cli auth email fixes

[drew-harris]

Handles edge cases where the user pulls a config with sender email == verify@auth-pm.instantdb.com

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ca92888c-1995-4519-a7ae-13153a03c2ab

📥 Commits

Reviewing files that changed from the base of the PR and between b608229 and f7b9f3a.

📒 Files selected for processing (1)

• client/packages/version/src/version.ts

✅ Files skipped from review due to trivial changes (1)

• client/packages/version/src/version.ts

---

📝 Walkthrough

Walkthrough

Schema updates make email sender and verification fields nullish-capable; the CLI push command now fetches the server default email template and omits sender-email from the payload when the configured sender matches the default, and skips verification logging in that case.

Changes

Email configuration and default template integration

Layer / File(s)	Summary
Core email config schemas with nullish support client/packages/cli/src/lib/email.ts	EmailConfig.authEmail.senderEmail and VerificationSchema.instant['verified?'] now accept nullish values (null or undefined) in addition to their base types.
Email template info schema alignment client/packages/cli/src/commands/auth/email/status.ts	EmailTemplateInfoSchema.email field switched from Schema.optional to Schema.NullishOr to accept explicit null as well as missing values.
Push command default template integration client/packages/cli/src/commands/auth/email/push.ts	authEmailPushCmd imports getDefaultEmailTemplate, fetches the default template to determine the default sender email, omits sender-email from the request when the configured sender equals the default, and restricts sender verification logic to run only when a configured sender is present and differs from the default.
Version bump client/packages/version/src/version.ts	Exports version updated from v1.0.48 to v1.0.49.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• instantdb/instant#2633: Touches the CLI authEmailPushCmd/auth email push flow and overlaps the push command implementation.
• instantdb/instant#2719: Adds server-side default email template endpoint and related email-template wiring used by the CLI changes.
• instantdb/instant#2280: Also updates the shared package version constant (version bump).

Suggested reviewers

• dwwoelfel
• stopachka

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'cli auth email fixes' is vague and generic, using non-descriptive terms that don't convey what specific email fixes are being addressed in the changeset.	Consider a more specific title that describes the main issue being fixed, such as 'Handle default sender email edge case in auth email CLI' or similar.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description directly relates to the changes made, specifically addressing the edge case of user configs with sender email matching the default template sender email.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch drewh/auth-cli-email-fixes

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dwwoelfel]

LGTM!

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

client/packages/cli/src/commands/auth/email/push.ts (1)

70-81: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Guard sendSenderVerification with the same default-sender condition.

The new default-sender guard is only applied to DNS verification (Lines 83-86), but the email send (Lines 70-81) can still fire based only on verification_verified === false. That can trigger unnecessary verification emails for default/omitted sender scenarios.

Suggested fix

+  const shouldVerifyCustomSender =
+    !!authEmail.senderEmail && authEmail.senderEmail !== defTemplate.senderEmail;
+
-  if (info?.verification_verified === false) {
+  if (shouldVerifyCustomSender && info?.verification_verified === false) {
     yield* sendSenderVerification;
     yield* Effect.log(
       boxen(
         "We've sent a confirmation email containing a six digit code to verify the sender email address.\nUse instant-cli auth email verify <code> to complete verification.",
         {
           borderColor: 'yellow',
           padding: { right: 1, left: 1 },
         },
       ),
     );
   }

-  if (
-    emailConfig.authEmail.senderEmail &&
-    emailConfig.authEmail.senderEmail !== defTemplate.senderEmail
-  ) {
+  if (shouldVerifyCustomSender) {
     const verification = yield* getVerification;
     if (verification.verification) {
       yield* Effect.log(
         formatSenderVerificationDnsRecords(verification.verification),
       );
     }
   }

Also applies to: 83-86

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@client/packages/cli/src/commands/auth/email/push.ts` around lines 70 - 81,
The sendSenderVerification branch is triggered solely by
info?.verification_verified === false which can send unnecessary verification
emails for the default/omitted sender; wrap the yield* sendSenderVerification
and the associated Effect.log boxen message with the same default-sender guard
used for the DNS verification branch so the sender verification only runs when
the sender is not the default/omitted address (i.e., apply the same condition
used in the DNS verification block to the sendSenderVerification path).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@client/packages/cli/src/commands/auth/email/push.ts`:
- Around line 70-81: The sendSenderVerification branch is triggered solely by
info?.verification_verified === false which can send unnecessary verification
emails for the default/omitted sender; wrap the yield* sendSenderVerification
and the associated Effect.log boxen message with the same default-sender guard
used for the DNS verification branch so the sender verification only runs when
the sender is not the default/omitted address (i.e., apply the same condition
used in the DNS verification block to the sendSenderVerification path).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 16ad5a85-65c7-40ca-bf62-9da5973576dd

📥 Commits

Reviewing files that changed from the base of the PR and between 807eb69 and b608229.

📒 Files selected for processing (3)

• client/packages/cli/src/commands/auth/email/push.ts
• client/packages/cli/src/commands/auth/email/status.ts
• client/packages/cli/src/lib/email.ts

[github-actions]

View Vercel preview at instant-www-js-drewh-auth-cli-email-fixes-jsv.vercel.app.