fix(env): surface CLERK_PLATFORM_API_URL credential mismatch

[rafa-thayto]

Summary

Addresses the immediate, concrete gap from #329. CLERK_PLATFORM_API_URL redirects API traffic to an arbitrary host, but credentials are keyed by environment name (via switch-env), not by URL — so when the override points somewhere else, the active environment's token is silently sent to that host with no credential isolation.

This is a Tier-1 / diagnostic fix:

• Warn in human mode when CLERK_PLATFORM_API_URL differs from the active environment's platform URL (agent/scripted stderr stays clean — it would otherwise corrupt machine-readable output; agents get the same info from doctor).
• clerk doctor now reports the active environment name and effective API URL in the "Logged in" check.

The broader request in #329 (user-definable environment profiles for full multi-env credential isolation) is a separate, larger change and is not included here — this PR makes the silent failure visible.

Test plan

• New src/lib/environment.test.ts: warns on override mismatch in human mode; silent when unset, when equal, and in agent mode
• doctor tests pass

Refs #329

[changeset-bot]

🦋 Changeset detected

Latest commit: e59876a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
clerk	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Warning

Review limit reached

@rafa-thayto, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 58 minutes and 48 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9dbe7d75-0059-44b7-b611-99db7b020736

📥 Commits

Reviewing files that changed from the base of the PR and between 4240dd5 and e59876a.

📒 Files selected for processing (5)

• .changeset/platform-api-url-credential-warning.md
• packages/cli-core/src/cli-program.ts
• packages/cli-core/src/commands/doctor/checks.ts
• packages/cli-core/src/lib/environment.test.ts
• packages/cli-core/src/lib/environment.ts

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wyattjoh]

Clean, well-scoped diagnostic fix with good test coverage. One minor robustness note on the URL comparison and a small test-quality suggestion.