feat(clerk-js): Add debugLogger for session token swap detection

[jacekradko]

Description

Add debug logging to detect server-side token swaps in multi-session scenarios (e.g., regular session + impersonation session with actor token). The server-side bug is that BAPI's refresh endpoint could return a token for a different session than the one requested — we need client-side visibility to detect this.

Changes:

• Session.ts: Log when returned token's sid claim doesn't match requested session ID (detects token swaps)
• AuthCookieService.ts: Log multi-session cookie updates and token fetch errors (4xx + degraded status)
• clerk.ts: Log session state before unauthenticated flow to see all active sessions when sign-out cascade starts

Checklist

• pnpm build passes
• pnpm test runs as expected (debug logging only)
• (If applicable) JSDoc comments have been added or updated
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 📖 Refactoring / dependency upgrade / documentation

Summary by CodeRabbit

• New Features

  • Added Solana wallet support for Web3 sign-in and sign-up flows.
  • Introduced MFA setup as an interactive session task during authentication.
  • Added organization creation defaults feature for streamlined onboarding.
  • Enhanced billing interface to display prorated and account credits separately.

• Bug Fixes

  • Fixed organization invitation flow to prevent "not belonging to organization" error.
  • Improved cookie handling with SameSite=None support for cross-origin scenarios.

• Localization

  • Added comprehensive localization support for multiple languages including Solana and MFA flows.

[changeset-bot]

🦋 Changeset detected

Latest commit: ff308af

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages

Name	Type
@clerk/backend	Minor
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/remix	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Building	Preview, Comment	Feb 26, 2026 7:37pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 64af60c and ff308af.

⛔ Files ignored due to path filters (1)

• packages/react-router/src/__tests__/__snapshots__/exports.test.ts.snap is excluded by !**/*.snap

📒 Files selected for processing (299)

• .changeset/config.json
• .changeset/shiny-apples-travel.md
• .github/workflows/ci.yml
• .github/workflows/nightly-checks.yml
• .github/workflows/preview.retheme.yml
• .github/workflows/release-canary.yml
• .github/workflows/release.yml
• .typedoc/custom-plugin.mjs
• integration/README.md
• integration/presets/envs.ts
• integration/presets/longRunningApps.ts
• integration/templates/astro-node/src/pages/billing/billing-store.astro
• integration/templates/astro-node/src/pages/index.astro
• integration/templates/astro-node/src/pages/prerendered.astro
• integration/templates/react-vite/src/buttons/index.tsx
• integration/templates/react-vite/src/main.tsx
• integration/templates/react-vite/src/sign-in-popup/index.tsx
• integration/templates/tanstack-react-start/package.json
• integration/templates/tanstack-react-start/src/routeTree.gen.ts
• integration/templates/tanstack-react-start/src/routes/sign-in.$.tsx
• integration/templates/tanstack-react-start/vite.config.ts
• integration/testUtils/usersService.ts
• integration/tests/astro/billingStore.test.ts
• integration/tests/astro/components.test.ts
• integration/tests/elements/otp.test.ts
• integration/tests/machine-auth/api-keys.test.ts
• integration/tests/machine-auth/oauth.test.ts
• integration/tests/middleware-placement.test.ts
• integration/tests/next-quickstart-keyless.test.ts
• integration/tests/oauth-flows.test.ts
• integration/tests/session-tasks-setup-mfa.test.ts
• integration/tests/session-tasks-sign-in-reset-password.test.ts
• packages/agent-toolkit/CHANGELOG.md
• packages/agent-toolkit/package.json
• packages/astro/CHANGELOG.md
• packages/astro/package.json
• packages/astro/src/astro-components/control/Protect.astro
• packages/astro/src/astro-components/control/ProtectCSR.astro
• packages/astro/src/astro-components/control/SignedIn.astro
• packages/astro/src/astro-components/control/SignedOut.astro
• packages/astro/src/integration/create-integration.ts
• packages/astro/src/integration/snippets.ts
• packages/astro/src/stores/external.ts
• packages/backend/CHANGELOG.md
• packages/backend/package.json
• packages/backend/src/__tests__/exports.test.ts
• packages/backend/src/api/__tests__/APIKeysApi.test.ts
• packages/backend/src/api/__tests__/AgentTaskApi.test.ts
• packages/backend/src/api/__tests__/M2MTokenApi.test.ts
• packages/backend/src/api/__tests__/factory.test.ts
• packages/backend/src/api/endpoints/APIKeysApi.ts
• packages/backend/src/api/endpoints/AgentTaskApi.ts
• packages/backend/src/api/endpoints/InvitationApi.ts
• packages/backend/src/api/endpoints/JwtTemplatesApi.ts
• packages/backend/src/api/endpoints/M2MTokenApi.ts
• packages/backend/src/api/endpoints/UserApi.ts
• packages/backend/src/api/endpoints/WaitlistEntryApi.ts
• packages/backend/src/api/endpoints/index.ts
• packages/backend/src/api/factory.ts
• packages/backend/src/api/resources/APIKey.ts
• packages/backend/src/api/resources/AgentTask.ts
• packages/backend/src/api/resources/Deserializer.ts
• packages/backend/src/api/resources/Enums.ts
• packages/backend/src/api/resources/ExternalAccount.ts
• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/OauthAccessToken.ts
• packages/backend/src/api/resources/WaitlistEntry.ts
• packages/backend/src/api/resources/index.ts
• packages/backend/src/constants.ts
• packages/backend/src/index.ts
• packages/backend/src/internal.ts
• packages/backend/src/tokens/__tests__/clerkRequest.test.ts
• packages/backend/src/tokens/__tests__/handshake.test.ts
• packages/backend/src/tokens/__tests__/request.test.ts
• packages/backend/src/tokens/clerkRequest.ts
• packages/backend/src/tokens/handshake.ts
• packages/backend/src/tokens/request.ts
• packages/backend/tsup.config.ts
• packages/chrome-extension/CHANGELOG.md
• packages/chrome-extension/package.json
• packages/clerk-js/CHANGELOG.md
• packages/clerk-js/bundle-check.mjs
• packages/clerk-js/bundlewatch.config.json
• packages/clerk-js/package.json
• packages/clerk-js/rspack.config.js
• packages/clerk-js/sandbox/app.ts
• packages/clerk-js/src/core/__tests__/clerk.test.ts
• packages/clerk-js/src/core/auth/AuthCookieService.ts
• packages/clerk-js/src/core/auth/__tests__/getCookieDomain.test.ts
• packages/clerk-js/src/core/auth/cookies/__tests__/clientUat.test.ts
• packages/clerk-js/src/core/auth/cookies/__tests__/session.test.ts
• packages/clerk-js/src/core/auth/cookies/clientUat.ts
• packages/clerk-js/src/core/auth/cookies/devBrowser.ts
• packages/clerk-js/src/core/auth/cookies/requireSameSiteNone.ts
• packages/clerk-js/src/core/auth/cookies/session.ts
• packages/clerk-js/src/core/auth/getCookieDomain.ts
• packages/clerk-js/src/core/auth/safeLock.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/core/constants.ts
• packages/clerk-js/src/core/modules/debug/transports/console.ts
• packages/clerk-js/src/core/resources/BillingSubscription.ts
• packages/clerk-js/src/core/resources/Organization.ts
• packages/clerk-js/src/core/resources/OrganizationCreationDefaults.ts
• packages/clerk-js/src/core/resources/OrganizationSettings.ts
• packages/clerk-js/src/core/resources/PublicUserData.ts
• packages/clerk-js/src/core/resources/Session.ts
• packages/clerk-js/src/core/resources/SignIn.ts
• packages/clerk-js/src/core/resources/SignUp.ts
• packages/clerk-js/src/core/resources/Token.ts
• packages/clerk-js/src/core/resources/User.ts
• packages/clerk-js/src/core/resources/UserSettings.ts
• packages/clerk-js/src/core/resources/__tests__/ExternalAccount.test.ts
• packages/clerk-js/src/core/resources/__tests__/PublicUserData.test.ts
• packages/clerk-js/src/core/resources/__tests__/Session.test.ts
• packages/clerk-js/src/core/resources/__tests__/Token.test.ts
• packages/clerk-js/src/core/resources/__tests__/UserSettings.test.ts
• packages/clerk-js/src/core/sessionTasks.ts
• packages/clerk-js/src/test/create-fixtures.tsx
• packages/clerk-js/src/test/fixture-helpers.ts
• packages/clerk-js/src/test/fixtures.ts
• packages/clerk-js/src/ui/common/WalletInitialIcon.tsx
• packages/clerk-js/src/ui/common/Wizard.tsx
• packages/clerk-js/src/ui/components/Checkout/CheckoutForm.tsx
• packages/clerk-js/src/ui/components/Checkout/__tests__/Checkout.test.tsx
• packages/clerk-js/src/ui/components/ImpersonationFab/__tests__/ImpersonationFab.test.tsx
• packages/clerk-js/src/ui/components/ImpersonationFab/index.tsx
• packages/clerk-js/src/ui/components/OAuthConsent/OAuthConsent.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/ActiveMembersList.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/InviteMembersForm.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/MemberListTable.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationMembers.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileAvatarUploader.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/InviteMembersPage.test.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationMembers.test.tsx
• packages/clerk-js/src/ui/components/PaymentAttempts/PaymentAttemptPage.tsx
• packages/clerk-js/src/ui/components/SessionTasks/index.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/ChooseOrganizationScreen.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/OrganizationCreationDefaultsAlert.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/__tests__/TaskChooseOrganization.test.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/index.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SetupMfaStartScreen.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SmsCodeFlowScreen.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/TOTPCodeFlowScreen.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/__tests__/TaskSetupMfa.test.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/constants.ts
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/index.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/shared.tsx
• packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/index.ts
• packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuardOnlyOnMount.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOnePasswordCard.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInFactorOneSolanaWalletsCard.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInFactorTwo.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInSocialButtons.tsx
• packages/clerk-js/src/ui/components/SignIn/SignInStart.tsx
• packages/clerk-js/src/ui/components/SignIn/__tests__/handleCombinedFlowTransfer.test.ts
• packages/clerk-js/src/ui/components/SignIn/handleCombinedFlowTransfer.ts
• packages/clerk-js/src/ui/components/SignIn/index.tsx
• packages/clerk-js/src/ui/components/SignUp/SignUpSocialButtons.tsx
• packages/clerk-js/src/ui/components/SignUp/SignUpStart.tsx
• packages/clerk-js/src/ui/components/SignUp/SignUpStartSolanaWalletsCard.tsx
• packages/clerk-js/src/ui/components/SignUp/__tests__/SignUpStart.test.tsx
• packages/clerk-js/src/ui/components/SignUp/index.tsx
• packages/clerk-js/src/ui/components/Statements/StatementPage.tsx
• packages/clerk-js/src/ui/components/UserProfile/MfaSection.tsx
• packages/clerk-js/src/ui/components/UserProfile/Web3Form.tsx
• packages/clerk-js/src/ui/components/UserProfile/Web3Section.tsx
• packages/clerk-js/src/ui/components/UserProfile/Web3SelectSolanaWalletScreen.tsx
• packages/clerk-js/src/ui/components/UserProfile/__tests__/MfaPage.test.tsx
• packages/clerk-js/src/ui/components/UserProfile/__tests__/PasswordSection.test.tsx
• packages/clerk-js/src/ui/components/UserProfile/__tests__/SecurityPage.test.tsx
• packages/clerk-js/src/ui/components/UserProfile/utils.ts
• packages/clerk-js/src/ui/components/devPrompts/EnableOrganizationsPrompt/index.tsx
• packages/clerk-js/src/ui/components/devPrompts/KeylessPrompt/__tests__/KeylessPrompt.test.tsx
• packages/clerk-js/src/ui/components/devPrompts/KeylessPrompt/index.tsx
• packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx
• packages/clerk-js/src/ui/contexts/components/SessionTasks.ts
• packages/clerk-js/src/ui/customizables/elementDescriptors.ts
• packages/clerk-js/src/ui/elements/Alert.tsx
• packages/clerk-js/src/ui/elements/Avatar.tsx
• packages/clerk-js/src/ui/elements/AvatarUploader.tsx
• packages/clerk-js/src/ui/elements/FormContainer.tsx
• packages/clerk-js/src/ui/elements/Header.tsx
• packages/clerk-js/src/ui/elements/OrganizationAvatar.tsx
• packages/clerk-js/src/ui/elements/Select.tsx
• packages/clerk-js/src/ui/elements/SuccessPage.tsx
• packages/clerk-js/src/ui/elements/VerificationCodeCard.tsx
• packages/clerk-js/src/ui/elements/Web3SolanaWalletButtons.tsx
• packages/clerk-js/src/ui/elements/contexts/index.tsx
• packages/clerk-js/src/ui/hooks/index.ts
• packages/clerk-js/src/ui/hooks/useFetchRoles.ts
• packages/clerk-js/src/ui/hooks/useWindowEventListener.ts
• packages/clerk-js/src/ui/lazyModules/components.ts
• packages/clerk-js/src/ui/localization/__tests__/parseLocalization.test.tsx
• packages/clerk-js/src/ui/primitives/Text.tsx
• packages/clerk-js/src/ui/router/BaseRouter.tsx
• packages/clerk-js/src/ui/router/PathRouter.tsx
• packages/clerk-js/src/ui/types.ts
• packages/clerk-js/src/ui/utils/__tests__/originPrefersPopup.test.ts
• packages/clerk-js/src/ui/utils/mfa.ts
• packages/clerk-js/src/ui/utils/originPrefersPopup.ts
• packages/clerk-js/src/ui/utils/web3CallbackErrorHandler.ts
• packages/clerk-js/src/utils/billing.ts
• packages/clerk-js/src/utils/captcha/turnstile.ts
• packages/clerk-js/src/utils/injectedWeb3EthProviders.ts
• packages/clerk-js/src/utils/injectedWeb3SolanaProviders.ts
• packages/clerk-js/src/utils/thirdPartyDomains.ts
• packages/clerk-js/src/utils/web3.ts
• packages/elements/CHANGELOG.md
• packages/elements/package.json
• packages/elements/src/react/hooks/use-third-party-provider.hook.ts
• packages/expo-passkeys/CHANGELOG.md
• packages/expo-passkeys/package.json
• packages/expo/CHANGELOG.md
• packages/expo/package.json
• packages/express/CHANGELOG.md
• packages/express/package.json
• packages/fastify/CHANGELOG.md
• packages/fastify/package.json
• packages/localizations/CHANGELOG.md
• packages/localizations/package.json
• packages/localizations/src/ar-SA.ts
• packages/localizations/src/be-BY.ts
• packages/localizations/src/bg-BG.ts
• packages/localizations/src/bn-IN.ts
• packages/localizations/src/ca-ES.ts
• packages/localizations/src/cs-CZ.ts
• packages/localizations/src/da-DK.ts
• packages/localizations/src/de-DE.ts
• packages/localizations/src/el-GR.ts
• packages/localizations/src/en-GB.ts
• packages/localizations/src/en-US.ts
• packages/localizations/src/es-CR.ts
• packages/localizations/src/es-ES.ts
• packages/localizations/src/es-MX.ts
• packages/localizations/src/es-UY.ts
• packages/localizations/src/fa-IR.ts
• packages/localizations/src/fi-FI.ts
• packages/localizations/src/fr-FR.ts
• packages/localizations/src/he-IL.ts
• packages/localizations/src/hi-IN.ts
• packages/localizations/src/hr-HR.ts
• packages/localizations/src/hu-HU.ts
• packages/localizations/src/id-ID.ts
• packages/localizations/src/is-IS.ts
• packages/localizations/src/it-IT.ts
• packages/localizations/src/ja-JP.ts
• packages/localizations/src/kk-KZ.ts
• packages/localizations/src/ko-KR.ts
• packages/localizations/src/mn-MN.ts
• packages/localizations/src/ms-MY.ts
• packages/localizations/src/nb-NO.ts
• packages/localizations/src/nl-BE.ts
• packages/localizations/src/nl-NL.ts
• packages/localizations/src/pl-PL.ts
• packages/localizations/src/pt-BR.ts
• packages/localizations/src/pt-PT.ts
• packages/localizations/src/ro-RO.ts
• packages/localizations/src/ru-RU.ts
• packages/localizations/src/sk-SK.ts
• packages/localizations/src/sr-RS.ts
• packages/localizations/src/sv-SE.ts
• packages/localizations/src/ta-IN.ts
• packages/localizations/src/te-IN.ts
• packages/localizations/src/th-TH.ts
• packages/localizations/src/tr-TR.ts
• packages/localizations/src/uk-UA.ts
• packages/localizations/src/vi-VN.ts
• packages/localizations/src/zh-CN.ts
• packages/localizations/src/zh-TW.ts
• packages/nextjs/CHANGELOG.md
• packages/nextjs/package.json
• packages/nextjs/src/__tests__/keyless-custom-headers.test.ts
• packages/nextjs/src/app-router/server/auth.ts
• packages/nextjs/src/client-boundary/hooks.ts
• packages/nextjs/src/client-boundary/uiComponents.tsx
• packages/nextjs/src/index.ts
• packages/nextjs/src/server/__tests__/content-security-policy.test.ts
• packages/nextjs/src/server/clerkMiddleware.ts
• packages/nextjs/src/server/content-security-policy.ts
• packages/nextjs/src/server/data/getAuthDataFromRequest.ts
• packages/nextjs/src/server/fs/middleware-location.ts
• packages/nextjs/src/server/keyless-custom-headers.ts
• packages/nextjs/src/utils/__tests__/sdk-versions.test.ts
• packages/nextjs/src/utils/sdk-versions.ts
• packages/nuxt/CHANGELOG.md
• packages/nuxt/package.json
• packages/react-router/CHANGELOG.md
• packages/react-router/package.json
• packages/react/CHANGELOG.md
• packages/react/package.json
• packages/react/src/components/SignInButton.tsx
• packages/react/src/components/SignUpButton.tsx
• packages/react/src/components/__tests__/SignInButton.test.tsx
• packages/react/src/components/__tests__/SignUpButton.test.tsx
• packages/react/src/components/index.ts
• packages/react/src/components/uiComponents.tsx
• packages/react/src/hooks/index.ts
• packages/react/src/hooks/useSignIn.ts

---

📝 Walkthrough

Walkthrough

This PR introduces a major update targeting the release/core-2 branch, adding Solana Web3 wallet authentication support, MFA setup task flows, organization creation defaults configuration, expanded API key management, and enhanced session/cookie handling. It includes backend API extensions, frontend UI components, comprehensive localization updates across 50+ languages, integration tests, and configuration adjustments for the new branch target.

Changes

Cohort / File(s)	Summary
Branch & CI Configuration .changeset/config.json, .github/workflows/ci.yml, .github/workflows/release.yml, packages/backend/tsup.config.ts	Updated target branch from main to release/core-2 in changeset and CI workflows. Modified release workflow concurrency, setup parameters, and referenced typedoc workflow. Updated module bundling configuration.
Workflow Removals .github/workflows/nightly-checks.yml, .github/workflows/preview.retheme.yml, .github/workflows/release-canary.yml	Removed deprecated GitHub Actions workflows for nightly integration tests, preview deployments, and canary releases.
Backend API Endpoints & Resources packages/backend/src/api/endpoints/APIKeysApi.ts, packages/backend/src/api/endpoints/AgentTaskApi.ts, packages/backend/src/api/endpoints/M2MTokenApi.ts, packages/backend/src/api/endpoints/UserApi.ts, packages/backend/src/api/endpoints/WaitlistEntryApi.ts, packages/backend/src/api/resources/APIKey.ts, packages/backend/src/api/resources/AgentTask.ts, packages/backend/src/api/resources/ExternalAccount.ts, packages/backend/src/api/resources/OauthAccessToken.ts	Expanded API surface with new methods: APIKeysApi.get/update/delete with revocation reason support, M2MTokenApi.list with filtering, UserApi.setPasswordCompromised/unsetPasswordCompromised, WaitlistEntryApi.createBulk. Added new AgentTaskAPI class. Enhanced resource models with additional fields (APIKey metadata, OauthAccessToken.idToken, ExternalAccount.providerUserId).
Backend Deserialization & Types packages/backend/src/api/resources/Deserializer.ts, packages/backend/src/api/resources/Enums.ts, packages/backend/src/api/resources/JSON.ts, packages/backend/src/api/resources/index.ts, packages/backend/src/api/factory.ts, packages/backend/src/internal.ts, packages/backend/src/constants.ts, packages/backend/src/index.ts	Added AgentTask deserialization support, M2M token list response handling. Updated OrganizationInvitationStatus enum to include 'expired'. Exported new AgentTask types and isMachineToken utility. Added Session query parameter constant.
Backend Testing packages/backend/src/api/__tests__/APIKeysApi.test.ts, packages/backend/src/api/__tests__/AgentTaskApi.test.ts, packages/backend/src/api/__tests__/M2MTokenApi.test.ts, packages/backend/src/api/__tests__/factory.test.ts	Comprehensive test coverage for new API endpoints including API key CRUD operations, agent task creation/revocation, M2M token listing with filters, and waitlist bulk operations.
Backend Token & Auth Handling packages/backend/src/tokens/clerkRequest.ts, packages/backend/src/tokens/handshake.ts, packages/backend/src/tokens/request.ts	Implemented duck-typing for ClerkRequest detection, session token inclusion in handshake URLs, OAuth JWT rejection in header token flows, and session_token acceptance logic.
Astro Integration packages/astro/src/integration/create-integration.ts, packages/astro/src/integration/snippets.ts, packages/astro/src/stores/external.ts, packages/astro/src/astro-components/control/Protect.astro, packages/astro/src/astro-components/control/ProtectCSR.astro, packages/astro/src/astro-components/control/SignedIn.astro, packages/astro/src/astro-components/control/SignedOut.astro	Added buildBeforeHydrationSnippet and buildPageLoadSnippet utilities for script injection. Introduced $billingStore for billing state access. Enhanced Protect/SignedIn/SignedOut components with runtime CSR/SSR detection logic and slot handling.
Clerk.js Core Resources & Types packages/clerk-js/src/core/resources/BillingSubscription.ts, packages/clerk-js/src/core/resources/Organization.ts, packages/clerk-js/src/core/resources/OrganizationCreationDefaults.ts, packages/clerk-js/src/core/resources/OrganizationSettings.ts, packages/clerk-js/src/core/resources/PublicUserData.ts, packages/clerk-js/src/core/resources/Session.ts, packages/clerk-js/src/core/resources/User.ts	Added OrganizationCreationDefaults resource for retrieving org setup defaults. Extended Session with agent support. Added organization creation defaults to settings. Enhanced User with getOrganizationCreationDefaults method. Added billing credits support and username field.
Clerk.js Sign-In/Sign-Up & Web3 packages/clerk-js/src/core/resources/SignIn.ts, packages/clerk-js/src/core/resources/SignUp.ts, packages/clerk-js/src/ui/components/SignIn/SignInFactorOneSolanaWalletsCard.tsx, packages/clerk-js/src/ui/components/SignUp/SignUpStartSolanaWalletsCard.tsx, packages/clerk-js/src/utils/web3.ts, packages/clerk-js/src/utils/injectedWeb3SolanaProviders.ts	Comprehensive Solana Web3 support added across sign-in/sign-up flows with walletName handling. New UI cards for Solana wallet selection. Solana provider detection and signature generation utilities.
Clerk.js MFA Setup Task packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/index.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SetupMfaStartScreen.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/SmsCodeFlowScreen.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/TOTPCodeFlowScreen.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/shared.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskSetupMfa/constants.ts	New MFA setup task implementation with phone SMS and TOTP authenticator flows, backup code display, and shared footer sign-out action.
Clerk.js Session Tasks & Organization packages/clerk-js/src/ui/components/SessionTasks/index.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/CreateOrganizationScreen.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/TaskChooseOrganization/OrganizationCreationDefaultsAlert.tsx, packages/clerk-js/src/ui/components/SessionTasks/tasks/shared/withTaskGuardOnlyOnMount.tsx	Integrated TaskSetupMFA into session task flow with context providers. Enhanced organization creation with defaults support, alert messaging, and logo handling. Added task guard HOC for mount-based redirects.
Clerk.js Billing & Checkout UI packages/clerk-js/src/ui/components/Checkout/CheckoutForm.tsx, packages/clerk-js/src/ui/components/PaymentAttempts/PaymentAttemptPage.tsx, packages/clerk-js/src/ui/components/Statements/StatementPage.tsx	Updated credit display to show proration and payer-applied account credits separately with distinct line items.
Clerk.js Organization Profile packages/clerk-js/src/ui/components/OrganizationProfile/ActiveMembersList.tsx, packages/clerk-js/src/ui/components/OrganizationProfile/InviteMembersForm.tsx, packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationMembers.tsx	Added role set migration detection and UI blocking. Integrated hasRoleSetMigration flag throughout member management and role assignment UI.
Clerk.js User Profile & Web3 packages/clerk-js/src/ui/components/UserProfile/Web3Form.tsx, packages/clerk-js/src/ui/components/UserProfile/Web3Section.tsx, packages/clerk-js/src/ui/components/UserProfile/Web3SelectSolanaWalletScreen.tsx, packages/clerk-js/src/ui/components/UserProfile/MfaSection.tsx	Added Solana wallet selection screen. Refactored Web3Form with action context integration and wallet-name awareness. Enhanced MFA section with conditional delete actions based on MFA requirements.
Clerk.js UI Elements & Routing packages/clerk-js/src/ui/elements/Avatar.tsx, packages/clerk-js/src/ui/elements/Header.tsx, packages/clerk-js/src/ui/elements/SuccessPage.tsx, packages/clerk-js/src/ui/elements/VerificationCodeCard.tsx, packages/clerk-js/src/ui/elements/Web3SolanaWalletButtons.tsx, packages/clerk-js/src/ui/elements/WalletInitialIcon.tsx, packages/clerk-js/src/ui/router/BaseRouter.tsx, packages/clerk-js/src/ui/router/PathRouter.tsx	Added loading spinner support to Avatar. Introduced badge text support in Header and SuccessPage. Implemented Web3SolanaWalletButtons component with wallet adapter integration. Added WalletInitialIcon for wallet initials display. Enhanced router with history change observation and pushState/replaceState patching.
Clerk.js Utilities & Helpers packages/clerk-js/src/ui/utils/web3.ts, packages/clerk-js/src/ui/utils/thirdPartyDomains.ts, packages/clerk-js/src/ui/utils/originPrefersPopup.ts, packages/clerk-js/src/ui/utils/mfa.ts, packages/clerk-js/src/utils/billing.ts, packages/clerk-js/src/utils/captcha/turnstile.ts, packages/clerk-js/src/utils/injectedWeb3EthProviders.ts	Added third-party domain list for cookie and popup handling. Created MFA utility helpers (getSecondFactors, getSecondFactorsAvailableToAdd). Enhanced Solana identifier/signature generation. Added billing credits deserialization. Improved Turnstile captcha diagnostics.
Clerk.js Type Definitions & Contexts packages/clerk-js/src/ui/types.ts, packages/clerk-js/src/ui/contexts/ClerkUIComponentsContext.tsx, packages/clerk-js/src/ui/contexts/components/SessionTasks.ts, packages/clerk-js/src/ui/customizables/elementDescriptors.ts	Added TaskSetupMFACtx and TaskSetupMFAProps types. Extended component context with TaskSetupMFA support. Added new appearance customization keys for MFA and Solana wallet UI elements.
Clerk.js KeylessPrompt & Dev Tools packages/clerk-js/src/ui/components/devPrompts/KeylessPrompt/index.tsx, packages/clerk-js/src/ui/components/devPrompts/EnableOrganizationsPrompt/index.tsx	Major refactor of KeylessPrompt with state machine pattern and self-contained expanded UI. Enhanced EnableOrganizationsPrompt with RadioGroup for membership requirements and organization name fetching.
Clerk.js Testing & Fixtures packages/clerk-js/src/test/fixture-helpers.ts, packages/clerk-js/src/test/fixtures.ts, packages/clerk-js/src/core/resources/__tests__/*.test.ts, packages/clerk-js/src/ui/components/**/__tests__/*.test.ts	Extended test fixtures with actor/session support, organization creation defaults, and MFA configuration. Added comprehensive tests for MFA setup flows, org creation restrictions, role migrations, and Web3/Solana functionality.
Integration Tests & Setup integration/tests/astro/billingStore.test.ts, integration/tests/astro/components.test.ts, integration/tests/session-tasks-setup-mfa.test.ts, integration/tests/oauth-flows.test.ts, integration/presets/envs.ts, integration/presets/longRunningApps.ts, integration/templates/*	Added MFA setup session task environment and tests. Added React Vite OAuth popup flow tests. Updated integration templates with Solana wallet and billing store examples. Added new app configurations for testing.
Localization Updates packages/localizations/src/*.ts (50+ language files), packages/clerk-js/src/ui/localization/__tests__/parseLocalization.test.tsx	Comprehensive localization additions across all supported languages for Solana Web3 flows, MFA setup UI, organization creation restrictions/defaults, role migration alerts, billing credits terminology, and error messages.
Package Versions & Changelogs packages/*/package.json, packages/*/CHANGELOG.md	Version bumps across multiple packages (clerk-js 5.114.0→5.125.2, backend 2.26.0→2.32.2, astro 2.16.6→2.17.7, etc.) with corresponding changelog entries documenting dependency updates and new features.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Clerk as Clerk.js Client
    participant SignIn
    participant Web3 as Web3/Solana
    participant Backend
    participant Session

    User->>SignIn: Navigate to sign-in
    SignIn->>Clerk: Check sign-in status
    Clerk-->>SignIn: Show Web3 options
    User->>SignIn: Click Solana wallet
    SignIn->>Web3: Initialize Solana flow
    Web3->>Web3: Detect installed wallets
    User->>Web3: Select wallet
    Web3->>Web3: Get wallet account
    Web3->>Clerk: Generate signature
    Clerk->>Backend: Authenticate with signature
    Backend->>Session: Create session
    Backend-->>Clerk: Session established
    Clerk-->>User: Redirect to app

Loading

sequenceDiagram
    participant User
    participant Clerk as Clerk.js Client
    participant MFATask as MFA Setup Task
    participant Phone
    participant TOTP
    participant Backend
    participant Session

    User->>Clerk: Complete sign-in/sign-up
    Clerk->>Session: Check if MFA required
    Session-->>Clerk: MFA pending
    Clerk->>MFATask: Mount MFA setup flow
    MFATask->>User: Show method selection (SMS/TOTP)
    User->>MFATask: Choose method
    
    alt SMS Code Path
        MFATask->>Phone: Add/select phone
        Phone->>Backend: Create phone verification
        Backend-->>Phone: Send verification code
        User->>Phone: Enter code
        Phone->>Backend: Verify code
        Backend->>Session: Enable second factor
        Session-->>Backend: MFA enabled
    else TOTP Path
        MFATask->>TOTP: Generate TOTP secret
        TOTP->>User: Display QR code
        User->>TOTP: Scan & verify
        TOTP->>Backend: Verify TOTP code
        Backend->>Session: Enable second factor
        Session-->>Backend: MFA enabled
    end
    
    MFATask->>User: Show backup codes
    User->>Clerk: Acknowledge
    Clerk-->>User: Redirect to app

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ 90+ minutes

Possibly related PRs

• fix(backend): Type JwtTemplatesApi.list as PaginatedResourceResponse (Core 2) #7868: Updates JwtTemplatesApi.list return type to PaginatedResourceResponse, matching similar pagination response changes in this PR.

Suggested labels

clerk-js, core-2, backend, web3, mfa, localization

Poem

🐰 Hops through Core Two with gleeful bounds,
Solana wallets spring without sound,
MFA tasks now bloom and grow,
Organization defaults steal the show,
From Astro to JS, changes abound,
A migration grand on solid ground! 🌟

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release/core-2

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}