Skip to content

docs: add CLAUDE.md agent guidelines for auth0-spa-js#1651

Draft
sanchitmehtagit wants to merge 8 commits into
mainfrom
claude-md-guidelines
Draft

docs: add CLAUDE.md agent guidelines for auth0-spa-js#1651
sanchitmehtagit wants to merge 8 commits into
mainfrom
claude-md-guidelines

Conversation

@sanchitmehtagit

@sanchitmehtagit sanchitmehtagit commented Jul 3, 2026

Copy link
Copy Markdown

Summary

Adds AI-agent onboarding docs for auth0-spa-js, generated by the generating-claude-md skill and tailored to this repo.

  • CLAUDE.md — the canonical, lean guidelines file: a concrete agent persona, core commands, testing conventions (Jest unit + Cypress against a local mock OIDC provider), three-tier boundaries, browser-security notes (PKCE, web-worker token isolation, DPoP), and the MIGRATION_GUIDE.md breaking-change rule.
  • AGENTS.md — now references @CLAUDE.md so non-Claude agents (Codex, Gemini) read one source of truth (replaces the older standalone AGENTS.md; its architecture/tribal knowledge was folded into CLAUDE.md).

Notes

  • Every command was verified against package.json and the CI workflows; every file path referenced in CLAUDE.md resolves on disk.
  • The telemetry rule is scoped to new request paths (not every feature) and points at the existing src/api.ts Auth0-Client header, preserving the auth0Client wrapping of @auth0/auth0-auth-js.
  • No docs/ offload — docs/ holds generated TypeDoc output and the SDK is a lean single package, so the file stays inline.
  • No source code touched — documentation only.

Test plan

  • Review CLAUDE.md for accuracy against the current SDK surface
  • Confirm the boundaries/security notes match current DPoP + refresh-token behavior

Summary by CodeRabbit

  • Documentation
    • Consolidated contributor guidance into a single, more complete reference via a new AI Agent Guidelines document.
    • Replaced the prior project overview with a brief pointer to the new single source of coding guidelines.
    • Added a command reference with ready-to-run build, test (unit and Cypress), lint, and release/publish commands.
    • Added a “Common Pitfalls” guide focused on SPA security, browser constraints, and bundle/correctness gotchas.

Add a canonical CLAUDE.md as the single source of truth for AI coding
agents (persona, commands, testing conventions, three-tier boundaries,
browser security notes, telemetry via the Auth0-Client header, and the
MIGRATION_GUIDE.md rule), and repoint AGENTS.md at @CLAUDE.md so
non-Claude agents share the same guidance.

No docs/ offload — docs/ holds generated TypeDoc output and the SDK is
a lean single package, so the file stays inline.
@sanchitmehtagit sanchitmehtagit requested a review from a team as a code owner July 3, 2026 12:25
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

AGENTS.md now points to CLAUDE.md, and CLAUDE.md adds AI agent guidance for repository conventions, workflow rules, security constraints, browser-auth pitfalls, and documentation update requirements. New reference docs add command lookup and common pitfall notes.

Changes

Documentation restructure

Layer / File(s) Summary
AGENTS.md redirect
AGENTS.md
Replaces the prior project overview with a short header directing AI agents to CLAUDE.md for maintained guidelines.
CLAUDE.md overview and setup
CLAUDE.md
Adds document purpose, assistant role constraints, working principles, project overview, tooling, testing guidance, repository structure, and code style and bundle discipline expectations.
Workflow, boundaries, and security guidance
CLAUDE.md, references/pitfalls.md
Adds Git workflow expectations, behavioral boundaries, security considerations, common pitfalls, and documentation update rules.
Command reference
references/commands.md
Adds a command reference covering build, test, lint, bundle checks, and release commands.

Estimated code review effort: 1 (Trivial) | ~5 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: adding CLAUDE.md agent guidelines for auth0-spa-js.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude-md-guidelines

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CLAUDE.md`:
- Line 54: The directory tree fence in CLAUDE.md is missing a language tag,
which causes markdownlint-cli2 to fail; update the fenced block that shows the
tree diagram to use a plain text language label such as text or plaintext so the
docs lint passes.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: fd3807a2-b484-4ad2-b8b0-cb07ab99d02c

📥 Commits

Reviewing files that changed from the base of the PR and between 35ec131 and ae2b4f7.

📒 Files selected for processing (2)
  • AGENTS.md
  • CLAUDE.md

Comment thread CLAUDE.md

## Project Structure

```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Label the directory tree fence so docs lint stays green.

markdownlint-cli2 flags this fence as missing a language tag. Use text or plaintext for the tree block.

♻️ Proposed fix
-```
+```text
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
```
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)

[warning] 54-54: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CLAUDE.md` at line 54, The directory tree fence in CLAUDE.md is missing a
language tag, which causes markdownlint-cli2 to fail; update the fenced block
that shows the tree diagram to use a plain text language label such as text or
plaintext so the docs lint passes.

Source: Linters/SAST tools

- Add universal "Any breaking change — always ask first" Ask-First boundary
- Stop tracking MIGRATION_GUIDE.md as a fixed doc (breaking changes are
  covered by the Ask-First boundary; the guide is inferred from the branch)
- Add version-source sync boundary (.version, src/version.ts, package.json,
  README/FAQ pins via .shiprc)
- Refresh structure (myaccount/, passkey/) and code-to-docs mapping
Regenerated with the updated generating-claude-md skill: adds the
universal Working Principles preamble (think before coding, simplicity
first, surgical changes, goal-driven execution) after Your Role, and
drops the now-duplicate surgical-changes bullet from Boundaries.
Move the full command list and detailed pitfalls out of CLAUDE.md into
references/*.md behind lazy "read when you need it" pointers, keeping the
root file lean. Core commands, boundaries, security, and the persona stay
inline. references/ avoids colliding with the generated TypeDoc docs/.
…inters

Regenerated via the generating-claude-md skill:
- Project Structure now sits right after Project Overview (orientation
  before command detail).
- Testing conventions and the code-to-docs mapping move into
  references/testing.md and references/docs-update.md; the
  "update README/EXAMPLES in the same PR" boundary stays inline.
- All references/ pointers are now clickable markdown links.
Keep the dominant naming/formatting convention inline as a one-line
anchor; move the full linter setup, naming rules, bundle discipline,
and dominant patterns into references/code-style.md behind a linked
pointer.
Keep the enforced commit convention inline (commitlint fails CI
otherwise); move branch naming, PR requirements, and changelog format
into references/git-workflow.md behind a linked pointer.
Move Boundaries and Security up so all always-loaded substantive
sections (Overview, Structure, Boundaries, Security) come first, then
the reference sections (Commands, Testing, Code Style, Git, Pitfalls,
Docs) as a contiguous "read when you need it" pointer block.
@sanchitmehtagit sanchitmehtagit marked this pull request as draft July 3, 2026 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant