chore(repo): Typedoc: Handle <code> injection in function signatures

[alexisintech]

Description

In this PR, the Simplify type was introduced to wrap the type for VerifyTokenOptions, causing the docs for the verifyToken() to change

Before that PR:

Screen.Recording.2025-10-16.at.14.52.55.mov

After that PR:

Screen.Recording.2025-10-16.at.14.59.10.mov

The function signature incorrectly had <code> in the codeblock.

This PR updates our typedoc theme to disallow the injection of a <code> in function signatures, as function signatures are already output into codeblocks.

Changes regarding this PR:

Screen.Recording.2025-10-16.at.14.51.33.mov

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Documentation
  • Improved rendering of generated API docs: function signatures now display parameter and type information without extraneous code-wrapping, while non-signature types keep consistent code formatting for clearer reading.
• Chores
  • Removed/streamlined some in-source documentation comments to simplify developer-facing docs; no runtime behavior changes.

[changeset-bot]

🦋 Changeset detected

Latest commit: bdd332e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Oct 24, 2025 6:50pm

[coderabbitai]

Walkthrough

Adds an internal _insideFunctionSignature flag and a new reflectionType(model) partial to .typedoc/custom-theme.mjs to control whether types are wrapped in <code> within function signatures. Removes the JSDoc documentation block from packages/backend/src/tokens/verify.ts. Adds a new changeset file.

Changes

Cohort / File(s)	Summary
TypeDoc Theme Rendering .typedoc/custom-theme.mjs	Added _insideFunctionSignature field on ClerkMarkdownThemeContext. Updated constructor, signatureTitle flow, and several partials (declarationType, unionType, arrayType, functionType) to toggle/observe the flag. Added new public partial reflectionType(model) that strips backticks and <code> tags and conditionally wraps output only when not inside a function signature.
Documentation Cleanup packages/backend/src/tokens/verify.ts	Removed JSDoc block documentation from the verifyToken function (including @paramExtension and environment-variable guidance). No runtime or type-signature changes.
Changeset .changeset/silly-jars-shave.md	Added a new changeset placeholder file. No functional changes.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Renderer as Theme Renderer
    participant Context as ClerkMarkdownThemeContext
    participant Partial as reflectionType / other partials
    participant Output as HTML

    Renderer->>Context: render signatureTitle(...)
    Note right of Context #E8F6FF: Context sets\n_insideFunctionSignature=true\nwhen rendering params/types
    Context->>Partial: render type model
    alt flag = true (inside signature)
        Partial->>Partial: strip backticks & remove <code>
        Partial-->>Context: unwrapped type string
    else flag = false (outside signature)
        Partial->>Partial: strip backticks & ensure single <code> wrapper
        Partial-->>Context: wrapped `<code>` type string
    end
    Context-->>Renderer: composed signature HTML
    Renderer->>Output: emit final HTML

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nudged the tags and smoothed the line,

Kept types snug where signatures shine,
Stripped stray backticks, wrapped just right,
A tidy hop through theme and byte,
Small changes bloom beneath moonlight.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The PR title "chore(repo): Typedoc: Handle injection in function signatures" directly aligns with the primary objective and main change in the pull request. The core modification is in .typedoc/custom-theme.mjs, which implements an _insideFunctionSignature flag and guard logic across multiple partials to prevent unnecessary <code> tag wrapping inside function signatures—exactly what the title describes. The title is concise, specific, and free of vague language; it clearly communicates the purpose of the change to someone scanning the repository history. The supporting changes (JSDoc removal and changeset addition) are secondary and complement the main theme-handling fix.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch aa/handle-simplify-types

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 160dc93 and 9e0261a.

📒 Files selected for processing (2)

• .typedoc/custom-theme.mjs (5 hunks)
• packages/backend/src/tokens/verify.ts (0 hunks)

💤 Files with no reviewable changes (1)

• packages/backend/src/tokens/verify.ts

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7010

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7010

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7010

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7010

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7010

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7010

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@7010

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@7010

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7010

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7010

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7010

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7010

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7010

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7010

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@7010

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7010

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@7010

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7010

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7010

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7010

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@7010

@clerk/types

npm i https://pkg.pr.new/@clerk/types@7010

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7010

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7010

commit: bdd332e

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.typedoc/custom-theme.mjs (3)

47-48: Consider adding JSDoc documentation for the internal flag.

The _insideFunctionSignature flag is central to preventing <code> injection, but lacks documentation explaining its purpose and usage pattern.

Consider adding a comment like:

+    /**
+     * Internal flag to track when rendering types inside a function signature context.
+     * When true, type partials should return unwrapped output to avoid nested code blocks.
+     * @private
+     */
     this._insideFunctionSignature = false;

---

148-158: The save/restore pattern correctly addresses the past review concern.

The implementation now saves and restores _insideFunctionSignature around both signatureParameters and someType calls, which correctly handles nested function signatures (e.g., callbacks or higher-order returns).

Optional improvements:

1. For robustness, consider try-finally to ensure flag restoration even if an error occurs:

  const prevInsideParams = this._insideFunctionSignature;
- this._insideFunctionSignature = true;
- md.push(this.partials.signatureParameters(model.parameters || []));
- this._insideFunctionSignature = prevInsideParams;
+ try {
+   this._insideFunctionSignature = true;
+   md.push(this.partials.signatureParameters(model.parameters || []));
+ } finally {
+   this._insideFunctionSignature = prevInsideParams;
+ }

2. Minor nitpick: prevInsideParams and prevInsideType both save the same flag in a non-overlapping sequence. A consistent name like prev might be clearer.

---

148-158: Coverage is complete for all overridden partials.

The custom theme overrides exactly 5 type partials that wrap types in <code> tags: declarationType, unionType, functionType, arrayType, and reflectionType. All 5 have the guard pattern, plus 2 additional occurrences in signatureTitle, for a total of 7 guards. Other type partials like intersectionType, tupleType, typeOperatorType, etc., are not overridden, so they use the default typedoc-plugin-markdown implementations and don't need guards in this theme.

The code duplication concern remains valid—the save/restore pattern appears 7 times across the file. The suggested helper extraction would improve maintainability and reduce duplication.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9e0261a and 385adaa.

📒 Files selected for processing (1)

• .typedoc/custom-theme.mjs (6 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Build Packages
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (3)

.typedoc/custom-theme.mjs (3)

355-359: LGTM! Conditional wrapping prevents double code blocks.

The guard correctly returns unwrapped output when inside a function signature, preventing the <code> injection issue.

---

378-382: LGTM! Consistent guard pattern across all modified type partials.

The conditional wrapping is correctly applied to unionType, functionType, and arrayType, maintaining consistency with the fix.

Also applies to: 406-410, 509-515

---

516-536: LGTM! New reflectionType partial correctly handles wrapped types like Simplify.

This addition directly addresses the issue from PR #6993 where Simplify<VerifyTokenOptions> was causing <code> injection. The implementation correctly follows the established pattern.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 385adaa and bdd332e.

📒 Files selected for processing (1)

• .changeset/silly-jars-shave.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.changeset/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Automated releases must use Changesets.

Files:

• .changeset/silly-jars-shave.md

🪛 LanguageTool

.changeset/silly-jars-shave.md

[grammar] ~1-~1: Hier könnte ein Fehler sein.
Context: --- ---

(QB_NEW_DE)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Changeset file is incomplete and missing required content.

The changeset file contains only the frontmatter delimiters (---) but lacks the package bump entries and change summary. This will fail Changesets processing.

According to the Changesets format, the file should contain:

• Inside the frontmatter: one or more package entries with their bump types (e.g., "@clerk/backend": patch)
• After the frontmatter: a human-readable summary of the changes

Expected format:

---
"@clerk/backend": patch
---

Fix Typedoc rendering of <code> tags in function signatures

Please update the changeset file with the appropriate package name(s) and bump type based on which packages were modified in this PR.

🧰 Tools

🪛 LanguageTool

[grammar] ~1-~1: Hier könnte ein Fehler sein.
Context: --- ---

(QB_NEW_DE)

🤖 Prompt for AI Agents

In .changeset/silly-jars-shave.md around lines 1 to 2 the file only contains
frontmatter delimiters and is missing required package bump entries and a
human-readable summary; update the file by adding one or more package entries
with their bump types inside the frontmatter (e.g., "@clerk/backend": patch) and
then add a short summary of the change after the closing --- delimiter, choosing
the correct package names and bump levels that correspond to the packages
modified in this PR.