fix(shared): Explicitly pass subject parameter to API keys fetcher hook

[wobsoriano]

Description

Fixes an issue where the subject parameter was not being passed to the clerk.apiKeys.getAll() fetcher in the useAPIKeys hook. This causes <UserProfile /> API keys page to load organization api keys when an org is active.

The bug was introduced in #7270 when hooks were migrated in @clerk/shared. The subject was placed in the tracked object of createCacheKeys, which caused getDifferentKeys to strip it from the request parameters before reaching the fetcher.

This PR keeps the subject in tracked for proper cache scoping, and explicitly pass it in the fetcher. This ensures:

1. Cache invalidation is scoped per subject (different subjects don't cascade)
2. The subject parameter reaches the API

Added integration test to verify UserProfile uses user ID as subject even when an organization is active

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Tests

  • Added tests to verify user profile API keys are always scoped to the user (not the organization).

• Bug Fixes

  • Prevented organization API keys from appearing in a user's API keys view by ensuring API requests include the correct subject.

• Chores

  • Added UI navigation support for the API Keys tab in user profile flows.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 8aa2d9b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 22 packages

Name	Type
@clerk/shared	Patch
@clerk/testing	Patch
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/chrome-extension	Patch
@clerk/clerk-js	Patch
@clerk/elements	Patch
@clerk/expo-passkeys	Patch
@clerk/clerk-expo	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/clerk-react	Patch
@clerk/remix	Patch
@clerk/tanstack-react-start	Patch
@clerk/themes	Patch
@clerk/types	Patch
@clerk/vue	Patch
@clerk/localizations	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Dec 2, 2025 7:02pm

[coderabbitai]

Walkthrough

Adds two integration tests verifying API key subject selection, adds a user-profile page-object method to switch to the API Keys tab, and updates useAPIKeys hooks to forward the user subject into clerk.apiKeys.getAll.

Changes

Cohort / File(s)	Summary
Tests integration/tests/machine-auth/component.test.ts	Added two tests that intercept /api_keys* requests, capture the subject query parameter, navigate to UserProfile → API Keys, and assert the subject equals the admin user ID (not the organization ID).
Page object packages/testing/src/playwright/unstable/page-objects/userProfile.ts	Added switchToAPIKeysTab() method which clicks the "API keys" tab in the user profile page object.
API keys hooks packages/shared/src/react/hooks/useAPIKeys.rq.tsx, packages/shared/src/react/hooks/useAPIKeys.swr.tsx	Fetcher now forwards subject into clerk.apiKeys.getAll by calling with { ...params, subject: safeValues.subject } instead of passing params unchanged. No public API signatures changed.
Changeset .changeset/friendly-adults-bathe.md	Added changeset with patch bumps for @clerk/shared and @clerk/testing and a fix note about organization API keys showing in UserProfile.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review useAPIKeys.rq.tsx and useAPIKeys.swr.tsx to confirm subject injection aligns with API expectations and does not break caching/pagination keys.
• Verify the new tests reliably intercept and read the subject param and clean up route handlers.
• Ensure switchToAPIKeysTab() selector is resilient to localization or UI text changes.

"I hopped the DOM and chased a key,
Found subjects hiding where orgs used to be.
I clicked a tab, I ran a test,
Now users' keys are set to their best. 🥕🐇"

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main fix: explicitly passing the subject parameter to the API keys fetcher hook in the shared package to resolve the bug.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch rob/user-4131-api-keys

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7344

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7344

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7344

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7344

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7344

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7344

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@7344

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@7344

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7344

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7344

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7344

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7344

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7344

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7344

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@7344

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7344

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@7344

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7344

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7344

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7344

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@7344

@clerk/types

npm i https://pkg.pr.new/@clerk/types@7344

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7344

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7344

commit: 8aa2d9b

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

packages/shared/src/types/clerk.ts (1)

2004-2007: Internal subject on APIKeysProps is type‑correct but slightly leaky

The new subject?: string field aligns with context usage, but it now appears on a public props type. If this is truly internal, consider either:

• Moving it to an internal context type instead of APIKeysProps, or
• Prefixing it (e.g. __internal_subject) and adding a short doc sentence explaining it is not for app developers.

This would reduce the chance of external code relying on it.

As per coding guidelines, keeping the public API surface minimal and clearly documented helps avoid accidental reliance on internal fields.

packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx (1)

31-36: UserProfile now correctly forces user ID as subject

Passing subject: user.id through context ensures the user’s ID is authoritative for user‑profile API keys, even when an organization is active. That matches the intended behavior and permission checks.

For consistency with OrganizationAPIKeysPage, you might optionally reorder the value to:

-      <APIKeysContext.Provider value={{ componentName: 'APIKeys', ...apiKeysProps, subject: user.id }}>
+      <APIKeysContext.Provider value={{ ...apiKeysProps, componentName: 'APIKeys', subject: user.id }}>

so internal fields always override any matching keys on apiKeysProps.

packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx (1)

245-258: Context‑first subject resolution matches the new contract

Using ctx.subject ?? organizationCtx?.organization?.id ?? user?.id ?? '' correctly:

• Lets UserProfile/OrganizationProfile override via context,
• Falls back to active organization, then user,
• Keeps existing permission gating via isOrganizationId(subject) aligned with the actual subject.

You may optionally add a defensive assertion/log if subject ends up as '' (shouldn’t happen with withCoreUserGuard and an active org/user) to surface misconfigurations earlier.

As per coding guidelines, adding lightweight diagnostics around unexpected states can improve debuggability without changing behavior.

integration/tests/machine-auth/component.test.ts (1)

288-321: Avoid race by waiting for the API keys response before asserting capturedSubject

The new test correctly validates that UserProfile API keys use the user ID even with an active org, but there’s a timing risk: expect(capturedSubject) can run before the first /api_keys request completes and before the route handler assigns capturedSubject, leading to intermittent failures.

You can make this deterministic by waiting for the relevant response after switching to the API Keys tab:

     await u.po.userProfile.waitForMounted();
-    await u.po.userProfile.switchToAPIKeysTab();
-
-    // Verify the subject parameter is the user ID, not the organization ID
-    expect(capturedSubject).toBe(userId);
+    await u.po.userProfile.switchToAPIKeysTab();
+
+    // Ensure the API keys request has completed so capturedSubject is populated
+    await page.waitForResponse(
+      response => response.url().includes('/api_keys') && response.request().method() === 'GET',
+    );
+
+    // Verify the subject parameter is the user ID, not the organization ID
+    expect(capturedSubject).toBe(userId);
     expect(capturedSubject).not.toBe(fakeOrganization.organization.id);

This matches how other tests in this file synchronize on network events and should eliminate flakiness.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ce8b914 and 39149b7.

📒 Files selected for processing (6)

• integration/tests/machine-auth/component.test.ts (1 hunks)
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx (1 hunks)
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx (1 hunks)
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx (1 hunks)
• packages/shared/src/types/clerk.ts (1 hunks)
• packages/testing/src/playwright/unstable/page-objects/userProfile.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (13)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• integration/tests/machine-auth/component.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/testing/src/playwright/unstable/page-objects/userProfile.ts
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx
• packages/shared/src/types/clerk.ts

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• integration/tests/machine-auth/component.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/testing/src/playwright/unstable/page-objects/userProfile.ts
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx
• packages/shared/src/types/clerk.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias

Files:

• integration/tests/machine-auth/component.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/testing/src/playwright/unstable/page-objects/userProfile.ts
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx
• packages/shared/src/types/clerk.ts

**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{test,spec}.{ts,tsx,js,jsx}: Unit tests are required for all new functionality
Verify proper error handling and edge cases
Include tests for all new features

Files:

• integration/tests/machine-auth/component.test.ts

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• integration/tests/machine-auth/component.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/testing/src/playwright/unstable/page-objects/userProfile.ts
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx
• packages/shared/src/types/clerk.ts

**/*.{test,spec,e2e}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use real Clerk instances for integration tests

Files:

• integration/tests/machine-auth/component.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• integration/tests/machine-auth/component.test.ts
• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/testing/src/playwright/unstable/page-objects/userProfile.ts
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx
• packages/shared/src/types/clerk.ts

packages/clerk-js/src/ui/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/clerk-js-ui.mdc)

packages/clerk-js/src/ui/**/*.{ts,tsx}: Element descriptors should be written in camelCase
Use useCardState for card-level state management
Use useFormState for form-level state management
Use useLoadingStatus for managing loading states
Use useFormControl hook for form field state management with validation and localization support
All rendered values must be localized using useLocalizations hook - hard coded values are not allowed
Use localizationKeys for translating UI text with support for parameters and error messages
Use handleError utility for API error handling and provide field states for proper error mapping
Use the styled system sx prop with theme tokens for custom styling instead of inline styles
Use the Card component pattern with Card.Root, Card.Header, Card.Title, Card.Content, and Card.Footer for consistent card layouts
Use FormContainer with headerTitle and headerSubtitle localization keys combined with Form.Root and FormButtons for consistent form layouts
When form submission occurs, manage loading and error states by calling status.setLoading(), card.setLoading(), and card.setError() appropriately

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx

packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/testing/src/playwright/unstable/page-objects/userProfile.ts
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx
• packages/shared/src/types/clerk.ts

packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/testing/src/playwright/unstable/page-objects/userProfile.ts
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx
• packages/shared/src/types/clerk.ts

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.tsx: Use error boundaries in React components
Minimize re-renders in React components

**/*.tsx: Use proper type definitions for props and state in React components
Leverage TypeScript's type inference where possible in React components
Use proper event types for handlers in React components
Implement proper generic types for reusable React components
Use proper type guards for conditional rendering in React components

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx

**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components (e.g., UserProfile, NavigationMenu)
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Separate UI components from business logic components
Use useState for simple state management in React components
Use useReducer for complex state logic in React components
Implement proper state initialization in React components
Use proper state updates with callbacks in React components
Implement proper state cleanup in React components
Use Context API for theme/authentication state management
Implement proper state persistence in React applications
Use React.memo for expensive components
Implement proper useCallback for handlers in React components
Use proper useMemo for expensive computations in React components
Implement proper virtualization for lists in React components
Use proper code splitting with React.lazy in React applications
Implement proper cleanup in useEffect hooks
Use proper refs for DOM access in React components
Implement proper event listener cleanup in React components
Use proper abort controllers for fetch in React components
Implement proper subscription cleanup in React components
Use proper HTML elements for semantic HTML in React components
Implement proper ARIA attributes for accessibility in React components
Use proper heading hierarchy in React components
Implement proper form labels in React components
Use proper button types in React components
Implement proper focus management for keyboard navigation in React components
Use proper keyboard shortcuts in React components
Implement proper tab order in React components
Use proper ...

Files:

• packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx
• packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx
• packages/clerk-js/src/ui/components/UserProfile/APIKeysPage.tsx

🧬 Code graph analysis (3)

integration/tests/machine-auth/component.test.ts (1)

integration/testUtils/index.ts (1)

• createTestUtils (24-86)

packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx (2)

packages/clerk-js/src/ui/contexts/components/APIKeys.ts (1)

• APIKeysContext (5-5)

packages/react/src/isomorphicClerk.ts (1)

• organization (719-725)

packages/clerk-js/src/ui/components/APIKeys/APIKeys.tsx (1)

packages/react/src/isomorphicClerk.ts (1)

• user (711-717)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Build Packages
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (2)

packages/testing/src/playwright/unstable/page-objects/userProfile.ts (1)

20-22: New switchToAPIKeysTab helper looks consistent

Matches existing tab helpers (Security/Billing), keeps page-object API cohesive. No issues spotted.

packages/clerk-js/src/ui/components/OrganizationProfile/OrganizationAPIKeysPage.tsx (1)

28-33: Explicitly setting subject to organization.id is correct

This ensures org profile API keys always use the organization as subject (and overrides any accidental subject on apiKeysProps), aligning with the updated resolution logic.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.changeset/friendly-adults-bathe.md (1)

5-6: Consider rewording for consistency with formal changelog conventions.

The description uses "Fixed" but changesets typically benefit from more formal phrasing. Consider revising to "Resolved" or "Addressed" for consistency with standard changelog conventions.

Apply this diff to improve formality:

-Fixed an issue where API keys in `<UserProfile />` are showing organization API keys.
+Resolved an issue where API keys in `<UserProfile />` were displaying organization API keys.

This also corrects the verb tense alignment ("are showing" → "were displaying") and maintains clarity.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b084c4a and 3232d85.

📒 Files selected for processing (1)

• .changeset/friendly-adults-bathe.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

.changeset/friendly-adults-bathe.md

[style] ~5-~5: Consider using a different verb for a more formal wording.
Context: ...ed": patch "@clerk/testing": patch --- Fixed an issue where API keys in `<UserProfil...

(FIX_RESOLVE)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

packages/shared/src/react/hooks/useAPIKeys.swr.tsx (1)

100-103: Preserve previous semantics by only sending subject when it is set

The wrapper correctly fixes the regression by forwarding subject from safeValues, but it now always sends subject: safeValues.subject, which means we’ll send subject: '' when no subject is configured. Previously, the subject key was omitted entirely in that case (matching how hookParams is built).

To avoid changing behavior for the “no subject” case while still fixing the bug, consider conditionally spreading subject here the same way we do in hookParams:

-  const result = usePagesOrInfinite({
-    fetcher: clerk.apiKeys?.getAll
-      ? (params: GetAPIKeysParams) => clerk.apiKeys.getAll({ ...params, subject: safeValues.subject })
-      : undefined,
+  const result = usePagesOrInfinite({
+    fetcher: clerk.apiKeys?.getAll
+      ? (params: GetAPIKeysParams) =>
+          clerk.apiKeys.getAll({
+            ...params,
+            ...(safeValues.subject ? { subject: safeValues.subject } : {}),
+          })
+      : undefined,

This keeps cache scoping on subject while only sending it to the backend when it’s actually provided.

packages/shared/src/react/hooks/useAPIKeys.rq.tsx (1)

98-100: Align subject forwarding with SWR hook and avoid sending empty subject

This change mirrors the SWR hook and fixes the missing-subject issue, but it also always sends subject: safeValues.subject, which differs from the previous behavior (no subject key when falsy).

For consistency with hookParams and the SWR implementation, and to avoid sending subject: '', consider:

-  return usePagesOrInfinite({
-    fetcher: clerk.apiKeys?.getAll
-      ? (params: GetAPIKeysParams) => clerk.apiKeys.getAll({ ...params, subject: safeValues.subject })
-      : undefined,
+  return usePagesOrInfinite({
+    fetcher: clerk.apiKeys?.getAll
+      ? (params: GetAPIKeysParams) =>
+          clerk.apiKeys.getAll({
+            ...params,
+            ...(safeValues.subject ? { subject: safeValues.subject } : {}),
+          })
+      : undefined,

That keeps the regression fix while preserving the old “no subject” behavior and keeps SWR/RQ hooks in sync.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3232d85 and 232cc91.

📒 Files selected for processing (2)

• packages/shared/src/react/hooks/useAPIKeys.rq.tsx (1 hunks)
• packages/shared/src/react/hooks/useAPIKeys.swr.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (10)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.tsx: Use error boundaries in React components
Minimize re-renders in React components

**/*.tsx: Use proper type definitions for props and state in React components
Leverage TypeScript's type inference where possible in React components
Use proper event types for handlers in React components
Implement proper generic types for reusable React components
Use proper type guards for conditional rendering in React components

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components (e.g., UserProfile, NavigationMenu)
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Separate UI components from business logic components
Use useState for simple state management in React components
Use useReducer for complex state logic in React components
Implement proper state initialization in React components
Use proper state updates with callbacks in React components
Implement proper state cleanup in React components
Use Context API for theme/authentication state management
Implement proper state persistence in React applications
Use React.memo for expensive components
Implement proper useCallback for handlers in React components
Use proper useMemo for expensive computations in React components
Implement proper virtualization for lists in React components
Use proper code splitting with React.lazy in React applications
Implement proper cleanup in useEffect hooks
Use proper refs for DOM access in React components
Implement proper event listener cleanup in React components
Use proper abort controllers for fetch in React components
Implement proper subscription cleanup in React components
Use proper HTML elements for semantic HTML in React components
Implement proper ARIA attributes for accessibility in React components
Use proper heading hierarchy in React components
Implement proper form labels in React components
Use proper button types in React components
Implement proper focus management for keyboard navigation in React components
Use proper keyboard shortcuts in React components
Implement proper tab order in React components
Use proper ...

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• packages/shared/src/react/hooks/useAPIKeys.swr.tsx
• packages/shared/src/react/hooks/useAPIKeys.rq.tsx

🧬 Code graph analysis (2)

packages/shared/src/react/hooks/useAPIKeys.swr.tsx (1)

packages/shared/src/types/clerk.ts (1)

• GetAPIKeysParams (2006-2009)

packages/shared/src/react/hooks/useAPIKeys.rq.tsx (1)

packages/shared/src/types/clerk.ts (1)

• GetAPIKeysParams (2006-2009)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Build Packages
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

integration/tests/machine-auth/component.test.ts (1)

304-322: Add null check for capturedSubject before assertions.

The capturedSubject variable is initialized as string | null but the assertions don't verify it's non-null before comparing. If the API request doesn't occur or the subject parameter is missing, the test will fail with a confusing error message (expect(null).toBe(userId)) rather than clearly indicating the request never happened.

Apply this diff to add a null check:

   await apiKeyRequestPromise;
 
+  // Ensure the request was captured
+  expect(capturedSubject).not.toBeNull();
+
   // Verify the subject parameter is the user ID, not the organization ID
   expect(capturedSubject).toBe(userId);
   expect(capturedSubject).not.toBe(fakeOrganization.organization.id);

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 232cc91 and e8498ad.

📒 Files selected for processing (1)

• integration/tests/machine-auth/component.test.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• integration/tests/machine-auth/component.test.ts

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• integration/tests/machine-auth/component.test.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Prefer importing types from @clerk/shared/types instead of the deprecated @clerk/types alias

Files:

• integration/tests/machine-auth/component.test.ts

**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{test,spec}.{ts,tsx,js,jsx}: Unit tests are required for all new functionality
Verify proper error handling and edge cases
Include tests for all new features

Files:

• integration/tests/machine-auth/component.test.ts

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• integration/tests/machine-auth/component.test.ts

**/*.{test,spec,e2e}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use real Clerk instances for integration tests

Files:

• integration/tests/machine-auth/component.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• integration/tests/machine-auth/component.test.ts

🧬 Code graph analysis (1)

integration/tests/machine-auth/component.test.ts (1)

integration/testUtils/index.ts (1)

• createTestUtils (24-86)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build Packages
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan