- restricted users
- onboarding app
- waitlist app
- fixed an exception when setting primary email
- automatically update the JWT token on the client when the user object
changes
# Foreign Key Constraint
When deploying Stack Auth with Docker and changing
`STACK_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS` between container
restarts, the seed script fails with:
```ts
PrismaClientKnownRequestError: Invalid prisma.teamMemberDirectPermission.upsert() invocation:
Foreign key constraint violated on the constraint: TeamMemberDirectPermission_tenancyId_projectUserId_teamId_fkey
```
This is a bug in the seed script's idempotency logic. The issue occurs
in `apps/backend/prisma/seed.ts` (lines 296–388):
- When admin credentials are provided, the script checks if the admin
user already exists (line 297–303)
- If the user exists, it skips the user creation block (line 305–306),
which also skips creating the TeamMember record
- However, the `grantTeamPermission()` call at line 382 is outside the
if/else block and always runs
- This tries to create a TeamMemberDirectPermission record, which has a
foreign key constraint to TeamMember
- If the TeamMember doesn't exist (e.g., user was created with
`STACK_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS=false` previously, or
the TeamMember was never created), the foreign key constraint fails.
## How could this happen?
1. Changed `INTERNAL_ACCESS` setting: First run with
`STACK_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS=false` (user created,
no TeamMember), then restarted with `=true`
2. Partial seed failure/interruption: A previous seed run created the
user but failed before creating the TeamMember
3. Manual database modification: TeamMember was deleted but user still
exists.
The most likely scenario would be 1 here:
### Scenario 1:
1. First deployment:
`STACK_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS=false`
- User created ✓
- TeamMember **_NOT_** created(because `adminInternalAccess=false`)
2. Second deployment:
`STACK_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS=true`
- User already exists → Skip creation
- `grantTeamPermission()` called → tries to create
TeamMemberDirectPermission
- **_FAILS_** because TeamMember doesn't exist.
## Solution
Add a `TeamMember` upsert before granting permissions when
`adminInternalAccess` is true:
```ts
if (adminInternalAccess) {
await internalPrisma.teamMember.upsert({
where: {
tenancyId_projectUserId_teamId: {
tenancyId: internalTenancy.id,
projectUserId: defaultUserId,
teamId: internalTeamId,
},
},
create: {
tenancyId: internalTenancy.id,
teamId: internalTeamId,
projectUserId: defaultUserId,
},
update: {},
});
}
```
This ensures the `TeamMember` record exists before
`grantTeamPermission() is called, regardless of whether the user was
just created or already existed.
## Impact
- Existing deployments: No impact. If `TeamMember` already exists, the
upsert does nothing.
- New deployment: Works correctly.
- Broken deployments: This fix will repair them on the next container
restart.
## Testing
Tested by building a local Docker image and running the reproduction
script that:
- Starts with `INTERNAL_ACCESS=false`
- Restarts with `INTERNAL_ACCESS=true`
- verifies no foreign key constraint error occurs.
---
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Made permission grants resilient to repeated seed runs by ensuring
grants only apply when appropriate admin access is present.
* Prevented duplicate team member entries during setup by making member
creation idempotent, so repeated runs no longer create or alter existing
records.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<img width="1299" height="967" alt="Screenshot 2025-12-12 at 5 26 23 PM"
src="https://github.com/user-attachments/assets/5a33482a-510c-464c-a770-e71222ffc336"
/>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a "Payouts" section to the Payments dashboard with a dedicated
page and navigation link.
* Integrated a Stripe Connect payouts UI, allowing users to manage and
configure payout options (instant payouts, standard payouts, edit payout
schedule, external account collection).
* **Chores**
* Internal module path updates (no user-facing behavior changes).
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* ~~Consolidated all release notes into a single root changelog as the
authoritative source for all changes~~
* ~~Updated individual package changelogs with deprecation notices
directing users to the root changelog~~
* Removes all changelog.md files from each app/package and consolidates
into root changelog.app.
* **Chores**
* ~~Updated build directory exclusions~~
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
Updates all icons to Phosphor and removes lucide as dependency.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Unified and refreshed iconography across the dashboard (pages,
widgets, controls, dialogs, navigation, lists) for a more consistent,
modern visual experience — purely visual, no behavior changes.
* **Chores**
* Migrated to a single icon set across the project and removed the
previous icon library; updated documentation package to include the new
icon dependency.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
Updates the Auth panel on API pages to allow for authenticated users to
select a project from project drop downs.
This enables easy access for the user to select their project, and test
endpoints against it.
<img width="399" height="521" alt="image"
src="https://github.com/user-attachments/assets/0d3a8444-2b69-4a21-b0ce-ce3515c4672d"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Project selection UI for configuring admin-scoped API access
* Automatic admin-token refresh and auto-population of admin headers
from the signed-in user
* **Improvements**
* Enhanced header management (supports functional updates and clearer
handling)
* Automatic token refresh before requests and improved base URL
resolution across environments
* Default project fallback when no project is configured
* **UX**
* clearer admin-related indicators, read-only styling, and contextual
messaging for auto-populated headers
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
Adds payment docs and code examples to docs.
<img width="261" height="284" alt="image"
src="https://github.com/user-attachments/assets/66e3f12c-48a3-4408-9ada-927f71427945"
/>
<img width="1042" height="900" alt="image"
src="https://github.com/user-attachments/assets/b478b8cf-b925-41c8-a800-a7dcb7bc9986"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added comprehensive Payments app guide covering Stripe integration,
subscriptions, and one-time purchases
* Included extensive, multi-language code examples for payment workflows
(JavaScript/TypeScript and Python)
* Added examples for checkout flows, item management, consuming credits,
listing products, and granting products
* Integrated the Payments examples into the central examples collection
and updated docs navigation to include the Payments guide
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
feat(docs): centralize code examples with dynamic variant tabs
This PR introduces a system for managing code examples centrally while
supporting file-based variant tabs (like html/script) within a single
code block.
## Changes
- **Extended variant system**: `PlatformCodeblock` now supports custom
variant names beyond just 'server'/'client', enabling tabs for any file
grouping (e.g., html/script pairs)
- **Vite example migration**: Moved vite-example.mdx code to
`code-examples/vite-example.ts` with html/script variants
- **LLM copy support**: The "Copy Markdown" button now expands
`PlatformCodeblock` components to inline the actual code, so LLMs
receive the full code examples instead of component references
## How it works
Code examples with variants are now displayed with filename-based tabs:
- Define examples with `variant: 'html'` and `variant: 'script'` in
`code-examples/`
- The tab labels automatically use the `filename` property
- When copying markdown for LLMs, all variants are included with their
filenames
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Documentation**
* Added a Vite JavaScript example guide with grouped auth examples
(init, index, password, OTP, OAuth) and wired examples into the
getting-started navigation.
* Removed the previous multi-page example guide and replaced it with the
new Vite-focused page.
* Documentation generation now expands platform code blocks to inline
concrete examples for clearer rendered docs.
* **Refactor**
* Improved code-example variant handling to support flexible variant
names for better tabbed/code-sample organization.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
