feat: make --keyless an opt-in flag on clerk init#268
Conversation
Previously, `clerk init` silently used keyless mode (auto-generated development keys) when run unauthenticated on a keyless-capable framework. The default now always authenticates and links a real Clerk application; `--keyless` is required to opt into auto-generated dev keys. - `--keyless` on a non-keyless framework exits with a usage error - `-y` skips y/n confirmations but no longer bypasses authentication - agent mode without `--keyless` or `--app` prints manual setup guidance instead of silently generating dev keys (agents can't run interactive OAuth) Internal: the `keyless` + `manualSetup` boolean pair is replaced by an `InitStrategy` union (`"keyless" | "manual" | "authenticate"`) so the post-scaffold dispatch is exhaustive. Test fixtures are DRYed via shared `KEYLESS_CTX` + `mockBootstrapTo` / `mockExistingProject` / `mockMiddlewareScaffold` helpers.
🦋 Changeset detectedLatest commit: 98c6b4d The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
📝 WalkthroughWalkthroughThis PR restructures how Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
2 participants
Summary
clerk initnow always authenticates and links a real Clerk application by default. The previous silent fallback to auto-generated dev keys (when run unauthenticated on a keyless-capable framework) is removed.--keylessis the opt-in flag for the keyless flow. On a non-keyless framework it exits with a usage error.-yno longer bypasses authentication — it skips y/n confirmations only. Without--keyless, an unauthenticated user is still prompted to log in via the browser.--keylessor--appprints manual setup guidance instead of silently generating dev keys (agents can't run interactive OAuth).Internal
keyless+manualSetupboolean pair is replaced by anInitStrategyunion ("keyless" | "manual" | "authenticate") so the post-scaffold dispatch is exhaustive.isAuthenticated,resolveProfile) is gated behind!optsKeylessso--keylessskips disk reads it doesn't need.KEYLESS_CTXconstant +mockBootstrapTo/mockExistingProject/mockMiddlewareScaffoldhelpers — collapses ~140 lines of repeated setup.Test plan
bun run formatcleanbun run lintcleanbun run typecheckcleanbun run test— 97/97 pass (47 ininit/index.test.ts)bun run buildsucceedsbun run build:compilesucceeds; compileddist/clerk init --helpshows--keylessflag and exampleclerk initin a fresh Next.js project with no credentials → should prompt browser loginclerk init --keylessin a fresh Next.js project → should generate dev keys without prompting loginclerk init --keylessin a Vue project → should exit with usage errorclerk init -yin a fresh Next.js project with no credentials → should still prompt browser login (not skip auth)