Skip to content

Recognize setup#691

Open
eugeniobet-ping wants to merge 21 commits into
mainfrom
recognize-setup-2
Open

Recognize setup#691
eugeniobet-ping wants to merge 21 commits into
mainfrom
recognize-setup-2

Conversation

@eugeniobet-ping

@eugeniobet-ping eugeniobet-ping commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

Release Notes

  • New Features

    • Added the @forgerock/recognize SDK with a recognize() client supporting subscribe, init, and dispose, including typed recognition events and configuration options.
    • Introduced RecognizeError and RecognizeErrorCode for clearer, code-based error reporting.
  • Documentation

    • Added/updated the @forgerock/recognize README with installation, usage, and configuration option details.
  • Tests

    • Added unit tests for lifecycle behavior, event delivery/unsubscription, and error mapping.
  • Chores

    • Added an E2E “recognize” app plus supporting TypeScript, Vite, Vitest, and ESLint configuration.

@changeset-bot

changeset-bot Bot commented Jun 17, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 9c87943

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 13 packages
Name Type
@forgerock/recognize Minor
@forgerock/davinci-client Minor
@forgerock/device-client Minor
@forgerock/journey-client Minor
@forgerock/oidc-client Minor
@forgerock/protect Minor
@forgerock/sdk-types Minor
@forgerock/sdk-utilities Minor
@forgerock/iframe-manager Minor
@forgerock/sdk-logger Minor
@forgerock/sdk-oidc Minor
@forgerock/sdk-request-middleware Minor
@forgerock/storage Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

…d SDK

Renames the public web-component type surface from `RecognizeWc*` to
`RecognizeWebComponent*` (e.g. `RecognizeWcConfig` →
`RecognizeWebComponentConfiguration`, `RecognizeWcClient` →
`RecognizeWebComponentClient`, `RecognizeWcCompleteDetail` →
`RecognizeWebComponentCompleteData`) for clarity at the package boundary,
and re-exports `RecognizeError` from the package entry point.

Reworks `RecognizeError` and the error-code taxonomy:

- `RecognizeErrorCode` switches from string values to numeric values
  grouped by domain (SDK 1xxx, CAMERA 2xxx, CORE 3xxx, BIOM 4xxx,
  SERVER 5xxx, SECURITY 6xxx). Several codes are renamed to match the
  upstream SDK vocabulary (`CAMERA_MISSING` → `CAMERA_NOT_FOUND`,
  `SDK_CONFIGURATION_FAILED` → `SDK_INVALID_CONFIGURATION`,
  `SDK_STORAGE_ERROR` → `SDK_STORAGE_FAILED`,
  `SDK_DYNAMIC_LINKING_MALFORMED_PAYLOAD` →
  `SDK_DYNAMIC_LINKING_PAYLOAD_MALFORMED`), and new codes are added
  (`SDK_OUTDATED_APP`, `SDK_INVALID_CUSTOMER_PROPERTIES`,
  `SDK_INVALID_CLIENT_STATE`, `BIOM_GENUINE_PRESENCE_NOT_ESTABLISHED`).
- `RecognizeError`'s constructor now accepts a standard `ErrorOptions`
  bag (`new RecognizeError(code, { cause })`) and forwards it to the
  base `Error` constructor, so `error.message` is the enum name and
  `error.cause` follows the platform contract instead of being assigned
  manually.
- The `createRecognizeError` factory is removed; `recognize.ts` now
  constructs `RecognizeError` directly. The SDK→proxy error map is
  frozen with `Object.freeze` to prevent accidental mutation at runtime.

Updates `recognize()` accordingly:

- Init failures now throw `RecognizeError` (with `SDK_ERROR` /
  `SDK_WEB_ASSEMBLY_IMPORT_FAILED` and a descriptive `cause`) instead of
  returning the error or throwing a plain `Error`.
- Subscribes to two new web-component events, `begin-stream` and
  `stop-stream`, and forwards them through the observer pipeline.
- Internal renames for readability (`effectiveConfig` → `config`,
  `abortController` → `aborter`, `attachListeners` →
  `addEventListeners`, `applyConfig` → `setAttributes`) and a global
  `HTMLElementTagNameMap` augmentation for `kl-auth` / `kl-enroll`.

Refreshes the bundled keyless SDK (`recognize-sdk/index.{js,d.ts}`,
`wasm.{js,wasm}`, `pthreads/wasm.{js,wasm}`) to a new upstream build.
The package's ESLint config now ignores `src/lib/recognize-sdk/**/*`
for dependency-checks since the bundled artifact pulls in transitive
imports that don't belong in the package manifest.

Updates the e2e example and unit tests to match: the example config
includes `authorizationToken`, and the spec asserts the new
`{ message, cause }` shape on thrown `RecognizeError`s.
@coderabbitai

coderabbitai Bot commented Jun 18, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Adds the @forgerock/recognize library with typed client APIs, SDK declarations, error handling, packaging, and tests, plus a Vite-based e2e/recognize-app that initializes the client and logs its events.

Changes

@forgerock/recognize Library

Layer / File(s) Summary
Error codes, constants, and error mapping
packages/recognize/src/lib/defs/constants.ts, packages/recognize/src/lib/defs/recognize-error-code.ts, packages/recognize/src/lib/classes/recognize-error.ts, packages/recognize/src/lib/defs/recognize-sdk-to-recognize-proxy-error-map.ts
Adds recognize error codes, the public error class, camera-only disabled steps, and SDK-to-proxy error mapping.
Bundled Keyless SDK declarations
packages/recognize/src/lib/recognize-sdk/index.d.ts, packages/recognize/src/lib/recognize-sdk/LICENSE
Adds typed Keyless web components, events, theming options, element contracts, media-stream helpers, and the SDK license text.
Recognize API types and exports
packages/recognize/src/lib/recognize.types.ts, packages/recognize/src/index.ts
Defines the client, configuration, event, observer, initialization, session, and unsubscribe types, then exposes them through the package barrel.
Recognize client lifecycle and tests
packages/recognize/src/lib/recognize.ts, packages/recognize/src/lib/recognize.spec.ts
Implements SDK loading, element mounting and attachment, event forwarding, error handling, disposal, and lifecycle tests.
Package packaging and workspace integration
packages/recognize/package.json, packages/recognize/tsconfig*.json, packages/recognize/vitest.config.mts, packages/recognize/eslint.config.mjs, packages/recognize/typedoc.json, packages/recognize/README.md, .changeset/*, tsconfig.json, package.json
Adds package exports and build settings, TypeScript/Vitest/ESLint/TypeDoc configuration, documentation, release metadata, workspace references, and pnpm install settings.

E2E recognize-app

Layer / File(s) Summary
E2E app source and configuration
e2e/recognize-app/src/index.html, e2e/recognize-app/src/index.ts, e2e/recognize-app/src/styles.css, e2e/recognize-app/vite.config.ts, e2e/recognize-app/package.json, e2e/recognize-app/tsconfig*.json, e2e/recognize-app/eslint.config.mjs
Creates the e2e HTML entry point, bootstrap script, styling, Vite setup, package metadata, TypeScript configuration, and ESLint configuration. The app creates a recognize client, subscribes to events, and calls init() in mount mode.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant recognize
  participant SDK as Keyless SDK
  participant Element as kl-auth or kl-enroll
  participant Observer
  Caller->>recognize: recognize(configuration)
  recognize-->>Caller: RecognizeWebComponentClient
  Caller->>recognize: init(mount or attach options)
  recognize->>SDK: dynamically import SDK
  recognize->>Element: create or attach element
  recognize->>Element: assign configuration and listeners
  Element-->>recognize: recognition and lifecycle events
  recognize->>Observer: next, complete, or error
  Caller->>recognize: dispose()
  recognize->>Element: remove element
Loading

Possibly related PRs

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Description check ⚠️ Warning No pull request description was provided, so the required template sections are missing. Add the Jira ticket and a Description section summarizing the changes and whether a changeset was included.
Title check ❓ Inconclusive The title is too generic to clearly describe the main change in this PR. Use a concise, specific title that names the main addition, such as the new Recognize package and e2e app setup.
✅ Passed checks (3 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch recognize-setup-2
⚔️ Resolve merge conflicts
  • Resolve merge conflict in branch recognize-setup-2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

🧹 Nitpick comments (3)
e2e/recognize-app/src/index.ts (1)

4-11: ⚡ Quick win

Avoid embedding runtime auth/config material in source.

Keeping token/key/customer/ws values inline is risky once replaced with real values. Prefer env-driven injection with a fail-fast check for missing required values.

Proposed refactor
+const env = import.meta.env;
+const required = (key: string): string => {
+  const value = env[key];
+  if (!value) throw new Error(`Missing required env var: ${key}`);
+  return value;
+};
+
 const client = recognize({
-  authorizationToken: 'USER_AUTHORIZATION_FROM_CUSTOMER',
-  customer: 'CUSTOMER_NAME',
-  key: 'IMAGE_ENCRYPTION_PUBLIC_KEY',
-  keyID: 'IMAGE_ENCRYPTION_KEY_ID',
-  transactionData: 'DATA_FROM_CUSTOMER_SERVER_TO_BE_SIGNED',
-  wsURL: 'KEYLESS_AUTHENTICATION_SERVICE_URL',
+  authorizationToken: required('VITE_RECOGNIZE_AUTHORIZATION_TOKEN'),
+  customer: required('VITE_RECOGNIZE_CUSTOMER'),
+  key: required('VITE_RECOGNIZE_KEY'),
+  keyID: required('VITE_RECOGNIZE_KEY_ID'),
+  transactionData: required('VITE_RECOGNIZE_TRANSACTION_DATA'),
+  wsURL: required('VITE_RECOGNIZE_WS_URL'),
 });
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@e2e/recognize-app/src/index.ts` around lines 4 - 11, The recognize function
call in the initialization contains hardcoded sensitive values for
authorizationToken, customer, key, keyID, transactionData, and wsURL which
should not be embedded in source code. Replace these hardcoded string values
with reads from environment variables using process.env. Then add validation
logic before calling recognize to fail fast if any required environment
variables are missing, throwing an error with a clear message listing which
values are undefined.
packages/recognize/src/lib/defs/constants.ts (1)

2-11: ⚡ Quick win

Tighten CAMERA_ONLY_DISABLE_STEPS typing and immutability.

string[] allows invalid step IDs and accidental mutation. This constant is effectively a fixed contract, so make it readonly and typed to the SDK step union.

Suggested change
+import type { KeylessComponentsStep } from '../recognize-sdk/index.js';
+
 /** `@internal` */
-export const CAMERA_ONLY_DISABLE_STEPS: string[] = [
+export const CAMERA_ONLY_DISABLE_STEPS: readonly KeylessComponentsStep[] = [
   'bootstrap',
   'camera-instructions',
   'done',
   'error',
   'microphone-permission',
   'server-computation',
   'stm-choice',
   'stm-qrcode',
-];
+] as const;
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/defs/constants.ts` around lines 2 - 11, The
CAMERA_ONLY_DISABLE_STEPS constant is currently typed as string[] which allows
invalid step IDs and accidental mutations. Change the type annotation from
string[] to readonly and a specific SDK step union type (replace the generic
string type with the appropriate union type that represents valid step
identifiers in the SDK). This will prevent invalid values from being assigned
and protect the constant from being mutated after initialization.
packages/recognize/src/lib/recognize.types.ts (1)

112-114: ⚡ Quick win

Narrow attach-mode element type to the supported custom elements.

element: HTMLElement forces validation at runtime for a shape we already know statically. Narrowing improves API safety and DX.

Suggested refactor
 export type RecognizeWebComponentInitOptions =
   | { mode: 'mount'; container: HTMLElement; type: RecognizeSessionType; username: string }
-  | { mode: 'attach'; element: HTMLElement; username: string };
+  | { mode: 'attach'; element: RecognizeWebComponent; username: string };
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.types.ts` around lines 112 - 114, The
attach mode in the RecognizeWebComponentInitOptions union type uses the generic
HTMLElement type for the element property, which is too broad and requires
runtime validation. Instead, narrow the element type to a union of the specific
supported custom element types that attach mode actually accepts. Identify all
supported custom element types in your codebase, create a union type for them,
and replace the element: HTMLElement property in the attach mode object with
element: YourCustomElementUnionType to provide compile-time type safety and
improve developer experience.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@e2e/recognize-app/src/index.ts`:
- Around line 32-36: The client.init() promise chain in the mount initialization
section only handles the fulfilled path with .then(), leaving promise rejections
unhandled which can cause flaky E2E test failures. Add a .catch() handler after
the .then() block to properly handle any rejections that occur during the init()
call, ensuring errors from rejected promises are logged and don't destabilize
the test execution.

In `@packages/recognize/src/lib/recognize-sdk/index.d.ts`:
- Around line 1070-1077: There is a type inconsistency between the
KeylessVideoFrameQualityEvent constructor and the
KeylessVideoFrameQualityEventDetail interface. The constructor accepts timestamp
as a number, but the interface defines timestamp as a Date, creating a
contradictory event contract. To fix this, ensure both the constructor parameter
in KeylessVideoFrameQualityEvent and the timestamp property in
KeylessVideoFrameQualityEventDetail use the same type. Either convert the number
to a Date in the constructor before storing it in the event detail, or change
both to consistently use number if that better represents the internal timestamp
format.

In `@packages/recognize/src/lib/recognize.spec.ts`:
- Around line 61-80: The test "throws if init is called twice without dispose"
uses a try-catch block to verify that the second client.init() call throws an
error, but there is no failing assertion outside the catch block. This means the
test will pass even if init() does not throw. Convert this test to use Jest's
rejects matcher (expect(...).rejects.toThrow() or expect(...).rejects.toEqual())
to properly validate that the promise rejects with the expected error, ensuring
the test fails if init() does not throw as expected. Apply the same fix to the
related test also mentioned at lines 108-124.
- Around line 43-57: The unsubscribe test does not actually verify that the
observer stops receiving events because no event is dispatched after the init()
call in the unsubscribe test. The test needs to trigger an event or simulate a
scenario after init() that would cause the client to emit an event, and then
verify that the unsubscribed observer's next callback is not invoked when that
event occurs. This will properly validate that unsubscribe removes the observer
from the subscription and prevents future event delivery.

In `@packages/recognize/src/lib/recognize.ts`:
- Around line 147-151: In the dispose() method, you need to call aborter.abort()
before setting aborter to null. Currently, the code only sets aborter = null
without signaling cancellation to the listeners registered with aborter.signal,
which leaves stale event listeners attached. Add a call to aborter.abort() right
before the assignment to ensure all listeners are properly notified and cleaned
up, preventing memory leaks and event cross-contamination across sessions.
- Around line 63-67: The onError function directly accesses e.error.message
without verifying that e.error is an Error object, which can cause the handler
to crash since ErrorEvent.error is not guaranteed to be an Error. Add defensive
checks to verify that e.error exists and is an Error before accessing its
message property, and provide a fallback error code or message when e.error is
not a valid Error object with a message property. This will prevent the handler
from throwing and ensure observer notifications are still sent even when the
error object is malformed.

In `@packages/recognize/src/lib/recognize.types.ts`:
- Around line 57-60: The `init` method in the `RecognizeWebComponentClient`
interface has an incorrect return type. Since the runtime implementation throws
`RecognizeError` on failure rather than resolving with it, change the return
type of the `init` method from `Promise<void | RecognizeError>` to
`Promise<void>`. This aligns the type signature with the actual behavior and
prevents incorrect error handling patterns where callers might expect to handle
errors from the resolved value rather than catching thrown exceptions.
- Around line 67-76: The `disableSteps` property in the
`RecognizeWebComponentConfiguration` interface is currently typed as `string[]`,
which allows invalid step names to pass type checking. Change the type of the
`disableSteps` property from `string[]` to use the appropriate SDK step type
(such as the enum or union type used elsewhere in the SDK for step definitions)
to enforce valid step names at compile-time and strengthen the SDK contract.

---

Nitpick comments:
In `@e2e/recognize-app/src/index.ts`:
- Around line 4-11: The recognize function call in the initialization contains
hardcoded sensitive values for authorizationToken, customer, key, keyID,
transactionData, and wsURL which should not be embedded in source code. Replace
these hardcoded string values with reads from environment variables using
process.env. Then add validation logic before calling recognize to fail fast if
any required environment variables are missing, throwing an error with a clear
message listing which values are undefined.

In `@packages/recognize/src/lib/defs/constants.ts`:
- Around line 2-11: The CAMERA_ONLY_DISABLE_STEPS constant is currently typed as
string[] which allows invalid step IDs and accidental mutations. Change the type
annotation from string[] to readonly and a specific SDK step union type (replace
the generic string type with the appropriate union type that represents valid
step identifiers in the SDK). This will prevent invalid values from being
assigned and protect the constant from being mutated after initialization.

In `@packages/recognize/src/lib/recognize.types.ts`:
- Around line 112-114: The attach mode in the RecognizeWebComponentInitOptions
union type uses the generic HTMLElement type for the element property, which is
too broad and requires runtime validation. Instead, narrow the element type to a
union of the specific supported custom element types that attach mode actually
accepts. Identify all supported custom element types in your codebase, create a
union type for them, and replace the element: HTMLElement property in the attach
mode object with element: YourCustomElementUnionType to provide compile-time
type safety and improve developer experience.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3341a87f-d24b-40e1-a502-9af34de77df2

📥 Commits

Reviewing files that changed from the base of the PR and between 806da7c and 1ce8a57.

⛔ Files ignored due to path filters (3)
  • packages/recognize/src/lib/recognize-sdk/pthreads/wasm.wasm is excluded by !**/*.wasm
  • packages/recognize/src/lib/recognize-sdk/wasm.wasm is excluded by !**/*.wasm
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (29)
  • e2e/recognize-app/eslint.config.mjs
  • e2e/recognize-app/package.json
  • e2e/recognize-app/src/index.html
  • e2e/recognize-app/src/index.ts
  • e2e/recognize-app/src/styles.css
  • e2e/recognize-app/tsconfig.app.json
  • e2e/recognize-app/tsconfig.json
  • e2e/recognize-app/vite.config.ts
  • packages/recognize/README.md
  • packages/recognize/eslint.config.mjs
  • packages/recognize/package.json
  • packages/recognize/src/index.ts
  • packages/recognize/src/lib/classes/recognize-error.ts
  • packages/recognize/src/lib/defs/constants.ts
  • packages/recognize/src/lib/defs/recognize-error-code.ts
  • packages/recognize/src/lib/defs/recognize-sdk-to-recognize-proxy-error-map.ts
  • packages/recognize/src/lib/recognize-sdk/index.d.ts
  • packages/recognize/src/lib/recognize-sdk/index.js
  • packages/recognize/src/lib/recognize-sdk/pthreads/wasm.js
  • packages/recognize/src/lib/recognize-sdk/wasm.data
  • packages/recognize/src/lib/recognize-sdk/wasm.js
  • packages/recognize/src/lib/recognize.spec.ts
  • packages/recognize/src/lib/recognize.ts
  • packages/recognize/src/lib/recognize.types.ts
  • packages/recognize/tsconfig.json
  • packages/recognize/tsconfig.lib.json
  • packages/recognize/tsconfig.spec.json
  • packages/recognize/vitest.config.mts
  • tsconfig.json

Comment on lines +32 to +36
client
.init({ mode: 'mount', container: appEl, type: 'auth', username: 'USERNAME' })
.then((err) => {
if (err) console.error('[recognize] init error', err);
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle the rejected init() promise path.

Only the fulfilled path is handled. If init() rejects, this can become an unhandled rejection and destabilize/flaky-fail E2E runs.

Proposed fix
 if (appEl) {
   client
     .init({ mode: 'mount', container: appEl, type: 'auth', username: 'USERNAME' })
     .then((err) => {
       if (err) console.error('[recognize] init error', err);
-    });
+    })
+    .catch((err) => {
+      console.error('[recognize] init rejected', err);
+    });
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
client
.init({ mode: 'mount', container: appEl, type: 'auth', username: 'USERNAME' })
.then((err) => {
if (err) console.error('[recognize] init error', err);
});
client
.init({ mode: 'mount', container: appEl, type: 'auth', username: 'USERNAME' })
.then((err) => {
if (err) console.error('[recognize] init error', err);
})
.catch((err) => {
console.error('[recognize] init rejected', err);
});
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@e2e/recognize-app/src/index.ts` around lines 32 - 36, The client.init()
promise chain in the mount initialization section only handles the fulfilled
path with .then(), leaving promise rejections unhandled which can cause flaky
E2E test failures. Add a .catch() handler after the .then() block to properly
handle any rejections that occur during the init() call, ensuring errors from
rejected promises are logged and don't destabilize the test execution.

Comment on lines +1070 to +1077
export declare class KeylessVideoFrameQualityEvent extends CustomEvent<KeylessVideoFrameQualityEventDetail> {
constructor(filters: KeylessVideoFrameQualityFilter[], timestamp: number);
}

/** @public */
export declare interface KeylessVideoFrameQualityEventDetail {
filters: KeylessVideoFrameQualityFilter[];
timestamp: Date;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fix inconsistent timestamp typing in KeylessVideoFrameQualityEvent.

KeylessVideoFrameQualityEvent takes timestamp: number, but KeylessVideoFrameQualityEventDetail exposes timestamp: Date. This creates a contradictory event contract for consumers.

Suggested fix
 export declare interface KeylessVideoFrameQualityEventDetail {
     filters: KeylessVideoFrameQualityFilter[];
-    timestamp: Date;
+    timestamp: number;
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
export declare class KeylessVideoFrameQualityEvent extends CustomEvent<KeylessVideoFrameQualityEventDetail> {
constructor(filters: KeylessVideoFrameQualityFilter[], timestamp: number);
}
/** @public */
export declare interface KeylessVideoFrameQualityEventDetail {
filters: KeylessVideoFrameQualityFilter[];
timestamp: Date;
export declare class KeylessVideoFrameQualityEvent extends CustomEvent<KeylessVideoFrameQualityEventDetail> {
constructor(filters: KeylessVideoFrameQualityFilter[], timestamp: number);
}
/** `@public` */
export declare interface KeylessVideoFrameQualityEventDetail {
filters: KeylessVideoFrameQualityFilter[];
timestamp: number;
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize-sdk/index.d.ts` around lines 1070 -
1077, There is a type inconsistency between the KeylessVideoFrameQualityEvent
constructor and the KeylessVideoFrameQualityEventDetail interface. The
constructor accepts timestamp as a number, but the interface defines timestamp
as a Date, creating a contradictory event contract. To fix this, ensure both the
constructor parameter in KeylessVideoFrameQualityEvent and the timestamp
property in KeylessVideoFrameQualityEventDetail use the same type. Either
convert the number to a Date in the constructor before storing it in the event
detail, or change both to consistently use number if that better represents the
internal timestamp format.

Comment on lines +43 to +57
it('unsubscribe removes the observer so it no longer receives events', async () => {
const client = recognize(CONFIG);
const next = vi.fn();
const unsub = client.subscribe({ next });

unsub();
await client.init({
mode: 'mount',
container: document.createElement('div'),
type: 'auth',
username: 'user',
});

expect(next).not.toHaveBeenCalled();
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

This unsubscribe test does not exercise event delivery.

No event is dispatched after init(), so the assertion passes even if unsubscribe is broken.

Suggested change
   it('unsubscribe removes the observer so it no longer receives events', async () => {
@@
     await client.init({
       mode: 'mount',
-      container: document.createElement('div'),
+      container: document.createElement('div'),
       type: 'auth',
       username: 'user',
     });
+    const el = (document.querySelector('kl-auth') ??
+      document.createElement('kl-auth')) as HTMLElement;
+    el.dispatchEvent(new CustomEvent('step-change', { detail: {} }));
 
     expect(next).not.toHaveBeenCalled();
   });
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.spec.ts` around lines 43 - 57, The
unsubscribe test does not actually verify that the observer stops receiving
events because no event is dispatched after the init() call in the unsubscribe
test. The test needs to trigger an event or simulate a scenario after init()
that would cause the client to emit an event, and then verify that the
unsubscribed observer's next callback is not invoked when that event occurs.
This will properly validate that unsubscribe removes the observer from the
subscription and prevents future event delivery.

Comment on lines +61 to +80
it('throws if init is called twice without dispose', async () => {
const client = recognize(CONFIG);
const container = document.createElement('div');
document.body.appendChild(container);

await client.init({ mode: 'mount', container, type: 'auth', username: 'user' });

try {
await client.init({ mode: 'mount', container, type: 'auth', username: 'user' });
} catch (e: unknown) {
expect(e).toBeInstanceOf(Error);

if (e instanceof Error) {
expect(e.message).toBe('SDK_ERROR');
expect(e.cause).toBe(
'init() called more than once — call dispose() before re-initializing',
);
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Convert throw assertions to rejects to prevent false positives.

Both tests can pass even when init() does not throw because there is no failing assertion outside catch.

Suggested change
   it('throws if init is called twice without dispose', async () => {
@@
-    try {
-      await client.init({ mode: 'mount', container, type: 'auth', username: 'user' });
-    } catch (e: unknown) {
-      expect(e).toBeInstanceOf(Error);
-
-      if (e instanceof Error) {
-        expect(e.message).toBe('SDK_ERROR');
-        expect(e.cause).toBe(
-          'init() called more than once — call dispose() before re-initializing',
-        );
-      }
-    }
+    await expect(
+      client.init({ mode: 'mount', container, type: 'auth', username: 'user' }),
+    ).rejects.toMatchObject({
+      message: 'SDK_ERROR',
+      cause: 'init() called more than once — call dispose() before re-initializing',
+    });
@@
   it('throws for attach mode with an unsupported element', async () => {
@@
-    try {
-      await client.init({ mode: 'attach', element: div, username: 'user' });
-    } catch (e: unknown) {
-      expect(e).toBeInstanceOf(Error);
-
-      if (e instanceof Error) {
-        expect(e.message).toBe('SDK_ERROR');
-        expect(e.cause).toBe(
-          'invalid element <div> — options.element must be a <kl-auth> or <kl-enroll> custom element',
-        );
-      }
-    }
+    await expect(client.init({ mode: 'attach', element: div, username: 'user' })).rejects.toMatchObject({
+      message: 'SDK_ERROR',
+      cause: 'invalid element <div> — options.element must be a <kl-auth> or <kl-enroll> custom element',
+    });
   });

Also applies to: 108-124

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.spec.ts` around lines 61 - 80, The test
"throws if init is called twice without dispose" uses a try-catch block to
verify that the second client.init() call throws an error, but there is no
failing assertion outside the catch block. This means the test will pass even if
init() does not throw. Convert this test to use Jest's rejects matcher
(expect(...).rejects.toThrow() or expect(...).rejects.toEqual()) to properly
validate that the promise rejects with the expected error, ensuring the test
fails if init() does not throw as expected. Apply the same fix to the related
test also mentioned at lines 108-124.

Comment thread packages/recognize/src/lib/recognize.ts Outdated
Comment on lines +147 to +151
dispose: (): void => {
if (element === null) return;

aborter = null;

@coderabbitai coderabbitai Bot Jun 18, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Call abort() in dispose() before dropping the controller.

Listeners are registered with aborter.signal, but dispose() only sets aborter = null. That leaves stale listeners attached to prior elements and can leak/cross-deliver events across sessions.

Suggested change
     dispose: (): void => {
       if (element === null) return;
 
+      aborter?.abort();
       aborter = null;
 
       element.remove();
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.ts` around lines 147 - 151, In the
dispose() method, you need to call aborter.abort() before setting aborter to
null. Currently, the code only sets aborter = null without signaling
cancellation to the listeners registered with aborter.signal, which leaves stale
event listeners attached. Add a call to aborter.abort() right before the
assignment to ensure all listeners are properly notified and cleaned up,
preventing memory leaks and event cross-contamination across sessions.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this comment here is valid.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ryanbas21, thanks for confirming. To recap the fix for when it's implemented:

     dispose: (): void => {
       if (element === null) return;
 
+      aborter?.abort();
       aborter = null;
 
       element.remove();

This ensures the AbortController actually cancels the registered listeners before the reference is dropped, preventing stale listeners from lingering on the removed element.

(っ˘ω˘ς )

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a legitimate issue. Worth looking into it.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

Comment on lines +57 to +60
export interface RecognizeWebComponentClient {
subscribe: (observer: RecognizeWebComponentObserver) => RecognizeWebComponentUnsubscribe;
init(options: RecognizeWebComponentInitOptions): Promise<void | RecognizeError>;
dispose: () => void;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Align init return type with actual behavior (Promise<void>).

The runtime implementation throws RecognizeError on failure; it does not resolve with a RecognizeError. The current signature encourages incorrect handling patterns.

Suggested fix
 export interface RecognizeWebComponentClient {
   subscribe: (observer: RecognizeWebComponentObserver) => RecognizeWebComponentUnsubscribe;
-  init(options: RecognizeWebComponentInitOptions): Promise<void | RecognizeError>;
+  init(options: RecognizeWebComponentInitOptions): Promise<void>;
   dispose: () => void;
 }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.types.ts` around lines 57 - 60, The
`init` method in the `RecognizeWebComponentClient` interface has an incorrect
return type. Since the runtime implementation throws `RecognizeError` on failure
rather than resolving with it, change the return type of the `init` method from
`Promise<void | RecognizeError>` to `Promise<void>`. This aligns the type
signature with the actual behavior and prevents incorrect error handling
patterns where callers might expect to handle errors from the resolved value
rather than catching thrown exceptions.

Comment on lines +67 to +76
export interface RecognizeWebComponentConfiguration {
authorizationToken?: string;
customer: string;
datadogEnv?: string;
datadogToken?: string;
disableDatadog?: boolean;
disableLogger?: boolean;
disablePoweredBy?: boolean;
disableSteps?: string[];
enableCameraFlash?: boolean;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use SDK step type for disableSteps instead of string[].

Typing this as string[] allows invalid step names to pass compile-time checks and weakens the SDK contract.

Suggested fix
 import type {
   KeylessAuthElement,
+  KeylessComponentsStep,
   KeylessEnrollElement,
   KeylessFinishedEventDetail,
@@
 export interface RecognizeWebComponentConfiguration {
@@
-  disableSteps?: string[];
+  disableSteps?: KeylessComponentsStep[];
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
export interface RecognizeWebComponentConfiguration {
authorizationToken?: string;
customer: string;
datadogEnv?: string;
datadogToken?: string;
disableDatadog?: boolean;
disableLogger?: boolean;
disablePoweredBy?: boolean;
disableSteps?: string[];
enableCameraFlash?: boolean;
export interface RecognizeWebComponentConfiguration {
authorizationToken?: string;
customer: string;
datadogEnv?: string;
datadogToken?: string;
disableDatadog?: boolean;
disableLogger?: boolean;
disablePoweredBy?: boolean;
disableSteps?: KeylessComponentsStep[];
enableCameraFlash?: boolean;
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.types.ts` around lines 67 - 76, The
`disableSteps` property in the `RecognizeWebComponentConfiguration` interface is
currently typed as `string[]`, which allows invalid step names to pass type
checking. Change the type of the `disableSteps` property from `string[]` to use
the appropriate SDK step type (such as the enum or union type used elsewhere in
the SDK for step definitions) to enforce valid step names at compile-time and
strengthen the SDK contract.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
packages/recognize/src/lib/recognize.ts (1)

126-166: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Guard init() against overlapping calls element !== null is checked before the await import(...), so two concurrent init() calls can both pass the guard and create duplicate elements/listeners. Track an in-flight initialization or reject while init() is pending.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.ts` around lines 126 - 166,
`RecognizeWebComponent.init()` only checks `element !== null` before the async
`import('./recognize-sdk/index.js')`, so concurrent calls can both pass and
create duplicate elements/listeners. Add an in-flight initialization guard in
`init()` (for example, a shared pending flag/promise on `RecognizeWebComponent`)
and reject or no-op when initialization is already running, then clear that
state once the attach/create path completes or fails.
🧹 Nitpick comments (2)
packages/recognize/src/lib/recognize.ts (1)

68-68: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Debug console.log shipped in a public SDK path.

Styled console.log on recoverable-error will surface in every consuming app's console. Consider gating behind a debug flag or removing before release.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.ts` at line 68, The styled console.log
in recognize() for the recoverable-error path should not ship in the public SDK
because it will always print in consuming apps. Remove the log or guard it
behind an explicit debug flag in recognize.ts so the element.dispose() recovery
path stays silent by default, and make sure any remaining debug output is only
enabled in development or opt-in diagnostics.
packages/recognize/src/lib/recognize.types.ts (1)

74-81: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consider strongly-typing theme, themeOptions, localizationPacks, localizationVariables, loggerLevel instead of unknown.

The underlying RootElement (in recognize-sdk/index.d.ts) types these as Theme, KeylessThemeOptions, LocalizationPack[], LocalizationVariables, and LoggerLevel respectively — all already exported from the SDK declarations. Typing them unknown here discards compile-time safety/autocomplete for consumers of the public RecognizeWebComponentConfiguration API.

♻️ Proposed fix
+import type { Theme, KeylessThemeOptions, LocalizationPack, LocalizationVariables, LoggerLevel } from './recognize-sdk/index.js';
+
 export interface RecognizeWebComponentConfiguration {
   ...
-  localizationPacks?: unknown[];
-  localizationVariables?: unknown;
-  loggerLevel?: string;
+  localizationPacks?: LocalizationPack[];
+  localizationVariables?: LocalizationVariables;
+  loggerLevel?: LoggerLevel;
   ...
-  theme?: unknown;
-  themeOptions?: unknown;
+  theme?: Theme;
+  themeOptions?: KeylessThemeOptions;
   ...
 }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.types.ts` around lines 74 - 81, The
public RecognizeWebComponentConfiguration type is using unknown for several
SDK-backed fields, which removes type safety and autocomplete for consumers.
Update the type definitions in recognize.types.ts to match the exported
RootElement types from recognize-sdk/index.d.ts, specifically using Theme,
KeylessThemeOptions, LocalizationPack[], LocalizationVariables, and LoggerLevel
for theme, themeOptions, localizationPacks, localizationVariables, and
loggerLevel. Keep the existing RecognizeWebComponentConfiguration interface as
the place to align these field types so the API stays strongly typed.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@packages/recognize/src/lib/recognize.ts`:
- Around line 126-166: `RecognizeWebComponent.init()` only checks `element !==
null` before the async `import('./recognize-sdk/index.js')`, so concurrent calls
can both pass and create duplicate elements/listeners. Add an in-flight
initialization guard in `init()` (for example, a shared pending flag/promise on
`RecognizeWebComponent`) and reject or no-op when initialization is already
running, then clear that state once the attach/create path completes or fails.

---

Nitpick comments:
In `@packages/recognize/src/lib/recognize.ts`:
- Line 68: The styled console.log in recognize() for the recoverable-error path
should not ship in the public SDK because it will always print in consuming
apps. Remove the log or guard it behind an explicit debug flag in recognize.ts
so the element.dispose() recovery path stays silent by default, and make sure
any remaining debug output is only enabled in development or opt-in diagnostics.

In `@packages/recognize/src/lib/recognize.types.ts`:
- Around line 74-81: The public RecognizeWebComponentConfiguration type is using
unknown for several SDK-backed fields, which removes type safety and
autocomplete for consumers. Update the type definitions in recognize.types.ts to
match the exported RootElement types from recognize-sdk/index.d.ts, specifically
using Theme, KeylessThemeOptions, LocalizationPack[], LocalizationVariables, and
LoggerLevel for theme, themeOptions, localizationPacks, localizationVariables,
and loggerLevel. Keep the existing RecognizeWebComponentConfiguration interface
as the place to align these field types so the API stays strongly typed.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2cb0709c-4efd-44f8-89cd-f8cde3bb2997

📥 Commits

Reviewing files that changed from the base of the PR and between 6f3cc8d and 3929c3d.

⛔ Files ignored due to path filters (2)
  • packages/recognize/src/lib/recognize-sdk/pthreads/wasm.wasm is excluded by !**/*.wasm
  • packages/recognize/src/lib/recognize-sdk/wasm.wasm is excluded by !**/*.wasm
📒 Files selected for processing (12)
  • e2e/recognize-app/src/index.ts
  • packages/recognize/src/index.ts
  • packages/recognize/src/lib/classes/recognize-error.ts
  • packages/recognize/src/lib/defs/recognize-error-code.ts
  • packages/recognize/src/lib/defs/recognize-sdk-to-recognize-proxy-error-map.ts
  • packages/recognize/src/lib/recognize-sdk/index.d.ts
  • packages/recognize/src/lib/recognize-sdk/index.js
  • packages/recognize/src/lib/recognize-sdk/pthreads/wasm.js
  • packages/recognize/src/lib/recognize-sdk/wasm.js
  • packages/recognize/src/lib/recognize.spec.ts
  • packages/recognize/src/lib/recognize.ts
  • packages/recognize/src/lib/recognize.types.ts
💤 Files with no reviewable changes (2)
  • packages/recognize/src/lib/defs/recognize-error-code.ts
  • packages/recognize/src/index.ts
🚧 Files skipped from review as they are similar to previous changes (3)
  • e2e/recognize-app/src/index.ts
  • packages/recognize/src/lib/classes/recognize-error.ts
  • packages/recognize/src/lib/recognize.spec.ts

…eb component options

Update bundled Keyless SDK (index.js, .d.ts, wasm binaries, LICENSE) and wire up the
new surface: recognition-start event, aspectRatio/cameraAspectRatio/cameraInstructions
and enableDatadogPII configuration, CORE_NOT_ENOUGH_CIRCUITS (3005) and
SERVER_AUTHORIZATION_FAILED (5003) error codes, and mappings for SERVER_FORBIDDEN,
SERVER_INVALID_STATE, and SERVER_NO_ATTEMPTS_LEFT. Refactor recognize.ts event
listener wiring to route recognition-failure through the shared onError path and
drop leftover debug logging. Also add pnpm onlyBuiltDependencies allowlist and
remove the empty dependencies block from the root package.json.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Comment on lines +76 to +78
new KeylessRecoverableErrorEvent({
error: new Error('SERVER_RECOGNITION_FAILED', { cause: event.detail }),
}),
};

const onError = (event: ErrorEvent): void => {
if (event instanceof KeylessRecoverableErrorEvent) {
…vent in mock

Aliasing the mock class directly to ErrorEvent made every dispatched ErrorEvent
pass the instanceof check in onError and try to call element.dispose(), which
does not exist on the underlying custom element. Use a distinct subclass so
plain error events skip the recoverable path.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
packages/recognize/src/lib/recognize.ts (1)

158-166: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

Clear observers even when dispose() runs before init().

A subscriber registered before initialization survives dispose() because Line 159 returns before observers.clear(), so a later init() can notify a stale observer.

Proposed fix
     dispose: (): void => {
-      if (element === null) return;
+      if (element === null) {
+        observers.clear();
+        return;
+      }
 
       aborter = null;
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/src/lib/recognize.ts` around lines 158 - 166, The dispose
logic in recognize.ts currently returns early in the dispose() method when
element is null, which leaves observers uncleared if dispose() runs before
init(). Update the dispose() implementation to always clear observers, even when
no element exists yet, while still preserving the existing cleanup for aborter,
element.remove(), and element reset; use the dispose() method and
observers.clear() as the key symbols to locate the fix.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@packages/recognize/src/lib/recognize.ts`:
- Around line 158-166: The dispose logic in recognize.ts currently returns early
in the dispose() method when element is null, which leaves observers uncleared
if dispose() runs before init(). Update the dispose() implementation to always
clear observers, even when no element exists yet, while still preserving the
existing cleanup for aborter, element.remove(), and element reset; use the
dispose() method and observers.clear() as the key symbols to locate the fix.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f0c034a1-9926-418e-8419-e87fe97a4b34

📥 Commits

Reviewing files that changed from the base of the PR and between 3929c3d and 84922f6.

⛔ Files ignored due to path filters (3)
  • packages/recognize/src/lib/recognize-sdk/pthreads/wasm.wasm is excluded by !**/*.wasm
  • packages/recognize/src/lib/recognize-sdk/wasm.wasm is excluded by !**/*.wasm
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (12)
  • package.json
  • packages/recognize/src/lib/classes/recognize-error.ts
  • packages/recognize/src/lib/defs/recognize-error-code.ts
  • packages/recognize/src/lib/defs/recognize-sdk-to-recognize-proxy-error-map.ts
  • packages/recognize/src/lib/recognize-sdk/LICENSE
  • packages/recognize/src/lib/recognize-sdk/index.d.ts
  • packages/recognize/src/lib/recognize-sdk/index.js
  • packages/recognize/src/lib/recognize-sdk/pthreads/wasm.js
  • packages/recognize/src/lib/recognize-sdk/wasm.js
  • packages/recognize/src/lib/recognize.spec.ts
  • packages/recognize/src/lib/recognize.ts
  • packages/recognize/src/lib/recognize.types.ts
💤 Files with no reviewable changes (1)
  • packages/recognize/src/lib/classes/recognize-error.ts
✅ Files skipped from review due to trivial changes (1)
  • packages/recognize/src/lib/recognize-sdk/LICENSE
🚧 Files skipped from review as they are similar to previous changes (4)
  • packages/recognize/src/lib/defs/recognize-error-code.ts
  • packages/recognize/src/lib/defs/recognize-sdk-to-recognize-proxy-error-map.ts
  • packages/recognize/src/lib/recognize.spec.ts
  • packages/recognize/src/lib/recognize.types.ts

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/recognize/package.json`:
- Around line 31-34: Move `@aracna/web-components` from devDependencies into
dependencies or peerDependencies in packages/recognize/package.json so published
consumers can resolve the types imported by recognize-sdk/index.d.ts.

In `@packages/recognize/README.md`:
- Around line 23-34: Update the README usage example’s subscribe next handler to
access event.detail only after narrowing the RecognizeWebComponentEvent variant
that defines it, and ensure the init container passed from
document.getElementById('app') is narrowed to a non-null HTMLElement before
calling client.init.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f59c131f-5771-499d-a4a5-6fbc0bd5baea

📥 Commits

Reviewing files that changed from the base of the PR and between 84922f6 and 9c87943.

📒 Files selected for processing (7)
  • .changeset/config.json
  • .changeset/recognize-initial-release.md
  • packages/recognize/README.md
  • packages/recognize/eslint.config.mjs
  • packages/recognize/package.json
  • packages/recognize/src/lib/recognize.spec.ts
  • packages/recognize/typedoc.json
🚧 Files skipped from review as they are similar to previous changes (2)
  • packages/recognize/eslint.config.mjs
  • packages/recognize/src/lib/recognize.spec.ts

Comment on lines +31 to +34
"dependencies": {},
"devDependencies": {
"@aracna/web-components": "^1.1.18"
},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check if `@aracna/web-components` is imported in exported types.

# Test: Search for `@aracna/web-components` imports in the lib directory
rg '`@aracna`' packages/recognize/src/lib/

Repository: ForgeRock/ping-javascript-sdk

Length of output: 3242


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '--- packages/recognize/package.json ---'
cat -n packages/recognize/package.json

echo
echo '--- related package manifests mentioning `@aracna/web-components` ---'
rg -n '"`@aracna/web-components`"|peerDependencies|dependencies|devDependencies' packages/recognize package.json -g 'package.json'

Repository: ForgeRock/ping-javascript-sdk

Length of output: 2533


🏁 Script executed:

#!/bin/bash
set -euo pipefail

python3 - <<'PY'
from pathlib import Path
p = Path('packages/recognize/package.json')
print(p.read_text())
PY

Repository: ForgeRock/ping-javascript-sdk

Length of output: 1776


Move @aracna/web-components out of devDependencies

packages/recognize/src/lib/recognize-sdk/index.d.ts is part of the published API and imports types from @aracna/web-components, so consumers need that package available to resolve @forgerock/recognize. Move it to dependencies or peerDependencies.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/package.json` around lines 31 - 34, Move
`@aracna/web-components` from devDependencies into dependencies or
peerDependencies in packages/recognize/package.json so published consumers can
resolve the types imported by recognize-sdk/index.d.ts.

Comment on lines +23 to +34
client.subscribe({
next: (event) => console.log('[recognize]', event.type, event.detail),
error: (err) => console.error('[recognize] error', err),
complete: (detail) => console.log('[recognize] complete', detail),
});

await client.init({
mode: 'mount',
container: document.getElementById('app'),
type: 'auth',
username: 'USERNAME',
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Fix TypeScript compilation errors in the usage example.

In strict mode, TypeScript users copying this example will encounter compilation errors:

  • event.detail will throw an error because the RecognizeWebComponentEvent union contains variants without a detail property (e.g., { type: 'non-cancelable' }).
  • document.getElementById('app') returns HTMLElement | null, but the container property strictly requires an HTMLElement.
📝 Proposed fix to make the example strictly typed
 client.subscribe({
-  next: (event) => console.log('[recognize]', event.type, event.detail),
+  next: (event) => console.log('[recognize]', event.type, 'detail' in event ? event.detail : undefined),
   error: (err) => console.error('[recognize] error', err),
   complete: (detail) => console.log('[recognize] complete', detail),
 });

 await client.init({
   mode: 'mount',
-  container: document.getElementById('app'),
+  container: document.getElementById('app') as HTMLElement,
   type: 'auth',
   username: 'USERNAME',
 });
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
client.subscribe({
next: (event) => console.log('[recognize]', event.type, event.detail),
error: (err) => console.error('[recognize] error', err),
complete: (detail) => console.log('[recognize] complete', detail),
});
await client.init({
mode: 'mount',
container: document.getElementById('app'),
type: 'auth',
username: 'USERNAME',
});
client.subscribe({
next: (event) => console.log('[recognize]', event.type, 'detail' in event ? event.detail : undefined),
error: (err) => console.error('[recognize] error', err),
complete: (detail) => console.log('[recognize] complete', detail),
});
await client.init({
mode: 'mount',
container: document.getElementById('app') as HTMLElement,
type: 'auth',
username: 'USERNAME',
});
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/recognize/README.md` around lines 23 - 34, Update the README usage
example’s subscribe next handler to access event.detail only after narrowing the
RecognizeWebComponentEvent variant that defines it, and ensure the init
container passed from document.getElementById('app') is narrowed to a non-null
HTMLElement before calling client.init.

*/

/** @public */
export enum RecognizeErrorCode {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typically we try to avoid enums because they create runtime and type level code that compiles into an iife and is not treeshaekable. They also can be considered a bad typescript practice because there are gotcha's that are not obvious to all developers.

The alternative approach would be to use a typed as const object and export the type level and object literal expression.

i.e.

// produces a runtime object and a strictly typed object
const RecognizeErrorCode = {
  SDK_ERROR: 1000
} as const

// if you want a union of allowed keys
export type RecognizeErrorCodes = keyof typeof RecognizeErrorCode

// if you want a union of allowed values
export type RecognizeErrorCodes = typeof RecognizeErrorCodes[keyof typeof RecognizeErrorCodes]

const onRecognitionFailure = (event: KeylessRecognitionFailureEvent): void => {
return onError(
new KeylessRecoverableErrorEvent({
error: new Error('SERVER_RECOGNITION_FAILED', { cause: event.detail }),

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems interesting, why do we want an Error that contains an Error object?

what is the benefit of having the error key be an error object as well? Since we're already in an Error type it seems?

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably update this.

@@ -0,0 +1,11 @@
/** @internal */
export const CAMERA_ONLY_DISABLE_STEPS: string[] = [

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure the benefit - if it's helpful or not, but we can make this an as const array and rather than "string[]" we can have a more type safe array of these literals.

If it's possible for any string then this can be ignored, but it seems the steps here are finite.


import { RecognizeErrorCode } from './recognize-error-code.js';

export const RECOGNIZE_SDK_TO_RECOGNIZE_PROXY_ERROR_MAP: Record<string, RecognizeErrorCode> =

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems rather redundant, if we go with an as const object, could we just freeze the actual object and not recreate it here?

Comment on lines +147 to +151
dispose: (): void => {
if (element === null) return;

aborter = null;

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this comment here is valid.

const observers: Set<RecognizeWebComponentObserver> = new Set();

let element: RecognizeWebComponent | null = null;
let aborter: AbortController | null = null;

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is tricky to follow, i've read it a few times and I think i've got it.

We store an abort controller in the closure.

when we add an event listener, we mutate the controller, and hoist the AbortController to line 41.

We pass the controller to each event listener.

on dispose we set it to null

In regards to each event listener, we never call abort() so the signal being passed isn't doing much.

An AbortSignal. The listener will be removed when the abort() method of the AbortController which owns the AbortSignal is called. If not specified, no AbortSignal is associated with the listener

As a result, we're really just flipping a variable to null in dispose and that's really all it's doing?

I think, we can get rid of the mutation entirely. Since an event listener per MDN will be removed when we call abort we can simply initialize one AbortSignal at the top, and not need to mutate it and keep track of it's existence as null. It's just an AbortSignal.

In dispose, we can then simply call aborter.abort() and this will clean up all the event listeners that share that signal, and properly dispose of the aborter itself.

This works if all event listeners are intended to be disposed of together, and not on their own, which I believe is the intention since the same AbortSignal is being passed.

Comment on lines +104 to +108
const setAttributes = (element: RecognizeWebComponent): void => {
for (const [k, v] of Object.entries(config)) {
element[k as keyof RecognizeWebComponentConfiguration] = v;
}
};

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be cleaner to make this a utility function and import it, that way the closure doesn't need all this state, just make setAttributes accept a config as well or an object of { config, element } ?

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We like to use the convention of separating runtime code and type definitions. We try to only export the runtime code in the root index.ts file, and then export all types needed for the dev through types/.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We like to treat errors within the SDK as plain objects, rather than extensions of the Error class. Could we convert this to a regular object?


async init(options: RecognizeWebComponentInitOptions): Promise<void> {
if (element !== null) {
throw new RecognizeError(RecognizeErrorCode.SDK_ERROR, {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our SDK library overall avoids "throwing" errors and treats errors as valid returned values. The one exception is on the factory function itself. If there's a configuration error, the factory function throws when it can't return a proper API object. Since this is inside the API object, we would prefer to return the error, rather than throw it.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before we officially publish this, we will need to add a summary, instructions, example code, and how to find more documentation and such to this README.

*/

/** @public */
export enum RecognizeErrorCode {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We try to avoid enums in our code. I'm guessing this enum is preferred to avoid writing a structure for runtime and a duplicate structure for types, which both need to be identical. What we do is use a combination of as const, typeof keyof techniques along with unions.

Comment on lines +107 to +126
throw new RecognizeError(RecognizeErrorCode.SDK_ERROR, {
cause: 'init() called more than once — call dispose() before re-initializing',
});
}

try {
await import('./recognize-sdk/index.js');
} catch (error: unknown) {
throw new RecognizeError(RecognizeErrorCode.SDK_WEB_ASSEMBLY_IMPORT_FAILED, {
cause: error,
});
}

if (options.mode === 'attach') {
const tag: string = options.element.tagName;

if (tag !== 'KL-AUTH' && tag !== 'KL-ENROLL') {
throw new RecognizeError(RecognizeErrorCode.SDK_ERROR, {
cause: `invalid element <${tag.toLowerCase()}> — options.element must be a <kl-auth> or <kl-enroll> custom element`,
});

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In recognize.types.ts:59, RecognizeWebComponentClient.init is typed as Promise<void | RecognizeError>. As a result, RecognizeError should be returned in all three failure paths, or the return type should be changed to Promise<void> and document that it rejects, if the current behavior is intentional.

Comment on lines +42 to +46
const dispatch = (type: RecognizeWebComponentEvent['type'], detail: any): void => {
for (const observer of observers) {
observer.next({ type, detail });
}
};

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To avoid using any here, we could pass the whole event as one parameter, if possible.

const dispatch = (event: RecognizeWebComponentEvent) => {
   observers.forEach((o) => o.next(event));
};
//...
dispatch({ type: 'begin-stream', detail: undefined });
dispatch({ type: 'data', detail: payload }); // `type` and `detail` type-checked

Comment thread packages/recognize/src/lib/recognize.ts Outdated
if (k === 'key') {
element.publicKey = v;
} else {
element[k as keyof RecognizeWebComponentConfiguration] = v;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Casting k as typeof RecognizeWebComponentConfiguration is an unsafe as cast and a possible structural mismatch, since not all keys of RecognizeWebComponentConfiguration
are assignable elements. One way to avoid this — although more verbose — would be to map every key explicitly:

const setAttributes = (element: RecognizeWebComponent): void => {
  if (config.key !== undefined) element.publicKey = config.key;
  if (config.lang !== undefined) element.setAttribute('lang', config.lang);
  if (config.theme !== undefined) element.theme = config.theme;
  if (config.disableSteps !== undefined) element.disableSteps = config.disableSteps;
  // one line per attribute, each type-checked
};

@vatsalparikh vatsalparikh left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initial review comments

import { RecognizeErrorCode } from '../defs/recognize-error-code.js';

/** @public */
export class RecognizeError extends Error {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we enforce functional patterns here?

*/

/** @public */
export enum RecognizeErrorCode {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we enforce functional patterns here?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should rename this file to recognize.test.ts to match the existing repo conventions.

}

/** @public */
export type RecognizeWebComponent = KeylessAuthElement | KeylessEnrollElement;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason for RecognizeWebComponent to be public? In RecognizeWebComponentInitOptions we accept the type to be HTMLElement and then recast as RecognizeWebComponent here https://github.com/ForgeRock/ping-javascript-sdk/pull/691/changes#diff-b0b49fe3cbdbba36d1da1a653b81bcadac00c066e375dd2e1d996c169add6189R131-R141, so publicly we should avoid providing RecognizeWebComponent

Comment on lines +74 to +81
localizationPacks?: unknown[];
localizationVariables?: unknown;
loggerLevel?: string;
operationID?: string;
seedEntropy?: boolean;
serviceURL: string;
theme?: unknown;
themeOptions?: unknown;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of these unknown types, can we use already defined types like Theme, KeylessThemeOptions? We might need to add a dependency though, so may not be worth it.

/** @public */
export enum RecognizeErrorCode {
SDK_ERROR = 1000,
SDK_NOT_CONFIGURED = 1001,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are defining error codes here, but a lot of them seem to be unused. Are they being handled by wasm pre-compiled code?

Comment on lines +147 to +151
dispose: (): void => {
if (element === null) return;

aborter = null;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a legitimate issue. Worth looking into it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

6 participants