<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Switched AI provider for improved streaming and model selection.
* Updated chat UI: smoother near-bottom scrolling, refined layout, and
visual enhancements.
* **Documentation**
* Removed legacy Stack Auth setup guide from docs.
* **Chores**
* Updated docs dependencies and environment configuration; added new API
key variable and removed an old global key.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Removed Features**
* Dashboard embed functionality has been removed from the platform.
* Python template documentation and guides have been removed.
* **Documentation**
* Documentation structure has been significantly reorganized and
simplified.
* Extensive template content and component guides have been removed.
* Apple OAuth integration guide updated with streamlined secret
generation flow.
* **Refactor**
* Button component styling and variant system updated.
* Routing configuration updated with simplified path handling.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
We update the sdk dependencies (the ones present in
`package-template.json`) to the latest versions. Since several packages
have major version bumps, this results in a variety of breaking changes
that have been handled here. Incidentally, when possible, we update
similar dependencies across the codebase.
We decide to defer the tailwind update to another PR owing to its scale.
The rest of the updates and changes have been catalogued below:
1.
[Bumping](https://github.com/panva/oauth4webapi/blob/v3.x/CHANGELOG.md)
`oauth4webapi` to 3.8.3: this was a major version changed. While there
were no compatibility issues in the sdk, there were several breaking
changes in `stack-shared`. Namely:
a. The removal of `isOauth2Error`. We used this to check if the results
of our `oauth4webapi` api invocations had issues. The functions were
changed to explicitly throw either `ResponseBodyErrors` or
`AuthorizationResponseErrors`, so the code was reworked to account for
that with no loss in error handling.
b. Dropping of support for http broadly: `oauth4webapi` now only accepts
https. This is desired, but I add a carve out for our test environments
only.
c. `refreshTokenGrantRequest` and `authorizationCodeGrantRequest` now
require `clientAuthentication` to be passed explicitly to them.
d. Changes in how we handle our `MultiFactorAuthenticationRequired`
error: This is an error that we created and is passed to the
`oauth4webapi` API if there are MFA issues. Since the
`processAuthorizationCodeResponse` now explicitly throws a
`ResponseBodyError`, we access the error cause from the body of the
error instead.
2. [Bumping](https://github.com/Qix-/color/releases) `color` to 5.0.4:
this was a major version bump. Simple type checking change, I checked
the API for the correct interface.
3.
[Bumping](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
`simplewebauthn` to 13.2.2: two major version bumps, but no
incompatibilities surprisingly
4. [Bumping](https://github.com/jshttp/cookie/releases) `cookie` to
1.1.1: this was a major version bump.
a. Changing `parse` to `parseCookie`. In the most recent version,
`parse` is still maintained as an alias for `parseCookie` for backwards
compatibility, but I thought it would be best to change it over now. No
change in functionality.
b. Typing is now strongly enforced. A cookie can be `string |
undefined`, and the `Cookies` are now `Record<string, string |
undefined>`. We already have code to handle if a cookie is returned as
undefined/ null, so the changes here were more to ensure type
compatibility rather than big changes in functionality.
5. [Bumping ](https://github.com/isaacs/rimraf#readme)`rimraf` to 6.1.2:
No breaking changes, mostly just bug fixes.
6. [Bumping](https://github.com/panva/jose/releases?page=1) `jose` to
6.1.3: This is another major version bump. We update it across the
codebase to ensure compatibility. We use this for importing and
processing jwk tokens. There are a few big changes in the version bump,
but the only one that applies to us is that `importJwk` now yields a
`CryptoKey` instead of a `KeyObject` in Node.js. However, this doesn't
appear to break our code. We use `importJwk` in
`stack-auth/packages/stack-shared/src/utils/jwt.tsx`.
7. [Bumping](https://github.com/react-hook-form/resolvers/releases)
`hookform/resolvers` to 5.2.2 (two major version jumps), and
consequently bumping `react-hook-form` to 7.70.0: We already use the
patterns that `hookform/resolvers`' latest versions seem to be
enforcing. The only other breaking change is that it requires version
7.55.0+ of `react-hook-form`. Though we should pay attention to any
interactions with zod and `hookform/resolvers`, some people have
reported compatibility issues if they aren't using the latest compatible
versions of both.
8. [Bumping](https://github.com/jquense/yup/blob/master/CHANGELOG.md)
`yup` to 1.7.1: this was a minor version change, but we had
incompatibility issues with this change. Versions 1.4.1 and 1.7.1 cannot
exist in the same codebase due to incompatibility, so we bumped it up
across the codebase, including in peer dependencies.
9. Some minor version changes for some packages, but these were mostly
bug fixes.
10. **Edited to add**: Bumping freestyle to 0.1.6, and reworking the
freestyle mock server. In 0.1.6, freestyle changed their API in two
ways:
a. We're now supposed to hit their `execute/v2/...` endpoint and
b. They've flattened the `config` argument to `serverless.runs.create`.
These changes are minor, but are important. As part of a general suite
of dependency bumps, this was judged to fit here.
We have linked the changelogs for the packages on each line.
- restricted users
- onboarding app
- waitlist app
- fixed an exception when setting primary email
- automatically update the JWT token on the client when the user object
changes
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
Updates all icons to Phosphor and removes lucide as dependency.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Unified and refreshed iconography across the dashboard (pages,
widgets, controls, dialogs, navigation, lists) for a more consistent,
modern visual experience — purely visual, no behavior changes.
* **Chores**
* Migrated to a single icon set across the project and removed the
previous icon library; updated documentation package to include the new
icon dependency.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
ONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR changes the default development ports for several background
services to avoid conflicts. PostgreSQL moves from port `5432` to
`8128`, Inbucket SMTP from `2500` to `8129`, Inbucket POP3 from `1100`
to `8130`, and the OpenTelemetry collector from `4318` to `8131`. All
references across configuration files, Docker Compose setups,
environment files, CI/CD workflows, test files, and documentation have
been updated to reflect these new port assignments. A knowledge base
document has been added to document the new port mappings.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
| --- | --- |
| 1 | `claude/CLAUDE-KNOWLEDGE.md` |
| 2 | `apps/dev-launchpad/public/index.html` |
| 3 | `docker/dependencies/docker.compose.yaml` |
| 4 | `docker/emulator/docker.compose.yaml` |
| 5 | `apps/backend/.env` |
| 6 | `apps/backend/.env.development` |
| 7 | `docker/server/.env.example` |
| 8 | `package.json` |
| 9 | `.devcontainer/devcontainer.json` |
| 10 | `apps/e2e/.env.development` |
| 11 | `.github/workflows/check-prisma-migrations.yaml` |
| 12 | `.github/workflows/docker-server-test.yaml` |
| 13 | `.github/workflows/e2e-api-tests.yaml` |
| 14 | `.github/workflows/e2e-source-of-truth-api-tests.yaml` |
| 15 | `.github/workflows/restart-dev-and-test.yaml` |
| 16 |
`apps/e2e/tests/backend/endpoints/api/v1/internal/email-drafts.test.ts`
|
| 17 | `apps/e2e/tests/backend/endpoints/api/v1/internal/email.test.ts`
|
| 18 | `apps/e2e/tests/backend/endpoints/api/v1/send-email.test.ts` |
| 19 |
`apps/e2e/tests/backend/endpoints/api/v1/unsubscribe-link.test.ts` |
| 20 | `apps/e2e/tests/backend/workflows.test.ts` |
| 21 | `docs/templates/others/self-host.mdx` |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> This PR introduces customizable development ports using
`NEXT_PUBLIC_STACK_PORT_PREFIX`, updating configurations, documentation,
and tests accordingly.
>
> - **Behavior**:
> - Default development ports for services are now customizable via
`NEXT_PUBLIC_STACK_PORT_PREFIX`.
> - PostgreSQL port changed from `5432` to
`${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}28`.
> - Inbucket SMTP port changed from `2500` to
`${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}29`.
> - Inbucket POP3 port changed from `1100` to
`${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}30`.
> - OpenTelemetry collector port changed from `4318` to
`${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}31`.
> - **Configuration**:
> - Updated `docker.compose.yaml` to use new port variables for services
like PostgreSQL, Inbucket, and OpenTelemetry.
> - Environment files in `apps/backend`, `apps/dashboard`, and
`apps/e2e` updated to use `NEXT_PUBLIC_STACK_PORT_PREFIX`.
> - `package.json` scripts updated to reflect new port configurations.
> - **Documentation**:
> - Added `CLAUDE-KNOWLEDGE.md` to document new port mappings.
> - Updated `self-host.mdx` to reflect new port configurations.
> - **Testing**:
> - Updated test files in `apps/e2e/tests` to use new port
configurations.
> - Added `helpers/ports.ts` for port-related utilities in tests.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 76ef55f58f. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enable configurable development ports via a
NEXT_PUBLIC_STACK_PORT_PREFIX, allowing parallel local environments with
custom port prefixes.
- **Bug Fixes**
- Updated local service port mappings and CI/workflow settings so
tooling and tests use the new prefixed ports consistently.
- **Documentation**
- Added docs and contributor guidance for running multiple parallel
workspaces with custom port prefixes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: N2D4 <N2D4@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
Removes Platform selection, moves docs to single /content folder and no
longer gens docs. Only API docs are generated here.
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR makes significant changes to the documentation structure by
removing platform-specific content organization and consolidating docs
into a single `/content` folder. The primary goal is to simplify the
documentation architecture by eliminating the platform-specific routing
(Next.js, React, JavaScript, Python) and instead organizing content by
topic (guides, SDK, components) regardless of platform. The PR removes
platform selection functionality, platform-specific navigation, and the
automatic generation of platform-specific documentation pages. It
introduces a new docs tree filtering system that organizes content by
section rather than by platform. These changes should make the
documentation more maintainable and easier to navigate while focusing on
the content itself rather than platform-specific variations.
⏱️ Estimated Review Time: 30-90 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `docs/package.json` |
| 2 | `docs/src/lib/docs-tree.ts` |
| 3 | `docs/src/lib/navigation-utils.ts` |
| 4 | `docs/src/components/homepage/iconHover.tsx` |
| 5 | `docs/src/components/sdk/overview.tsx` |
| 6 | `docs/src/components/layouts/shared/section-utils.ts` |
| 7 | `docs/src/components/layout/custom-search-dialog.tsx` |
| 8 | `docs/src/app/api/search/route.ts` |
| 9 | `docs/src/app/docs/[[...slug]]/page.tsx` |
| 10 | `docs/src/components/layouts/docs-header-wrapper.tsx` |
| 11 | `docs/src/components/layouts/docs-layout-router.tsx` |
| 12 | `docs/src/components/layouts/docs.tsx` |
| 13 | `package.json` |
</details>
[](https://discord.gg/n3SsVDAW6U)
<!-- RECURSEML_SUMMARY:END -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added many new guides (auth providers, OAuth, JWT, API keys, emails,
webhooks, orgs/teams, permissions, onboarding, customization), expanded
SDK & component reference pages, examples, and navigation metadata.
* Switched docs to a simpler section-based, platform-agnostic structure
and improved getting-started and production checklists.
* **Developer Experience**
* Enhanced docs UX: improved code-example UI with platform/framework
selectors, theme-aware highlighted code blocks, image zoom, and a
centralized code-sample registry.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
Adds JWT docs and JWT viewer component to docs
<img width="1182" height="668" alt="image"
src="https://github.com/user-attachments/assets/f4196dd9-e159-420e-9d78-a3928983f126"
/>
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR adds comprehensive JWT (JSON Web Token) documentation and an
interactive JWT viewer component to the Stack Auth documentation. The
main additions are a new documentation page explaining JWT concepts,
structure, and usage within Stack Auth, along with a React component
that allows users to decode and inspect JWT tokens. The JWT viewer can
automatically load the current user's session token if they are signed
in, or accept manually pasted tokens. The documentation provides
examples of both client-side and server-side JWT usage, security
considerations, troubleshooting guidance, and best practices. The PR
also includes necessary updates to metadata files and component exports
to integrate the new content into the documentation platform.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `docs/templates/concepts/jwt.mdx` |
| 2 | `docs/src/components/mdx/jwt-viewer.tsx` |
| 3 | `docs/docs-platform.yml` |
| 4 | `docs/src/components/mdx/index.ts` |
| 5 | `docs/src/mdx-components.tsx` |
| 6 | `docs/templates/meta.json` |
| 7 | `docs/templates-python/meta.json` |
</details>
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds a new JWT concepts page and an interactive `JWTViewer` component,
integrating it into MDX and navigation, with `jose` added for decoding.
>
> - **Docs**:
> - Add `concepts/jwt.mdx` with JWT structure, claims, examples,
verification, security, and best practices.
> - Include JWT page in navigation: `docs-platform.yml`,
`templates/meta.json`, and Python `templates-python/meta.json`.
> - **UI Component**:
> - Add `JWTViewer` in `docs/src/components/mdx/jwt-viewer.tsx` to
decode JWTs (header, payload, signature), show time-based indicators,
and load current user token via `useUser()`.
> - Export and register in MDX: `docs/src/components/mdx/index.ts`,
`docs/src/mdx-components.tsx`.
> - **Dependencies**:
> - Add `jose` to `docs/package.json` (lockfile updated).
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for f25e369599. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- RECURSEML_ANALYSIS:START -->
## Review by RecurseML
_🔍 Review performed on
[ad34cfe..a135bbd](ad34cfecc2...a135bbdd77)_
✨ No bugs found, your code is sparkling clean
<details>
<summary>✅ Files analyzed, no issues (3)</summary>
• `docs/src/components/mdx/jwt-viewer.tsx`
• `docs/src/mdx-components.tsx`
• `docs/src/components/mdx/index.ts`
</details>
<details>
<summary>⏭️ Files skipped (trigger manually) (4)</summary>
| Locations | Trigger Analysis |
|-----------|:------------------:|
`docs/docs-platform.yml` |
[
`docs/templates-python/meta.json` |
[
`docs/templates/concepts/jwt.mdx` |
[
`docs/templates/meta.json` |
[
</details>
[](https://discord.gg/n3SsVDAW6U)
<!-- RECURSEML_ANALYSIS:END -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Interactive JWT Viewer in the docs: paste or auto-load a token to
inspect header, payload, signature with live decoding, validity/time
indicators, per-field copy controls, and "load my token".
* **Documentation**
* New "JWT" concept page covering structure, claims, examples,
client/server/manual usage, security, troubleshooting, and best
practices.
* JWT page added to site navigation and enabled across Next, React, JS,
and Python docs.
* **Chores**
* Added runtime dependency to support JWT decoding in the docs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Adds a new JWT concepts page and an interactive `JWTViewer` component,
integrating it into MDX and navigation, with `jose` added for decoding.
>
> - **Docs**:
> - Add `concepts/jwt.mdx` with JWT structure, claims, examples,
verification, security, and best practices.
> - Include JWT page in navigation: `docs-platform.yml`,
`templates/meta.json`, and Python `templates-python/meta.json`.
> - **UI Component**:
> - Add `JWTViewer` in `docs/src/components/mdx/jwt-viewer.tsx` to
decode JWTs (header, payload, signature), show time-based indicators,
and load current user token via `useUser()`.
> - Export and register in MDX: `docs/src/components/mdx/index.ts`,
`docs/src/mdx-components.tsx`.
> - **Dependencies**:
> - Add `jose` to `docs/package.json` (lockfile updated).
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
837fffb848. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
