feat(repo): Migrate Protect to Show

[jacekradko]

Description

Fixes: USER-3389

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features

  • Unified Show component with a flexible when prop for auth/authorization
  • ClerkLoaded and ClerkLoading components to manage load state and avoid UI flicker

• Breaking / API Changes

  • Removed SignedIn, SignedOut and client-side Protect; types renamed to ShowProps / ShowWhenCondition

• Chores

  • Codemod, docs, examples and updated error messages to guide migration to Show

• Tests

  • Added tests covering Show rendering and authorization cases

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 8496c81

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 20 packages

Name	Type
@clerk/upgrade	Minor
@clerk/astro	Major
@clerk/chrome-extension	Major
@clerk/expo	Major
@clerk/nextjs	Major
@clerk/react	Major
@clerk/shared	Minor
@clerk/vue	Major
@clerk/react-router	Patch
@clerk/tanstack-react-start	Patch
@clerk/agent-toolkit	Patch
@clerk/backend	Patch
@clerk/clerk-js	Patch
@clerk/expo-passkeys	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/localizations	Patch
@clerk/nuxt	Patch
@clerk/testing	Patch
@clerk/ui	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
clerk-js-sandbox	Skipped		Dec 13, 2025 2:09pm

[coderabbitai]

Walkthrough

Replaces Protect, SignedIn, and SignedOut with a unified Show component (when: ShowWhenCondition) across packages; adds ShowProps/ShowWhenCondition types, introduces ClerkLoaded/ClerkLoading and useSafeIsLoaded, updates framework implementations (React, Next.js, Astro, Vue, Expo, Nuxt), examples, docs, tests, and adds a codemod to migrate Protect usage to Show.

Changes

Cohort / File(s)	Summary
Shared types packages/shared/src/types/protect.ts	Adds ShowWhenCondition and ShowProps; renames ProtectProps→ProtectParams with deprecated alias; surfaces PendingSessionOptions.
React core & exports packages/react/src/components/controlComponents.tsx, packages/react/src/components/index.ts, packages/react/src/components/*	Replaces Protect/ProtectProps and SignedIn/SignedOut with Show/ShowProps; adds checkAuthorization, ClerkLoaded/ClerkLoading, useSafeIsLoaded; updates messages, examples and exports.
Next.js (app-router server) packages/nextjs/src/app-router/server/controlComponents.tsx, packages/nextjs/src/app-router/server/__tests__/controlComponents.test.tsx	Introduces server-side Show (AppRouterShowProps) supporting when as string/object/function; tests added to validate string, object, and predicate flows using has().
Next.js re-exports & public surface packages/nextjs/src/client-boundary/controlComponents.ts, packages/nextjs/src/components.client.ts, packages/nextjs/src/components.server.ts, packages/nextjs/src/index.ts	Replace Protect/SignedIn/SignedOut with Show across re-export layers; update server types to expose Show.
Astro components & wrappers packages/astro/src/react/controlComponents.tsx, packages/astro/src/astro-components/control/Show.astro, .../ShowCSR.astro, .../ShowSSR.astro, packages/astro/src/astro-components/index.ts	Adds Astro CSR/SSR Show components and top-level Show wrapper; React/Astro integration updated to use ShowWhenCondition; introduces CSR custom element and SSR conditional slot rendering.
Vue implementation & exports packages/vue/src/components/controlComponents.ts, packages/vue/src/components/index.ts	Replaces Protect/SignedIn/SignedOut with Show, adds ShowProps type and Show implementation; updates re-exports.
Expo & Chrome-extension re-exports packages/expo/src/components/controlComponents.tsx, packages/chrome-extension/src/react/re-exports.ts	Swap Protect/SignedIn/SignedOut for Show in re-exports; retain ClerkLoaded/ClerkLoading where applicable.
Nuxt integration packages/nuxt/src/module.ts, packages/nuxt/src/runtime/components/index.ts	Replace auto-registered components Protect/SignedIn/SignedOut with Show in Nuxt integration exports.
Codemod & tests packages/upgrade/src/codemods/transform-protect-to-show.cjs, packages/upgrade/src/codemods/__tests__/*, packages/upgrade/src/codemods/__tests__/__fixtures__/*	New codemod to migrate Protect/SignedIn/SignedOut → Show (imports, JSX, aggregated auth attrs, type renames, alias-safety, RSC-awareness); includes fixtures and tests.
Integration & playground updates integration/templates/**, playground/**	Replace Protect/SignedIn/SignedOut usage with Show when=... across examples, templates, and playground apps; update imports and templates.
Docs & changesets .changeset/migrate-to-show.md, .changeset/show-the-guards.md, packages/chrome-extension/docs/clerk-provider.md	Document new Show API, codemod, examples, and version bumps; update docs to reference Show when=....
Minor message/text updates & tests packages/react/src/components/*, packages/shared/src/react/hooks/useCheckout.ts, packages/vue/src/components/*, tests	Update runtime error messages and examples to instruct wrapping with <Show when="signedIn" /> or using useAuth; update tests asserting messaging.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Potential hotspots to review closely:

• Cross-package type and export consistency for ShowWhenCondition, ShowProps, and the deprecated ProtectProps alias.
• Semantics parity of when forms (string/object/function) and treatPendingAsSignedOut behavior across React, Next.js (server/app-router), Astro (CSR/SSR), and Vue.
• Astro CSR custom element registration and SSR slot logic (ShowCSR/ShowSSR) and hydration coordination via useSafeIsLoaded / ClerkLoaded / ClerkLoading.
• Codemod correctness: alias-safe renames, aggregation of auth attributes into when, handling of self-closing Protect, and avoiding RSC/hybrid-package false positives.
• Tests introduced/updated for server-side Show behavior and updated error messages.

Poem

🐰
I hopped through code to swap three into one,
Protect tucked away — now Show brings the sun.
One "when" to ask, one gate to decide,
I nibbled imports and let exports glide.
A tidy burrow, then off I run.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 8.33% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly summarizes the main change: migrating the Protect component to Show. The title is concise and directly related to the primary objective of the linked issue.
Linked Issues check	✅ Passed	The PR successfully addresses all coding requirements from USER-3389: renames Protect to Show throughout the codebase, treats it as a breaking change (major version bumps), and updates documentation/examples to clarify the component only visually hides/shows content.
Out of Scope Changes check	✅ Passed	All changes are directly related to the Protect-to-Show migration. No unrelated modifications were detected; updates to documentation, examples, tests, codemods, and component implementations all support the primary objective.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/protect-refactor

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7373

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7373

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7373

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7373

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7373

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7373

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7373

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7373

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7373

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7373

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7373

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7373

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7373

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7373

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7373

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7373

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7373

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7373

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7373

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7373

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7373

commit: 8496c81

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

packages/vue/src/components/controlComponents.ts (1)

124-124: Missing JSDoc documentation for the Show component.

The ShowProps type now has proper documentation, but the Show component itself still lacks JSDoc. Per coding guidelines, public API components should have comprehensive documentation including purpose, parameters, slots, and usage examples.

Consider adding documentation similar to:

/**
 * Conditionally renders content based on authentication state or authorization rules.
 * 
 * **Important:** This component only controls UI visibility and does not secure data.
 * Sensitive content remains accessible in source code and must be protected server-side.
 * 
 * @param props - {@link ShowProps}
 * @slot default - Content to show when the condition is met
 * @slot fallback - Fallback content when condition fails (takes precedence over prop)
 * @returns Rendered content, fallback, or null while loading
 */
export const Show = defineComponent((props: ShowProps, { slots }) => {

🧹 Nitpick comments (2)

packages/vue/src/components/controlComponents.ts (2)

103-122: JSDoc documentation is comprehensive and addresses the previous review feedback.

The documentation properly explains the props, includes examples, and uses appropriate JSDoc tags.

One minor nitpick: the example on line 118 uses <ProtectedFeature /> which is inconsistent with the migration theme (Protect → Show). Consider renaming to something like <SecretFeature /> or <AuthorizedContent /> for consistency.

 * <Show :when="(has) => has({ permission: 'org:read' })">
 *   <template #fallback>Not authorized</template>
-*   <ProtectedFeature />
+*   <AuthorizedContent />
 * </Show>

---

135-138: Consider extracting slot/fallback resolution to improve readability.

The content resolution logic is correct but involves multiple type assertions. This is acceptable given Vue's slot typing, but a brief inline comment explaining the precedence (slot fallback → prop fallback → null) would help future maintainers.

+    // Resolve content: slots take precedence over props for fallback
     const authorized = (slots.default?.() ?? null) as VNodeChild | null;
     const fallbackFromSlot = slots.fallback?.() ?? null;
     const fallbackFromProp = (props.fallback as VNodeChild | null | undefined) ?? null;
     const unauthorized = (fallbackFromSlot ?? fallbackFromProp ?? null) as VNodeChild | null;

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 826a9cb and 9121fbc.

📒 Files selected for processing (1)

• packages/vue/src/components/controlComponents.ts (3 hunks)

🧰 Additional context used

📓 Path-based instructions (9)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• packages/vue/src/components/controlComponents.ts

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/vue/src/components/controlComponents.ts

packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/vue/src/components/controlComponents.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Files:

• packages/vue/src/components/controlComponents.ts

packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

• packages/vue/src/components/controlComponents.ts

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• packages/vue/src/components/controlComponents.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• packages/vue/src/components/controlComponents.ts

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use ESLint with custom configurations tailored for different package types

Files:

• packages/vue/src/components/controlComponents.ts

**/*.{js,ts,jsx,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use Prettier for code formatting across all packages

Files:

• packages/vue/src/components/controlComponents.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (27)

• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16, RQ)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Build Packages
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (2)

packages/vue/src/components/controlComponents.ts (2)

6-8: LGTM on the new type imports.

The ShowWhenCondition and VNodeChild imports are correctly added to support the new Show component's type definitions and render return types.

---

152-162: Null handling has been improved and is now consistent.

The refactored approach correctly extracts has.value into hasValue, performs a null check, and then uses the value consistently in both the function and object cases. This resolves the previous concern about inconsistent null handling.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9121fbc and 01afa55.

📒 Files selected for processing (5)

• integration/templates/vue-vite/src/App.vue (2 hunks)
• integration/templates/vue-vite/src/views/Admin.vue (1 hunks)
• integration/templates/vue-vite/src/views/Home.vue (1 hunks)
• integration/templates/vue-vite/src/views/billing/CheckoutBtn.vue (1 hunks)
• integration/tests/vue/components.test.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (10)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• integration/tests/vue/components.test.ts

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• integration/tests/vue/components.test.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Files:

• integration/tests/vue/components.test.ts

**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{test,spec}.{ts,tsx,js,jsx}: Unit tests are required for all new functionality
Verify proper error handling and edge cases
Include tests for all new features

Files:

• integration/tests/vue/components.test.ts

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• integration/tests/vue/components.test.ts

**/*.{test,spec,e2e}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use real Clerk instances for integration tests

Files:

• integration/tests/vue/components.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• integration/tests/vue/components.test.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use React Testing Library for component testing

Files:

• integration/tests/vue/components.test.ts

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use ESLint with custom configurations tailored for different package types

Files:

• integration/tests/vue/components.test.ts

**/*.{js,ts,jsx,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use Prettier for code formatting across all packages

Files:

• integration/tests/vue/components.test.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (25)

• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (nextjs, chrome, 16, RQ)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (5)

integration/templates/vue-vite/src/views/Home.vue (1)

2-2: Show when="signedIn" migration looks consistent here
Import + usage is straightforward and matches the PR direction (replace SignedIn with Show).

Also applies to: 6-8

integration/templates/vue-vite/src/App.vue (1)

14-19: Verify when="signedIn"/"signedOut" are the correct public string conditions in @clerk/vue
This looks like the intended migration, but please double-check the Vue Show API guarantees these string literals (and that behavior matches prior SignedIn/SignedOut).

integration/tests/vue/components.test.ts (1)

262-262: Test rename is aligned with the Show migration
No concerns.

integration/templates/vue-vite/src/views/Admin.vue (1)

6-11: Good use of :when object condition + #fallback
Just verify the { role: 'org:admin' } condition shape is exactly what @clerk/vue Show expects (and that it’s covered by types / docs for Vue).

integration/templates/vue-vite/src/views/billing/CheckoutBtn.vue (1)

3-10: Migration is clean; confirm when="signedIn" is the intended Vue condition string
No other issues spotted.

Also applies to: 15-17

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

packages/tanstack-react-start/src/client/ClerkProvider.tsx (2)

1-45: Consolidate @clerk/react imports to reduce drift and duplication.
You can import ClerkProvider as ReactClerkProvider in the same statement as the re-exported symbols (or, better, avoid importing re-export-only symbols at all—see next comment).

---

58-102: Prefer direct re-exports to avoid creating local bindings + keep API surface intentional.
This block is easy to desync from @clerk/react over time; consider export { … } from '@clerk/react' and only import ClerkProvider for local use.

-import {
-  APIKeys,
-  AuthenticateWithRedirectCallback,
-  ClerkDegraded,
-  ClerkFailed,
-  ClerkLoaded,
-  ClerkLoading,
-  CreateOrganization,
-  GoogleOneTap,
-  OrganizationList,
-  OrganizationSwitcher,
-  PricingTable,
-  RedirectToCreateOrganization,
-  RedirectToOrganizationProfile,
-  RedirectToSignIn,
-  RedirectToSignUp,
-  RedirectToTasks,
-  RedirectToUserProfile,
-  Show,
-  SignInButton,
-  SignInWithMetamaskButton,
-  SignOutButton,
-  SignUpButton,
-  TaskChooseOrganization,
-  TaskResetPassword,
-  UserAvatar,
-  UserButton,
-  Waitlist,
-  __experimental_CheckoutProvider,
-  __experimental_PaymentElement,
-  __experimental_PaymentElementProvider,
-  __experimental_useCheckout,
-  __experimental_usePaymentElement,
-  useAuth,
-  useClerk,
-  useEmailLink,
-  useOrganization,
-  useOrganizationList,
-  useReverification,
-  useSession,
-  useSessionList,
-  useSignIn,
-  useSignUp,
-  useUser,
-} from '@clerk/react';
-import { ClerkProvider as ReactClerkProvider } from '@clerk/react';
+import { ClerkProvider as ReactClerkProvider } from '@clerk/react';
+
+export {
+  APIKeys,
+  AuthenticateWithRedirectCallback,
+  ClerkDegraded,
+  ClerkFailed,
+  ClerkLoaded,
+  ClerkLoading,
+  CreateOrganization,
+  GoogleOneTap,
+  OrganizationList,
+  OrganizationSwitcher,
+  PricingTable,
+  RedirectToCreateOrganization,
+  RedirectToOrganizationProfile,
+  RedirectToSignIn,
+  RedirectToSignUp,
+  RedirectToTasks,
+  RedirectToUserProfile,
+  Show,
+  SignInButton,
+  SignInWithMetamaskButton,
+  SignOutButton,
+  SignUpButton,
+  TaskChooseOrganization,
+  TaskResetPassword,
+  UserAvatar,
+  UserButton,
+  Waitlist,
+  __experimental_CheckoutProvider,
+  __experimental_PaymentElement,
+  __experimental_PaymentElementProvider,
+  __experimental_useCheckout,
+  __experimental_usePaymentElement,
+  useAuth,
+  useClerk,
+  useEmailLink,
+  useOrganization,
+  useOrganizationList,
+  useReverification,
+  useSession,
+  useSessionList,
+  useSignIn,
+  useSignUp,
+  useUser,
+} from '@clerk/react';

packages/react-router/src/client/ReactRouterClerkProvider.tsx (2)

1-45: Collapse @clerk/react imports (or avoid re-export-only imports).
Right now the file imports many bindings only to re-export them; see next comment for a simpler pattern.

---

60-104: Use export { … } from '@clerk/react' to keep the wrapper’s surface explicit and lower maintenance.
This makes it harder for the import list and export list to diverge and avoids unnecessary local bindings.

-import {
-  APIKeys,
-  AuthenticateWithRedirectCallback,
-  ClerkDegraded,
-  ClerkFailed,
-  ClerkLoaded,
-  ClerkLoading,
-  CreateOrganization,
-  GoogleOneTap,
-  OrganizationList,
-  OrganizationSwitcher,
-  PricingTable,
-  RedirectToCreateOrganization,
-  RedirectToOrganizationProfile,
-  RedirectToSignIn,
-  RedirectToSignUp,
-  RedirectToTasks,
-  RedirectToUserProfile,
-  Show,
-  SignInButton,
-  SignInWithMetamaskButton,
-  SignOutButton,
-  SignUpButton,
-  TaskChooseOrganization,
-  TaskResetPassword,
-  UserAvatar,
-  UserButton,
-  Waitlist,
-  __experimental_CheckoutProvider,
-  __experimental_PaymentElement,
-  __experimental_PaymentElementProvider,
-  __experimental_useCheckout,
-  __experimental_usePaymentElement,
-  useAuth,
-  useClerk,
-  useEmailLink,
-  useOrganization,
-  useOrganizationList,
-  useReverification,
-  useSession,
-  useSessionList,
-  useSignIn,
-  useSignUp,
-  useUser,
-} from '@clerk/react';
 import { ClerkProvider as ReactClerkProvider } from '@clerk/react';
+
+export {
+  APIKeys,
+  AuthenticateWithRedirectCallback,
+  ClerkDegraded,
+  ClerkFailed,
+  ClerkLoaded,
+  ClerkLoading,
+  CreateOrganization,
+  GoogleOneTap,
+  OrganizationList,
+  OrganizationSwitcher,
+  PricingTable,
+  RedirectToCreateOrganization,
+  RedirectToOrganizationProfile,
+  RedirectToSignIn,
+  RedirectToSignUp,
+  RedirectToTasks,
+  RedirectToUserProfile,
+  Show,
+  SignInButton,
+  SignInWithMetamaskButton,
+  SignOutButton,
+  SignUpButton,
+  TaskChooseOrganization,
+  TaskResetPassword,
+  UserAvatar,
+  UserButton,
+  Waitlist,
+  __experimental_CheckoutProvider,
+  __experimental_PaymentElement,
+  __experimental_PaymentElementProvider,
+  __experimental_useCheckout,
+  __experimental_usePaymentElement,
+  useAuth,
+  useClerk,
+  useEmailLink,
+  useOrganization,
+  useOrganizationList,
+  useReverification,
+  useSession,
+  useSessionList,
+  useSignIn,
+  useSignUp,
+  useUser,
+} from '@clerk/react';

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 01afa55 and 5d6149b.

⛔ Files ignored due to path filters (3)

• packages/chrome-extension/src/__tests__/__snapshots__/exports.test.ts.snap is excluded by !**/*.snap
• packages/react-router/src/__tests__/__snapshots__/exports.test.ts.snap is excluded by !**/*.snap
• packages/tanstack-react-start/src/__tests__/__snapshots__/exports.test.ts.snap is excluded by !**/*.snap

📒 Files selected for processing (2)

• packages/react-router/src/client/ReactRouterClerkProvider.tsx (2 hunks)
• packages/tanstack-react-start/src/client/ClerkProvider.tsx (2 hunks)

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.tsx

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.tsx: Use error boundaries in React components
Minimize re-renders in React components

**/*.tsx: Use proper type definitions for props and state in React components
Leverage TypeScript's type inference where possible in React components
Use proper event types for handlers in React components
Implement proper generic types for reusable React components
Use proper type guards for conditional rendering in React components

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.{jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

**/*.{jsx,tsx}: Always use functional components with hooks instead of class components
Follow PascalCase naming for components (e.g., UserProfile, NavigationMenu)
Keep components focused on a single responsibility - split large components
Limit component size to 150-200 lines; extract logic into custom hooks
Use composition over inheritance - prefer smaller, composable components
Export components as named exports for better tree-shaking
One component per file with matching filename and component name
Separate UI components from business logic components
Use useState for simple state management in React components
Use useReducer for complex state logic in React components
Implement proper state initialization in React components
Use proper state updates with callbacks in React components
Implement proper state cleanup in React components
Use Context API for theme/authentication state management
Implement proper state persistence in React applications
Use React.memo for expensive components
Implement proper useCallback for handlers in React components
Use proper useMemo for expensive computations in React components
Implement proper virtualization for lists in React components
Use proper code splitting with React.lazy in React applications
Implement proper cleanup in useEffect hooks
Use proper refs for DOM access in React components
Implement proper event listener cleanup in React components
Use proper abort controllers for fetch in React components
Implement proper subscription cleanup in React components
Use proper HTML elements for semantic HTML in React components
Implement proper ARIA attributes for accessibility in React components
Use proper heading hierarchy in React components
Implement proper form labels in React components
Use proper button types in React components
Implement proper focus management for keyboard navigation in React components
Use proper keyboard shortcuts in React components
Implement proper tab order in React components
Use proper ...

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use ESLint with custom configurations tailored for different package types

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

**/*.{js,ts,jsx,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use Prettier for code formatting across all packages

Files:

• packages/tanstack-react-start/src/client/ClerkProvider.tsx
• packages/react-router/src/client/ReactRouterClerkProvider.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (25)

• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16, RQ)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/chrome-extension/docs/clerk-provider.md (1)

1-114: Consider adding a migration notice for users of the deprecated components.

Since this PR marks a breaking change (migrating from SignedIn/SignedOut to Show), consider adding a note at the top or in a dedicated section explaining that the deprecated components are no longer supported and directing users to the new Show component pattern. This improves the user experience for those upgrading to this version.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3bb1953 and 8c719cd.

📒 Files selected for processing (4)

• packages/chrome-extension/docs/clerk-provider.md (3 hunks)
• packages/shared/src/react/hooks/useCheckout.ts (1 hunks)
• packages/vue/src/components/CheckoutButton.vue (1 hunks)
• packages/vue/src/components/SubscriptionDetailsButton.vue (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• packages/shared/src/react/hooks/useCheckout.ts

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/chrome-extension/docs/clerk-provider.md

**/*.{md,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Update documentation for API changes

Files:

• packages/chrome-extension/docs/clerk-provider.md

**/*.{js,ts,jsx,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use Prettier for code formatting across all packages

Files:

• packages/chrome-extension/docs/clerk-provider.md

🧠 Learnings (1)

📚 Learning: 2025-08-27T14:52:13.940Z

Learnt from: CR
Repo: clerk/javascript PR: 0
File: packages/chrome-extension/docs/clerk-provider.md:0-0
Timestamp: 2025-08-27T14:52:13.940Z
Learning: Applies to packages/chrome-extension/docs/**/App.tsx : Use Clerk’s SignedIn/SignedOut components in App.tsx; show <SignInButton mode='modal'/> when SignedOut and <UserButton/> plus protected content when SignedIn

Applied to files:

• packages/chrome-extension/docs/clerk-provider.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (25)

• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (nextjs, chrome, 16, RQ)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (3)

packages/chrome-extension/docs/clerk-provider.md (2)

7-7: Correctly migrated App example to Show component.

The import statement and component usage are properly updated. The when prop clearly conveys intent compared to the previous wrapper components, and the formatting is clean and consistent.

Also applies to: 13-22

---

64-64: Correctly migrated routing example to Show component.

The routing example properly updates imports to include Show, SignIn, and SignUp from @clerk/chrome-extension, and correctly applies the when prop throughout the route definition. The pattern is consistent with the App example.

Verify that the when prop accepts the string values 'signedOut' and 'signedIn' as used throughout this documentation, and that SignIn and SignUp are correctly exported from @clerk/chrome-extension.

Also applies to: 83-89

packages/vue/src/components/SubscriptionDetailsButton.vue (1)

18-20: Error message correctly updated for Show component migration.

The updated error message properly reflects the new Show component API. The when="signedIn" prop is a valid value in the ShowWhenCondition union type, and the guidance is clear and actionable for developers.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find useAuth function definition and return types
rg -n "export.*useAuth|const useAuth" packages/vue/src --type ts --type vue -A 5

# Look for userId/orgId type definitions
rg -n "userId|orgId" packages/vue/src --type ts --type vue -B 2 -A 2 | head -100

# Check for isLoaded pattern usage
rg -n "isLoaded" packages/vue/src --type ts --type vue

Repository: clerk/javascript

Length of output: 143

---

🏁 Script executed:

#!/bin/bash
# Find useAuth function definition - search .ts and .vue files
rg -n "export.*useAuth|const useAuth" packages/vue/src -A 5

# Look for userId/orgId usage in the CheckoutButton file specifically
cat packages/vue/src/components/CheckoutButton.vue

# Check for isLoaded pattern in composables
rg -n "isLoaded" packages/vue/src -A 2 -B 2

Repository: clerk/javascript

Length of output: 15157

---

🏁 Script executed:

#!/bin/bash
# Get the full useAuth implementation and return type
head -150 packages/vue/src/composables/useAuth.ts

Repository: clerk/javascript

Length of output: 3119

---

Add isLoaded guard to prevent throwing during auth initialization.

The guard should check isLoaded before accessing userId, matching the pattern used in the Show component. Currently, the component throws at setup time without verifying that Clerk has finished loading. Import isLoaded from useAuth() and guard the checks:

const { userId, orgId, isLoaded } = useAuth();

if (isLoaded.value) {
  if (userId.value === null) {
    throw new Error('Ensure that `<CheckoutButton />` is rendered inside a `<Show when="signedIn" />` component.');
  }
  if (orgId.value === null && props.for === 'organization') {
    throw new Error('Wrap `<CheckoutButton for="organization" />` with a check for an active organization.');
  }
}

This prevents errors during the loading phase and aligns with the useAuth() contract documented in the composable.

🤖 Prompt for AI Agents

packages/vue/src/components/CheckoutButton.vue around lines 16 to 19: the
component currently checks userId.value immediately and can throw while Clerk is
still initializing; update the auth destructure to include isLoaded from
useAuth(), then wrap the existing null-checks in an if (isLoaded.value) block so
you only throw after auth has finished loading; also add the orgId check inside
that block to throw when orgId.value is null and props.for === 'organization',
and ensure you import/destructure isLoaded alongside userId and orgId.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

packages/astro/src/astro-components/control/ShowSSR.astro (1)

10-11: Simplify the redundant conditional logic.

Both lines always evaluate, creating unnecessary complexity. The nested ternaries can be simplified for better readability and performance.

Apply this diff to simplify:

-{when === 'signedIn' ? (userId ? <slot /> : null) : null}
-{when === 'signedOut' ? (!userId ? <slot /> : null) : null}
+{
+  ((when === 'signedIn' && userId) || (when === 'signedOut' && !userId))
+    ? <slot />
+    : null
+}

packages/astro/src/astro-components/control/ShowCSR.astro (1)

21-45: Optional: simplify hidden toggling to reduce branching.

You can collapse the nested conditionals into a single boolean and use toggleAttribute('hidden', shouldHide) to make this easier to maintain.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8c719cd and b064082.

📒 Files selected for processing (15)

• .changeset/show-the-guards.md (1 hunks)
• integration/templates/astro-hybrid/src/pages/index.astro (1 hunks)
• integration/templates/astro-hybrid/src/pages/ssr.astro (1 hunks)
• integration/templates/astro-node/src/layouts/Layout.astro (3 hunks)
• integration/templates/astro-node/src/layouts/react/Layout.astro (3 hunks)
• integration/templates/astro-node/src/pages/billing/checkout-btn.astro (1 hunks)
• integration/templates/astro-node/src/pages/index.astro (4 hunks)
• integration/templates/astro-node/src/pages/react/index.astro (5 hunks)
• integration/templates/astro-node/src/pages/react/only-admins.astro (1 hunks)
• integration/templates/astro-node/src/pages/react/only-members.astro (1 hunks)
• integration/templates/astro-node/src/pages/transitions/index.astro (1 hunks)
• packages/astro/src/astro-components/control/Show.astro (1 hunks)
• packages/astro/src/astro-components/control/ShowCSR.astro (1 hunks)
• packages/astro/src/astro-components/control/ShowSSR.astro (1 hunks)
• packages/astro/src/astro-components/index.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (10)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

All code must pass ESLint checks with the project's configuration

Files:

• packages/astro/src/astro-components/index.ts

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/astro/src/astro-components/index.ts

packages/**/src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/astro/src/astro-components/index.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Follow established naming conventions (PascalCase for components, camelCase for variables)

Files:

• packages/astro/src/astro-components/index.ts

packages/**/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/**/src/**/*.{ts,tsx,js,jsx}: Maintain comprehensive JSDoc comments for public APIs
Use tree-shaking friendly exports
Validate all inputs and sanitize outputs
All public APIs must be documented with JSDoc
Use dynamic imports for optional features
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Implement proper logging with different levels

Files:

• packages/astro/src/astro-components/index.ts

**/*.ts?(x)

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

Files:

• packages/astro/src/astro-components/index.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Implement type guards for unknown types using the pattern function isType(value: unknown): value is Type
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details in classes
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Use mixins for shared behavior across unrelated classes in TypeScript
Use generic constraints with bounded type parameters like <T extends { id: string }>
Use utility types like Omit, Partial, and Pick for data transformation instead of manual type construction
Use discriminated unions instead of boolean flags for state management and API responses
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation at the type level
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Document functions with JSDoc comments including @param, @returns, @throws, and @example tags
Create custom error classes that extend Error for specific error types
Use the Result pattern for error handling instead of throwing exceptions
Use optional chaining (?.) and nullish coalescing (??) operators for safe property access
Let TypeScript infer obvious types to reduce verbosity
Use const assertions with as const for literal types
Use satisfies operator for type checking without widening types
Declare readonly arrays and objects for immutable data structures
Use spread operator and array spread for immutable updates instead of mutations
Use lazy loading for large types...

Files:

• packages/astro/src/astro-components/index.ts

**/index.ts

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

Avoid barrel files (index.ts re-exports) as they can cause circular dependencies

Files:

• packages/astro/src/astro-components/index.ts

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use ESLint with custom configurations tailored for different package types

Files:

• packages/astro/src/astro-components/index.ts

**/*.{js,ts,jsx,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use Prettier for code formatting across all packages

Files:

• packages/astro/src/astro-components/index.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (25)

• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16, RQ)
• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (13)

integration/templates/astro-node/src/pages/react/only-admins.astro (1)

8-26: Refactor to use a single Show block with a fallback prop instead of two separate blocks.

The current implementation duplicates the role condition across two separate Show blocks. Use the supported fallback prop to eliminate the duplication:

-    <Show
-      client:load
-      when={{ role: 'org:admin' }}
-    >
-      <h1 class='text-2xl text-center'>I'm an admin</h1>
-    </Show>
-
-    <Show
-      client:load
-      when={(has) => !has({ role: 'org:admin' })}
-    >
-      <h1 class='text-2xl text-center'>Not an admin</h1>
-      <a
-        class='text-sm text-center text-gray-100 transition hover:text-gray-400'
-        href='/only-members'
-      >
-        Go to Members Page
-      </a>
-    </Show>
+    <Show
+      client:load
+      when={{ role: 'org:admin' }}
+      fallback={
+        <>
+          <h1 class='text-2xl text-center'>Not an admin</h1>
+          <a
+            class='text-sm text-center text-gray-100 transition hover:text-gray-400'
+            href='/only-members'
+          >
+            Go to Members Page
+          </a>
+        </>
+      }
+    >
+      <h1 class='text-2xl text-center'>I'm an admin</h1>
+    </Show>

This eliminates the maintenance burden of keeping two opposite conditions in sync and avoids potential layout shifts from conditionally rendered blocks.

Likely an incorrect or invalid review comment.

integration/templates/astro-hybrid/src/pages/ssr.astro (1)

2-21: LGTM! Clean migration to Show component.

The migration from SignedIn/SignedOut to Show is correct. The isStatic={false} prop is appropriate for this SSR context (prerender = false), ensuring proper hydration behavior.

integration/templates/astro-node/src/pages/react/index.astro (1)

5-72: LGTM! Correct React component migration.

The migration correctly uses Show with client:load for React components. The import from @clerk/astro/react is appropriate for this context.

integration/templates/astro-node/src/layouts/react/Layout.astro (1)

8-112: LGTM! Consistent React component usage.

The migration correctly applies client:load to React components within Show blocks. This matches the expected pattern for React integration in Astro.

integration/templates/astro-node/src/pages/billing/checkout-btn.astro (1)

2-15: LGTM! Consistent Astro component migration.

The migration correctly wraps the CheckoutButton with Show. The lack of client:load or isStatic attributes is consistent with other pure Astro component usage in this PR.

integration/templates/astro-node/src/pages/react/only-members.astro (1)

8-26: Dual Show pattern correctly handles complementary conditions.

The use of two separate Show components with complementary conditions (when={{ role: 'basic_member' }} and when={(has) => !has({ role: 'basic_member' })}) is correct. This demonstrates that Show supports object and function conditions in addition to string literals.

Note: This usage confirms that the ShowSSR.astro Props type may be too narrow (see comment on that file).

integration/templates/astro-node/src/layouts/Layout.astro (1)

83-113: Show components correctly default to server-side rendering in this template.

The Show components are correctly configured without isStatic or client:load attributes. Since the Astro config uses output: 'server', the Show component automatically uses ShowSSR (server-side rendering) when no explicit isStatic prop is provided. This is the appropriate behavior for wrapping pure Astro components like CustomUserButton, which require no client-side hydration.

packages/astro/src/astro-components/control/ShowSSR.astro (1)

2-4: Props type is intentionally limited to simple string conditions for Astro components.

The ShowSSR.astro component (along with Show.astro and ShowCSR.astro) only supports 'signedIn' | 'signedOut' string literals. This is by design—the React Show component in controlComponents.tsx implements the full ShowWhenCondition type (supporting object conditions like { role: 'basic_member' } and function callbacks), but the Astro equivalents deliberately restrict to simple string conditions. No changes needed unless extending Astro Show to support the full authorization API is a planned feature.

packages/astro/src/astro-components/index.ts (1)

4-6: The code is correct as-is. Show and Protect serve different purposes and coexist without deprecation. Show handles conditional rendering based on authentication state (signedIn | signedOut), while Protect enforces role/permission-based access control. No deprecation warnings are needed, no migration guide is required, and no codemod is applicable since they address distinct use cases.

Likely an incorrect or invalid review comment.

integration/templates/astro-node/src/pages/transitions/index.astro (1)

2-13: Template migration to <Show when=...> looks correct.

integration/templates/astro-hybrid/src/pages/index.astro (1)

6-21: Verify <Show> behaves correctly on prerender = true routes (CSR vs SSR selection).

If the page is prerendered but the app’s output is server, ensure Show still chooses the intended static/CSR behavior (or update template usage to pass isStatic where required).

integration/templates/astro-node/src/pages/index.astro (1)

5-21: Show-based conditional sections look consistent and correctly nested.

Also applies to: 29-67

.changeset/show-the-guards.md (1)

1-11: Security caveat requirement cannot be verified; consider whether the suggested additions are truly mandatory.

The changeset accurately describes introducing <Show when={...}> and removing <Protect>, <SignedIn>, and <SignedOut>. However, no evidence of an explicit "objective requirement" for security messaging was found in the codebase, commit history, or accessible documentation.

If security messaging is a documented requirement from the PR or linked issue, please reference it. Otherwise, the suggested wording additions may represent good UX/security practice but should not be framed as mandatory. The @clerk/shared minor bump also appears defensible if the type changes are additive.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Align class prop behavior with docs (only apply it on static/CSR path).

 const { when, isStatic, class: className } = Astro.props;
 
-const ShowComponent = isStaticOutput(isStatic) ? ShowCSR : ShowSSR;
+const isStaticResolved = isStaticOutput(isStatic);
+const ShowComponent = isStaticResolved ? ShowCSR : ShowSSR;
 ---
 
 <ShowComponent
   when={when}
-  class={className}
+  {...(isStaticResolved ? { class: className } : {})}
 >
   <slot />
 </ShowComponent>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	type Props = {
	when: 'signedIn' | 'signedOut';
	isStatic?: boolean;
	/**
	* The class name to apply to the outermost element of the component.
	* This class is only applied to static components.
	*/
	class?: string;
	};
	const { when, isStatic, class: className } = Astro.props;
	const ShowComponent = isStaticOutput(isStatic) ? ShowCSR : ShowSSR;
	---
	<ShowComponent
	when={when}
	class={className}
	>
	<slot />
	</ShowComponent>
	type Props = {
	when: 'signedIn' | 'signedOut';
	isStatic?: boolean;
	/**
	* The class name to apply to the outermost element of the component.
	* This class is only applied to static components.
	*/
	class?: string;
	};
	const { when, isStatic, class: className } = Astro.props;
	const isStaticResolved = isStaticOutput(isStatic);
	const ShowComponent = isStaticResolved ? ShowCSR : ShowSSR;
	---
	<ShowComponent
	when={when}
	{...(isStaticResolved ? { class: className } : {})}
	>
	<slot />
	</ShowComponent>

🤖 Prompt for AI Agents

In packages/astro/src/astro-components/control/Show.astro around lines 7 to 27,
the component always forwards the class prop to ShowComponent but the docs
require the class be applied only on the static/CSR path; update the JSX so the
class prop is only passed when isStaticOutput(isStatic) is truthy (i.e., pass
class={className} only for the ShowCSR/static branch or conditionally spread
it), leaving the SSR path without the class attribute.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

packages/astro/src/astro-components/control/ShowCSR.astro (1)

48-50: Past review concern addressed: custom element registration is now properly guarded.

The check for existing registration before calling customElements.define prevents runtime crashes when the <Show> component is used multiple times on a page. This resolves the critical issue flagged in the previous review.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3014891 and 8496c81.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• packages/astro/src/astro-components/control/ShowCSR.astro (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (29)

• GitHub Check: Unit Tests (shared, clerk-js, RQ)
• GitHub Check: Unit Tests (**)
• GitHub Check: Publish with pkg-pr-new
• GitHub Check: Static analysis
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16, RQ)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (2)

packages/astro/src/astro-components/control/ShowCSR.astro (2)

1-16: LGTM! Clean props definition and template structure.

The Props type is well-defined with appropriate literal types for when, and the template correctly initializes the custom element with the hidden attribute to prevent flash of content during hydration. The attribute forwarding and slot usage follow Astro best practices.

---

43-44: Good defensive fallback for unknown states.

Hiding content by default when the when attribute has an unexpected value is the right approach for access control components. This ensures content is not inadvertently shown.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

rg "removeAttribute.*hidden|setAttribute.*hidden" -B2 -A2 | head -50

Repository: clerk/javascript

Length of output: 3775

---

🌐 Web query:

Clerk authentication state loading userId falsy behavior astro

💡 Result:

Short answer: Clerk’s Astro client returns userId === undefined while Clerk is still loading, userId === null when signed out, and a string when signed in. Don’t treat any falsy check (if (!userId)) as enough — explicitly check for undefined (loading) vs null (signed out) or use isLoaded / isSignedIn from useAuth / $authStore. [1][3][4]

How to handle (concise examples)

• Using $authStore (nanostores): check undefined vs null

  • if (userId === undefined) { /* loading */ }
  • else if (userId === null) { /* signed out */ }
  • else { /* signed in, userId is string */ } [3][4]

• Using useAuth():

  • if (!isLoaded) return /* loading */
  • if (!isSignedIn) return /* signed out */
  • otherwise use userId. [2]

References

• $userStore / loading vs null behavior (Astro docs). [1]
• useAuth() (isLoaded / isSignedIn / userId). [2]
• $authStore examples showing userId === undefined vs null. [3]
• SDK/Astro overview referencing client stores. [4]

---

🏁 Script executed:

rg "onAuthStateChange\|AuthState" -A5 -B5 | head -100

Repository: clerk/javascript

Length of output: 42

---

🏁 Script executed:

find . -type f \( -name "*.ts" -o -name "*.js" -o -name "*.astro" \) 2>/dev/null | wc -l && find . -type f \( -name "*.ts" -o -name "*.js" -o -name "*.astro" \) 2>/dev/null | head -20

Repository: clerk/javascript

Length of output: 780

---

Add explicit loading state handling for when="signedOut".

The visibility logic cannot distinguish between a loading state (userId falsy due to unfinished auth initialization) and a signed-out state (userId null after auth is complete). For when="signedOut", if state.userId is falsy during the loading phase, removeAttribute('hidden') is called (line 38), potentially showing content before authentication finishes.

While the initial hidden attribute (line 13) provides partial protection, it assumes the component is rendered with this attribute set and that onAuthStateChange is not invoked until after session loading completes. Verify that:

1. Clerk's authStateStore subscription only fires after Clerk.load() completes, or
2. Add an explicit loading state check (e.g., check for a sessionId or similar indicator in AuthState to distinguish loading from signed-out), or
3. Defer visibility updates until auth is definitively loaded.

Same concern applies to SignedOutCSR.astro which has identical logic.

🤖 Prompt for AI Agents

In packages/astro/src/astro-components/control/ShowCSR.astro around lines 22 to
45, the when="signedOut" branch treats any falsy userId as signed-out and calls
removeAttribute('hidden'), which can expose content during auth loading; update
the handler to detect and respect an explicit "loading" indicator on AuthState
(e.g., sessionId, isLoaded, or a similar flag) and only
removeAttribute('hidden') for when="signedOut" if auth is fully initialized and
userId is null; if no such flag exists on AuthState, defer visibility changes
until Clerk.load() completes (or the authStateStore signals loaded) so that the
component stays hidden during the loading phase; apply the same change to
SignedOutCSR.astro which contains identical logic.