s\-()]+$/ allows strings composed entirely of whitespace, parentheses, or dashes (e.g., "---", "( )"), which are not valid phone numbers. Consider adding a check that at least one digit is present.

🔧 Suggested refinement

     .test(
       'digits-only',
       'Must contain only numbers with country code',
       value => {
         if (!value?.trim()) return true;
-        return /^[+\d\s\-()]+$/.test(value);
+        return /^[+\d\s\-()]+$/.test(value) && /\d/.test(value);
       }
     )

web/sdk/react/views-new/auth/components/magic-link-form.tsx (2)

19-22: children prop is declared but never used.

The MagicLinkFormProps type declares children?: ReactNode, but the component never renders or references it. Either remove the unused prop or implement its intended usage.

🔧 Remove unused prop

 type MagicLinkFormProps = {
   open?: boolean;
-  children?: ReactNode;
 };

---

74-77: Use window.location.href instead of @ts-ignore.

Assigning directly to window.location requires a @ts-ignore because TypeScript expects a Location object. Use window.location.href for a cleaner redirect without suppressing type errors.

🔧 Proposed fix

-        // `@ts-ignore`
-        window.location = `${
+        window.location.href = `${
           config.redirectMagicLinkVerify
         }?${searchParams.toString()}`;

web/sdk/react/client.ts (1)

1-2: Consider CSS import order: normalize before style.

Typically, CSS normalization/reset should be imported before component styles to ensure consistent base styling. Consider swapping the order so normalize.css loads first.

🔧 Suggested order

-import '@raystack/apsara-v1/style.css';
-import '@raystack/apsara-v1/normalize.css';
+import '@raystack/apsara-v1/normalize.css';
+import '@raystack/apsara-v1/style.css';

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e96a7534-b936-4b12-aa33-f7c0f1ae26cb

📥 Commits

Reviewing files that changed from the base of the PR and between f44657d and c6e29e8.

⛔ Files ignored due to path filters (1)

• web/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (52)

• web/apps/client-demo/package.json
• web/apps/client-demo/src/App.tsx
• web/apps/client-demo/src/config/frontier.ts
• web/apps/client-demo/src/contexts/auth/provider.tsx
• web/apps/client-demo/src/pages/Home.tsx
• web/apps/client-demo/src/pages/Login.tsx
• web/apps/client-demo/src/pages/MagiclinkVerify.tsx
• web/apps/client-demo/src/pages/Settings.tsx
• web/apps/client-demo/src/pages/Signup.tsx
• web/apps/client-demo/src/pages/Subscribe.tsx
• web/apps/client-demo/src/pages/Updates.tsx
• web/apps/client-demo/src/pages/settings/Billing.tsx
• web/apps/client-demo/src/pages/settings/General.tsx
• web/apps/client-demo/src/pages/settings/Members.tsx
• web/apps/client-demo/src/pages/settings/PatDetails.tsx
• web/apps/client-demo/src/pages/settings/Pats.tsx
• web/apps/client-demo/src/pages/settings/Plans.tsx
• web/apps/client-demo/src/pages/settings/Preferences.tsx
• web/apps/client-demo/src/pages/settings/Profile.tsx
• web/apps/client-demo/src/pages/settings/ProjectDetails.tsx
• web/apps/client-demo/src/pages/settings/Projects.tsx
• web/apps/client-demo/src/pages/settings/Security.tsx
• web/apps/client-demo/src/pages/settings/ServiceAccountDetails.tsx
• web/apps/client-demo/src/pages/settings/ServiceAccounts.tsx
• web/apps/client-demo/src/pages/settings/Sessions.tsx
• web/apps/client-demo/src/pages/settings/TeamDetails.tsx
• web/apps/client-demo/src/pages/settings/Teams.tsx
• web/apps/client-demo/src/pages/settings/Tokens.tsx
• web/sdk/package.json
• web/sdk/react/client.ts
• web/sdk/react/contexts/FrontierProvider.tsx
• web/sdk/react/index.ts
• web/sdk/react/views-new/auth/components/auth-container.module.css
• web/sdk/react/views-new/auth/components/auth-container.tsx
• web/sdk/react/views-new/auth/components/auth-header.module.css
• web/sdk/react/views-new/auth/components/auth-header.tsx
• web/sdk/react/views-new/auth/components/magic-link-form.module.css
• web/sdk/react/views-new/auth/components/magic-link-form.tsx
• web/sdk/react/views-new/auth/components/oidc-button.module.css
• web/sdk/react/views-new/auth/components/oidc-button.tsx
• web/sdk/react/views-new/auth/index.ts
• web/sdk/react/views-new/auth/magic-link-verify/magic-link-verify-view.module.css
• web/sdk/react/views-new/auth/magic-link-verify/magic-link-verify-view.tsx
• web/sdk/react/views-new/auth/sign-in/sign-in-view.module.css
• web/sdk/react/views-new/auth/sign-in/sign-in-view.tsx
• web/sdk/react/views-new/auth/sign-up/sign-up-view.module.css
• web/sdk/react/views-new/auth/sign-up/sign-up-view.tsx
• web/sdk/react/views-new/auth/subscribe/subscribe-view.module.css
• web/sdk/react/views-new/auth/subscribe/subscribe-view.tsx
• web/sdk/react/views-new/auth/updates/updates-view.module.css
• web/sdk/react/views-new/auth/updates/updates-view.tsx
• web/sdk/tsup.config.ts

💤 Files with no reviewable changes (1)

• web/sdk/react/index.ts

[coveralls]

Coverage Report for CI Build 25158355293

Coverage remained the same at 41.963%

Details

• Coverage remained the same as the base build.
• Patch coverage: No coverable lines changed in this PR.
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	37254
Covered Lines:	15633
Line Coverage:	41.96%
Coverage Strength:	11.88 hits per line

---

💛 - Coveralls

[coderabbitai]

Actionable comments posted: 2

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6b40236b-eff8-4705-a6f5-5dfa72ff4bc8

📥 Commits

Reviewing files that changed from the base of the PR and between c6e29e8 and 45a40ed.

📒 Files selected for processing (25)

• web/sdk/react/client.ts
• web/sdk/react/components/auth-container/auth-container.module.css
• web/sdk/react/components/auth-container/auth-container.tsx
• web/sdk/react/components/auth-container/index.ts
• web/sdk/react/components/auth-header/auth-header.module.css
• web/sdk/react/components/auth-header/auth-header.tsx
• web/sdk/react/components/auth-header/index.ts
• web/sdk/react/components/auth-oidc-button/auth-oidc-button.module.css
• web/sdk/react/components/auth-oidc-button/auth-oidc-button.tsx
• web/sdk/react/components/auth-oidc-button/index.ts
• web/sdk/react/contexts/FrontierProvider.tsx
• web/sdk/react/index.ts
• web/sdk/react/views-new/auth/magic-link-verify/index.ts
• web/sdk/react/views-new/auth/magic-link-verify/magic-link-verify-view.tsx
• web/sdk/react/views-new/auth/magic-link/index.ts
• web/sdk/react/views-new/auth/magic-link/magic-link-view.module.css
• web/sdk/react/views-new/auth/magic-link/magic-link-view.tsx
• web/sdk/react/views-new/auth/sign-in/index.ts
• web/sdk/react/views-new/auth/sign-in/sign-in-view.tsx
• web/sdk/react/views-new/auth/sign-up/index.ts
• web/sdk/react/views-new/auth/sign-up/sign-up-view.tsx
• web/sdk/react/views-new/auth/subscribe/index.ts
• web/sdk/react/views-new/auth/updates/index.ts
• web/sdk/react/views-new/auth/updates/updates-view.tsx
• web/sdk/shared/types.ts

💤 Files with no reviewable changes (1)

• web/sdk/react/index.ts

✅ Files skipped from review due to trivial changes (11)

• web/sdk/react/components/auth-oidc-button/auth-oidc-button.module.css
• web/sdk/react/views-new/auth/sign-in/index.ts
• web/sdk/react/components/auth-container/index.ts
• web/sdk/react/components/auth-container/auth-container.module.css
• web/sdk/react/components/auth-header/index.ts
• web/sdk/react/views-new/auth/updates/index.ts
• web/sdk/react/views-new/auth/magic-link/index.ts
• web/sdk/react/components/auth-header/auth-header.module.css
• web/sdk/react/views-new/auth/magic-link/magic-link-view.module.css
• web/sdk/react/views-new/auth/sign-up/index.ts
• web/sdk/react/components/auth-oidc-button/index.ts

🚧 Files skipped from review as they are similar to previous changes (4)

• web/sdk/react/views-new/auth/sign-up/sign-up-view.tsx
• web/sdk/react/views-new/auth/sign-in/sign-in-view.tsx
• web/sdk/react/views-new/auth/magic-link-verify/magic-link-verify-view.tsx
• web/sdk/react/contexts/FrontierProvider.tsx