448 Commits

Author	SHA1	Message	Date
Konstantin Wohlwend	40dd1d2cd7	Switch default API host to api.hexclave.com	2026-06-01 11:48:26 -07:00
BilalG1	ce98c44fcf	fix(hexclave): rename leftover @stackframe/stack-shared imports in template providers (#1525) ... ## Why the build fails on `origin/dev` The `Lint & build` workflow fails at the **Build** step, in `@hexclave/lovable-react-18-example`'s `vite build`: ``` [vite]: Rollup failed to resolve import "@stackframe/stack-shared/dist/utils/globals" from ".../packages/react/dist/esm/providers/stack-context.js". ``` (failing run: [job 78596906597](https://github.com/hexclave/stack-auth/actions/runs/26665187298/job/78596906597)) ### Root cause PR 3 (`feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring`, #1482) renamed `@stackframe/stack-shared` → `@hexclave/shared` and **deleted the dual-publish wiring**, so `@stackframe/stack-shared` is no longer a resolvable package. Two `packages/template/src` provider files were missed in that rename: - `packages/template/src/providers/stack-context.tsx` - `packages/template/src/providers/translation-provider-client.tsx` `packages/react` ships only `package.json`; its `src`/`dist` are **generated** from `packages/template/src` by `generate-sdks`, which copies import specifiers verbatim. So the stale `@stackframe/stack-shared` import propagated into `packages/react/dist`. The `@hexclave/react` build itself **succeeds** because tsdown/rolldown externalizes the import (it never has to resolve it). The failure only surfaces downstream, when `lovable-react-18-example` bundles `@hexclave/react` with Vite/Rollup and tries to actually resolve `@stackframe/stack-shared` — a package that no longer exists. ## Fix Point both imports at the renamed package, matching the convention already used by sibling files (e.g. `stack-provider-client.tsx`, `common.ts`): ```diff -import { createGlobal } from "@stackframe/stack-shared/dist/utils/globals"; +import { createGlobal } from "@hexclave/shared/dist/utils/globals"; ``` ## Verification Reproduced and confirmed the fix locally: 1. Edited the two template files. 2. `pnpm -w run generate-sdks` → generated `packages/react/src` now imports `@hexclave/shared/dist/utils/globals`. 3. `pnpm --filter @hexclave/react run build` → `dist/esm/providers/stack-context.js` now imports `@hexclave/shared` ✔ 4. `pnpm --filter @hexclave/lovable-react-18-example run build` → **`✓ built`** (previously failed at this exact step). <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Rename leftover imports from `@stackframe/stack-shared` to `@hexclave/shared` in the template providers to fix downstream build failures. This unblocks Vite/Rollup consumers (e.g., `@hexclave/lovable-react-18-example`) by resolving `createGlobal` from the correct package. <sup>Written for commit 15901edb2b. Summary will update on new commits.</sup> <a href="https://cubic.dev/pr/hexclave/stack-auth/pull/1525?utm_source=github" target="_blank" rel="noopener noreferrer" data-no-image-dialog="true"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cubic.dev/buttons/review-in-cubic-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cubic.dev/buttons/review-in-cubic-light.svg"><img alt="Review in cubic" src="https://cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated internal module dependencies across provider configurations. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1525?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-06-01 10:50:46 -07:00
BilalG1	609579abab	feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring (#1482)	2026-05-29 15:21:59 -07:00
Konstantin Wohlwend	55e1eb971e	Make StackContext globally unique	2026-05-29 13:58:52 -07:00
Konstantin Wohlwend	00c8c1954b	Generate package files	2026-05-29 13:18:13 -07:00
Konsti Wohlwend	0838a22c14	Remove stack emulator CLI commands (#1522)	2026-05-29 13:12:44 -07:00
Konstantin Wohlwend	70486596f0	Use jiti for RDE config parsing	2026-05-29 12:59:59 -07:00
Konstantin Wohlwend	8b2bcbca69	Update repository URL back to github.com/hexclave/stack-auth	2026-05-28 14:27:12 -07:00
Konstantin Wohlwend	80d1530b48	Update package README	2026-05-28 09:59:54 -07:00
BilalG1	147e5231dc	update deprecated msgs (#1510) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/hexclave/hexclave/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Added Hexclave-branded aliases for public Stack APIs and updated deprecation guidance to point to `@hexclave/*` and the migration guide. Deprecation tags now live on source declarations so they survive dts bundling; behavior unchanged. - **Refactors** - Added `HexclaveHandler`, `HexclaveProvider`, `HexclaveTheme`, `useHexclaveApp`, and `HexclaveConfig`/`defineHexclaveConfig`; kept `Stack*` as deprecated aliases. - Moved deprecation JSDoc to original declarations and adjusted `template/src/index.ts` re-exports; default exports preserved for back-compat. <sup>Written for commit 0077c8a560. Summary will update on new commits.</sup> <a href="https://cubic.dev/pr/hexclave/stack-auth/pull/1510?utm_source=github">Review in cubic</a> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Primary exports rebranded to Hexclave names (handlers, providers, theme, config, hooks) with deprecated Stack aliases preserved for compatibility. * Provider/theme/handler exports standardized to named exports and a single default export per component. * **Documentation** * Improved deprecation guidance: legacy Stack symbols now carry deprecation JSDoc pointing to Hexclave alternatives and migration docs. * **Behavior** * Hook useStackApp now delegates to the new useHexclaveApp; useUser reads from the Hexclave-based hook. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1510?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-27 18:37:12 -07:00
Konstantin Wohlwend	fa4f25bcdd	Rename port prefix envvar	2026-05-27 18:09:52 -07:00
BilalG1	6b07c43fe9	feat(backend): derive JWT issuer and OAuth redirect_uri from request host (#1498) ... ## Summary When the backend serves both `api.stack-auth.com` and `api.hexclave.com` from the same deployment, signed JWT `iss` claims and OAuth `redirect_uri` values need to match the host the customer's SDK actually talks to — otherwise customers with hardcoded issuer checks or registered OAuth callback URLs break when their SDK upgrades. This PR makes both follow the request host. Closes the "Interpretation B" plan from our earlier discussion. ## Changes ### Backend — request-host-derived `iss` and `redirect_uri` - **New helper** [`apps/backend/src/lib/request-api-url.ts`](apps/backend/src/lib/request-api-url.ts) exports `getApiUrlForRequest(req)` and `getApiUrlForHost(host)`. A consolidated `CLOUD_HOST_PAIRS` constant is the single source of truth for the stack-auth ↔ hexclave host pairs (prod, dev, staging). Both the allowlist here and the validator alias map in `tokens.tsx` derive from it, so they can never drift again. - **JWT issuer per request** ([`apps/backend/src/lib/tokens.tsx`](apps/backend/src/lib/tokens.tsx)) — `getIssuer` now takes `apiUrl`. `generateAccessTokenFromRefreshTokenIfValid` and `createAuthTokens` accept an `apiUrl` parameter that flows into the `iss` claim. `getAllowedIssuers` stays env-driven with the bidirectional alias map, so tokens cross-validate across hosts. - **OAuth `redirect_uri` per request** — all 12 providers + `MockProvider` now take `apiUrl` and use it to build `redirect_uri = apiUrl + "/api/v1/auth/oauth/callback/<provider>"`. `getProvider()` accepts an `{ apiUrl }` option and forwards it. - **OAuth2Server factory** — the module-level `oauthServer` singleton became a per-request `createOAuthServer({ apiUrl })` factory so `OAuthModel.generateAccessToken` mints tokens with the right `iss`. Used in the callback route, the token route, and the cross-domain-authorize helper. - **Token-minting call sites updated** — all 10 `createAuthTokens` invocations (password sign-up/sign-in, sessions create, sessions/current/refresh, anonymous sign-up, apple-native callback, MFA/OTP/passkey sign-in, OAuth model token exchange), plus the CLI-complete `generateAccessTokenFromRefreshTokenIfValid` direct call, now pass `getApiUrlForRequest(fullReq)`. - **`createVerificationCodeHandler` refactored** to pass `apiUrl` as a 6th positional arg to the user's handler, so MFA/OTP/passkey sign-in flows get the same per-request `iss` as the rest. The other 8 callers (password-reset, contact-channels-verify, etc.) don't need changes — they accept fewer args and TS function-arity compatibility makes that fine. ### SDK — freeze `@stackframe/*` defaults at stack-auth.com - [`packages/template/src/lib/stack-app/apps/implementations/common.ts`](packages/template/src/lib/stack-app/apps/implementations/common.ts) reverts `defaultBaseUrl` and `defaultAnalyticsBaseUrl` to `https://api.stack-auth.com` / `https://r.stack-auth.com`. A customer who upgrades their `@stackframe/*` package to the latest version without explicitly migrating to `@hexclave/*` keeps hitting `api.stack-auth.com` and never sees their JWT `iss` or OAuth `redirect_uri` change. - The `@hexclave/*` mirror packages are unaffected because they were published from source when `defaultBaseUrl = "https://api.hexclave.com"`; v1.0.0 already targets the hexclave host on npm. Extending `scripts/rewrite-packages-to-hexclave.ts` to substitute these literals during future republishes is a separate follow-up. ### Docs — migration guide rewrite - [`docs-mintlify/migration.mdx`](docs-mintlify/migration.mdx) rewritten concisely. Spells out the two host-visible changes that require pre-deploy action when migrating to `@hexclave/*`: updating manual JWT verifier code (with the array-of-issuers pattern) and updating OAuth callback URLs at each provider (with the GitHub-OAuth-Apps single-URL caveat explicitly called out). ## What was deliberately left out - **Rewriter pipeline extension** for `@hexclave/*` republishes — separate follow-up. - **Cross-SDK defaults** (Swift, stack-cli, init-stack still default to `api.hexclave.com`) — out of scope per discussion. - **Dashboard launch-checklist host-awareness** — out of scope per discussion (callback URLs stay hexclave-branded in the dashboard UI). ## Verification - `pnpm typecheck` — 29/29 packages pass. - `pnpm lint` — 29/29 packages pass. - Five parallel review agents (JWT, OAuth, helper, migration guide, SDK defaults) + an external review of the commit caught four real issues — all resolved in the same commit before push: - Missing `api.staging.*` entries in `issuerHostAliases` (would have broken cross-host token validation on staging). - Stale comment in `apps/backend/src/stack.tsx`. - Misleading "backward-compat" comment in `getHardcodedFallbackUrls`. - MFA/OTP/passkey using env-var fallback for `iss` instead of the request host. <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Makes JWT issuers and OAuth redirect_uri values follow the incoming request’s host so tokens and redirects always match `api.stack-auth.com` or `api.hexclave.com`. Also freezes `@stackframe/*` SDK defaults to Stack Auth and tightens the migration guide to focus on OAuth callbacks. - **New Features** - Added `request-api-url` helper with an allowlist of cloud hosts; unknown hosts fall back to the deployment’s API URL. - JWT `iss` now uses the per-request API URL; validation accepts both brands via aliases derived from one `CLOUD_HOST_PAIRS` source. - All OAuth providers build `redirect_uri` from the request host; `getProvider()` now takes `{ apiUrl }`. - Replaced the OAuth2Server singleton with per-request `createOAuthServer({ apiUrl })` so token exchange mints with the right issuer. - Updated token-minting and OAuth routes to pass the API URL; verification-code flows receive it; connected-accounts refresh paths safely pin the deployment default. - SDK: `@stackframe/*` defaults point to `https://api.stack-auth.com`; `@hexclave/*` mirrors remain hexclave-branded. - Shared: updated fallback API host lists to include both stack-auth and hexclave hosts. - **Migration** - Update each provider’s OAuth callback URL to `https://api.hexclave.com/api/v1/auth/oauth/callback/<provider>` when migrating to `@hexclave/*`. - If you verify JWTs manually, update the expected issuer to the hexclave host (including anonymous/restricted variants). <sup>Written for commit e42dfaf05b. Summary will update on new commits. <a href="https://cubic.dev/pr/hexclave/stack-auth/pull/1498?utm_source=github">Review in cubic</a></sup> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Per-request API host awareness so tokens and OAuth flows reflect the incoming request’s canonical API URL. * **Updates** * OAuth providers and servers now derive callback/redirect URLs from request context rather than a static URL. * Token issuance/validation now embeds and accepts host-specific issuer URLs and paired host aliases for rebrand compatibility. * **Documentation** * Migration guide updated for branding, JWT issuer expectations, and OAuth callback guidance. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1498?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-27 17:06:15 -07:00
BilalG1	c0fefd3b7a	feat(backend): dual-accept hexclave-mobile-oauth-url:// alongside legacy scheme (#1501) ... ## What 1. **Backend dual-accept**: `isAcceptedNativeAppUrl()` accepts both `stack-auth-mobile-oauth-url://` (legacy) and `hexclave-mobile-oauth-url://` (canonical). 2. **Swift SDK switches to the canonical scheme**: `StackAuth` Swift SDK now emits and intercepts `hexclave-mobile-oauth-url://` for native-app OAuth callbacks. Before this PR, `hexclave-mobile-oauth-url` existed only inside `RENAME-TO-HEXCLAVE.md` — not in any code. ## Why the Swift SDK change is safe The Swift SDK uses `ASWebAuthenticationSession(url:callbackURLScheme:completion:)` ([StackClientApp.swift:197-199](sdks/implementations/swift/Sources/StackAuth/StackClientApp.swift#L197)). With this API, iOS intercepts the callback scheme **ephemerally** — no `Info.plist` registration is required. The Swift SDK source has no `Info.plist`, and the example apps' `pbxproj` registers no `CFBundleURLSchemes`. So: - New customer builds against the updated SDK → emit new scheme → backend accepts → `ASWebAuthenticationSession` intercepts on new scheme → works. - Already-shipped customer App Store binaries on older SDK versions → emit old scheme → backend still accepts → works. - **No customer ever has to update an `Info.plist`.** The only real backward-compat constraint is that the backend can never drop the old scheme (already-shipped customer binaries have the constant baked into them). Hence the dual-accept. (Note: `RENAME-TO-HEXCLAVE.md` line 88 incorrectly attributes the constraint to `Info.plist` registration. That's not how the SDK works — the scheme is baked into the SDK binary, not the customer's plist. The fix described in that doc is essentially the right shape; only the mechanism description is wrong.) ## Changes | File | Change | |---|---| | `packages/stack-shared/src/utils/redirect-urls.tsx` | `isAcceptedNativeAppUrl()` accepts either protocol. | | `apps/backend/src/lib/redirect-urls.test.tsx` | Adds positive assertions for the new scheme in `isAcceptedNativeAppUrl`; parity negative assertions in `validateRedirectUrl`. | | `sdks/implementations/swift/Sources/StackAuth/StackClientApp.swift` | `callbackScheme` → `"hexclave-mobile-oauth-url"`; fatalError example strings updated. | | `sdks/implementations/swift/Tests/StackAuthTests/OAuthTests.swift` | Test fixture URLs updated (no assertions depend on the scheme literal). | | `sdks/implementations/swift/Examples/StackAuthiOS/.../StackAuthiOSApp.swift` | Default values in the example UI. | | `sdks/implementations/swift/Examples/StackAuthMacOS/.../StackAuthMacOSApp.swift` | Default values in the example UI. | | `sdks/implementations/swift/README.md` | Documents the new canonical scheme; compat note for the legacy one. | | `sdks/spec/src/apps/client-app.spec.md` | New scheme is canonical; legacy is "accepted indefinitely for already-shipped customer app binaries built against older SDK versions." | ## Verification - `pnpm test run apps/backend/src/lib/redirect-urls.test.tsx` — 34/34 passing (was 33; one new `it` block plus parity assertions). - `pnpm --filter @stackframe/stack-shared --filter @stackframe/backend run lint` — clean. - `pnpm --filter @stackframe/stack-shared --filter @stackframe/backend run typecheck` — clean. - Swift assertions in `OAuthTests.swift` do not check the scheme literal — they only check `oauth/authorize/<provider>`, state/verifier non-emptiness, and that `redirectUrl` round-trips. The fixture-value change is mechanical. ## Risk Low. Backend behavior strictly widens (every URL accepted before is still accepted). Swift SDK change is internal to OAuth callback handling, requires no customer migration, and is paired with the backend dual-accept landing in the same PR. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Adopted the canonical OAuth callback scheme "hexclave-mobile-oauth-url://" for native apps while continuing to accept the legacy "stack-auth-mobile-oauth-url://". * **Documentation** * Updated SDK docs, examples, and spec guidance to reference the canonical callback scheme and clarify legacy acceptance. * **Tests & Samples** * Updated tests and example apps to use and validate the canonical scheme. * **Style** * Rebranded the dev-tool trigger icon to the new Hexclave monochrome logo. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1501?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-27 15:44:06 -07:00
tembo[bot]	244e7e79f2	Add captureWarning for warnings (#1506)	2026-05-27 15:35:10 -07:00
BilalG1	57ff5d3ce9	feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481) ... ## Summary **Stacked on [#1475](https://github.com/hexclave/stack-auth/pull/1475)** (`cl/hexclave-pr1`, the invisible compatibility layer). Diff vs that base = the actual PR 2 code. This is **PR 2 of the Stack Auth → Hexclave rebrand: the visible flip**. Old wire identifiers (cookies, request/response headers, Bearer prefix, JWT issuers, MCP tool name) keep working indefinitely via PR 1's dual-accept. This PR flips every user-visible surface — package names taught in docs, SDK class names in code examples, dashboard setup snippets, page titles, error messages, email content, CLI binary, default base URLs, GitHub repo slug, contributor guidance — to the Hexclave brand. See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 2: Rebrand to Hexclave (visible)"* for the full per-work-area spec. ## What's implemented (per the plan's PR 2 scope) - **SDK base URLs** flipped: `defaultBaseUrl` and `defaultAnalyticsBaseUrl` in [common.ts](packages/template/src/lib/stack-app/apps/implementations/common.ts:127) → `https://api.hexclave.com` / `https://r.hexclave.com`. PR 1's [`getHardcodedFallbackUrls`](packages/stack-shared/src/utils/urls.tsx:199) table now keys on the Hexclave domain. - **Domain inventory sweep** (16 subdomains from the plan): every `api/app/docs/discord/demo/mcp/skill/feedback/test/preview/r/api2/api.staging/idp-jwk-audience/built-with.stack-auth.com` reference in production code, docs-mintlify, examples, READMEs, and contributor guidance flipped to `*.hexclave.com`. Carve-outs: PR 1's intentional JWT issuer dual-accept table in [tokens.tsx](apps/backend/src/lib/tokens.tsx), the legacy `./docs/` folder, the `unified-docs-widget` allowlist (deliberately accepts both during DNS transition), and `url-targets.ts` hosted-component default (baked into existing customer deploys). - **`@deprecated` JSDoc** on every `Stack*` public export ([packages/template/src/lib/stack-app/index.ts](packages/template/src/lib/stack-app/index.ts) + [packages/template/src/index.ts](packages/template/src/index.ts)) — `StackClientApp`, `StackServerApp`, `StackAdminApp` + every constructor/options/JSON type, `StackHandler`, `StackProvider`, `StackTheme`, `useStackApp`, `defineStackConfig`, `StackConfig`. Hexclave\* aliases are now canonical. - **Runtime `console.warn`** ([packages/template/src/internal/deprecation-warning.ts](packages/template/src/internal/deprecation-warning.ts)) — once-per-process when the SDK is loaded from a `@stackframe/*` artifact. Detection uses the existing `STACK_COMPILE_TIME_CLIENT_PACKAGE_VERSION_SENTINEL` (rewritten at build time to e.g. `js @stackframe/stack@2.8.92` or `js @hexclave/next@1.0.0`); `@hexclave/*` mirror artifacts short-circuit the warning. - **Tier 3 data migration**: new idempotent SQL migration [`20260523000000_rename_internal_project_to_hexclave`](apps/backend/prisma/migrations/20260523000000_rename_internal_project_to_hexclave/migration.sql) — updates the internal Project `displayName` 'Stack Dashboard' → 'Hexclave Dashboard' and `description` only if both still hold the pre-rebrand defaults. Operator-renamed projects untouched, missing row no-ops, re-runs are no-ops. [`seed.ts`](apps/backend/prisma/seed.ts:87) default flipped. `getSharedEmailConfig("Stack Auth")` → `("Hexclave")`. - **Tier 4 brand strings** (mechanical sweep, ~340 files): - Page + OpenAPI titles (Hexclave API / Dashboard / REST API / Webhooks API / Documentation). OpenAPI `info.description` documents `X-Hexclave-*` headers as canonical with compat note on `X-Stack-*`. - `HexclaveAssertionError` message text ([errors.tsx:71](packages/stack-shared/src/utils/errors.tsx:71)) — "an error in Stack." → "an error in Hexclave." - Known-error message templates ([known-errors.tsx](packages/stack-shared/src/known-errors.tsx)) flipped to lead with `x-hexclave-*` + the new `docs.hexclave.com` URL; legacy `x-stack-*` mentioned as compat aliases. **25 e2e test files updated in lockstep**. - Email content: failed-emails-digest body, sendTestEmail recipient (now `sent-with-hexclave.com`), test-email-recipient default. - `CHANGELOG.md` title → "Hexclave Changelog". - `AGENTS.md` env var convention: new vars prefix `HEXCLAVE_` / `NEXT_PUBLIC_HEXCLAVE_` for Category A/B; legacy `STACK_*` explicitly noted as accepted via PR 1's dual-read. - **CLI / init wizard**: - Every dashboard setup snippet, init-stack template, and docs-mintlify page teaches `npx @hexclave/cli@latest init` (was `@stackframe/stack-cli`). [setup-page.tsx](apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/(overview)/setup-page.tsx) + [link-existing-onboarding](apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/link-existing-onboarding.tsx). - [init-stack](packages/init-stack/src/index.ts:634) `STACK_*_INSTALL_PACKAGE_NAME_OVERRIDE` defaults flipped to `@hexclave/*`. - Generated `stack/client.ts` / `stack/server.ts` import from `@hexclave/next` and reference `HexclaveClientApp` / `HexclaveServerApp`. - Internal `StackAuthKeys` dashboard component renamed to `HexclaveKeys`. - **docs-mintlify rewrite** (legacy `./docs/` intentionally untouched per scoping decision): - **78 MDX files swept**. `@stackframe/{react,stack,js,tanstack-start,...}` → `@hexclave/{react,stack,js,...}` in install snippets and code blocks; `Stack*` SDK class names → `Hexclave*` in all code examples; 'Stack Auth' brand phrase → 'Hexclave'. - `openapi/{server,admin,client,webhooks}.json` titles → 'Hexclave REST API' / 'Hexclave Webhooks API'. - **Generators flipped before regeneration**: - [`packages/stack-shared/src/helpers/init-prompt.ts`](packages/stack-shared/src/helpers/init-prompt.ts), [`/ai/prompts.ts`](packages/stack-shared/src/ai/prompts.ts), [`apps/backend/src/lib/ai/prompts.ts`](apps/backend/src/lib/ai/prompts.ts), [`apps/backend/src/lib/ai/tools/create-email-{template,draft}.ts`](apps/backend/src/lib/ai/tools/create-email-template.ts), [`apps/skills/src/app/route.ts`](apps/skills/src/app/route.ts) (taught MCP tool → `ask_hexclave` with compat note; CLI binary teach → `hexclave`), [`docs-mintlify/snippets/home-prompt-island.jsx`](docs-mintlify/snippets/home-prompt-island.jsx), [`packages/template/README.md`](packages/template/README.md) + integrations/convex/component/README.md. - `generate-sdks` propagated changes to `packages/{react,stack,js}`. - **OpenAPI dual-documentation**: [`apps/backend/src/app/api/latest/route.ts`](apps/backend/src/app/api/latest/route.ts) now lists `X-Hexclave-*` headers as primary documented schemas with `X-Stack-*` duplicates marked `.optional()` (both accepted at runtime by PR 1's normalize-at-proxy shim). - **`@stackframe/emails` virtual module**: dual-aliased to `@hexclave/emails` at the bundler boundary ([email-rendering.tsx:89](apps/backend/src/lib/email-rendering.tsx:89)). Stored email templates continue to import from either name; new AI-generated templates and the system prompt teach `@hexclave/emails`. - **Tier 2 mirror-publish wiring** (new this PR, lays the groundwork for `@hexclave/*` first publish): - [`scripts/rewrite-packages-to-hexclave.ts`](scripts/rewrite-packages-to-hexclave.ts) — rewrites 9 publishable `@stackframe/*` → `@hexclave/*` `package.json` files (reads `HEXCLAVE_VERSION` env or `--version=` flag), pins cross-deps to the shared `@hexclave` version, registers `hexclave` bin alongside `stack` for `@hexclave/cli`. - [`.github/workflows/npm-publish.yaml`](.github/workflows/npm-publish.yaml) appended with rewrite-then-republish step. `pnpm publish` skips already-on-npm versions so reruns are safe. - **Sender email domain**: `noreply@stackframe.co` → `noreply@sent-with-hexclave.com` (the dedicated transactional-sender domain split per the plan, to isolate bulk deliverability from `hexclave.com` reputation); `security@` / `team@stack-auth.com` inbound mailboxes → `@hexclave.com`. - **Self-host docs**: docker network / container names in the bash examples flipped from `stack-auth` to `hexclave` (`hexclave-postgres`, `hexclave-clickhouse`, `hexclave.env`). The docker image tag `stackauth/server:latest` stays per the plan's locked decision. - **GitHub repo slug**: `hexclave/stack-auth` → `hexclave/hexclave` in every `package.json` `repository` field, README link, CHANGELOG raw-asset URL. ## Carve-outs (deliberately untouched) - **[`apps/backend/src/lib/tokens.tsx`](apps/backend/src/lib/tokens.tsx)** JWT issuer dual-accept table — PR 1 intentional infrastructure, kept indefinitely. - **Legacy `./docs/` folder** — per scoping decision (only `docs-mintlify/` rewritten). - **`unified-docs-widget` hostname allowlist** — accepts both `.hexclave.com` (canonical) and `.stack-auth.com` (transition window) for DNS rollout. - **`url-targets.ts`** hosted-domain default `.built-with-stack-auth.com` — wire identifier baked into existing customer deploys; indefinite read-fallback. - **Binary visual assets** (logos, favicons, OG images, README screenshots) — out of scope for this PR. Need design work; tracked separately. ## Verification - **`pnpm typecheck`** on `packages/{template,stack-shared,react,stack,js}` + `apps/dashboard`: **all green**. The remaining backend / e-commerce-demo typecheck errors are pre-existing (Prisma codegen output + `./generated/api-versions.json` not present in fresh worktrees without `pnpm run codegen-prisma` + a live DB) and unrelated to this diff. - **`pnpm lint`** on the same 6 packages: all green. - **Final grep** for residual `Stack Auth` / `stack-auth.com` / `@stackframe/stack-cli@latest` references: zero outside the intentional carve-outs above. - **25 e2e test files updated in lockstep** with the known-error message changes (asserted strings flipped to match the new x-hexclave-* + compat-note messages). ## Deploy blockers (ops sequencing before this rebrand goes live) This PR is code-complete, but the rebrand's visible surfaces (SDK default URLs, dashboard links, npm READMEs, REST error messages, runtime deprecation warning) all point at `*.hexclave.com` / `@hexclave/*` resources that don't exist yet. None of these are fixable from a PR — they're ops/registrar/npm work that has to be sequenced before merging this to a release tag. Suggested ordering, hardest blockers first: ### Tier 1 — required before customer-facing deploy (everything below this line *will visibly break customers on day 1* if skipped) 1. **DNS + TLS for `api.hexclave.com` + `api1./api2.hexclave.com`** → must point at the same backend that serves `api.stack-auth.com` (or a backend that mirrors PR 1's dual-accept). The SDK's new `defaultBaseUrl` is `https://api.hexclave.com`; every customer that relied on the old default and upgrades to a post-PR2 SDK build sends API requests here. Until this resolves, every default-config customer's API call NXDOMAINs. 2. **DNS for `app.hexclave.com`** → the dashboard. Referenced in the SDK's default-error messages ("Please create a project on the Hexclave dashboard at https://app.hexclave.com"), the init-stack flow's `wizard-congrats` redirect, and the OAuth dashboard handoff. 3. **DNS for `docs.hexclave.com`** + Mintlify deploy → the SDK runtime deprecation warning (`https://docs.hexclave.com/migration`), every README, every "Learn more" link in the dashboard, and every REST API error body (`/api/overview#authentication`) points here. The MDX is in this PR; the docs build target needs DNS. 4. **DNS for `mcp.hexclave.com`** → the MCP server endpoint that every taught agent integration (`claude mcp add ...`, `cursor`, `codex`, `vscode`) registers. Until this resolves, every `npx @hexclave/cli@latest init` MCP-registration step fails. 5. **Reserve the `@hexclave` npm scope + set repo variable `HEXCLAVE_VERSION`** → the mirror-publish step in `.github/workflows/npm-publish.yaml` is gated on this variable. Without it, the entire taught onboarding command `npx @hexclave/cli@latest init` 404s from the npm registry, *and* every README that says "install `@hexclave/next`" leads to install failure. Pick the initial version intentionally (`1.0.0` or aligned to `@stackframe/stack`); don't accept a silent default. ### Tier 2 — required before announcing the rebrand publicly (lookalike or low-traffic surfaces, but visibly broken) 6. **DNS for `r.hexclave.com`** → the analytics beacon `defaultAnalyticsBaseUrl`. Silent failure if missing (analytics drops), but should land alongside Tier 1. 7. **Register `sent-with-hexclave.com` + full email auth (SPF / DKIM / DMARC)** → the new default sender domain for shared-sender transactional emails. Without it the dashboard "send test email" path emits bounces, and shared-sender flows (`getSharedEmailConfig("Hexclave")`) deliver to spam at best. 8. **MX + SPF / DMARC for `hexclave.com`** → `team@hexclave.com` and `security@hexclave.com` mailboxes. The security disclosure mailbox is referenced in [`.github/SECURITY.md`](.github/SECURITY.md); `team@hexclave.com` is the actual recipient of internal feedback emails sent at runtime by [`apps/backend/src/lib/internal-feedback-emails.tsx`](apps/backend/src/lib/internal-feedback-emails.tsx). Today, every runtime feedback email bounces. 9. **DNS for `skill.hexclave.com`** → the canonical AI-agent skill fetch URL (the agent bootstrap pivot). Without it, the entire "agent downloads `SKILL.md` from a known URL" flow taught in [`packages/stack-shared/src/helpers/init-prompt.ts`](packages/stack-shared/src/helpers/init-prompt.ts) fails. 10. **Create `github.com/hexclave/hexclave` as a public repo** (even as a redirect to `hexclave/stack-auth`) **OR** rewrite every `package.json` `"repository"` field + dashboard footer "view on GitHub" link to point at `hexclave/stack-auth` (which already exists). Currently every npm package page's "Repository" link is dead, and the dashboard's GitHub button + dev-tool repo link are dead. ### Tier 3 — broken but low-visibility / low-traffic 11. **DNS for `discord.hexclave.com`** → Discord invite redirect, used in every README's chip and the dashboard footer. 12. **DNS for `demo.hexclave.com`** → "✨ Demo" badge in every npm package README. Broken-image badge on the package page. 13. **DNS + TLS for `built-with-hexclave.com`** → optional hosted-handler domain (the default reverted to `.built-with-stack-auth.com` in this PR's carve-outs, so this only matters for projects that manually flip). ## Other follow-ups (not deploy-blocking) - **E2E snapshot regen across the full suite** for the dual-emitted `x-hexclave-*` response headers (PR 1 follow-up; `vitest -u` in CI absorbs). - **Binary visual assets** — logos, favicons, OG images, README screenshots; need design pass. - **Backend OpenAPI fumadocs regen** in CI flow — the JSON files in `docs-mintlify/openapi/` are committed but regen runs in CI. Verify the workflow that does this still works against the post-PR2 source. - **Backend typecheck infra debt** — needs `codegen-prisma` + `codegen-route-info` to clear; pre-existing, unaffected by this PR. ## Test plan - [ ] CI runs full e2e suite (with `vitest -u` to absorb residual snapshot deltas, then committed back). - [ ] Spot-check: new `@hexclave/cli init` (once published) generates `hexclave.config.ts` and works against a fresh project. - [ ] Spot-check: existing customer with `@stackframe/stack` import sees the once-per-process `console.warn` recommending `@hexclave/next` on SDK init. - [ ] Manual: dashboard setup page renders the `npx @hexclave/cli@latest init` snippet and the `x-hexclave-publishable-client-key` API header in the curl example. - [ ] Manual: a fresh `pnpm run prisma migrate` against a clean DB sets the internal project displayName to 'Hexclave Dashboard'. --------- Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>	2026-05-26 19:18:20 -07:00
Armaan Jain	a27e4d9bb5	Small onboarding fixes (#1489) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/hexclave/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Improves onboarding and analytics visuals. Adds clear Stripe setup actions (Connect or Do Later) with safe redirects and precise loading/disabled states, and fixes a stuck dashboard reload after linking an existing project. - **New Features** - Payments onboarding: separate Connect/Do Later actions with per-button loading and mutual disabling. - US-only: “Do Later” creates a deferred Stripe account before finishing onboarding. - Secure redirect: enforce HTTPS on Connect and navigate via window.location.href. - Refresh Stripe account cache after `setupPayments()` to avoid stale data on return. - Analytics: smoother pie hover transitions, fading center label, optional `showDateRange`; dashboard donut hides date range and adjusts radii; revenue hover chart uses split bars for rounded tops and an avg line. - Tests cover deferred/unsupported payments setup and button loading isolation. - **Bug Fixes** - After linking an existing config, use a full page navigation to the project to prevent the dashboard from getting stuck on initial load. <sup>Written for commit c80034ad1f. Summary will update on new commits. <a href="https://cubic.dev/pr/hexclave/stack-auth/pull/1489?utm_source=github">Review in cubic</a></sup> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Option to defer payments setup during project onboarding; connect/defer actions show targeted loading states. * **Improvements** * Linking existing projects now performs full navigation when applicable. * Charts: refined donut/pie sizing, smoother center fade animation, optional date-range display, and improved color/stack rendering. * Payments setup now refreshes account info after setup. * **Tests** * Added tests covering payments deferral, connect flows, and UI/loading behavior. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1489?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-26 17:45:50 -07:00
github-actions[bot]	6a01c1bcc7	chore: update package versions	2026-05-26 22:26:55 +00:00
github-actions[bot]	18df895842	chore: update package versions	2026-05-26 21:59:38 +00:00
github-actions[bot]	5f3dc6d9ee	chore: update package versions	2026-05-26 20:37:35 +00:00
github-actions[bot]	ad197de7fe	chore: update package versions	2026-05-26 20:28:07 +00:00
Konstantin Wohlwend	c5a49d6721	Fix legacy cookie mixing	2026-05-26 11:08:35 -07:00
github-actions[bot]	bef9452c95	chore: update package versions	2026-05-26 03:44:50 +00:00
github-actions[bot]	ed54832671	chore: update package versions	2026-05-26 00:59:48 +00:00
Konstantin Wohlwend	d30962bf66	Fix GH tokens refresh & devtool tabs	2026-05-25 17:50:09 -07:00
BilalG1	f7e389809e	feat(hexclave): PR 1 — wire compatibility layer (invisible) (#1475) ... ## Summary **Stacked on #1468** (`docs/hexclave-rename-plan` — the plan doc). Diff vs that base = the actual PR 1 code. This is **PR 1 of the Hexclave rebrand: the invisible compatibility layer**. Everything is additive. Old SDKs, old wire identifiers, and old env var names keep working unchanged. The backend dual-accepts and dual-emits; new SDK code emits `x-hexclave-*` headers and the `hexclave_` Bearer prefix; cookies dual-write; env vars dual-read across every category. **No user-visible rebranding lands here** — that's PR 2. See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 1 implementation guide"* for the full per-work-area spec, file pointers, and chosen approach. ## What's implemented (all 14 PR-1 work-areas) - **SDK export aliases** — `Hexclave*` aliases for the user-facing `Stack*` exports added in `packages/template`; codegen propagates them to `@stackframe/{js,stack,react,tanstack-start}`. React-only aliases correctly excluded from `@stackframe/js`. (`e60550a2`) - **JWT issuer dual-accept** — `decodeAccessToken` accepts both `api.stack-auth.com` and `api.hexclave.com` issuers. Signing unchanged. (`fc781def`) - **Request-header dual-accept** — backend + dashboard proxies normalize `x-hexclave-*` → `x-stack-*` at the existing empty proxy hook (so `smart-request.tsx` and every route schema keep working unchanged); CORS allowlists extended via a derive-once helper. (`2a056eac`) - **MCP `ask_hexclave`** — registered alongside `ask_stack_auth` via a shared helper; `ask_stack_auth` behavior byte-identical. (`30ffd604`) - **Dev-tool** — DOM ids + header emit switched. `window.HexclaveDevTool` exposed alongside `window.StackDevTool`. (`32131ea7`) - **The big consolidated commit** (`7fed864a`): - **Env vars** — central `getEnvVariable` prefix-transform (HEXCLAVE first, STACK fallback); dashboard + template client env files dual-read; `turbo.json` globalEnv; `NEXT_PUBLIC_STACK_PORT_PREFIX` renamed outright across ~82 files including docker. - **Cookies** — dual-write/dual-read auth (`stack-access`/`-refresh-*` and custom-domain variants), OAuth-state (`stack-oauth-{inner,outer}-*`), and low-risk cookies (`stack-is-https`, `stack-last-seen-changelog-version`). Bypass sites patched (backend OAuth callback, dashboard remote-dev auth route, impersonation snippets, snapshot serializer). - **Bearer prefix** — SDK token parser accepts both `stackauth_` and `hexclave_`; emits `hexclave_`. Discovery correction: this is purely SDK-internal — the backend never parses it. - **Response headers** — backend dual-emits `x-hexclave-{request-id,actual-status,known-error}`; SDKs dual-read (new first, stack fallback). - **SDK request-header emit switch** — `client/server/admin-interface.ts` + dashboard `api-headers.ts` + `internal-project-headers.ts` + `feedback-form.tsx` switched to `x-hexclave-*`. Plus `stack_response_mode` query param. - **Storage keys** — dev-tool / cli-auth / oauth-button / docs keys renamed (straight); `stack:session-replay:v1` dual-read so in-progress recordings survive SDK upgrades; `stack_mfa_attempt_code` dual-read. - **Query params** — cross-domain params dual-emit/dual-accept via shared helpers; backend `oauth/authorize` accepts `hexclave_response_mode` and `stack_response_mode`; `stack-init-id` renamed. - **`Symbol.for`** — app-internals symbol gets a parallel `Symbol.for("Hexclave--app-internals")` getter on each attach site (no read-site churn — old symbol still attached). 3 file-private symbols renamed outright. - **Config discovery** — prefer `hexclave.config.ts`, fall back to `stack.config.ts` at every discovery site (CLI / dashboard / backend / local-emulator); `init` writes the new filename; CLI credentials path migrates. - **Internal renames** — `StackAssertionError`, `StackClient/Server/AdminInterface` renamed outright (no alias, per the "internal-only → rename" rule). ~264 files touched. - **Review-pass fixes** (`21217fbe`) — three real bugs found by parallel review agents and fixed: - `snapshot-serializer.ts` was interpolating the whole `keyedCookieNamePrefixes` array (`${arr}`) — adding a second prefix would have corrupted **every** OAuth-cookie snapshot, not just new ones. - **Docker port-prefix producer/consumer mismatch** — `entrypoint.sh`/`run-emulator.sh`/cloud-init `user-data` were still producing `NEXT_PUBLIC_STACK_PORT_PREFIX` while the dashboard sentinel + consumers had been renamed; silent self-host regression (custom port prefix would be ignored). - **Missing `hexclave-oauth-inner-*` dual-write** in the OAuth authorize route — callback's fallback masked it but the dual-write was specified by the plan. - Plus: `mcp.test.ts` tool-list assertions updated to include `ask_hexclave`; two dashboard header-emit sites switched to `x-hexclave-*` for consistency. - **E2E snapshot serializer follow-up** (`4b16cc5d`) — `x-hexclave-request-id` added to the hidden-headers list (mirroring `x-stack-request-id` treatment), and 2 sample inline snapshots regenerated in `projects.test.ts` to include the new dual-emitted headers. ## Verification - **`pnpm typecheck`** — clean (the fresh-worktree `@/.source` / Prisma codegen gap in `stack-docs` is pre-existing and unrelated). - **`pnpm lint`** — 29/29 packages green. - **`pnpm exec turbo run build --filter=./packages/*`** — 13/13 packages build (including `@stackframe/stack-cli` once the dashboard standalone is present). - **Live E2E** against a running backend on `cl/hexclave-pr1`: - `pnpm test run apps/e2e/tests/backend/endpoints/api/v1/internal/mcp.test.ts` — **6/6 pass** (verifies the new `ask_hexclave` tool — the hand-written inline snapshot matched actual MCP server output). - `pnpm test run apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts` — **11/11 pass** (verifies wire dual-accept + dual-emit end-to-end; the snapshot serializer fix was found and applied during this check). A four-agent parallel **review pass** also audited the full diff for logic/runtime bugs across the work-areas (wire headers + JWT, cookies + bearer + symbols, env vars, query params + config + MCP + aliases). All in-slice review verdicts were ✓ except the three bugs listed above, which are now fixed. ## Known follow-ups (out of scope for this PR) - **E2E snapshots across the rest of the suite** — backend now dual-emits `x-hexclave-{known-error,actual-status}` alongside `x-stack-*`, which legitimately appears in inline snapshots throughout `apps/e2e`. Two were regenerated here as a sample; the rest should regen with `vitest -u` in CI. - **Docker shell env vars beyond `PORT_PREFIX`** — `entrypoint.sh` still reads `STACK_*` env vars directly (the JS-side `getEnvVariable` transform doesn't help the shell). JS consumers dual-read so it works in practice; full shell-level dual-read is a deeper self-host follow-up. - **`@stackframe/stack-cli` build ordering** — pre-existing; needs `build:rde-standalone` first. Not affected by this PR. ## Test plan - [ ] CI runs full e2e suite (with `vitest -u` to absorb dual-emit snapshot deltas, then committed back) - [ ] Spot-check: an old SDK build (emitting only `x-stack-*`) still authenticates against the new backend - [ ] Spot-check: a new SDK (emitting `x-hexclave-*` / `Bearer hexclave_*`) still authenticates against an old backend during deploy ordering - [ ] Manual: `npx @stackframe/stack-cli@latest init` (new onboarding entrypoint) generates `hexclave.config.ts` - [ ] Manual: existing `stack.config.ts`-only project still resolves (no migration required) --------- Co-authored-by: bilal <bilal@stack-auth.com>	2026-05-23 17:24:55 -07:00
github-actions[bot]	957a33a651	chore: update package versions	2026-05-23 18:13:12 +00:00
github-actions[bot]	6a0ded1340	chore: update package versions	2026-05-23 16:45:36 +00:00
Mantra	9b1851dd54	Managed email domain deletion and Cloudflare DNS import UX (#1442) ... ## Summary - Add an admin-only delete endpoint and SDK method to remove managed email domains, with Resend/DNSimple cleanup and a guard against deleting domains currently in use for sending. - Add dashboard UI to remove unused managed domains (with confirmation) and improve the DNS setup step with Cloudflare detection, zone file download, and import instructions. - Add E2E coverage for delete auth, success, in-use rejection, post-switch deletion, and 404 cases. ## Test plan - [ ] Run `pnpm test run managed-email-onboarding` - [ ] In dashboard email settings, add a managed domain and verify Cloudflare hint appears when NS records point to Cloudflare - [ ] Remove an unused managed domain and confirm it disappears from the list - [ ] Verify active (in-use) managed domains cannot be deleted until email provider is switched away Made with [Cursor](https://cursor.com) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Delete managed email domains from the dashboard with a confirmation flow and success notification * Cloudflare-aware domain setup: detection banner, quick links to Cloudflare DNS, downloadable zone file, and import instructions * Admin API and admin-app method to perform managed-domain deletion * **Bug Fixes** * Deletion blocked with a clear error when a domain is actively used for sending * **Tests** * Added end-to-end coverage for managed-domain delete scenarios (success, in-use conflict, auth rejection, and 404) * **Style** * Data grid layout adjusted to prevent unintended full-height stretching across various tables <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1442?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-23 09:22:29 -07:00
github-actions[bot]	01948e2313	chore: update package versions	2026-05-23 03:30:16 +00:00
github-actions[bot]	62aa8616d5	chore: update package versions	2026-05-23 03:25:52 +00:00
github-actions[bot]	70999df64e	chore: update package versions	2026-05-23 01:02:03 +00:00
github-actions[bot]	9355c8665c	chore: update package versions	2026-05-22 23:02:49 +00:00
github-actions[bot]	cd29811456	chore: update package versions	2026-05-22 22:58:20 +00:00
Konsti Wohlwend	05e22e10a3	Use redirectToHandler in StackHandler and disallow string default URL target (#1472)	2026-05-22 13:48:01 -07:00
Konstantin Wohlwend	1effedbc42	Fix various cross-domain auth bugs	2026-05-22 13:40:39 -07:00
github-actions[bot]	0c6e135c30	chore: update package versions	2026-05-22 01:35:39 +00:00
Konstantin Wohlwend	99f07e9516	Trust hosted domains	2026-05-21 18:23:23 -07:00
github-actions[bot]	d12968eb3d	chore: update package versions	2026-05-22 00:46:34 +00:00
Konsti Wohlwend	c6d59d0288	Cross domain handoffs (#1458)	2026-05-21 17:15:12 -07:00
github-actions[bot]	03e7b61308	chore: update package versions	2026-05-21 23:29:36 +00:00
Konstantin Wohlwend	bf8d0ece28	chore: update package versions	2026-05-21 16:23:12 -07:00
Konstantin Wohlwend	4ff24dea9b	chore: update package versions	2026-05-21 14:54:23 -07:00
BilalG1	b8fc04bdbd	feat: link Stack Auth projects to GitHub and push config from the dashboard (#1450) ... End-to-end flow for managing Stack Auth config via GitHub: link a repo during onboarding, edit settings in the dashboard, and have the change committed to your repo + synced back via a GitHub Actions workflow.  ## What this adds - **CLI** — `stack config push --source github --source-repo --source-path --source-workflow-path`. Records the source on the config row so the dashboard knows where the file lives. Reads `GITHUB_SHA` / `GITHUB_REF_NAME` for commit + branch. - **Onboarding "Link existing project"** — searchable repo/branch comboboxes, auto-detects candidate `stack.config.{ts,js}` paths, writes `STACK_AUTH_PROJECT_ID` + `STACK_AUTH_SECRET_SERVER_KEY` secrets, and commits a generated workflow YAML that re-runs `stack config push` on every change to the config file. - **Dashboard "Push to GitHub" dialog** — replaces the prior TODO buttons. Pre-flights `repo`+`workflow` scopes on the user's GitHub connection; if missing, the button flips to "Reconnect with GitHub". On push, commits the dashboard's edit straight to the linked repo/branch via the Contents API (with `cache: "no-store"` to dodge GitHub's 60s GET cache so consecutive pushes don't 409). Suspense boundary scoped to the dialog body so opening it doesn't blank the dashboard. - **Project settings** — surface the linked workflow file as a clickable GitHub link when the source carries `workflow_path`. ## Test plan - `pnpm lint` (29/29) ✓ - `pnpm typecheck` (29/29) ✓ - `pnpm --filter @stackframe/stack-cli test` (111/111) ✓ - Dashboard vitest on the three relevant files (`link-existing-onboarding-workflow`, `github-api`, `github-config-push`) — 37/37 ✓ - Live end-to-end: `BilalG1/lex-lookup` linked to a local dev project; passkey toggled, push committed `0bb958bd` ([commit](0bb958bda3)). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Persist workflow file paths for GitHub-backed config sync * Dashboard “Push” flow to commit config updates with trimmed/default commit messages * CLI options to declare GitHub source (repo/path/workflow) and persist selectable package runner for manual pushes * Show workflow-file link in project configuration when present * **Improvements** * Robust config-path normalization, existence checks, debounced repo/branch search, and better GitHub rate-limit handling * New GitHub API utilities for safe file read/commit and import-package detection * **Tests** * Expanded tests covering GitHub API, config rendering/merge, and push behaviors <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1450?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-21 13:47:46 -07:00
Konstantin Wohlwend	90421431ee	chore: update package versions	2026-05-20 11:58:44 -07:00
Konstantin Wohlwend	48acb8c640	chore: update package versions	2026-05-19 16:22:10 -07:00
Konsti Wohlwend	29cea48beb	Remote dev envs (#1435)	2026-05-19 15:54:18 -07:00
Konstantin Wohlwend	d68631ea4f	Update GitHub URL	2026-05-19 10:27:53 -07:00
BilalG1	d0202eeef9	payments: rework refund flow to three-knob API (#1429) ... ## Summary - Replaces per-entry refund schema with a flat `{ amount_usd, revoke_product, end_subscription? }` shape; refund state is now derived from bulldozer ledger rows (`refund:<sourceTxnId>:<uuid>`) instead of the legacy `refundedAt` column, enabling multiple partial refunds up to the remaining cap. - Adds `invoice_id` for refunding any subscription invoice (start or renewal), Stripe idempotency keys derived from `(tenancyId, sourceTxnId, amount, prior_refunded)` so retries dedupe but intentional partials don't collide, and a legacy backstop that rejects pre-rework `refundedAt` purchases. - Dashboard refund dialog rebuilt around the three toggles (revoke→end coupling cascades into the UI); refund rows surface in the listing as `type: "refund"` with `adjusted_by` linkage handling both new and legacy formats. ## Implements [STA2-52 — Build in refund logic for payments](https://linear.app/stack-auth/issue/STA2-52/build-in-refund-logic-for-payments) ## Documented limitations (planned follow-up work) These are called out in code comments and intentionally deferred to a follow-up PR: - **Cap-check race under concurrent refunds.** Bulldozer's embedded `BEGIN/COMMIT` prevents an outer Prisma tx from scoping the writes, so two concurrent refunds can both pass the cap check. Needs a bulldozer-aware mutex or pending-refund-intent pattern. In practice refunds are admin-only and rare, so the race window is small. - **Stripe + DB non-atomicity on the DB-success → response-loss path.** The Stripe idempotency key is keyed on `(tenancyId, sourceTxnId, amount, priorRefunded)`, so a retry after Stripe-success → DB-fail self-heals (Stripe dedupes; the next attempt writes the bulldozer row). The hole is the reverse direction: if the bulldozer row commits but the response is lost, a retry sees a higher `priorRefunded` and generates a fresh key — Stripe would issue a second real refund. No out-of-band reconciliation today. - **Dashboard can't reach the `invoice_id` path.** Refund actions are only enabled on `purchase` rows and the submit call never passes `invoice_id`, so admins refunding a renewal must use the API directly. Follow-up: enable the action on `subscription-renewal` rows and thread `invoice_id` through. ## Architectural note `active-subscription-end` and `item-quantity-expire` entries are **not** emitted on the refund row itself. They're produced by the derived sub-end transaction (`transactions.ts:158-228`) once Prisma `subscription.endedAt` is updated, keeping the `expiresWhen` / `when-repeated` semantics in one place. This is the main structural divergence from the ticket's literal entry recipe. ## Review follow-ups addressed in this PR **First-pass review:** - **KnownError back-compat preserved**: `SubscriptionAlreadyRefunded` / `OneTimePurchaseAlreadyRefunded` are once again thrown by the legacy-`refundedAt` backstop, and `TestModePurchaseNonRefundable` is thrown when an admin sends `amount_usd > 0` against a test-mode purchase. Callers catching by error code keep working through the rework. - **Idempotency-key comment corrected**: now accurately describes the `(tenancyId, sourceTxnId, amount, priorRefunded)` key and its self-healing behaviour on the Stripe-success → DB-fail retry path (see Documented limitations above for the remaining hole). - **Renewal-invoice e2e coverage added**: new test sets up a live-mode subscription via Stripe webhooks (`subscription_create` + `subscription_cycle` invoices), refunds the renewal invoice via `invoice_id`, and asserts the resulting `refund_transaction_id` starts with `refund:sub-renewal:` and is linked back via `adjusted_by` on the *renewal* row (not the start row). Plus negative cases: cross-subscription `invoice_id` → 404, `invoice_id` on a one-time purchase → SchemaError. **Second-pass review:** - **Idempotent sub-cancel error-code string fix**: the Stripe code for re-cancelling an already-canceled sub is `subscription_already_canceled`, not `subscription_canceled` — the previous catch would have re-thrown. - **End-only sub refund replay rejected**: when `amount=0, revoke=false, end=true` and the sub is already `cancelAtPeriodEnd` or `endedAt`, throw SchemaError. Otherwise `readPriorRefundSummary` doesn't see end-only events and the call would be a forever-no-op accumulating empty refund rows. - **`revoke_product=true` with renewal `invoice_id` rejected**: the product grant lives on the sub-start txn, not on renewal txns — a renewal-scoped revocation would write a back-reference to a non-existent entry. Forces admin to revoke against the start invoice (or the default no-`invoice_id` call). - **Refund row `id` matches the linkage**: the listing route now returns the full refund txnId as `id` for `type: "refund"` rows so it matches `adjusted_by.transaction_id` — the dashboard can join source rows to their refund rows. - **+2 e2e tests** for the above (end-only replay rejection, revoke+renewal rejection). **Third-pass review:** - **Dashboard refund dialog seeds state on open**: previously the reset block lived in `ActionDialog`'s `onOpenChange`, which doesn't fire on the open transition for a controlled dialog. As a result the dialog opened with the initial `useState` defaults (`amountUsd = '0'`), and an admin submitting unchanged on a paid purchase would revoke/end at $0 instead of refunding the charged amount. The seed now runs in the menu `onClick` before `setIsDialogOpen(true)`. - **`SUBSCRIPTION_START_PRODUCT_GRANT_ENTRY_INDEX` corrected from 1 → 0**: the constant is persisted as `adjustedEntryIndex` on product-revocation entries and copied through verbatim by `mapLedgerEntry`. That mapper drops the hidden `active-subscription-start` entry, so the public-API layout puts the product grant at index 0. The prior value of `1` pointed at the money-transfer entry (or out of range on test-mode subs) through the public listing. - **`amountTotal` cap gated behind a USD pre-flight**: `SubscriptionInvoice` doesn't persist invoice currency, and the previous code took `invoice.amountTotal` as USD cents directly. Now `getTotalUsdStripeUnits` (which throws on non-USD pricing) is always called first; `amountTotal` is only preferred as the actual cap after that pre-flight succeeds. ## Test plan - [x] `pnpm typecheck` — 28/28 pass - [x] `pnpm lint` — 28/28 pass - [x] `pnpm test run apps/e2e/tests/backend/endpoints/api/v1/internal/transactions-refund.test.ts` — **19/19 pass** (was 14/14 on the original PR; +3 for `invoice_id` path: renewal refund happy path, unrelated `invoice_id` rejection, `invoice_id` on OTP rejection; +2 for second-pass: end-only replay rejection, revoke+renewal rejection) - [x] curl smoke against `/api/latest/internal/payments/transactions/refund` — unknown purchase → 404, no-op → 400, negative → 400, sub-revoke-without-end → 400 - [x] **Dashboard UI end-to-end re-run pending** — the original agent-browser pass ran before the third-pass dialog-seed fix, so any "money + revoke" submissions may have actually sent `amount_usd = "0"`. Re-test before un-drafting: open the refund dialog from the menu, confirm the amount field pre-fills with the charged amount, exercise validation (negative / exceeds-cap / no-op), and submit both an end-subscription-only sub refund and a money+revoke OTP refund; verify bulldozer rows and Prisma `cancelAtPeriodEnd` updates. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Ledger-driven refund flow with stable refund IDs, invoice-aware refunds, OTP/product-revocation support, tri-state end_action (now / at-period-end / none), and API responses that include refund_transaction_id. * **Bug Fixes / Improvements** * Deterministic Stripe idempotency, stronger replay protection, refundable-amount caps, test-mode constraints, and transactions listing updated to surface refunds. * **Tests** * Expanded unit and E2E coverage for new request shape, invoice paths, money-unit conversion, and edge cases. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1429) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-15 19:29:21 -07:00
Mantra	5cb9240bc3	refactor(dashboard): unify AI chat surfaces on assistant-ui Thread (#1427) ... ## Summary - Replace the bespoke `ai-chat-shared` chat UI (used by ask-ai, the stack companion widget, vibe coding chat, and the create-dashboard preview) with the shared `assistant-ui` `Thread` component. - Extract streaming request/format helpers into a new `components/assistant-ui/chat-stream.ts` module so each surface only owns its `ChatModelAdapter`. - Add a reusable `ToolFallback` for tool-call rendering and delete the now-unused `ai-chat-shared.tsx` (-1386 / +747 lines net). Stacked on top of `refactor/data-grid-and-dashboard-surfaces`. Base: `refactor/data-grid-and-dashboard-surfaces` → Head: `refactor/assistant-ui-chat-surfaces` · 18 files changed > Red outlines on the **after** shots mark the unified `assistant-ui` `Thread` surface in each location. ## Screenshots ### Analytics → Tables — AI Query dialog | | Before | After | |---|---|---| | **Light** | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/analytics-tables-ai-before-light.png" width="480" /> | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/analytics-tables-ai-after-light.png" width="480" /> | | **Dark** | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/analytics-tables-ai-before-dark.png" width="480" /> | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/analytics-tables-ai-after-dark.png" width="480" /> | ### Stack Companion — chat widget | | Before | After | |---|---|---| | **Light** | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/stack-companion-before-light.png" width="480" /> | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/stack-companion-after-light.png" width="480" /> | | **Dark** | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/stack-companion-before-dark.png" width="480" /> | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/stack-companion-after-dark.png" width="480" /> | ### Ask-AI command palette (⌘K → Ask AI) | | Before | After | |---|---|---| | **Light** | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/ask-ai-cmdk-before-light.png" width="480" /> | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/ask-ai-cmdk-after-light.png" width="480" /> | | **Dark** | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/ask-ai-cmdk-before-dark.png" width="480" /> | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/ask-ai-cmdk-after-dark.png" width="480" /> | ### Email editor — embedded chat panel | | Before | After | |---|---|---| | **Light** | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/email-editor-chat-before-light.png" width="480" /> | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/email-editor-chat-after-light.png" width="480" /> | | **Dark** | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/email-editor-chat-before-dark.png" width="480" /> | <img src="https://gist.githubusercontent.com/mantrakp04/323851437f41145aab12a27fb6c392b4/raw/email-editor-chat-after-dark.png" width="480" /> | ## Notes for reviewers The four surfaces above all previously shared `components/commands/ai-chat-shared.tsx` (516 lines, deleted). After this PR they each own a thin `ChatModelAdapter` and render through `components/assistant-ui/thread.tsx` + the new `chat-stream.ts` helpers. Visual differences between **before** and **after** are intentional — the `assistant-ui` `Thread` brings its own message bubbles, scroll-to-bottom behaviour, composer, and `ToolFallback` rendering. The email editor's chat panel is the surface where the behaviour change is most visible (tool-call rendering now consistent with the rest of the app). Heaviest changes (lines): - `components/stack-companion/ai-chat-widget.tsx` (571) - `components/commands/ai-chat-shared.tsx` (516, deleted) - `analytics/tables/ai-query-dialog.tsx` (429) - `components/vibe-coding/chat-adapters.ts` (400) - `components/assistant-ui/chat-stream.ts` (284, new) - `components/commands/ask-ai.tsx` (274) - `components/assistant-ui/thread.tsx` (115) - `components/assistant-ui/tool-fallback.tsx` (113) ## Test plan - [ ] `pnpm lint` - [ ] `pnpm typecheck` - [ ] Manually exercise each affected surface: command-center Ask AI, stack-companion widget, vibe-coding chat, analytics tables AI query, create-dashboard preview, email editor chat. - [ ] Verify tool-call chips render consistently across all four surfaces (uses the new `ToolFallback`). - [ ] Verify streaming + cancel works on each adapter (`chat-stream.ts` is shared).	2026-05-15 14:21:00 -07:00
Mantra	c808e23b7d	Data-grid overhaul + session-replays / team-payments dashboard surfaces (#1424) ... ## Summary Refactors the dashboard data-grid into a smaller, URL-state-aware primitive and lands several new dashboard surfaces around it: per-user session replays, team-level analytics and payments, and pagination for permission definitions. Also moves session replays out from under `/analytics` to a top-level surface and adds a `project_user.last_active_at` index that the new weekly-active metrics depend on. **Base:** `dev` → **Head:** `refactor/data-grid-and-dashboard-surfaces` **Scope:** 91 files, +5,644 / −1,858. Assets in [this gist](https://gist.github.com/mantrakp04/01bf8db4c71ec7a119b73d6ee60717a7). ## Screenshots Captured from a local dev server (dashboard at `:8101`, dummy project seeded with 26 users). Standard viewport **1920×1200**, widescreen **2560×1440**. ### Users list — data-grid overhaul in context | Light | Dark | | --- | --- | |  |  | Widescreen: | Light | Dark | | --- | --- | |  |  | ### User detail — new session-replays card + weekly metrics | Light | Dark | | --- | --- | |  |  | Widescreen: | Light | Dark | | --- | --- | |  |  | ### Session replays — moved out of `/analytics` | Light | Dark | | --- | --- | |  |  | Widescreen: | Light | Dark | | --- | --- | |  |  | ### Project permissions — new pagination | Light | Dark | | --- | --- | |  |  | Widescreen: | Light | Dark | | --- | --- | |  |  | ### Other migrated surfaces | Page | Light | Dark | | --- | --- | --- | | Project picker |  |  | | Overview / setup |  |  | | Teams list |  |  | | Team permissions |  |  | | API keys |  |  | ### Scroll behaviour — new data-grid on the users list | Light | Dark | | --- | --- | |  |  | ## What's new - **`packages/dashboard-ui-components/src/components/data-grid`** — rewritten. Trimmed `data-grid.tsx` from ~1.7k LOC, split sizing logic into `data-grid-sizing.ts`, added `use-url-state.ts` for URL-synced state, and added `data-grid.test.tsx`. - **Session replays** moved from `…/analytics/replays` to `…/session-replays` (top-level surface). New `user-session-replays.tsx` card on the user detail page; new internal `route.tsx` to feed it. - **Teams** detail page gains `team-analytics.tsx` and `team-payments.tsx`. - **Permissions** — new shared `permission-definitions-pagination.ts` consumed by both project and team permission CRUD routes. - **Backend** — Prisma migration `add_project_user_last_active_at_idx` + a `lastActiveAt` index that backs the new weekly-active metrics. - **Polish** — `editable-input`, `inline-save-discard`, `settings.tsx`, walkthrough steps, and several data-table components touched in line with the data-grid rewrite. ## Notes for reviewers - The data-grid rewrite changes the *shape* of state (now URL-synced), not just internals. Consumers in `apps/dashboard/src/components/data-table/*` were updated to match — please scan those for any missed knobs. - The `analytics/replays` → `session-replays` rename is git-tracked as renames; diffs should be small in those files. - New SDK surface in `packages/template/src/lib/stack-app/session-replays/index.ts` and additions in `admin-app-impl.ts` / `server-app-impl.ts` mean OpenAPI specs (`docs-mintlify/openapi/{admin,client}.json`) regenerate; the diff is mostly mechanical. ## Test plan - [ ] `pnpm typecheck` clean - [ ] `pnpm lint` clean - [ ] Data-grid unit tests pass (`packages/dashboard-ui-components`) - [ ] Manual: users list — column resize, sort, filter, paginate; URL state reflects each change and survives reload - [ ] Manual: user detail — session-replays card lists replays; weekly-metrics card renders without `lastActiveAt` index migration applied (i.e. on a fresh DB) and after applying it - [ ] Manual: project + team permissions — pagination cursor advances and stays consistent under search - [ ] Manual: session-replays top-level page loads; old `/analytics/replays/...` URL path is no longer expected to be linked anywhere <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Session Replays app (embedded mode, search, sorting, share links) * Tabbed Team pages with Team Analytics and Team Payments dashboards * Server-backed cursor pagination, debounced search, and infinite-scroll for teams/users/permissions * **UX** * Permission and member tables refresh after edits; permission creation triggers table refresh * Users list supports sorting by last-active * **Performance** * Index added to speed ProjectUser last-active queries * **Documentation** * API/SDK docs updated for pagination and new query params * Contributor guidance: explicit git-safety rules added (no destructive git ops without consent) * **Tests** * Added e2e tests for pagination and filtering on list endpoints <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-15 14:16:47 -07:00