[Docs] API Auth panel UI overhaul

[madster456]

Updates the API Docs auth panel for a new look.

Summary by CodeRabbit

Release Notes

• New Features

  • Added project dropdown selector with automatic authentication setup
  • Introduced manual mode for direct header configuration
  • Added authentication status indicators

• Bug Fixes

  • Unified error handling across desktop and mobile views
  • Clearing the project selection now resets the selected project and clears authentication headers

• Style

  • Improved mobile interface with better spacing and safe-area accommodations
  • Refined panel layout and transition animations

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
stack-backend	Ready	Preview, Comment	Jan 20, 2026 7:12pm
stack-dashboard	Ready	Preview, Comment	Jan 20, 2026 7:12pm
stack-demo	Ready	Preview, Comment	Jan 20, 2026 7:12pm
stack-docs	Ready	Preview, Comment	Jan 20, 2026 7:12pm

[cmux-agent]

Preview Screenshots

Open Diff Heatmap

⏳ Preview screenshots are being captured...

Workspace and dev browser links will appear here once the preview environment is ready.

---

Generated by cmux preview system

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Adds deselection handling to project selection: clearing the selected project resets state and replaces auth headers with defaultHeaders; non-empty selections continue existing validation and header initialization (admin access type, project id, clearing admin tokens).

Changes

Cohort / File(s)	Summary
AuthPanel — project deselection handling docs/src/components/api/auth-panel.tsx	When project selection is emptied, the component now resets selectedProject, applies defaultHeaders to clear auth headers, and returns early. Existing flow for non-empty selections (validate project, set selected project, initialize headers including admin access type and project id, clear admin tokens) remains unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• [Docs][API] - Updates our Docs to allow for project selection on api pages #1058: Modifies docs/src/components/api/auth-panel.tsx around project-selection and header-handling; closely related to deselection/reset logic.
• [Docs] API Auth panel UI overhaul #1080: Refactors project dropdown and header population in the same file; likely overlaps with project-selection/header behavior.

Suggested reviewers

• N2D4

Poem

🐰 A click and the project slips away,
I tidy the headers, clear out the fray.
Default lines hum, tokens retreat,
Selection reset — the panel’s neat.
A tiny hop for tidy display. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check	❓ Inconclusive	The description is minimal and lacks technical details. While it includes screenshots and follows the template structure, it provides no explanation of what changed, why, or how the new implementation works.	Add a summary of key changes (new project dropdown, mode switching, visibility changes) and explain the reasoning behind the refactor to help reviewers understand the scope and impact.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: a UI overhaul of the API Auth panel component with substantial refactoring.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

Redesigned the API authentication panel with a modern UI overhaul that replaces the native dropdown with a custom Popover-based project selector and introduces a tabbed interface to toggle between project selection and manual entry modes.

Major changes:

• Replaced native <select> dropdown with custom ProjectDropdown component using Radix UI Popover
• Added tabbed interface with "Select Project" and "Manual" modes (when projects are available)
• Removed homepage scroll detection logic and simplified positioning
• Changed desktop panel from fixed full-height to absolute positioned with rounded corners and shadow
• Improved mobile experience with safe-area insets for notched devices
• Removed field-level "required" badges and error pulsing animations in favor of cleaner layout
• Removed hideWhenProjectSelected and isSensitive field properties (now all fields shown in manual mode)
• Streamlined status footer to show simple "Ready" / "Not configured" state

Confidence Score: 4/5

• Safe to merge - purely UI changes with no security or logic risks
• This is a UI-focused refactor with improved user experience. The functionality remains the same (project selection and manual header configuration). No security vulnerabilities introduced, all event handlers are properly typed, and the code follows React best practices. Existing state management and authentication logic is preserved.
• No files require special attention

Important Files Changed

Filename	Overview
docs/src/components/api/auth-panel.tsx	UI overhaul replacing native select with custom Popover dropdown, simplified layout with cleaner styling and improved mobile support

Sequence Diagram

sequenceDiagram
    participant User
    participant AuthPanel
    participant ProjectDropdown
    participant Popover
    participant APIContext

    User->>AuthPanel: Open auth panel
    AuthPanel->>AuthPanel: Check canUseProjectMode
    alt Has projects
        AuthPanel->>AuthPanel: Set authMode to 'project'
        AuthPanel->>ProjectDropdown: Render dropdown
        User->>ProjectDropdown: Click dropdown trigger
        ProjectDropdown->>Popover: Open popover
        Popover-->>User: Display project list
        User->>ProjectDropdown: Select project
        ProjectDropdown->>AuthPanel: onSelect(projectId)
        AuthPanel->>AuthPanel: handleProjectSelect()
        AuthPanel->>AuthPanel: Update headers with project info
        AuthPanel->>APIContext: updateSharedHeaders()
        AuthPanel->>AuthPanel: Trigger useEffect
        AuthPanel->>User: getAuthJson()
        User-->>AuthPanel: Return admin access token
        AuthPanel->>APIContext: updateSharedHeaders() with token
        APIContext-->>User: Ready to make API requests
    else No projects
        AuthPanel->>AuthPanel: Set authMode to 'manual'
        User->>AuthPanel: Input headers manually
        AuthPanel->>APIContext: updateSharedHeaders()
    end
    
    User->>AuthPanel: Toggle between modes
    AuthPanel->>AuthPanel: setAuthMode('project' | 'manual')

Loading

[greptile-apps]

Greptile's behavior is changing!

From now on, if a review finishes with no comments, we will not post an additional "statistics" comment to confirm that our review found nothing to comment on. However, you can confirm that we reviewed your changes in the status check section.

_{This feature can be toggled off in your Code Review Settings by deselecting "Create a status check for each PR".}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

docs/src/components/api/auth-panel.tsx (2)

24-31: Remove unused type fields.

The hideWhenProjectSelected and isSensitive fields in StackAuthHeaderField are no longer used anywhere in the code after the refactor. Consider removing them to keep the type definition clean.

🔎 Proposed cleanup

 type StackAuthHeaderField = {
   key: StackAuthHeaderKey,
   label: string,
   placeholder: string,
   required: boolean,
-  hideWhenProjectSelected?: boolean,
-  isSensitive?: boolean,
 };

---

172-189: Consider adding loading state or using runAsynchronouslyWithAlert for better UX.

When a project is selected, the admin access token is fetched asynchronously. During this time, the UI displays "Ready to make requests" (line 300), but the token might not be populated yet. If the fetch is slow or fails, users could attempt requests without valid authentication.

Consider either:

1. Adding a loading state to indicate token fetching is in progress
2. Using runAsynchronouslyWithAlert instead of runAsynchronously to show alerts on token fetch failures

Based on learnings, the codebase prefers runAsynchronouslyWithAlert from @stackframe/stack-shared/dist/utils/promises for operations where users should be notified of failures.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e6998cc and 8517f81.

📒 Files selected for processing (1)

• docs/src/components/api/auth-panel.tsx

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Always add new E2E tests when changing the API or SDK interface
For blocking alerts and errors, never use toast; use alerts instead as they are less easily missed by the user
NEVER try-catch-all, NEVER void a promise, and NEVER .catch(console.error); use loading indicators and async callbacks instead, or use runAsynchronously/runAsynchronouslyWithAlert for error handling
Use ES6 maps instead of records wherever you can

Files:

• docs/src/components/api/auth-panel.tsx

**/*.{ts,tsx,css}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,css}: Keep hover/click transitions snappy and fast; avoid fade-in delays on hover. Apply transitions after action completion instead, like smooth fade-out when hover ends
Use hover-exit transitions instead of hover-enter transitions; for example, use 'transition-colors hover:transition-none' instead of fade-in on hover

Files:

• docs/src/components/api/auth-panel.tsx

{.env*,**/*.{ts,tsx,js}}

📄 CodeRabbit inference engine (AGENTS.md)

Prefix environment variables with STACK_ (or NEXT_PUBLIC_STACK_ if public) so changes are picked up by Turborepo and improves readability

Files:

• docs/src/components/api/auth-panel.tsx

🧠 Learnings (1)

📚 Learning: 2025-10-11T04:13:19.308Z

Learnt from: N2D4
Repo: stack-auth/stack-auth PR: 943
File: examples/convex/app/action/page.tsx:23-28
Timestamp: 2025-10-11T04:13:19.308Z
Learning: In the stack-auth codebase, use `runAsynchronouslyWithAlert` from `stackframe/stack-shared/dist/utils/promises` for async button click handlers and form submissions instead of manual try/catch blocks. This utility automatically handles errors and shows alerts to users.

Applied to files:

• docs/src/components/api/auth-panel.tsx

🧬 Code graph analysis (1)

docs/src/components/api/auth-panel.tsx (1)

docs/src/components/icons.tsx (1)

• ChevronDown (67-69)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)

• GitHub Check: Vercel Agent Review
• GitHub Check: E2E Tests (Node 22.x, Freestyle mock)
• GitHub Check: E2E Tests (Node 22.x, Freestyle prod)
• GitHub Check: setup-tests-with-custom-base-port
• GitHub Check: lint_and_build (latest)
• GitHub Check: build (22.x)
• GitHub Check: docker
• GitHub Check: restart-dev-and-test-with-custom-base-port
• GitHub Check: setup-tests
• GitHub Check: all-good
• GitHub Check: restart-dev-and-test
• GitHub Check: check_prisma_migrations (22.x)
• GitHub Check: build (22.x)

🔇 Additional comments (4)

docs/src/components/api/auth-panel.tsx (4)

48-120: LGTM! Clean implementation of project selection.

The ProjectDropdown component is well-structured with proper accessibility (button roles, keyboard navigation through Popover), clean state management, and smooth transitions. The inclusion of a "clear selection" option improves UX.

---

196-215: LGTM! Solid project selection logic with defensive validation.

The handler properly validates that the selected project exists before processing, clearly documents the coordination with the token-fetching effect (line 208 comment), and appropriately clears headers that aren't needed for admin authentication.

---

225-357: LGTM! Desktop UI implementation is polished and follows guidelines.

The desktop panel uses proper absolute positioning, smooth transitions (duration-300 ease-out), and follows the codebase's hover-exit transition pattern. The mode toggle, error display, and status indicator provide clear user feedback. The conditional rendering based on canUseProjectMode handles both authenticated and unauthenticated states elegantly.

---

360-495: LGTM! Excellent mobile implementation with proper safe-area handling.

The mobile UI thoughtfully adapts the desktop design with appropriate typography scaling (text-base), improved touch targets, and—importantly—proper safe-area handling for notched devices using env(safe-area-inset-top) and env(safe-area-inset-bottom). The structural consistency with the desktop version aids maintainability while the mobile-specific adjustments (Done button, larger spacing) improve the mobile experience.