Docker is difficult to run on macOS CI runners (colima VZ and QEMU
backends both crash). Split into two stages:
1. docker-build (Linux): builds arm64 Docker image, exports tarball
2. qemu-snapshot (macOS): provisions QEMU VM under HVF, captures snapshot
Add SKIP_DOCKER_BUILD=1 to build-image.sh to reuse a pre-built bundle.
- Fix 415 on artifact download: use application/vnd.github+json Accept header
- Fix EACCES on run-emulator.sh: chmod +x at runtime (npm strips execute bit)
- Move arm64 emulator build to a macOS-15 runner with HVF so the snapshot is
portable to developer Macs (KVM snapshots from Linux are not resumable under
HVF due to differing -cpu max feature sets)
Cross-arch arm64-on-amd64 docker buildx runs the rolldown-backed tsdown
build under qemu-user, whose futex emulation occasionally deadlocks the
worker threads. Wrap the call in a bounded timeout + 3-attempt retry so
a hang fails the layer in <11min and recovers on the next try.
Snapshot-resume mode dropped virtfs (QEMU disallows migration with 9p
mounted), leaving the container's /host bind mount empty so the
/local-emulator/project route returned 400. Hot-plug virtio-9p over a
pre-attached PCIe root port after resume, mount in guest via QGA, and
make /host a shared mount point with rshared docker propagation so the
new mount reaches the running container without restart.
run-emulator.sh ensure_runtime_config_iso now falls back to in-script
ISO generation when invoked outside the CLI (fixes pnpm emulator:start).
Also propagate fresh emulator credentials to VITE_/EXPO_PUBLIC_ env var
prefixes in the CLI run command.
- run-emulator.sh: drop wait_for_condition poll interval from 1s to 0.2s
- emulator.ts: replace existsSync+readFileSync TOCTOU in readInternalPck
with try/ENOENT; tighten initial backoff to 50ms; drop redundant
mkdirSync in startEmulator; surface stop-failure on stderr instead of
swallowing silently
- iso.ts: inline trivial buildRootDirRecordInVD wrapper
- stop_vm no longer deletes runtime-config.iso; the CLI owns its
lifecycle and the snapshot → cold-boot fallback needs it preserved
(cmd_reset still wipes RUN_DIR for a full reset). Also sweeps qga.sock.
- Write internal-pck to \$VM_DIR on the host in snapshot mode. Cold boot
publishes this via virtfs/9p; snapshot mode drops virtfs, so
--config-file flows would otherwise hang. Handles both the rotation
path (fresh PCK) and EMULATOR_NO_ROTATION (placeholder PCK).
- Pin RAM in snapshot mode to the build-time 4096 (overridable via
EMULATOR_SNAPSHOT_RAM). Migration replay requires an identical -m
value, same constraint as CPU count.
- Fail amd64 build when .savevm.zst is missing rather than shipping a
cold-boot-only release silently. arm64 stays best-effort for now
because it runs under TCG and can't be verified end-to-end.
- Install Node/pnpm on both arches. arm64 also runs
generate-env-development.mjs, which otherwise relied on the runner
image's preinstalled Node.
The docker/server image runs as the unprivileged `node` user, which
cannot write to /var/run. With `set -e` at the top of the script, the
failed `touch` aborted execution after sentinel replacement but before
the backend/dashboard were started — the Check server health CI step
then saw connection refused on ports 8101/8102.
Move the marker into $WORK_DIR (which is already created and owned by
the running user). The emulator snapshot-resume path still benefits: the
marker persists across supervisorctl restarts because $WORK_DIR lives
on the container filesystem.
First downloadArtifactByName already extracts both qcow2 and savevm.zst
from the single qemu-emulator-${arch} artifact; the second lookup for a
nonexistent -savevm artifact always failed and produced a misleading
'fast-start disabled' message.
Switch the CLI build step from `pnpm --filter @stackframe/stack-cli run
build` to `turbo run build --filter=@stackframe/stack-cli...` so that
stack-cli's workspace dependencies (@stackframe/js and
@stackframe/stack-shared) also get compiled to their dist/ outputs.
Without them, `node dist/index.js` fails with ERR_MODULE_NOT_FOUND at
import time.
Ubuntu 24.04 (ubicloud-standard-8) ships QEMU 8.2, which predates the
mapped-ram migration capability used by the fast-resume snapshot path.
Compile 10.2.2 once per runner image and cache the resulting /opt/qemu
so subsequent runs are fast.
Snapshot resume drops from ~14s to ~5-7s with rotation, ~2.5s without.
Build uses QEMU's mapped-ram + multifd migration capability so the RAM
state is written at page-aligned offsets in a sparse file. Runtime
decompresses the shipped .savevm.zst once to a local .raw cache and
reloads via -incoming file: + migrate-incoming on subsequent starts,
avoiding the per-start zstd decode.
Adds EMULATOR_NO_ROTATION=1 for tests/CI that don't mind the placeholder
secrets; saves the full ~3s rotation window.
Misc runtime cleanups: tighter QMP/QGA poll intervals (1s → 0.2s),
shorter socat keep-alive windows, 1s settle before the post-rotation
health-check to avoid racing old Node processes, fallback path preserves
the CLI-generated runtime-config.iso instead of blowing away VM_DIR.
Build-time qmp_session keeps stdin open briefly after the caller's
commands so migrate-set-capabilities is actually processed before
socat closes — without this, mapped-ram was silently a no-op.
CI workflow publishes .savevm.zst alongside the .qcow2 (optional asset;
CLI falls back to cold boot when missing). Test + verify steps go
through the CLI now that ISO generation is owned by packages/stack-cli.
Ships a compressed RAM/device snapshot (stack-emulator-<arch>.savevm.zst)
alongside the qcow2. `emulator start` resumes from it and rotates the
per-install secrets in place, taking cold-boot from 30-120s to ~6-7s.
Build phase adds a STACKCFG runtime ISO so stack.service can boot during
image creation, starts qemu-guest-agent so its virtio-serial port stays
open in the snapshot, then stop+migrate file:+quit via QMP.
Runtime sends fresh secrets through QGA guest-exec input-data, which pipes
them to trigger-fast-rotate and rotate-secrets inside the container:
targeted sed on the placeholder PCK in built JS, UPDATE on the internal
ApiKeySet, supervisorctl restart stack-app + cron-jobs. Placeholder hex
values are baked in instead of random keys under STACK_EMULATOR_BUILD_SNAPSHOT=1
so no real secret ships in the snapshot.
Device topology and SMP must match at capture and resume; runtime adds
phantom seed/bundle drives and pins SMP=4. Cold-boot fallback kicks in
automatically when the snapshot is missing, corrupt, or incompatible.
supervisord.conf now uses stopasgroup/killasgroup for stack-app and
cron-jobs so supervisor restart actually kills the Node children (they
were keeping their port bindings and breaking rotation).
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
## Summary
Fixes five independent UI bugs in the dashboard. Each is a narrow,
localized fix — no changes to shared table / card primitives.
### 1. Auth methods preview didn't update until save
Toggling Email/password, Magic link, or Passkey updated the switch UI
but the right-hand sign-in preview kept rendering the pre-save config
until "Save changes" was clicked. The preview was reading
`project.config` instead of the local pending state.
**Fix:** pass the computed local state (`passwordEnabled`, `otpEnabled`,
`passkeyEnabled`) into `AuthPage`'s `mockProject.config` so the preview
reflects toggles immediately.
| Before | After |
|---|---|
|
|
|
---
### 2. Email-drafts "New Draft" dropdown items stacked on two rows
Icon rendered above text in the dropdown because the icon was a child of
a non-flex inner wrapper inside `DropdownMenuItem` and phosphor icons
default to `display: block`.
**Fix:** use `DropdownMenuItem`'s built-in `icon` prop (which
absolute-positions the icon) instead of passing it as a child.
| Before | After |
|---|---|
|
|
|
---
### 3. Project-keys status filter: clicking options did nothing visible
`DesignDataTable` renders the toolbar outside the card when
`glassmorphic && !insideDesignCard`. The table instance was captured
once via `onTableReady`; filter clicks updated the table's internal
state (rows actually filtered to "No results") but the toolbar's parent
never re-rendered, so checkboxes, chip count, and button label stayed
frozen.
**Fix:** wrap `InternalApiKeyTable` in `DesignCard` so
`useInsideDesignCard()` returns true, `needsOwnCard` becomes false, and
the toolbar renders inside the `DataTable` where it re-renders normally.
No changes to the shared `DesignDataTable` component.
| Before | After |
|---|---|
|
|
|
---
### 4. Analytics "Tables" page only listed Events
`AVAILABLE_TABLES` was hardcoded to a single entry.
**Fix:** registered all 12 ClickHouse views that exist in the `default`
schema (events, users, contact_channels, teams, team_member_profiles,
team_permissions, team_invitations, email_outboxes, project_permissions,
notification_preferences, refresh_tokens, connected_accounts) with
sensible default sort columns. Widened `TableId` to `string`.
| Before | After |
|---|---|
|
|
|
---
### 5. Price input `$` prefix overlapped the number on prod
The Input composed `h-9 px-3 ... pl-7`. In production's CSS bundle order
`.px-3` declared after `.pl-7`, so `padding-left` resolved to 12px —
same as the prefix's `left-3` position — making `$` overlap the first
digit. The emulator's bundle happened to order them the other way, which
is why it only reproduced in prod. Verified with a devtools injection
that mimics the prod CSS ordering.
**Fix:** change `pl-7` → `!pl-7` in `repeating-input.tsx` so the prefix
padding wins regardless of CSS order.
| Before (prod CSS ordering) | After (same ordering) |
|---|---|
|
|
|
---
## Test plan
- [x] `pnpm --filter @stackframe/dashboard typecheck`
- [x] `pnpm --filter @stackframe/dashboard lint`
- [x] Manual verification of each issue against the local dev dashboard
at localhost:8101
- [ ] Reviewer: confirm no visual regressions on other `DesignDataTable`
usages (api-key-table is the only one wrapped here)
- [ ] Reviewer: confirm analytics queries on added tables work with the
signed-in user's permissions
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added 12 new analytics tables to the dashboard for enhanced data
visibility and tracking.
* **Bug Fixes**
* Fixed input styling issue with prefix alignment.
* **Style**
* Improved visual presentation of data tables with enhanced card
styling.
* Refined dropdown menu icon display for better UI consistency.
* Enhanced authentication preview settings to reflect current
configuration state.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added Stripe, OAuth, and Freestyle mock services to the local emulator
* Introduced `emulator run` CLI command to execute applications with
emulator credentials automatically injected
* Enhanced credential management for local development
* **Improvements**
* Improved ARM64 QEMU emulation with cross-architecture support
* Better error detection and logging during emulator provisioning
* Added example middleware configuration with authentication support
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Owned admin apps are constructed with `tokenStore: null`, which caused
EventTracker/SessionRecorder flushes to throw from
_ensurePersistentTokenStore() after #1331 removed the silencing.
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved analytics stability and privacy by restricting session
recording and event tracking to environments with required persistent
storage.
* **Tests**
* Adjusted a few end-to-end tests to skip when running against a local
emulator to reduce spurious failures.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
… V8 --jitless
2.6 GB to 1.3 GB final image
Flip arm64 matrix back to ubicloud-standard-8 so both arches share one
runner fleet. Cross-arch TCG on an amd64 host previously SIGTRAP'd in
migrations because V8's JIT emitted arm64 instructions that QEMU's
cross-arch translator mis-handled; pair the existing -cpu cortex-a72
fallback with NODE_OPTIONS=--jitless on the migration docker exec to
force V8 to stay on the interpreter. Does not affect amd64 migrations
(KVM, no TCG).
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Optimized emulator images with binary stripping, compression, and
preservation of standalone runtime dependencies.
* Improved multi-architecture build matrix, added optional KVM
detection/fallback, and gated certain emulator runtime steps for arm64.
* Enhanced build scripts to generate and include env files and persist
richer logs and artifacts.
* **New Features**
* Centralized provision entrypoint to streamline install → migrations →
slimming sequence.
* **Tests**
* Added a fast QEMU serial boot test for architecture validation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Extended `CliAuthAttempt` with `anonRefreshToken` and a migration.
- CLI `POST /auth/cli` accepts optional `anon_refresh_token` (must be an
anonymous user's refresh token for the current project).
- `POST /auth/cli/complete` supports `mode` `check` (anonymous vs none),
`claim-anon-session` (issue tokens for the linked anonymous session),
and `complete` (bind the browser session's refresh token to the
attempt). Completing clears `anonRefreshToken` on the row. We do **not**
merge anonymous account data into the signed-in user (that behavior was
removed as a security risk; the anonymous user remains unchanged).
- Template CLI confirmation page, stack-cli optional
`STACK_CLI_ANON_REFRESH_TOKEN`, SDK/spec updates, and e2e coverage.
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* CLI login supports attaching anonymous sessions and a multi-mode
confirm/claim/check flow; CLI tools now surface login codes and remove
anon token after use.
* Added interactive CLI auth demo page and a CLI simulator script.
* Client libraries: prompt flow accepts an optional anon token and a
promptLink(url, loginCode) callback.
* **Tests**
* Expanded end-to-end coverage for anonymous CLI sessions,
claim/complete/poll flows, upgrades, and error cases.
* **Documentation**
* Updated prompt CLI docs/spec to describe new options and callback
signature.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The gate delayed flushes until an access token resolved, but sendBatch
already resolves the session itself via _getSession() at send time, so
_lastKnownAccessToken was a redundant readiness check that caused
head-of-session events to be silently dropped on slow auth init and
suppressed uploads entirely when token fetch failed.
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Simplified analytics, session-replay, and event-tracking to stop
periodic background access-token refreshes; flushing now occurs based on
buffered data and lifecycle triggers.
* **Bug Fixes**
* Anonymous-user fallback tightened: anonymous identity is only applied
when explicitly requested as "anonymous-if-exists," preventing
unintended anonymous attribution.
* **Tests**
* Updated timing helper and removed token callback from test setups to
align with the new flush behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Updated package versions for '@supabase/*' libraries to 2.99.2 and
'@supabase/ssr' to 0.9.0.
- Added new devDependencies for 'rimraf' and 'framer-motion' in the
pnpm-lock file.
- Modified Next.js configuration to conditionally omit 'X-Frame-Options'
in development mode for better integration with Stack Auth dev tools.
- Refactored component exports in the template package to include
tracking for dev tools.
- Introduced new dev tool components and context for improved logging
and state management.
- Added styles for the dev tool indicator and panel, ensuring a
consistent dark theme.
- Implemented fetch interception to log API calls and user
authentication events in the dev tool.
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added comprehensive Developer Tools interface with tabs for Overview,
Components, AI Chat, Console, Dashboard, and Support.
* Integrated AI Chat assistant within Developer Tools for enhanced
debugging.
* Added component version tracking and update notifications.
* Implemented API request logging and event monitoring.
* Enhanced feedback system with support for bug reports and feature
requests.
* **Bug Fixes**
* Fixed Content Security Policy headers for local development
environments.
* **Dependencies**
* Added AI SDK integration packages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
This PR fixes the bug where analytics tool returns a lot of rows, which
results in huge token count. We do it by checking the number of
characters in the tool call, and if it is more than 50000 characters, we
send an error message rather than the rows and ask the ai to make more
focused queries.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* AI assistant shows friendlier, categorized error messages and captures
unexpected errors for diagnosis.
* UI now displays classifier-derived, user-friendly AI error text.
* **Bug Fixes & Improvements**
* Enforced a hard size budget for SQL query results and gracefully
handles oversized responses.
* Centralized safer database error messaging to avoid leaking internal
details.
* Strengthened AI guidance to prefer narrower queries, safer column
selection, and pairing GROUP BY with ORDER BY + LIMIT.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR puts the ask ai functionality into the ai stack companion, along
with persistent history.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* "Ask AI" chat sidebar with streaming assistant responses, progressive
word-by-word reveal, auto-scroll, Enter-to-send and Arrow-key
navigation, "Thinking…" and error indicators
* Chat UI primitives: inline/code blocks, smart links, copy-to-clipboard
for code/URLs, and expandable tool-result cards with copyable outputs
* **Bug Fixes**
* Prevented button/menu clicks inside list items from bubbling to parent
row handlers
* **Refactor**
* Chat rendering, streaming, parsing, and UI helpers consolidated into a
shared module and integrated into the sidebar widget
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
`window.screen` and `window.history` are accessor properties on
`Window.prototype`, so `Object.getOwnPropertyDescriptor(window,
X)?.value` returned undefined in real browsers, causing `start()` to
short-circuit and never capture or send any $page-view / $click events.
Read the globals directly instead; the jsdom-based regression test pins
the accessor-descriptor shape so this can't silently come back.
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Tests**
* Added a new test suite verifying event batching, timing, page-view and
click event capture, and client-side navigation behavior using simulated
timers and DOM environment.
* **Bug Fixes**
* Improved event tracker reliability by changing how browser screen and
history are read, yielding more consistent detection of screen
dimensions and navigation for analytics capture.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
