feat(clerk): expand Clerk integration with org, membership, moderation, and security tools#5364
Conversation
…n, and security tools - fix 4 validate-integration warnings: missing .trim() on org/session IDs, incomplete session-status dropdown, missing list_users/list_organizations filter subBlocks - add organization update/delete tools - add organization membership CRUD (list, add, update role, remove) - add organization invitation create/list - add user ban/unban/lock/unlock and OAuth access token retrieval - add allowlist/blocklist identifier management - add JWT template list/get - add actor token create/revoke (impersonation) - add matching webhook triggers for session ended/removed/revoked, organization updated/deleted, and membership updated/deleted - wire all 23 new tools into the block, tool registry, and trigger registry
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryHigh Risk Overview 23 new workflow tools cover org update/delete; membership list/add/update/remove; org invitations; user ban/unban/lock/unlock; OAuth access tokens per provider; allowlist/blocklist identifiers; JWT template list/get; and actor token create/revoke (impersonation). Each is registered in Seven new webhook triggers react to session ended/removed/revoked, organization updated/deleted, and membership updated/deleted, wired through Polish on existing paths: Reviewed by Cursor Bugbot for commit 7016ad8. Configure here. |
Greptile SummaryThis PR significantly expands the Clerk integration by adding 23 new tools (organization CRUD, membership management, invitations, user moderation, allowlist/blocklist, JWT templates, and actor tokens) alongside 8 new webhook triggers and the corresponding UI wiring in the block definition.
Confidence Score: 5/5Safe to merge; all new tools follow established patterns, the registry and block wiring are consistent, and the response-parsing decisions are backed by the Clerk OpenAPI spec. Every new tool, trigger, and block entry is self-contained and follows the existing Clerk integration patterns. The response-parsing choices were verified against the live Clerk API per the PR description and the previous review thread. The one flagged item — a shared placeholder that is misleading for the invitation email field — is a documentation nit that won't silently corrupt data. apps/sim/blocks/blocks/clerk.ts — the shared emailAddress subBlock placeholder text Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
UI[Block UI\noperation dropdown] -->|params mapping switch| Mapper[clerk.ts\nparams config]
Mapper -->|cleanParams| ToolRegistry[tools/registry.ts]
ToolRegistry --> T1[User Moderation\nban/unban/lock/unlock]
ToolRegistry --> T2[Org CRUD\nupdate/delete]
ToolRegistry --> T3[Membership CRUD\nlist/add/update/remove]
ToolRegistry --> T4[Invitations\ncreate/list]
ToolRegistry --> T5[Allow/Blocklist\nlist/create/delete]
ToolRegistry --> T6[JWT Templates\nlist/get]
ToolRegistry --> T7[Actor Tokens\ncreate/revoke]
ToolRegistry --> T8[OAuth Token\nget]
T1 & T2 & T3 & T4 & T5 & T6 & T7 & T8 -->|HTTP| ClerkBAPI[Clerk Backend API\napi.clerk.com/v1]
WebhookIn[Clerk Webhook\nPOST] --> TriggerRegistry[triggers/registry.ts]
TriggerRegistry --> Tr1[session.ended/removed/revoked]
TriggerRegistry --> Tr2[organization.updated/deleted]
TriggerRegistry --> Tr3[organizationMembership.updated/deleted]
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
UI[Block UI\noperation dropdown] -->|params mapping switch| Mapper[clerk.ts\nparams config]
Mapper -->|cleanParams| ToolRegistry[tools/registry.ts]
ToolRegistry --> T1[User Moderation\nban/unban/lock/unlock]
ToolRegistry --> T2[Org CRUD\nupdate/delete]
ToolRegistry --> T3[Membership CRUD\nlist/add/update/remove]
ToolRegistry --> T4[Invitations\ncreate/list]
ToolRegistry --> T5[Allow/Blocklist\nlist/create/delete]
ToolRegistry --> T6[JWT Templates\nlist/get]
ToolRegistry --> T7[Actor Tokens\ncreate/revoke]
ToolRegistry --> T8[OAuth Token\nget]
T1 & T2 & T3 & T4 & T5 & T6 & T7 & T8 -->|HTTP| ClerkBAPI[Clerk Backend API\napi.clerk.com/v1]
WebhookIn[Clerk Webhook\nPOST] --> TriggerRegistry[triggers/registry.ts]
TriggerRegistry --> Tr1[session.ended/removed/revoked]
TriggerRegistry --> Tr2[organization.updated/deleted]
TriggerRegistry --> Tr3[organizationMembership.updated/deleted]
Reviews (3): Last reviewed commit: "fix(clerk): I/O completeness fixes from ..." | Re-trigger Greptile |
|
@cursor review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 818b5f2. Configure here.
- remove dead limit/offset params from list_blocklist_identifiers (Clerk API accepts zero params on this endpoint, verified across 6 spec versions) - expose publicMetadata on OAuth access token output (was silently dropped) - expose inviter email/first/last name (public_inviter_data) on organization invitation create/list outputs - add missing orderBy param to list_organization_invitations
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 7016ad8. Configure here.
Summary
.trim()on organization/session ID params, an incomplete session-status dropdown (missing Removed/Replaced), and missing List Users/List Organizations filter subBlocks that the tools already supported but the UI didn't exposeproviderUserIdfield that would always resolve tonull, a missingclerk_create_organizationcondition on the metadata subBlocks, and several output-catalog completeness gaps including anexpiresAt/expireAtnaming mismatch for sessions)Type of Change
Testing
bun run lint, full-projecttsc --noEmit, andbun run check:api-validation:strictall pass cleanclerk.test.tswebhook provider suite passes (6/6)@clerk/backendSDK source across 4 independent verification passesChecklist