Sync user cookie less often

[drew-harris]

Stop calling cookie sync with firstPartyPath every time reactor starts up and every minute. Should now only be called on state changes.

Includes a helpful snippet in the docs for when a user wants to manually sync.
Ex: the user could put their own setInterval in their _app.tsx that wouldn't run on page navigations.

Question:

Should we include a function on db.auth to run a manual sync?

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR removes Reactor's automatic periodic user sync and changes syncUserToEndpoint to check the fetch response and throw on non-OK HTTP status; backend docs were updated with an on-demand sync example.

Changes

User sync behavior and error handling

Layer / File(s)	Summary
Remove auto-sync and add error handling client/packages/core/src/Reactor.js	Constructor no longer starts a periodic setInterval to sync user to the external endpoint. syncUserToEndpoint now captures the fetch response and explicitly throws on non-OK HTTP status codes, allowing the existing error handler to log failures.
Update sync documentation client/www/app/docs/backend/page.md	Documentation clarifies that user data can be synced on demand by calling db.core._reactor.getCurrentUser() followed by db.core._reactor.syncUserToEndpoint(user), with a TypeScript code example.

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: reducing the frequency of user cookie synchronization by removing automatic periodic syncs.
Description check	✅ Passed	The description is directly related to the changeset, explaining the removal of automatic cookie sync calls and the addition of documentation for manual sync.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch drewh/user-sync-less-often

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

client/www/app/docs/backend/page.md (1)

514-516: 🏗️ Heavy lift

Avoid documenting private _reactor APIs as the supported path.

This snippet encourages use of internals (db.core._reactor), which are not a stable public contract. Consider adding a public method (for example on db.auth) and documenting that instead.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@client/www/app/docs/backend/page.md` around lines 514 - 516, The docs
currently show usage of the private internals db.core._reactor.getCurrentUser()
and syncUserToEndpoint(), which should not be documented as a public API; add
and document a stable public wrapper (for example a method on db.auth such as
db.auth.syncCurrentUserToEndpoint or db.auth.getAndSyncCurrentUser) and update
the snippet to call that public method instead of db.core._reactor.* so
consumers use the supported contract; implement the public method to internally
call getCurrentUser and syncUserToEndpoint so behavior is unchanged while hiding
the private _reactor usage.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@client/www/app/docs/backend/page.md`:
- Around line 513-517: The current code passes the entire AuthState returned by
db.core._reactor.getCurrentUser() into syncUserToEndpoint; instead, extract and
pass the actual user object (the "user" field) to syncUserToEndpoint. Locate
db.core._reactor.getCurrentUser() and change the call site so it awaits or .then
the result and forwards result.user (or the equivalent property) to
db.core._reactor.syncUserToEndpoint rather than the full AuthState wrapper.

---

Nitpick comments:
In `@client/www/app/docs/backend/page.md`:
- Around line 514-516: The docs currently show usage of the private internals
db.core._reactor.getCurrentUser() and syncUserToEndpoint(), which should not be
documented as a public API; add and document a stable public wrapper (for
example a method on db.auth such as db.auth.syncCurrentUserToEndpoint or
db.auth.getAndSyncCurrentUser) and update the snippet to call that public method
instead of db.core._reactor.* so consumers use the supported contract; implement
the public method to internally call getCurrentUser and syncUserToEndpoint so
behavior is unchanged while hiding the private _reactor usage.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 51fa72eb-b5aa-4b67-8501-b86fc1372873

📥 Commits

Reviewing files that changed from the base of the PR and between 8067777 and 52cd6d2.

📒 Files selected for processing (2)

• client/packages/core/src/Reactor.js
• client/www/app/docs/backend/page.md

[github-actions]

View Vercel preview at instant-www-js-drewh-user-sync-less-often-jsv.vercel.app.

[stopachka]

SGTM, but I do wonder: how long will these cookies last?

Perhaps we should do something like once every 7 days. It begs the question: how will we know? I guess we could store something in local storage.

WDYT @dwwoelfel @drew-harris @nezaj ?

[drew-harris]

oh good point the cookies do expire so we'd probably want a local storage to re-sync before they expire

[coderabbitai]

🧹 Nitpick comments (1)

client/packages/core/src/Reactor.js (1)

2193-2206: ⚡ Quick win

Good addition of HTTP status checking.

The change to capture the response and throw on non-OK status is correct—fetch() only rejects on network errors, not HTTP 4xx/5xx responses.

Optional: Include response body in error message for better debugging

     });
     if (!response.ok) {
-      throw new Error(`HTTP error! status: ${response.status}`);
+      const body = await response.text().catch(() => '');
+      throw new Error(`HTTP error! status: ${response.status}${body ? `, body: ${body}` : ''}`);
     }
   } catch (error) {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@client/packages/core/src/Reactor.js` around lines 2193 - 2206, The HTTP error
throw in the Reactor.js POST (the fetch block that posts type: 'sync-user' using
this.config.firstPartyPath) should include the response body to aid debugging;
after checking !response.ok, read the response text (or attempt json) and
include that content and the response.status (and optionally response.statusText
or request URL via this.config.firstPartyPath) in the thrown Error message so
callers get both status and server error details.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@client/packages/core/src/Reactor.js`:
- Around line 2193-2206: The HTTP error throw in the Reactor.js POST (the fetch
block that posts type: 'sync-user' using this.config.firstPartyPath) should
include the response body to aid debugging; after checking !response.ok, read
the response text (or attempt json) and include that content and the
response.status (and optionally response.statusText or request URL via
this.config.firstPartyPath) in the thrown Error message so callers get both
status and server error details.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 6fb88388-ec6d-4f5c-9e17-90c41a15d155

📥 Commits

Reviewing files that changed from the base of the PR and between bd94169 and 5c4efff.

📒 Files selected for processing (2)

• client/packages/core/src/Reactor.js
• client/www/app/docs/backend/page.md