chore(clerk-js,shared): Support granular API keys settings

[wobsoriano]

Description

This PR refactors API keys settings to support granular per-user/per-org enablement and adds component-level visibility control via props.

Changes

1. Environment settings: API keys settings now control enablement per user/org

   "api_keys_settings": {
     "user_api_keys_enabled": true,
     "orgs_api_keys_enabled": true
   }

2. Component-level hide prop: Added a hide prop to apiKeysProps in UserProfileProps and OrganizationProfileProps:

   <UserProfile apiKeysProps={{ hide: true }} />
   <OrganizationProfile apiKeysProps={{ hide: true }} />

Visibility Logic

• UserProfile: API Keys page shows when user_api_keys_enabled is true AND apiKeysProps?.hide is not true
• OrganizationProfile: API Keys page shows when orgs_api_keys_enabled is true AND apiKeysProps?.hide is not true
• Standalone <APIKeys />: Controlled by user_api_keys_enabled or orgs_api_keys_enabled only

Tests

• Added unit tests for API Keys visibility with the hide prop
• Updated integration tests in to reflect the new settings structure

Resolves USER-3923

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features

  • Introduced granular API keys settings: User and Organization API keys can now be configured independently.
  • Added ability to hide API keys UI in User and Organization profiles via new hide property.

• Bug Fixes

  • Improved error messaging terminology for better clarity on API keys availability.

• Tests

  • Enhanced test coverage for API keys visibility across user and organization contexts.

[changeset-bot]

🦋 Changeset detected

Latest commit: f07c6d5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 22 packages

Name	Type
@clerk/clerk-js	Minor
@clerk/shared	Minor
@clerk/chrome-extension	Patch
@clerk/clerk-expo	Patch
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/elements	Patch
@clerk/expo-passkeys	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/clerk-react	Patch
@clerk/remix	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch
@clerk/themes	Patch
@clerk/types	Patch
@clerk/vue	Patch
@clerk/localizations	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Nov 10, 2025 9:19pm

[coderabbitai]

Walkthrough

This PR implements granular API keys settings by replacing the single enabled field in APIKeySettings with separate user_api_keys_enabled and orgs_api_keys_enabled flags. Component guards, error codes, warnings, and route rendering logic are refactored to enforce context-specific visibility rules. An optional hide prop is added to profile components for further customization.

Changes

Cohort / File(s)	Summary
Resource Definitions packages/shared/src/types/apiKeysSettings.ts, packages/clerk-js/src/core/resources/APIKeySettings.ts	Replaces single enabled: boolean field with user_api_keys_enabled and orgs_api_keys_enabled in both type definitions and class implementation; updates fromJSON and snapshot serialization.
Component Guards & Error Handling packages/clerk-js/src/utils/componentGuards.ts, packages/clerk-js/src/core/clerk.ts	Replaces disabledAPIKeysFeature and canViewOrManageAPIKeys guards with context-specific disabledUserAPIKeysFeature, disabledOrganizationAPIKeysFeature, and disabledAllAPIKeysFeatures; renames error codes from CANNOT_RENDER_API_KEYS_ORG_UNAUTHORIZED to CANNOT_RENDER_API_KEYS_ORG_DISABLED and CANNOT_RENDER_API_KEYS_USER_DISABLED.
Warning Messages packages/clerk-js/src/core/warnings.ts	Updates warning keys and messages: renames cannotRenderAPIKeysComponentForOrgWhenUnauthorized to cannotRenderAPIKeysComponentForOrgWhenDisabled and adds cannotRenderAPIKeysComponentForUserWhenDisabled; adjusts grammar for pluralization.
Route Rendering & Navigation packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx, packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx, packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx, packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx	Updates API Keys route visibility conditions from apiKeysSettings.enabled to context-specific flags (user_api_keys_enabled or orgs_api_keys_enabled) and filters routes based on optional apiKeysProps?.hide flag.
Custom Pages Configuration packages/clerk-js/src/ui/utils/createCustomPages.tsx	Updates API Keys visibility logic to use context-specific guards; removes canViewOrManageAPIKeys and disabledAPIKeysFeature imports.
Public Type Definitions packages/shared/src/types/clerk.ts	Extends UserProfileProps.apiKeysProps and OrganizationProfileProps.apiKeysProps to include optional hide?: boolean flag.
Tests packages/clerk-js/src/core/resources/__tests__/Environment.test.ts, packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx, packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx, integration/tests/machine-auth/component.test.ts	Adds test suites and helper utilities for API Keys visibility validation across UserProfile, OrganizationProfile, and standalone contexts under new environment-driven flags; introduces mockAPIKeysEnvironmentSettings test helper.
Changeset .changeset/serious-mugs-flash.md	Documents minor version bumps for @clerk/clerk-js and @clerk/shared with summary of granular API keys settings support.

Sequence Diagram

sequenceDiagram
    participant Component as UserProfile/OrganizationProfile
    participant Context as ProfileContext
    participant APIKeysRoutes as APIKeysRoutes
    participant Navbar as ProfileNavbar
    
    Component->>Context: Consume apiKeysProps & apiKeysSettings
    Component->>APIKeysRoutes: Render with settings/props
    
    alt Render API Keys Route
        APIKeysRoutes->>APIKeysRoutes: Check flag + !hide
        rect rgb(200, 220, 255)
            Note over APIKeysRoutes: user_api_keys_enabled<br/>or orgs_api_keys_enabled
        end
        APIKeysRoutes->>Component: Render route
    else Hide API Keys
        rect rgb(255, 220, 220)
            Note over APIKeysRoutes: Flag false or hide=true
        end
        APIKeysRoutes->>Component: Skip route
    end
    
    Component->>Navbar: Render navbar with filtered routes
    Navbar->>Navbar: Filter routes if hide=true
    Navbar->>Component: Render navigation

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Key areas requiring attention:
  • Guard logic refactoring in componentGuards.ts and clerk.ts: verify all context-specific gating logic is correct and complete
  • Type changes to apiKeysProps across UserProfileProps and OrganizationProfileProps: confirm backward compatibility and intended API surface
  • Route visibility conditions across four navbar/route files: ensure consistent application of the new flag + hide logic
  • Test coverage for both environment-driven visibility and programmatic hide flag across UserProfile, OrganizationProfile, and standalone contexts

Possibly related PRs

• feat(clerk-js,clerk-react,nextjs): Introduce <APIKeys /> AIO component #5858: Refactors API keys feature gating by splitting enabled into separate user/org flags, renaming guards and error codes, and updating routes to enforce context-specific visibility rules — directly related refactoring effort.

Suggested labels

types, feature

Suggested reviewers

• panteliselef
• brkalow

Poem

🐰 Hoppy refactoring, granular and true,
User and org keys now have their own view,
Hide flags and features split in just right,
API keys settings shining so bright! ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and concisely summarizes the main change: supporting granular API keys settings for user and organization profiles, which aligns with the primary objective of the changeset.
Linked Issues check	✅ Passed	The PR successfully implements granular API keys settings as required: separate user_api_keys_enabled and orgs_api_keys_enabled flags in environment, component-level visibility controls via apiKeysProps.hide prop, and updated guards and visibility logic throughout the codebase to support per-user and per-organization API keys control [USER-3923].
Out of Scope Changes check	✅ Passed	All changes are within scope: API keys settings refactoring, environment configuration updates, component visibility logic, tests for the new feature, and error code/warning message updates directly support the granular API keys settings objective with no extraneous modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch rob/user-3923-api-keys-updated-env

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7179

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7179

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7179

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7179

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7179

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7179

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@7179

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@7179

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7179

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7179

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7179

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7179

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7179

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7179

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@7179

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7179

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@7179

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7179

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7179

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7179

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@7179

@clerk/types

npm i https://pkg.pr.new/@clerk/types@7179

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7179

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7179

commit: f07c6d5

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 539fad7 and 5364fe8.

📒 Files selected for processing (7)

• packages/clerk-js/src/core/clerk.ts (2 hunks)
• packages/clerk-js/src/core/resources/APIKeySettings.ts (2 hunks)
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx (1 hunks)
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx (1 hunks)
• packages/clerk-js/src/ui/utils/createCustomPages.tsx (2 hunks)
• packages/clerk-js/src/utils/componentGuards.ts (1 hunks)
• packages/shared/src/types/apiKeysSettings.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (9)

packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should always be camelCase
Use element descriptors in UI components to enable consistent theming and styling via appearance.elements
Element descriptors should generate unique, stable CSS classes for theming
Element descriptors should handle state classes (e.g., cl-loading, cl-active, cl-error, cl-open) automatically based on component state
Do not render hard-coded values; all user-facing strings must be localized using provided localization methods
Use the useLocalizations hook and localizationKeys utility for all text and error messages
Use the styled system (sx prop, theme tokens, responsive values) for custom component styling
Use useCardState for card-level state, useFormState for form-level state, and useLoadingStatus for loading states
Always use handleError utility for API errors and use translateError for localized error messages
Use useFormControl for form field state, implement proper validation, and handle loading and error states in forms
Use localization keys for all form labels and placeholders
Use element descriptors for consistent styling and follow the theme token system
Use the Card and FormContainer patterns for consistent UI structure

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/ui/utils/createCustomPages.tsx

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/shared/src/types/apiKeysSettings.ts
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/shared/src/types/apiKeysSettings.ts
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/shared/src/types/apiKeysSettings.ts
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/shared/src/types/apiKeysSettings.ts
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/shared/src/types/apiKeysSettings.ts
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{jsx,tsx}: Use error boundaries in React components
Minimize re-renders in React components

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components: UserProfile, NavigationMenu
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Use useState for simple state management
Use useReducer for complex state logic
Implement proper state initialization
Use proper state updates with callbacks
Implement proper state cleanup
Use Context API for theme/authentication
Implement proper state selectors
Use proper state normalization
Implement proper state persistence
Use React.memo for expensive components
Implement proper useCallback for handlers
Use proper useMemo for expensive computations
Implement proper virtualization for lists
Use proper code splitting with React.lazy
Implement proper cleanup in useEffect
Use proper refs for DOM access
Implement proper event listener cleanup
Use proper abort controllers for fetch
Implement proper subscription cleanup
Use proper HTML elements
Implement proper ARIA attributes
Use proper heading hierarchy
Implement proper form labels
Use proper button types
Implement proper focus management
Use proper keyboard shortcuts
Implement proper tab order
Use proper skip links
Implement proper focus traps
Implement proper error boundaries
Use proper error logging
Implement proper error recovery
Use proper error messages
Implement proper error fallbacks
Use proper form validation
Implement proper error states
Use proper error messages
Implement proper form submission
Use proper form reset
Use proper component naming
Implement proper file naming
Use proper prop naming
Implement proper...

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/ui/utils/createCustomPages.tsx

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/shared/src/types/apiKeysSettings.ts
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.tsx: Use proper type definitions for props and state
Leverage TypeScript's type inference where possible
Use proper event types for handlers
Implement proper generic types for reusable components
Use proper type guards for conditional rendering

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/ui/utils/createCustomPages.tsx

🧬 Code graph analysis (3)

packages/clerk-js/src/core/resources/APIKeySettings.ts (2)

packages/shared/src/types/apiKeysSettings.ts (1)

• APIKeysSettingsJSON (5-11)

packages/shared/src/types/snapshots.ts (1)

• APIKeysSettingsJSONSnapshot (192-192)

packages/clerk-js/src/core/clerk.ts (1)

packages/clerk-js/src/utils/componentGuards.ts (2)

• disabledOrganizationAPIKeysStandaloneFeature (59-61)
• disabledUserAPIKeysStandaloneFeature (52-54)

packages/clerk-js/src/ui/utils/createCustomPages.tsx (2)

packages/react/src/isomorphicClerk.ts (1)

• organization (711-717)

packages/clerk-js/src/utils/componentGuards.ts (2)

• disabledOrganizationAPIKeysFeature (45-47)
• disabledUserAPIKeysFeature (41-43)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Build Packages
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (1)

packages/clerk-js/src/utils/componentGuards.ts (1)

49-61: LGTM! Well-documented standalone guards.

The standalone guards correctly check only the enablement flags without considering profile visibility, which is appropriate for standalone <APIKeys /> component usage. The JSDoc comments clearly explain the distinction from the profile-context guards.

The separation between profile guards (checking both enablement and visibility) and standalone guards (checking only enablement) provides the right level of granular control for different usage contexts.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/clerk-js/src/core/clerk.ts (1)

1238-1263: Don't block org API keys when only user keys are disabled.

With the new per-scope flags, it should be possible to disable user API keys while keeping organization API keys active. In org context (this.organization truthy) we still hit disabledUserAPIKeysFeature, so we short-circuit with the user-disabled error. The standalone <APIKeys/> can never mount for orgs when user keys are off, which breaks the main objective of this PR. Please gate the user-only check behind a !this.organization condition (or otherwise branch by context) so org flows keep working.

-    if (disabledUserAPIKeysFeature(this, this.environment)) {
+    if (!this.organization && disabledUserAPIKeysFeature(this, this.environment)) {
       if (this.#instanceType === 'development') {
         throw new ClerkRuntimeError(warnings.cannotRenderAPIKeysComponentForUserWhenDisabled, {
           code: CANNOT_RENDER_API_KEYS_USER_DISABLED_ERROR_CODE,
         });
       }
       return;
     }

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5364fe8 and c83dd6a.

📒 Files selected for processing (6)

• .changeset/serious-mugs-flash.md (1 hunks)
• integration/tests/machine-auth/component.test.ts (2 hunks)
• packages/clerk-js/src/core/clerk.ts (4 hunks)
• packages/clerk-js/src/core/warnings.ts (1 hunks)
• packages/clerk-js/src/ui/utils/createCustomPages.tsx (2 hunks)
• packages/clerk-js/src/utils/componentGuards.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (13)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/clerk-js/src/core/warnings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• integration/tests/machine-auth/component.test.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/clerk-js/src/core/warnings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• integration/tests/machine-auth/component.test.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/core/warnings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/clerk-js/src/core/warnings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/clerk-js/src/core/warnings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• integration/tests/machine-auth/component.test.ts

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/clerk-js/src/core/warnings.ts
• packages/clerk-js/src/core/clerk.ts
• packages/clerk-js/src/ui/utils/createCustomPages.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• integration/tests/machine-auth/component.test.ts

.changeset/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Automated releases must use Changesets.

Files:

• .changeset/serious-mugs-flash.md

packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should always be camelCase
Use element descriptors in UI components to enable consistent theming and styling via appearance.elements
Element descriptors should generate unique, stable CSS classes for theming
Element descriptors should handle state classes (e.g., cl-loading, cl-active, cl-error, cl-open) automatically based on component state
Do not render hard-coded values; all user-facing strings must be localized using provided localization methods
Use the useLocalizations hook and localizationKeys utility for all text and error messages
Use the styled system (sx prop, theme tokens, responsive values) for custom component styling
Use useCardState for card-level state, useFormState for form-level state, and useLoadingStatus for loading states
Always use handleError utility for API errors and use translateError for localized error messages
Use useFormControl for form field state, implement proper validation, and handle loading and error states in forms
Use localization keys for all form labels and placeholders
Use element descriptors for consistent styling and follow the theme token system
Use the Card and FormContainer patterns for consistent UI structure

Files:

• packages/clerk-js/src/ui/utils/createCustomPages.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{jsx,tsx}: Use error boundaries in React components
Minimize re-renders in React components

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components: UserProfile, NavigationMenu
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Use useState for simple state management
Use useReducer for complex state logic
Implement proper state initialization
Use proper state updates with callbacks
Implement proper state cleanup
Use Context API for theme/authentication
Implement proper state selectors
Use proper state normalization
Implement proper state persistence
Use React.memo for expensive components
Implement proper useCallback for handlers
Use proper useMemo for expensive computations
Implement proper virtualization for lists
Use proper code splitting with React.lazy
Implement proper cleanup in useEffect
Use proper refs for DOM access
Implement proper event listener cleanup
Use proper abort controllers for fetch
Implement proper subscription cleanup
Use proper HTML elements
Implement proper ARIA attributes
Use proper heading hierarchy
Implement proper form labels
Use proper button types
Implement proper focus management
Use proper keyboard shortcuts
Implement proper tab order
Use proper skip links
Implement proper focus traps
Implement proper error boundaries
Use proper error logging
Implement proper error recovery
Use proper error messages
Implement proper error fallbacks
Use proper form validation
Implement proper error states
Use proper error messages
Implement proper form submission
Use proper form reset
Use proper component naming
Implement proper file naming
Use proper prop naming
Implement proper...

Files:

• packages/clerk-js/src/ui/utils/createCustomPages.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.tsx: Use proper type definitions for props and state
Leverage TypeScript's type inference where possible
Use proper event types for handlers
Implement proper generic types for reusable components
Use proper type guards for conditional rendering

Files:

• packages/clerk-js/src/ui/utils/createCustomPages.tsx

integration/**

📄 CodeRabbit inference engine (.cursor/rules/global.mdc)

Framework integration templates and E2E tests should be placed under the integration/ directory

Files:

• integration/tests/machine-auth/component.test.ts

integration/**/*

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

End-to-end tests and integration templates must be located in the 'integration/' directory.

Files:

• integration/tests/machine-auth/component.test.ts

integration/**/*.{test,spec}.{js,ts}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Integration tests should use Playwright.

Files:

• integration/tests/machine-auth/component.test.ts

🧬 Code graph analysis (3)

packages/clerk-js/src/core/clerk.ts (1)

packages/clerk-js/src/utils/componentGuards.ts (3)

• disabledAllAPIKeysFeatures (45-47)
• disabledOrganizationAPIKeysFeature (41-43)
• disabledUserAPIKeysFeature (37-39)

packages/clerk-js/src/ui/utils/createCustomPages.tsx (2)

packages/react/src/isomorphicClerk.ts (1)

• organization (711-717)

packages/clerk-js/src/utils/componentGuards.ts (2)

• disabledOrganizationProfileAPIKeysFeature (53-55)
• disabledUserProfileAPIKeysFeature (49-51)

integration/tests/machine-auth/component.test.ts (2)

integration/templates/next-app-router/src/app/api-keys/page.tsx (1)

• Page (3-5)

integration/testUtils/index.ts (1)

• createTestUtils (24-86)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (25)

• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 14)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (expo-web, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (elements, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Static analysis
• GitHub Check: Unit Tests (22, **)

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/clerk-js/src/core/resources/__tests__/Environment.test.ts (1)

10-14: Update test expectations to match the new API shape.

This test still expects the old enabled field, which is inconsistent with the refactoring to four granular fields (user_api_keys_enabled, show_in_user_profile, orgs_api_keys_enabled, show_in_org_profile) shown elsewhere in this file (lines 56-59, 584-587).

Apply this diff to align with the new API shape:

     expect(environment).toMatchObject({
       apiKeysSettings: expect.objectContaining({
-        enabled: false,
+        orgsApiKeysEnabled: false,
+        showInOrgProfile: false,
+        showInUserProfile: false,
+        userApiKeysEnabled: false,
         pathRoot: '',
       }),
       authConfig: expect.objectContaining({

🧹 Nitpick comments (3)

integration/tests/machine-auth/component.test.ts (3)

8-32: Consider adding error handling to the mock helper.

The mockAPIKeysEnvironmentSettings function doesn't handle potential failures in route.fetch() or response.json(). If the API call fails or returns unexpected data, tests will fail with unclear error messages.

Consider wrapping the route handler in a try-catch:

 const mockAPIKeysEnvironmentSettings = async (
   page: Page,
   overrides: Partial<{
     user_api_keys_enabled: boolean;
     show_in_user_profile: boolean;
     orgs_api_keys_enabled: boolean;
     show_in_org_profile: boolean;
   }>,
 ) => {
   await page.route('*/**/v1/environment*', async route => {
+    try {
       const response = await route.fetch();
       const json = await response.json();
       const newJson = {
         ...json,
         api_keys_settings: {
           user_api_keys_enabled: true,
           show_in_user_profile: true,
           orgs_api_keys_enabled: true,
           show_in_org_profile: true,
           ...overrides,
         },
       };
       await route.fulfill({ response, json: newJson });
+    } catch (error) {
+      console.error('Failed to mock API keys environment settings:', error);
+      await route.continue();
+    }
   });
 };

---

274-299: Add explicit wait after navigating to organization profile.

The test navigates to /organization-profile (line 284) and immediately navigates to the hash route without waiting for the profile to mount. This could cause race conditions if the profile component hasn't fully initialized.

Add a wait after the initial navigation:

   // orgs_api_keys_enabled: false should hide API keys page
   await mockAPIKeysEnvironmentSettings(u.page, { orgs_api_keys_enabled: false });
   await u.po.page.goToRelative('/organization-profile');
+  await u.po.organizationProfile.waitForMounted();
   await u.po.page.goToRelative('/organization-profile#/organization-api-keys');
   await expect(u.page.locator('.cl-apiKeys')).toBeHidden({ timeout: 2000 });

Apply the same pattern to the other scenarios in this test as well.

---

301-328: Clean up the request listener after the test.

The request listener attached at line 313 is never removed, which could cause it to fire during subsequent tests if they share the same page context, potentially leading to flaky test results or false positives.

Store the listener function and remove it after use:

   // user_api_keys_enabled: false should prevent standalone component from rendering
   await mockAPIKeysEnvironmentSettings(u.page, { user_api_keys_enabled: false });

   let apiKeysRequestWasMade = false;
-  u.page.on('request', request => {
+  const requestListener = (request) => {
     if (request.url().includes('/api_keys')) {
       apiKeysRequestWasMade = true;
     }
-  });
+  };
+  u.page.on('request', requestListener);

   await u.po.page.goToRelative('/api-keys');
   await expect(u.page.locator('.cl-apiKeys-root')).toBeHidden({ timeout: 1000 });
   expect(apiKeysRequestWasMade).toBe(false);
+  u.page.off('request', requestListener);

   // user_api_keys_enabled: true should allow standalone component to render
   await mockAPIKeysEnvironmentSettings(u.page, { user_api_keys_enabled: true });
   await page.reload();
   await u.po.apiKeys.waitForMounted();
   await expect(u.page.locator('.cl-apiKeys-root')).toBeVisible();

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 09a6496 and 89f2908.

📒 Files selected for processing (2)

• integration/tests/machine-auth/component.test.ts (2 hunks)
• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• integration/tests/machine-auth/component.test.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• integration/tests/machine-auth/component.test.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• integration/tests/machine-auth/component.test.ts

packages/**/*.{test,spec}.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Unit tests should use Jest or Vitest as the test runner.

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts

packages/{clerk-js,elements,themes}/**/*.{test,spec}.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Visual regression testing should be performed for UI components.

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• integration/tests/machine-auth/component.test.ts

**/__tests__/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/__tests__/**/*.{ts,tsx}: Create type-safe test builders/factories
Use branded types for test isolation
Implement proper mock types that match interfaces

Files:

• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts

integration/**

📄 CodeRabbit inference engine (.cursor/rules/global.mdc)

Framework integration templates and E2E tests should be placed under the integration/ directory

Files:

• integration/tests/machine-auth/component.test.ts

integration/**/*

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

End-to-end tests and integration templates must be located in the 'integration/' directory.

Files:

• integration/tests/machine-auth/component.test.ts

integration/**/*.{test,spec}.{js,ts}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Integration tests should use Playwright.

Files:

• integration/tests/machine-auth/component.test.ts

🧬 Code graph analysis (1)

integration/tests/machine-auth/component.test.ts (2)

integration/templates/next-app-router/src/app/api-keys/page.tsx (1)

• Page (3-5)

integration/testUtils/index.ts (1)

• createTestUtils (24-86)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (29)

• GitHub Check: Integration Tests (expo-web, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 14)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (elements, chrome)
• GitHub Check: Static analysis
• GitHub Check: Publish with pkg-pr-new
• GitHub Check: Unit Tests (22, **)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (3)

packages/clerk-js/src/core/resources/__tests__/Environment.test.ts (2)

56-59: LGTM! Correctly implements the new API shape.

The test input now properly uses the four granular API keys settings fields.

---

584-587: LGTM! Snapshot expectations correctly reflect the new API shape.

The __internal_toSnapshot() test now properly expects the four granular API keys settings fields.

integration/tests/machine-auth/component.test.ts (1)

244-272: LGTM! Well-structured visibility test.

The test correctly validates UserProfile API keys page visibility based on both user_api_keys_enabled and show_in_user_profile flags, covering all three scenarios: disabled enabled flag, disabled visibility flag, and both enabled.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 89f2908 and 8fcd816.

📒 Files selected for processing (11)

• integration/tests/machine-auth/component.test.ts (2 hunks)
• packages/clerk-js/src/core/resources/APIKeySettings.ts (2 hunks)
• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts (3 hunks)
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx (2 hunks)
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx (1 hunks)
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx (2 hunks)
• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx (1 hunks)
• packages/clerk-js/src/ui/utils/createCustomPages.tsx (2 hunks)
• packages/clerk-js/src/utils/componentGuards.ts (1 hunks)
• packages/shared/src/types/apiKeysSettings.ts (1 hunks)
• packages/shared/src/types/clerk.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• packages/shared/src/types/apiKeysSettings.ts
• packages/clerk-js/src/ui/components/UserProfile/UserProfileRoutes.tsx
• packages/clerk-js/src/ui/utils/createCustomPages.tsx

🧰 Additional context used

📓 Path-based instructions (11)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• integration/tests/machine-auth/component.test.ts
• packages/shared/src/types/clerk.ts
• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• integration/tests/machine-auth/component.test.ts
• packages/shared/src/types/clerk.ts
• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• integration/tests/machine-auth/component.test.ts
• packages/shared/src/types/clerk.ts
• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts

integration/**

📄 CodeRabbit inference engine (.cursor/rules/global.mdc)

Framework integration templates and E2E tests should be placed under the integration/ directory

Files:

• integration/tests/machine-auth/component.test.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/shared/src/types/clerk.ts
• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/shared/src/types/clerk.ts
• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/utils/componentGuards.ts
• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx
• packages/clerk-js/src/core/resources/APIKeySettings.ts

packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should always be camelCase
Use element descriptors in UI components to enable consistent theming and styling via appearance.elements
Element descriptors should generate unique, stable CSS classes for theming
Element descriptors should handle state classes (e.g., cl-loading, cl-active, cl-error, cl-open) automatically based on component state
Do not render hard-coded values; all user-facing strings must be localized using provided localization methods
Use the useLocalizations hook and localizationKeys utility for all text and error messages
Use the styled system (sx prop, theme tokens, responsive values) for custom component styling
Use useCardState for card-level state, useFormState for form-level state, and useLoadingStatus for loading states
Always use handleError utility for API errors and use translateError for localized error messages
Use useFormControl for form field state, implement proper validation, and handle loading and error states in forms
Use localization keys for all form labels and placeholders
Use element descriptors for consistent styling and follow the theme token system
Use the Card and FormContainer patterns for consistent UI structure

Files:

• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{jsx,tsx}: Use error boundaries in React components
Minimize re-renders in React components

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components: UserProfile, NavigationMenu
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Use useState for simple state management
Use useReducer for complex state logic
Implement proper state initialization
Use proper state updates with callbacks
Implement proper state cleanup
Use Context API for theme/authentication
Implement proper state selectors
Use proper state normalization
Implement proper state persistence
Use React.memo for expensive components
Implement proper useCallback for handlers
Use proper useMemo for expensive computations
Implement proper virtualization for lists
Use proper code splitting with React.lazy
Implement proper cleanup in useEffect
Use proper refs for DOM access
Implement proper event listener cleanup
Use proper abort controllers for fetch
Implement proper subscription cleanup
Use proper HTML elements
Implement proper ARIA attributes
Use proper heading hierarchy
Implement proper form labels
Use proper button types
Implement proper focus management
Use proper keyboard shortcuts
Implement proper tab order
Use proper skip links
Implement proper focus traps
Implement proper error boundaries
Use proper error logging
Implement proper error recovery
Use proper error messages
Implement proper error fallbacks
Use proper form validation
Implement proper error states
Use proper error messages
Implement proper form submission
Use proper form reset
Use proper component naming
Implement proper file naming
Use proper prop naming
Implement proper...

Files:

• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.tsx: Use proper type definitions for props and state
Leverage TypeScript's type inference where possible
Use proper event types for handlers
Implement proper generic types for reusable components
Use proper type guards for conditional rendering

Files:

• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx

**/*.test.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.test.{jsx,tsx}: Use React Testing Library
Test component behavior, not implementation
Use proper test queries
Implement proper test isolation
Use proper test coverage
Test component interactions
Use proper test data
Implement proper test setup
Use proper test cleanup
Implement proper test assertions
Use proper test structure

Files:

• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx

**/__tests__/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/__tests__/**/*.{ts,tsx}: Create type-safe test builders/factories
Use branded types for test isolation
Implement proper mock types that match interfaces

Files:

• packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx
• packages/clerk-js/src/core/resources/__tests__/Environment.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx

🧬 Code graph analysis (4)

integration/tests/machine-auth/component.test.ts (1)

integration/testUtils/index.ts (1)

• createTestUtils (24-86)

packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx (1)

packages/clerk-js/src/ui/contexts/components/OrganizationProfile.ts (1)

• useOrganizationProfileContext (33-86)

packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx (1)

packages/clerk-js/src/ui/components/OrganizationProfile/index.tsx (1)

• OrganizationProfile (58-58)

packages/clerk-js/src/core/resources/APIKeySettings.ts (2)

packages/shared/src/types/apiKeysSettings.ts (1)

• APIKeysSettingsJSON (5-8)

packages/shared/src/types/snapshots.ts (1)

• APIKeysSettingsJSONSnapshot (192-192)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build Packages
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (9)

packages/clerk-js/src/core/resources/__tests__/Environment.test.ts (1)

12-13: LGTM! Test data correctly updated for new API keys settings structure.

The test fixtures and expectations have been updated to use the new granular orgs_api_keys_enabled and user_api_keys_enabled fields instead of the single enabled flag. The changes are consistent across all test cases.

Also applies to: 57-58, 583-584

packages/clerk-js/src/ui/components/UserProfile/__tests__/UserProfile.test.tsx (1)

245-294: LGTM! Comprehensive test coverage for API Keys visibility.

The new test suite properly validates all combinations of the user_api_keys_enabled environment flag and the hide prop:

• Environment flag disabled: hides API keys regardless of hide prop
• Environment flag enabled + hide=false: shows API keys
• Environment flag enabled + hide not set: shows API keys (default behavior)
• hide=true: hides API keys regardless of environment flag

packages/shared/src/types/clerk.ts (1)

1567-1574: LGTM! Type definitions correctly extended with hide flag.

The apiKeysProps type has been properly extended for both UserProfileProps and OrganizationProfileProps with an optional hide flag. The JSDoc documentation clearly explains the flag's purpose and default behavior.

Also applies to: 1610-1617

packages/clerk-js/src/ui/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx (1)

382-465: LGTM! Comprehensive test coverage for organization API Keys visibility.

The new test suite validates all combinations of the orgs_api_keys_enabled environment flag and the hide prop, parallel to the UserProfile tests. The tests correctly:

• Set up users with the required org:sys_api_keys:read permission
• Test environment flag + hide prop interactions
• Verify UI rendering behavior with appropriate assertions

packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileRoutes.tsx (1)

41-49: LGTM! Routing logic correctly updated for granular API keys control.

The changes properly implement the new visibility logic:

• Line 48: Extracts apiKeysProps from context
• Line 127: Updates the rendering condition to check both orgs_api_keys_enabled (environment flag) and !apiKeysProps?.hide (component prop)

The implementation correctly uses optional chaining to handle undefined apiKeysProps and maintains the existing permission checks.

Also applies to: 127-143

packages/clerk-js/src/core/resources/APIKeySettings.ts (1)

9-10: LGTM! API key settings correctly refactored to granular flags.

The implementation properly replaces the single enabled flag with separate user_api_keys_enabled and orgs_api_keys_enabled fields. The changes are consistent across:

• Field declarations (lines 9-10) with appropriate default values
• JSON deserialization (lines 23-24)
• Snapshot serialization (lines 31-32)

Also applies to: 23-24, 31-32

integration/tests/machine-auth/component.test.ts (2)

8-28: LGTM! Well-designed environment mocking helper.

The mockAPIKeysEnvironmentSettings helper provides a clean way to override API keys settings for testing. It properly:

• Intercepts environment API calls
• Preserves existing response data
• Merges in test-specific overrides
• Uses proper async/await patterns

---

240-282: LGTM! Comprehensive visibility tests for profile components.

The tests properly validate that:

• UserProfile respects user_api_keys_enabled flag
• OrganizationProfile respects orgs_api_keys_enabled flag
• Page reloads correctly apply new environment settings
• UI visibility changes match expected behavior

packages/clerk-js/src/utils/componentGuards.ts (1)

37-47: LGTM! Component guards correctly refactored for granular control.

The implementation properly replaces the single API keys guard with three specialized guards:

• disabledUserAPIKeysFeature: Checks user_api_keys_enabled
• disabledOrganizationAPIKeysFeature: Checks orgs_api_keys_enabled
• disabledAllAPIKeysFeatures: Combines both checks

The guards follow the established pattern and correctly use optional chaining to handle potentially undefined environment settings.

Based on learnings.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx (1)

16-16: Consolidate the duplicate hook call.

useOrganizationProfileContext() is called twice (lines 16 and 32) to destructure different properties. This is inefficient and should be consolidated into a single call.

Apply this diff to combine the destructuring:

-  const { pages } = useOrganizationProfileContext();
+  const { pages, apiKeysProps } = useOrganizationProfileContext();

   const allowMembersRoute = useProtect(
     has =>
       has({
         permission: 'org:sys_memberships:read',
       }) || has({ permission: 'org:sys_memberships:manage' }),
   );

   const allowBillingRoutes = useProtect(
     has =>
       has({
         permission: 'org:sys_billing:read',
       }) || has({ permission: 'org:sys_billing:manage' }),
   );

-  const { apiKeysProps } = useOrganizationProfileContext();
-
   const routes = pages.routes

Also applies to: 32-33

🧹 Nitpick comments (3)

packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx (2)

5-5: Consider extracting the API Keys route filtering logic to reduce duplication.

The filtering pattern r.id !== USER_PROFILE_NAVBAR_ROUTE_ID.API_KEYS || !apiKeysProps?.hide is duplicated in OrganizationProfileNavbar.tsx (line 45). Extracting this to a shared utility function would improve maintainability and ensure consistent behavior across both components.

Example implementation in a shared utilities file:

// utils/routeFilters.ts
export const filterApiKeysRoute = <T extends { id: string }>(
  routes: T[],
  apiKeysRouteId: string,
  shouldHide: boolean | undefined
): T[] => {
  return routes.filter(r => r.id !== apiKeysRouteId || !shouldHide);
};

Then use it in both navbar components:

-const routes = pages.routes.filter(r => r.id !== USER_PROFILE_NAVBAR_ROUTE_ID.API_KEYS || !apiKeysProps?.hide);
+const routes = filterApiKeysRoute(pages.routes, USER_PROFILE_NAVBAR_ROUTE_ID.API_KEYS, apiKeysProps?.hide);

Also applies to: 13-15, 22-22

---

15-15: Consider clarifying the filter predicate for readability.

The condition r.id !== USER_PROFILE_NAVBAR_ROUTE_ID.API_KEYS || !apiKeysProps?.hide uses double negation which requires careful parsing. A comment explaining the logic would improve readability.

+// Keep all non-API-Keys routes, and keep API-Keys route only when not explicitly hidden
 const routes = pages.routes.filter(r => r.id !== USER_PROFILE_NAVBAR_ROUTE_ID.API_KEYS || !apiKeysProps?.hide);

packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx (1)

34-45: Consider refactoring the filter chain for improved readability.

The three chained .filter() calls are becoming verbose. While functionally correct, extracting the filter predicates into named functions or using intermediate variables could improve readability and maintainability.

Example approach:

const shouldShowMembersRoute = (r: NavbarRoute) =>
  r.id !== ORGANIZATION_PROFILE_NAVBAR_ROUTE_ID.MEMBERS || allowMembersRoute;

const shouldShowBillingRoute = (r: NavbarRoute) =>
  r.id !== ORGANIZATION_PROFILE_NAVBAR_ROUTE_ID.BILLING || allowBillingRoutes;

const shouldShowApiKeysRoute = (r: NavbarRoute) =>
  r.id !== ORGANIZATION_PROFILE_NAVBAR_ROUTE_ID.API_KEYS || !apiKeysProps?.hide;

const routes = pages.routes
  .filter(shouldShowMembersRoute)
  .filter(shouldShowBillingRoute)
  .filter(shouldShowApiKeysRoute);

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8fcd816 and 396464f.

📒 Files selected for processing (2)

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx (2 hunks)
• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (8)

packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should always be camelCase
Use element descriptors in UI components to enable consistent theming and styling via appearance.elements
Element descriptors should generate unique, stable CSS classes for theming
Element descriptors should handle state classes (e.g., cl-loading, cl-active, cl-error, cl-open) automatically based on component state
Do not render hard-coded values; all user-facing strings must be localized using provided localization methods
Use the useLocalizations hook and localizationKeys utility for all text and error messages
Use the styled system (sx prop, theme tokens, responsive values) for custom component styling
Use useCardState for card-level state, useFormState for form-level state, and useLoadingStatus for loading states
Always use handleError utility for API errors and use translateError for localized error messages
Use useFormControl for form field state, implement proper validation, and handle loading and error states in forms
Use localization keys for all form labels and placeholders
Use element descriptors for consistent styling and follow the theme token system
Use the Card and FormContainer patterns for consistent UI structure

Files:

• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{jsx,tsx}: Use error boundaries in React components
Minimize re-renders in React components

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components: UserProfile, NavigationMenu
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Use useState for simple state management
Use useReducer for complex state logic
Implement proper state initialization
Use proper state updates with callbacks
Implement proper state cleanup
Use Context API for theme/authentication
Implement proper state selectors
Use proper state normalization
Implement proper state persistence
Use React.memo for expensive components
Implement proper useCallback for handlers
Use proper useMemo for expensive computations
Implement proper virtualization for lists
Use proper code splitting with React.lazy
Implement proper cleanup in useEffect
Use proper refs for DOM access
Implement proper event listener cleanup
Use proper abort controllers for fetch
Implement proper subscription cleanup
Use proper HTML elements
Implement proper ARIA attributes
Use proper heading hierarchy
Implement proper form labels
Use proper button types
Implement proper focus management
Use proper keyboard shortcuts
Implement proper tab order
Use proper skip links
Implement proper focus traps
Implement proper error boundaries
Use proper error logging
Implement proper error recovery
Use proper error messages
Implement proper error fallbacks
Use proper form validation
Implement proper error states
Use proper error messages
Implement proper form submission
Use proper form reset
Use proper component naming
Implement proper file naming
Use proper prop naming
Implement proper...

Files:

• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.tsx: Use proper type definitions for props and state
Leverage TypeScript's type inference where possible
Use proper event types for handlers
Implement proper generic types for reusable components
Use proper type guards for conditional rendering

Files:

• packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx

🧬 Code graph analysis (2)

packages/clerk-js/src/ui/components/UserProfile/UserProfileNavbar.tsx (3)

packages/clerk-js/src/ui/elements/Navbar.tsx (1)

• NavBar (53-140)

packages/clerk-js/src/ui/contexts/components/UserProfile.ts (1)

• useUserProfileContext (30-83)

packages/clerk-js/src/ui/constants.ts (1)

• USER_PROFILE_NAVBAR_ROUTE_ID (1-6)

packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationProfileNavbar.tsx (2)

packages/clerk-js/src/ui/contexts/components/OrganizationProfile.ts (1)

• useOrganizationProfileContext (33-86)

packages/clerk-js/src/ui/constants.ts (1)

• ORGANIZATION_PROFILE_NAVBAR_ROUTE_ID (8-13)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1f08843 and 3742a8a.

📒 Files selected for processing (2)

• integration/tests/machine-auth/component.test.ts (2 hunks)
• package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• integration/tests/machine-auth/component.test.ts

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build Packages
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3742a8a and f07c6d5.

📒 Files selected for processing (1)

• integration/tests/machine-auth/component.test.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• integration/tests/machine-auth/component.test.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• integration/tests/machine-auth/component.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• integration/tests/machine-auth/component.test.ts

integration/**

📄 CodeRabbit inference engine (.cursor/rules/global.mdc)

Framework integration templates and E2E tests should be placed under the integration/ directory

Files:

• integration/tests/machine-auth/component.test.ts

🧬 Code graph analysis (1)

integration/tests/machine-auth/component.test.ts (2)

integration/templates/next-app-router/src/app/api-keys/page.tsx (1)

• Page (3-5)

integration/testUtils/index.ts (1)

• createTestUtils (24-86)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (30)

• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 14)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (elements, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (expo-web, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Publish with pkg-pr-new
• GitHub Check: Static analysis
• GitHub Check: Unit Tests (22, **)
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (1)

integration/tests/machine-auth/component.test.ts (1)

318-346: Ensure the standalone org context test explicitly establishes organization context.

The verification reveals a significant ambiguity: both standalone tests (lines 288–316 and 318–346) navigate to the identical /api-keys route, differentiated only by environment flags (user_api_keys_enabled vs orgs_api_keys_enabled). In contrast, the profile-based tests explicitly navigate to different URL paths (/user#/api-keys vs /organization-profile#/organization-api-keys), making context unambiguous.

While fakeAdmin is created with organization membership in test.beforeAll (line 43), the org context test does not explicitly switch to or activate that organization context before navigating to /api-keys. Without visible context establishment (e.g., organization selection or URL path that indicates org scope), it's unclear how the standalone component determines whether to check user_api_keys_enabled or orgs_api_keys_enabled when both flags are present in the environment settings.

Consider adding explicit org context establishment (similar to how profile tests navigate to /organization-profile) or clarify the mechanism by which the standalone component auto-detects and uses organization context from the current session.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Add explicit return type and JSDoc documentation.

Per coding guidelines, functions should have explicit return types and public/shared functions should have JSDoc documentation.

Apply this diff:

+/**
+ * Mocks the environment settings API response to override API keys settings.
+ * @param page - Playwright page instance
+ * @param overrides - Partial overrides for user_api_keys_enabled and orgs_api_keys_enabled
+ */
 const mockAPIKeysEnvironmentSettings = async (
   page: Page,
   overrides: Partial<{
     user_api_keys_enabled: boolean;
     orgs_api_keys_enabled: boolean;
   }>,
-) => {
+): Promise<void> => {
   await page.route('*/**/v1/environment*', async route => {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const mockAPIKeysEnvironmentSettings = async (
	page: Page,
	overrides: Partial<{
	user_api_keys_enabled: boolean;
	orgs_api_keys_enabled: boolean;
	}>,
	) => {
	await page.route('*/**/v1/environment*', async route => {
	const response = await route.fetch();
	const json = await response.json();
	const newJson = {
	...json,
	api_keys_settings: {
	user_api_keys_enabled: true,
	orgs_api_keys_enabled: true,
	...overrides,
	},
	};
	await route.fulfill({ response, json: newJson });
	});
	};
	/**
	* Mocks the environment settings API response to override API keys settings.
	* @param page - Playwright page instance
	* @param overrides - Partial overrides for user_api_keys_enabled and orgs_api_keys_enabled
	*/
	const mockAPIKeysEnvironmentSettings = async (
	page: Page,
	overrides: Partial<{
	user_api_keys_enabled: boolean;
	orgs_api_keys_enabled: boolean;
	}>,
	): Promise<void> => {
	await page.route('*/**/v1/environment*', async route => {
	const response = await route.fetch();
	const json = await response.json();
	const newJson = {
	...json,
	api_keys_settings: {
	user_api_keys_enabled: true,
	orgs_api_keys_enabled: true,
	...overrides,
	},
	};
	await route.fulfill({ response, json: newJson });
	});
	};

🤖 Prompt for AI Agents

In integration/tests/machine-auth/component.test.ts around lines 8 to 28, the
helper function mockAPIKeysEnvironmentSettings is missing an explicit return
type and JSDoc; add a concise JSDoc block above the function describing its
purpose, parameters (page: Page, overrides: Partial<{ user_api_keys_enabled:
boolean; orgs_api_keys_enabled: boolean; }>), and behavior, and update the
function signature to include an explicit return type of Promise<void>. Ensure
the JSDoc uses standard tags (@param, @returns) and the signature remains
consistent with the existing usage.