docs: clarify PRE_SESSION_CREATION session paths and add invitation FAQ

[saif-at-scalekit]

What changed

auth-flow-interceptors.mdx

• Rewrote the "Modify claims in session tokens" intro to explicitly list all session paths covered by PRE_SESSION_CREATION: standard login, magic link/email OTP, invitation magic link (invitee first login), and org switch
• Added inline cross-reference to native custom scopes for scope-string use cases

add-users-to-organization.mdx

• Added "Common questions" section with a <details> FAQ block answering: does PRE_SESSION_CREATION fire on an invitee's first login? (Yes, no extra config)

Summary by CodeRabbit

• Documentation
  • Enhanced clarity on session token interceptor documentation with guidance on custom claims handling across multiple login paths including standard login, magic links, and organization switching.
  • Added FAQ section addressing interceptor behavior during first login scenarios.
  • Updated search engine indexing configuration for documentation pages.

[coderabbitai]

Walkthrough

Documentation updates across three files clarify PRE_SESSION_CREATION interceptor behavior and claims embedding for authentication flows, add FAQ guidance for organization user onboarding, and configure search engine exclusion for the saaskit marketing page via robots meta tag and docsearch ignore attributes.

Changes

PRE_SESSION_CREATION Interceptor Documentation

Layer / File(s)	Summary
Interceptor claims documentation update src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx	Updated "Modify claims in session tokens" section to specify that PRE_SESSION_CREATION runs across token-issuing flows (standard login, magic link, email OTP, invitation magic link, organization switch), user metadata must be returned via response.claims, and Scalekit embeds these into access tokens under custom_claims. Added note that custom_claims do not appear in the scope claim.
Organization management FAQ for interceptor behavior src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx	Added "Common questions" section with FAQ clarifying that PRE_SESSION_CREATION fires during invitee first login the same way as other login paths and that custom claims returned by the interceptor are embedded in the issued JWT.

Search Engine Indexing Controls

Layer / File(s)	Summary
Robots noindex and docsearch-ignore attributes src/content/docs/home/saaskit/index.mdx	Added robots: noindex meta tag to page head and data-docsearch-ignore attributes to four fold-section blocks to exclude the saaskit page from search engine indexing and docsearch crawling.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• scalekit-inc/developer-docs#737: Also updates src/content/docs/home/saaskit/index.mdx with robots: noindex and data-docsearch-ignore to fold-section elements.
• scalekit-inc/developer-docs#385: Documents organization switch behavior for PRE_SESSION_CREATION interceptor.
• scalekit-inc/developer-docs#639: Documents metadata claim support in access tokens related to custom claims embedding.

Suggested labels

documentation, DX

Suggested reviewers

• ravibits
• amitash1912
• AkshayParihar33

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: clarifying PRE_SESSION_CREATION session paths and adding an FAQ about invitations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/interceptors-session-paths-and-faq

• 🛠️ fix frontmatter
• 🛠️ fix internal links

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx`:
- Around line 732-733: The sentence incorrectly limits response.claims to access
tokens; update the wording in the PRE_SESSION_CREATION interceptor docs to state
that response.claims are included in both access and ID tokens (and note that
Scalekit embeds them under the custom_claims key in the access token),
referencing PRE_SESSION_CREATION and response.claims so readers understand the
scope and where custom_claims appear.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: a7c79606-972d-4e8f-b123-4643529eee9e

📥 Commits

Reviewing files that changed from the base of the PR and between beeff3a and 70ae000.

📒 Files selected for processing (3)

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📜 Review details

🧰 Additional context used

📓 Path-based instructions (11)

**/*.mdx

📄 CodeRabbit inference engine (.cursorrules)

**/*.mdx: Use clear, descriptive titles that explain the purpose of the document
Include comprehensive descriptions in frontmatter metadata
Organize content with logical heading hierarchy (H2, H3, H4)
Use tableOfContents property in frontmatter when content has multiple sections
Set appropriate sidebar labels for navigation in frontmatter
Use direct instruction writing style with phrases like 'This guide shows you how to...' and 'Create an authorization URL to...'
Use second person perspective ('your application', 'you receive', 'you must') in documentation
Keep sentences concise, aiming for under 25 words per sentence
Explain the 'why' in documentation with phrases like 'This prevents CSRF attacks by...' or 'Use this to validate that...'
Use action verbs in section headings: 'Store session tokens securely', 'Validate the state parameter', 'Exchange authorization code for tokens'
Use present tense for descriptions: 'Scalekit handles the complex authentication flow', 'The SDK provides methods to refresh tokens'
Use future tense for results: 'This will redirect users to...', 'You'll receive a JWT containing...', 'Scalekit returns an authorization code'
Use transition phrases between sections: 'After the user authenticates...', 'Once the state is validated...', 'Let's take a look at how to...'
Write 1-3 opening paragraphs that explain what users will accomplish, provide context about when/why, preview key concepts, and use direct instructional language
Begin introduction sections with a clear statement of what the guide covers and explain the problem being solved
Use collapsible sections in introduction for sequence diagrams, video demonstrations, data models, and JSON examples with appropriate icons
Use numbered format within Steps component: 1. ## Title with all step content indented with exactly 3 spaces
Use action-oriented headings in step-by-step guides within Steps components
Include code examples in all 4 languages (Node.js, Python, Go, Java) within Steps co...

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

---

⚙️ CodeRabbit configuration file

**/*.mdx: You are reviewing Scalekit developer documentation written in MDX
(Astro + Starlight framework). Apply ALL of the following checks:

Frontmatter

• title MUST be ≤ 60 characters and clearly state what the page does.
• description MUST be ≤ 160 characters, action-oriented, unique per page.
• sidebar.label MUST be present and ≤ 30 characters.
• sidebar.order MUST be set on every page that lives inside a section
  with siblings, to enforce the journey order in sidebar.config.ts.
• Flag any missing prev / next links on pages that are clearly
  part of a sequential flow (e.g., quickstart → implement-login →
  complete-login → manage-session → logout).

Voice & Style (CLAUDE.md standards)

• Voice: confident, direct, collaborative, instructional.
• Person: second person only ("you", "your application"). Reject "we",
  "our", "the developer", "the user".
• Tense: present tense for descriptions; imperative mood for instructions.
• Flag weasel words: "simply", "just", "easy", "straightforward",
  "obviously", "of course", "note that".
• Flag passive voice constructions where active voice is clearer.
• Headings must be sentence case, not Title Case (except proper nouns).
• Headings that match a real API parameter, method, or field name
  (e.g., contactID, xero_tenant_id, executeTool) should preserve
  the original casing. Do NOT flag these as sentence-case violations.
• No heading should end with a colon or period.

Content structure

• Journey how-to guides MUST contain numbered <Steps> (Starlight
  component). This does NOT apply to src/content/docs/cookbooks/**
  (blog-style recipes — optional <Steps>, <Tabs> after </Steps> OK;
  see cookbooks path_instructions).
• Concept pages MUST NOT contain numbered steps — concepts explain, not instruct.
• API reference pages MUST list parameters in a table with Name / Type /
  Required / Description columns.
• Every page MUST end with a clear "what's next" signal — either a
  next: f...

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

**/*.{yml,yaml,md,mdx}

📄 CodeRabbit inference engine (.cursor/rules/browsecentral-labels.mdc)

**/*.{yml,yaml,md,mdx}: BrowseCentral labels should be maximum 3-5 words - keep concise but add context when needed
BrowseCentral labels should be action-oriented - start with verbs when possible
BrowseCentral labels should be specific and clear - add context when simple labels are ambiguous
BrowseCentral labels should be outcome-focused - describe what users accomplish and the context
BrowseCentral labels should use 'Action + Object' pattern (e.g., 'Invite users', 'Restrict sign-up', 'Set up SCIM')
BrowseCentral labels should use feature names (e.g., 'Enterprise SSO', 'Passwordless quickstart')
BrowseCentral labels should describe task completion (e.g., 'Run migrations', 'Migrate auth', 'Merge identities')
BrowseCentral labels should include specific context when needed (e.g., 'Configure Scalekit MCP server', 'Validate incoming API requests')
BrowseCentral labels should use integration context when applicable (e.g., 'Build MCP auth with your existing auth system')
BrowseCentral labels should avoid instructional prefixes: 'How to', 'Guide to', 'Implement', 'Configure', 'Learn', 'Understand'
BrowseCentral labels should avoid verbose phrases: 'Step-by-step guide', 'Complete tutorial', 'Detailed documentation'
BrowseCentral labels should avoid weak verbs: 'Enable', 'Allow', 'Provide', 'Support'

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

**/*.{md,mdx}

📄 CodeRabbit inference engine (.cursor/rules/deno-docs-style.mdc)

**/*.{md,mdx}: Use sentence case for all titles and headings in MD/MDX documentation
Keep page titles short and descriptive (3–7 words when possible) in MD/MDX documentation
Use outcome-focused headings that describe results, not categories (e.g., 'Run a script' not 'Scripts')
Avoid gerunds in headings when an imperative works - prefer 'Configure proxies' over 'Configuring proxies'
Keep sidebar labels concise (1–3 words), use sentence case, and focus on outcomes or objects
Use sentence case in sidebar labels without punctuation
Set frontmatter title in sentence case with a clear outcome; description in one sentence (≤160 chars); sidebar.label as shorter form of title; enable tableOfContents on longer pages
Start documentation pages with a one-paragraph overview explaining what the page covers and when to use it
Present the primary use case (80% path) first in documentation, with edge cases later
Use numbered steps for task-focused sections in documentation, with each step beginning with a verb
Break up long documentation sections with subheadings every 3–6 paragraphs
Use asides for important notes, tips, cautions, and references in documentation
Provide runnable, minimal code examples that work as-is in documentation
Prefer CLI-first examples and show file layout when helpful in documentation
Label code blocks with titles for context (e.g., 'Terminal', 'main.ts') in documentation
Keep code block annotations brief and purposeful - annotate only what matters
Use consistent variable and file names across a documentation page
Use descriptive link text in documentation (e.g., 'See permission flags' not 'click here')
Prefer relative links for internal documentation pages and include anchors for section references
Reference APIs consistently using backticks for code, file names, CLI flags, and endpoints
Use backticks for code, file names, CLI flags, and endpoints in documentation
Use lists for options and features in documentation; tables only when comparisons are cleare...

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

src/content/docs/**/*.mdx

📄 CodeRabbit inference engine (.cursor/rules/starlight-steps-tabs-structure.mdc)

src/content/docs/**/*.mdx: In MDX documentation files, <Steps> must contain one continuous ordered list. Wrap <Steps> around a normal Markdown ordered list such as 1. ## ...
In MDX documentation files, numbered step lines must start at column 0. Do not indent the 1. ##, 2. ##, etc.
In MDX documentation files, any content that belongs to a step must be indented with 3 spaces: paragraphs, bullets, images, <Tabs>, <TabItem>, and fenced code blocks
In MDX documentation files, prefer plain Markdown inside <Steps>. If the content is mostly <Tabs> or other JSX-heavy blocks, use normal section headings instead of <Steps>
In MDX documentation files, when <Tabs> is used inside a step, keep <Tabs>, <TabItem>, </TabItem>, and </Tabs> consistently nested under that step
In MDX documentation files, if a tabs block is not part of a numbered step, place it outside </Steps>

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

**/*.{ts,tsx,py,go,java,mdx,md}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx,py,go,java,mdx,md}: Use the exact SDK variable names: Node.js (scalekit), Python (scalekit_client), Go (scalekitClient), Java (scalekitClient)
Never hard-code secrets or API keys in code examples; use environment variables
Include security comments that state the threat, why the pattern is required, and what can go wrong if omitted

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

**/*.{mdx,md}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{mdx,md}: All code examples must use <Tabs syncKey="tech-stack"> format and include Node.js, Python, Go, and Java implementations (90% rule)
Use sentence case for all titles and headings in documentation
Use bold for first mention of important terms, UI elements, and dashboard paths (e.g., Dashboard > Authentication > Session Policy)
Use inline code for technical identifiers: variables, functions, endpoints, scopes, environment variables, file paths, and placeholders
Always include headers in tables; keep cell content concise and readable
Prefer fenced code blocks with language identifiers for all code; never use screenshots of code
Use descriptive link text; never use 'click here' or 'this' as link labels
Keep sentences simple, right-branching, and unambiguous; avoid ambiguous noun stacks and demonstrative pronouns
Use active voice; prefer 'Run the command' over 'The command should be run'
Use second person when giving instructions; address the reader as 'you'
Use present tense for procedures; 'This command installs…' not 'This command will install…'
Avoid hype, slang, and filler words like 'simply', 'just', 'obviously' in documentation
Use consistent terminology throughout; prefer standard names over synonyms
Explain security implications and threats for all security-related content
Use imperative verbs for procedure headings: 'Run a script' not 'Running a script'; 'Configure proxies' not 'Configuring proxies'
Headings must describe outcomes, not categories (good: 'Run a script'; bad: 'Scripts')
Split content into clear sections with descriptive, sentence-style titles that convey meaning without requiring the following paragraph
Keep paragraphs short; isolate critical points in their own short paragraphs
Begin sections and paragraphs with standalone topic sentences that preview content
Put the topic words at the beginning of topic sentences to support fast skimming
Put key takeaways and results at the top of documents and sections
Use bullets and tabl...

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

src/content/docs/**/*.{mdx,md}

📄 CodeRabbit inference engine (CLAUDE.md)

src/content/docs/**/*.{mdx,md}: Every documentation page must include frontmatter with at least: title, description, and sidebar.label
Page titles must be ≤60 characters and descriptions must be ≤160 characters
Sidebar labels must be concise (1-3 words) and use sentence case without punctuation
Use <Steps> component with single continuous ordered list; numbered steps start at column 0, continuation content indented with exactly 3 spaces
Use relative links for internal pages; include anchors for sections
Include a table of contents for documents with multiple sections; enable tableOfContents: true in frontmatter

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

src/content/**/*.mdx

📄 CodeRabbit inference engine (CONTRIBUTING.md)

src/content/**/*.mdx: All documentation must live as MDX files inside src/content/
Every documentation page must have frontmatter with title (≤60 characters), description (≤160 characters), sidebar label, order, and tags
Write documentation in second person using 'you' and 'your application', present tense for descriptions, and imperative for step-by-step instructions
Avoid filler phrases like 'simply', 'just', 'easily' in documentation and be direct
Explain security implications when relevant in documentation
Every code block demonstrating an SDK operation must include all four languages (Node.js, Python, Go, Java) using synced tabs with syncKey='tech-stack'
SDK variable names are fixed and must not be renamed: Node.js uses scalekit, Python uses scalekit_client, Go uses scalekitClient, Java uses scalekitClient

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

**/*.{md,mdx,astro,ts}

📄 CodeRabbit inference engine (CONTRIBUTING.md)

**/*.{md,mdx,astro,ts}: Use pnpm pretty-quick --staged via pre-commit git hook to auto-format all staged .md, .mdx, .astro, .ts files with Prettier
Run pnpm format to auto-format all .md, .mdx, .astro, .ts files before pushing changes

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

src/content/docs/authenticate/**/*.mdx

⚙️ CodeRabbit configuration file

src/content/docs/authenticate/**/*.mdx: This page lives in the primary authentication section.

• If it's a quickstart or step-based guide, it MUST use <Steps>.
• Auth method pages (passwordless, social, SSO, passkeys) MUST include
  a brief "when to use this" section before the implementation steps.
• Any reference to tokens (idToken, accessToken, refreshToken) MUST
  clarify: what it contains, its lifetime, and how to use it securely.
• The FSA quickstart (authenticate/fsa/quickstart.mdx) is the
  canonical entry point — no other page should duplicate its 5-step
  install→redirect→callback→session→logout structure.

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx

**

⚙️ CodeRabbit configuration file

**: # CLAUDE.md - Scalekit Documentation Guide

Overview

This file is the single source of truth for all documentation standards and AI assistant guidelines in this repository. All documentation must adhere to the rules defined below.

---

Core Principles

Documentation-first development

Every feature must include comprehensive, user-focused documentation. Documentation is not an afterthought but a first-class deliverable that guides implementation. All code changes require corresponding documentation updates.

Git workflow

• Do NOT include Co-Authored-By lines in commit messages
• At the start of a fresh session, before making any changes, ask the user: "Do you want me to cut a new branch or work on the current branch?"
• Never force push (git push --force or git push -f). If a push fails, stop and clearly explain the reason it failed — do not attempt workarounds without user confirmation.
• For commit, push, and PR creation, spawn a subagent using the Haiku model to handle it. The pre-push hook generates large logs and PR creation output adds unnecessary noise to the main session context.
• Once the user confirms local testing works, or explicitly asks to commit and push, commit all changes, push the branch, and open a PR against main. The PR must include:
  • A crisp description of the changes
  • A preview link in the format: https://deploy-preview-{PR_NUMBER}--scalekit-starlight.netlify.app/{path-to-changed-page}/

SDK variable names (critical)

CRITICAL: Use the exact variable names below in all documentation and code examples.

• Node.js: scalekit
• Python: scalekit_client
• Go: scalekitClient
• Java: scalekitClient

Multi-Language SDK Consistency

All code examples MUST include Node.js, Python, Go, and Java implementations with consistent variable naming conventions. Examples must show both success and error handling paths. Security implications must be explained for each implementation....

Files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

🧠 Learnings (13)

📚 Learning: 2026-01-30T18:18:50.883Z

Learnt from: AkshayParihar33
Repo: scalekit-inc/developer-docs PR: 415
File: src/content/docs/authenticate/fsa/multiapp/manage-apps.mdx:31-49
Timestamp: 2026-01-30T18:18:50.883Z
Learning: In all Scalekit documentation files (MDX), treat the terms 'Applications', 'Single Page Application (SPA)', 'Native Application', and 'Web Application' as proper nouns and preserve their capitalization in headings and body text. Ensure these terms remain capitalized even when used in sentence case or within prose.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-02-04T12:47:16.544Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 412
File: src/content/docs/dev-kit/tools/scalekit-dryrun.mdx:1-23
Timestamp: 2026-02-04T12:47:16.544Z
Learning: In scalekit-inc/developer-docs, the MDX frontmatter field order is required only when the sidebar configuration points to a directory (for auto-generation). If the sidebar.config.ts references a specific file path, the order field is not required. Apply this check to all MDX files under src/content/docs: if a file contributes to an auto-generated sidebar (directory path), ensure order is present; if it’s linked to a concrete file, order can be omitted. Use sidebar.config.ts to determine whether a given MDX file falls under directory-based vs file-specific sidebar references.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-02-25T08:57:12.201Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/quickstart.mdx:2-10
Timestamp: 2026-02-25T08:57:12.201Z
Learning: In Scalekit developer-docs (Astro Starlight), do not auto-suggest adding tableOfContents in frontmatter unless the user explicitly overrides the default behavior. The default enables tableOfContents with minHeadingLevel 2 and maxHeadingLevel 3. Only set tableOfContents when you want to customize heading levels or disable it entirely; otherwise omit it for other docs.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-02-25T13:04:27.491Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/start-agent-auth-coding-agents.mdx:9-17
Timestamp: 2026-02-25T13:04:27.491Z
Learning: Allow page-level CSS overrides in MDX frontmatter (head: style) for readability and engagement, even if it customizes typography beyond defaults. This applies to per-page UX decisions, including heading sizes and style tweaks, but keep overrides purposeful, accessible, and within the repository's design guidelines. Use these overrides sparingly and document the rationale for maintainability.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-03-05T11:29:08.125Z

Learnt from: AkshayParihar33
Repo: scalekit-inc/developer-docs PR: 463
File: src/content/docs/agent-auth/providers.mdx:35-73
Timestamp: 2026-03-05T11:29:08.125Z
Learning: In src/content/docs/agent-auth/providers.mdx, the Card components intentionally use icon=" " (a space) to render consistent colored boxes since some Starlight icon names resolve to icons and others do not. Do not flag icon=" " as a placeholder issue for this file; treat this as a deliberate UX choice specific to this MDX page and avoid raising a placeholder-icon warning here.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-03-09T07:27:56.794Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 469
File: src/content/docs/guides/integrations/scim-integrations/azure-scim.mdx:95-107
Timestamp: 2026-03-09T07:27:56.794Z
Learning: Do not enforce the 3-space indentation rule for Steps component content as a hard style rule in MDX files under src/content/docs/**/*.mdx. Only flag/rectify it if it causes visible rendering problems in the UI. Otherwise, allow current formatting; apply this rule only when rendering issues are observed and document any fixes.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-03-09T07:32:38.426Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 467
File: src/content/docs/sso/guides/sso-user-attributes.mdx:108-148
Timestamp: 2026-03-09T07:32:38.426Z
Learning: In MDX code samples under src/content/docs (and similar conceptual snippets in scalekit-inc/developer-docs), when an example's sole purpose is to show how to access a specific value (e.g., reading JWT claims after token validation), omit error/non-happy-path handling to keep the snippet focused. Do not flag the absence of error paths in narrowly scoped conceptual snippets.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-03-17T16:01:50.487Z

Learnt from: dhaneshbs
Repo: scalekit-inc/developer-docs PR: 506
File: src/content/docs/authenticate/fsa/quickstart.mdx:851-853
Timestamp: 2026-03-17T16:01:50.487Z
Learning: In the Scalekit Python SDK docs, clarify that LogoutUrlOptions is not exported from the top-level scalekit package __init__.py. The correct import path in code samples or reviews is: from scalekit.common.scalekit import LogoutUrlOptions. Do not flag this import path as incorrect in documentation or code reviews; ensure examples reflect the proper import path to avoid confusion for users.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-02-25T03:34:41.147Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 444
File: src/content/docs/agent-auth/start-agent-auth-coding-agents.mdx:31-31
Timestamp: 2026-02-25T03:34:41.147Z
Learning: In MDX files, import { Code } from 'astrojs/starlight/components' only if the MDX content actually uses the <Code> component. If the file uses only fenced code blocks (```), the import is not required. Apply this guideline to all MDX files (e.g., src/content/docs/**/*.mdx) to avoid unnecessary imports and reduce bundle size.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-02-25T18:41:00.639Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 446
File: src/content/docs/authenticate/m2m/api-auth-quickstart.mdx:78-78
Timestamp: 2026-02-25T18:41:00.639Z
Learning: Preserve full URLs inside code comments in MDX code blocks (bash/python/js) when the URLs are part of copyable examples. Do not flag these in code examples. Use relative paths in prose and hyperlinks within MDX; only enforce relative paths for markdown prose links, not for URLs inside code comments.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-05-16T17:25:30.736Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 693
File: src/content/docs/authenticate/mcp/troubleshooting.mdx:170-170
Timestamp: 2026-05-16T17:25:30.736Z
Learning: In this repo’s documentation (.mdx files), external links should be written using plain Markdown link syntax: `[text](url)`. Do not flag links for missing `target="_blank"` or `rel="noopener"` (avoid adding raw HTML anchors just to include those attributes), and keep the approach consistent with existing docs styling.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-04-25T07:22:18.321Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 633
File: src/components/templates/agent-connectors/_setup-heyreach.mdx:12-12
Timestamp: 2026-04-25T07:22:18.321Z
Learning: In this repo’s MDX documentation files, treat `@/...` paths as aliases that resolve to the `src/` directory (e.g., `@/assets/docs/foo/bar.png` -> `src/assets/docs/foo/bar.png`). When reviewing, do not flag `@`-prefixed image (or other asset) paths as broken; instead, verify that the corresponding physical file exists under `src/`.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

📚 Learning: 2026-05-16T17:25:30.736Z

Learnt from: saif-at-scalekit
Repo: scalekit-inc/developer-docs PR: 693
File: src/content/docs/authenticate/mcp/troubleshooting.mdx:170-170
Timestamp: 2026-05-16T17:25:30.736Z
Learning: In this repo’s documentation (MD/MDX), external links should be written using plain Markdown link syntax: `[text](url)`. Do not flag external links for missing `target="_blank"` or `rel="noopener"`, and avoid converting Markdown links into raw HTML `<a>` tags just to add those attributes, since that would be inconsistent with the established doc pattern.

Applied to files:

• src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx
• src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx
• src/content/docs/home/saaskit/index.mdx

🔇 Additional comments (5)

src/content/docs/authenticate/manage-organizations/add-users-to-organization.mdx (1)

276-285: LGTM!

src/content/docs/home/saaskit/index.mdx (4)

14-17: Confirm intent to exclude this landing page from search engine indexing.

The robots: noindex meta tag will prevent search engines (Google, Bing, etc.) from indexing this page entirely. This means users cannot discover this Scalekit SaaS marketing page through organic search.

Is this intentional? If the goal is only to exclude specific sections from DocSearch (site search), the data-docsearch-ignore attributes on the fold-sections (lines 267, 309, 334, 360) may be sufficient without also blocking external search engines.

---

267-267: LGTM!

Also applies to: 309-309, 334-334, 360-360

---

381-400: Verify intentional omission of data-docsearch-ignore on the Security section.

The "Security, Compliance & Availability" fold-section (lines 381-400) does not include the data-docsearch-ignore attribute, while the four preceding fold-sections do. This appears intentional based on the PR objectives stating "four fold-section blocks," but confirming helps ensure consistency.

If security and compliance content should remain searchable in DocSearch (site search), the current implementation is correct.

---

1-12: Add sidebar.label to this splash landing page (or document the intentional exception).

src/content/docs/home/saaskit/index.mdx uses template: splash but its frontmatter lacks sidebar.label. The same pattern appears in src/content/docs/index.mdx, while src/content/docs/dev-kit/index.mdx includes it, so this is inconsistent—either add sidebar.label or clarify that splash pages are exempt to prevent sidebar/validation issues.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Clarify token coverage for response.claims.

This wording narrows behavior to access tokens only, but your interceptor contract documents response.claims as included in both access and ID tokens. Update this sentence to avoid conflicting guidance.

Suggested wording

- Add custom claims to access tokens issued by Scalekit. ... Scalekit embeds them in the access token under the `custom_claims` key.
+ Add custom claims to tokens issued by Scalekit. ... Scalekit embeds them under the `custom_claims` key in issued tokens (access and ID tokens).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/authenticate/interceptors/auth-flow-interceptors.mdx` around
lines 732 - 733, The sentence incorrectly limits response.claims to access
tokens; update the wording in the PRE_SESSION_CREATION interceptor docs to state
that response.claims are included in both access and ID tokens (and note that
Scalekit embeds them under the custom_claims key in the access token),
referencing PRE_SESSION_CREATION and response.claims so readers understand the
scope and where custom_claims appear.

[ravibits]

@saif-at-scalekit are you resolving this?

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[netlify]

✅ Deploy Preview for scalekit-starlight ready!

Name	Link
🔨 Latest commit	70ae000
🔍 Latest deploy log	https://app.netlify.com/projects/scalekit-starlight/deploys/6a2906677b3162000882bc05
😎 Deploy Preview	https://deploy-preview-739--scalekit-starlight.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.