https://www.loom.com/share/64ad2f97fdd9476ebe5b66202098ec60
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Project logos now display on the purchase page; API surfaces
project_logo_url for the UI.
* Redesigned purchase page with responsive split-panel layout,
selectable pricing grid, quantity controls, and clearer invalid-code
messaging.
* **Tests**
* Added/updated end-to-end tests to cover project logo handling and
validate-code responses.
* **Chores**
* Updated image-processing dependency to a newer version.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<img width="567" height="249" alt="Screenshot 2025-10-20 at 11 23 10 AM"
src="https://github.com/user-attachments/assets/340df844-f619-489f-8d41-cc26bc165018"
/>
<img width="595" height="255" alt="Screenshot 2025-10-20 at 11 24 00 AM"
src="https://github.com/user-attachments/assets/9321bda1-e6f0-4f53-8c6b-e29d0fc16038"
/>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR optimizes the performance of user list and metrics endpoints by
refactoring SQL queries to use more efficient patterns. The changes
include rewriting queries to use `LATERAL` joins and CTEs with proper
filtering, extracting common user mapping logic into reusable functions,
and adding performance tests with SQL scripts to generate realistic test
data (10,000 mock users and activity events across 100 countries).
⏱️ Estimated Review Time: 30-90 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `apps/e2e/tests/backend/performance/mock-users.sql` |
| 2 | `apps/e2e/tests/backend/performance/mock-metric-events.sql` |
| 3 | `apps/e2e/tests/backend/performance/users-list.test.ts` |
| 4 | `apps/backend/src/app/api/latest/users/crud.tsx` |
| 5 | `apps/backend/src/app/api/latest/internal/metrics/route.tsx` |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Optimize metrics and user list endpoints with SQL refactoring,
caching, and performance tests, adding a `CacheEntry` model and mock
data scripts.
>
> - **Performance Optimization**:
> - Refactor SQL queries in `route.tsx` to use `LATERAL` joins and CTEs
for efficient data retrieval.
> - Implement caching in `route.tsx` using `getOrSetCacheValue()` to
reduce database load.
> - **Database Changes**:
> - Add `CacheEntry` model to `schema.prisma` and create corresponding
table and index in `migration.sql`.
> - Remove auto-migration metadata step from
`check-prisma-migrations.yaml`.
> - **Testing**:
> - Add performance tests in `metrics.test.ts` to benchmark metrics and
user endpoints.
> - Create mock data scripts `mock-users.sql` and
`mock-metric-events.sql` for testing with 10,000 users and events across
100 countries.
> - **Miscellaneous**:
> - Update `db-migrations.ts` to include new migration file generation
logic.
> - Add `cache.tsx` for caching logic implementation.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 4d9be71063. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Metrics now use a cache layer with per-entry TTL and tenancy-aware
loaders.
* **Bug Fixes**
* Improved accuracy of daily active and related metrics with
tenancy-aware counting and more robust last-active computation.
* **Performance**
* Faster metrics responses via batched reads and cache-backed endpoints.
* **Tests**
* Added end-to-end performance benchmarks and SQL seed scripts for
metrics/user load testing.
* **Chores**
* DB migration added support for cached entries; CI migration check flow
adjusted; migration tooling improved.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Invitation flow now derives the invitation link from a provided origin
rather than accepting a full callback URL.
* **Bug Fixes / Security**
* Enforced origin whitelist for invitation redirects to prevent
untrusted callback URLs.
* **Tests**
* Added a test ensuring untrusted callback URLs are rejected with a
proper error response.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds a unified documentation widget to the dashboard, enabling in-app
viewing and switching of documentation types with platform-specific
adaptations.
>
> - **Behavior**:
> - Adds `UnifiedDocsWidget` to `stack-companion.tsx` for viewing docs
within the dashboard.
> - Supports platform switching, back navigation, sidebar toggle,
loading/error states, and external opening.
> - Adapts content based on current page across dashboard, docs, and
API.
> - **Documentation**:
> - Adds embedded routes/layouts in `docs/src/app` for `api-embed`,
`dashboard-embed`, and `docs-embed`.
> - Implements `EmbeddedLinkInterceptor` and `PlatformChangeNotifier`
for link handling and platform change notifications.
> - Updates `generate-docs.js` to include dashboard docs generation.
> - **Configuration**:
> - Adds `NEXT_PUBLIC_STACK_DOCS_BASE_URL` to `.env.development` and
`env.tsx`.
> - Configures CORS headers in `next.config.mjs` for dashboard
embedding.
> - **Misc**:
> - Updates styling in `global.css` to support embedded content.
> - Adds `EmbeddedLink` component for MDX link handling in
`mdx-components.tsx`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 5760b90ea6. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Unified embedded docs viewer added to the dashboard with multi-type
support, navigation controls, back navigation, and external-open
behavior
* In-iframe link interception and MDX embedded-link support for seamless
embedded navigation
* **Style**
* Improved CSS for embedded content: scrollbar hiding, overflow
handling, responsive media and code blocks
* **Chores**
* Added dashboard docs collection, embed routes/layouts, CORS headers,
and env config for docs embedding
* **UX**
* Consolidated account UI in mobile header; improved auth panel
open/close animations
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Invite users to teams by email with customizable callback URLs.
- View and revoke pending invitations from the team management UI.
- Track and enforce team seat capacity, disabling invites when full.
- **Improvements**
- Upgrade flow now redirects to the checkout URL from the team UI.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Sign-up accepts an optional verification callback URL and a new
opt-out flag to disable email verification; when opted-out or absent,
URL checks and verification emails are skipped.
* Client APIs and runtime validation updated to forbid providing a
callback URL when opting out. Sign-up now retries without a callback if
a redirect URL is not whitelisted.
* **Tests**
* End-to-end tests added for sign-up without verification and for
conflicting verification settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <N2D4@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved email rendering reliability by detecting and handling cases
where template executions produce no result, preventing silent failures.
* Enhanced error reporting for both single and batched email generation
so failures are captured and surfaced more consistently for faster
diagnosis.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR adds support for custom `metadata` to inline products in the
payments system. The change allows developers to attach arbitrary
metadata to products created inline (without pre-configuration), which
Stack Auth will store and return with the product. This enables
applications to associate custom data such as feature flags, reference
IDs, or other application-specific attributes with products. The
implementation adds a new `productSchemaWithMetadata` schema, updates
the product type handling in the backend, and includes comprehensive e2e
tests verifying metadata is persisted and returned correctly through
purchase creation, validation, and listing endpoints.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `packages/stack-shared/src/schema-fields.ts` |
| 2 | `apps/backend/src/lib/payments.tsx` |
| 3 |
`apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts`
|
| 4 |
`apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts`
|
| 5 |
`apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts` |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Products now support custom metadata (client, client read-only, and
server) and expose these fields in inline product representations.
* Metadata is preserved and propagated through purchase creation,
validation, grants, and owned-product listings so it’s available after
purchase.
* **Tests**
* Added end-to-end tests verifying metadata is accepted, persisted, and
returned in purchase creation, validation, grant, and listing flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds support for custom metadata in inline products, updating schemas
and functions to handle metadata, with comprehensive tests verifying the
changes.
>
> - **Behavior**:
> - Adds support for custom metadata in inline products, allowing
arbitrary metadata attachment.
> - Updates `ensureProductIdOrInlineProduct()` and
`productToInlineProduct()` in `payments.tsx` to handle metadata.
> - Metadata is preserved and returned in purchase creation, validation,
and listing endpoints.
> - **Schemas**:
> - Adds `productSchemaWithMetadata` in `schema-fields.ts` to include
`clientMetadata`, `clientReadOnlyMetadata`, and `serverMetadata`.
> - Updates `inlineProductSchema` to support metadata fields.
> - **Tests**:
> - Adds e2e tests in `purchase-session.test.ts`,
`create-purchase-url.test.ts`, and `products.test.ts` to verify metadata
handling.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 1b5601c991. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
Enhances the search functionality to now use the MCP server.
Now handles API endpoints and webhooks.
Now looks at what platform the user has selected, and searches based on
that. User can choose to filter differently if needed.
<img width="686" height="608" alt="image"
src="https://github.com/user-attachments/assets/641c9bd2-60d2-44b3-86ca-a4506257b430"
/>
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR enhances the search functionality for Stack Auth documentation
by integrating it with their MCP (Model Control Plane) server. The
implementation replaces the previous client-side search algorithm with a
server-side approach that leverages the MCP's search capabilities. The
changes affect three main files: the MCP handler that now includes a new
`search_docs` tool, the search route handler that now forwards queries
to the MCP server instead of performing local searches, and the search
dialog UI that has been updated to better handle platform-specific
filtering and API documentation. The new implementation provides more
relevant search results and automatically filters based on the user's
current platform context, while allowing users to customize their search
filters as needed.
⏱️ Estimated Review Time: 30-90 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `docs/src/app/api/internal/[transport]/route.ts` |
| 2 | `docs/src/app/api/search/route.ts` |
| 3 | `docs/src/components/layout/custom-search-dialog.tsx` |
</details>
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Enhances search by integrating with MCP server, updating UI for
platform-specific filtering, and improving result presentation.
>
> - **Search Functionality**:
> - Integrates search with MCP server in `route.ts` files, replacing
client-side search.
> - Supports API and platform-specific results, filtering out admin API
endpoints.
> - Sorts results by platform priority.
> - **UI Updates**:
> - Updates `custom-search-dialog.tsx` to support platform-specific
filtering and API results.
> - Adds platform badges and icons for different result types.
> - Auto-detects platform from URL and adjusts search filters
accordingly.
> - **Miscellaneous**:
> - Adds new helper functions for platform extraction and MCP server
communication.
> - Improves error handling and logging for search operations.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 9941d02bd5. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- RECURSEML_ANALYSIS:START -->
## Review by RecurseML
_🔍 Review performed on
[7a0bf86..28264f7](7a0bf86cb3...28264f7f99)_
| Severity | Location | Issue
| Delete |
|:----------:|----------|-------|:--------:|
|  |
[docs/src/app/api/internal/[transport]/route.ts:125](https://github.com/stack-auth/stack-auth/pull/909#discussion_r2368682927)
| API parameter 'query' uses camelCase instead of required snake_case |
[
|
|  |
[docs/src/app/api/internal/[transport]/route.ts:126](https://github.com/stack-auth/stack-auth/pull/909#discussion_r2368683094)
| API parameter 'limit' uses camelCase instead of required snake_case |
[
|
|  |
[docs/src/app/api/internal/[transport]/route.ts:174](https://github.com/stack-auth/stack-auth/pull/909#discussion_r2368683229)
| Async operation not wrapped with runAsynchronously |
[
|
|  |
[docs/src/app/api/search/route.ts:23](https://github.com/stack-auth/stack-auth/pull/909#discussion_r2368683372)
| REST API parameters not using snake_case |
[
|
|  |
[docs/src/app/api/search/route.ts:130](https://github.com/stack-auth/stack-auth/pull/909#discussion_r2368683491)
| Async function call not wrapped in runAsynchronously |
[
|
|  |
[docs/src/app/api/search/route.ts:11](https://github.com/stack-auth/stack-auth/pull/909#discussion_r2368683588)
| Async function definition without proper runAsynchronously usage |
[
|
<details>
<summary>✅ Files analyzed, no issues (1)</summary>
• `docs/src/components/layout/custom-search-dialog.tsx`
</details>
[](https://discord.gg/n3SsVDAW6U)
<!-- RECURSEML_ANALYSIS:END -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Search now includes API docs as an "API" result type with relevance
snippets, API-specific icons and group titles.
* Platform-aware filtering auto-detects platform on open and adds “API
only” and “Platform + API” views.
* **Improvements**
* Search is powered by a centralized streamed service for more
consistent results, better error handling, and fallbacks.
* Results are ordered with platform-priority, show clearer
counts/footers, and present more resilient, unified result formatting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
