Skip to content

feat: auto-claim keyless applications on login#157

Draft
rafa-thayto wants to merge 7 commits intomainfrom
rafa-thayto/auto-claim
Draft

feat: auto-claim keyless applications on login#157
rafa-thayto wants to merge 7 commits intomainfrom
rafa-thayto/auto-claim

Conversation

@rafa-thayto
Copy link
Copy Markdown
Contributor

@rafa-thayto rafa-thayto commented Apr 15, 2026

Summary

  • Add keyless application lifecycle (keyless.ts): create accountless apps via BAPI, write framework-specific keys to .env.local, manage .clerk/keyless.json claim token breadcrumb
  • Add autoclaim orchestrator (autoclaim.ts): after clerk auth login, detect keyless breadcrumb and automatically claim the application via PLAPI — never throws, returns discriminated union so login is never interrupted
  • Extract shared linkApp() from autolink.ts for reuse by both autolink (key detection) and autoclaim (keyless claim)
  • Add claimApplication() PLAPI endpoint (POST /v1/platform/accountless_applications/claim)
  • Integrate keyless setup into clerk init bootstrap when user skips auth
  • Integrate autoclaim into clerk auth login with contextual warnings and next-steps per failure mode
  • Truncate app name to 50 chars to match backend validation limit

How it works

  1. clerk init (skip auth) → creates accountless app, writes keys to .env.local, stores claim token in .clerk/keyless.json
  2. Developer builds their app using temporary dev keys
  3. clerk auth login → after OAuth, reads breadcrumb, calls claim endpoint, links app to account, clears breadcrumb
  4. Failure handling: transient errors (5xx) preserve breadcrumb for retry on next login; terminal errors (404/403) clear it

Test plan

  • 8 unit tests for autoclaim (all status paths, breadcrumb preservation strategy)
  • 15 unit tests for keyless (BAPI calls, env writing, breadcrumb I/O, token parsing)
  • Login tests pass with autoclaim mocked
  • Full test suite passes (65 tests)
  • Lint and format clean
  • Requires backend PLAPI claim endpoint to be deployed first (CLI gracefully no-ops if endpoint is unavailable)
  • E2E: clerk init -y → skip auth → verify .env.local and .clerk/keyless.json created → clerk auth login → verify app claimed and linked

@rafa-thayto
feat(errors): add AUTOCLAIM_FAILED error code
13cb5d5 
Add machine-readable error code for autoclaim failures, available
for agent mode and CI error classification.
@rafa-thayto
feat(plapi): add claimApplication endpoint
1e4cc0b 
Add PLAPI client function for POST /v1/platform/accountless_applications/claim.
Sends claim token and app name, returns the claimed Application.
@rafa-thayto
refactor(autolink): extract shared linkApp function
3166761 
Extract profile-building logic from autolink() into a reusable linkApp()
function. This allows both autolink (key detection) and autoclaim
(keyless claim) to share the same profile persistence code.
@rafa-thayto
feat(keyless): add keyless application lifecycle module
49db7d8 
Add keyless.ts for managing accountless Clerk applications:
- createAccountlessApp(): calls BAPI to create app with no auth
- writeKeysToEnvFile(): writes framework-specific keys to .env.local
- parseClaimToken(): extracts token from claim URL
- Breadcrumb I/O: read/write/clear .clerk/keyless.json

Includes 15 unit tests covering all functions and edge cases.
@rafa-thayto
feat(autoclaim): add autoclaim orchestrator
4ca7666 
Add autoclaim.ts that detects keyless projects and claims them
automatically after clerk auth login. Never throws — returns a
discriminated union (claimed|not_found|already_claimed|failed|not_keyless)
so the login flow is never interrupted.

Key behaviors:
- Truncates app name to 50 chars (backend limit)
- Transient errors (5xx) preserve breadcrumb for retry
- Terminal errors (404/403) clear breadcrumb

Includes 8 unit tests covering all status paths.
@rafa-thayto
feat(init): set up keyless app when user skips auth
67f9236 
When bootstrap mode skips authentication, create an accountless app
via BAPI, write keys to .env.local, and store the claim token in
.clerk/keyless.json for autoclaim on next login.

Also simplifies the keyless info message to promote the autoclaim
flow instead of requiring manual clerk link + env pull.
@rafa-thayto
feat(login): integrate autoclaim with contextual error messages
a56b83d 
Wire autoclaim into the login flow with improved UX:
- Specific warning messages per failure cause (expired token,
  missing org, transient error) instead of generic fallback
- Contextual next-steps based on claim result: manual link for
  terminal failures, retry guidance for transient errors
- Mock autoclaim in login tests to isolate from transitive deps
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rafa-thayto