16 Commits

Author	SHA1	Message	Date
Bilal Godil	8f95e12b3b	fix(hexclave): address rename review leftovers	2026-06-03 13:04:51 -07:00
Bilal Godil	a0644b82e1	Hexclave rename PR5: rename package dirs to drop stack- prefix (Step 16/A) ... git mv packages/stack-shared->shared, stack-ui->ui, stack-sc->sc, stack-cli->cli, and stack->next (the generated @hexclave/next pkg, regenerated via generate-sdks dest change). Fixed deep-relative imports (pacifica/surface.tsx), tailwind content glob, CI emulator paths, root cli script, generate-setup-prompt-docs + skills relative imports, and comments. Reinstalled. build + typecheck + lint green (28/28).	2026-06-03 12:17:56 -07:00
Bilal Godil	c91a23ee88	Hexclave rename PR5: rename stack*App local-variable convention ... Step 5: rename lowercase local vars stackApp/stackServerApp/stackClientApp/ stackAdminApp -> hexclave* across SDK source, apps, examples, and docs-mintlify (docs/ excluded). Public StackServerApp/StackClientApp classes and the useStackApp hook are unchanged. typecheck + lint green.	2026-06-03 12:17:14 -07:00
BilalG1	501ae9fe61	PR 4: Rename Stack -> Hexclave: examples config module, app-internal symbols, crypto docs (#1534) ... ## What Continues the **Stack Auth → Hexclave** rename for a set of safe, internal-only surfaces. This intentionally avoids public-contract names. ### Changes - **Examples** — renamed the user-facing config module `stack.ts`/`stack.tsx` (and the `convex` / `lovable` `stack/` directories) to `hexclave`, and updated every importer across `.ts`/`.tsx`/`.jsx`. The public `app/handler/[...stack]/` route segment is left unchanged. - **apps/{dashboard,backend,internal-tool}** — renamed app-local SDK-init symbols `stackClientApp → hexclaveClientApp` and `getStackServerApp → getHexclaveServerApp`, and the dashboard `StackCompanion` component → `HexclaveCompanion` (incl. `useStackCompanion`, context types). The public `StackClientApp`/`StackServerApp` SDK classes are **unchanged**. - **packages/stack-shared** — added comments to the crypto / JWT / vault `stack-*` literals documenting that they must **not** be renamed (key derivation / JWKS / KMS-alias stability). The literals are byte-identical. ### Deliberately excluded - **`STACK_*` → `HEXCLAVE_*` env-var rename** — `HEXCLAVE_*` already resolves via the dual-read layers (SDK env, dashboard `_inlineEnvVars`, `getEnvVariable`). The remaining holdout is the docker post-build sentinel path, which the codebase authors explicitly deferred and which is tightly coupled to `entrypoint.sh` + untestable here. A blind rename there risks silently breaking self-host/emulator bootstrap for ~zero functional gain. - **All public-contract names** — SDK class names, env vars, HTTP headers (`x-stack-*`), and the `/handler` route convention. ## Verification - `pnpm lint` — **29/29 passing**. - `pnpm typecheck` — **28/29 passing**; the only failure is `@hexclave/docs` (pre-existing missing fumadocs `.source` codegen, untouched by this PR). - Two rounds of adversarial multi-agent review; findings fixed: string-literal collateral from the symbol sweep (CLI test fixtures + an AI-prompt template) reverted, and a missed `.jsx` importer in `examples/cjs-test` corrected. ## Notes - Based on a `dev` snapshot from when the branch was cut (a couple commits behind tip); the diff contains only the changes above. <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Complete the internal “Stack” → “Hexclave” rename across examples, app-local code, config tooling, and setup docs, and standardize env output to HEXCLAVE_* with correct default API URL handling. Public SDK classes, handler routes, and legacy env names keep working. - **Refactors** - Examples/config: `stack.*` files and `stack/` dirs → `hexclave.*`/`hexclave/`; imports updated; keep `app/handler/[...stack]` route. - Apps: backend/dashboard/internal-tool now use `getHexclaveServerApp` and `hexclaveClientApp`; dashboard `StackCompanion` → `HexclaveCompanion`. Public `StackClientApp`/`StackServerApp` unchanged. - Env/setup: Next.js and CLI generators write HEXCLAVE_* and omit API URL when using https://api.stack-auth.com; CLI `doctor` and auth resolution prefer HEXCLAVE_* (e.g. `HEXCLAVE_SECRET_SERVER_KEY`, `HEXCLAVE_PROJECT_ID`) with `STACK_*` fallback. - Config tooling: `stack-config-file` → `hexclave-config-file`, emitting `HexclaveConfig`; imports updated across backend/dashboard/tooling. - Shared/docs: added “do not rename” notes for crypto/JWT/vault `stack-*` literals; regenerated setup prompt/docs to use `hexclave.config.ts`, `hexclave dev`, and `src/hexclave/`. - Tests: updated snapshots/assertions to expect `HexclaveConfig` and HEXCLAVE_* env names. - **Migration** - No action required. SDK and CLI read both HEXCLAVE_* and STACK_*. <sup>Written for commit 8a891b4f6c. Summary will update on new commits.</sup> <a href="https://cubic.dev/pr/hexclave/hexclave/pull/1534?utm_source=github" target="_blank" rel="noopener noreferrer" data-no-image-dialog="true"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cubic.dev/buttons/review-in-cubic-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cubic.dev/buttons/review-in-cubic-light.svg"><img alt="Review in cubic" src="https://cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Renamed internal app/client/server instances and companion/provider components to the new product name across backend, dashboard, examples, and tooling; imports updated accordingly. * Updated generated environment variable names and CLI init/doctor outputs to prefer the new product prefix. * **Documentation** * Added clarifying notes about vault/encryption and JWT/key labels to avoid breaking existing encrypted data. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-06-03 12:09:20 -07:00
BilalG1	011d7d751d	Fix stale e2e CLI + RDE config tests (emulator removal & hexclave rename) (#1528) ... ## What Fixes the 9 failing tests in the E2E (Local Emulator) job — 2 test files, both stale after recent refactors that renamed source but missed the tests. ### `apps/e2e/tests/general/cli.test.ts` (6 failures) The `stack emulator` command was removed in #1522 (which also reworded its auth errors from "local emulator" → "development environment"), but the e2e tests were never updated: - Updated two error-string assertions: - `"Local emulator publishable client key not found"` → `"Development environment publishable client key not found"` - `"Cannot reach local emulator"` → `"Cannot reach development environment"` - Removed the dead `"Stack CLI — Emulator"` describe block (4 tests for the deleted `emulator pull/start/stop/list-releases` subcommands) and the now-unused `CLI_SRC_BIN` const. ### `apps/dashboard/src/lib/remote-development-environment/config-file.test.ts` (3 failures) Leftover `@stackframe/*` names from the `@hexclave` rename: - Fixture imports `@stackframe/stack-shared/config` → `@hexclave/shared/config` (the `defineStackConfig` / `defineHexclaveConfig` cases were failing with `Cannot find module`). - Rendered-config snapshot type import `@stackframe/js` → `@hexclave/js`. ## Verification - `config-file.test.ts`: **7 passed**. - `cli.test.ts` against a live local backend: **69 passed / 4 skipped / 0 failed** (the 4 skips are environment-gated `it.runIf`/`it.skip`, not failures). - Reproduced both CLI error paths against the built CLI binary to confirm the new strings match exactly. - `lint` ✓ and `typecheck` ✓ for `@hexclave/e2e-tests` and `@hexclave/dashboard`. Only test files are changed — no production code. <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Fixes 9 failing E2E tests by updating CLI error messages and RDE config test imports after the emulator command removal and the `@hexclave` rename. Removes obsolete emulator CLI tests; no production code changed. - **Bug Fixes** - CLI: updated two error-string assertions to use “Development environment …” wording. - CLI: removed the obsolete “Stack CLI — Emulator” test block and the unused `CLI_SRC_BIN`. - Dashboard RDE config tests: replaced `@stackframe/stack-shared/config` with `@hexclave/shared/config`. - Snapshot import: `@stackframe/js` → `@hexclave/js`. <sup>Written for commit a887d7209b. Summary will update on new commits.</sup> <a href="https://cubic.dev/pr/hexclave/stack-auth/pull/1528?utm_source=github" target="_blank" rel="noopener noreferrer" data-no-image-dialog="true"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cubic.dev/buttons/review-in-cubic-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cubic.dev/buttons/review-in-cubic-light.svg"><img alt="Review in cubic" src="https://cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Updated error messages to use "development environment" terminology instead of "emulator" references. * **Tests** * Adjusted test assertions and imports for consistency with updated terminology. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-06-01 14:31:01 -07:00
BilalG1	609579abab	feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring (#1482)	2026-05-29 15:21:59 -07:00
BilalG1	57ff5d3ce9	feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481) ... ## Summary **Stacked on [#1475](https://github.com/hexclave/stack-auth/pull/1475)** (`cl/hexclave-pr1`, the invisible compatibility layer). Diff vs that base = the actual PR 2 code. This is **PR 2 of the Stack Auth → Hexclave rebrand: the visible flip**. Old wire identifiers (cookies, request/response headers, Bearer prefix, JWT issuers, MCP tool name) keep working indefinitely via PR 1's dual-accept. This PR flips every user-visible surface — package names taught in docs, SDK class names in code examples, dashboard setup snippets, page titles, error messages, email content, CLI binary, default base URLs, GitHub repo slug, contributor guidance — to the Hexclave brand. See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 2: Rebrand to Hexclave (visible)"* for the full per-work-area spec. ## What's implemented (per the plan's PR 2 scope) - **SDK base URLs** flipped: `defaultBaseUrl` and `defaultAnalyticsBaseUrl` in [common.ts](packages/template/src/lib/stack-app/apps/implementations/common.ts:127) → `https://api.hexclave.com` / `https://r.hexclave.com`. PR 1's [`getHardcodedFallbackUrls`](packages/stack-shared/src/utils/urls.tsx:199) table now keys on the Hexclave domain. - **Domain inventory sweep** (16 subdomains from the plan): every `api/app/docs/discord/demo/mcp/skill/feedback/test/preview/r/api2/api.staging/idp-jwk-audience/built-with.stack-auth.com` reference in production code, docs-mintlify, examples, READMEs, and contributor guidance flipped to `*.hexclave.com`. Carve-outs: PR 1's intentional JWT issuer dual-accept table in [tokens.tsx](apps/backend/src/lib/tokens.tsx), the legacy `./docs/` folder, the `unified-docs-widget` allowlist (deliberately accepts both during DNS transition), and `url-targets.ts` hosted-component default (baked into existing customer deploys). - **`@deprecated` JSDoc** on every `Stack*` public export ([packages/template/src/lib/stack-app/index.ts](packages/template/src/lib/stack-app/index.ts) + [packages/template/src/index.ts](packages/template/src/index.ts)) — `StackClientApp`, `StackServerApp`, `StackAdminApp` + every constructor/options/JSON type, `StackHandler`, `StackProvider`, `StackTheme`, `useStackApp`, `defineStackConfig`, `StackConfig`. Hexclave\* aliases are now canonical. - **Runtime `console.warn`** ([packages/template/src/internal/deprecation-warning.ts](packages/template/src/internal/deprecation-warning.ts)) — once-per-process when the SDK is loaded from a `@stackframe/*` artifact. Detection uses the existing `STACK_COMPILE_TIME_CLIENT_PACKAGE_VERSION_SENTINEL` (rewritten at build time to e.g. `js @stackframe/stack@2.8.92` or `js @hexclave/next@1.0.0`); `@hexclave/*` mirror artifacts short-circuit the warning. - **Tier 3 data migration**: new idempotent SQL migration [`20260523000000_rename_internal_project_to_hexclave`](apps/backend/prisma/migrations/20260523000000_rename_internal_project_to_hexclave/migration.sql) — updates the internal Project `displayName` 'Stack Dashboard' → 'Hexclave Dashboard' and `description` only if both still hold the pre-rebrand defaults. Operator-renamed projects untouched, missing row no-ops, re-runs are no-ops. [`seed.ts`](apps/backend/prisma/seed.ts:87) default flipped. `getSharedEmailConfig("Stack Auth")` → `("Hexclave")`. - **Tier 4 brand strings** (mechanical sweep, ~340 files): - Page + OpenAPI titles (Hexclave API / Dashboard / REST API / Webhooks API / Documentation). OpenAPI `info.description` documents `X-Hexclave-*` headers as canonical with compat note on `X-Stack-*`. - `HexclaveAssertionError` message text ([errors.tsx:71](packages/stack-shared/src/utils/errors.tsx:71)) — "an error in Stack." → "an error in Hexclave." - Known-error message templates ([known-errors.tsx](packages/stack-shared/src/known-errors.tsx)) flipped to lead with `x-hexclave-*` + the new `docs.hexclave.com` URL; legacy `x-stack-*` mentioned as compat aliases. **25 e2e test files updated in lockstep**. - Email content: failed-emails-digest body, sendTestEmail recipient (now `sent-with-hexclave.com`), test-email-recipient default. - `CHANGELOG.md` title → "Hexclave Changelog". - `AGENTS.md` env var convention: new vars prefix `HEXCLAVE_` / `NEXT_PUBLIC_HEXCLAVE_` for Category A/B; legacy `STACK_*` explicitly noted as accepted via PR 1's dual-read. - **CLI / init wizard**: - Every dashboard setup snippet, init-stack template, and docs-mintlify page teaches `npx @hexclave/cli@latest init` (was `@stackframe/stack-cli`). [setup-page.tsx](apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/(overview)/setup-page.tsx) + [link-existing-onboarding](apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/link-existing-onboarding.tsx). - [init-stack](packages/init-stack/src/index.ts:634) `STACK_*_INSTALL_PACKAGE_NAME_OVERRIDE` defaults flipped to `@hexclave/*`. - Generated `stack/client.ts` / `stack/server.ts` import from `@hexclave/next` and reference `HexclaveClientApp` / `HexclaveServerApp`. - Internal `StackAuthKeys` dashboard component renamed to `HexclaveKeys`. - **docs-mintlify rewrite** (legacy `./docs/` intentionally untouched per scoping decision): - **78 MDX files swept**. `@stackframe/{react,stack,js,tanstack-start,...}` → `@hexclave/{react,stack,js,...}` in install snippets and code blocks; `Stack*` SDK class names → `Hexclave*` in all code examples; 'Stack Auth' brand phrase → 'Hexclave'. - `openapi/{server,admin,client,webhooks}.json` titles → 'Hexclave REST API' / 'Hexclave Webhooks API'. - **Generators flipped before regeneration**: - [`packages/stack-shared/src/helpers/init-prompt.ts`](packages/stack-shared/src/helpers/init-prompt.ts), [`/ai/prompts.ts`](packages/stack-shared/src/ai/prompts.ts), [`apps/backend/src/lib/ai/prompts.ts`](apps/backend/src/lib/ai/prompts.ts), [`apps/backend/src/lib/ai/tools/create-email-{template,draft}.ts`](apps/backend/src/lib/ai/tools/create-email-template.ts), [`apps/skills/src/app/route.ts`](apps/skills/src/app/route.ts) (taught MCP tool → `ask_hexclave` with compat note; CLI binary teach → `hexclave`), [`docs-mintlify/snippets/home-prompt-island.jsx`](docs-mintlify/snippets/home-prompt-island.jsx), [`packages/template/README.md`](packages/template/README.md) + integrations/convex/component/README.md. - `generate-sdks` propagated changes to `packages/{react,stack,js}`. - **OpenAPI dual-documentation**: [`apps/backend/src/app/api/latest/route.ts`](apps/backend/src/app/api/latest/route.ts) now lists `X-Hexclave-*` headers as primary documented schemas with `X-Stack-*` duplicates marked `.optional()` (both accepted at runtime by PR 1's normalize-at-proxy shim). - **`@stackframe/emails` virtual module**: dual-aliased to `@hexclave/emails` at the bundler boundary ([email-rendering.tsx:89](apps/backend/src/lib/email-rendering.tsx:89)). Stored email templates continue to import from either name; new AI-generated templates and the system prompt teach `@hexclave/emails`. - **Tier 2 mirror-publish wiring** (new this PR, lays the groundwork for `@hexclave/*` first publish): - [`scripts/rewrite-packages-to-hexclave.ts`](scripts/rewrite-packages-to-hexclave.ts) — rewrites 9 publishable `@stackframe/*` → `@hexclave/*` `package.json` files (reads `HEXCLAVE_VERSION` env or `--version=` flag), pins cross-deps to the shared `@hexclave` version, registers `hexclave` bin alongside `stack` for `@hexclave/cli`. - [`.github/workflows/npm-publish.yaml`](.github/workflows/npm-publish.yaml) appended with rewrite-then-republish step. `pnpm publish` skips already-on-npm versions so reruns are safe. - **Sender email domain**: `noreply@stackframe.co` → `noreply@sent-with-hexclave.com` (the dedicated transactional-sender domain split per the plan, to isolate bulk deliverability from `hexclave.com` reputation); `security@` / `team@stack-auth.com` inbound mailboxes → `@hexclave.com`. - **Self-host docs**: docker network / container names in the bash examples flipped from `stack-auth` to `hexclave` (`hexclave-postgres`, `hexclave-clickhouse`, `hexclave.env`). The docker image tag `stackauth/server:latest` stays per the plan's locked decision. - **GitHub repo slug**: `hexclave/stack-auth` → `hexclave/hexclave` in every `package.json` `repository` field, README link, CHANGELOG raw-asset URL. ## Carve-outs (deliberately untouched) - **[`apps/backend/src/lib/tokens.tsx`](apps/backend/src/lib/tokens.tsx)** JWT issuer dual-accept table — PR 1 intentional infrastructure, kept indefinitely. - **Legacy `./docs/` folder** — per scoping decision (only `docs-mintlify/` rewritten). - **`unified-docs-widget` hostname allowlist** — accepts both `.hexclave.com` (canonical) and `.stack-auth.com` (transition window) for DNS rollout. - **`url-targets.ts`** hosted-domain default `.built-with-stack-auth.com` — wire identifier baked into existing customer deploys; indefinite read-fallback. - **Binary visual assets** (logos, favicons, OG images, README screenshots) — out of scope for this PR. Need design work; tracked separately. ## Verification - **`pnpm typecheck`** on `packages/{template,stack-shared,react,stack,js}` + `apps/dashboard`: **all green**. The remaining backend / e-commerce-demo typecheck errors are pre-existing (Prisma codegen output + `./generated/api-versions.json` not present in fresh worktrees without `pnpm run codegen-prisma` + a live DB) and unrelated to this diff. - **`pnpm lint`** on the same 6 packages: all green. - **Final grep** for residual `Stack Auth` / `stack-auth.com` / `@stackframe/stack-cli@latest` references: zero outside the intentional carve-outs above. - **25 e2e test files updated in lockstep** with the known-error message changes (asserted strings flipped to match the new x-hexclave-* + compat-note messages). ## Deploy blockers (ops sequencing before this rebrand goes live) This PR is code-complete, but the rebrand's visible surfaces (SDK default URLs, dashboard links, npm READMEs, REST error messages, runtime deprecation warning) all point at `*.hexclave.com` / `@hexclave/*` resources that don't exist yet. None of these are fixable from a PR — they're ops/registrar/npm work that has to be sequenced before merging this to a release tag. Suggested ordering, hardest blockers first: ### Tier 1 — required before customer-facing deploy (everything below this line *will visibly break customers on day 1* if skipped) 1. **DNS + TLS for `api.hexclave.com` + `api1./api2.hexclave.com`** → must point at the same backend that serves `api.stack-auth.com` (or a backend that mirrors PR 1's dual-accept). The SDK's new `defaultBaseUrl` is `https://api.hexclave.com`; every customer that relied on the old default and upgrades to a post-PR2 SDK build sends API requests here. Until this resolves, every default-config customer's API call NXDOMAINs. 2. **DNS for `app.hexclave.com`** → the dashboard. Referenced in the SDK's default-error messages ("Please create a project on the Hexclave dashboard at https://app.hexclave.com"), the init-stack flow's `wizard-congrats` redirect, and the OAuth dashboard handoff. 3. **DNS for `docs.hexclave.com`** + Mintlify deploy → the SDK runtime deprecation warning (`https://docs.hexclave.com/migration`), every README, every "Learn more" link in the dashboard, and every REST API error body (`/api/overview#authentication`) points here. The MDX is in this PR; the docs build target needs DNS. 4. **DNS for `mcp.hexclave.com`** → the MCP server endpoint that every taught agent integration (`claude mcp add ...`, `cursor`, `codex`, `vscode`) registers. Until this resolves, every `npx @hexclave/cli@latest init` MCP-registration step fails. 5. **Reserve the `@hexclave` npm scope + set repo variable `HEXCLAVE_VERSION`** → the mirror-publish step in `.github/workflows/npm-publish.yaml` is gated on this variable. Without it, the entire taught onboarding command `npx @hexclave/cli@latest init` 404s from the npm registry, *and* every README that says "install `@hexclave/next`" leads to install failure. Pick the initial version intentionally (`1.0.0` or aligned to `@stackframe/stack`); don't accept a silent default. ### Tier 2 — required before announcing the rebrand publicly (lookalike or low-traffic surfaces, but visibly broken) 6. **DNS for `r.hexclave.com`** → the analytics beacon `defaultAnalyticsBaseUrl`. Silent failure if missing (analytics drops), but should land alongside Tier 1. 7. **Register `sent-with-hexclave.com` + full email auth (SPF / DKIM / DMARC)** → the new default sender domain for shared-sender transactional emails. Without it the dashboard "send test email" path emits bounces, and shared-sender flows (`getSharedEmailConfig("Hexclave")`) deliver to spam at best. 8. **MX + SPF / DMARC for `hexclave.com`** → `team@hexclave.com` and `security@hexclave.com` mailboxes. The security disclosure mailbox is referenced in [`.github/SECURITY.md`](.github/SECURITY.md); `team@hexclave.com` is the actual recipient of internal feedback emails sent at runtime by [`apps/backend/src/lib/internal-feedback-emails.tsx`](apps/backend/src/lib/internal-feedback-emails.tsx). Today, every runtime feedback email bounces. 9. **DNS for `skill.hexclave.com`** → the canonical AI-agent skill fetch URL (the agent bootstrap pivot). Without it, the entire "agent downloads `SKILL.md` from a known URL" flow taught in [`packages/stack-shared/src/helpers/init-prompt.ts`](packages/stack-shared/src/helpers/init-prompt.ts) fails. 10. **Create `github.com/hexclave/hexclave` as a public repo** (even as a redirect to `hexclave/stack-auth`) **OR** rewrite every `package.json` `"repository"` field + dashboard footer "view on GitHub" link to point at `hexclave/stack-auth` (which already exists). Currently every npm package page's "Repository" link is dead, and the dashboard's GitHub button + dev-tool repo link are dead. ### Tier 3 — broken but low-visibility / low-traffic 11. **DNS for `discord.hexclave.com`** → Discord invite redirect, used in every README's chip and the dashboard footer. 12. **DNS for `demo.hexclave.com`** → "✨ Demo" badge in every npm package README. Broken-image badge on the package page. 13. **DNS + TLS for `built-with-hexclave.com`** → optional hosted-handler domain (the default reverted to `.built-with-stack-auth.com` in this PR's carve-outs, so this only matters for projects that manually flip). ## Other follow-ups (not deploy-blocking) - **E2E snapshot regen across the full suite** for the dual-emitted `x-hexclave-*` response headers (PR 1 follow-up; `vitest -u` in CI absorbs). - **Binary visual assets** — logos, favicons, OG images, README screenshots; need design pass. - **Backend OpenAPI fumadocs regen** in CI flow — the JSON files in `docs-mintlify/openapi/` are committed but regen runs in CI. Verify the workflow that does this still works against the post-PR2 source. - **Backend typecheck infra debt** — needs `codegen-prisma` + `codegen-route-info` to clear; pre-existing, unaffected by this PR. ## Test plan - [ ] CI runs full e2e suite (with `vitest -u` to absorb residual snapshot deltas, then committed back). - [ ] Spot-check: new `@hexclave/cli init` (once published) generates `hexclave.config.ts` and works against a fresh project. - [ ] Spot-check: existing customer with `@stackframe/stack` import sees the once-per-process `console.warn` recommending `@hexclave/next` on SDK init. - [ ] Manual: dashboard setup page renders the `npx @hexclave/cli@latest init` snippet and the `x-hexclave-publishable-client-key` API header in the curl example. - [ ] Manual: a fresh `pnpm run prisma migrate` against a clean DB sets the internal project displayName to 'Hexclave Dashboard'. --------- Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>	2026-05-26 19:18:20 -07:00
devin-ai-integration[bot]	deff6c3cc4	[DEVIN: Konsti] Fix failing E2E tests: CLI error string and MCP prompt name (#1439)	2026-05-19 14:20:18 -07:00
BilalG1	15faf709f3	stack-cli: explicit --cloud-project-id / --config-file across exec, config, project (#1422) ... ## Summary Reworks the `stack` CLI surface so the cloud-vs-local choice is **explicit at every invocation**, removing the global `--project-id` / `STACK_PROJECT_ID` env var and the local-default `exec` behavior introduced earlier in this branch. ### `stack exec` - Removes `--cloud`, `STACK_EXEC_DEFAULT_TARGET`, and the implicit local default. The CLI now requires **exactly one** of: - `--cloud-project-id <id>` — run against the Stack Auth cloud API - `--config-file <path>` — run against the local emulator project mapped to that absolute config-file path - The `--config-file` branch resolves the project id by calling the existing `GET /api/latest/internal/local-emulator/project` endpoint and matching `absolute_file_path` client-side. No new backend endpoint introduced. ### `stack config pull` / `stack config push` - Both now take `--cloud-project-id <id>` per-command instead of the global flag / `STACK_PROJECT_ID` env. - `config pull --config-file` is **optional**: when omitted, the CLI uses `./stack.config.ts` from the current directory. If neither flag nor cwd file is present, it exits with a clear hint to pass `--config-file` or `cd` into a directory containing `stack.config.ts`. ### `stack project list` - Default (no flags) lists both **cloud and local emulator** projects. Each entry carries a `target: "cloud" | "dev"` field (text format: `<id>\t<displayName>\t[<target>]`). - `--cloud` / `--dev` filter to a single source (mutually exclusive — passing both errors). - On the default code path, an unreachable local emulator emits a single stderr warning (`warning: skipping dev projects — local emulator not reachable …`) and the command still succeeds with cloud results. With `--dev` explicit, the unreachable case hard-errors. ### `stack project create` - Now requires `--cloud` to make the cloud-vs-local choice explicit. There is no local alternative today; the flag exists to surface the decision so a future local-project create doesn't silently change behavior. ### Backend - Bumps the `LIMIT` on `GET /api/latest/internal/local-emulator/project` from 20 → 100 so `project list --dev` doesn't silently truncate. ### Refactors (from earlier in this branch, unchanged here) - Local-emulator paths/ports/PCK polling live in `packages/stack-cli/src/lib/emulator-paths.ts`. - Shared local-emulator admin credentials live in `packages/stack-shared/src/local-emulator.ts`. - `resolveAuth` / `resolveLocalEmulatorAuth` take an explicit `projectId: string` (no more `Flags` parameter). - New `packages/stack-cli/src/lib/local-emulator-client.ts` encapsulates the GET-and-match flow used by both `exec --config-file` and `project list --dev`. ## Breaking changes **Scripts that relied on any of the following must be updated:** | Removed | Replacement | | --- | --- | | Global `--project-id <id>` flag | Per-command `--cloud-project-id <id>` | | `STACK_PROJECT_ID` env var | Per-command `--cloud-project-id <id>` | | `stack exec --cloud` | `stack exec --cloud-project-id <id>` | | `STACK_EXEC_DEFAULT_TARGET=cloud\|local` | `--cloud-project-id <id>` or `--config-file <path>` | | `stack exec` defaulting to local emulator | Explicit `--config-file <path>` required | | `stack project create` without a flag | `stack project create --cloud …` required | ## Test plan - [x] `pnpm lint` (stack-cli, backend, e2e) — clean - [x] `pnpm --filter @stackframe/stack-cli typecheck` — clean - [x] `pnpm --filter @stackframe/stack-cli exec vitest run` — **72/72 passing** (new unit tests: `parseExecTarget`, `resolveConfigFilePathForPull`, `resolveProjectListSources`, `formatProjectList`) - [x] `pnpm test run apps/e2e/tests/general/cli.test.ts` — **73 passing, 4 skipped, 0 failing**. New e2e cases cover: - `exec` with neither flag → errors with "Specify a target" - `exec` with both flags → errors with "not both" - `exec --config-file` with missing file / missing PCK / unreachable API - `exec --config-file` happy path against a real local-emulator backend (gated on `NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR=true`) - `config pull` cwd fallback to `./stack.config.ts` - `config pull` with no `--config-file` and no cwd `stack.config.ts` → errors with `Pass --config-file …` - `project list --cloud --dev` together → errors - `project list` default with unreachable emulator → cloud results + single stderr warning - `project create` without `--cloud` → errors - All previously-`--cloud` exec cases ported to `--cloud-project-id` - [x] Manual smoke: `stack exec --help`, `stack project list --cloud --dev`, `stack project create` all emit the expected friendly errors / help text. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * CLI `exec`, `config`, and `project` commands now require explicit targeting via `--cloud-project-id` (cloud) or `--config-file` (local emulator). * `project list` now supports `--cloud` and `--dev` flags to display projects from both sources with target indicators. * Enhanced environment variable validation for emulator service ports with proper fallback handling. * **Bug Fixes** * `project list` now gracefully handles unreachable emulator with warning fallback instead of failure. * **Tests** * Expanded test coverage for project targeting, config file resolution, and emulator connectivity scenarios. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-14 17:20:40 -07:00
aadesh18	6eaf49237f	Add fix command registration and update agent UI label handling (#1387) ... Adds a fix command to the stack cli <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a CLI "fix" command to submit Stack Auth errors (flag, stdin, or interactive), confirm before applying changes, show a customizable progress label, and produce a final markdown report with Error, Files changed, and Solution. * Added a CLI "doctor" command to analyze projects (framework override, output directory, JSON output), run framework-specific checks, validate env and config, and exit non-zero on failures. * **Tests** * Added comprehensive end-to-end tests for the doctor command. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-07 18:33:43 -07:00
Mantra	37a69b0f0a	make config typesafe (#1254) ... ## Summary - add a public `defineStackConfig` helper and `StackConfig` type for nested config authoring - emit helper-based nested config files from the CLI and local emulator - update type coverage and e2e expectations for the new `stack.config` format ## Testing - pnpm --filter ./packages/stack-shared typecheck - pnpm --filter ./packages/stack-cli typecheck - pnpm --filter ./apps/backend typecheck - pnpm --filter ./apps/e2e typecheck <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Type-safe configuration API with compile-time validation * New config rendering utility for producing typed config files * Public local-emulator settings and a public helper to detect emulator mode * Added --overwrite flag for config pull * **Improvements** * Stronger validation and clearer errors for invalid or conflicting config shapes * Config output now includes explicit TypeScript typing * **Tests** * Added and strengthened tests for config authoring, rendering, CLI behavior, and emulator flows <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-04-06 18:31:55 +00:00
Mantra	ce49eae155	emu with a q stuff (#1266) ... commit 5d43722575b826a8ed8dbb6b828f48eae4bca02c Author: mantrakp04 <mantrakp@gmail.com> Date: Wed Mar 18 12:27:01 2026 -0700 Add QEMU emulator snapshot functionality and reset command - Introduced a new `emulator-qemu:reset` command in package.json to clear snapshots and force a fresh boot of the emulator. - Enhanced the `run-emulator.sh` script to support saving and restoring snapshots, significantly reducing restart time from ~62s to ~4s. - Implemented logic to check for existing snapshots and restore them during startup, improving the emulator's efficiency. - Updated documentation in CLAUDE-KNOWLEDGE.md to explain the new snapshot restore process and its benefits. These changes enhance the QEMU emulator's performance and usability for developers, providing a more efficient workflow during development. commit 3877445bdd83cb8690da18c8520bf260d2795172 Author: mantrakp04 <mantrakp@gmail.com> Date: Wed Mar 18 11:55:18 2026 -0700 Enhance QEMU emulator performance and configuration management - Added optimizations to the QEMU emulator's app container startup process, reducing startup time from ~92s to ~62s by using qcow2 backing files and setting the working directory to /app. - Updated the build-image.sh script to conditionally wait for background processes, improving robustness. - Modified the run-emulator.sh script to create the disk image using qcow2 format instead of copying, enhancing efficiency. - Adjusted the cloud-init user-data to set STACK_RUNTIME_WORK_DIR to /app, streamlining file operations during container initialization. - Improved the entrypoint script to avoid unnecessary file copying when the working directory is set to /app. These changes significantly enhance the performance and usability of the QEMU emulator for developers. commit e0b86d3f1d5c08e46d0d343bc632e2a8c5777845 Author: mantrakp04 <mantrakp@gmail.com> Date: Wed Mar 18 11:07:55 2026 -0700 Refactor local emulator configuration management and enhance Docker setup - Removed redundant comments and improved code clarity in the local emulator's route handling. - Streamlined the Dockerfile and docker-compose.yaml for better readability and maintenance. - Updated entrypoint and initialization scripts to enhance service startup processes. - Introduced a new common script for QEMU emulator to centralize architecture detection and firmware handling. - Enhanced error handling in the host file bridge for improved robustness. - Removed obsolete country code utilities to clean up the codebase. These changes significantly improve the local emulator's configuration management and overall setup experience for developers. commit 4fb0f93c6cc4f749a14acf0228c261e180875609 Author: mantrakp04 <mantrakp@gmail.com> Date: Wed Mar 18 10:24:53 2026 -0700 Implement local emulator file bridge for enhanced configuration management - Introduced a new host file bridge to facilitate reading and writing configuration files between the local emulator and the host system. - Refactored the local-emulator module to utilize the file bridge for file operations, improving error handling and response validation. - Added tests to ensure the file bridge functionality works as expected, including handling of non-existent files and writing configurations. - Updated the run-emulator script to start the file bridge automatically, ensuring seamless integration during emulator startup. - Enhanced documentation to reflect the new file bridge capabilities and usage instructions. These changes significantly improve the local emulator's ability to manage configuration files, enhancing the development experience. commit 3d18a7ce5bbf00a62a40a3f48f27856e79ecc62f Author: mantrakp04 <mantrakp@gmail.com> Date: Tue Mar 17 22:36:46 2026 -0700 Refactor QEMU local emulator setup and enhance app bundle handling - Introduced a new script for packaging Docker images into a compressed app bundle, improving the emulator's deployment process. - Updated build-image.sh to create a runtime configuration ISO, ensuring better management of environment settings. - Enhanced cloud-init user-data scripts for both dev-server and deps guests, streamlining service setup and configuration. - Improved the run-emulator.sh script to facilitate better handling of runtime configurations and dependencies. - Adjusted the .gitignore to include .DS_Store and removed obsolete entries, cleaning up the repository. These changes significantly enhance the local emulator's functionality and reliability for developers. commit 8a35fb1ce79898d73e2259e256c11b6fd9b0a584 Author: mantrakp04 <mantrakp@gmail.com> Date: Tue Mar 17 21:52:24 2026 -0700 Enhance local emulator functionality and configuration - Updated package.json to improve the start-emulator command, providing clearer dashboard and backend URLs. - Added a new wait-until-emulator-is-ready command to ensure the emulator is fully operational before proceeding. - Refactored the local-emulator project route to streamline file existence checks and default config creation. - Enhanced user guidance in the dashboard for local Stack config file handling. - Updated tests to reflect changes in config file handling, ensuring non-existent files are created with default settings. - Improved Docker configurations for the local emulator, including new environment variables and service dependencies. These changes significantly enhance the local development experience and emulator reliability. commit 3910ed4bc40bbb37340c1c316c24c2826ba372bd Author: mantrakp04 <mantrakp@gmail.com> Date: Tue Mar 17 19:59:36 2026 -0700 Remove unused stash-0.patch file to clean up the repository. commit 74146d974458037a7a9590120a524629a1a6a162 Author: mantrakp04 <mantrakp@gmail.com> Date: Tue Mar 17 19:58:46 2026 -0700 Enhance QEMU local emulator with app bundle support and runtime configuration - Introduced a new script to package the backend and dashboard assets into a standalone app bundle for the QEMU emulator. - Updated the build-image.sh script to create an ISO containing the app bundle, ensuring the guest image includes the full runtime. - Modified cloud-init user-data to handle the new app bundle and runtime configuration, improving the setup process for local development. - Enhanced the run-emulator.sh script to prepare and mount the runtime configuration ISO, facilitating better environment management for the emulator. - Updated the user-data to include necessary environment variables for the stack application, ensuring seamless integration during startup. These changes significantly improve the local emulator's functionality and ease of use for developers. commit 9e865a1cf524398bc58f00e0836278775c4ae936 Author: mantrakp04 <mantrakp@gmail.com> Date: Tue Mar 17 16:50:45 2026 -0700 Enhance local emulator setup with new services and configurations - Added Docker support for a local emulator, integrating PostgreSQL, Redis, Inbucket, Svix, ClickHouse, MinIO, and QStash. - Introduced new scripts for managing the emulator lifecycle, including build and run commands. - Implemented cloud-init provisioning for automatic service setup on first boot. - Updated package.json with new commands for emulator management and added dotenv-cli for environment variable management. - Added tests for OAuth authorization flow to return JSON responses. - Included configuration files for ClickHouse and user management. This commit significantly improves the local development experience by providing a comprehensive emulator environment. <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Introduced a local QEMU-based emulator for development with bundled services (PostgreSQL, Redis, ClickHouse, MinIO, Inbucket, Svix, QStash). * Added CLI commands to manage the emulator (start, stop, reset, status, pull images). * Added emulator status dashboard to monitor service health. * Introduced new configuration system via `stack.config.ts`. * **Tests** * Added configuration read/write tests for the emulator. * Added emulator CLI validation tests. * **Documentation** * Added emulator setup and usage guide. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-04-04 00:33:52 +00:00
BilalG1	48295825eb	fix default redirect method (#1253) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Adjusted internal default selection for redirect handling to improve consistency; no change to user-facing behavior or settings. * **Tests** * Updated end-to-end tests and helpers to explicitly set redirect behavior so test runs remain deterministic. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-31 15:08:33 -07:00
Aman Ganapathy	db6bd03e06	[Chore][Fix]: Skip Failing CLI Tests, Rework Failing AI Endpoint Validation test (#1258) ... ### Context In a [previous PR](https://github.com/stack-auth/stack-auth/pull/1258), we hardcoded the mode to link because local emulator wasn't in a ready state yet. Soon after, we started encountering three failing tests on dev The three cli tests that were failing on dev were failing because they required the create mode flag to be set. The hardcode to link made the create paths unreachable. Since we don't have local emulator working, allowing users to pass in opts.mode would be bad practice- they'd be triggering local emulator actions without the local emulator being set up. Also, there was a failing AI endpoint test. The unified AI endpoint tests are set up so that if certain env variables are not present, certain tests aren't run. In practice, if the openrouter key isn't set, the tests that require actually processing a full AI endpoint result without forwarding to prod will be skipped. The failing test was meant to just check schema validation but it performed a full request instead. ### Summary of Changes We just skip the tests for now. They'll only become relevant when "create" is a legitimate workflow, which necessitates the function of local emulator. There is no regression risk because the flow they're testing isn't active yet, and so the only thing we could possibly test is that passing the create mode will invoke a certain function which isn't helpful at this state. The unified AI endpoint failing test was reworked, another test accomplishes the same schema validation effect. We don't lose coverage by axing the failing test because other AI tests already test valid request bodies (if they weren't valid, they wouldn't get a response).	2026-03-16 15:35:53 -07:00
BilalG1	f016cd8993	CLI init (#1242) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Interactive init workflow (create, link-config, link-cloud) with safe non-interactive behavior; writes/updates project config and .env, and prints STACK AUTH setup instructions. * CLI assistant/agent with a progress UI for long-running tasks. * Backend AI proxy endpoint that validates and forwards AI requests to an external provider. * **Tests** * End-to-end tests covering all init modes, outputs, env linking, and error cases. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-13 10:55:22 -07:00
BilalG1	57149bd84b	Stack CLI (#1227) ... <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Added Stack CLI with authentication (login/logout) commands. * Added project management commands to list and create projects. * Added configuration management to pull and push project settings. * Added code execution capability to run JavaScript expressions. * Added initialization command for Stack Auth setup. * **Tests** * Added comprehensive end-to-end test suite for CLI functionality. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-09 13:24:15 -07:00