refactor(js): extract a generic store from TokenCache

[jacekradko]

First slice of the TokenCache decoupling (SDK-117), in two no-behavior-change steps.

The first commit backfills characterization tests that pin down current cache behavior (cross-tab close() lifecycle, graceful degradation when BroadcastChannel is missing, audience key coalescing) to serve as the regression bar for the rest of the refactor. The second lifts the raw key/value storage out of MemoryTokenCache into a small generic createTokenStore<V> and rewires the cache onto it, so storage is testable on its own without timers or channel mocks.

The part worth a careful read is the cache.* -> store.* rewire in tokenCache.ts. The deleteKey identity check and the overwrite guard both rely on store.get(key) !== value preserving reference identity, which the Map-backed store does. The full src/core suite stays green (632 tests, with Session/Client as the real consumers).

Writing the backfill surfaced a pre-existing bug: a broadcast postMessage failure evicts a freshly cached token, because the throw lands in setInternal's .catch(deleteKey). I left it as an it.fails tripwire and filed it separately as SDK-119 (backport candidate) rather than fixing it in this refactor.

Empty changeset, since nothing here is user-facing.

Summary by CodeRabbit

• Tests

  • Added comprehensive test suites verifying token cache operations, including channel lifecycle management, offline resilience, and audience key handling.

• Refactor

  • Updated token storage mechanism with a new abstraction layer for improved code structure and maintainability.

[changeset-bot]

🦋 Changeset detected

Latest commit: 5741c5c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 18, 2026 2:27am
swingset	Ready	Preview, Comment	Jun 18, 2026 2:27am

[coderabbitai]

📝 Walkthrough

Walkthrough

Introduces a new TokenStore<V> interface and createTokenStore<V>() factory backed by a Map, then migrates MemoryTokenCache to use this abstraction in place of a raw Map. New unit tests cover createTokenStore semantics and add SDK-117 characterization tests for SessionTokenCache.

Changes

TokenCache Store Decoupling

Layer / File(s)	Summary
TokenStore interface and factory packages/clerk-js/src/core/tokenStore.ts, packages/clerk-js/src/core/__tests__/tokenStore.test.ts	Exports the TokenStore<V> interface (get, set, delete, clear, forEach, size) and createTokenStore<V>() backed by a Map. Unit tests verify all operations including overwrite, delete no-op, forEach callback signature, and generic reference identity.
MemoryTokenCache migration to TokenStore packages/clerk-js/src/core/tokenCache.ts	Replaces the raw Map with createTokenStore<TokenCacheValue>(). Updates clear(), get(), setInternal() (timer management and monotonic overwrite guard), and size() to use the store API.
TokenCache characterization tests packages/clerk-js/src/core/__tests__/tokenCache.test.ts	Adds SDK-117 backfill suites: BroadcastChannel close/lazy-reopen lifecycle, graceful degradation when BroadcastChannel is absent, an it.fails regression for postMessage throwing, and audience key coalescing/isolation.
Changeset .changeset/decouple-tokencache-store.md	Records the package change for the token cache store decoupling.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• dstaley

Poem

🐇 Hop hop, the Map is now wrapped with care,
A TokenStore interface floats through the air!
createTokenStore bounces on in,
The cache stays clean, timers don't spin.
No raw maps left bare—abstraction's the flair! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main refactoring: extracting a generic store abstraction from TokenCache. It is concise, specific, and directly reflects the primary structural change across the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8860

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8860

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8860

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8860

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8860

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8860

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8860

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8860

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8860

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8860

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8860

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8860

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8860

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8860

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8860

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8860

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8860

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8860

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8860

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8860

commit: 48ccda4

[github-actions]

API Changes Report

Generated by Break Check on 2026-06-18T02:28:37.625Z

Summary

Metric	Count
Packages analyzed	19
Packages with changes	0
🔴 Breaking changes	0
🟡 Non-breaking changes	0
🟢 Additions	0

No API Changes Detected

All packages have stable APIs with no detected changes.

---

Report generated by Break Check

_{Last ran on 5741c5c.}

[coderabbitai]

🧹 Nitpick comments (1)

packages/clerk-js/src/core/tokenStore.ts (1)

22-24: ⚡ Quick win

Add @returns tag to JSDoc for customer-facing documentation.

Since this is a public/reference-facing API, the JSDoc should include a @returns tag. Clerk Docs generates reference documentation from JSDoc comments in this repository, so completeness is important for customer-facing clarity.

📝 Suggested JSDoc enhancement

 /**
  * Creates an empty in-memory {`@link` TokenStore} backed by a Map.
+ *
+ * `@returns` A new TokenStore instance with no entries
  */

As per coding guidelines: "Document functions with JSDoc comments including @param, @returns, @throws, and @example tags" and "Treat JSDoc on public/reference-facing APIs as customer-facing documentation."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/clerk-js/src/core/tokenStore.ts` around lines 22 - 24, The JSDoc
comment for the function that creates an empty in-memory TokenStore is missing
the `@returns` tag. Add a `@returns` tag to the JSDoc block that documents what type
of object is returned by this function, describing that it returns a TokenStore
instance. This will ensure the auto-generated customer-facing documentation is
complete and provides clear information about the function's return value.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@packages/clerk-js/src/core/tokenStore.ts`:
- Around line 22-24: The JSDoc comment for the function that creates an empty
in-memory TokenStore is missing the `@returns` tag. Add a `@returns` tag to the
JSDoc block that documents what type of object is returned by this function,
describing that it returns a TokenStore instance. This will ensure the
auto-generated customer-facing documentation is complete and provides clear
information about the function's return value.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 9c96bed2-1827-46a8-8152-0445c5ffc9ad

📥 Commits

Reviewing files that changed from the base of the PR and between f4488f5 and 917e259.

📒 Files selected for processing (5)

• .changeset/decouple-tokencache-store.md
• packages/clerk-js/src/core/__tests__/tokenCache.test.ts
• packages/clerk-js/src/core/__tests__/tokenStore.test.ts
• packages/clerk-js/src/core/tokenCache.ts
• packages/clerk-js/src/core/tokenStore.ts