258 Commits

Author	SHA1	Message	Date
BilalG1	49e3c48d64	feat(oauth): per-provider customCallbackUrl for redirect_uri (#1512) ... ## Summary Replaces the request-host-header-derived OAuth `redirect_uri` with a config-driven `customCallbackUrl` field on each environment-level OAuth provider. Resolution of the `redirect_uri` we send to providers (and that customers register in their provider app config): - **Shared providers** → always the stack-auth-branded callback, so Stack's shared OAuth apps keep working. `customCallbackUrl` is schema-forbidden when `isShared` is true. - **Custom + `customCallbackUrl` set** → the configured URL verbatim. - **Custom without it (legacy)** → the stack-auth-branded callback, so providers registered before this field are unaffected. - **New custom providers set up in the dashboard** → the env-aware hexclave-branded callback (prod → `api.hexclave.com`, dev/staging → siblings, self-host/localhost → `NEXT_PUBLIC_STACK_API_URL` unchanged). ## Details - **Schema** (`schema.ts`, `schema-fields.ts`): optional `customCallbackUrl` after `clientSecret`, with a `.when('isShared')` rule rejecting any value for shared providers; added to the provider default factory. - **Shared host helper** (`utils/cloud-hosts.tsx`, new): `CLOUD_HOST_PAIRS` moved into stack-shared with `getCloudApiUrlSiblings` / `getStackAuthApiBaseUrl` / `getHexclaveApiBaseUrl`; `request-api-url.ts` re-exports it so the JWT `iss` logic is untouched. - **Runtime** (`oauth/index.tsx` + all 13 provider `create()`s): `getProvider` resolves the full `redirect_uri` from config instead of the request host; providers now take `redirectUri` instead of `apiUrl`. The JWT `iss` path still uses the request host. - **Dashboard** (`page-client.tsx`, `providers.tsx`, `oauth-callback-url.ts` new): brand-new custom providers get the hexclave callback; existing providers keep whatever they had (edits never silently move a registered redirect URL); the displayed Redirect URL mirrors backend resolution. - **Docs** (`migration.mdx`): existing `api.stack-auth.com` callbacks keep working; only recreated providers use the hexclave URL. ## Notes / scope decisions - **Dashboard-only injection**: SDK/CLI/legacy-config-created custom providers fall back to the stack-auth callback (they don't auto-get the hexclave URL). - **shared → standard** conversions keep the stack-auth fallback rather than flipping to hexclave (the safe path that never breaks a registered redirect). ## Test plan - [x] `typecheck` + `lint` green across stack-shared, backend, dashboard, e2e - [x] cloud-hosts unit tests, schema tests, schema fuzzer pass - [x] e2e: shared-provider `customCallbackUrl` rejected (400); standard-provider `customCallbackUrl` accepted and round-trips - [ ] e2e OAuth authorize/callback flow (needs running stack) — reasoned unaffected since localhost isn't a cloud host, so the redirect base stays localhost as before <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Adds a per-provider `customCallbackUrl` for OAuth `redirect_uri`, removing the request-host dependency and making redirects predictable. Shared providers always use the Stack-branded callback; new or converted custom providers default to the Hexclave-branded callback. Existing callbacks keep working; no changes needed unless you recreate or convert a provider. - **New Features** - Added `customCallbackUrl` on provider configs (URL-validated; forbidden when `isShared` is true). - `getProvider` now resolves a config-driven `redirectUri`; providers take `redirectUri` instead of `apiUrl` (pure resolver with in-source + e2e tests to lock legacy behavior). - Introduced `@stackframe/stack-shared` `utils/cloud-hosts.tsx` and dashboard helpers to show the resolved Redirect URL and set the Hexclave callback for new providers and when converting shared → standard. - **Bug Fixes** - OAuth callback now handles legitimate cross-host flows by recording the authorize host and skipping the host-scoped CSRF cookie when authorize and callback hosts differ, relying on server-side state and PKCE. <sup>Written for commit 32d95fcdcb. Summary will update on new commits.</sup> <a href="https://cubic.dev/pr/hexclave/stack-auth/pull/1512?utm_source=github">Review in cubic</a> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Preserve and display custom OAuth callback/redirect URLs in the dashboard; provider creation/edit flows respect existing custom URLs. * Added cloud-host mapping and redirect-uri helpers to resolve branded API callback bases. * **Bug Fixes** * Improved cross-host OAuth callback handling and CSRF validation for reliable cross-host flows. * **Tests** * Added E2E and unit tests covering callback URL behavior and host mapping. * **Documentation** * Updated migration guidance for callback URL changes and recreation scenarios. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1512?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-06-02 15:22:13 -05:00
Konstantin Wohlwend	982fdea469	Rename port prefix envvar	2026-06-02 15:22:13 -05:00
BilalG1	15c02f3409	feat(backend): derive JWT issuer and OAuth redirect_uri from request host (#1498) ... ## Summary When the backend serves both `api.stack-auth.com` and `api.hexclave.com` from the same deployment, signed JWT `iss` claims and OAuth `redirect_uri` values need to match the host the customer's SDK actually talks to — otherwise customers with hardcoded issuer checks or registered OAuth callback URLs break when their SDK upgrades. This PR makes both follow the request host. Closes the "Interpretation B" plan from our earlier discussion. ## Changes ### Backend — request-host-derived `iss` and `redirect_uri` - **New helper** [`apps/backend/src/lib/request-api-url.ts`](apps/backend/src/lib/request-api-url.ts) exports `getApiUrlForRequest(req)` and `getApiUrlForHost(host)`. A consolidated `CLOUD_HOST_PAIRS` constant is the single source of truth for the stack-auth ↔ hexclave host pairs (prod, dev, staging). Both the allowlist here and the validator alias map in `tokens.tsx` derive from it, so they can never drift again. - **JWT issuer per request** ([`apps/backend/src/lib/tokens.tsx`](apps/backend/src/lib/tokens.tsx)) — `getIssuer` now takes `apiUrl`. `generateAccessTokenFromRefreshTokenIfValid` and `createAuthTokens` accept an `apiUrl` parameter that flows into the `iss` claim. `getAllowedIssuers` stays env-driven with the bidirectional alias map, so tokens cross-validate across hosts. - **OAuth `redirect_uri` per request** — all 12 providers + `MockProvider` now take `apiUrl` and use it to build `redirect_uri = apiUrl + "/api/v1/auth/oauth/callback/<provider>"`. `getProvider()` accepts an `{ apiUrl }` option and forwards it. - **OAuth2Server factory** — the module-level `oauthServer` singleton became a per-request `createOAuthServer({ apiUrl })` factory so `OAuthModel.generateAccessToken` mints tokens with the right `iss`. Used in the callback route, the token route, and the cross-domain-authorize helper. - **Token-minting call sites updated** — all 10 `createAuthTokens` invocations (password sign-up/sign-in, sessions create, sessions/current/refresh, anonymous sign-up, apple-native callback, MFA/OTP/passkey sign-in, OAuth model token exchange), plus the CLI-complete `generateAccessTokenFromRefreshTokenIfValid` direct call, now pass `getApiUrlForRequest(fullReq)`. - **`createVerificationCodeHandler` refactored** to pass `apiUrl` as a 6th positional arg to the user's handler, so MFA/OTP/passkey sign-in flows get the same per-request `iss` as the rest. The other 8 callers (password-reset, contact-channels-verify, etc.) don't need changes — they accept fewer args and TS function-arity compatibility makes that fine. ### SDK — freeze `@stackframe/*` defaults at stack-auth.com - [`packages/template/src/lib/stack-app/apps/implementations/common.ts`](packages/template/src/lib/stack-app/apps/implementations/common.ts) reverts `defaultBaseUrl` and `defaultAnalyticsBaseUrl` to `https://api.stack-auth.com` / `https://r.stack-auth.com`. A customer who upgrades their `@stackframe/*` package to the latest version without explicitly migrating to `@hexclave/*` keeps hitting `api.stack-auth.com` and never sees their JWT `iss` or OAuth `redirect_uri` change. - The `@hexclave/*` mirror packages are unaffected because they were published from source when `defaultBaseUrl = "https://api.hexclave.com"`; v1.0.0 already targets the hexclave host on npm. Extending `scripts/rewrite-packages-to-hexclave.ts` to substitute these literals during future republishes is a separate follow-up. ### Docs — migration guide rewrite - [`docs-mintlify/migration.mdx`](docs-mintlify/migration.mdx) rewritten concisely. Spells out the two host-visible changes that require pre-deploy action when migrating to `@hexclave/*`: updating manual JWT verifier code (with the array-of-issuers pattern) and updating OAuth callback URLs at each provider (with the GitHub-OAuth-Apps single-URL caveat explicitly called out). ## What was deliberately left out - **Rewriter pipeline extension** for `@hexclave/*` republishes — separate follow-up. - **Cross-SDK defaults** (Swift, stack-cli, init-stack still default to `api.hexclave.com`) — out of scope per discussion. - **Dashboard launch-checklist host-awareness** — out of scope per discussion (callback URLs stay hexclave-branded in the dashboard UI). ## Verification - `pnpm typecheck` — 29/29 packages pass. - `pnpm lint` — 29/29 packages pass. - Five parallel review agents (JWT, OAuth, helper, migration guide, SDK defaults) + an external review of the commit caught four real issues — all resolved in the same commit before push: - Missing `api.staging.*` entries in `issuerHostAliases` (would have broken cross-host token validation on staging). - Stale comment in `apps/backend/src/stack.tsx`. - Misleading "backward-compat" comment in `getHardcodedFallbackUrls`. - MFA/OTP/passkey using env-var fallback for `iss` instead of the request host. <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Makes JWT issuers and OAuth redirect_uri values follow the incoming request’s host so tokens and redirects always match `api.stack-auth.com` or `api.hexclave.com`. Also freezes `@stackframe/*` SDK defaults to Stack Auth and tightens the migration guide to focus on OAuth callbacks. - **New Features** - Added `request-api-url` helper with an allowlist of cloud hosts; unknown hosts fall back to the deployment’s API URL. - JWT `iss` now uses the per-request API URL; validation accepts both brands via aliases derived from one `CLOUD_HOST_PAIRS` source. - All OAuth providers build `redirect_uri` from the request host; `getProvider()` now takes `{ apiUrl }`. - Replaced the OAuth2Server singleton with per-request `createOAuthServer({ apiUrl })` so token exchange mints with the right issuer. - Updated token-minting and OAuth routes to pass the API URL; verification-code flows receive it; connected-accounts refresh paths safely pin the deployment default. - SDK: `@stackframe/*` defaults point to `https://api.stack-auth.com`; `@hexclave/*` mirrors remain hexclave-branded. - Shared: updated fallback API host lists to include both stack-auth and hexclave hosts. - **Migration** - Update each provider’s OAuth callback URL to `https://api.hexclave.com/api/v1/auth/oauth/callback/<provider>` when migrating to `@hexclave/*`. - If you verify JWTs manually, update the expected issuer to the hexclave host (including anonymous/restricted variants). <sup>Written for commit e42dfaf05b. Summary will update on new commits. <a href="https://cubic.dev/pr/hexclave/stack-auth/pull/1498?utm_source=github">Review in cubic</a></sup> <!-- End of auto-generated description by cubic. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Per-request API host awareness so tokens and OAuth flows reflect the incoming request’s canonical API URL. * **Updates** * OAuth providers and servers now derive callback/redirect URLs from request context rather than a static URL. * Token issuance/validation now embeds and accepts host-specific issuer URLs and paired host aliases for rebrand compatibility. * **Documentation** * Migration guide updated for branding, JWT issuer expectations, and OAuth callback guidance. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1498?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-06-02 15:22:13 -05:00
BilalG1	9e6e4c543f	feat(backend): dual-accept hexclave-mobile-oauth-url:// alongside legacy scheme (#1501) ... ## What 1. **Backend dual-accept**: `isAcceptedNativeAppUrl()` accepts both `stack-auth-mobile-oauth-url://` (legacy) and `hexclave-mobile-oauth-url://` (canonical). 2. **Swift SDK switches to the canonical scheme**: `StackAuth` Swift SDK now emits and intercepts `hexclave-mobile-oauth-url://` for native-app OAuth callbacks. Before this PR, `hexclave-mobile-oauth-url` existed only inside `RENAME-TO-HEXCLAVE.md` — not in any code. ## Why the Swift SDK change is safe The Swift SDK uses `ASWebAuthenticationSession(url:callbackURLScheme:completion:)` ([StackClientApp.swift:197-199](sdks/implementations/swift/Sources/StackAuth/StackClientApp.swift#L197)). With this API, iOS intercepts the callback scheme **ephemerally** — no `Info.plist` registration is required. The Swift SDK source has no `Info.plist`, and the example apps' `pbxproj` registers no `CFBundleURLSchemes`. So: - New customer builds against the updated SDK → emit new scheme → backend accepts → `ASWebAuthenticationSession` intercepts on new scheme → works. - Already-shipped customer App Store binaries on older SDK versions → emit old scheme → backend still accepts → works. - **No customer ever has to update an `Info.plist`.** The only real backward-compat constraint is that the backend can never drop the old scheme (already-shipped customer binaries have the constant baked into them). Hence the dual-accept. (Note: `RENAME-TO-HEXCLAVE.md` line 88 incorrectly attributes the constraint to `Info.plist` registration. That's not how the SDK works — the scheme is baked into the SDK binary, not the customer's plist. The fix described in that doc is essentially the right shape; only the mechanism description is wrong.) ## Changes | File | Change | |---|---| | `packages/stack-shared/src/utils/redirect-urls.tsx` | `isAcceptedNativeAppUrl()` accepts either protocol. | | `apps/backend/src/lib/redirect-urls.test.tsx` | Adds positive assertions for the new scheme in `isAcceptedNativeAppUrl`; parity negative assertions in `validateRedirectUrl`. | | `sdks/implementations/swift/Sources/StackAuth/StackClientApp.swift` | `callbackScheme` → `"hexclave-mobile-oauth-url"`; fatalError example strings updated. | | `sdks/implementations/swift/Tests/StackAuthTests/OAuthTests.swift` | Test fixture URLs updated (no assertions depend on the scheme literal). | | `sdks/implementations/swift/Examples/StackAuthiOS/.../StackAuthiOSApp.swift` | Default values in the example UI. | | `sdks/implementations/swift/Examples/StackAuthMacOS/.../StackAuthMacOSApp.swift` | Default values in the example UI. | | `sdks/implementations/swift/README.md` | Documents the new canonical scheme; compat note for the legacy one. | | `sdks/spec/src/apps/client-app.spec.md` | New scheme is canonical; legacy is "accepted indefinitely for already-shipped customer app binaries built against older SDK versions." | ## Verification - `pnpm test run apps/backend/src/lib/redirect-urls.test.tsx` — 34/34 passing (was 33; one new `it` block plus parity assertions). - `pnpm --filter @stackframe/stack-shared --filter @stackframe/backend run lint` — clean. - `pnpm --filter @stackframe/stack-shared --filter @stackframe/backend run typecheck` — clean. - Swift assertions in `OAuthTests.swift` do not check the scheme literal — they only check `oauth/authorize/<provider>`, state/verifier non-emptiness, and that `redirectUrl` round-trips. The fixture-value change is mechanical. ## Risk Low. Backend behavior strictly widens (every URL accepted before is still accepted). Swift SDK change is internal to OAuth callback handling, requires no customer migration, and is paired with the backend dual-accept landing in the same PR. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Adopted the canonical OAuth callback scheme "hexclave-mobile-oauth-url://" for native apps while continuing to accept the legacy "stack-auth-mobile-oauth-url://". * **Documentation** * Updated SDK docs, examples, and spec guidance to reference the canonical callback scheme and clarify legacy acceptance. * **Tests & Samples** * Updated tests and example apps to use and validate the canonical scheme. * **Style** * Rebranded the dev-tool trigger icon to the new Hexclave monochrome logo. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1501?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-06-02 15:22:13 -05:00
tembo[bot]	428c310d40	Add captureWarning for warnings (#1506)	2026-06-02 15:22:13 -05:00
BilalG1	3b06f79494	feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481) ... **Stacked on [#1475](https://github.com/hexclave/stack-auth/pull/1475)** (`cl/hexclave-pr1`, the invisible compatibility layer). Diff vs that base = the actual PR 2 code. This is **PR 2 of the Stack Auth → Hexclave rebrand: the visible flip**. Old wire identifiers (cookies, request/response headers, Bearer prefix, JWT issuers, MCP tool name) keep working indefinitely via PR 1's dual-accept. This PR flips every user-visible surface — package names taught in docs, SDK class names in code examples, dashboard setup snippets, page titles, error messages, email content, CLI binary, default base URLs, GitHub repo slug, contributor guidance — to the Hexclave brand. See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 2: Rebrand to Hexclave (visible)"* for the full per-work-area spec. - **SDK base URLs** flipped: `defaultBaseUrl` and `defaultAnalyticsBaseUrl` in [common.ts](packages/template/src/lib/stack-app/apps/implementations/common.ts:127) → `https://api.hexclave.com` / `https://r.hexclave.com`. PR 1's [`getHardcodedFallbackUrls`](packages/stack-shared/src/utils/urls.tsx:199) table now keys on the Hexclave domain. - **Domain inventory sweep** (16 subdomains from the plan): every `api/app/docs/discord/demo/mcp/skill/feedback/test/preview/r/api2/api.staging/idp-jwk-audience/built-with.stack-auth.com` reference in production code, docs-mintlify, examples, READMEs, and contributor guidance flipped to `*.hexclave.com`. Carve-outs: PR 1's intentional JWT issuer dual-accept table in [tokens.tsx](apps/backend/src/lib/tokens.tsx), the legacy `./docs/` folder, the `unified-docs-widget` allowlist (deliberately accepts both during DNS transition), and `url-targets.ts` hosted-component default (baked into existing customer deploys). - **`@deprecated` JSDoc** on every `Stack*` public export ([packages/template/src/lib/stack-app/index.ts](packages/template/src/lib/stack-app/index.ts) + [packages/template/src/index.ts](packages/template/src/index.ts)) — `StackClientApp`, `StackServerApp`, `StackAdminApp` + every constructor/options/JSON type, `StackHandler`, `StackProvider`, `StackTheme`, `useStackApp`, `defineStackConfig`, `StackConfig`. Hexclave\* aliases are now canonical. - **Runtime `console.warn`** ([packages/template/src/internal/deprecation-warning.ts](packages/template/src/internal/deprecation-warning.ts)) — once-per-process when the SDK is loaded from a `@stackframe/*` artifact. Detection uses the existing `STACK_COMPILE_TIME_CLIENT_PACKAGE_VERSION_SENTINEL` (rewritten at build time to e.g. `js @stackframe/stack@2.8.92` or `js @hexclave/next@1.0.0`); `@hexclave/*` mirror artifacts short-circuit the warning. - **Tier 3 data migration**: new idempotent SQL migration [`20260523000000_rename_internal_project_to_hexclave`](apps/backend/prisma/migrations/20260523000000_rename_internal_project_to_hexclave/migration.sql) — updates the internal Project `displayName` 'Stack Dashboard' → 'Hexclave Dashboard' and `description` only if both still hold the pre-rebrand defaults. Operator-renamed projects untouched, missing row no-ops, re-runs are no-ops. [`seed.ts`](apps/backend/prisma/seed.ts:87) default flipped. `getSharedEmailConfig("Stack Auth")` → `("Hexclave")`. - **Tier 4 brand strings** (mechanical sweep, ~340 files): - Page + OpenAPI titles (Hexclave API / Dashboard / REST API / Webhooks API / Documentation). OpenAPI `info.description` documents `X-Hexclave-*` headers as canonical with compat note on `X-Stack-*`. - `HexclaveAssertionError` message text ([errors.tsx:71](packages/stack-shared/src/utils/errors.tsx:71)) — "an error in Stack." → "an error in Hexclave." - Known-error message templates ([known-errors.tsx](packages/stack-shared/src/known-errors.tsx)) flipped to lead with `x-hexclave-*` + the new `docs.hexclave.com` URL; legacy `x-stack-*` mentioned as compat aliases. **25 e2e test files updated in lockstep**. - Email content: failed-emails-digest body, sendTestEmail recipient (now `sent-with-hexclave.com`), test-email-recipient default. - `CHANGELOG.md` title → "Hexclave Changelog". - `AGENTS.md` env var convention: new vars prefix `HEXCLAVE_` / `NEXT_PUBLIC_HEXCLAVE_` for Category A/B; legacy `STACK_*` explicitly noted as accepted via PR 1's dual-read. - **CLI / init wizard**: - Every dashboard setup snippet, init-stack template, and docs-mintlify page teaches `npx @hexclave/cli@latest init` (was `@stackframe/stack-cli`). [setup-page.tsx](apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/(overview)/setup-page.tsx) + [link-existing-onboarding](apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/link-existing-onboarding.tsx). - [init-stack](packages/init-stack/src/index.ts:634) `STACK_*_INSTALL_PACKAGE_NAME_OVERRIDE` defaults flipped to `@hexclave/*`. - Generated `stack/client.ts` / `stack/server.ts` import from `@hexclave/next` and reference `HexclaveClientApp` / `HexclaveServerApp`. - Internal `StackAuthKeys` dashboard component renamed to `HexclaveKeys`. - **docs-mintlify rewrite** (legacy `./docs/` intentionally untouched per scoping decision): - **78 MDX files swept**. `@stackframe/{react,stack,js,tanstack-start,...}` → `@hexclave/{react,stack,js,...}` in install snippets and code blocks; `Stack*` SDK class names → `Hexclave*` in all code examples; 'Stack Auth' brand phrase → 'Hexclave'. - `openapi/{server,admin,client,webhooks}.json` titles → 'Hexclave REST API' / 'Hexclave Webhooks API'. - **Generators flipped before regeneration**: - [`packages/stack-shared/src/helpers/init-prompt.ts`](packages/stack-shared/src/helpers/init-prompt.ts), [`/ai/prompts.ts`](packages/stack-shared/src/ai/prompts.ts), [`apps/backend/src/lib/ai/prompts.ts`](apps/backend/src/lib/ai/prompts.ts), [`apps/backend/src/lib/ai/tools/create-email-{template,draft}.ts`](apps/backend/src/lib/ai/tools/create-email-template.ts), [`apps/skills/src/app/route.ts`](apps/skills/src/app/route.ts) (taught MCP tool → `ask_hexclave` with compat note; CLI binary teach → `hexclave`), [`docs-mintlify/snippets/home-prompt-island.jsx`](docs-mintlify/snippets/home-prompt-island.jsx), [`packages/template/README.md`](packages/template/README.md) + integrations/convex/component/README.md. - `generate-sdks` propagated changes to `packages/{react,stack,js}`. - **OpenAPI dual-documentation**: [`apps/backend/src/app/api/latest/route.ts`](apps/backend/src/app/api/latest/route.ts) now lists `X-Hexclave-*` headers as primary documented schemas with `X-Stack-*` duplicates marked `.optional()` (both accepted at runtime by PR 1's normalize-at-proxy shim). - **`@stackframe/emails` virtual module**: dual-aliased to `@hexclave/emails` at the bundler boundary ([email-rendering.tsx:89](apps/backend/src/lib/email-rendering.tsx:89)). Stored email templates continue to import from either name; new AI-generated templates and the system prompt teach `@hexclave/emails`. - **Tier 2 mirror-publish wiring** (new this PR, lays the groundwork for `@hexclave/*` first publish): - [`scripts/rewrite-packages-to-hexclave.ts`](scripts/rewrite-packages-to-hexclave.ts) — rewrites 9 publishable `@stackframe/*` → `@hexclave/*` `package.json` files (reads `HEXCLAVE_VERSION` env or `--version=` flag), pins cross-deps to the shared `@hexclave` version, registers `hexclave` bin alongside `stack` for `@hexclave/cli`. - [`.github/workflows/npm-publish.yaml`](.github/workflows/npm-publish.yaml) appended with rewrite-then-republish step. `pnpm publish` skips already-on-npm versions so reruns are safe. - **Sender email domain**: `noreply@stackframe.co` → `noreply@sent-with-hexclave.com` (the dedicated transactional-sender domain split per the plan, to isolate bulk deliverability from `hexclave.com` reputation); `security@` / `team@stack-auth.com` inbound mailboxes → `@hexclave.com`. - **Self-host docs**: docker network / container names in the bash examples flipped from `stack-auth` to `hexclave` (`hexclave-postgres`, `hexclave-clickhouse`, `hexclave.env`). The docker image tag `stackauth/server:latest` stays per the plan's locked decision. - **GitHub repo slug**: `hexclave/stack-auth` → `hexclave/hexclave` in every `package.json` `repository` field, README link, CHANGELOG raw-asset URL. - **[`apps/backend/src/lib/tokens.tsx`](apps/backend/src/lib/tokens.tsx)** JWT issuer dual-accept table — PR 1 intentional infrastructure, kept indefinitely. - **Legacy `./docs/` folder** — per scoping decision (only `docs-mintlify/` rewritten). - **`unified-docs-widget` hostname allowlist** — accepts both `.hexclave.com` (canonical) and `.stack-auth.com` (transition window) for DNS rollout. - **`url-targets.ts`** hosted-domain default `.built-with-stack-auth.com` — wire identifier baked into existing customer deploys; indefinite read-fallback. - **Binary visual assets** (logos, favicons, OG images, README screenshots) — out of scope for this PR. Need design work; tracked separately. - **`pnpm typecheck`** on `packages/{template,stack-shared,react,stack,js}` + `apps/dashboard`: **all green**. The remaining backend / e-commerce-demo typecheck errors are pre-existing (Prisma codegen output + `./generated/api-versions.json` not present in fresh worktrees without `pnpm run codegen-prisma` + a live DB) and unrelated to this diff. - **`pnpm lint`** on the same 6 packages: all green. - **Final grep** for residual `Stack Auth` / `stack-auth.com` / `@stackframe/stack-cli@latest` references: zero outside the intentional carve-outs above. - **25 e2e test files updated in lockstep** with the known-error message changes (asserted strings flipped to match the new x-hexclave-* + compat-note messages). This PR is code-complete, but the rebrand's visible surfaces (SDK default URLs, dashboard links, npm READMEs, REST error messages, runtime deprecation warning) all point at `*.hexclave.com` / `@hexclave/*` resources that don't exist yet. None of these are fixable from a PR — they're ops/registrar/npm work that has to be sequenced before merging this to a release tag. Suggested ordering, hardest blockers first: this line *will visibly break customers on day 1* if skipped) 1. **DNS + TLS for `api.hexclave.com` + `api1./api2.hexclave.com`** → must point at the same backend that serves `api.stack-auth.com` (or a backend that mirrors PR 1's dual-accept). The SDK's new `defaultBaseUrl` is `https://api.hexclave.com`; every customer that relied on the old default and upgrades to a post-PR2 SDK build sends API requests here. Until this resolves, every default-config customer's API call NXDOMAINs. 2. **DNS for `app.hexclave.com`** → the dashboard. Referenced in the SDK's default-error messages ("Please create a project on the Hexclave dashboard at https://app.hexclave.com"), the init-stack flow's `wizard-congrats` redirect, and the OAuth dashboard handoff. 3. **DNS for `docs.hexclave.com`** + Mintlify deploy → the SDK runtime deprecation warning (`https://docs.hexclave.com/migration`), every README, every "Learn more" link in the dashboard, and every REST API error body (`/api/overview#authentication`) points here. The MDX is in this PR; the docs build target needs DNS. 4. **DNS for `mcp.hexclave.com`** → the MCP server endpoint that every taught agent integration (`claude mcp add ...`, `cursor`, `codex`, `vscode`) registers. Until this resolves, every `npx @hexclave/cli@latest init` MCP-registration step fails. 5. **Reserve the `@hexclave` npm scope + set repo variable `HEXCLAVE_VERSION`** → the mirror-publish step in `.github/workflows/npm-publish.yaml` is gated on this variable. Without it, the entire taught onboarding command `npx @hexclave/cli@latest init` 404s from the npm registry, *and* every README that says "install `@hexclave/next`" leads to install failure. Pick the initial version intentionally (`1.0.0` or aligned to `@stackframe/stack`); don't accept a silent default. or low-traffic surfaces, but visibly broken) 6. **DNS for `r.hexclave.com`** → the analytics beacon `defaultAnalyticsBaseUrl`. Silent failure if missing (analytics drops), but should land alongside Tier 1. 7. **Register `sent-with-hexclave.com` + full email auth (SPF / DKIM / DMARC)** → the new default sender domain for shared-sender transactional emails. Without it the dashboard "send test email" path emits bounces, and shared-sender flows (`getSharedEmailConfig("Hexclave")`) deliver to spam at best. 8. **MX + SPF / DMARC for `hexclave.com`** → `team@hexclave.com` and `security@hexclave.com` mailboxes. The security disclosure mailbox is referenced in [`.github/SECURITY.md`](.github/SECURITY.md); `team@hexclave.com` is the actual recipient of internal feedback emails sent at runtime by [`apps/backend/src/lib/internal-feedback-emails.tsx`](apps/backend/src/lib/internal-feedback-emails.tsx). Today, every runtime feedback email bounces. 9. **DNS for `skill.hexclave.com`** → the canonical AI-agent skill fetch URL (the agent bootstrap pivot). Without it, the entire "agent downloads `SKILL.md` from a known URL" flow taught in [`packages/stack-shared/src/helpers/init-prompt.ts`](packages/stack-shared/src/helpers/init-prompt.ts) fails. 10. **Create `github.com/hexclave/hexclave` as a public repo** (even as a redirect to `hexclave/stack-auth`) **OR** rewrite every `package.json` `"repository"` field + dashboard footer "view on GitHub" link to point at `hexclave/stack-auth` (which already exists). Currently every npm package page's "Repository" link is dead, and the dashboard's GitHub button + dev-tool repo link are dead. 11. **DNS for `discord.hexclave.com`** → Discord invite redirect, used in every README's chip and the dashboard footer. 12. **DNS for `demo.hexclave.com`** → "✨ Demo" badge in every npm package README. Broken-image badge on the package page. 13. **DNS + TLS for `built-with-hexclave.com`** → optional hosted-handler domain (the default reverted to `.built-with-stack-auth.com` in this PR's carve-outs, so this only matters for projects that manually flip). - **E2E snapshot regen across the full suite** for the dual-emitted `x-hexclave-*` response headers (PR 1 follow-up; `vitest -u` in CI absorbs). - **Binary visual assets** — logos, favicons, OG images, README screenshots; need design pass. - **Backend OpenAPI fumadocs regen** in CI flow — the JSON files in `docs-mintlify/openapi/` are committed but regen runs in CI. Verify the workflow that does this still works against the post-PR2 source. - **Backend typecheck infra debt** — needs `codegen-prisma` + `codegen-route-info` to clear; pre-existing, unaffected by this PR. - [ ] CI runs full e2e suite (with `vitest -u` to absorb residual snapshot deltas, then committed back). - [ ] Spot-check: new `@hexclave/cli init` (once published) generates `hexclave.config.ts` and works against a fresh project. - [ ] Spot-check: existing customer with `@stackframe/stack` import sees the once-per-process `console.warn` recommending `@hexclave/next` on SDK init. - [ ] Manual: dashboard setup page renders the `npx @hexclave/cli@latest init` snippet and the `x-hexclave-publishable-client-key` API header in the curl example. - [ ] Manual: a fresh `pnpm run prisma migrate` against a clean DB sets the internal project displayName to 'Hexclave Dashboard'. --------- Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>	2026-06-02 15:22:13 -05:00
Konstantin Wohlwend	0766dfecf7	Fix GH tokens refresh & devtool tabs	2026-06-02 15:20:57 -05:00
BilalG1	f7e389809e	feat(hexclave): PR 1 — wire compatibility layer (invisible) (#1475) ... ## Summary **Stacked on #1468** (`docs/hexclave-rename-plan` — the plan doc). Diff vs that base = the actual PR 1 code. This is **PR 1 of the Hexclave rebrand: the invisible compatibility layer**. Everything is additive. Old SDKs, old wire identifiers, and old env var names keep working unchanged. The backend dual-accepts and dual-emits; new SDK code emits `x-hexclave-*` headers and the `hexclave_` Bearer prefix; cookies dual-write; env vars dual-read across every category. **No user-visible rebranding lands here** — that's PR 2. See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 1 implementation guide"* for the full per-work-area spec, file pointers, and chosen approach. ## What's implemented (all 14 PR-1 work-areas) - **SDK export aliases** — `Hexclave*` aliases for the user-facing `Stack*` exports added in `packages/template`; codegen propagates them to `@stackframe/{js,stack,react,tanstack-start}`. React-only aliases correctly excluded from `@stackframe/js`. (`e60550a2`) - **JWT issuer dual-accept** — `decodeAccessToken` accepts both `api.stack-auth.com` and `api.hexclave.com` issuers. Signing unchanged. (`fc781def`) - **Request-header dual-accept** — backend + dashboard proxies normalize `x-hexclave-*` → `x-stack-*` at the existing empty proxy hook (so `smart-request.tsx` and every route schema keep working unchanged); CORS allowlists extended via a derive-once helper. (`2a056eac`) - **MCP `ask_hexclave`** — registered alongside `ask_stack_auth` via a shared helper; `ask_stack_auth` behavior byte-identical. (`30ffd604`) - **Dev-tool** — DOM ids + header emit switched. `window.HexclaveDevTool` exposed alongside `window.StackDevTool`. (`32131ea7`) - **The big consolidated commit** (`7fed864a`): - **Env vars** — central `getEnvVariable` prefix-transform (HEXCLAVE first, STACK fallback); dashboard + template client env files dual-read; `turbo.json` globalEnv; `NEXT_PUBLIC_STACK_PORT_PREFIX` renamed outright across ~82 files including docker. - **Cookies** — dual-write/dual-read auth (`stack-access`/`-refresh-*` and custom-domain variants), OAuth-state (`stack-oauth-{inner,outer}-*`), and low-risk cookies (`stack-is-https`, `stack-last-seen-changelog-version`). Bypass sites patched (backend OAuth callback, dashboard remote-dev auth route, impersonation snippets, snapshot serializer). - **Bearer prefix** — SDK token parser accepts both `stackauth_` and `hexclave_`; emits `hexclave_`. Discovery correction: this is purely SDK-internal — the backend never parses it. - **Response headers** — backend dual-emits `x-hexclave-{request-id,actual-status,known-error}`; SDKs dual-read (new first, stack fallback). - **SDK request-header emit switch** — `client/server/admin-interface.ts` + dashboard `api-headers.ts` + `internal-project-headers.ts` + `feedback-form.tsx` switched to `x-hexclave-*`. Plus `stack_response_mode` query param. - **Storage keys** — dev-tool / cli-auth / oauth-button / docs keys renamed (straight); `stack:session-replay:v1` dual-read so in-progress recordings survive SDK upgrades; `stack_mfa_attempt_code` dual-read. - **Query params** — cross-domain params dual-emit/dual-accept via shared helpers; backend `oauth/authorize` accepts `hexclave_response_mode` and `stack_response_mode`; `stack-init-id` renamed. - **`Symbol.for`** — app-internals symbol gets a parallel `Symbol.for("Hexclave--app-internals")` getter on each attach site (no read-site churn — old symbol still attached). 3 file-private symbols renamed outright. - **Config discovery** — prefer `hexclave.config.ts`, fall back to `stack.config.ts` at every discovery site (CLI / dashboard / backend / local-emulator); `init` writes the new filename; CLI credentials path migrates. - **Internal renames** — `StackAssertionError`, `StackClient/Server/AdminInterface` renamed outright (no alias, per the "internal-only → rename" rule). ~264 files touched. - **Review-pass fixes** (`21217fbe`) — three real bugs found by parallel review agents and fixed: - `snapshot-serializer.ts` was interpolating the whole `keyedCookieNamePrefixes` array (`${arr}`) — adding a second prefix would have corrupted **every** OAuth-cookie snapshot, not just new ones. - **Docker port-prefix producer/consumer mismatch** — `entrypoint.sh`/`run-emulator.sh`/cloud-init `user-data` were still producing `NEXT_PUBLIC_STACK_PORT_PREFIX` while the dashboard sentinel + consumers had been renamed; silent self-host regression (custom port prefix would be ignored). - **Missing `hexclave-oauth-inner-*` dual-write** in the OAuth authorize route — callback's fallback masked it but the dual-write was specified by the plan. - Plus: `mcp.test.ts` tool-list assertions updated to include `ask_hexclave`; two dashboard header-emit sites switched to `x-hexclave-*` for consistency. - **E2E snapshot serializer follow-up** (`4b16cc5d`) — `x-hexclave-request-id` added to the hidden-headers list (mirroring `x-stack-request-id` treatment), and 2 sample inline snapshots regenerated in `projects.test.ts` to include the new dual-emitted headers. ## Verification - **`pnpm typecheck`** — clean (the fresh-worktree `@/.source` / Prisma codegen gap in `stack-docs` is pre-existing and unrelated). - **`pnpm lint`** — 29/29 packages green. - **`pnpm exec turbo run build --filter=./packages/*`** — 13/13 packages build (including `@stackframe/stack-cli` once the dashboard standalone is present). - **Live E2E** against a running backend on `cl/hexclave-pr1`: - `pnpm test run apps/e2e/tests/backend/endpoints/api/v1/internal/mcp.test.ts` — **6/6 pass** (verifies the new `ask_hexclave` tool — the hand-written inline snapshot matched actual MCP server output). - `pnpm test run apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts` — **11/11 pass** (verifies wire dual-accept + dual-emit end-to-end; the snapshot serializer fix was found and applied during this check). A four-agent parallel **review pass** also audited the full diff for logic/runtime bugs across the work-areas (wire headers + JWT, cookies + bearer + symbols, env vars, query params + config + MCP + aliases). All in-slice review verdicts were ✓ except the three bugs listed above, which are now fixed. ## Known follow-ups (out of scope for this PR) - **E2E snapshots across the rest of the suite** — backend now dual-emits `x-hexclave-{known-error,actual-status}` alongside `x-stack-*`, which legitimately appears in inline snapshots throughout `apps/e2e`. Two were regenerated here as a sample; the rest should regen with `vitest -u` in CI. - **Docker shell env vars beyond `PORT_PREFIX`** — `entrypoint.sh` still reads `STACK_*` env vars directly (the JS-side `getEnvVariable` transform doesn't help the shell). JS consumers dual-read so it works in practice; full shell-level dual-read is a deeper self-host follow-up. - **`@stackframe/stack-cli` build ordering** — pre-existing; needs `build:rde-standalone` first. Not affected by this PR. ## Test plan - [ ] CI runs full e2e suite (with `vitest -u` to absorb dual-emit snapshot deltas, then committed back) - [ ] Spot-check: an old SDK build (emitting only `x-stack-*`) still authenticates against the new backend - [ ] Spot-check: a new SDK (emitting `x-hexclave-*` / `Bearer hexclave_*`) still authenticates against an old backend during deploy ordering - [ ] Manual: `npx @stackframe/stack-cli@latest init` (new onboarding entrypoint) generates `hexclave.config.ts` - [ ] Manual: existing `stack.config.ts`-only project still resolves (no migration required) --------- Co-authored-by: bilal <bilal@stack-auth.com>	2026-05-23 17:24:55 -07:00
Konstantin Wohlwend	99f07e9516	Trust hosted domains	2026-05-21 18:23:23 -07:00
Konsti Wohlwend	c6d59d0288	Cross domain handoffs (#1458)	2026-05-21 17:15:12 -07:00
Konsti Wohlwend	29cea48beb	Remote dev envs (#1435)	2026-05-19 15:54:18 -07:00
BilalG1	d0202eeef9	payments: rework refund flow to three-knob API (#1429) ... ## Summary - Replaces per-entry refund schema with a flat `{ amount_usd, revoke_product, end_subscription? }` shape; refund state is now derived from bulldozer ledger rows (`refund:<sourceTxnId>:<uuid>`) instead of the legacy `refundedAt` column, enabling multiple partial refunds up to the remaining cap. - Adds `invoice_id` for refunding any subscription invoice (start or renewal), Stripe idempotency keys derived from `(tenancyId, sourceTxnId, amount, prior_refunded)` so retries dedupe but intentional partials don't collide, and a legacy backstop that rejects pre-rework `refundedAt` purchases. - Dashboard refund dialog rebuilt around the three toggles (revoke→end coupling cascades into the UI); refund rows surface in the listing as `type: "refund"` with `adjusted_by` linkage handling both new and legacy formats. ## Implements [STA2-52 — Build in refund logic for payments](https://linear.app/stack-auth/issue/STA2-52/build-in-refund-logic-for-payments) ## Documented limitations (planned follow-up work) These are called out in code comments and intentionally deferred to a follow-up PR: - **Cap-check race under concurrent refunds.** Bulldozer's embedded `BEGIN/COMMIT` prevents an outer Prisma tx from scoping the writes, so two concurrent refunds can both pass the cap check. Needs a bulldozer-aware mutex or pending-refund-intent pattern. In practice refunds are admin-only and rare, so the race window is small. - **Stripe + DB non-atomicity on the DB-success → response-loss path.** The Stripe idempotency key is keyed on `(tenancyId, sourceTxnId, amount, priorRefunded)`, so a retry after Stripe-success → DB-fail self-heals (Stripe dedupes; the next attempt writes the bulldozer row). The hole is the reverse direction: if the bulldozer row commits but the response is lost, a retry sees a higher `priorRefunded` and generates a fresh key — Stripe would issue a second real refund. No out-of-band reconciliation today. - **Dashboard can't reach the `invoice_id` path.** Refund actions are only enabled on `purchase` rows and the submit call never passes `invoice_id`, so admins refunding a renewal must use the API directly. Follow-up: enable the action on `subscription-renewal` rows and thread `invoice_id` through. ## Architectural note `active-subscription-end` and `item-quantity-expire` entries are **not** emitted on the refund row itself. They're produced by the derived sub-end transaction (`transactions.ts:158-228`) once Prisma `subscription.endedAt` is updated, keeping the `expiresWhen` / `when-repeated` semantics in one place. This is the main structural divergence from the ticket's literal entry recipe. ## Review follow-ups addressed in this PR **First-pass review:** - **KnownError back-compat preserved**: `SubscriptionAlreadyRefunded` / `OneTimePurchaseAlreadyRefunded` are once again thrown by the legacy-`refundedAt` backstop, and `TestModePurchaseNonRefundable` is thrown when an admin sends `amount_usd > 0` against a test-mode purchase. Callers catching by error code keep working through the rework. - **Idempotency-key comment corrected**: now accurately describes the `(tenancyId, sourceTxnId, amount, priorRefunded)` key and its self-healing behaviour on the Stripe-success → DB-fail retry path (see Documented limitations above for the remaining hole). - **Renewal-invoice e2e coverage added**: new test sets up a live-mode subscription via Stripe webhooks (`subscription_create` + `subscription_cycle` invoices), refunds the renewal invoice via `invoice_id`, and asserts the resulting `refund_transaction_id` starts with `refund:sub-renewal:` and is linked back via `adjusted_by` on the *renewal* row (not the start row). Plus negative cases: cross-subscription `invoice_id` → 404, `invoice_id` on a one-time purchase → SchemaError. **Second-pass review:** - **Idempotent sub-cancel error-code string fix**: the Stripe code for re-cancelling an already-canceled sub is `subscription_already_canceled`, not `subscription_canceled` — the previous catch would have re-thrown. - **End-only sub refund replay rejected**: when `amount=0, revoke=false, end=true` and the sub is already `cancelAtPeriodEnd` or `endedAt`, throw SchemaError. Otherwise `readPriorRefundSummary` doesn't see end-only events and the call would be a forever-no-op accumulating empty refund rows. - **`revoke_product=true` with renewal `invoice_id` rejected**: the product grant lives on the sub-start txn, not on renewal txns — a renewal-scoped revocation would write a back-reference to a non-existent entry. Forces admin to revoke against the start invoice (or the default no-`invoice_id` call). - **Refund row `id` matches the linkage**: the listing route now returns the full refund txnId as `id` for `type: "refund"` rows so it matches `adjusted_by.transaction_id` — the dashboard can join source rows to their refund rows. - **+2 e2e tests** for the above (end-only replay rejection, revoke+renewal rejection). **Third-pass review:** - **Dashboard refund dialog seeds state on open**: previously the reset block lived in `ActionDialog`'s `onOpenChange`, which doesn't fire on the open transition for a controlled dialog. As a result the dialog opened with the initial `useState` defaults (`amountUsd = '0'`), and an admin submitting unchanged on a paid purchase would revoke/end at $0 instead of refunding the charged amount. The seed now runs in the menu `onClick` before `setIsDialogOpen(true)`. - **`SUBSCRIPTION_START_PRODUCT_GRANT_ENTRY_INDEX` corrected from 1 → 0**: the constant is persisted as `adjustedEntryIndex` on product-revocation entries and copied through verbatim by `mapLedgerEntry`. That mapper drops the hidden `active-subscription-start` entry, so the public-API layout puts the product grant at index 0. The prior value of `1` pointed at the money-transfer entry (or out of range on test-mode subs) through the public listing. - **`amountTotal` cap gated behind a USD pre-flight**: `SubscriptionInvoice` doesn't persist invoice currency, and the previous code took `invoice.amountTotal` as USD cents directly. Now `getTotalUsdStripeUnits` (which throws on non-USD pricing) is always called first; `amountTotal` is only preferred as the actual cap after that pre-flight succeeds. ## Test plan - [x] `pnpm typecheck` — 28/28 pass - [x] `pnpm lint` — 28/28 pass - [x] `pnpm test run apps/e2e/tests/backend/endpoints/api/v1/internal/transactions-refund.test.ts` — **19/19 pass** (was 14/14 on the original PR; +3 for `invoice_id` path: renewal refund happy path, unrelated `invoice_id` rejection, `invoice_id` on OTP rejection; +2 for second-pass: end-only replay rejection, revoke+renewal rejection) - [x] curl smoke against `/api/latest/internal/payments/transactions/refund` — unknown purchase → 404, no-op → 400, negative → 400, sub-revoke-without-end → 400 - [x] **Dashboard UI end-to-end re-run pending** — the original agent-browser pass ran before the third-pass dialog-seed fix, so any "money + revoke" submissions may have actually sent `amount_usd = "0"`. Re-test before un-drafting: open the refund dialog from the menu, confirm the amount field pre-fills with the charged amount, exercise validation (negative / exceeds-cap / no-op), and submit both an end-subscription-only sub refund and a money+revoke OTP refund; verify bulldozer rows and Prisma `cancelAtPeriodEnd` updates. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Ledger-driven refund flow with stable refund IDs, invoice-aware refunds, OTP/product-revocation support, tri-state end_action (now / at-period-end / none), and API responses that include refund_transaction_id. * **Bug Fixes / Improvements** * Deterministic Stripe idempotency, stronger replay protection, refundable-amount caps, test-mode constraints, and transactions listing updated to surface refunds. * **Tests** * Expanded unit and E2E coverage for new request shape, invoice paths, money-unit conversion, and edge cases. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/hexclave/stack-auth/pull/1429) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-05-15 19:29:21 -07:00
BilalG1	b3d0ab66cc	fix(stack-shared): make process.env access browser-safe (#1391) ... ## Summary - Bare `process.env.X` accesses in `stack-shared` throw `ReferenceError: process is not defined` when the package is bundled into a browser app without a `process` shim (e.g. a plain Vite app). The most reachable offenders are in `StackAssertionError`'s constructor and `schema-fields.ts`'s Neon Basic-auth validator, both of which can run on the client during normal sign-in flows with `@stackframe/react`. - Extracted a zero-dependency `getProcessEnv` helper at `packages/stack-shared/src/utils/process-env.tsx` and routed the bare references through it. Returns `undefined` when `process` is not defined; otherwise behaves like a normal `process.env[name]` read, so Next.js/webpack inlining is unchanged on the server. - Touched: `schema-fields.ts:884` (`STACK_INTEGRATION_CLIENTS_CONFIG`), `utils/errors.tsx:81` (`NEXT_PUBLIC_STACK_DEBUGGER_ON_ASSERTION_ERROR`), `utils/promises.tsx` (`NODE_ENV` in `runAsynchronouslyWithAlert`), `utils/esbuild.tsx:16` (`NODE_ENV`, also reordered the `typeof process` guard so the env access is unreachable in browsers). ## Why a separate helper module `utils/env.tsx` already exists but its `getEnvVariable` explicitly throws in the browser, so it can't be reused here. The new module has zero imports so it can be safely consumed from low-level utilities like `errors.tsx` without creating a cycle (env.tsx ↔ errors.tsx). ## Test plan - [x] `pnpm lint` passes - [x] `pnpm typecheck` passes - [ ] Reproduced the original failure in a Vite + `@stackframe/react` app: sign-in flow logged `ReferenceError: process is not defined` from `StackAssertionError`, plus `clientSecret must not be empty` cascading from the same path - [ ] Verify the same flow in a Vite app no longer throws once `@stackframe/react` is rebuilt against this `stack-shared` change - [ ] Confirm Next.js consumer behavior is unchanged (env vars still inlined at build time for `NEXT_PUBLIC_*`) 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Refactor** * Improved environment variable handling across shared utilities for enhanced browser compatibility and safety. Introduced a new utility for dynamic, browser-safe environment variable access that prevents errors in non-Node.js environments. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-28 10:59:49 -07:00
Konstantin Wohlwend	f4ca6cb4c7	More tracing for replication-related functions	2026-04-17 17:57:34 -07:00
Mantra	bb277d33c9	Backend fallback (cloud run) (#1306) ... - Added support for `@opentelemetry/sdk-node` in the backend. - Updated various dependencies including AWS SDK and OpenTelemetry packages. - Implemented graceful shutdown handling for non-Vercel runtimes in `prisma-client.tsx`. - Enhanced AWS credentials retrieval to support GCP Workload Identity Federation. - Introduced a Dockerfile for Cloud Run deployment, optimizing the backend build process. - Updated `.gitignore` to include Terraform runtime files and secrets. This commit improves the backend's observability and deployment flexibility, particularly for Cloud Run environments. <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * OpenTelemetry observability with dynamic provider selection per deployment. * Cloud Run trusted-proxy support for accurate client IP handling. * Graceful shutdown that waits for in-flight background work. * New background-task handling to improve async webhook/email delivery reliability. * AWS credential providers added (Vercel OIDC & GCP Workload Identity Federation). * Dockerized backend image for Cloud Run / self-host deployments. * **Chores** * Updated dependencies for OpenTelemetry and AWS SDK support. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>	2026-04-11 00:57:37 +00:00
Mantra	998b3662a5	Enhance error handling and logging in Emailable response validation (#1292) ... - Updated `validateVerifyResponse` to capture errors for invalid or unexpected responses. - Improved handling of malformed responses in `checkEmailWithEmailable`, ensuring a consistent return structure. - Refactored `getDerivedSignUpCountryCode` to log errors for non-ISO country codes. - Simplified country code determination logic in `createOrUpgradeAnonymousUserWithRules`. <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Replaced country code dropdown selection with a direct text input field for simpler data entry. * Updated country code validation to accept any 2-letter code format, improving flexibility. * **Bug Fixes** * Refined country code normalization logic across sign-up rules and user profile pages for consistency. * **Documentation** * Clarified country code field messaging from "ISO code" to "2-letter country code" terminology for better user guidance. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-04-01 09:21:43 -07:00
Mantra	e59a70783e	Turnstile integration for fraud protection (#1239) ... Enhances sign-up process with Turnstile integration for fraud protection. Builds on top of fraud-protection-temp-emails. Made with [Cursor](https://cursor.com) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Cloudflare Turnstile bot-protection across signup/sign-in flows (including SDK JSON mode). * Email deliverability checks via Emailable. * Sign-up risk scoring with persisted risk metrics and country code tracking. * UI: country-code selector, risk-score editing in user details, users list refresh button, and Turnstile signup demo pages. * **Bug Fixes** * Use actual sign-up timestamp for reporting/metrics. * **Documentation** * Expanded knowledge base on Turnstile, risk scoring, and env configuration. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com> Co-authored-by: BilalG1 <bg2002@gmail.com> Co-authored-by: Armaan Jain <84474476+Developing-Gamer@users.noreply.github.com> Co-authored-by: nams1570 <amanganapathy@gmail.com>	2026-03-20 21:26:45 +00:00
aadesh18	8267ebce35	Custom dashboards and unified ai no playground (#1243) ... This PR implements unified AI endpoint and custom dashboards. **Unified AI Endpoint** We now use a single endpoint throughout the codebase that makes the call to openrouter. Specifically, email drafts, email templates, email themes, wysiwyg, cmd centre ai search and docs ai, all use this unified ai endpoint. All the tools are defined in the backend, all the prompts exist in the backend. How to review this PR for unified ai endpoint: This PR will be easier to review if we look at the different folders that were affected. under packages - We added streaming functionality, and made renaming changes under docs - there are three files that have changed package.json - we updated the package (we were previously using a very old version of the package) route.ts - we changed the call from a direct call to openrouter to the unified ai endpoint ai-chat.tsx - because of updating the package, we had to make changes to adapt to the latest versions of the package under backend route.ts - the main unified ai endpoint. this endpoint uses various support files forward.ts - this is the forward to production functionality models.ts - consists of the models, and the rules for selecting those models prompts.ts - consists of the base prompt + specific system prompts depending upon the usage schema.ts every single file under ai/tools folder - which as the name suggests, consists of the implementations of the different tools that can be provided to the llm route-handlers - added support for streaming to SmartRoute and response under dashboard ai-search/route.ts - refactored the file to use unified ai endpoint chat-adapters.ts - refactored the file to use unified ai endpoint and created extra checks for the ai generated code **Custom Dashboards** We let the user write their query in english. We then use AI to create dashboards that are interactive, live and savable. This PR includes a new package called dashboard-ui-components. This package has components that are used in the dashboard and more importantly, these components are being imported from esm in the ai generated code for custom dashboards. We also change the bar at the top for the products pages. How to review this PR: Review the new package (package/dashboard-ui-components), the setup and the files inside it. Review the schema changes in stack-shared/src Review the changes in dashboard. The following changes have been made Updated the design-components folder since we moved the dashboard components to the new package Updated imports for these components accordingly Updated the title bar of the product pages Created the files for custom dashboards under the dashboards folder and components under commands/create-dashboard Created a script under dashboard/scripts that generates the file with type definitions that would go to the llm Review the backend Started using unified ai endpoint <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added custom dashboards feature allowing users to create and manage personalized dashboards with AI assistance. * Integrated AI-assisted dashboard code generation with visual preview and editing capabilities. * Introduced new AI query endpoints supporting stream and generate modes with configurable model quality/speed settings. * **Improvements** * Reorganized UI components into a dedicated component library package for better code reuse. * Enhanced chat architecture with improved message handling and tool integration. * Updated AI provider integration with improved configuration management. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com> Co-authored-by: Bilal Godil <bg2002@gmail.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-03-13 20:24:40 +00:00
BilalG1	a64055cfca	Hosted components (#1229) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a new "Hosted Components" app with its own app shell, routing, auth-aware UI, a handler route, and a welcome page showing the signed-in user. * **Chores** * Added dev tooling and configuration for the new app (build, lint, typecheck, Vite/TS, package manifest) and updated dev env API URL. * **Tests** * Excluded the new app from the test workspace. * **Bug Fixes** * Suppressed noisy console errors for a specific internal sentinel and clarified related error messaging. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>	2026-03-10 11:29:05 -07:00
Konstantin Wohlwend	ba51f19d6f	Fix lint	2026-02-27 09:59:26 -08:00
Konstantin Wohlwend	e0ea6834d0	Upgrade TypeScript	2026-02-27 00:28:35 -08:00
Konstantin Wohlwend	67587012ec	Rename stack-backend to backend and stack-dashboard to dashboard	2026-02-26 22:22:49 -08:00
Konsti Wohlwend	8052a2be62	"Require publishable client key" toggle (#1158) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **High Risk** > Touches authentication and OAuth token/authorize flows and changes how client requests are validated, so regressions could cause widespread login/client-access failures. Also includes a data migration that alters effective security posture for existing projects. > > **Overview** > Adds a **project-level toggle** (`project.requirePublishableClientKey`) to control whether client requests/OAuth flows must include a publishable client key, including a DB migration that backfills existing projects to require it. > > Backend auth now treats the publishable client key as *optional when allowed*, introducing a public sentinel (`__stack_public_client__`) and returning a new specific error (`PUBLISHABLE_CLIENT_KEY_REQUIRED_FOR_PROJECT`) across smart request auth + OAuth `authorize`/`callback`/`token` endpoints. > > Dashboard and SDKs update key generation/display and request construction to handle missing publishable keys, expose an advanced toggle on the Project Keys page, and extend internal config overrides to support a new `project` level; E2E/tests and schema fuzzing are expanded accordingly, and CI adds a forward-compat migration check job when back-compat fails. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 5d06c08613. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Project-level config to require publishable client keys; migration applied to existing projects. * **Improvements** * Auth flows now support optional publishable client keys with explicit validation and a sentinel for keyless OAuth. * Dashboard/UI and SDKs handle publishable keys as optional and conditionally show/generate them. * Admin/client APIs extended to manage project-level overrides. * **Bug Fixes** * Key validation behavior aligned with project config. * **Tests** * Expanded E2E and unit tests covering optional/required publishable-key scenarios. * **Documentation** * Spec and knowledge docs updated to describe the sentinel and config behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-02-19 10:23:16 -08:00
Armaan Jain	11b6b4210b	Emails redesign (#1076)	2026-02-16 14:57:17 -08:00
Konsti Wohlwend	7a35751f8e	Sign up rules (#1138) ... <!-- CURSOR_SUMMARY --> > [!NOTE] > **High Risk** > Touches core sign-up/auth flows and user restriction semantics (including new DB constraints) and introduces dynamic rule evaluation/logging; misconfiguration or CEL/parser bugs could block sign-ups or incorrectly restrict users. > > **Overview** > Introduces **CEL-based sign-up rules** (config-driven) that are evaluated during password/OTP/OAuth sign-ups and anonymous upgrades; matching rules can reject sign-ups or mark users as admin-restricted, and triggers are logged for analytics. > > Extends `ProjectUser` with `restrictedByAdmin` plus public/private restriction details, updates restriction computation/filtering, and exposes these fields via user CRUD (including validation + DB constraint enforcing consistency when unrestricted). > > Adds a new dashboard **Sign-up Rules** page with a visual condition builder (CEL <-> visual tree), drag-reorder by priority, per-rule 48h sparkline analytics via a new hidden internal endpoint, and adds user-page UI to view/edit manual restrictions. Also refactors ClickHouse client initialization to require env vars (removing `isClickhouseConfigured` checks) and adjusts CI container startup wait time. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2141e689e8c1b72303b805e9234f996010d0880. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Sign-up Rules: visual rule builder, in-project CRUD with drag-reorder, per-rule analytics, backend evaluation, and admin UI. * Admin user restrictions: dashboard controls, banners/status, public/private admin details surfaced in user views. * **APIs & Schema** * Config and user schemas extended; new SignUpRejected error and sign-up rule types added. * **Tests** * Extensive unit and E2E coverage for rules, parser, evaluator, analytics, and restricted-user flows. * **Docs** * Editorial guidance added to AGENTS.md. * **Chores** * DB statement timeout, updated clean script, minor dependency additions. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-02-03 11:08:24 -08:00
Konstantin Wohlwend	815b857ef3	Fix bug where defaults sometimes wouldn't apply	2026-01-26 21:27:06 -08:00
Konstantin Wohlwend	c7d4ddba1e	Defaults now apply when dotting into them	2026-01-26 15:13:57 -08:00
Konstantin Wohlwend	54586ff2c0	Fix "Manage team settings" link	2026-01-12 14:33:16 -08:00
Konsti Wohlwend	1618f89c46	Onboarding app & restricted users (#1069) ... - restricted users - onboarding app - waitlist app - fixed an exception when setting primary email - automatically update the JWT token on the client when the user object changes	2026-01-11 17:22:14 -08:00
Konsti Wohlwend	dc93c70295	Paginated list tests (#1088)	2026-01-07 13:13:11 -08:00
Konstantin Wohlwend	de9cfb33a7	Environment variables for disabling email queue	2025-12-15 10:48:00 -08:00
Konsti Wohlwend	e7e792d462	Email outbox backend (#1030)	2025-12-12 10:26:38 -08:00
Konstantin Wohlwend	659338dd1e	Fix potential memory leak in Stack App cache	2025-11-06 14:31:14 -08:00
Konsti Wohlwend	3cdceb99f2	Product page updates (#985) ... https://github.com/user-attachments/assets/690aa9b8-5d6a-4f13-9841-f9b45f308668 --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>	2025-11-06 13:22:46 -08:00
Konsti Wohlwend	0ef4972b71	Support React 18 (#980)	2025-11-06 11:42:23 -08:00
Konstantin Wohlwend	f4419c9fba	Fix retry issue	2025-11-05 20:34:43 -08:00
BilalG1	7f2de7e1ec	Cookie subdomain sharing (#971) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Projects now expose a domains field in the client API. - Cookie API expanded: domain and secure options added, plus getAll and isSecure helpers. - **Refactor** - Domain-aware cookie and token handling for cross-domain refresh flows. - Minor signature/formatting tweaks to IP and URL utilities. - **Tests** - E2E coverage added: refresh-cookie scenarios and a project scaffolding test. - Backend snapshot updated to include domains. - **Chores** - Added a new dependency for domain parsing. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>	2025-11-05 18:12:31 -08:00
Konsti Wohlwend	3d4c608187	Customizable ports (#962) ... <!-- ONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- RECURSEML_SUMMARY:START --> ## High-level PR Summary This PR changes the default development ports for several background services to avoid conflicts. PostgreSQL moves from port `5432` to `8128`, Inbucket SMTP from `2500` to `8129`, Inbucket POP3 from `1100` to `8130`, and the OpenTelemetry collector from `4318` to `8131`. All references across configuration files, Docker Compose setups, environment files, CI/CD workflows, test files, and documentation have been updated to reflect these new port assignments. A knowledge base document has been added to document the new port mappings. ⏱️ Estimated Review Time: 15-30 minutes <details> <summary>💡 Review Order Suggestion</summary> | Order | File Path | | --- | --- | | 1 | `claude/CLAUDE-KNOWLEDGE.md` | | 2 | `apps/dev-launchpad/public/index.html` | | 3 | `docker/dependencies/docker.compose.yaml` | | 4 | `docker/emulator/docker.compose.yaml` | | 5 | `apps/backend/.env` | | 6 | `apps/backend/.env.development` | | 7 | `docker/server/.env.example` | | 8 | `package.json` | | 9 | `.devcontainer/devcontainer.json` | | 10 | `apps/e2e/.env.development` | | 11 | `.github/workflows/check-prisma-migrations.yaml` | | 12 | `.github/workflows/docker-server-test.yaml` | | 13 | `.github/workflows/e2e-api-tests.yaml` | | 14 | `.github/workflows/e2e-source-of-truth-api-tests.yaml` | | 15 | `.github/workflows/restart-dev-and-test.yaml` | | 16 | `apps/e2e/tests/backend/endpoints/api/v1/internal/email-drafts.test.ts` | | 17 | `apps/e2e/tests/backend/endpoints/api/v1/internal/email.test.ts` | | 18 | `apps/e2e/tests/backend/endpoints/api/v1/send-email.test.ts` | | 19 | `apps/e2e/tests/backend/endpoints/api/v1/unsubscribe-link.test.ts` | | 20 | `apps/e2e/tests/backend/workflows.test.ts` | | 21 | `docs/templates/others/self-host.mdx` | </details> [](https://discord.gg/n3SsVDAW6U) [ <!-- RECURSEML_SUMMARY:END --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > This PR introduces customizable development ports using `NEXT_PUBLIC_STACK_PORT_PREFIX`, updating configurations, documentation, and tests accordingly. > > - **Behavior**: > - Default development ports for services are now customizable via `NEXT_PUBLIC_STACK_PORT_PREFIX`. > - PostgreSQL port changed from `5432` to `${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}28`. > - Inbucket SMTP port changed from `2500` to `${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}29`. > - Inbucket POP3 port changed from `1100` to `${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}30`. > - OpenTelemetry collector port changed from `4318` to `${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}31`. > - **Configuration**: > - Updated `docker.compose.yaml` to use new port variables for services like PostgreSQL, Inbucket, and OpenTelemetry. > - Environment files in `apps/backend`, `apps/dashboard`, and `apps/e2e` updated to use `NEXT_PUBLIC_STACK_PORT_PREFIX`. > - `package.json` scripts updated to reflect new port configurations. > - **Documentation**: > - Added `CLAUDE-KNOWLEDGE.md` to document new port mappings. > - Updated `self-host.mdx` to reflect new port configurations. > - **Testing**: > - Updated test files in `apps/e2e/tests` to use new port configurations. > - Added `helpers/ports.ts` for port-related utilities in tests. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for 76ef55f58f. You can [customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this summary. It will automatically update as commits are pushed.</sup> ---- <!-- ELLIPSIS_HIDDEN --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Enable configurable development ports via a NEXT_PUBLIC_STACK_PORT_PREFIX, allowing parallel local environments with custom port prefixes. - **Bug Fixes** - Updated local service port mappings and CI/workflow settings so tooling and tests use the new prefixed ports consistently. - **Documentation** - Added docs and contributor guidance for running multiple parallel workspaces with custom port prefixes. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: N2D4 <N2D4@users.noreply.github.com>	2025-10-20 15:24:47 -07:00
Konsti Wohlwend	542d444269	Apps frontend (#945)	2025-10-16 20:54:14 -07:00
Konstantin Wohlwend	bcab1045d6	Page transition prefetching	2025-10-16 12:02:46 -07:00
Konstantin Wohlwend	c3dfd0d370	Improve suspendIfSsr error message	2025-10-15 14:34:07 -07:00
Konsti Wohlwend	8a77e07f19	Rename offer to product, offer group to product catalog (#914) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- RECURSEML_SUMMARY:START --> ## High-level PR Summary This PR implements a comprehensive renaming of "offer" to "product" and "offer group" to "product catalog" throughout the codebase. The changes include database migrations, schema updates, API compatibility layers, function renames, and updates to client and server implementations. Backwards compatibility is maintained through migration layers that handle requests using the old terminology, translating them to the new terminology before processing. The PR includes documentation of this approach in CLAUDE-KNOWLEDGE.md. This rename affects multiple parts of the system including the database schema, API endpoints, error types, and SDK interfaces. ⏱️ Estimated Review Time: 1-3 hours <details> <summary>💡 Review Order Suggestion</summary> | Order | File Path | |-------|-----------| | 1 | `apps/backend/prisma/migrations/20250923191615_rename_offers_to_products/migration.sql` | | 2 | `apps/backend/src/app/api/migrations/v2beta1/payments/purchases/offers-compat.ts` | | 3 | `apps/backend/src/app/api/migrations/v2beta1/payments/purchases/create-purchase-url/route.ts` | | 4 | `apps/backend/src/app/api/migrations/v2beta1/payments/purchases/validate-code/route.ts` | | 5 | `apps/backend/src/lib/payments.tsx` | | 6 | `.claude/CLAUDE-KNOWLEDGE.md` | | 7 | `packages/stack-shared/src/schema-fields.ts` | | 8 | `packages/stack-shared/src/known-errors.tsx` | | 9 | `packages/stack-shared/src/config/schema.ts` | | 10 | `packages/template/src/lib/stack-app/customers/index.ts` | | 11 | `packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts` | | 12 | `packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts` | </details> [](https://discord.gg/n3SsVDAW6U) <!-- RECURSEML_SUMMARY:END --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Renames 'offer' to 'product' and 'offer group' to 'product catalog' across the codebase, updating database schema, API endpoints, and application logic for consistency and backward compatibility. > > - **Database**: > - Rename columns `offer` to `product` and `offerId` to `productId` in `OneTimePurchase` and `Subscription` tables in `migration.sql`. > - **API & Migrations**: > - Update API endpoints to accept `product_id`/`product_inline` instead of `offer_id`/`offer_inline`. > - Add `v2beta5` compatibility layer to map legacy `offer` fields to `product` equivalents. > - **Shared Schemas**: > - Rename `offerSchema` to `productSchema` and related schemas in `schema-fields.ts`. > - **Server Implementation**: > - Update `createCheckoutUrl` method in `server-app-impl.ts` to use `productId`/`InlineProduct`. > - **Tests**: > - Update tests to reflect renaming in `backend-helpers.ts` and other test files. > - **Miscellaneous**: > - Remove dummy data related to offers in `dummy-data.tsx`. > - Update documentation and comments to reflect terminology changes. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for e3227bcbd2. You can [customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this summary. It will automatically update as commits are pushed.</sup> ---- <!-- ELLIPSIS_HIDDEN --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Backwards-compatibility: legacy offer_id/offer_inline requests are accepted, normalized, and routed to product-based handlers. * **Refactor** * Global rename from Offer/Group → Product/Catalog across UI, APIs, types, client/server interfaces, and error codes. * **Bug Fixes** * Responses, webhooks and UI consistently surface product_display_name and product-related metadata. * **Documentation** * Migration notes and docs updated to explain compatibility and parameter changes. * **Tests** * Unit and E2E suites updated to cover product/catalog flows. * **Chores** * Database schema migration, seed and config updates applied. <!-- end of auto-generated comment: release notes by coderabbit.ai --> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Renames offers→products and groups→catalogs end-to-end (DB, APIs, schemas, UI, SDK, docs), adding v2beta5 compatibility to accept legacy offer fields while updating all internals. > > - **Backend/DB**: > - Prisma migration: rename `offer`/`offerId`→`product`/`productId` in `OneTimePurchase` and `Subscription`. > - Update Stripe webhook, purchase-session, and internal test-mode flows to use `product*` metadata/fields. > - **API & Migrations**: > - Latest endpoints now accept `product_id`/`product_inline`. > - Add `v2beta5` compat layer mapping legacy `offer_id`/`offer_inline` to product equivalents; responses alias conflicting products. > - **Shared Schemas/Errors/Config**: > - `offerSchema`→`productSchema`, `inlineOfferSchema`→`inlineProductSchema`, prices/types renamed. > - KnownErrors renamed (e.g., `PRODUCT_DOES_NOT_EXIST`). > - Config: `groups`→`catalogs`, defaults/migrations updated; improved override validation messages; ID regex loosened; formatter tweaks; add schema fuzzer tests. > - **Payments Lib**: > - Rename APIs and logic (`offers`→`products`, `groupId`→`catalogId`), subscription and item-quantity computation updated. > - **Dashboard/UI**: > - Routes, dialogs, editors, tables, and code samples switched to products/catalogs; removed offers dummy data. > - **SDK/Template**: > - Client/server `createCheckoutUrl` now uses `productId`/`InlineProduct`. > - **Tests/Docs/Utilities**: > - E2E and unit tests updated; add legacy (pre-rename) tests. > - Docs and knowledge base revised; minor script tweaks (recent-first, limits). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit e6e20ecd72. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: BilalG1 <bg2002@gmail.com>	2025-10-04 02:28:28 -07:00
Konstantin Wohlwend	b2a0199799	Make refresh tokens more robust when deleting users	2025-10-03 01:35:09 -07:00
BilalG1	3fe82b68b6	Convex implementation (#913) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Add Convex integration with new auth helpers, update access token handling, and include documentation, examples, and tests for the new features. > > - **Features**: > - Add Convex integration with new auth helpers for Convex clients and HTTP in `client-app-impl.ts` and `server-app-impl.ts`. > - Support for Convex context in user APIs and partial user retrieval. > - Access tokens now include `is_anonymous` for better anonymous handling in `tokens.tsx`. > - **Documentation**: > - Add Convex integration guide in `docs/templates/others/convex.mdx`. > - Update docs navigation in `docs/docs-platform.yml` and `docs/templates/meta.json`. > - **Examples**: > - Add Convex + Next.js example app in `examples/convex` with auth wiring, functions, schema, and UI. > - **Tests**: > - Add E2E tests for Convex auth flows in `convex.test.ts`. > - Update JWT payload checks in `backend-helpers.ts` and `anonymous-comprehensive.test.ts`. > - **Chores**: > - Add Convex dependencies in `package.json` files. > - Update CI steps for example environments in `e2e-api-tests.yaml` and `e2e-source-of-truth-api-tests.yaml`. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for aa0983a8b7. You can [customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this summary. It will automatically update as commits are pushed.</sup> ---- <!-- ELLIPSIS_HIDDEN --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Convex integration: auth helpers for Convex clients/HTTP, Convex-aware user APIs, and partial-user retrieval (token/convex). - Access tokens now surface is_anonymous for clearer anonymous handling. - **Documentation** - Added Convex integration guide and nav entries. - **Examples** - New Convex + Next.js example app with auth wiring, backend functions, schema, and UI. - **Tests** - Added E2E tests covering Convex auth flows and JWT payload checks. - **Chores** - Added Convex deps, CI env steps, and workspace/test config updates. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>	2025-09-24 19:16:45 +00:00
Konstantin Wohlwend	196450d854	Even better JWT info	2025-09-12 18:13:57 -07:00
Konstantin Wohlwend	7176a38e98	Better JWT info	2025-09-12 18:13:57 -07:00
Konstantin Wohlwend	baee7209cc	JWT update	2025-09-12 18:13:57 -07:00
BilalG1	d14317c787	batch sending (#875) ... <!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Implement batch email rendering and sending with enhanced processing and error handling. > > - **Behavior**: > - Implement batch email rendering and sending in `route.tsx` using `renderEmailsWithTemplateBatched()` and `sendEmailResendBatched()`. > - Add per-recipient notification category resolution and unsubscribe link generation. > - Support templates from IDs, raw HTML, or drafts with dynamic theme handling. > - Enhanced result reporting, including users without primary emails. > - **Functions**: > - Add `renderEmailsWithTemplateBatched()` in `email-rendering.tsx` for batch email rendering. > - Add `sendEmailResendBatched()` in `emails.tsx` for batch email sending. > - Add `getChunks()` in `arrays.tsx` to split arrays into chunks. > - **Tests**: > - Add timed waits in `send-email.test.ts` and `unsubscribe-link.test.ts` to stabilize email delivery checks. > - **Dependencies**: > - Add `@react-email/render` and `resend` to `package.json` for email rendering and sending. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for ff1dea6c31. You can [customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this summary. It will automatically update as commits are pushed.</sup> ---- <!-- ELLIPSIS_HIDDEN --> <!-- RECURSEML_SUMMARY:START --> ## Review by RecurseML _🔍 Review performed on [3c34140..1267879](3c34140aba...1267879cfd)_ | Severity | Location | Issue | |----------|----------|-------| |  | [apps/e2e/tests/backend/endpoints/api/v1/send-email.test.ts:593](https://github.com/stack-auth/stack-auth/pull/875#discussion_r2317293698) | Asynchronous wait function not wrapped with runAsynchronously | |  | [apps/e2e/tests/backend/endpoints/api/v1/send-email.test.ts:743](https://github.com/stack-auth/stack-auth/pull/875#discussion_r2317293796) | Asynchronous wait function not wrapped with runAsynchronously | <details> <summary>✅ Files analyzed, no issues (4)</summary> • `apps/backend/src/app/api/latest/emails/send-email/route.tsx` • `apps/backend/src/lib/email-rendering.tsx` • `apps/backend/src/lib/emails.tsx` • `packages/stack-shared/src/utils/arrays.tsx` </details> <details> <summary>⏭️ Files skipped (low suspicion) (2)</summary> • `apps/backend/package.json` • `pnpm-lock.yaml` </details> [](https://discord.gg/n3SsVDAW6U) <!-- RECURSEML_SUMMARY:END --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Batch email rendering and sending to multiple recipients with background processing. - Per-recipient notification category resolution and unsubscribe link generation. - Support for templates from IDs, raw HTML, or drafts with dynamic theme handling. - Enhanced result reporting, including users without primary emails. - Chores - Added dependencies for email rendering and bulk sending. - Tests - Stabilized email delivery checks with timed waits across relevant e2e tests. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>	2025-09-11 15:42:51 -07:00
BilalG1	5da45d8520	Email Drafts (#849) ... https://www.loom.com/share/cc379c5372244a169f3ae1d2cc91eae5?sid=ec5bc438-56d8-4cca-9bbc-6cf6c6d313ad <!-- ELLIPSIS_HIDDEN --> ---- > [!IMPORTANT] > Introduce email draft functionality with AI assistance, including creation, editing, and sending capabilities, and update APIs and UI components accordingly. > > - **Features**: > - Add email draft functionality: create, list, edit, preview, and send drafts. > - Integrate AI-assisted draft generation with `emailDraftAdapter` in `email-draft-adapter.ts`. > - Update `send-email` and `render-email` APIs to support drafts. > - **Backend**: > - Add `EmailDraft` model in `schema.prisma`. > - Implement draft CRUD operations in `email-drafts/route.tsx` and `email-drafts/[id]/route.tsx`. > - Update `render-email/route.tsx` and `send-email/route.tsx` to handle draft inputs. > - **Frontend**: > - Add email draft UI in `email-drafts/page-client.tsx` and `email-drafts/[draftId]/page-client.tsx`. > - Implement theme selection with `EmailThemeSelector` in `email-theme-selector.tsx`. > - Update sidebar navigation in `sidebar-layout.tsx` to include drafts. > - **Tests**: > - Add E2E tests for draft lifecycle and sending in `email-drafts.test.ts` and `send-email.test.ts`. > - **Misc**: > - Update `admin-interface.ts` and `server-interface.ts` to support draft operations. > - Add `XOR` type utility in `types.tsx` for exclusive option handling. > > <sup>This description was created by </sup>[<img alt="Ellipsis" src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup> for c7ebb00ac5. You can [customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this summary. It will automatically update as commits are pushed.</sup> ---- <!-- ELLIPSIS_HIDDEN --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Email Drafts: create, list, edit, preview, theme-select, AI-assisted draft generation, send (marks draft as sent) and dashboard UI for drafting + recipient selection. * **Improvements** * Send/render APIs accept html, template, or draft inputs and an all-users option; per-recipient delivery/reporting, unified theme selector, expanded chat context for drafts, clearer schema validation errors, breadcrumb updates. * **Tests** * E2E coverage for draft lifecycle, draft-based send, all-users flow, and updated schema-validation snapshots. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>	2025-09-10 22:57:18 +00:00
Konstantin Wohlwend	15963155e8	Fix STACK-BACKEND-FF	2025-09-09 15:33:59 -07:00