feat(registry): add sign-up authentication blocks

[halvaradop]

Description

This pull request adds sign-up authentication blocks to the registry for the supported frameworks, including React, React Router, and Next.js. The blocks provide a complete account registration experience and demonstrate how users can create an account using the authentication primitives and APIs provided by @aura-stack/auth.

Note

User registration is not currently supported by @aura-stack/auth. As a result, this pull request will remain in draft status until sign-up functionality is implemented in the core library.

One of the goals of building first-party authentication blocks for the Aura Stack ecosystem is to validate real-world use cases and identify missing features, usability issues, and opportunities for improvement within @aura-stack/auth.

During the development of these blocks, a new opportunity was identified to introduce native sign-up support into the library. The implementation and requirements discovered through this work will help guide the design of the upcoming registration feature.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces three framework-specific sign-up block components to a registry-based UI system. Registry JSON files declare the new sign-up-next, sign-up-react, and sign-up-react-router blocks with their dependencies. Three new component files implement card-based sign-up forms with username, email, password fields, and navigation links.

Changes

Sign-up Block Registry and Implementations

Layer / File(s)	Summary
Registry metadata declarations packages/registry/public/r/registry.json, packages/registry/registry.json	Public and internal registry JSON files updated with three new sign-up block entries, each declaring its framework dependency, required UI component dependencies (input, button, card, field), and file paths to the corresponding implementation.
Next.js sign-up component packages/registry/src/registry/new-york/blocks/next/sign-up/sign-up.tsx	Next.js client component rendering a card-centered sign-up form with username, email, password, and confirmation fields, including Terms of Service and Privacy Policy links, plus a Sign in navigation link. Uses Next.js Link for routing.
React and React Router sign-up components packages/registry/src/registry/new-york/blocks/react/sign-up/sign-up.tsx, packages/registry/src/registry/new-york/blocks/react-router/sign-up/sign-up.tsx	Two React client components implementing the same sign-up form UI pattern: one framework-agnostic React component and one React Router-compatible variant. Both render labeled inputs, submit button, and Terms/Privacy/Sign in navigation elements.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Three new sign-ups hop into place,
Registry entries set the trace,
Next and React and Router too,
Form components, tried and true!
Fresh account creation, new and bright,
Welcome blocks that feel just right! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding three new sign-up authentication block components to the registry across different frameworks (Next.js, React, React Router).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/add-sign-up-block

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/registry/src/registry/new-york/blocks/next/sign-up/sign-up.tsx`:
- Line 21: The form currently uses the default GET submission which can leak
password and confirmPassword in the URL; update the <form> in the SignUp
component to use method="post" and remove any action that would cause a
full-page GET, or replace with a controlled onSubmit handler (e.g., handleSubmit
in the sign-up component) that calls event.preventDefault() and submits
credentials via a secure POST (fetch or form POST) so password fields are never
sent as query parameters; ensure the changed <form> element and any added
handleSubmit are used in the sign-up.tsx JSX.

In
`@packages/registry/src/registry/new-york/blocks/react-router/sign-up/sign-up.tsx`:
- Line 21: The <form> in sign-up.tsx currently uses the default GET behavior
which can expose credentials; update the form element in the SignUp component to
explicitly use a safe submission strategy by adding method="post" (and either an
explicit action or a JS onSubmit handler that calls event.preventDefault() and
securely handles the password submission via fetch/axios). Locate the <form> tag
in sign-up.tsx and change it to method="post" and implement a secure onSubmit
handler in the same component (e.g., handleSubmit) that prevents default
navigation and posts credentials over HTTPS.

In `@packages/registry/src/registry/new-york/blocks/react/sign-up/sign-up.tsx`:
- Line 20: The form in the SignUp React component is rendered as a bare <form>
which defaults to GET and can leak credential fields; update the form element in
sign-up.tsx (the SignUp or SignUpForm component) to use method="post" and add an
onSubmit handler that calls event.preventDefault() and routes credentials to
your secure submit function (e.g., handleSubmit) instead of letting the browser
perform a default navigation/GET; ensure handleSubmit performs appropriate
client-side validation and uses your fetch/axios call to POST the data to the
server.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f62804a5-4464-4b0a-a935-8dfa791e78d6

📥 Commits

Reviewing files that changed from the base of the PR and between e6f1451 and a994c35.

📒 Files selected for processing (5)

• packages/registry/public/r/registry.json
• packages/registry/registry.json
• packages/registry/src/registry/new-york/blocks/next/sign-up/sign-up.tsx
• packages/registry/src/registry/new-york/blocks/react-router/sign-up/sign-up.tsx
• packages/registry/src/registry/new-york/blocks/react/sign-up/sign-up.tsx

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Prevent password values from being sent via URL on submit.

Line 21 uses a bare <form>, which defaults to GET; submitting this form can expose password and confirmPassword in query params.

🔧 Suggested patch

-                <form>
+                <form method="post" onSubmit={(event) => event.preventDefault()}>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<form>
	<form method="post" onSubmit={(event) => event.preventDefault()}>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/registry/src/registry/new-york/blocks/next/sign-up/sign-up.tsx` at
line 21, The form currently uses the default GET submission which can leak
password and confirmPassword in the URL; update the <form> in the SignUp
component to use method="post" and remove any action that would cause a
full-page GET, or replace with a controlled onSubmit handler (e.g., handleSubmit
in the sign-up component) that calls event.preventDefault() and submits
credentials via a secure POST (fetch or form POST) so password fields are never
sent as query parameters; ensure the changed <form> element and any added
handleSubmit are used in the sign-up.tsx JSX.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Set explicit safe form submission behavior for password inputs.

Line 21 currently relies on default form behavior (GET), which can expose credentials in the URL when submitted.

🔧 Suggested patch

-                <form>
+                <form method="post" onSubmit={(event) => event.preventDefault()}>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<form>
	<form method="post" onSubmit={(event) => event.preventDefault()}>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/registry/src/registry/new-york/blocks/react-router/sign-up/sign-up.tsx`
at line 21, The <form> in sign-up.tsx currently uses the default GET behavior
which can expose credentials; update the form element in the SignUp component to
explicitly use a safe submission strategy by adding method="post" (and either an
explicit action or a JS onSubmit handler that calls event.preventDefault() and
securely handles the password submission via fetch/axios). Locate the <form> tag
in sign-up.tsx and change it to method="post" and implement a secure onSubmit
handler in the same component (e.g., handleSubmit) that prevents default
navigation and posts credentials over HTTPS.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid default GET submission for credential form fields.

Line 20 renders <form> without method/submit handling; default GET can leak password fields into URL/query logs.

🔧 Suggested patch

-                <form>
+                <form method="post" onSubmit={(event) => event.preventDefault()}>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<form>
	<form method="post" onSubmit={(event) => event.preventDefault()}>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/registry/src/registry/new-york/blocks/react/sign-up/sign-up.tsx` at
line 20, The form in the SignUp React component is rendered as a bare <form>
which defaults to GET and can leak credential fields; update the form element in
sign-up.tsx (the SignUp or SignUpForm component) to use method="post" and add an
onSubmit handler that calls event.preventDefault() and routes credentials to
your secure submit function (e.g., handleSubmit) instead of letting the browser
perform a default navigation/GET; ensure handleSubmit performs appropriate
client-side validation and uses your fetch/axios call to POST the data to the
server.