feat(reactjs-todo-davinci): add ValidatedPasswordCollector support

[ryanbas21]

Summary

• Upgrades @forgerock/davinci-client to PR#638 preview build (adds ValidatedPasswordCollector support)
• Extends the Password component to render a static requirements list, inline validation errors on keystroke, and an optional confirm field (when verify: true) with real-time mismatch feedback
• Wires ValidatedPasswordCollector into form.js via a new validator function exposed from useDavinci
• Adds 2 Playwright e2e tests against the 356a254c PingOne tenant (which returns a passwordPolicy on the registration password field)

Changes

File	Change
package.json	@forgerock/davinci-client → pkg.pr.new PR#638 build
hooks/davinci.hook.js	Expose validator(collector) with try/catch safety fallback
password.js	Requirements list, inline errors, split visibility state, real-time confirm mismatch
form.js	ValidatedPasswordCollector case in mapCollectorsToComponents
e2e/davinci-validated-password.spec.js	2 e2e tests: requirements list visible, inline errors appear/clear
playwright.config.ts	8443 webServer points to 356a254c tenant for ValidatedPassword tests

Notes

• The pkg.pr.new URL should be replaced with the published npm tag once PR#638 is merged to the SDK
• The verify: true confirm field is implemented but not reachable in the current PingOne environment (collector.output.verify is false) — the code is correct and will activate automatically when the environment is configured
• The 356a254c tenant's pingOneSSOConnector/createUser step is returning "requestTimedOut" so a happy-path registration e2e test is not included — covered by the existing davinci-register-user.spec.js against 02fb4743

Test plan

• npm run e2e -- --grep "ValidatedPasswordCollector" — 4 passing (Chromium + Firefox)
• npm run e2e -- --grep "Login" — existing login tests still pass
• Navigate to registration form manually and confirm requirements list and inline errors render

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added password validation with visual requirements list showing character-set criteria (uppercase, lowercase, digits).
  • Implemented password confirmation input field with real-time mismatch detection.
  • Added inline validation error messaging for password policy violations.

• Tests

  • Added end-to-end test coverage for the validated password flow.

[coderabbitai]

Warning

Review limit reached

@ryanbas21, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 46 minutes and 52 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: df7540d7-036d-4601-8c4c-908c6069f5a3

📥 Commits

Reviewing files that changed from the base of the PR and between 2745e9a and 41d7602.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• javascript/reactjs-todo-davinci/e2e/davinci-validated-password.spec.js

📝 Walkthrough

Walkthrough

This PR adds password validation support to the DaVinci form flow. A new validator function is exposed by the useDavinci hook, which the Form component uses to wire up a refactored Password component that displays inline validation requirements and errors, supports optional password confirmation with mismatch detection, and includes visibility toggles. E2E tests confirm the feature works end-to-end, and infrastructure is updated to use a new DaVinci client version and test environment.

Changes

Password Validation in DaVinci Forms

Layer / File(s)	Summary
Validation hook API client/components/davinci-client/hooks/davinci.hook.js	The useDavinci hook now provides a validator(collector) function that safely calls the DaVinci client validation and returns a graceful fallback on error.
Form integration for ValidatedPasswordCollector client/components/davinci-client/form.js	The Form component destructures the validator from the hook and adds mapping for ValidatedPasswordCollector, passing both the validator function and the verify flag to the Password component.
Password component enhancement client/components/davinci-client/password.js	The Password component is refactored to display inline validation requirements derived from policy constraints, inline validation errors from the validator, visibility toggles for primary and confirm inputs, and a conditional confirmation password section with mismatch detection.
End-to-end test coverage e2e/davinci-validated-password.spec.js	New Playwright test spec verifies that password requirements render, validation errors appear when policy is violated (e.g., 'a'), and clear when a compliant password is entered (e.g., 'Demo_12345!').
Dependency and test environment setup package.json, playwright.config.ts	The @forgerock/davinci-client dependency is pinned to a specific pre-release, and the Playwright webServer is reconfigured with port 8444 and a new PingOne OAuth client for test execution.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 A password now dares to validate,
With requirements shown, errors displayed with care,
Confirm it twice, if you please—
The form flows smoother, validation with ease! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main feature addition: ValidatedPasswordCollector support integration into the sample app, which is the primary change across all files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/validated-password-collector

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@javascript/reactjs-todo-davinci/package.json`:
- Line 42: The package.json currently pins `@forgerock/davinci-client` to a
preview pkg.pr.new URL; replace that entry in
javascript/reactjs-todo-davinci/package.json so the dependency references the
published npm version string (e.g. "`@forgerock/davinci-client`":
">=<stable-version>" or a specific semver) instead of the pkg.pr.new URL, then
regenerate the lockfile (run npm install/npm ci locally) so package-lock.json no
longer contains a resolved pkg.pr.new URL; ensure the final package-lock.json
committed to the repo points to the stable registry artifact so CI installs
reliably.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 518e875a-ed2f-4793-b3ca-eb263fe249c5

📥 Commits

Reviewing files that changed from the base of the PR and between bc9ebef and 2745e9a.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• javascript/reactjs-todo-davinci/client/components/davinci-client/form.js
• javascript/reactjs-todo-davinci/client/components/davinci-client/hooks/davinci.hook.js
• javascript/reactjs-todo-davinci/client/components/davinci-client/password.js
• javascript/reactjs-todo-davinci/e2e/davinci-validated-password.spec.js
• javascript/reactjs-todo-davinci/package.json
• javascript/reactjs-todo-davinci/playwright.config.ts