test(core): add client mocks to cover all core functions

[halvaradop]

Description

This pull request adds client-side mocks to provide complete test coverage for all core client functions exposed by createAuthClient.

The new tests expand authentication flow coverage across:

• session management
• credentials validation
• redirect handling
• session updates

The test suite now validates behavior for:

• signIn
• signInCredentials
• signOut
• session
• updateSession

These additions improve reliability and ensure consistent behavior across the client authentication APIs.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
auth	Skipped		May 25, 2026 3:41pm

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR simplifies the credentials API 401 JSON to { success: false, redirectURL: null }, removes a specific sign-in return type in the client and reads raw response JSON, and expands tests for baseURL inference, sign-in (including credentials and redirects), getSession, and updateSession (CSRF/redirect) flows.

Changes

Auth Credentials Response and Client Adaptation

Layer / File(s)	Summary
Invalid Credentials 401 Response Shape packages/core/src/api/credentials.ts	The /signIn/:oauth invalid-credentials 401 JSON now returns { success: false, redirectURL: null }, removing the nested error object from the response payload.
Client Type Removal and JSON Handling packages/core/src/client/client.ts	Removes SignInAPIReturn from imports and updates signIn to assign await response.json() directly (then cast/return), matching the API's simplified response shape.
Test Setup and Auth Flow Coverage packages/core/test/client/client.test.ts	Adds global mock cleanup, browser-origin baseURL inference test, expands getSession tests (including no-session), updates signIn redirect tests, adds signInCredentials success/invalid tests, and extends updateSession tests for CSRF, payload, missing session, and redirect cases.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• aura-stack-ts/auth#136: Introduced the signInCredentials provider and related APIs that this PR refines with an updated 401 response shape and test coverage.

Poem

🐰 A little rabbit hops the code,

Tests in paw and JSON showed,
No nested errors in the stream,
Clean replies make tests all beam,
Hooray — the auth flow's neat and bold!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'test(core): add client mocks to cover all core functions' accurately reflects the primary change, which is expanding test coverage with new mocks and test cases for core authentication functions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test/add-client-mocks

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/core/test/client/client.test.ts`:
- Around line 224-230: Update the test "signInCredentials with invalid
credentials" so the mocked HTTP response mirrors the real API status for invalid
credentials: change the POST mock (the vi.fn() assigned to post) to return a
response with HTTP status 401 instead of 200 by passing the 401 status to
createJSONResponse (or setting status: 401 on the mocked response object) — this
ensures the post mock and createJSONResponse usage in the test matches the API
contract for the invalid-credentials flow.
- Around line 284-287: The test constructs an expires Date using
Math.floor(Date.now() / 1000) (seconds) but passes it into new Date(...) which
expects milliseconds, causing an incorrect timestamp; update the expires
construction in the client.test.ts cases (the variable named expires used in the
call to client.updateSession and the later round-trip check of session.expires)
to use milliseconds instead — e.g., use Date.now() + 60 * 60 * 1000 or remove
the /1000 and Math.floor so new Date(...) receives milliseconds — so the
session.expires round-trip via new Date(session.expires) is correct.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bed72fcc-2817-409c-8da2-b2d92e232be2

📥 Commits

Reviewing files that changed from the base of the PR and between 11b45ce and 0a6de35.

📒 Files selected for processing (3)

• packages/core/src/api/credentials.ts
• packages/core/src/client/client.ts
• packages/core/test/client/client.test.ts