Commit Graph

2089 Commits

Author SHA1 Message Date
Mantra
6bbc792fb3
refactor: migrate config parsing from Babel AST to jiti (#1661)
Some checks are pending
all-good: Did all the other checks pass? / all-good (push) Waiting to run
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Waiting to run
Docker Server Build and Push / Docker Build and Push Server (push) Waiting to run
Docker Server Build and Run / docker (push) Waiting to run
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Waiting to run
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Waiting to run
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Waiting to run
Runs E2E API Tests with custom port prefix / build (22.x) (push) Waiting to run
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Waiting to run
Lint & build / lint_and_build (24) (push) Waiting to run
Publish npm packages / publish (push) Waiting to run
Publish Swift SDK to prerelease repo / publish (push) Waiting to run
TOC Generator / TOC Generator (push) Waiting to run
## Summary

Replace `parseHexclaveConfigFileContent` /
`evaluateStaticConfigExpression` (Babel AST walker) with
`evalConfigFileContent` using `jiti.evalModule()`. Move
`renderConfigFileContent` from `hexclave-config-file.ts` →
`config-rendering.ts`.

Added `jiti` dep to `@hexclave/shared` (already used in shared-backend,
dashboard, backend, cli).

Link to Devin session:
https://app.devin.ai/sessions/cb098b1fb62b4dfeaf3324bc2e1377f1
Requested by: @mantrakp04

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Migrates trusted config evaluation to `jiti` and moves GitHub config
edits to a server‑side repo agent running in a Vercel Sandbox with an
apply → review → commit flow. Adds run tracking, safer defaults, and a
dashboard diff review with clear, user‑facing errors.

- **New Features**
- Two‑phase flow and endpoints: POST `/internal/config/github/apply`,
`.../commit`, `.../cancel`, plus GET `.../run`; each run tracked by
`run_id` in `ConfigAgentRun` (status, stage, progress, diff, base
commit, sandbox id). Run ids validated as UUIDs.
- Repo agent runs in a fresh sandboxed clone; warm‑boot via base
snapshot (`apps/backend/scripts/config-agent/build-image.ts`,
`HEXCLAVE_CONFIG_AGENT_BASE_SNAPSHOT_ID`). Captures a unified diff and
base commit, stops the sandbox at review, then rebuilds files from the
stored diff on commit. Returns `commitSha`, uses a safe conflict error,
and strips OAuth tokens from git remotes.
- Dashboard: non‑dismissible progress and diff preview using
`@pierre/diffs` with a cross‑tab run watcher; blocks conflicting edits
and supports cancel/commit review flow. Adds an RDE “apply” path with
progress UI.
- AI proxy defaults to `/api/latest/integrations/ai-proxy` (production
passthrough via `PRODUCTION_AI_PROXY_BASE_URL`); adds
`anthropic/claude-haiku-4.5`.

- **Refactors and Fixes**
- Trusted eval via `@hexclave/shared` `config-eval` using `jiti`;
browser‑safe parsing for untrusted GitHub content; rendering remains in
`config-rendering`. Clear separation of Node‑only code into
`config-eval`.
- Shared agent/updater logic moved to `@hexclave/shared-backend`;
removed deterministic fast path so all writes go through the agent to
preserve authoring. CLI and emulator updated to use `config-eval`.
- Defaults/renames: config file `hexclave.config.ts` (CLI `config pull`
defaults to this path), workflow `hexclave-config-sync.yml`; env
prefixes standardized to `HEXCLAVE_*`.
- Integrity and UX: commit advancement gated to the current linked
repo/branch; cancel clears any captured diff; elapsed timer handles late
starts and the not‑started sentinel; loader vs invalid config export
errors separated for accurate messaging.
- Onboarding and seeds: wizard now uses environment‑based OAuth provider
setup with updated tests; corrected GitHub owner in dummy project
seeding.

<sup>Written for commit 6cf0e899a0.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1661?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Improved configuration file parsing/validation by evaluating config
modules, supporting both string and object-based `config` exports and
ensuring the expected `config` export is present.
* Updated config rendering and import-package detection to consistently
generate the `config` export and handle legacy package entrypoints.
* Tightened handling of non-statically-resolvable forms during update
flows.
* **Tests**
* Updated and extended config parsing/validation tests to reflect the
new evaluation behavior and edge cases.
* **Chores**
  * Added a Jiti-based dependency to support runtime evaluation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: mantra <mantra@stack-auth.com>
2026-06-29 10:25:11 -07:00
devin-ai-integration[bot]
c54ab2874d
Replace browser alert() with DesignDialog in user create/edit flow (#1680)
## Summary

In `UserDialog`, duplicate-email errors (`UserWithEmailAlreadyExists`,
`ContactChannelAlreadyUsedForAuthBySomeoneElse`) were shown via
`window.alert()`. Replaced with a controlled `DesignDialog` using
`WarningCircleIcon`, so the error appears as a styled modal instead of a
native browser popup.

Link to Devin session:
https://app.devin.ai/sessions/99d73091c47a4a58b33d8724df5a7ce8

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Replaced `window.alert()` in the user create/edit flow with a controlled
`DesignDialog` for duplicate-email errors (`UserWithEmailAlreadyExists`,
`ContactChannelAlreadyUsedForAuthBySomeoneElse`). Uses
`WarningCircleIcon` with an OK action, preserves form data via
`prevent-close-and-prevent-reset`, clears dialog state when the form
closes, and fixes a max-statements-per-line lint warning.

<sup>Written for commit 274fcb8e9b.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1680?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->

---------

Co-authored-by: vedanta.gawande <vedanta.gawande@gmail.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: Armaan Jain <84474476+Developing-Gamer@users.noreply.github.com>
2026-06-29 10:18:16 -07:00
devin-ai-integration[bot]
4a0f2b1778
Default user export to filtered scope; note Anonymous in all-users label (#1679)
## Summary
Two changes to the user data export dialog on the project Users page:

1. The export scope now defaults to **"Export only filtered/searched
users"** instead of "all users".
2. The all-users option label is now **"Export all users in the project
(includes Anonymous)"**.

To keep this scoped to the Users table (the shared export dialog is
reused by other tables), the dialog's default scope is made configurable
rather than changed globally:

- `DataGridExportOptions` gains `defaultScope?: DataGridExportScope`
(defaults to `"all"`).
- The dialog initializes `useState(exportOptions?.defaultScope ??
"all")`.
- `user-table.tsx` passes `defaultScope: "filtered"` and the updated
`allScopeLabel`.

Other tables (teams, transactions, emails) are unaffected — they keep
the `"all"` default.

Link to Devin session:
https://app.devin.ai/sessions/4996678b2b944090b6eef2f64f0a62a1

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Default the Users export dialog to filtered scope and clarify that the
"all users" option includes Anonymous; scope resets to the per-table
default only when the dialog reopens, and other tables keep "all".

- **New Features**
- Added `defaultScope` to export options and initialized scope from it;
Users table sets `defaultScope: "filtered"` and updates the all-users
label.
- Reset scope to `defaultScope` only on a closed→open transition to
avoid changing it while the dialog is open.

- **Bug Fixes**
- Stubbed `NODE_ENV` via `vi.stubEnv` in
`apps/backend/src/oauth/ssrf-protection.test.ts` to fix lint and prevent
env mutation.

<sup>Written for commit 3aa670b6d2.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1679?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->

---------

Co-authored-by: vedanta.gawande <vedanta.gawande@gmail.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-06-29 09:31:06 -07:00
github-actions[bot]
092c27dd0e chore: update package versions 2026-06-27 22:00:12 +00:00
Konstantin Wohlwend
c6d162e5c8 Fix negative email queue step deltas 2026-06-27 14:54:24 -07:00
Konstantin Wohlwend
9c438fa604 Update RDE project keys 2026-06-26 18:48:33 -07:00
Konstantin Wohlwend
cf4f9b8918 Local dashboard header 2026-06-26 17:50:18 -07:00
Konsti Wohlwend
4a77dd98ca
Show config file paths instead of project cards on /projects for RDEs (#1676) 2026-06-26 17:30:14 -07:00
github-actions[bot]
e70e95a3af chore: update package versions 2026-06-27 00:28:49 +00:00
Konstantin Wohlwend
f49817655a Simpler post-onboarding configs 2026-06-26 16:09:06 -07:00
Konstantin Wohlwend
cf17fff37d stack dev -> hexclave dev 2026-06-26 16:05:34 -07:00
BilalG1
74471d8d30
feat(emails): allow custom emails on shared server with dev wrapper (#1673)
## What

Custom emails / templates / drafts sent through Hexclave's **shared
(development) email server** are no longer blocked with
`RequiresCustomEmailServer`. They are now allowed, but their **subject
and body are wrapped** at send time with a notice that this is a
development email from Hexclave, so unexpected recipients know they can
safely ignore it.

The wrapper only applies to **project-defined content addressed to the
project's own users**. Hexclave's own default-template emails
(verification, password reset, magic link, etc.) and system
notifications (credential-scanning alerts, internal feedback) are sent
**verbatim**.

## How

-
**[send-email/route.tsx](apps/backend/src/app/api/latest/emails/send-email/route.tsx)**
— removed the `RequiresCustomEmailServer` throw that blocked the shared
server.
- **[emails.tsx](apps/backend/src/lib/emails.tsx)** — added
`wrapSharedDevEmail()` (prefixes the subject with `[Hexclave dev email]`
and prepends a notice banner to HTML/text) and
`isCustomEmailForSharedServer(recipient, createdWith, templateId)`.
- **[email-queue-step.tsx](apps/backend/src/lib/email-queue-step.tsx)**
— applies the wrapper at send time, gated on `emailConfig.type ===
"shared"` **and** the email being project-defined custom content.
Applying it at send time reliably wraps both the subject (from
`overrideSubject` or the template's `<Subject>`) and the rendered HTML.

### What counts as "wrap-eligible"
`isCustomEmailForSharedServer` returns true only when **all** hold:
1. the email is addressed to one of the project's own users (recipient
type is not `custom-emails`), **and**
2. it is a draft, a custom template, or raw HTML — i.e. **not** one of
the built-in `DEFAULT_TEMPLATE_IDS`.

Condition (1) exempts Hexclave's own system senders (credential-scanning
revoke, internal feedback) which send raw HTML to bare addresses via
`custom-emails` and would otherwise be mis-classified as project
content. This was a bug caught in review — a leaked-API-key security
alert to a shared-server customer would have been prefixed `[Hexclave
dev email]` with a "you can safely ignore it" banner. The recipient type
is already persisted on the outbox row, so no schema change was needed.

## Tests

- **send-email.test.ts** — replaced the old "400 on shared config" test
with two new tests: (a) a custom email on the shared server is delivered
with the `[Hexclave dev email]` subject prefix + notice banner, and (b)
a **default template** (`sign_in_invitation`) on the shared server is
delivered **verbatim** (no prefix, no banner) — pinning the core safety
contract.
- **js/email.test.ts** — flipped the "throws RequiresCustomEmailServer"
test to assert the send now resolves.

Verified locally against a full stack:
-  `send-email.test.ts` — 18/18
-  `js/email.test.ts` — 12/12
-  `password/send-reset-code.test.ts` — passes (default templates on
shared server stay unwrapped)

## Known limitations (intentional scope)

- **Template CRUD still blocked on the shared server.**
`internal/email-templates` routes still throw
`RequiresCustomEmailServer`, so a shared-server project can send raw
HTML / a default template via the API but cannot create or edit a
*saved* custom template. Sending arbitrary HTML is unaffected; only the
saved-template editor remains gated.
- **A project can send a (project-edited) default template unwrapped**
by calling `send-email` with a `template_id` equal to a built-in
`DEFAULT_TEMPLATE_IDS` value. Low impact (requires a server key, limited
upside), noted for awareness.

## Note: freestyle-mock fix included


[freestyle-mock/Dockerfile](docker/dependencies/freestyle-mock/Dockerfile)
now also accepts `/execute/v3/script`. The `freestyle` SDK bump in #1654
moved to `/v3`, but the mock only served `/v1`+`/v2`, so **all** local
email rendering 404'd (pre-existing `dev` breakage, not from this
feature). The v3 request/response is identical to v2. Happy to split
this into its own PR if preferred.

Out of scope: `emails/email-queue.test.ts` has 2 pre-existing snapshot
failures (`margin:0` vs recorded `margin:0rem`, a
`@react-email/components` version drift in the mock) — those tests use a
custom email server, so this PR's shared-only code path never runs for
them.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Email sending can now proceed when using a shared email server.
* Development-style wrapping is applied to eligible shared-server custom
email content, including HTML notice injection.

* **Bug Fixes**
* Removed the previous blocking “requires custom email server” behavior
for shared-server configurations.
* Default-template emails over the shared server are no longer wrapped.

* **Tests**
* Updated end-to-end and JS email tests to validate both wrapped
custom-email behavior and unwrapped default-template behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-26 15:44:44 -07:00
github-actions[bot]
c868ec31bc chore: update package versions 2026-06-26 21:28:46 +00:00
github-actions[bot]
788e7cc87c chore: update package versions 2026-06-26 21:18:23 +00:00
Konstantin Wohlwend
912eea4f7f Improve local agent update logging 2026-06-26 14:08:03 -07:00
Konstantin Wohlwend
dff454f47f Document init script less 2026-06-26 13:50:48 -07:00
BilalG1
e3e4ac908d
Fix preview-mode logout when opening account settings (#1670)
## Problem

In **preview mode**, clicking the user profile → **Account settings**
logs the user out and strands them on a sign-in page they can't get
past.

Root cause is a combination of three things:

- Preview mode uses an **in-memory** token store (`tokenStore:
"memory"`), so any full page reload wipes the session.
- The account-settings menu item calls
`app.redirectToAccountSettings()`, whose `redirectTo*` helpers fall
through to `window.location.assign` on the client — a **hard reload**.
- The `/handler/account-settings` route lives **outside** the
`(protected)` layout that performs the preview auto-login, so nothing
re-mints the preview session after the reload.

Net effect: hard nav → in-memory session wiped → `useUser({ or:
'redirect' })` finds no user → redirect to sign-in, with no way back in
(preview credentials are a throwaway UUID).

In normal (cookie) mode this is harmless because the cookie survives the
reload — the bug is preview-specific.

## Fix

Soft-navigate from the menu item using `app.useNavigate()` (a
`router.push` wrapper under the `"nextjs"` redirect method) instead of
`redirectToAccountSettings()`. A soft client-side navigation does not
re-evaluate the JS bundle, so the module-singleton app instance and its
in-memory token store stay alive.

The fix is scoped to the single dashboard call site rather than the
shared SDK `redirectToAccountSettings()` method, which ships to all
customers and intentionally hard-navigates for cross-domain / sign-out
flows.

## Note / follow-up

This covers navigation **from within the app**, which is the only in-app
entry point to account settings. It does **not** cover a hard refresh or
a direct link to `/handler/account-settings` in preview mode — those
still wipe the in-memory session because the handler route has no
auto-login. A fuller root-cause fix would bring the preview auto-login
(or the `(protected)` layout) to the handler route.

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Fixes preview-mode logout when opening Account settings by switching the
dashboard menu to a soft client-side nav using `app.useNavigate()`
instead of a hard reload. This preserves the in-memory session.

- **Bug Fixes**
- Soft-navigate to `/handler/account-settings` via `app.useNavigate()`
to avoid wiping the preview token.
- Change scoped to the dashboard menu; `redirectToAccountSettings()` in
the SDK remains unchanged.

<sup>Written for commit 0e0c3a1bab.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1670?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* The “Account settings” menu now opens with smooth in-app navigation
instead of a full page reload, making the experience faster and more
seamless.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-26 13:43:48 -07:00
github-actions[bot]
ee48755ef3 chore: update package versions 2026-06-26 20:38:10 +00:00
Vedanta-Gawande
164374f6c8
User page email filtering (#1668) 2026-06-26 12:27:24 -07:00
github-actions[bot]
53b0cae480 chore: update package versions 2026-06-26 19:10:16 +00:00
github-actions[bot]
fc6d111e6b chore: update package versions 2026-06-26 18:50:39 +00:00
Konstantin Wohlwend
014437f478 Better error handling 2026-06-26 11:42:22 -07:00
Armaan Jain
2474b600de
Redo setup page onboarding UI (#1659)
## Summary
- Reworks the setup page into recommended/manual onboarding flows with
clearer setup guidance and an explicit MCP verification step.
- Polishes setup UI surfaces, framework selector cards, step indicators,
code blocks, and key display styling.
- Replaces raw env key textareas with a masked env-file viewer and
reveal/copy controls.

## Screenshots
### Recommended Setup
| | Light | Dark |
| --- | --- | --- |
| Overview | ![Recommended setup light
overview](https://gist.githubusercontent.com/Developing-Gamer/71107f429eeb4f17a1aed5394f3ec220/raw/01-recommended-light-top.png)
| ![Recommended setup dark
overview](https://gist.githubusercontent.com/Developing-Gamer/71107f429eeb4f17a1aed5394f3ec220/raw/03-recommended-dark-top.png)
|
| Keys | ![Recommended setup light
keys](https://gist.githubusercontent.com/Developing-Gamer/71107f429eeb4f17a1aed5394f3ec220/raw/02-recommended-light-keys.png)
| ![Recommended setup dark
keys](https://gist.githubusercontent.com/Developing-Gamer/71107f429eeb4f17a1aed5394f3ec220/raw/04-recommended-dark-keys.png)
|

### Manual Setup
Framework selector:

![Manual setup framework
selector](https://gist.githubusercontent.com/Developing-Gamer/71107f429eeb4f17a1aed5394f3ec220/raw/05-manual-dark-frameworks.png)

Next.js keys:

![Manual setup Next.js
keys](https://gist.githubusercontent.com/Developing-Gamer/71107f429eeb4f17a1aed5394f3ec220/raw/06-manual-dark-next-keys.png)

Code block syntax highlighting:

![Manual setup code
blocks](https://gist.githubusercontent.com/Developing-Gamer/71107f429eeb4f17a1aed5394f3ec220/raw/07-manual-dark-codeblocks.png)

TanStack Start keys:

![Manual setup TanStack
keys](https://gist.githubusercontent.com/Developing-Gamer/71107f429eeb4f17a1aed5394f3ec220/raw/08-manual-dark-tanstack-keys.png)

## Test plan
- [x] Ran `pnpm --filter @hexclave/dashboard lint`
- [x] Manually checked recommended setup, manual setup, masked/revealed
keys, and light/dark mode screenshots

Made with [Cursor](https://cursor.com)

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Redesigned the Setup page around a single cloud‑first prompt and a
docs‑linked Manual path, with a masked `.env` viewer and refreshed code
panels. Environment‑aware docs/API URLs, explicit MCP verification, and
stricter tab handling make onboarding clearer and safer.

- **New Features**
- Recommended flow shows a prefilled cloud setup prompt (API URL and
project ID) inline; Manual opens the latest setup docs.
- Replaced textareas with `EnvFileViewer` for `.env.local`/`.env`
(reveal-all and copy file); “Generate Keys” CTA when keys are missing.
- Secret inputs in `CopyField` support show/hide; `CodeBlock` uses
shared `codePanelShellClasses` and header.
  - Added a final “Done” step with an Explore Dashboard CTA.

- **Bug Fixes**
- MCP server registration details are correct and explicitly called out
for verification (name `hexclave`, URL `https://mcp.hexclave.com/mcp`).
- Tabs fail fast on unexpected values; docs/API base URLs read from
`NEXT_PUBLIC_STACK_DOCS_BASE_URL`/`NEXT_PUBLIC_STACK_API_URL` with
fallbacks; updated `.env.development` docs URL.

<sup>Written for commit 2cd3486ac6.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1659?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Setup onboarding now uses “Recommended” and “Manual setup” tabs with
an ordered checklist and a shared in-page setup prompt.
* Environment key generation now uses a line-by-line env file viewer
with masking/reveal and copy support, including “Generate Keys” when
keys are missing.
  * Secret fields now include show/hide toggles.
* **Bug Fixes**
* Documentation links now open the correct constructed URLs based on the
configured docs base URL (with a sensible fallback).
* **Style**
* Refreshed code panel and input/textarea theming, including improved
light/dark styling and updated copy-field behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: armaan <armaan@stack-auth.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-06-26 23:43:56 +05:30
BilalG1
d2a84f5a28
fix: reduce recurring production Sentry errors (Stripe webhooks, email, session replay) (#1667)
## Summary

A cleanup pass over recurring production errors triaged from Sentry
(`stackframe-pw` org). The common thread: expected/edge-case conditions
thrown as `HexclaveAssertionError` / `captureError`, so Sentry filed
them as errors (and, for the Stripe ones, Stripe redelivered
indefinitely). Each is handled at the source or logged at the correct
severity.

| Sentry issue | Fix | Risk |
|---|---|---|
|
[STACK-BACKEND-1F5](https://stackframe-pw.sentry.io/issues/STACK-BACKEND-1F5)
— `Unknown stripe webhook type` (`invoice_payment.paid`, `payout.paid`)
| Add both to `ignoredEvents`. They fell through to the throwing `else`
and Stripe redelivered them. (`payout.failed`/`canceled`/`updated`
intentionally left unhandled for now.) | Trivial |
|
[STACK-SERVER-1ZV](https://stackframe-pw.sentry.io/issues/STACK-SERVER-1ZV)
— session-replay `413 Request body too large` | Measure event size in
UTF-8 bytes (was UTF-16 `.length`, which undercounts multibyte content);
drop a single oversized event with a warning instead of shipping a
doomed request | Low |
|
[STACK-BACKEND-140](https://stackframe-pw.sentry.io/issues/STACK-BACKEND-140)
+
[STACK-BACKEND-1F1](https://stackframe-pw.sentry.io/issues/STACK-BACKEND-1F1)
— `Unknown error while sending (test) email` | Classify refused SMTP
connections (`ECONNREFUSED`, surfaced by nodemailer as `code:
'ESOCKET'`) as a typed `CONNECTION_REFUSED` error with a real
user-facing message, instead of falling through to the `UNKNOWN`
catch-all in both the low-level sender and the send-test-email route.
Marked `canRetry` so the queued-email path reschedules with backoff. |
Low |

## Notes

- **Session replay (1ZV):** edited the `packages/template`
source-of-truth; the generated SDK copies are gitignored and regenerated
by CI (`pnpm -w run generate-sdks`). The `TextEncoder` is hoisted out of
the rrweb emit hot path to avoid per-event allocation.
- **Email classification (140/1F1):** the new `CONNECTION_REFUSED`
errorType is additive — other consumers only read `errorType` for
logging, and the send-test-email route only special-cases `UNKNOWN`, so
the new type cleanly bypasses both assertion captures. `canRetry: true`
is safe because the connection is refused before any SMTP exchange (no
message handed off → no duplicate-delivery risk); transient refusals
recover, and a persistent misconfig still fails after
`MAX_SEND_ATTEMPTS`. The one-shot send-test-email path ignores
`canRetry`, so its immediate feedback is unchanged.

## Investigated but intentionally NOT changed here

These were initially included, then reverted so we keep getting Sentry
signal while the root causes are still under investigation:

-
**[STACK-BACKEND-1GM](https://stackframe-pw.sentry.io/issues/STACK-BACKEND-1GM)**
— `Stripe webhook bad customer id`. A subscription-changed event with no
customer (the observed case was a Stripe-CLI test
`payment_intent.succeeded` against a dev-connected account). Skipping is
likely the right long-term fix, but kept the throw for now to keep
observing. Note: in live mode the same path could fire on legitimate
customerless one-time payments / guest checkouts.
-
**[STACK-BACKEND-1CN](https://stackframe-pw.sentry.io/issues/STACK-BACKEND-1CN)**
— `Recovered N stale outgoing request(s)`. This is a self-healing
recovery notice (0 user impact); the underlying cause is the poller
process dying between the claim `UPDATE` and the delete. Kept at
`captureError` to keep collecting data on how often / why it happens.

## Verification
- `typecheck` clean: `@hexclave/backend`, `@hexclave/template`,
`@hexclave/js`, `@hexclave/react`, `@hexclave/next`,
`@hexclave/tanstack-start`
- `eslint` clean on all touched files
2026-06-25 14:48:49 -07:00
BilalG1
b8e384493d
feat(payments): unified customers table + Create checkout everywhere (#1666)
## Summary

Two related payments/dashboard changes:

1. **Customer page rework** (`/projects/<id>/payments/customers`) —
replaces the old single-customer selector page with **one unified
table** of users, teams, and custom customers, with filtering and
search. Clicking a row opens a customer view that renders the **same
data as the payments tab** on the user/team detail pages, plus a button
to return to the list.
2. **"Create checkout" everywhere** — the existing checkout dialog is
now reachable from every relevant surface (user table, team table,
user/team detail payments tabs, product detail page, product-lines
cards, and the customer detail view), all driven by **one shared
dialog**.

> ℹ️ Screenshots are from a local dev environment (test-mode banner +
dev-tools rail are dev-only chrome).

---

## 1. Customers page rework

A single `DataGrid` lists users + teams + custom customers (custom ones
are derived from transactions, since they aren't otherwise enumerable).
It uses the existing table/filter components: a **Type** filter (All /
Users / Teams / Custom) and quick-search.

![Customers
table](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/01-customers-table.png)

Filtering by type — e.g. **Custom** customers surfaced from transaction
history:

![Customers filtered to
Custom](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/02-customers-filter-custom.png)

Clicking a row opens a **read-only customer view** that is identical to
the payments tab on the user/team detail pages (metrics, products &
subscriptions, transaction history, item balances), with a **"Back to
customers"** button and a **Create checkout** button:

![Customer detail
view](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/03-customer-detail.png)

To guarantee the view is identical, the user/team payments tabs and this
page now share one generic `CustomerPaymentsSection` component keyed by
`(customerType, customerId)`.

---

## 2. Create checkout everywhere (one shared dialog)

The single `CreateCheckoutDialog` now supports:

- **Customer pre-selected** → just choose a product (tables, detail
tabs, customer detail view):

![Dialog with pre-selected
customer](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/04-dialog-preselected.png)

- **Locked product + customer selector** → launched from a product, the
product is fixed and you pick the customer:

![Dialog launched from a
product](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/05-dialog-from-product.png)

The customer selector reuses the existing searchable user/team tables
(nested dialog):

![Customer
picker](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/06-customer-picker.png)

Resulting checkout URL:

![Checkout URL
result](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/07-checkout-url-result.png)

### Entry points

**Product detail page** — in the ellipsis menu:

![Product detail ellipsis
menu](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/08-product-ellipsis-menu.png)

**Product-lines** product-card menu:

![Product-lines card
menu](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/09-productlines-card-menu.png)

**User table** row action (team table is analogous):

![User table action
menu](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/10-user-table-action.png)

**User detail payments tab** (and **team detail payments tab**) get a
Create-checkout button in the header:

![User payments
tab](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/11-user-payments-tab.png)

![Team payments
tab](https://gist.githubusercontent.com/BilalG1/20311c5660f8ad04a5b651b1c6bcbc5f/raw/12-team-payments-tab.png)

---

## Implementation notes

- **New SDK method**: `adminApp.createCheckoutUrl({ userId | teamId |
customCustomerId, productId, returnUrl? })` added to the
`@hexclave/template` **server** app (interface + impl). This is what
enables checkout for **custom** customers, which previously had no
checkout path (the old dialog only called
`customer.createCheckoutUrl(...)` on a `ServerUser`/`Team` object).
Regenerate SDKs after pulling (`pnpm -w run generate-sdks`).
- It lives on the server app (not client) deliberately: it targets an
*arbitrary* customer, which is a server/admin capability. The backend
route enforces this — for `client` auth it calls
`ensureClientCanAccessCustomer(...)` ("clients can only create purchase
URLs for their own user or teams they admin"). The client's safe, scoped
path is the existing customer-object method `user.createCheckoutUrl()` /
`team.createCheckoutUrl()`. The new method sits alongside
`grantProduct`/`createItemQuantityChange`/`getItem`, which take the same
`{ userId | teamId | customCustomerId }` shape.
- **New shared components** under
`apps/dashboard/src/components/payments/`:
- `customer-selector.tsx` — `CustomerSelector`, `CustomerTypeSelect`,
`SelectedCustomer`, `customerToMutationOptions` (extracted from the old
customers page).
- `customer-payments-section.tsx` — generic payments view;
`user-payments.tsx` / `team-payments.tsx` are now thin wrappers over it.
- `CreateCheckoutDialog` reworked to take a unified `customer`
descriptor and the new selector / locked-product props.

## Testing

- `pnpm typecheck` and `pnpm lint` pass.
- Manually verified end-to-end against a seeded local project (test
mode): generated real checkout URLs for a **custom** customer and a
**team**, exercised every entry point above, the type filter
(All/Users/Teams/Custom), search, row → detail → back, and the error
states (e.g. "product already granted", "no products for this customer
type").


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a unified Customers browser for payments with filter, quick
search, infinite scrolling, and a customer detail view.
* Enabled “Create checkout” directly from product and customer-related
screens (including list/dropdown actions).
* Added streamlined “customer payments” views (metrics, transactions,
product/subscription info, and item balances where available).
* Introduced a flexible customer picker to support user, team, and
custom customers in checkout flows.
* **Bug Fixes**
* Improved checkout validation, dialog open/close behavior, and
empty-state handling when no customer or products are available.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-25 14:48:27 -07:00
Konstantin Wohlwend
3e53da8fce OAuth improvements 2026-06-25 14:40:15 -07:00
github-actions[bot]
c749cf2b62 chore: update package versions 2026-06-25 19:11:40 +00:00
Konstantin Wohlwend
36f9913a55 Update clean script to include nex-development-environment folder 2026-06-25 11:01:44 -07:00
Armaan Jain
81723c3d55
Usage page performance improvements (#1650)
<!--

Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/hexclave/hexclave/blob/dev/CONTRIBUTING.md

-->

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Speed up the Usage page by aggregating metered usage across owned
projects/tenancies with fewer queries and new indexes. Adds E2E tests to
verify team-owned rollups and calendar‑month windows.

- **Performance**
- Added concurrent indexes for `EmailOutbox(tenancyId,
startedSendingAt)` and `SessionReplay(tenancyId, startedAt)`; updated
Prisma schema.
- Group tenancies by (DB client, schema) and run one SQL per group that
counts both emails and session replays; uses `mapWithConcurrency` from
`@hexclave/shared` (concurrency 4, aborts on first error).
- Added helpers `getOwnedProjectAndTenancyIdsForBillingTeam` and
`getNonAnonymousUserCountForTenancies`; made `mapWithConcurrency`
null‑safe with bounds checks.

- **Tests**
- Added E2E tests for the internal plan-usage endpoint covering
team-owned rollups, calendar‑month boundaries, and zero‑usage cases.
- Added unit tests for ownership scope resolution and non‑anonymous user
counting.

<sup>Written for commit 5d6098006c.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1650?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Performance Improvements**
* Improved plan usage rollups by aggregating metered emails and session
replays together across an owned scope.
* Added database indexes to speed up time-window metering lookups for
email outbox and session replays.
* **Tests**
* Extended unit tests for billing-team entitlement aggregation and
non-anonymous user counting.
* Added end-to-end coverage for the internal plan-usage endpoint,
including seeded scenarios and period validation.
* **Refactor**
* Reworked entitlement and usage calculations to reuse shared logic for
more consistent results.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: armaan <armaan@stack-auth.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-06-24 12:25:20 -07:00
Konsti Wohlwend
d57bba3a06
fix: remove email-outbox dashboard page (#1662) 2026-06-24 11:10:24 -07:00
Aman Ganapathy
0c8f5e33ed
feat(payments): quick-ack + idempotent webhooks (#1664)
### Context
Stripe recommends acking webhook events ASAP with a 200. Stripe also
recommends employing event idempotency on your end. By responding
quickly, you prevent stripe from thinking the webhook failed and
retrying the event. Retrying the event in the past used to be
responsible for people getting multiple payment receipt emails. Note
that even in the case where an event processing genuinely fails, we have
a new table to let us recover from it.

Currently, recovery will be manual, but since it will be logged to
sentry we will be notified.


<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Quick-ack Stripe webhooks with 200 and add atomic idempotency to stop
duplicate processing and emails. Events are persisted and processed in
the background with clear status and error tracking.

- **New Features**
- Persist each webhook in `StripeWebhookEvent` keyed by `event.id` with
full `payload` and `stripeAccountId` for recovery.
- Return 200 immediately; process in the background and track status as
`PENDING`, `PROCESSED`, or `FAILED`.
- Single-flight claim deduplicates redeliveries while `PENDING` and
after `PROCESSED`; only `FAILED` events reprocess on redelivery.
- Store `lastError` on failures; unknown webhook types ack with 200 and
are handled asynchronously.
- Webhook response includes `deduplicated: true` when a redelivery is
skipped.

- **Migration**
- Run Prisma migrations to create the `StripeWebhookEvent` table, enum,
and unique index on `stripeEventId`.

<sup>Written for commit 59456a36e8.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1664?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added persistent, idempotent Stripe webhook handling with event-level
deduplication keyed by the webhook event id.
* Webhooks are acknowledged immediately and processed asynchronously,
with automatic retry capability for failed events.
* **Bug Fixes**
* Reduced duplicate side effects from redeliveries (including preventing
repeated receipt emails) by ensuring only one successful processing per
event.
* **Tests**
* Updated and expanded integration and end-to-end coverage for
asynchronous processing, deduplication, and failure recovery behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-24 09:30:38 -07:00
github-actions[bot]
09c9df410a chore: update package versions
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
DB migration compat / Check if migrations changed (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Lint & build / lint_and_build (24) (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
DB migration compat / No migration changes (skipped) (push) Has been cancelled
2026-06-24 01:55:58 +00:00
Konsti Wohlwend
ed48ab3bd7
feat: add "View usage" button to analytics limit banner and rename Usage page (#1660) 2026-06-23 16:20:34 -07:00
Konsti Wohlwend
a6c46db72c
perf: prefetch email theme previews during earlier onboarding steps (#1655) 2026-06-23 15:46:03 -07:00
Konsti Wohlwend
59f6e53f7e
chore: upgrade deprecated dependencies (#1654) 2026-06-23 15:44:37 -07:00
Konstantin Wohlwend
812716dae2 Better migration 2026-06-23 13:07:27 -07:00
github-actions[bot]
781dde9a78 chore: update package versions 2026-06-23 20:06:39 +00:00
Konsti Wohlwend
a559531080
feat: implement preview project pool for instant project creation (#1649) 2026-06-23 12:55:26 -07:00
github-actions[bot]
cb7ea302c7 chore: update package versions 2026-06-23 18:48:44 +00:00
Konstantin Wohlwend
8820b39b37 Stop using app.urls everywhere 2026-06-23 11:22:44 -07:00
Armaan Jain
0132ec151a
Project onboarding speedup (#1596)
Speeds up project onboarding by consolidating API calls and adding
prefetching:

- Single PATCH endpoint for saving onboarding status + state together
- Background config save on welcome step (with proper retry/error
handling)
- Prefetch email themes and Stripe info for upcoming steps
- Suspense-based skeleton loaders instead of full-page spinners
- Extracted shared types and lightweight step components

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Unified onboarding progress saving for the new project flow,
persisting status plus optional onboarding state in a single update
path.
* **Improvements**
* Onboarding wizard now derives status/state from owned project data and
removes extra internal fetching/loading gates.
* Added skeleton/Suspense loading for email theme and payments steps,
with more reliable “final config”/completion sequencing.
* Admin project data now includes onboarding state; Stripe account info
uses cached retrieval.
* Backend avoids source-of-truth override changes during metadata-only
updates.
* **Tests**
* Updated onboarding wizard tests and added end-to-end coverage for
updating onboarding status/state together.
* **Documentation**
  * Added the “clickmaps” app icon to docs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: armaan <armaan@stack-auth.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-06-23 10:59:38 -07:00
Mantra
28b559b7a0
fix: resolve MODULE_NOT_FOUND for claude-agent-sdk cli.js in RDE config updates (#1639) 2026-06-23 10:53:37 -07:00
Armaan Jain
80ba110e78
Usage page in settings (#1595)
## Summary

Adds a Usage page under Project Settings showing the owner team's plan,
billing period, and resource consumption (dashboard admins, auth users,
emails, analytics events, session replays) with progress bars and an
upgrade CTA.

Backend aggregates usage across the team via `sumTenancyUsage`
(parallelized with `Promise.all`) and serves it through `GET
/internal/plan-usage`. Shared types in `@hexclave/shared` define the
contract consumed by the SDK and dashboard.

## Screenshots

![Usage page — light
mode](https://app.devin.ai/api/presigned_proxy?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdfaWQiOiJvcmdfaGwzT2d1STVWMXBYcTUwUCIsInVzZXJfaWQiOm51bGwsImJ1Y2tldF9uYW1lIjoiZGV2aW5hdHRhY2htZW50cyIsImJ1Y2tldF9rZXkiOiJhdHRhY2htZW50c19wcml2YXRlL29yZ19obDNPZ3VJNVYxcFhxNTBQLzE2ZTAyM2NkLTQzZjgtNDkyZS1hNDFkLTVmZjc1ZDg5NTQ3MSIsImlhdCI6MTc4MTU1MzY4OSwiZXhwIjoxNzgyMTU4NDg5LCJmaWxlbmFtZSI6InNjcmVlbnNob3RfZWE1YWU3YTJkNWQwNGM2NmFmYmM4NTY0YjQ2OTMxMDMucG5nIn0.O5H-gvyZ5an3wM7-CRcuyb6uFgg86cSftnAKnWh57VA)

Link to Devin session:
https://app.devin.ai/sessions/1bc3344126a442adb4f29ae373d346be
Requested by: @Developing-Gamer

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added Usage page in project settings displaying comprehensive plan
usage metrics including dashboard seats, authentication users, emails
sent, analytics events, and session replays
* Shows current usage against plan limits with visual progress
indicators
* Displays upgrade recommendations when plan limits are exceeded with
one-click upgrade functionality
  * Added Usage menu item to project settings navigation

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: armaan <armaan@stack-auth.com>
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-06-23 10:32:07 -07:00
github-actions[bot]
163e7be002 chore: update package versions 2026-06-23 17:26:08 +00:00
Konstantin Wohlwend
95e2c2c786 Fix bug with local dashboard stopping file watch 2026-06-23 00:04:22 -07:00
Konstantin Wohlwend
501e8571e6 Fix test dir directory to not track files 2026-06-22 23:47:00 -07:00
Konstantin Wohlwend
0908170e52 Config errors are now more obvious 2026-06-22 23:42:17 -07:00
Konsti Wohlwend
5b9fd1695f
fix: return 409 instead of 500 when signing up with duplicate email (#1637) 2026-06-22 17:29:08 -07:00
Konsti Wohlwend
433d4dcc96
Upgrade TypeScript from 5.9.3 to 6.0.3 (#1644) 2026-06-22 17:18:15 -07:00
Konsti Wohlwend
845487adee
fix: allow Google/GitHub/Microsoft OAuth in RDE onboarding (#1640) 2026-06-22 16:11:24 -07:00