- Replaced the 'run' command expectation with 'start' in the emulator help output.
- Removed the test for 'emulator build' help as it is no longer relevant.
- Updated error message for invalid architecture in the 'emulator pull' test to improve clarity.
These changes enhance the accuracy and relevance of the CLI tests for the emulator functionality.
## Summary
- replace the dashboard feedback form's Web3Forms submission with an
authenticated internal backend endpoint
- send support and feature-request notifications through Stack Auth's
native internal email pipeline
- share internal project auth headers in the dashboard and add backend
E2E coverage for support feedback
## Testing
- pnpm typecheck
- pnpm lint -- "src/components/feedback-form.tsx"
"src/components/stack-companion/feature-request-board.tsx"
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Internal feedback submission endpoint with automated internal email
notifications
* New internal email builder and sending utility; recipient list
configurable via env
* **Enhancements**
* Feedback form requires sign-in, disables submit when unauthenticated,
and tightens validation
* Centralized header helper for authenticated internal requests
* Feature request board gates actions for signed-out users and improves
upvote/submit reliability
* Runtime retrieval/validation of the feature-tracking API key and
streamlined user handling
* **Tests**
* End-to-end tests covering internal feedback flows, validation, and
email delivery
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Introduced a fallback mechanism for the private sign-up risk engine,
allowing for zero-score assessments when the primary engine is
unavailable.
- Updated Next.js configuration to support dynamic resolution of the
private risk engine, including aliasing for both Turbopack and Webpack.
- Added a new fallback implementation in
`private-sign-up-risk-engine-fallback.ts` to ensure consistent behavior
during builds.
- Adjusted `risk-scores.tsx` to utilize the new compiled engine,
improving error handling and logging for risk assessment failures.
This update improves the robustness of the sign-up risk scoring system
and enhances the development experience by streamlining engine
resolution.
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Improvements**
* Sign-up risk engine is initialized and validated at startup for more
predictable performance.
* If the risk engine is unavailable or invalid, the system immediately
returns safe zero-risk scores to avoid runtime failures.
* **Tests**
* End-to-end tests updated to match the new engine initialization and
detection behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
- Introduced file existence checks in the local emulator project route to ensure the specified config file is present before proceeding with project creation.
- Updated the `setBranchConfigOverride` function to streamline writing configurations directly to the file when the local emulator is enabled, improving reliability.
- Refactored the `readConfigFromFile` function to handle empty file scenarios by writing a default config, enhancing user experience.
- Adjusted related tests to reflect changes in error handling and file creation logic, ensuring robust validation of local emulator functionality.
These updates improve the local emulator's configuration management and enhance the overall developer experience.
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Refined analytics query error classification so certain database
errors are treated as known/handled, reducing exposure of internal
diagnostics in responses.
* **Tests**
* Added end-to-end tests verifying safe (masked) error responses,
preventing leakage of restricted column/identifier details and
constraining suggestion text in error messages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced analytics event processing to properly handle edge cases when
data contains certain truncated special characters or emoji sequences,
ensuring data integrity.
* **Tests**
* Added coverage for analytics data edge case handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
### Context
We encountered an out of memory error when running verify-data-integrity
against the prod database. This was the error:
`FATAL ERROR: Ineffective mark-compacts near heap limit Allocation
failed - JavaScript heap out of memory`. This was one of the things
preventing verify-data-integrity from running successfully in prod.
### Summary of Changes
Local stress testing with constrained heap and memory telemetry revealed
that the rise in used heap memory was directly proportional to the
number of api calls. Investigation revealed that the `currentOutputData`
array was growing with each api call and was kept in memory. Since it
was still being appended to, it was actively kept in the heap. We
refactor the script to no longer use it, and for the two flags
`--save-output` and `--verify-output` that used it before, we refactor
them to not need to. `--save-output` now streams responses to disk as
JSONL and `--verify-output` now compares each response immediately and
discards it.
We also note a potential source of a future memory leak in the
`allUsers` array that is populated in memory for each project. We
refactor to paginate instead. Note that this didn't cause a memory leak
on local, this is a preventive measure.
### Out of Scope
fetching all transactions in the payments section of the script is
another potential cause for concern, but since the payments section of
the script will be refactored soon, we defer that discussion.
- Updated pnpm-lock.yaml to include 'rolldown' as a new optional
dependency and upgraded 'minimatch' to version 10.2.4.
- Added a debug log statement in risk-scores.tsx to indicate when the
sign-up risk engine is disabled in the public build.
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Signup risk scoring now returns a neutral (zero) score when the
scoring engine is unavailable; scoring errors are logged and surfaced
consistently instead of being silently swallowed.
* Invalid engine shapes now fail loudly rather than falling back
silently.
* **Chores**
* Updated private engine reference and adjusted tests to reflect the new
loading/resolution behavior.
* Expanded Next.js output tracing to include private package files used
by API routes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Enhances sign-up process with Turnstile integration for fraud
protection. Builds on top of fraud-protection-temp-emails.
Made with [Cursor](https://cursor.com)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Cloudflare Turnstile bot-protection across signup/sign-in flows
(including SDK JSON mode).
* Email deliverability checks via Emailable.
* Sign-up risk scoring with persisted risk metrics and country code
tracking.
* UI: country-code selector, risk-score editing in user details, users
list refresh button, and Turnstile signup demo pages.
* **Bug Fixes**
* Use actual sign-up timestamp for reporting/metrics.
* **Documentation**
* Expanded knowledge base on Turnstile, risk scoring, and env
configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
Co-authored-by: BilalG1 <bg2002@gmail.com>
Co-authored-by: Armaan Jain <84474476+Developing-Gamer@users.noreply.github.com>
Co-authored-by: nams1570 <amanganapathy@gmail.com>
- Improved the `readConfigFromFile` function in `local-emulator.ts` to provide clearer error handling for invalid configurations, ensuring robust validation of the exported config object.
- Added a new test in `cli.test.ts` to verify that the emulator CLI correctly rejects invalid architecture values, enhancing test coverage for the emulator command.
- Simplified the startup time logging in `run-emulator.sh` by removing unnecessary Python calls, improving script efficiency.
These changes enhance the reliability and usability of the local emulator and its CLI interface.
- Updated the GitHub Actions workflow to streamline the QEMU emulator image build process, including improved handling of existing releases and enhanced error reporting.
- Refactored local emulator configuration management to support reading from host-mounted paths, ensuring robust file handling and error reporting for configuration reads and writes.
- Added tests to validate new configuration handling features, improving reliability for developers working with local emulator setups.
These changes enhance the overall performance and usability of the QEMU emulator and local emulator configuration management.
- Updated the `setBranchConfigOverride` function to write branch configuration directly to a file when the local emulator is enabled, ensuring the file serves as the single source of truth.
- Added tests to verify that configuration writes to the local emulator file are handled correctly and that database operations are skipped when writing to the file.
- Improved error handling to surface file write failures before attempting database updates.
These changes enhance the local emulator's configuration management and improve reliability for developers working with branch configurations.
- Updated the GitHub Actions workflow to improve the release process for QEMU emulator images, including checks for existing releases and editing them if necessary.
- Refactored local emulator configuration handling to ensure proper file writing and directory creation, enhancing robustness.
- Added tests for writing configuration files to validate functionality and improve reliability.
These changes improve the automation of the QEMU emulator build process and enhance the local emulator's configuration management for developers.
- Added functionality to write an empty configuration file if none exists when processing a project in `route.tsx`.
- Updated `readConfigFromFile` in `local-emulator.ts` to support reading configuration from an environment variable, improving flexibility in configuration management.
- Ensured the directory structure is created when writing configuration files, enhancing file handling robustness.
These changes improve the local emulator's configuration management and usability for developers.
- Updated `local-emulator.ts` to explicitly cast the module evaluation result to `Record<string, unknown>`, improving type safety.
- Enhanced `emulator.ts` architecture detection with clearer case structures for better readability and maintainability.
These changes improve code clarity and type management in the local emulator setup.
- Deleted `stack.config.ts` and `CLAUDE-KNOWLEDGE.md` as they are no longer needed.
- Refactored the `local-emulator.ts` to improve error handling and type definitions.
- Updated the `header.tsx` component to remove the Emulator Status link, simplifying the navigation.
- Enhanced the `emulator.ts` CLI commands for better readability and maintainability.
These changes improve the overall structure and usability of the emulator and related components.
- Modified `stack.config.ts` to adjust authentication settings, enabling OTP and passkey sign-ins while disabling password sign-in.
- Updated the GitHub Actions workflow for the QEMU emulator to improve the start and stop commands, enhancing clarity in the process.
- Refactored the CLI commands for the emulator, removing snapshot options and streamlining the pull command for image downloads.
- Added new tests for the emulator CLI to validate help and argument parsing, ensuring a better developer experience.
These changes improve the configuration management and usability of the QEMU emulator for developers.
- Updated `stack.config.ts` to enable password sign-in for authentication.
- Refactored `config.tsx` to include functionality for writing configuration changes back to the local emulator's config file.
- Introduced `writeConfigToFile` and `getLocalEmulatorFilePath` functions in `local-emulator.ts` to improve file handling and path resolution.
- Enhanced `run-emulator.sh` to support mounting the host filesystem, facilitating better integration with the local environment.
These changes improve the local emulator's configuration management and usability for developers.
- Updated `stack.config.ts` to enable various application features including authentication, emails, teams, RBAC, API keys, webhooks, and launch checklist.
- Modified `seed.ts` to grant team permissions for the local emulator admin user, improving access control.
- Adjusted `run-emulator.sh` to allow auto-detection of the configuration file, enhancing usability.
- Updated `.gitignore` to include the new `run/` directory, ensuring cleaner repository management.
These changes improve the local emulator's configuration management and user experience for developers.
- Removed the `readConfigFileContentIfExists` and `writeConfigToFile` functions from the local emulator module, simplifying file handling.
- Updated the `readConfigFromFile` function to utilize environment variables for configuration content, enhancing flexibility.
- Refactored tests to align with the new configuration management approach, ensuring accurate validation of file reading and handling.
- Consolidated Docker environment variables into a new `base.env` file for improved organization and maintainability.
- Removed the host file bridge script and related logic, streamlining the emulator's architecture and reducing complexity.
These changes significantly enhance the local emulator's usability and maintainability for developers.
commit 5d43722575b826a8ed8dbb6b828f48eae4bca02c
Author: mantrakp04 <mantrakp@gmail.com>
Date: Wed Mar 18 12:27:01 2026 -0700
Add QEMU emulator snapshot functionality and reset command
- Introduced a new `emulator-qemu:reset` command in package.json to clear snapshots and force a fresh boot of the emulator.
- Enhanced the `run-emulator.sh` script to support saving and restoring snapshots, significantly reducing restart time from ~62s to ~4s.
- Implemented logic to check for existing snapshots and restore them during startup, improving the emulator's efficiency.
- Updated documentation in CLAUDE-KNOWLEDGE.md to explain the new snapshot restore process and its benefits.
These changes enhance the QEMU emulator's performance and usability for developers, providing a more efficient workflow during development.
commit 3877445bdd83cb8690da18c8520bf260d2795172
Author: mantrakp04 <mantrakp@gmail.com>
Date: Wed Mar 18 11:55:18 2026 -0700
Enhance QEMU emulator performance and configuration management
- Added optimizations to the QEMU emulator's app container startup process, reducing startup time from ~92s to ~62s by using qcow2 backing files and setting the working directory to /app.
- Updated the build-image.sh script to conditionally wait for background processes, improving robustness.
- Modified the run-emulator.sh script to create the disk image using qcow2 format instead of copying, enhancing efficiency.
- Adjusted the cloud-init user-data to set STACK_RUNTIME_WORK_DIR to /app, streamlining file operations during container initialization.
- Improved the entrypoint script to avoid unnecessary file copying when the working directory is set to /app.
These changes significantly enhance the performance and usability of the QEMU emulator for developers.
commit e0b86d3f1d5c08e46d0d343bc632e2a8c5777845
Author: mantrakp04 <mantrakp@gmail.com>
Date: Wed Mar 18 11:07:55 2026 -0700
Refactor local emulator configuration management and enhance Docker setup
- Removed redundant comments and improved code clarity in the local emulator's route handling.
- Streamlined the Dockerfile and docker-compose.yaml for better readability and maintenance.
- Updated entrypoint and initialization scripts to enhance service startup processes.
- Introduced a new common script for QEMU emulator to centralize architecture detection and firmware handling.
- Enhanced error handling in the host file bridge for improved robustness.
- Removed obsolete country code utilities to clean up the codebase.
These changes significantly improve the local emulator's configuration management and overall setup experience for developers.
commit 4fb0f93c6cc4f749a14acf0228c261e180875609
Author: mantrakp04 <mantrakp@gmail.com>
Date: Wed Mar 18 10:24:53 2026 -0700
Implement local emulator file bridge for enhanced configuration management
- Introduced a new host file bridge to facilitate reading and writing configuration files between the local emulator and the host system.
- Refactored the local-emulator module to utilize the file bridge for file operations, improving error handling and response validation.
- Added tests to ensure the file bridge functionality works as expected, including handling of non-existent files and writing configurations.
- Updated the run-emulator script to start the file bridge automatically, ensuring seamless integration during emulator startup.
- Enhanced documentation to reflect the new file bridge capabilities and usage instructions.
These changes significantly improve the local emulator's ability to manage configuration files, enhancing the development experience.
commit 3d18a7ce5bbf00a62a40a3f48f27856e79ecc62f
Author: mantrakp04 <mantrakp@gmail.com>
Date: Tue Mar 17 22:36:46 2026 -0700
Refactor QEMU local emulator setup and enhance app bundle handling
- Introduced a new script for packaging Docker images into a compressed app bundle, improving the emulator's deployment process.
- Updated build-image.sh to create a runtime configuration ISO, ensuring better management of environment settings.
- Enhanced cloud-init user-data scripts for both dev-server and deps guests, streamlining service setup and configuration.
- Improved the run-emulator.sh script to facilitate better handling of runtime configurations and dependencies.
- Adjusted the .gitignore to include .DS_Store and removed obsolete entries, cleaning up the repository.
These changes significantly enhance the local emulator's functionality and reliability for developers.
commit 8a35fb1ce79898d73e2259e256c11b6fd9b0a584
Author: mantrakp04 <mantrakp@gmail.com>
Date: Tue Mar 17 21:52:24 2026 -0700
Enhance local emulator functionality and configuration
- Updated package.json to improve the start-emulator command, providing clearer dashboard and backend URLs.
- Added a new wait-until-emulator-is-ready command to ensure the emulator is fully operational before proceeding.
- Refactored the local-emulator project route to streamline file existence checks and default config creation.
- Enhanced user guidance in the dashboard for local Stack config file handling.
- Updated tests to reflect changes in config file handling, ensuring non-existent files are created with default settings.
- Improved Docker configurations for the local emulator, including new environment variables and service dependencies.
These changes significantly enhance the local development experience and emulator reliability.
commit 3910ed4bc40bbb37340c1c316c24c2826ba372bd
Author: mantrakp04 <mantrakp@gmail.com>
Date: Tue Mar 17 19:59:36 2026 -0700
Remove unused stash-0.patch file to clean up the repository.
commit 74146d974458037a7a9590120a524629a1a6a162
Author: mantrakp04 <mantrakp@gmail.com>
Date: Tue Mar 17 19:58:46 2026 -0700
Enhance QEMU local emulator with app bundle support and runtime configuration
- Introduced a new script to package the backend and dashboard assets into a standalone app bundle for the QEMU emulator.
- Updated the build-image.sh script to create an ISO containing the app bundle, ensuring the guest image includes the full runtime.
- Modified cloud-init user-data to handle the new app bundle and runtime configuration, improving the setup process for local development.
- Enhanced the run-emulator.sh script to prepare and mount the runtime configuration ISO, facilitating better environment management for the emulator.
- Updated the user-data to include necessary environment variables for the stack application, ensuring seamless integration during startup.
These changes significantly improve the local emulator's functionality and ease of use for developers.
commit 9e865a1cf524398bc58f00e0836278775c4ae936
Author: mantrakp04 <mantrakp@gmail.com>
Date: Tue Mar 17 16:50:45 2026 -0700
Enhance local emulator setup with new services and configurations
- Added Docker support for a local emulator, integrating PostgreSQL, Redis, Inbucket, Svix, ClickHouse, MinIO, and QStash.
- Introduced new scripts for managing the emulator lifecycle, including build and run commands.
- Implemented cloud-init provisioning for automatic service setup on first boot.
- Updated package.json with new commands for emulator management and added dotenv-cli for environment variable management.
- Added tests for OAuth authorization flow to return JSON responses.
- Included configuration files for ClickHouse and user management.
This commit significantly improves the local development experience by providing a comprehensive emulator environment.
### Context
We get a lot of noise on sentry about the result admin validation
failing from the onList handler. However, we no longer care about
validating reads for trustedDomains. Via config pushes, people can set
them to anything anyway. There's no value in being stricter on reads
than on writes.
### Summary of Changes
We scope our schema changes to just the onList and read handlers for
trusted domains for the most part, though relaxing the params validation
also affects delete. In practice, delete needs to do an exact match to
find what needs to be deleted so this is fine. Also, without relaxing it
for delete, you wouldn't be able to delete a domain you had previously
put in.
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
### Context
In a [previous PR](https://github.com/stack-auth/stack-auth/pull/1258),
we hardcoded the mode to link because local emulator wasn't in a ready
state yet. Soon after, we started encountering three failing tests on
dev
The three cli tests that were failing on dev were failing because they
required the create mode flag to be set. The hardcode to link made the
create paths unreachable. Since we don't have local emulator working,
allowing users to pass in opts.mode would be bad practice- they'd be
triggering local emulator actions without the local emulator being set
up.
Also, there was a failing AI endpoint test. The unified AI endpoint
tests are set up so that if certain env variables are not present,
certain tests aren't run. In practice, if the openrouter key isn't set,
the tests that require actually processing a full AI endpoint result
without forwarding to prod will be skipped. The failing test was meant
to just check schema validation but it performed a full request instead.
### Summary of Changes
We just skip the tests for now. They'll only become relevant when
"create" is a legitimate workflow, which necessitates the function of
local emulator. There is no regression risk because the flow they're
testing isn't active yet, and so the only thing we could possibly test
is that passing the create mode will invoke a certain function which
isn't helpful at this state.
The unified AI endpoint failing test was reworked, another test
accomplishes the same schema validation effect. We don't lose coverage
by axing the failing test because other AI tests already test valid
request bodies (if they weren't valid, they wouldn't get a response).
This PR implements unified AI endpoint and custom dashboards.
**Unified AI Endpoint**
We now use a single endpoint throughout the codebase that makes the call
to openrouter. Specifically, email drafts, email templates, email
themes, wysiwyg, cmd centre ai search and docs ai, all use this unified
ai endpoint. All the tools are defined in the backend, all the prompts
exist in the backend.
How to review this PR for unified ai endpoint:
This PR will be easier to review if we look at the different folders
that were affected.
under packages - We added streaming functionality, and made renaming
changes
under docs - there are three files that have changed
package.json - we updated the package (we were previously using a very
old version of the package)
route.ts - we changed the call from a direct call to openrouter to the
unified ai endpoint
ai-chat.tsx - because of updating the package, we had to make changes to
adapt to the latest versions of the package
under backend
route.ts - the main unified ai endpoint. this endpoint uses various
support files
forward.ts - this is the forward to production functionality
models.ts - consists of the models, and the rules for selecting those
models
prompts.ts - consists of the base prompt + specific system prompts
depending upon the usage
schema.ts
every single file under ai/tools folder - which as the name suggests,
consists of the implementations of the different tools that can be
provided to the llm
route-handlers - added support for streaming to SmartRoute and response
under dashboard
ai-search/route.ts - refactored the file to use unified ai endpoint
chat-adapters.ts - refactored the file to use unified ai endpoint and
created extra checks for the ai generated code
**Custom Dashboards**
We let the user write their query in english. We then use AI to create
dashboards that are interactive, live and savable. This PR includes a
new package called dashboard-ui-components. This package has components
that are used in the dashboard and more importantly, these components
are being imported from esm in the ai generated code for custom
dashboards. We also change the bar at the top for the products pages.
How to review this PR:
Review the new package (package/dashboard-ui-components), the setup and
the files inside it.
Review the schema changes in stack-shared/src
Review the changes in dashboard. The following changes have been made
Updated the design-components folder since we moved the dashboard
components to the new package
Updated imports for these components accordingly
Updated the title bar of the product pages
Created the files for custom dashboards under the dashboards folder and
components under commands/create-dashboard
Created a script under dashboard/scripts that generates the file with
type definitions that would go to the llm
Review the backend
Started using unified ai endpoint
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added custom dashboards feature allowing users to create and manage
personalized dashboards with AI assistance.
* Integrated AI-assisted dashboard code generation with visual preview
and editing capabilities.
* Introduced new AI query endpoints supporting stream and generate modes
with configurable model quality/speed settings.
* **Improvements**
* Reorganized UI components into a dedicated component library package
for better code reuse.
* Enhanced chat architecture with improved message handling and tool
integration.
* Updated AI provider integration with improved configuration
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: Bilal Godil <bg2002@gmail.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Interactive init workflow (create, link-config, link-cloud) with safe
non-interactive behavior; writes/updates project config and .env, and
prints STACK AUTH setup instructions.
* CLI assistant/agent with a progress UI for long-running tasks.
* Backend AI proxy endpoint that validates and forwards AI requests to
an external provider.
* **Tests**
* End-to-end tests covering all init modes, outputs, env linking, and
error cases.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated installation and setup instructions across all documentation,
README files, and getting started guides to use the new Stack CLI
command format for project initialization. Users will now see the
updated command throughout documentation and framework-specific setup
guides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
### Context
We didn't have an easy place for a user to see their domain statistics
and track their sent emails, either overall or by draft. Additionally,
there was scope creep with the sidebar, where we were supporting more
pages. Our emails landing page was also rather confusing, especially
toggling/ working with different email server types. So, we decide to
add a "sent" page, to track email logs and email statistics, as well as
let users temporarily override their sending limits if need be.
Additionally, a user may want to see a particular email in more detail:
what stage is it in? How did it proceed through time? How can I pause
the sending of this email or change the scheduled time or edit the code?
We allow for that to happen.
### Summary of Changes
#### New Pages
1. **Sent Page:** A Domain Reputation card lets you track how many of
your sent emails were bounced or marked as spam as well as how much
capacity you have left. We also provide a temporary override, where you
can use up to 4 times your capacity for a limited period of time.
Additionally, we provide an email log that lets you see the recently
sent emails. You can also toggle this view from a "list all emails" to
"group by template/draft" which shows stats for each template/draft id
(i.e a bar showing how many emails were sent, are pending, were marked
as spam, were bounced etc, and the total number of emails sent with that
template or draft). Clicking on an email in the list all view takes you
to the "email-viewer" endpoint for that email (see below). Clicking on a
template/draft in the group by view takes you to a page where you can
see the statistics for that template/draft in more detail (the "send"
stage view for that template/draft, as referenced below).
2. **Settings Page:** This is a new page we created because the old
"emails" landing page wasn't doing its job. This page is to track all
the email settings. Currently, we put in 2 sections. A "theme settings"
card where users can see their active theme and click on a button to be
navigated to the themes page. This is necessary as we remove themes from
the sidebar. The other section is a card for email server and domain
configuration - you can change your server type and adjust the settings
or send a test email. It's cleaner and less noisy.
3. **Drafts Page**: There are a lot of changes here. On the landing
page, we actually separate out the drafts into "active drafts" and
"draft history" because drafts are meant to be fire-and-forget, not
reusable. We also add the functionality to create a draft from a
template. This was tricky to manage because templates rely on template
variables which sent to the backend along with the code and injected
during render time. We deal with this by having AI rewrite the template
source code to remove any references to template variables and to make
the draft standalone. The drafts page has been separated into a
stepper-controlled multi stage process:
draft->recipients->schedule->sent. Sent is a read only view that shows
you the statistics of the emails sent using that draft, as mentioned
earlier. You can also see the sent view of a historical draft. You can
also bulk pause/cancel any unsent emails from the sent view of the
drafts.
4. **Sidebar Updates**: The email sidebar now doesn't show "themes" or
"emails" (the old landing page), but it does show "settings" and "sent",
and the default landing page for emails is "sent".
5. **Email Viewer**: When you click on an individual email, you get
navigated here. This has a timeline showing the progress of the email on
the right, and some optional info for the user that's toggleable on the
right bottom, while having either a preview of the email if it's sent or
a way to edit it. You can also change the scheduledAt date of an email
if it hasn't already been sent.
#### Bug Fixes
1. **Search in `TeamMemberSearchTable`**: This was broken. Every time
you tried to enter or remove a character, it would trigger skeleton
loading that overlapped the search bar too, preventing you from
adding/removing more. This was caused because the `useUser` hook
eventually ended up calling a `use` hook, which throws a promise that
triggers a suspense. This, coupled with the fact that the implementation
of `TeamMemberSearchTable` involved a prop-drilling/ dependency
inversion approach to passing down its toolbar to a base table
component, meant the suspense would cover the toolbar too and couldn't
be scoped to just the table. A refactor has gotten rid of the need for
those base components while fixing tables in `payments/customers`,
`teams/team_id`, and `payments/transactions` on top of the existing use
in email drafts recipients stage. We also dedupped some code.
2. **Stale draft fetches on draft landing page**: `useEmailDrafts` uses
an asyncCache to cache the fetched drafts. It is used on the drafts
landing page to render the drafts. When a draft is sent, its `sentAt` is
marked versus when it is still active, it is marked as null. The cache
was stale and so navigating to the landing page after firing off a draft
would errorneously represent that draft as still active and indeed, even
allow you to edit it and fire it again. This violated the principle of
drafts being fire and forget. This has been dealt with by adding
functionality to refresh the draft cache upon firing off a draft.
#### Other Changes
1. We bumped up the base time for the exponential send attempt retry
backoff in `email-queue-step` to 20 seconds. The previous base was two
seconds, and this effectively just made it wait until the next iteration
of the `email-queue-step` cron job or at most an iteration that wasn't
too far away. When an outage with our provider happens, it may take a
while for it to be resolved, so a longer backoff is justified
2. We transitioned the themes page and the templates page to using the
new components, though deeper UI refactors for them were out of scope
for this ticket.
3. We implement a "temporarily increase capacity" button, that bumps up
the throughput/ capacity limit fourfold for a user for a given period of
time. It works like this:
> Clicking the button sets a boost expiredat time.
> When this time is set and still valid, the capacity rate is multiplied
by 4.
> When the button is clicked, trigger a loading spinner until the route
finishes processing.
> When the timer runs out, we reset the button back to its original
state.
> We dont need to wrap the onclick with runAsyncWithAlert because the
component does that already.
4. We add a new default theme: a colorful theme with a lavender base.
This was mainly done so we could have three times in a theme showcase in
the settings page.
### UI Demos
**Sent Page Demo:**
https://github.com/user-attachments/assets/19294a90-bb65-4f00-9a97-111f6c08287f
**Drafts Page Demo**
https://github.com/user-attachments/assets/847609ef-d699-470c-a699-297bb9e17f04
**Settings Page Demo**
https://github.com/user-attachments/assets/190a3829-036a-4f57-89c0-a873bef5a7ce
**Email Viewer Page Demo**
https://github.com/user-attachments/assets/3bc50159-4acb-4865-a4dd-830c84ee4235
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
