fix(clerk-js): Revert query filtering from fapiClient

[panteliselef]

Description

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Bug Fixes

  • Improved construction of request query parameters to more accurately reflect provided search options and better support multi-value parameters. Existing behavior for versioning, method overrides, and session handling remains unchanged.

• Chores

  • Added a changeset entry to document and track this update.

[changeset-bot]

🦋 Changeset detected

Latest commit: 3ac30a2

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Sep 19, 2025 4:36pm

[coderabbitai]

Walkthrough

Adds a changeset metadata file. Updates fapiClient to stop filtering undefined properties from the search object before building query params, constructing URLSearchParams directly and deferring value normalization. Other query-string augmentation logic remains unchanged.

Changes

Cohort / File(s)	Summary of Changes
Repo metadata \.changeset/blue-oranges-make.md	Added a file containing two lines with '---'. No code or API changes.
FAPI client query handling packages/clerk-js/src/core/fapiClient.ts	Removed pre-filtering of undefined properties from the search object. Now builds URLSearchParams directly and defers normalization (e.g., comma-delimited values to arrays). Other query augmentation logic (API/JS versions, rotating nonce, dev satellite domain handling, _method for non-GET, _clerk_session_id inclusion) unchanged.

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant fapiClient
  participant URLSearchParams as URLSearchParams
  participant Normalizer as Later Normalization

  Caller->>fapiClient: request(search)
  Note right of fapiClient: search may include undefined and comma-delimited values
  fapiClient->>URLSearchParams: construct directly from search
  URLSearchParams-->>fapiClient: query params
  Note over fapiClient: Augment query (API/JS versions, nonce, domain, _method, session id)
  fapiClient-->>Caller: prepared request with query
  Caller->>Normalizer: parse response/query values
  Note over Normalizer: Convert comma-delimited strings back to arrays

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I nibble at params in the twilight’s hush,
No more we pluck “undefined” in a rush—
Let commas parade, arrays later bloom,
While nonce and versions quietly zoom.
Two dashes in changeset, neat and slight—
A tidy hop forward, soft as night. 🥕🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "fix(clerk-js): Revert query filtering from fapiClient" succinctly and accurately describes the primary change in the diff—removing the search/query filtering behavior in packages/clerk-js/src/core/fapiClient.ts—and is clear and specific for repository history.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch elef/revert-search-param-filtering

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6817

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6817

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6817

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6817

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6817

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6817

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6817

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6817

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6817

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6817

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6817

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6817

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6817

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6817

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6817

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6817

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6817

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6817

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6817

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6817

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6817

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6817

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6817

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6817

commit: 3ac30a2

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 81e3d26 and 3ac30a2.

📒 Files selected for processing (2)

• .changeset/blue-oranges-make.md (1 hunks)
• packages/clerk-js/src/core/fapiClient.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/clerk-js/src/core/fapiClient.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/clerk-js/src/core/fapiClient.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/core/fapiClient.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/clerk-js/src/core/fapiClient.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/clerk-js/src/core/fapiClient.ts

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/clerk-js/src/core/fapiClient.ts

.changeset/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Automated releases must use Changesets.

Files:

• .changeset/blue-oranges-make.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (27)

• GitHub Check: Integration Tests (expo-web, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (tanstack-react-router, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 14)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (elements, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (quickstart, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Publish with pkg-pr-new
• GitHub Check: Static analysis
• GitHub Check: Unit Tests (18, --filter=@clerk/astro --filter=@clerk/backend --filter=@clerk/express --filter=@c...
• GitHub Check: Unit Tests (22, **)
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

[coderabbitai]

⚠️ Potential issue

Missing changeset content.

The changeset file is empty and should include package names and descriptions of changes.

A valid changeset should follow this format:

---
+"@clerk/clerk-js": patch
---
+
+Revert query filtering from fapiClient - no longer filter undefined properties before building query parameters.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	---
	---
	---
	"@clerk/clerk-js": patch
	---
	Revert query filtering from fapiClient - no longer filter undefined properties before building query parameters.

🤖 Prompt for AI Agents

In .changeset/blue-oranges-make.md around lines 1 to 2, the changeset file is
empty; replace the placeholder with a valid changeset YAML block that lists the
affected package(s) and a short summary of the change(s). Specifically, add the
top-level version bump type for each package (patch/minor/major) as keys and a
brief human-readable description under the body (wrap text as needed), following
the standard Changesets format: a header mapping package names to release types,
a divider line of "---", and then the description paragraph(s).

[coderabbitai]

⚠️ Potential issue

🧩 Analysis chain

Potential issue with undefined values in URLSearchParams.

The URLSearchParams constructor will stringify undefined values as "undefined" strings rather than omitting them, which could result in query parameters like ?param=undefined being sent to the API.

Run this script to check how undefined values are handled across the codebase:

Consider filtering undefined values before passing to URLSearchParams:

 function buildQueryString({ method, path, sessionId, search, rotatingTokenNonce }: FapiRequestInit): string {
-  const searchParams = new URLSearchParams(search as any);
+  // Filter out undefined values to prevent them from being stringified as "undefined"
+  const filteredSearch = search && typeof search === 'object' && !Array.isArray(search) 
+    ? Object.fromEntries(Object.entries(search).filter(([_, v]) => v !== undefined))
+    : search;
+  const searchParams = new URLSearchParams(filteredSearch as any);
   // the above will parse {key: ['val1','val2']} as key: 'val1,val2' and we need to recreate the array bellow

---

🏁 Script executed:

#!/bin/bash
# Description: Check how search parameters are constructed and used throughout the codebase

# Find places where search parameters are constructed or passed to fapiClient
rg -nP -C3 --type=ts --type=js 'search\s*:\s*[^,}]+' | head -20

# Look for undefined handling in query construction
ast-grep --pattern $'buildQueryString($_)'

# Check for any existing undefined filtering patterns
rg -nP 'undefined.*filter|filter.*undefined' --type=ts --type=js

Length of output: 2436

---

Filter out undefined search params before instantiating URLSearchParams
The URLSearchParams constructor stringifies undefined to "undefined", which will produce queries like ?param=undefined. In buildQueryString, add a step to remove undefined values before creating URLSearchParams:

 function buildQueryString({ search, ... }: FapiRequestInit): string {
-  const searchParams = new URLSearchParams(search as any);
+  const filteredSearch = Object.fromEntries(
+    Object.entries(search ?? {}).filter(([, v]) => v !== undefined)
+  );
+  const searchParams = new URLSearchParams(filteredSearch as any);
   // …recreate array values below…

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const searchParams = new URLSearchParams(search as any);
	// the above will parse {key: ['val1','val2']} as key: 'val1,val2' and we need to recreate the array bellow
	function buildQueryString({ search, ... }: FapiRequestInit): string {
	const filteredSearch = Object.fromEntries(
	Object.entries(search ?? {}).filter(([, v]) => v !== undefined)
	);
	const searchParams = new URLSearchParams(filteredSearch as any);
	// the above will parse {key: ['val1','val2']} as key: 'val1,val2' and we need to recreate the array bellow

🤖 Prompt for AI Agents

In packages/clerk-js/src/core/fapiClient.ts around lines 108-109, filter out
undefined values from the search object before creating URLSearchParams: iterate
keys of the search input, skip any key whose value is undefined, and for array
values create a new array with undefined entries removed (so arrays remain
arrays and not become "undefined" strings); then pass this cleaned object to new
URLSearchParams. Ensure you preserve non-array values and convert them to
strings only after removing undefined entries.

[panteliselef]

Closing in favour of #6819 as we decided to revert the previous PR all together.