Unexpected search results

[kentcdodds]

Prevent authenticated pages (/login, /me/*) from appearing in search results by adding sitemap opt-outs and a defensive indexer filter.

---

  

---

Note

Low Risk
Low risk: changes are limited to sitemap/indexer filtering and related tests, but could affect what pages appear in search/indexing if the route allow/deny lists are incorrect.

Overview
Prevents authenticated/account-related pages from being discoverable via the JSX semantic-search index and sitemap-driven indexing.

Adds handle.getSitemapEntries: () => null to opt out login and /me account routes from sitemap entries, and hardens the semantic-search crawler (jsx-page-content.ts) by skipping common auth/account paths (including /me/*) with updated tests to lock in the exclusions.

^{Written by Cursor Bugbot for commit 43616bb. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• Chores

  • Updated sitemap configuration to exclude additional authentication and account management routes (login, signup, forgot/magic/reset-password, and /me/*) from indexing; added route-level sitemap metadata stubs to reinforce exclusions.

• Tests

  • Added/expanded test cases to verify these restricted pages are not included in sitemap/indexing.

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 851e3c7 and 43616bb.

📒 Files selected for processing (2)

• other/semantic-search/__tests__/jsx-page-content.test.ts
• other/semantic-search/jsx-page-content.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• other/semantic-search/jsx-page-content.ts

---

📝 Walkthrough

Walkthrough

Adds route-level sitemap handles (returning null) to three auth routes and updates JSX sitemap indexing to skip several auth paths plus the /me/ prefix; tests added to assert the new exclusions.

Changes

Cohort / File(s)	Summary
Route Sitemap Handles app/routes/login.tsx, app/routes/me_.passkeys.tsx, app/routes/me_.password.tsx	Added export const handle: KCDHandle = { getSitemapEntries: () => null } to opt these routes out of sitemap generation; added type KCDHandle imports.
Sitemap Indexing Configuration other/semantic-search/jsx-page-content.ts	Expanded SKIPPED_STATIC_ROUTES with '/forgot-password', '/login', '/magic', '/reset-password', '/signup' and added '/me/' to SKIPPED_PREFIX_ROUTES so these paths are not indexed by JSX sitemap logic.
Sitemap Indexing Tests other/semantic-search/__tests__/jsx-page-content.test.ts	Added assertions that shouldIndexJsxSitemapPath returns false for '/login', '/me/password', '/me/passkeys', and '/me'.

Sequence Diagram(s)

(Skipped — changes are configuration, small route exports, and tests; no multi-component control flow to visualize.)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• JSX page content indexing #620: Related updates to shouldIndexJsxSitemapPath and tests touching sitemap exclusion logic and route-level sitemap handling.

Poem

🐇 I hopped through routes at break of dawn,
Tucked login and secrets where bots don't yawn,
Passkeys and passwords hidden with care,
/me/ curled up in my burrow there,
A quiet hop to keep them rare. ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Unexpected search results' is vague and generic, failing to convey the specific technical purpose of the changeset.	Consider a more descriptive title like 'Prevent authenticated pages from appearing in search results' or 'Exclude auth routes from sitemap and semantic search' that clearly indicates the main change.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cursor/unexpected-search-results-7b90

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Alphabetical ordering broken in skipped routes set
  • Reordered the skipped static routes so /signup appears before /sitemap.xml to restore alphabetical ordering.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@other/semantic-search/jsx-page-content.ts`:
- Line 45: The SKIPPED_PREFIX_ROUTES array currently only guards against '/me/'
descendants and misses the exact '/me' path; update SKIPPED_PREFIX_ROUTES (the
constant named SKIPPED_PREFIX_ROUTES in jsx-page-content.ts) to include the
exact '/me' entry (e.g., add '/me') so both '/me' and '/me/*' are covered by the
defensive filter.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 733a15a and 1c9b0f8.

📒 Files selected for processing (5)

• app/routes/login.tsx
• app/routes/me_.passkeys.tsx
• app/routes/me_.password.tsx
• other/semantic-search/__tests__/jsx-page-content.test.ts
• other/semantic-search/jsx-page-content.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Exclude exact /me path as well.

Line 45 skips /me/ descendants, but not /me itself. That leaves a gap in the defensive filter for authenticated pages.

Suggested patch

 const SKIPPED_STATIC_ROUTES = new Set([
 	'/credits',
 	'/forgot-password',
 	'/login',
 	'/magic',
+	'/me',
 	'/reset-password',
 	'/resume',
 	'/sitemap.xml',
 	'/signup',
 	'/testimonials',
 ])

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@other/semantic-search/jsx-page-content.ts` at line 45, The
SKIPPED_PREFIX_ROUTES array currently only guards against '/me/' descendants and
misses the exact '/me' path; update SKIPPED_PREFIX_ROUTES (the constant named
SKIPPED_PREFIX_ROUTES in jsx-page-content.ts) to include the exact '/me' entry
(e.g., add '/me') so both '/me' and '/me/*' are covered by the defensive filter.