feat: add Clerk authentication with E2E tests

[michellepace]

Summary

• Integrates Clerk authentication with sign-in/sign-up pages using the shadcn theme
• Adds auth UI to navbar (Sign in/Sign up buttons when signed out, UserButton when signed in)
• Implements Next.js 16 proxy (middleware) for Clerk route protection
• Adds E2E smoke test for complete sign-in/sign-out flow using @clerk/testing

Technical Details

Route Groups:

• (auth) group with dedicated layout featuring auth background images
• (root) group for authenticated app content
• Catch-all routes [[...sign-in]] and [[...sign-up]] for Clerk's multi-step flows

Next.js 16 PPR Compatibility:

• Uses await connection() to force dynamic rendering on auth pages (fixes static generation errors)
• ClerkProvider wrapped in Suspense boundary for PPR support

CI/CD Improvements:

• Added npm run build to pre-push hook to catch static generation errors locally
• E2E workflow configured with Clerk testing credentials

Test Plan

• Verify sign-in flow works on preview deployment
• Verify sign-out returns user to unauthenticated state
• Confirm theme toggle and navbar render correctly with auth state
• Check auth pages display correctly with background images

Note

E2E tests on Vercel preview currently fail because repository_dispatch runs workflows from main, which lacks the Clerk env vars. This is a one-time bootstrap issue that resolves after merge.

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
devflow	Ready	Preview	Comment	Dec 10, 2025 11:08pm

[coderabbitai]

Summary by CodeRabbit

Release Notes

• New Features

  • Added user authentication system with dedicated sign-in and sign-up pages.
  • Integrated user account menu in the navigation bar.
  • Added theme-aware auth layout with background images.

• Improvements

  • Restructured navigation bar with authentication UI components.
  • Enhanced end-to-end testing for authentication workflows.

• Documentation

  • Added guides for authentication setup and configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Integrates Clerk authentication across the app: adds sign-in/sign-up routes and layouts, a ClerkProvider, middleware proxy, Playwright global setup and auth E2E tests, CI env vars, dependency updates, navbar auth UI, styling tweaks, docs, and ancillary config changes.

Changes

Cohort / File(s)	Summary
Auth routes & layouts app/(auth)/layout.tsx, app/(auth)/sign-in/[[...sign-in]]/page.tsx, app/(auth)/sign-up/[[...sign-up]]/page.tsx	New AuthLayout and SignIn/SignUp pages rendering Clerk components with theme-aware backgrounds.
Root layout & globals app/layout.tsx, app/(root)/layout.tsx, app/globals.css, app/old.globals.css	Root layout refactored to use Clerk, Suspense and Google fonts; globals import Clerk theme; old globals cleaned of !important rules.
Clerk integration components components/clerk-provider.tsx, components/navigation/navbar/index.tsx, components/navigation/theme-toggle.tsx	New ClerkProvider wrapper (default shadcn appearance); navbar shows SignedIn/SignedOut UI and auth buttons; theme-toggle sizing adjusted.
Middleware proxy.ts	New Next.js middleware exporting Clerk middleware and route matcher config.
E2E tests & Playwright setup e2e/auth.spec.ts, e2e/global.setup.ts, e2e/homepage.spec.ts, playwright.config.ts	New auth smoke test (email/password/OTP handling), global setup wired to @clerk/testing, homepage title regex tweak, and Playwright setup project added.
CI / Workflows & hooks .github/workflows/test-e2e.yml, .github/workflows/test-e2e-vercel.yml, lefthook.yml	CI steps now inject Clerk/E2E secrets; pre-push hook added to run build with parallel disabled.
Dependencies & config package.json, next.config.ts, components.json, biome.json	Added @clerk packages and testing deps, enabled typedRoutes: true, added Clerk registry entry, and adjusted biome includes.
Docs & misc CLAUDE.md, README.md, .gitignore, x_docs/own/*, .claude/settings.json, .claude/commands/coderabbit.md	Vercel/CLI docs updated, new Clerk E2E setup docs, temporary docs ignored, .claude settings expanded, and coderabbit command filename updated.
Tests (deps referenced) e2e/*, package.json	E2E test additions and Playwright/testing dev dependency updates referenced in package.json.

Sequence Diagram(s)

sequenceDiagram
    participant Browser as User Browser
    participant Next as Next.js App
    participant Clerk as Clerk Auth Service
    participant Playwright as E2E Test Runner

    Browser->>Next: GET /sign-in or /sign-up
    Next->>Next: Render SignIn/SignUp inside ClerkProvider (server-side)
    Playwright->>Next: Inject test token via global setup (before tests)
    Browser->>Clerk: Submit email & password (Clerk component)
    Clerk->>Clerk: Validate credentials (may trigger OTP)
    alt OTP required
        Browser->>Clerk: Enter OTP token
        Clerk->>Clerk: Verify OTP
    end
    Clerk-->>Browser: Set session / auth cookies
    Browser->>Next: Request authenticated UI
    Next->>Next: Render SignedIn UI (UserButton)
    Playwright->>Browser: Assert authenticated state and sign-out flow

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Pay attention to e2e/auth.spec.ts OTP handling and timeouts.
• Verify ClerkProvider appearance merging and prop forwarding in components/clerk-provider.tsx.
• Confirm proxy.ts matcher rules correctly include/exclude API/trpc/static routes.
• Audit app/layout.tsx provider nesting and metadata changes.
• Validate CI workflow secrets and lefthook pre-push build implications.

Possibly related PRs

• feature: add navbar with shadcn/ui theming #4 — Overlapping navbar, theme and layout edits that may conflict with the new auth UI integration.
• Template cleanup and course alignment #3 — Similar layout/global style and E2E test edits; merge order may affect conflicts.
• Add project assets and update dependencies #2 — Documentation and biome.json changes that overlap with added docs and includes.

Poem

I hopped through code with eager paws,
I stitched the sign-in, fixed the saws,
OTP beeps, tests hum through the night,
A themed auth page, tidy and bright — 🐰✨
I nibble bugs and make it right.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and concisely describes the main objective: integrating Clerk authentication and adding E2E tests, which aligns perfectly with the changeset.
Description check	✅ Passed	The PR description comprehensively details the authentication integration, route structure, Next.js 16 compatibility considerations, CI/CD improvements, and E2E testing implementation.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch authentication

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5adbee and dbac04c.

📒 Files selected for processing (2)

• .github/workflows/test-e2e.yml (1 hunks)
• x_docs/own/setup-clerk-secrets.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js,jsx,md}

📄 CodeRabbit inference engine (CLAUDE.md)

Use British English spelling and conventions throughout the project

Files:

• x_docs/own/setup-clerk-secrets.md

🧠 Learnings (2)

📓 Common learnings

Learnt from: michellepace
Repo: michellepace/devflow PR: 7
File: components/navigation/navbar/index.tsx:1-12
Timestamp: 2025-12-10T20:20:46.607Z
Learning: Clerk's Next.js components (SignedIn, SignedOut, SignInButton, SignUpButton, UserButton) exported from clerk/nextjs are designed to work in Server Components without requiring a "use client" directive in the consuming component, as they handle the client/server boundary internally with their own directives.

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to **/tests/e2e/** : Use Playwright for E2E tests

Applied to files:

• x_docs/own/setup-clerk-secrets.md
• .github/workflows/test-e2e.yml

🪛 LanguageTool

x_docs/own/setup-clerk-secrets.md

[uncategorized] ~63-~63: The official name of this software platform is spelled with a capital “H”.
Context: ..._TEST_OTP|424242 | The workflows (.github/workflows/test-e2e.ymlandtest-e2e-v...

(GITHUB)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run E2E Tests

🔇 Additional comments (3)

.github/workflows/test-e2e.yml (1)

47-49: Environment variable scoping is correct; secrets integration aligns with documentation.

The workflow properly scopes Clerk credentials: NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY for client-side build access, and both CLERK_PUBLISHABLE_KEY and CLERK_SECRET_KEY for server-side build and test execution. All environment variables reference GitHub secrets and align with the setup guide in x_docs/own/setup-clerk-secrets.md.

Also applies to: 54-59

x_docs/own/setup-clerk-secrets.md (2)

5-12: Clear explanation of @clerk/testing token flow; aligns with Clerk's documented testing pattern.

The "How It Works" section accurately describes the three-step token injection and bot detection bypass. This explanation will help developers understand why the environment variables and global setup are necessary.

---

65-88: Vercel preview deployment explanation is thorough and clarifies secret scope correctly.

The section correctly explains that test credentials (E2E_TEST_*) are stored in GitHub Secrets and that Playwright uses those secrets when connecting to the preview URL over the network. This avoids a common misconfiguration where developers incorrectly attempt to set test credentials on Vercel itself.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

app/old.globals.css (1)

361-397: Markdown code/word-breaking tweaks look good; consider tightening selector scope

Switching from aggressive word-break: break-all–style behaviour to word-break: break-word with hyphenation keeps long links and code from overflowing whilst avoiding awkward mid-word breaks. The combination of color: #ff7000 for inline code and color: inherit for .markdown pre code neatly differentiates inline snippets from code blocks, and removing !important on the lexical editor height/overflow should play better with upstream styles.

One improvement you might consider while you are here: the selector .markdown a, code means all code elements globally inherit these rules, not just those inside .markdown. If that is unintentional, scoping it to .markdown a, .markdown code would avoid surprising styling in non-markdown contexts.

CLAUDE.md (1)

26-41: Docs additions are helpful; minor Playwright typo

The extra Vercel CLI commands and Next.js 16 notes make this doc more actionable and align with the current project setup. One small nit while you are here: in the tech stack above, "PlayWright" should be "Playwright" for correct tool naming.

app/layout.tsx (1)

27-52: Add 'use client' directive or restructure ClerkProvider placement for root layout.

The current structure wraps <ClerkProvider> at the root layout level without a 'use client' directive. Since the root layout is a server component by default and ClerkProvider requires client context, this configuration is invalid.

Per Clerk's Next.js 16 + PPR best practices, either:

1. Add 'use client' at the top of app/layout.tsx if ClerkProvider remains here, or
2. Move ClerkProvider to nested layouts that need authentication, wrapping each with <Suspense> and using <ClerkProvider dynamic> to keep the root layout static for PPR benefits.

The second approach is recommended to avoid opting the entire application into dynamic rendering.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ca75fa0 and e26fad6.

⛔ Files ignored due to path filters (27)

• package-lock.json is excluded by !**/package-lock.json
• x_docs/figma/auth/dark-signin1_nobg.png is excluded by !**/*.png
• x_docs/figma/auth/dark-signin1_withbg.jpg is excluded by !**/*.jpg
• x_docs/figma/auth/dark-signin2_nobg.png is excluded by !**/*.png
• x_docs/figma/auth/dark-signin2_withbg.jpg is excluded by !**/*.jpg
• x_docs/figma/auth/dark-signup_nobg.png is excluded by !**/*.png
• x_docs/figma/auth/dark-signup_withbg.jpg is excluded by !**/*.jpg
• x_docs/figma/auth/light-signin1_nobg.png is excluded by !**/*.png
• x_docs/figma/auth/light-signin1_withbg.jpg is excluded by !**/*.jpg
• x_docs/figma/auth/light-signin2_nobg.png is excluded by !**/*.png
• x_docs/figma/auth/light-signin2_withbg.jpg is excluded by !**/*.jpg
• x_docs/figma/auth/light-signup_nobg.png is excluded by !**/*.png
• x_docs/figma/auth/light-signup_withbg.jpg is excluded by !**/*.jpg
• x_docs/figma/dark-bg.jpg is excluded by !**/*.jpg
• x_docs/figma/dark-home.png is excluded by !**/*.png
• x_docs/figma/dark-profile.png is excluded by !**/*.png
• x_docs/figma/dark-qna.png is excluded by !**/*.png
• x_docs/figma/dark-search.png is excluded by !**/*.png
• x_docs/figma/light-bg.jpg is excluded by !**/*.jpg
• x_docs/figma/light-home.png is excluded by !**/*.png
• x_docs/figma/light-profile.png is excluded by !**/*.png
• x_docs/figma/light-qna.png is excluded by !**/*.png
• x_docs/figma/light-search.png is excluded by !**/*.png
• x_docs/figma/mobile/dark-nav_close.png is excluded by !**/*.png
• x_docs/figma/mobile/dark-nav_open.png is excluded by !**/*.png
• x_docs/figma/mobile/light-nav_close.png is excluded by !**/*.png
• x_docs/figma/mobile/light-nav_open.png is excluded by !**/*.png

📒 Files selected for processing (29)

• .claude/settings.json (4 hunks)
• .github/workflows/test-e2e-vercel.yml (1 hunks)
• .github/workflows/test-e2e.yml (1 hunks)
• .gitignore (1 hunks)
• CLAUDE.md (2 hunks)
• README.md (1 hunks)
• app/(auth)/layout.tsx (1 hunks)
• app/(auth)/sign-in/[[...sign-in]]/page.tsx (1 hunks)
• app/(auth)/sign-up/[[...sign-up]]/page.tsx (1 hunks)
• app/(root)/layout.tsx (1 hunks)
• app/globals.css (1 hunks)
• app/layout.tsx (2 hunks)
• app/old.globals.css (5 hunks)
• biome.json (1 hunks)
• components.json (1 hunks)
• components/clerk-provider.tsx (1 hunks)
• components/navigation/navbar/index.tsx (2 hunks)
• components/navigation/theme-toggle.tsx (1 hunks)
• e2e/auth.spec.ts (1 hunks)
• e2e/global.setup.ts (1 hunks)
• e2e/homepage.spec.ts (1 hunks)
• lefthook.yml (1 hunks)
• next.config.ts (1 hunks)
• package.json (1 hunks)
• playwright.config.ts (2 hunks)
• proxy.ts (1 hunks)
• x_docs/own/WORDS.md (1 hunks)
• x_docs/own/flex_grid_layout.md (1 hunks)
• x_docs/own/setup-clerk-secrets.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{ts,tsx,js,jsx,md}

📄 CodeRabbit inference engine (CLAUDE.md)

Use British English spelling and conventions throughout the project

Files:

• README.md
• e2e/homepage.spec.ts
• app/(root)/layout.tsx
• app/(auth)/sign-in/[[...sign-in]]/page.tsx
• x_docs/own/WORDS.md
• CLAUDE.md
• app/(auth)/layout.tsx
• x_docs/own/setup-clerk-secrets.md
• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• x_docs/own/flex_grid_layout.md
• app/layout.tsx
• next.config.ts
• components/navigation/navbar/index.tsx
• playwright.config.ts
• e2e/auth.spec.ts
• proxy.ts
• components/clerk-provider.tsx
• e2e/global.setup.ts
• components/navigation/theme-toggle.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Avoid manual useMemo/useCallback unless profiling shows need

Files:

• e2e/homepage.spec.ts
• app/(root)/layout.tsx
• app/(auth)/sign-in/[[...sign-in]]/page.tsx
• app/(auth)/layout.tsx
• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx
• next.config.ts
• components/navigation/navbar/index.tsx
• playwright.config.ts
• e2e/auth.spec.ts
• proxy.ts
• components/clerk-provider.tsx
• e2e/global.setup.ts
• components/navigation/theme-toggle.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Always use @/ import aliases, even for sibling imports (e.g., @/app/fonts instead of ./fonts)

Files:

• e2e/homepage.spec.ts
• app/(root)/layout.tsx
• app/(auth)/sign-in/[[...sign-in]]/page.tsx
• app/(auth)/layout.tsx
• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx
• next.config.ts
• components/navigation/navbar/index.tsx
• playwright.config.ts
• e2e/auth.spec.ts
• proxy.ts
• components/clerk-provider.tsx
• e2e/global.setup.ts
• components/navigation/theme-toggle.tsx

app/**

📄 CodeRabbit inference engine (CLAUDE.md)

Use Next.js 16 App Router (not Pages Router) for routing

Files:

• app/(root)/layout.tsx
• app/old.globals.css
• app/(auth)/sign-in/[[...sign-in]]/page.tsx
• app/(auth)/layout.tsx
• app/globals.css
• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx

app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Only add "use client" directive when interactivity is needed

Files:

• app/(root)/layout.tsx
• app/(auth)/sign-in/[[...sign-in]]/page.tsx
• app/(auth)/layout.tsx
• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx

**/*.{css,postcss}

📄 CodeRabbit inference engine (CLAUDE.md)

Use Tailwind v4 @import syntax (@import "tailwindcss") instead of @tailwind directives

Files:

• app/old.globals.css
• app/globals.css

app/**/page.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Dynamic route params is a Promise and must be awaited in page components

Files:

• app/(auth)/sign-in/[[...sign-in]]/page.tsx
• app/(auth)/sign-up/[[...sign-up]]/page.tsx

🧠 Learnings (6)

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Use Lefthook for Git hooks with pre-commit checks (lint, typecheck, unit tests) and pre-push E2E tests

Applied to files:

• README.md
• CLAUDE.md
• lefthook.yml

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to **/*.test.{ts,tsx} : Use Vitest for unit tests

Applied to files:

• README.md
• CLAUDE.md
• lefthook.yml
• playwright.config.ts
• package.json

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to **/tests/e2e/** : Use Playwright for E2E tests

Applied to files:

• CLAUDE.md
• x_docs/own/setup-clerk-secrets.md
• lefthook.yml
• .gitignore
• playwright.config.ts
• e2e/auth.spec.ts
• .github/workflows/test-e2e.yml
• .github/workflows/test-e2e-vercel.yml
• e2e/global.setup.ts

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to **/*.{css,postcss} : Use Tailwind v4 import syntax (import "tailwindcss") instead of tailwind directives

Applied to files:

• CLAUDE.md
• app/globals.css

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to app/** : Use Next.js 16 App Router (not Pages Router) for routing

Applied to files:

• CLAUDE.md
• next.config.ts
• proxy.ts

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to app/**/page.{ts,tsx} : Dynamic route params is a Promise and must be awaited in page components

Applied to files:

• CLAUDE.md

🧬 Code graph analysis (3)

app/(root)/layout.tsx (2)

app/layout.tsx (1)

• RootLayout (27-52)

components/navigation/navbar/index.tsx (1)

• Navbar (13-52)

components/navigation/navbar/index.tsx (2)

components/navigation/theme-toggle.tsx (1)

• ThemeToggle (8-32)

components/ui/button.tsx (1)

• Button (60-60)

components/navigation/theme-toggle.tsx (1)

components/ui/button.tsx (1)

• Button (60-60)

🪛 LanguageTool

x_docs/own/setup-clerk-secrets.md

[uncategorized] ~61-~61: The official name of this software platform is spelled with a capital “H”.
Context: ..._TEST_OTP|424242 | The workflows (.github/workflows/test-e2e.ymlandtest-e2e-v...

(GITHUB)

x_docs/own/flex_grid_layout.md

[style] ~145-~145: Would you like to use the Oxford spelling “organizes”? The spelling ‘organises’ is also correct.
Context: ...lwind Docs? The Tailwind documentation organises utilities by the CSS concepts they cont...

(OXFORD_SPELLING_Z_NOT_S)

---

[style] ~160-~160: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ne? - Is it fixedto the viewport? - Is itabsolute` and pulled out of normal ...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[style] ~253-~253: This phrase is redundant. Consider writing “space”.
Context: ...e scales to cover entire container | No empty space, image may crop | | 🎯 bg-center | `b...

(EMPTY_HOLE)

---

[grammar] ~323-~323: Nouns are not usually modified by plural nouns. Is it possible that you meant to use the singular or possessive form here?
Context: ...ariant | Via dark: prefix (covered in variants docs) | `dark:bg-[url('/images/auth-bg-...

(PLURAL_MODIFIER)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run E2E Tests

🔇 Additional comments (27)

x_docs/own/WORDS.md (1)

130-132: Approved. Documentation addition is clear and concise.

The new "Misc" section properly documents the theme-aware background implementation approach for auth pages.

.gitignore (1)

44-45: Approved. Gitignore entries are properly formatted.

The addition correctly ignores temporary documentation and maintains consistency with existing entries.

README.md (1)

21-21: Approved. README table update accurately reflects Lefthook configuration.

The description correctly documents that Lefthook now runs build validation and E2E tests on pre-push.

.github/workflows/test-e2e.yml (1)

47-59: Approved. Clerk environment variables properly configured for CI workflow.

Both build and test steps have appropriate Clerk credentials sourced from secrets. The variable names (E2E_TEST_EMAIL, E2E_TEST_PASSWORD, E2E_TEST_OTP) align with @clerk/testing requirements.

components.json (1)

21-23: Approved. Clerk registry properly configured for shadcn/ui integration.

The registry entry enables Clerk components to be installed via the shadcn/ui CLI, supporting the Clerk authentication UI implementation.

.github/workflows/test-e2e-vercel.yml (1)

78-83: Approved. Clerk environment variables consistent with test-e2e.yml.

Vercel preview E2E tests have the same Clerk credentials as local tests, ensuring consistent authentication testing across deployment environments.

lefthook.yml (1)

43-48: Approved. Pre-push build hook properly configured for Next.js 16 PPR compatibility.

The sequential build check catches static generation errors (particularly missing Suspense boundaries around async components like ClerkProvider) before E2E tests run. The parallel: false setting correctly prevents race conditions with file locks during the build process.

playwright.config.ts (1)

59-105: Global setup project wiring for Clerk looks sound

Using a dedicated setup project with testMatch: /global\.setup\.ts/ and adding dependencies: ["setup"] for browser projects is a clean way to guarantee Clerk initialisation runs once before the rest of the suite, especially with fullyParallel: true. This aligns well with Playwright’s project-dependency model.

Please double-check against the current Playwright docs that dependencies semantics have not changed in your installed Playwright version, to ensure setup always runs before any auth-dependent tests.

app/old.globals.css (1)

327-355: Removal of !important around the MDX editor toolbar improves cascade control

Dropping !important from the toolbar background and related styles while keeping explicit colours should make these rules easier to override from theme-specific layers, without changing the intended appearance. The .active-theme filter remains focused and self-contained.

x_docs/own/setup-clerk-secrets.md (1)

1-112: Clear, end-to-end documentation for Clerk E2E setup

This document gives a coherent walkthrough of local, GitHub Actions, and Vercel preview configuration, with a sensible separation between app runtime secrets (on Vercel) and test credentials (in GitHub Secrets). The explanation of how clerkSetup() / setupClerkTestingToken() work, plus the troubleshooting section, should make maintaining the auth smoke tests straightforward.

.claude/settings.json (1)

2-85: Permissions updates maintain good safety boundaries whilst enabling new tooling

Adding the playwright-skill marketplace entry and allowing extra Playwright and Vercel-related Bash/WebFetch commands is useful for this repo’s workflow, and keeping "deny": ["Read(**/.env)", "Read(**/.envrc)"] preserves an important guardrail around environment secrets. The remaining allowed commands are operational and diagnostics-oriented, which is appropriate.

app/globals.css (1)

1-52: Clerk shadcn theme import is well-placed; watch for variable collisions

Importing @clerk/themes/shadcn.css alongside your Tailwind and animation layers centralises global styling and keeps Clerk’s components visually aligned with the rest of the shadcn-based UI. With it imported after tailwindcss and tw-animate-css, Clerk’s styles should layer on cleanly.

It is worth sanity-checking in the browser that Clerk’s theme does not unintentionally override any of your own CSS variables (for example font or colour tokens) outside Clerk components, especially in dark mode.

next.config.ts (1)

10-13: typedRoutes is a good safety net for routing; ensure existing paths conform

Enabling typedRoutes: true is a solid move: it will surface typos and invalid hrefs at build time without needing a separate routes constants module. Just be aware it can flag any ad hoc string routes that do not correspond to real files (including unusual groupings like (auth) and catch-all segments), so it is worth running a full type-check to confirm all existing Link/router.push usages type-check cleanly.

e2e/homepage.spec.ts (1)

3-6: Title assertion update makes the homepage smoke test more robust

Using a case-insensitive regex /DevFlow/i for the title assertion reduces brittleness to minor casing changes in the document title while still checking the key branding string is present.

e2e/global.setup.ts (1)

1-10: Clerk global setup is correctly integrated with Playwright’s test runner

Aliasing test as setup, configuring setup.describe.configure({ mode: "serial" }), and defining a single "global setup" test that awaits clerkSetup() is idiomatic for project-based global setup in a fullyParallel suite. This should ensure the Clerk Testing Token is initialised once before dependent projects run.

Please confirm against the current @clerk/testing/playwright documentation that no additional teardown or configuration steps are recommended for your version (for example, explicit cleanup of testing state), and that all required CLERK_* and E2E_TEST_* variables are present in CI.

app/(auth)/sign-in/[[...sign-in]]/page.tsx (1)

1-12: Sign‑in page implementation looks sound

Async pattern with connection() and the centred <SignIn /> wrapper is straightforward and consistent with the rest of the auth flow; no issues from my side.

app/(root)/layout.tsx (1)

1-12: Root group layout composition is clean

Navbar-first composition with children afterwards is clear and matches the overall layout structure; nothing blocking here.

components/navigation/theme-toggle.tsx (1)

15-27: Theme toggle size adjustments are fine

Shrinking the placeholder, button, and icon keeps behaviour unchanged while likely improving visual balance in the navbar; no further changes needed.

app/(auth)/layout.tsx (1)

1-9: Auth layout background wrapper looks appropriate

Full‑height <main> with light/dark background imagery cleanly scopes styling for all auth routes; implementation looks good.

proxy.ts (1)

1-12: Align proxy.ts export with the documented Next 16 proxy pattern

CLAUDE.md says that with Next.js 16 we should move to proxy.ts and export proxy() rather than middleware(), but this file currently does a default export of clerkMiddleware(). That may still work, but it is worth confirming against the official Next 16 proxy docs and our own template guidelines.

If we do want a named proxy entry point, a minimal wrapper that keeps Clerk’s factory usage could look like:

import { clerkMiddleware } from "@clerk/nextjs/server";

const handler = clerkMiddleware();

export function proxy(request: Request) {
  return handler(request);
}

export const config = {
  matcher: [
    "/((?!_next|[^?]*\\.(?:html?|css|js(?!on)|jpe?g|webp|png|gif|svg|ttf|woff2?|ico|csv|docx?|xlsx?|zip|webmanifest)).*)",
    "/(api|trpc)(.*)",
  ],
};

Please verify which export shape Next 16 expects here and whether we want to standardise on this proxy function pattern.

components/clerk-provider.tsx (1)

1-22: The review comment is incorrect. Spreading undefined in JavaScript does not throw a TypeError—it is silently ignored. The existing code works correctly:

appearance={{
  theme: shadcn,
  ...appearance,  // Safe when appearance is undefined
}}

When appearance is undefined (as in the app/layout.tsx usage at line 34), the spread operator simply contributes no properties, leaving only { theme: shadcn }. This is valid JavaScript and poses no runtime risk.

The proposed fix using ...(appearance ?? {}) is unnecessary and changes nothing functionally.

components/navigation/navbar/index.tsx (1)

13-52: LGTM! Clean layout implementation.

The refactoring from grid to flexbox with absolute positioning for the centered search placeholder is a solid approach. The flex layout provides better control for the three-section navbar structure (logo, centered search, auth controls).

e2e/auth.spec.ts (3)

8-11: LGTM! Appropriate handling of browser-specific flakiness.

The WebKit skip with clear documentation is a pragmatic approach to handling timing issues with Clerk's OTP modal. The comment provides good context for future maintainers.

---

12-24: LGTM! Robust sign-in flow with accessible selectors.

The test properly sets up Clerk testing context and uses semantic role-based selectors, which makes the test resilient to styling changes whilst ensuring accessibility compliance.

---

41-52: LGTM! Complete authentication cycle coverage.

The test properly verifies both authenticated and unauthenticated states, with appropriate timeouts for redirects. The sign-out flow through the user menu ensures the full authentication lifecycle is tested.

x_docs/own/flex_grid_layout.md (1)

1-349: LGTM! Excellent documentation following British English conventions.

This documentation provides comprehensive coverage of flexbox, grid, and layout concepts with clear examples and visual diagrams. The British English spelling ("organises", "centre", "centred") correctly follows the coding guidelines for the project.

The static analysis hints suggesting Oxford spelling can be safely ignored—British English is the documented standard for this codebase.

app/layout.tsx (1)

18-25: LGTM! Metadata improvements.

The title capitalisation correction, improved description, and favicon addition are all solid improvements to the site metadata.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e26fad6 and e5adbee.

📒 Files selected for processing (3)

• .claude/commands/coderabbit.md (1 hunks)
• app/(auth)/sign-up/[[...sign-up]]/page.tsx (1 hunks)
• app/layout.tsx (2 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{ts,tsx,js,jsx,md}

📄 CodeRabbit inference engine (CLAUDE.md)

Use British English spelling and conventions throughout the project

Files:

• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx

app/**

📄 CodeRabbit inference engine (CLAUDE.md)

Use Next.js 16 App Router (not Pages Router) for routing

Files:

• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx

app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Only add "use client" directive when interactivity is needed

Files:

• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Avoid manual useMemo/useCallback unless profiling shows need

Files:

• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Always use @/ import aliases, even for sibling imports (e.g., @/app/fonts instead of ./fonts)

Files:

• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx

app/**/page.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Dynamic route params is a Promise and must be awaited in page components

Files:

• app/(auth)/sign-up/[[...sign-up]]/page.tsx

🧠 Learnings (5)

📓 Common learnings

Learnt from: michellepace
Repo: michellepace/devflow PR: 7
File: components/navigation/navbar/index.tsx:1-12
Timestamp: 2025-12-10T20:20:46.607Z
Learning: Clerk's Next.js components (SignedIn, SignedOut, SignInButton, SignUpButton, UserButton) exported from clerk/nextjs are designed to work in Server Components without requiring a "use client" directive in the consuming component, as they handle the client/server boundary internally with their own directives.

📚 Learning: 2025-12-10T20:20:46.607Z

Learnt from: michellepace
Repo: michellepace/devflow PR: 7
File: components/navigation/navbar/index.tsx:1-12
Timestamp: 2025-12-10T20:20:46.607Z
Learning: Clerk's Next.js components (SignedIn, SignedOut, SignInButton, SignUpButton, UserButton) from clerk/nextjs can be used inside Server Components without adding 'use client' in the consuming component. They manage client/server boundary internally. When reviewing code, prefer omitting 'use client' in server components that render these Clerk components and avoid introducing client directives solely for these components. This guideline helps maintain server/server boundary and reduce client bundle size.

Applied to files:

• app/(auth)/sign-up/[[...sign-up]]/page.tsx
• app/layout.tsx

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Always use @/ import aliases, even for sibling imports (e.g., @/app/fonts instead of ./fonts)

Applied to files:

• app/layout.tsx

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to **/*.{css,postcss} : Use Tailwind v4 import syntax (import "tailwindcss") instead of tailwind directives

Applied to files:

• app/layout.tsx

📚 Learning: 2025-12-01T13:45:33.949Z

Learnt from: CR
Repo: michellepace/devflow PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-12-01T13:45:33.949Z
Learning: Applies to **/*.{ts,tsx,js,jsx,md} : Use British English spelling and conventions throughout the project

Applied to files:

• app/layout.tsx

🧬 Code graph analysis (1)

app/layout.tsx (2)

components/clerk-provider.tsx (1)

• ClerkProvider (6-22)

components/theme-provider.tsx (1)

• ThemeProvider (6-11)

🔇 Additional comments (4)

.claude/commands/coderabbit.md (1)

15-15: Consistent file naming update with clarity improvement.

The changes rename the output file from z_comment.md to z_rabbit_comment.md across the command documentation (lines 15, 18, 24), and add explicit guidance to write to the project root rather than /tmp/. This prevents potential execution errors and improves file discoverability. No remaining references to the old filename exist in the codebase.

app/(auth)/sign-up/[[...sign-up]]/page.tsx (1)

1-57: Sign-up page implementation looks correct and consistent with the sign-in flow

• Server component without "use client" matches the Clerk/Next.js pattern and project guideline.
• await connection() is in place to force dynamic rendering as per the PPR/Next.js 16 setup.
• Two-column layout is clear and responsive; right-hand <SignUp /> usage is straightforward.
• Lucide icons are now marked aria-hidden="true", resolving the earlier accessibility nit so screen readers focus on the text.

If you have not already, please re-run the Clerk E2E auth flow against this page (including mobile viewport) to confirm layout, theming, and the connection() behaviour match expectations in your deployment environment.

app/layout.tsx (2)

2-17: Geist font configuration and usage look sound

The Geist and Geist_Mono setup with CSS variables and the subsequent use on the <body> classes are consistent and idiomatic for the current Next.js font API. No changes needed here.

---

19-24: Metadata update is clear and consistent

The revised metadata (title capitalisation, streamlined description, and explicit favicon icon path) is coherent and aligns with the overall branding. No issues from a code or content perspective.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

find . -name "layout.tsx" -path "*/app/*" | head -20

Repository: michellepace/devflow

Length of output: 128

---

🏁 Script executed:

cat -n ./app/layout.tsx

Repository: michellepace/devflow

Length of output: 1848

---

🌐 Web query:

Next.js 16 root layout Suspense html body top-level requirements

💡 Result:

Short answer — in Next.js (App Router / root layout):

• The app directory must include a root layout file (app/layout.js|ts|tsx). It is the top-most layout that applies to all routes. (nextjs.org)
• The root layout must explicitly render and (Next.js does not auto-create them). Those tags should be the top-level elements returned by the root layout. (nextjs.org)
• Root layouts are Server Components by default and cannot be a Client Component (i.e., don't use "use client" at the root layout). (nextjs.org)
• Do not manually manage contents inside the root layout; use the Metadata API (Next.js handles streaming / dedupe of head elements). (nextjs.org)
• You can use React Suspense inside layouts/pages. Newer React features allow suspending rendering while streaming; but the root layout still must include the top-level and elements (you can place Suspense around children or nested parts as needed). For the root-level constraints rely on the Next.js root-layout rules above when using Suspense. (nextjs.org)

If you want examples (root layout with Suspense or wrapping in Suspense), tell me and I’ll show a minimal code sample.

Citations:

• 1: https://nextjs.org/docs/13/app/building-your-application/routing/pages-and-layouts?utm_source=openai
• 2: https://nextjs.org/docs/13/app/building-your-application/routing/pages-and-layouts?utm_source=openai
• 3: https://nextjs.org/docs/13/app/building-your-application/routing/pages-and-layouts?utm_source=openai
• 4: https://nextjs.org/docs/app/api-reference/file-conventions/layout?utm_source=openai
• 5: https://nextjs.org/docs/app/api-reference/file-conventions/layout?utm_source=openai

---

🌐 Web query:

Next.js 16 root layout Suspense inside body ClerkProvider valid

💡 Result:

Short answer: Yes — you can put a React Suspense boundary inside the of your Next.js 16 root layout, and you can wrap your app with ClerkProvider there — but you must respect server/client component rules.

Key points and recommended patterns

• The root layout must return and and is a Server Component by default. Put global HTML there. [1].
• Suspense/fallbacks are supported in the App Router and may be used in the root layout to provide a fallback while server data or client boundaries load (or to avoid the "uncached data accessed outside " error). Use React.Suspense around components that need fallbacks or will suspend. [2][3].
• ClerkProvider is part of Clerk’s Next.js integration and is typically used to provide auth context for client usage. Clerk’s docs show wrapping layouts with ClerkProvider (often inside a Suspense) and explain options like using or marking the provider as a client component so it behaves correctly with the App Router streaming model. Follow Clerk’s examples (wrap in Suspense when needed, or use ClerkProvider.dynamic when you need to opt a layout into dynamic rendering). [4][5].

Practical guidance

• Keep app/layout.tsx as the root layout (server). If ClerkProvider is a client component:
  • Create a small client wrapper (add "use client") that renders {children}, and import that wrapper into the server root layout; OR
  • Use Clerk’s documented dynamic option (e.g. ) per Clerk’s guide to opt the layout/route into dynamic rendering and wrap it in a Suspense fallback. [4][5].
• Place Suspense around the client/provider boundary or components that suspend; fallback UI will render in while the client boundary hydrates. [2][3].

Sources

• Next.js App Router / root layout docs. [1].
• Next.js guidance on Suspense and providing fallbacks (uncached data message). [2][3].
• Clerk Next.js integration / rendering modes and examples (ClerkProvider + Suspense + dynamic). [4][5].

If you want, tell me whether you’re using Clerk’s latest package and I’ll show the exact minimal wrapper/layout code for your setup.

---

🏁 Script executed:

find . -name "*clerk*provider*" -type f

Repository: michellepace/devflow

Length of output: 95

---

🏁 Script executed:

cat -n ./components/clerk-provider.tsx

Repository: michellepace/devflow

Length of output: 684

---

Move <Suspense> inside <body> to maintain proper root layout structure

Next.js root layouts must return <html> and <body> as the top-level elements. Currently, <Suspense> wraps these tags, which violates this requirement and may cause validation errors or build failures.

Restructure to keep <html>/<body> at the root while wrapping ClerkProvider and nested content in Suspense:

  return (
+   <html lang="en" className="h-full" suppressHydrationWarning>
+     <body
+       className={`${geistSans.variable} ${geistMono.variable} flex min-h-full flex-col antialiased`}
+     >
      <Suspense fallback={null}>
        <ClerkProvider>
-         <html lang="en" className="h-full" suppressHydrationWarning>
-           <body
-             className={`${geistSans.variable} ${geistMono.variable} flex min-h-full flex-col antialiased`}
-           >
            <ThemeProvider
              attribute="class"
              defaultTheme="system"
              enableSystem
              disableTransitionOnChange
            >
              {children}
            </ThemeProvider>
-           </body>
-         </html>
        </ClerkProvider>
       </Suspense>
+     </body>
+   </html>
  );

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<Suspense fallback={null}>
	<ClerkProvider>
	<html lang="en" className="h-full" suppressHydrationWarning>
	<body
	className={`${geistSans.variable} ${geistMono.variable} flex min-h-full flex-col antialiased`}
	>
	<ThemeProvider
	attribute="class"
	defaultTheme="system"
	enableSystem
	disableTransitionOnChange
	>
	{children}
	</ThemeProvider>
	</body>
	</html>
	</ClerkProvider>
	</Suspense>
	<html lang="en" className="h-full" suppressHydrationWarning>
	<body
	className={`${geistSans.variable} ${geistMono.variable} flex min-h-full flex-col antialiased`}
	>
	<Suspense fallback={null}>
	<ClerkProvider>
	<ThemeProvider
	attribute="class"
	defaultTheme="system"
	enableSystem
	disableTransitionOnChange
	>
	{children}
	</ThemeProvider>
	</ClerkProvider>
	</Suspense>
	</body>
	</html>

[sundhirajtry]

Any chance you can update the step4 from the Personal Tutor Follow along on your blog (projects director/zsh). It doesn't up on clicking. Thanks.

[michellepace]

Hello @sundhirajtry I am not entirely sure what "up on clicking" means within step 4. But if you drop your email I'll get in touch to understand your problem better. It will be better than continuing to comment here in my unrelated repo.