14 Commits

Author	SHA1	Message	Date
BilalG1	f7e389809e	feat(hexclave): PR 1 — wire compatibility layer (invisible) (#1475) ... ## Summary **Stacked on #1468** (`docs/hexclave-rename-plan` — the plan doc). Diff vs that base = the actual PR 1 code. This is **PR 1 of the Hexclave rebrand: the invisible compatibility layer**. Everything is additive. Old SDKs, old wire identifiers, and old env var names keep working unchanged. The backend dual-accepts and dual-emits; new SDK code emits `x-hexclave-*` headers and the `hexclave_` Bearer prefix; cookies dual-write; env vars dual-read across every category. **No user-visible rebranding lands here** — that's PR 2. See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 1 implementation guide"* for the full per-work-area spec, file pointers, and chosen approach. ## What's implemented (all 14 PR-1 work-areas) - **SDK export aliases** — `Hexclave*` aliases for the user-facing `Stack*` exports added in `packages/template`; codegen propagates them to `@stackframe/{js,stack,react,tanstack-start}`. React-only aliases correctly excluded from `@stackframe/js`. (`e60550a2`) - **JWT issuer dual-accept** — `decodeAccessToken` accepts both `api.stack-auth.com` and `api.hexclave.com` issuers. Signing unchanged. (`fc781def`) - **Request-header dual-accept** — backend + dashboard proxies normalize `x-hexclave-*` → `x-stack-*` at the existing empty proxy hook (so `smart-request.tsx` and every route schema keep working unchanged); CORS allowlists extended via a derive-once helper. (`2a056eac`) - **MCP `ask_hexclave`** — registered alongside `ask_stack_auth` via a shared helper; `ask_stack_auth` behavior byte-identical. (`30ffd604`) - **Dev-tool** — DOM ids + header emit switched. `window.HexclaveDevTool` exposed alongside `window.StackDevTool`. (`32131ea7`) - **The big consolidated commit** (`7fed864a`): - **Env vars** — central `getEnvVariable` prefix-transform (HEXCLAVE first, STACK fallback); dashboard + template client env files dual-read; `turbo.json` globalEnv; `NEXT_PUBLIC_STACK_PORT_PREFIX` renamed outright across ~82 files including docker. - **Cookies** — dual-write/dual-read auth (`stack-access`/`-refresh-*` and custom-domain variants), OAuth-state (`stack-oauth-{inner,outer}-*`), and low-risk cookies (`stack-is-https`, `stack-last-seen-changelog-version`). Bypass sites patched (backend OAuth callback, dashboard remote-dev auth route, impersonation snippets, snapshot serializer). - **Bearer prefix** — SDK token parser accepts both `stackauth_` and `hexclave_`; emits `hexclave_`. Discovery correction: this is purely SDK-internal — the backend never parses it. - **Response headers** — backend dual-emits `x-hexclave-{request-id,actual-status,known-error}`; SDKs dual-read (new first, stack fallback). - **SDK request-header emit switch** — `client/server/admin-interface.ts` + dashboard `api-headers.ts` + `internal-project-headers.ts` + `feedback-form.tsx` switched to `x-hexclave-*`. Plus `stack_response_mode` query param. - **Storage keys** — dev-tool / cli-auth / oauth-button / docs keys renamed (straight); `stack:session-replay:v1` dual-read so in-progress recordings survive SDK upgrades; `stack_mfa_attempt_code` dual-read. - **Query params** — cross-domain params dual-emit/dual-accept via shared helpers; backend `oauth/authorize` accepts `hexclave_response_mode` and `stack_response_mode`; `stack-init-id` renamed. - **`Symbol.for`** — app-internals symbol gets a parallel `Symbol.for("Hexclave--app-internals")` getter on each attach site (no read-site churn — old symbol still attached). 3 file-private symbols renamed outright. - **Config discovery** — prefer `hexclave.config.ts`, fall back to `stack.config.ts` at every discovery site (CLI / dashboard / backend / local-emulator); `init` writes the new filename; CLI credentials path migrates. - **Internal renames** — `StackAssertionError`, `StackClient/Server/AdminInterface` renamed outright (no alias, per the "internal-only → rename" rule). ~264 files touched. - **Review-pass fixes** (`21217fbe`) — three real bugs found by parallel review agents and fixed: - `snapshot-serializer.ts` was interpolating the whole `keyedCookieNamePrefixes` array (`${arr}`) — adding a second prefix would have corrupted **every** OAuth-cookie snapshot, not just new ones. - **Docker port-prefix producer/consumer mismatch** — `entrypoint.sh`/`run-emulator.sh`/cloud-init `user-data` were still producing `NEXT_PUBLIC_STACK_PORT_PREFIX` while the dashboard sentinel + consumers had been renamed; silent self-host regression (custom port prefix would be ignored). - **Missing `hexclave-oauth-inner-*` dual-write** in the OAuth authorize route — callback's fallback masked it but the dual-write was specified by the plan. - Plus: `mcp.test.ts` tool-list assertions updated to include `ask_hexclave`; two dashboard header-emit sites switched to `x-hexclave-*` for consistency. - **E2E snapshot serializer follow-up** (`4b16cc5d`) — `x-hexclave-request-id` added to the hidden-headers list (mirroring `x-stack-request-id` treatment), and 2 sample inline snapshots regenerated in `projects.test.ts` to include the new dual-emitted headers. ## Verification - **`pnpm typecheck`** — clean (the fresh-worktree `@/.source` / Prisma codegen gap in `stack-docs` is pre-existing and unrelated). - **`pnpm lint`** — 29/29 packages green. - **`pnpm exec turbo run build --filter=./packages/*`** — 13/13 packages build (including `@stackframe/stack-cli` once the dashboard standalone is present). - **Live E2E** against a running backend on `cl/hexclave-pr1`: - `pnpm test run apps/e2e/tests/backend/endpoints/api/v1/internal/mcp.test.ts` — **6/6 pass** (verifies the new `ask_hexclave` tool — the hand-written inline snapshot matched actual MCP server output). - `pnpm test run apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts` — **11/11 pass** (verifies wire dual-accept + dual-emit end-to-end; the snapshot serializer fix was found and applied during this check). A four-agent parallel **review pass** also audited the full diff for logic/runtime bugs across the work-areas (wire headers + JWT, cookies + bearer + symbols, env vars, query params + config + MCP + aliases). All in-slice review verdicts were ✓ except the three bugs listed above, which are now fixed. ## Known follow-ups (out of scope for this PR) - **E2E snapshots across the rest of the suite** — backend now dual-emits `x-hexclave-{known-error,actual-status}` alongside `x-stack-*`, which legitimately appears in inline snapshots throughout `apps/e2e`. Two were regenerated here as a sample; the rest should regen with `vitest -u` in CI. - **Docker shell env vars beyond `PORT_PREFIX`** — `entrypoint.sh` still reads `STACK_*` env vars directly (the JS-side `getEnvVariable` transform doesn't help the shell). JS consumers dual-read so it works in practice; full shell-level dual-read is a deeper self-host follow-up. - **`@stackframe/stack-cli` build ordering** — pre-existing; needs `build:rde-standalone` first. Not affected by this PR. ## Test plan - [ ] CI runs full e2e suite (with `vitest -u` to absorb dual-emit snapshot deltas, then committed back) - [ ] Spot-check: an old SDK build (emitting only `x-stack-*`) still authenticates against the new backend - [ ] Spot-check: a new SDK (emitting `x-hexclave-*` / `Bearer hexclave_*`) still authenticates against an old backend during deploy ordering - [ ] Manual: `npx @stackframe/stack-cli@latest init` (new onboarding entrypoint) generates `hexclave.config.ts` - [ ] Manual: existing `stack.config.ts`-only project still resolves (no migration required) --------- Co-authored-by: bilal <bilal@stack-auth.com>	2026-05-23 17:24:55 -07:00
Mantra	647883c7ac	Move MCP server into a standalone apps/mcp app (#1405) ... ## Summary Splits the Stack Auth MCP server out of `apps/backend` and into a dedicated Next.js app at `apps/mcp/`, served on port `:42` (suffixed via `NEXT_PUBLIC_STACK_PORT_PREFIX`) and exposed in production at `https://mcp.stack-auth.com/mcp`. The backend no longer carries the MCP transport route; clients now point at the new host. Base: `dev` → Head: `chore/move-mcp-to-a-sep-app` Scope: 34 files, +1425 / −353 ## What changed - **New app** `apps/mcp/` — standalone Next.js + `@vercel/mcp-adapter`, with: - `src/app/api/internal/[transport]/route.ts` — MCP transport handler (moved from backend) - `src/app/mcp/route.ts`, `src/app/route.ts` — public landing + setup page - `src/app/health/route.ts` — health check - `src/mcp-handler.ts`, `src/setup-page.ts`, `src/analytics.ts` - **Backend** drops `apps/backend/src/app/api/internal/[transport]/route.ts` (−105) — MCP code is gone from the backend image. - **Dashboard** install hint updated to point at `https://mcp.stack-auth.com/mcp` (was `/`). - **Dev launchpad** gets an MCP tile so the new service shows up alongside the rest of the local stack. - **CI** workflows (`db-migration-backwards-compatibility`, `e2e-api-tests*`) start the MCP service in the background before running tests. - **Docs** (`docs-mintlify`, `docs/`) and `init-stack` / `init-prompt` updated to reference the new URL. - **E2E** `apps/e2e/tests/backend/endpoints/api/v1/internal/mcp.test.ts` reworked to hit the new host; `helpers.ts` and env files gain an MCP base-URL var. ## Visuals ### New `apps/mcp` setup page (`https://mcp.stack-auth.com/`) The standalone app's root now serves a self-contained MCP setup guide with per-client instructions (Cursor, VS Code, Codex, Claude Code, Claude Desktop, Windsurf, ChatGPT, Gemini CLI):  ### Dev launchpad now lists the MCP service New tile at port suffix `:42`, importance 2, alongside Backend / Dashboard / Demo app:  ## Notes for reviewers - The MCP transport endpoint moved path: it was mounted under `/api/internal/[transport]` in the backend; in the new app it's at the same path but on the dedicated host. The public-facing URL is `https://mcp.stack-auth.com/mcp`. - `apps/mcp` ships its own PostHog analytics client (`src/analytics.ts`) so the backend doesn't have to proxy events for it anymore. - Port allocation: `${PORT_PREFIX}42` (default `8142` in dev). Picked to fit the existing dev-launchpad importance-2 row. - No DB migrations. ## Test plan - [x] `apps/mcp` builds and `pnpm dev` serves on `:8142` - [x] Dev launchpad renders the new MCP tile (screenshot above) - [x] MCP setup page renders client tabs (screenshot above) - [x] E2E `mcp.test.ts` updated to hit the new host - [ ] CI green on `e2e-api-tests*` and `db-migration-backwards-compatibility` workflows (they were touched to start the MCP service) - [ ] `init-stack` / `mcp.ts` install flow lands users on the new URL <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Standalone MCP app added with a public /mcp endpoint and health check. * MCP appears in the dev-launchpad apps list. * **Documentation** * MCP endpoint updated to https://mcp.stack-auth.com/mcp in all setup guides and installer snippets. * Setup page enhanced with detailed client install tabs and instructions. * **Chores** * MCP service integrated into CI/e2e workflows and local env configs. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-07 15:22:44 -07:00
Konsti Wohlwend	5bfe1a79ce	New { type: "hosted" } for page URLs (#1261) ... Other minor redirect URL changes: - app.urls.* is now deprecated - redirectToSignOut now sets and preserves after_auth_return_to - OAuth sign-in after_auth_return_to now carries callback-return context <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **High Risk** > High risk because it changes OAuth authorization/token issuance, redirect URL validation, and introduces a new cross-domain handoff endpoint plus a DB migration linking authorization codes to refresh tokens, which can affect login/session security and reliability. > > **Overview** > Adds **hosted URL targets** for SDK `urls` resolution (new `{ type: "hosted" }`/`{ type: "handler-component" }`/`{ type: "custom" }` options), including env-driven hosted handler domain/template support and fallback routing for unknown `/handler/*` paths. > > Implements a **cross-domain OAuth PKCE handoff**: a new `/auth/oauth/cross-domain/authorize` endpoint issues one-time authorization-code redirects bound to the caller’s session refresh token; authorization codes now persist `grantedRefreshTokenId` and token issuance reuses/validates ownership of that refresh token. Redirect planning for `redirectTo*` (and OAuth callback handling) is refactored into `redirect-page-urls.ts` to preserve `after_auth_return_to` and cross-domain handoff params. > > Tightens redirect safety (e.g., `after_callback_redirect_url` is validated/whitelisted), centralizes SDK env var reads via `envVars` with lint enforcement, hardens `EventTracker` startup for partial DOM test environments, and adds unit/E2E coverage plus a demo page for manual cross-domain verification. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 9197d4f32b. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Cross-domain OAuth PKCE handoff flow (client + server) for hosted sign-in. * Hosted handler URL templating with local development domain suffix support. * Demo UI page to exercise hosted cross-domain sign-in/out and OAuth flows. * Authorization codes now preserve an associated refresh-token id to support cross-domain exchanges. * **Bug Fixes** * Stricter redirect-URL validation and stronger refresh-token ownership checks. * More robust event-tracker startup guards in partial DOM environments. * **Tests** * New E2E and unit tests covering cross-domain authorize, callback validation, and handoff flows. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-27 14:48:01 -07:00
aadesh18	2055d98dea	External db sync (#1036) ... <img width="1920" height="969" alt="Screenshot 2026-02-04 at 9 47 16 AM" src="https://github.com/user-attachments/assets/d7d0cd04-0051-4fc4-b857-e6f87ee97a59" /> **This PR revolves around the following components** 1. Sequencer - sequences the updates in the internal db 2. Poller - polls for the latest updates to sync with the external db 3. Outgoing Request Handler - essentially a trigger that can make http requests based on a change in the internal db 4. Sync Engine - syncs with the latest changes from the internal db to the external db **What has been done** - Added a global sequence id for ProjectUser, ContactChannel and DeletedRow. - Added the deletedRow table to keep track of the rows that were deleted across ProjectUser and ContactChannel. - Added the OutgoingRequest table to keep track of the outgoing requests - Added function for the sequencer to call to sequence updates - Added a sequencer that sequences all the changes in the internal db every 50 ms - Added a poller that polls for the latest changes in the internal db every 50 ms, and adds to a queue - Added a Vercel cron that calls sequencer and poller every minute - Added a queue that fulfills the outgoing requests by making http calls (for external db sync, it calls the sync engine endpoint) - Added a sync engine that uses the defined sql mapping query in the user's schema to pull in the changes for the user, and sync them with the external db - Added tests to test out each functionality **How to review this PR:** 1. Review the migrations (sequence id, deletedRow, triggers, backlog sync) (all files created under the migrations folder) 2. Review sequencer 3. Review poller 4. Review the changes in schema 5. Review sync-engine (the function, and it's helper file) 6. Review the schema changes, and query mappings 7. Review the tests (basic, advanced and race, along with the helper file) 8. Review the changes made in Dockerfile to support local testing using the postgres docker <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Introduces a cron-driven external DB sync pipeline with global sequencing, internal poller and webhook sync engine, new DB tables/functions, config schema/mappings, and comprehensive e2e tests. > > - **Database (Prisma/Migrations)**: > - Add global sequence (`global_seq_id`) and `sequenceId`/`shouldUpdateSequenceId` to `ProjectUser`, `ContactChannel`, `DeletedRow` with partial indexes. > - Create `DeletedRow` (capture deletes) and `OutgoingRequest` (queue) tables; add unique/indexes. > - Add triggers/functions: `log_deleted_row`, `reset_sequence_id_on_update`, `backfill_null_sequence_ids`, `enqueue_tenant_sync`. > - **Backend/API**: > - New internal routes: `GET /api/latest/internal/external-db-sync/sequencer`, `GET /poller`, `POST /sync-engine` (Upstash-verified) for sync orchestration. > - Add cron wiring: `vercel.json` schedules and local `scripts/run-cron-jobs.ts`; start in dev via `dev` script. > - Tweak route handler (remove noisy logging) without behavior change. > - **Sync Engine**: > - Implement `src/lib/external-db-sync.ts` to read tenant mappings and upsert to external Postgres (schema bootstrap, param checks, sequencing). > - Add default mappings `DEFAULT_DB_SYNC_MAPPINGS` and config schema `dbSync.externalDatabases` in shared config. > - **Testing/Infra**: > - Add extensive e2e tests (basics, advanced, race conditions) for sequencing, idempotency, deletes, pagination, multi-mapping, and permissions. > - Docker compose: add `external-db-test` Postgres for tests; e2e deps for `pg` types. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 3f2a8efcfb. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * External PostgreSQL sync: automatic, batched replication with mappings, resume/idempotency, and on-demand enqueueing. * **Admin UI** * Real-time External DB Sync dashboard and status API showing per-mapping backlog, sequencer/poller/sync-engine telemetry, and fusebox controls. * **Tests** * Large e2e suite: basic, advanced, race, high-volume tests and test utilities for external DB sync. * **Chores** * DB migrations, CI/workflow updates, background cron runner and local/dev test support. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com> Co-authored-by: Bilal Godil <bg2002@gmail.com>	2026-02-05 12:04:31 -08:00
Aman Ganapathy	4f34200db9	[Feat] Setup new route for email monitoring (#1095) ... ### Summary of Changes We need a way to tell if our email service is working. So, we set up a route that will be periodically hit by uptime kuma. This route tries to sign up to stack auth. Upon signing up, an verification email will be sent. We use resend to check the inbox and return a success if the email is found. We use resend to setup a test email domain, and we query that domain to see if the email has been received. In test environments/dev, we use inbucket instead. This route also requires a secret token, which can be configured via `.env` variables. ### Necessary config changes Note we add several new environment variables which will need to be populated in prod. Also, the [config settings for resend](https://resend.com/docs/send-with-smtp) are as follows: 1. **Host:** `smtp.resend.com` 2. **Port:** `465` 3. **Username:** `resend` 4. **Password:** `<RESEND_API_KEY>` These may need to be set up in docker to enable emails being sent out to resend. To set this up with uptime kuma, follow the steps below: 1. Create a new monitor 2. Set the monitor type to `HTTP(s)` 3. The URL should hit the `/health/email` endpoint. 4. Suggested request timeout is at least 120 seconds. Reading emails from the resend inbox can take a bit of time. 5. In headers, set the header as below: ``` { "authorization": "Bearer <STACK_EMAIL_MONITOR_SECRET_TOKEN>" } ```	2026-01-28 19:09:47 -08:00
Konsti Wohlwend	b4ae80874e	Upgrade Prisma to v7 (#1064)	2025-12-26 08:13:34 -08:00
Konsti Wohlwend	3d4c608187	Customizable ports (#962) ... <!-- ONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- RECURSEML_SUMMARY:START --> ## High-level PR Summary This PR changes the default development ports for several background services to avoid conflicts. PostgreSQL moves from port `5432` to `8128`, Inbucket SMTP from `2500` to `8129`, Inbucket POP3 from `1100` to `8130`, and the OpenTelemetry collector from `4318` to `8131`. All references across configuration files, Docker Compose setups, environment files, CI/CD workflows, test files, and documentation have been updated to reflect these new port assignments. A knowledge base document has been added to document the new port mappings. ⏱️ Estimated Review Time: 15-30 minutes <details> <summary>💡 Review Order Suggestion</summary> | Order | File Path | | --- | --- | | 1 | `claude/CLAUDE-KNOWLEDGE.md` | | 2 | `apps/dev-launchpad/public/index.html` | | 3 | `docker/dependencies/docker.compose.yaml` | | 4 | `docker/emulator/docker.compose.yaml` | | 5 | `apps/backend/.env` | | 6 | `apps/backend/.env.development` | | 7 | `docker/server/.env.example` | | 8 | `package.json` | | 9 | `.devcontainer/devcontainer.json` | | 10 | `apps/e2e/.env.development` | | 11 | `.github/workflows/check-prisma-migrations.yaml` | | 12 | `.github/workflows/docker-server-test.yaml` | | 13 | `.github/workflows/e2e-api-tests.yaml` | | 14 | `.github/workflows/e2e-source-of-truth-api-tests.yaml` | | 15 | `.github/workflows/restart-dev-and-test.yaml` | | 16 | `apps/e2e/tests/backend/endpoints/api/v1/internal/email-drafts.test.ts` | | 17 | `apps/e2e/tests/backend/endpoints/api/v1/internal/email.test.ts` | | 18 | `apps/e2e/tests/backend/endpoints/api/v1/send-email.test.ts` | | 19 | `apps/e2e/tests/backend/endpoints/api/v1/unsubscribe-link.test.ts` | | 20 | `apps/e2e/tests/backend/workflows.test.ts` | | 21 | `docs/templates/others/self-host.mdx` | </details> [](https://discord.gg/n3SsVDAW6U) [ <!-- RECURSEML_SUMMARY:END --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > This PR introduces customizable development ports using `NEXT_PUBLIC_STACK_PORT_PREFIX`, updating configurations, documentation, and tests accordingly. > > - **Behavior**: > - Default development ports for services are now customizable via `NEXT_PUBLIC_STACK_PORT_PREFIX`. > - PostgreSQL port changed from `5432` to `${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}28`. > - Inbucket SMTP port changed from `2500` to `${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}29`. > - Inbucket POP3 port changed from `1100` to `${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}30`. > - OpenTelemetry collector port changed from `4318` to `${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}31`. > - **Configuration**: > - Updated `docker.compose.yaml` to use new port variables for services like PostgreSQL, Inbucket, and OpenTelemetry. > - Environment files in `apps/backend`, `apps/dashboard`, and `apps/e2e` updated to use `NEXT_PUBLIC_STACK_PORT_PREFIX`. > - `package.json` scripts updated to reflect new port configurations. > - **Documentation**: > - Added `CLAUDE-KNOWLEDGE.md` to document new port mappings. > - Updated `self-host.mdx` to reflect new port configurations. > - **Testing**: > - Updated test files in `apps/e2e/tests` to use new port configurations. > - Added `helpers/ports.ts` for port-related utilities in tests. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for 76ef55f58f. You can [customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this summary. It will automatically update as commits are pushed.</sup> ---- <!-- ELLIPSIS_HIDDEN --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Enable configurable development ports via a NEXT_PUBLIC_STACK_PORT_PREFIX, allowing parallel local environments with custom port prefixes. - **Bug Fixes** - Updated local service port mappings and CI/workflow settings so tooling and tests use the new prefixed ports consistently. - **Documentation** - Added docs and contributor guidance for running multiple parallel workspaces with custom port prefixes. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: N2D4 <N2D4@users.noreply.github.com>	2025-10-20 15:24:47 -07:00
Zai Shi	a7acab4646	Auto migration (#526) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Introduces an automated database migration system, replacing manual Prisma commands with new scripts and updating workflows, configurations, and tests accordingly. > > - **Auto-Migration System**: > - Introduces `db-migrations.ts` script for handling database migrations automatically. > - Adds utility functions in `utils.tsx` for managing migration files. > - Implements `applyMigrations` and `runMigrationNeeded` in `index.tsx` for executing migrations. > - **Workflow and Scripts**: > - Updates GitHub workflows (`check-prisma-migrations.yaml`, `e2e-api-tests.yaml`) to use new migration commands. > - Replaces `prisma migrate` commands with `db:init`, `db:migrate`, etc., in `package.json` and `README.md`. > - **Testing**: > - Adds `auto-migration.tests.ts` for testing migration logic and concurrency handling. > - **Configuration**: > - Updates `.env.development` and `vitest.config.ts` for new environment variables and paths. > - Modifies `turbo.json` and `package.json` to include new migration tasks and scripts. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for 2c24183879. You can [customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this summary. It will automatically update as commits are pushed.</sup> <!-- ELLIPSIS_HIDDEN --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com> Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>	2025-07-24 02:38:37 +02:00
Zai Shi	f5566a1570	Webhook E2E tests (#428)	2025-02-13 20:29:05 +01:00
Konsti Wohlwend	53450206f5	Create users & auth endpoints in backend (#85)	2024-07-01 22:42:08 -07:00
Stan Wohlwend	ab348af895	Prefix all environment variables with STACK_	2024-07-01 17:30:35 -07:00
Stan Wohlwend	77229f4b2e	Snapshot tests	2024-06-19 19:44:32 +02:00
Konsti Wohlwend	6480667a97	Split backend and dashboard (#83)	2024-06-18 15:49:31 +02:00
Stan Wohlwend	14c9a202b8	Improve developer setup	2024-06-03 01:36:17 +02:00