feat(backend): Add TypeDoc comments to OAuth Application endpoints

[SarahSoutoul]

Description

What does this solve?

Linear: https://linear.app/clerk/issue/DOCS-10504/document-oauth-applications-js-backend-sdk-endpoints

Currently, the clerk docs don't have any information around the OAuth applications JS Backend SDK endpoints. This PR adds documentation for the backend OAuthApplication object type. This PR works in conjunction with this one here: clerk/clerk-docs#2447.

Used the following links for information:

• https://github.com/clerk/javascript/blob/main/packages/backend/src/api/endpoints/OAuthApplicationsApi.ts
• https://clerk.com/docs/reference/backend-api/tag/oauth-applications/get/oauth_applications
• https://github.com/clerk/javascript/blob/main/packages/backend/src/api/resources/OAuthApplication.ts

What changed?

• Added JSdoc comments to the Backend OAuthApplication object type to be used in clerk-docs
• Added new properties that appear in the BAPI docs
• Updated the OAuthApplicationJSON with new properties

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features

  • OAuth applications include new metadata: client website URL and client image.
  • New flags available: dynamically-registered, consent-screen-enabled, and PKCE-required.
  • These fields are returned in API payloads and can be surfaced in UI views.

• Chores

  • Added changeset entries for a minor release.

[changeset-bot]

🦋 Changeset detected

Latest commit: 3ad2bf7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages

Name	Type
@clerk/backend	Minor
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/remix	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Aug 25, 2025 10:36pm

[coderabbitai]

Walkthrough

Adds five new OAuth application fields to the backend SDK: JSON contract gains client_uri, client_image_url, dynamically_registered, consent_screen_enabled, and pkce_required. The OAuthApplication class gains corresponding readonly properties and fromJSON is updated to map these fields into the constructor.

Changes

Cohort / File(s)	Change summary
JSON interface packages/backend/src/api/resources/JSON.ts	Added `client_uri: string
OAuthApplication model packages/backend/src/api/resources/OAuthApplication.ts	Constructor extended with readonly properties clientUri, clientImageUrl, dynamicallyRegistered, consentScreenEnabled, pkceRequired; fromJSON updated to pass new JSON fields into constructor. Added class doc comment.
Changeset .changeset/small-moments-find.md, .changeset/blue-comics-kneel.md	Added new changeset files (non-functional metadata).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Document OAuth applications js backend sdk endpoints (DOCS-10504)	❌	Only code/type changes were made; no documentation updates for SDK endpoints were included.

Assessment against linked issues: Out-of-scope changes

Code Change	Explanation
Added new properties to OAuthApplicationJSON (client_uri, client_image_url, dynamically_registered, consent_screen_enabled, pkce_required) (packages/backend/src/api/resources/JSON.ts)	The linked issue requests documentation; adding schema fields does not fulfill the documentation objective.
Extended OAuthApplication constructor and updated fromJSON to include the new fields (packages/backend/src/api/resources/OAuthApplication.ts)	These model/runtime additions implement new fields rather than addressing the documentation task in the linked issue.

"I nibble lines of JSON bright,
New fields like carrots tucked in tight.
client_uri and pkce dance,
consent and images take a chance.
— 🐇"

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ss/DOCS-10504

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

packages/backend/src/api/resources/OAuthApplication.ts (1)

90-90: Add explicit return type to public static factory

Project guidelines require explicit return types for public APIs.

-static fromJSON(data: OAuthApplicationJSON) {
+static fromJSON(data: OAuthApplicationJSON): OAuthApplication {

🧹 Nitpick comments (6)

packages/backend/src/api/resources/JSON.ts (1)

323-327: Add TSDoc for the newly added OAuthApplicationJSON fields

These types are exported and part of the public API surface. Adding brief comments will improve generated docs and keep parity with the class docs added in OAuthApplication.ts.

Apply something along these lines:

   client_id: string;
-  client_uri: string | null;
-  client_image_url: string | null;
-  dynamically_registered: boolean;
-  consent_screen_enabled: boolean;
-  pkce_required: boolean;
+  /** The public-facing URL of the OAuth application, often shown on consent screens. */
+  client_uri: string | null;
+  /** URL to the application's icon/logo. */
+  client_image_url: string | null;
+  /** Whether this application was created via dynamic client registration (RFC 7591). */
+  dynamically_registered: boolean;
+  /** Whether a consent screen is shown in the auth flow. Cannot be disabled for dynamically registered apps. */
+  consent_screen_enabled: boolean;
+  /** Whether PKCE is required for this application. */
+  pkce_required: boolean;

packages/backend/src/api/resources/OAuthApplication.ts (5)

3-5: Good addition of the class-level docs

Nice, concise overview. Consider linking to the BAPI reference for discoverability.

Example tweak:

 /**
- * The Backend `OAuthApplication` object holds information about an OAuth application.
+ * The Backend `OAuthApplication` object holds information about an OAuth application.
+ * See: https://clerk.com/docs/reference/backend-api/tag/oauth-applications
 */

---

16-18: Remove “new” from property descriptions

These properties describe an OAuth application resource in any state, not just right after creation. The “new” qualifier is misleading.

- * The name of the new OAuth application.
+ * The name of the OAuth application.
@@
- * Scopes for the new OAuth application.
+ * Scopes configured for the OAuth application.
@@
- * An array of redirect URIs of the new OAuth application.
+ * The list of redirect URIs configured for the OAuth application.

Also applies to: 48-51, 52-55

---

44-47: Clarify relationship between public clients and PKCE

The current text suggests PKCE can be used if the client is public, which is true but underspecified given the new pkceRequired flag. Tighten the language to avoid confusion.

- * Indicates whether the client is public. If true, the Proof Key of Code Exchange (PKCE) flow can be used.
+ * Indicates whether the client is public (cannot safely keep a client secret).
+ * Public clients must use PKCE; confidential clients may also use PKCE.

---

96-101: Defensive defaults for newly added fields (back-compat with older backends)

If any existing installations don’t yet return these properties, the runtime values would be undefined. Default them to safe values.

-      data.client_uri,
-      data.client_image_url,
-      data.dynamically_registered,
-      data.consent_screen_enabled,
-      data.pkce_required,
+      data.client_uri ?? null,
+      data.client_image_url ?? null,
+      data.dynamically_registered ?? false,
+      data.consent_screen_enabled ?? false,
+      data.pkce_required ?? false,

If the BAPI guarantees they’re always present, keeping the current mapping is fine. Otherwise, these defaults prevent undefined from leaking into the public API at runtime.

---

90-113: Add unit tests for JSON mapping of new fields

No tests in this PR. Add a test that feeds an OAuthApplicationJSON with the new fields and asserts the resulting instance properties, plus a test where the new fields are omitted (if you adopt defensive defaults).

I can scaffold a Jest test like:

• constructs a minimal OAuthApplicationJSON,
• calls OAuthApplication.fromJSON,
• asserts clientUri/clientImageUrl/dynamicallyRegistered/consentScreenEnabled/pkceRequired mapping.
  Would you like me to draft it?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8e66e73 and c65c5d1.

📒 Files selected for processing (2)

• packages/backend/src/api/resources/JSON.ts (1 hunks)
• packages/backend/src/api/resources/OAuthApplication.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/OAuthApplication.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/OAuthApplication.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/OAuthApplication.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/OAuthApplication.ts

**/*.{ts,tsx}

📄 CodeRabbit Inference Engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/OAuthApplication.ts

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit Inference Engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/OAuthApplication.ts

**/*

⚙️ CodeRabbit Configuration File

If there are no tests added or modified as part of the PR, please suggest that tests be added to cover the changes.

Files:

• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/OAuthApplication.ts

🧬 Code Graph Analysis (1)

packages/backend/src/api/resources/OAuthApplication.ts (1)

packages/backend/src/index.ts (1)

• OAuthApplication (132-132)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (3)

packages/backend/src/api/resources/JSON.ts (1)

323-329: Confirm backend guarantees for new booleans to avoid runtime undefined

The interface marks the new flags as required booleans. If any older environments omit them, runtime values can be undefined despite the TS type. Ensure the Backend API always returns these fields; otherwise consider defaulting in the consumer (see fromJSON suggestion) or marking them optional here.

Would you like a follow-up PR to align either JSON defaults or consumer defaults based on the BAPI guarantee?

packages/backend/src/api/resources/OAuthApplication.ts (2)

7-88: No external instantiations – constructor only used internally
Verified that new OAuthApplication(…) is only called inside the class’s own fromJSON method and nowhere else in the codebase. Since there are no external call sites, this change to the positional parameters cannot break consumer code.

---

7-88: No change needed: keep bare readonly per existing convention.

We inspected the repository and found that backend resource classes consistently use constructor parameter properties without an explicit public modifier. The brief instances of public readonly are confined to the clerk-js package, not the backend API resources. To stay aligned with local style, leave the constructor parameters as-is.

[alexisintech]

seems correct to me! great job :)

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6378

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6378

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6378

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6378

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6378

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6378

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6378

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6378

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6378

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6378

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6378

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6378

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6378

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6378

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6378

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6378

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6378

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6378

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6378

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6378

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6378

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6378

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6378

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6378

commit: 3ad2bf7

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c65c5d1 and 29249ae.

📒 Files selected for processing (2)

• .changeset/small-moments-find.md (1 hunks)
• packages/backend/src/api/resources/JSON.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/backend/src/api/resources/JSON.ts

🧰 Additional context used

📓 Path-based instructions (1)

.changeset/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Automated releases must use Changesets.

Files:

• .changeset/small-moments-find.md

🪛 LanguageTool

.changeset/small-moments-find.md

[grammar] ~1-~1: Hier könnte ein Fehler sein.
Context: --- ---

(QB_NEW_DE)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Build Packages
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Empty changeset frontmatter — specify package(s) and bump type, or CI/release will fail

This file contains only two --- lines with no package bump metadata or description. Changesets require a YAML frontmatter block mapping package names to semver bump types, followed by a description. Given the PR adds new OAuthApplication fields (public surface) and TypeDoc, this likely warrants a minor bump for the backend SDK. Please fill this out (or remove the file if no release is intended).

Suggested content (verify package names and bump types before committing):

---- 
----
+---
+  '@clerk/backend': minor
+---
+
+feat(backend): Add TypeDoc to OAuthApplication and surface new fields
+
+- JSON: client_uri, client_image_url, dynamically_registered, consent_screen_enabled, pkce_required
+- Class: clientUri, clientImageUrl, dynamicallyRegistered, consentScreenEnabled, pkceRequired

If additional published packages are affected, list them in the same frontmatter block with their respective bump types.

Run this script to verify the correct package name(s) and decide bump levels based on changed files:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# List changed files against main (adjust base if needed)
BASE_REF=${BASE_REF:-origin/main}
git fetch -q origin || true
CHANGED_FILES=$(git diff --name-only "${BASE_REF}"...HEAD)

echo "Changed files:"
printf "%s\n" "${CHANGED_FILES}"

echo
echo "Resolving impacted package roots and names:"
echo "${CHANGED_FILES}" | while read -r f; do
  # Walk up to find nearest package.json
  dir="$(dirname "$f")"
  while [[ "$dir" != "." && "$dir" != "/" ]]; do
    if [[ -f "$dir/package.json" ]]; then
      echo "$dir/package.json"
      break
    fi
    dir="$(dirname "$dir")"
  done
done | sort -u | while read -r pkgjson; do
  name=$(jq -r '.name' "$pkgjson" 2>/dev/null || echo null)
  private=$(jq -r '.private // false' "$pkgjson" 2>/dev/null || echo false)
  echo "• $(dirname "$pkgjson") — name: $name — private: $private"
done

echo
echo "Tip:"
echo "- Use 'minor' if you surfaced new public fields/types; 'patch' if purely docs/internal."

Length of output: 3324

---

Specify the changeset frontmatter for @clerk/backend

Your .changeset/small-moments-find.md is currently empty, which will cause CI/release to fail. Since your PR adds new public fields/types to the backend SDK, you should apply a minor bump to @clerk/backend. Please update the file to include:

---
-  
+
+---
+  '@clerk/backend': minor
+---
+
+feat(backend): add TypeDoc & expose new OAuthApplication fields
+
+- JSON: client_uri, client_image_url, dynamically_registered, consent_screen_enabled, pkce_required  
+- Class: clientUri, clientImageUrl, dynamicallyRegistered, consentScreenEnabled, pkceRequired

• File needing update:

• .changeset/small-moments-find.md

Tag the correct package and bump type to ensure the release goes out smoothly.

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 LanguageTool

[grammar] ~1-~1: Hier könnte ein Fehler sein.
Context: --- ---

(QB_NEW_DE)

🤖 Prompt for AI Agents

In .changeset/small-moments-find.md around lines 1 to 2, the file is empty and
missing the required changeset frontmatter; add a valid changeset YAML block
that lists the package @clerk/backend and sets the bump type to "minor" (and
include a short summary message), ensuring the file begins and ends with --- and
contains the package name and "minor" bump so CI/release will succeed.

[tmilewski]

I think the additions in api/resources/JSON.ts are worthy of a changeset.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.changeset/blue-comics-kneel.md (1)

1-6: Empty Changeset Body Detected

The file .changeset/old-dolls-smell.md contains only the frontmatter delimiters and no descriptive content. This will break the release pipeline.

• Problematic file:
.changeset/old-dolls-smell.md

---
---

• Required fix:

• Add meaningful change description below the second ---, for example:

  ---
  '@clerk/some-package': patch
  ---
  
  Describe the change introduced by this release here.

• Or, if this changeset is not needed, delete the file.

Please update or remove .changeset/old-dolls-smell.md before merging.

🧹 Nitpick comments (1)

.changeset/blue-comics-kneel.md (1)

5-5: Strengthen the release note to enumerate added fields and doc updates.

Being explicit here helps downstream readers and release notes consumers. Suggest expanding the description.

Apply this diff to make the intent crystal clear:

-Add missing properties to OAuthApplicationJSON
+Expose new OAuthApplication fields and docs.
+
+Adds the following properties to OAuthApplicationJSON and surfaces them on OAuthApplication:
+- client_uri
+- client_image_url
+- dynamically_registered
+- consent_screen_enabled
+- pkce_required
+
+Also adds TypeDoc to OAuthApplication and updates fromJSON mappings.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 29249ae and 3ad2bf7.

⛔ Files ignored due to path filters (1)

• .typedoc/__tests__/__snapshots__/file-structure.test.ts.snap is excluded by !**/*.snap

📒 Files selected for processing (1)

• .changeset/blue-comics-kneel.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.changeset/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Automated releases must use Changesets.

Files:

• .changeset/blue-comics-kneel.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: pr-title-lint
• GitHub Check: Integration Tests (nextjs, chrome, 14)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (generic, chrome)

🔇 Additional comments (2)

.changeset/blue-comics-kneel.md (2)

1-3: Changeset frontmatter looks valid; minor bump is reasonable.

This adheres to our release process under .changeset/** and a minor version makes sense for adding new, non-breaking fields and documentation to the backend SDK.

---

2-2: Confirm semver classification for added TS fields

I ran a repository-wide search for common break-risk patterns but found no matches; however, absence of evidence isn’t evidence of absence. Please manually verify that our TypeScript compatibility policy permits adding required properties to a public interface before classifying this as a minor bump.

• No object-literal assignments of OAuthApplicationJSON were found (e.g. const x: OAuthApplicationJSON = { … }).
• No external calls to new OAuthApplication(…) outside of packages/backend were detected.
• No explicit semver/TS-compatibility guidance was located in README.md or docs/.

Next steps:

1. Review our TS compatibility policy on additive interface fields—if required properties are considered breaking, either make the new fields optional or bump to a major release.
2. If the policy does treat these changes as non-breaking, the minor bump is acceptable; otherwise update the changeset to a major version.