<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR adds a developer-friendly error guard to prevent a common
mistake where developers try to destructure the user object from
`getUser()` or `useUser()` calls (e.g., `const { user } = await
app.getUser()`), when the method already returns the user object
directly. The fix implements a property getter that throws a helpful
error message, attaches it to all user objects (client-side
`CurrentUser`, server-side `ServerUser`, and `ServerTeamUser`), and
includes E2E tests to verify the behavior. Additionally, it fixes a typo
in the Convex example and addresses seed script execution issues.
⏱️ Estimated Review Time: 5-15 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `packages/template/src/lib/stack-app/users/index.ts` |
| 2 |
`packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts`
|
| 3 |
`packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts`
|
| 4 | `apps/e2e/tests/js/app.test.ts` |
| 5 | `examples/convex/convex/myFunctions.ts` |
| 6 | `apps/backend/prisma/seed.ts` |
| 7 | `.github/workflows/check-prisma-migrations.yaml` |
</details>
<details>
<summary>⚠️ Inconsistent Changes Detected</summary>
| File Path | Warning |
|-----------|---------|
| `.github/workflows/check-prisma-migrations.yaml` | Adds database
cleanup step for auto-migration metadata in CI workflow, which appears
unrelated to the main purpose of adding a user getter error guard |
| `apps/backend/prisma/seed.ts` | Restructures the seed script execution
logic and removes the main module check handler, which seems unrelated
to the user getter error fix |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds a guard to prevent destructuring of `user` objects and includes a
test to verify the error message.
>
> - **Behavior**:
> - Adds `attachUserDestructureGuard` function in `users/index.ts` to
throw an error when attempting to destructure `user`.
> - Updates `getUser()` in `client-app-impl.ts` and `server-app-impl.ts`
to use `attachUserDestructureGuard`.
> - Adds test in `app.test.ts` to verify error message when
destructuring `user`.
> - **Misc**:
> - Fixes string concatenation error in `myFunctions.ts`.
> - Adds step in `check-prisma-migrations.yaml` to remove auto-migration
metadata.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 9be5c8a0e2. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Added a protective guard that prevents destructuring the user from
current user objects on both client and server, displaying a clear,
actionable error with guidance to use supported access methods. Valid
usage is unaffected; no API changes.
* **Tests**
* Introduced end-to-end tests verifying the new error message and
behavior across sign-up, sign-in, and current user retrieval on client
and server.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add Convex integration with new auth helpers, update access token
handling, and include documentation, examples, and tests for the new
features.
>
> - **Features**:
> - Add Convex integration with new auth helpers for Convex clients and
HTTP in `client-app-impl.ts` and `server-app-impl.ts`.
> - Support for Convex context in user APIs and partial user retrieval.
> - Access tokens now include `is_anonymous` for better anonymous
handling in `tokens.tsx`.
> - **Documentation**:
> - Add Convex integration guide in `docs/templates/others/convex.mdx`.
> - Update docs navigation in `docs/docs-platform.yml` and
`docs/templates/meta.json`.
> - **Examples**:
> - Add Convex + Next.js example app in `examples/convex` with auth
wiring, functions, schema, and UI.
> - **Tests**:
> - Add E2E tests for Convex auth flows in `convex.test.ts`.
> - Update JWT payload checks in `backend-helpers.ts` and
`anonymous-comprehensive.test.ts`.
> - **Chores**:
> - Add Convex dependencies in `package.json` files.
> - Update CI steps for example environments in `e2e-api-tests.yaml` and
`e2e-source-of-truth-api-tests.yaml`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for aa0983a8b7. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Convex integration: auth helpers for Convex clients/HTTP, Convex-aware
user APIs, and partial-user retrieval (token/convex).
- Access tokens now surface is_anonymous for clearer anonymous handling.
- **Documentation**
- Added Convex integration guide and nav entries.
- **Examples**
- New Convex + Next.js example app with auth wiring, backend functions,
schema, and UI.
- **Tests**
- Added E2E tests covering Convex auth flows and JWT payload checks.
- **Chores**
- Added Convex deps, CI env steps, and workspace/test config updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add OAuth provider client and dashboard with UI components, server and
client interface updates, schema enhancements, and new tests.
>
> - **New Features**:
> - Add UI components in `page-client.tsx` for viewing, adding, editing,
toggling, and removing OAuth providers.
> - Implement `OAuthProviderDialog` and `OAuthProvidersSection` for
managing OAuth providers.
> - **Server and Client Interfaces**:
> - Update `StackServerInterface` and `StackClientInterface` to include
CRUD operations for OAuth providers.
> - Add `createServerOAuthProvider`, `listServerOAuthProviders`,
`updateServerOAuthProvider`, and `deleteServerOAuthProvider` methods.
> - **Schema and Types**:
> - Add `provider_config_id` to OAuth provider schemas in
`oauth-providers.ts` and `schema-fields.ts`.
> - Define `OAuthProvider` and `ServerOAuthProvider` types in
`users/index.ts`.
> - **Tests**:
> - Add `oauth-providers.test.ts` for client-side OAuth provider
functionality.
> - Update existing tests to include `provider_config_id` assertions.
> - **Miscellaneous**:
> - Update `server-app-impl.ts` and `client-app-impl.ts` to handle OAuth
provider operations.
> - Enhance error handling for account-ID conflicts in OAuth provider
operations.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for cd0ceb8ccb. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* User UI to view, add, edit, toggle, and remove OAuth providers; client
& server APIs, hooks, and caching to manage providers.
* **Improvements**
* OAuth provider responses now include a provider_config_id field for
clearer provider identification.
* Better client/server APIs for managing providers and improved
user-facing error handling for account-ID conflicts.
* **Bug Fixes**
* Tests updated to assert presence of provider_config_id.
* **Documentation**
* Added types/interfaces for OAuth provider entities and user methods.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<img width="1920" height="968" alt="Screenshot 2025-08-12 at 10 44
41 AM"
src="https://github.com/user-attachments/assets/3fb59810-45d8-46e1-9cfd-5a1a34936887"
/>
<!--
ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Introduces team-based project ownership, refactoring existing
user-based model, and updates UI, backend, and tests to support this
feature.
>
> - **Behavior**:
> - Introduced team-based ownership for projects, replacing user-based
ownership.
> - Updated project creation, transfer, and deletion flows to use team
ownership.
> - Added team selection UI during project creation in the dashboard.
> - Projects now display owning team's name and include "owner team"
field in API responses.
> - **Refactor**:
> - Enhanced backend and schema for team-based project management.
> - Removed legacy user metadata updates related to project ownership.
> - Modified project listing and management to rely on team
associations.
> - Streamlined failed emails digest and contact channel queries to
resolve contacts via team membership.
> - **Tests**:
> - Updated tests to validate team ownership and project-user
association handling.
> - Adjusted test snapshots and assertions for non-null selected team
data.
> - Improved test flows for authentication and project deletion with
team context.
> - **Chores**:
> - Minor improvements to logging and code clarity.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for e457b13b69. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Introduces team-based project ownership, refactoring existing
user-based model, and updates UI, backend, and tests to support this
feature.
>
> - **Behavior**:
> - Introduced team-based project ownership, replacing user-based
ownership.
> - Updated project creation, transfer, and deletion flows to use team
ownership.
> - Added team selection UI during project creation in the dashboard.
> - Projects now display owning team's name and include "owner team"
field in API responses.
> - **Refactor**:
> - Enhanced backend and schema for team-based project management.
> - Removed legacy user metadata updates related to project ownership.
> - Modified project listing and management to rely on team
associations.
> - Streamlined failed emails digest and contact channel queries to
resolve contacts via team membership.
> - **Tests**:
> - Updated tests to validate team ownership and project-user
association handling.
> - Adjusted test snapshots and assertions for non-null selected team
data.
> - Improved test flows for authentication and project deletion with
team context.
> - **Chores**:
> - Minor improvements to logging and code clarity.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 0f6f12b5dc. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Team-based project ownership: teams can own projects; UI to pick a
team when creating projects; dashboard groups projects by team;
TeamSwitcher component added.
* **Improvements**
* API and responses now include owner_team_id and populated
selected_team/selected_team_id; provisioning and transfer flows assign
teams for ownership; seeds create internal/emulator owner teams.
* **Tests**
* E2E and backend tests updated to reflect team ownership and enriched
team fields.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
### Issues
<img width="937" alt="Screenshot 2568-04-18 at 00 45 30"
src="https://github.com/user-attachments/assets/6a94ceb6-d83f-489d-8ee5-26cbf7a7d287"
/>
<img width="937" alt="Screenshot 2568-04-18 at 00 46 40"
src="https://github.com/user-attachments/assets/0b12a962-f8c9-4009-bed6-62ae16778ee7"
/>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add methods for handling project permissions and update existing
methods to support both team and project permissions.
>
> - **Behavior**:
> - Add `grantProjectPermission` and `revokeProjectPermission` methods
to `StackServerInterface` for handling project permissions.
> - Update `grantPermission` and `revokePermission` methods in
`_StackServerAppImplIncomplete` to handle both team and project
permissions.
> - **Methods**:
> - Add `grantServerProjectPermission()` and
`revokeServerProjectPermission()` in `serverInterface.ts`.
> - Modify `grantPermission()` and `revokePermission()` in
`server-app-impl.ts` to support project permissions.
> - **Misc**:
> - Update `operationIDs` in `index.ts` to include project permission
endpoints.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for c3f61d1b46. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/99619123-6be5-4788-aebe-5fc2a9a36245"
/>
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/660677bf-f19a-4673-94c8-59ac50eb6ae5"
/>
<img width="1510" alt="image"
src="https://github.com/user-attachments/assets/11ae63c4-5813-4fd8-aa01-fa580d2103be"
/>
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Introduces API key management for users and teams, integrating with
existing project configurations and permissions, and adds comprehensive
tests and examples.
>
> - **API Key Management**:
> - Introduces `ProjectApiKey` model in `schema.prisma` for managing API
keys.
> - Adds `createApiKeyHandlers` in `handlers.tsx` to handle API key CRUD
operations.
> - Implements API key creation, revocation, and validation logic.
> - **Permissions and Configurations**:
> - Adds `allowUserApiKeys` and `allowTeamApiKeys` to `ProjectConfig` in
`schema.prisma`.
> - Updates `TeamSystemPermission` enum to include `MANAGE_API_KEYS`.
> - Ensures API key operations respect project configurations and
user/team permissions.
> - **Testing and Examples**:
> - Adds extensive tests in `api-keys.test.ts` to cover various API key
scenarios.
> - Updates example projects to demonstrate API key usage.
> - **Miscellaneous**:
> - Refactors existing code to integrate API key functionalities.
> - Updates documentation and type definitions to reflect new API key
features.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 96f60c57f0. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Add isAnonymous property to the user object that is returned by the
functions in stack-app.
The User CRUD type already has is_anonymous, this PR adds it to the
BaseUser interface and updates the _createBaseUser method to include it.
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
<!-- ELLIPSIS_HIDDEN -->
> [!IMPORTANT]
> Renamed user-related permissions to project-related permissions across
the codebase, affecting enums, schemas, APIs, models, and tests.
>
> - **Behavior**:
> - Renamed `USER` to `PROJECT` in `PermissionScope` enum in
`schema.prisma` and `migration.sql`.
> - Updated `isDefaultUserPermission` to `isDefaultProjectPermission` in
`schema.prisma` and `migration.sql`.
> - Removed `jwks.json/route.ts` file.
> - **API Changes**:
> - Renamed `user-permission-definitions` and `user-permissions`
endpoints to `project-permission-definitions` and `project-permissions`
in `route.tsx` files.
> - Updated CRUD handlers in `crud.tsx` files to reflect new naming.
> - **Models**:
> - Updated models in `permissions.tsx` to use `ProjectPermission` and
`AdminProjectPermission`.
> - Updated `KnownErrors` to use `ProjectPermissionRequired`.
> - **Tests**:
> - Renamed test files and updated test cases in
`e2e/tests/backend/endpoints/api/v1` to reflect new naming.
> - **Misc**:
> - Updated `admin-app-impl.ts`, `client-app-impl.ts`, and
`server-app-impl.ts` to use new project permission naming.
> - Updated `schema-fields.ts` to reflect new permission ID schema.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 08924f5241. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add `THIS_LINE_PLATFORM` macro for inline platform-specific comments,
replacing `NEXT_LINE_PLATFORM` across the codebase.
>
> - **Macro Addition**:
> - Introduces `THIS_LINE_PLATFORM` macro to replace
`NEXT_LINE_PLATFORM` for inline platform-specific comments.
> - Applied in `stack-handler.tsx`, `link.tsx`, `cookie.ts`, and 10
other files.
> - **Behavior**:
> - `THIS_LINE_PLATFORM` allows inline comments to specify
platform-specific code inclusion.
> - Ensures platform-specific code clarity and separation.
> - **Documentation**:
> - Updated documentation files to use `THIS_LINE_PLATFORM` for
platform-specific sections.
> - **Scripts**:
> - Updated `processMacros` function in `utils.ts` to handle
`THIS_LINE_PLATFORM`.
> - Adjusted `generate-docs.ts` to process new macro correctly.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for e3a283aa65. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
<img width="1443" alt="image"
src="https://github.com/user-attachments/assets/611ede72-4d46-41dc-adea-9546c04b199a"
/>
Adds new active sessions page to settings
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds an active sessions page to settings, enabling users to view and
manage their sessions, with backend support for session listing and
deletion.
>
> - **Active Sessions Page**:
> - Adds `ActiveSessionsPage` component in `account-settings.tsx` to
display active sessions.
> - Allows revoking individual sessions or all sessions except the
current one.
> - **Backend Changes**:
> - Adds `sessionsCrudHandlers` in `crud.tsx` for session management
(list, delete).
> - Updates `ProjectUserRefreshToken` model in `schema.prisma` to
include `id` and `isImpersonation` fields.
> - Implements session listing and deletion in `serverInterface.ts` and
`client-app-impl.ts`.
> - **Error Handling**:
> - Introduces `CannotDeleteCurrentSession` error in `known-errors.tsx`.
> - **Testing**:
> - Adds tests for session management in
`endpoints/api/v1/auth/sessions` tests.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for ba78df0928. It will automatically
update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: TheCactusBlue <thecactusblue@gmail.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
