<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
# 🔒 Hidden Internal Endpoints from Public API Docs
Internal endpoints were incorrectly appearing in public API
documentation. Added hidden: true metadata to:
- /internal/init-script-callback - Telegram notification callback
- /internal/send-sign-in-invitation - Team invitation endpoint (public
equivalent: /team-invitations/send-code)
- /internal/projects/current - Internal project CRUD (adminRead,
adminUpdate, adminDelete)
- /internal/emails - Internal emails CRUD (adminList)
# 🏷️ Fixed Endpoint Categorization (moved from "Others")
Several endpoints were appearing in the "Others" category instead of
their proper sections:
- /emails/send-email -> Added tags: ["Emails"]
- Notification preferences CRUD -> Added complete docs with tags:
["Emails"]
- OAuth providers CRUD -> Changed tag from "OAuth Providers" → "Oauth"
to match naming convention; added missing clientUpdate docs
# 📝 API Documentation Improvements
- Fixed duplicate API Key titles: Updated handlers to use dynamic
summary (Create ${type} API key) instead of hardcoded "Create API key"
for both user and team keys
- Fixed empty Request section: API playground now only renders the
Request panel when there are actual parameters or request body fields to
display
# 🎨 UserButton Component Fixes
### Component (packages/template/src/components/user-button.tsx):
- Fixed hover effect centering (removed w-12 constraint, added p-1.5
padding)
- Fixed showUserInfo not displaying (changed flex-grow w-0 → min-w-0)
- Updated text styling with proper font sizes and theme-aware colors
- Added hover:transition-none for snappy UX
### Documentation Demo
(docs/src/components/stack-auth/stack-user-button-demo.tsx):
- Added not-prose class to fix avatar not rendering in MDX context
<img width="482" height="190" alt="image"
src="https://github.com/user-attachments/assets/c7c847c8-3ca5-4a40-bb33-f89949b6dbad"
/>
| Old | New |
|-----|-----|
| <img
src="https://github.com/user-attachments/assets/b0f2afe4-1499-49c0-946a-618a29876479"
width="180" /> | <img
src="https://github.com/user-attachments/assets/a358499c-f7e6-42c0-a0a0-2e6ad21728d2"
width="180" /> |
| Old | New |
|-----|-----|
| <img width="176" height="73" alt="image"
src="https://github.com/user-attachments/assets/1e17d77e-e4df-484d-adf4-19fcdaa0b471"
/> | <img width="198" height="76" alt="image"
src="https://github.com/user-attachments/assets/61d95ca8-61e5-48db-8fd8-75335751622f"
/> |
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed email template retention: custom templates are now only
preserved when using dedicated email servers, not shared configurations.
* **Tests**
* Added end-to-end test coverage for email template behavior across
different server configurations.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
https://www.loom.com/share/7628a0b5f14e4367bcde93e4817a50e8
<img width="811" height="437" alt="image"
src="https://github.com/user-attachments/assets/6b02aae0-c723-43d4-92ab-a26e97623d9c"
/>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Enhance email templates with project branding and dark-mode support,
update schemas and API responses for new logo fields.
>
> - **Behavior**:
> - Email templates now support project branding with compact/full logos
and dark-mode variants in `email-rendering.tsx` and `emails.ts`.
> - Project name displays beside logos in Light and Dark themes in
`email-rendering.tsx`.
> - Email rendering groups branding and unsubscribe data for consistent
theming.
> - **API Changes**:
> - Project payloads and admin/project schemas rename `full_logo` to
`logo_full` and add dark-mode logo fields in `projects.ts` and
`schema-fields.ts`.
> - Updates to `projects.tsx` and `page-client.tsx` to handle new logo
fields.
> - **Style**:
> - Improved unsubscribe link contrast in Dark theme in `emails.ts`.
> - **Database**:
> - Adds `logoFullUrl`, `logoDarkModeUrl`, and `logoFullDarkModeUrl`
columns to `Project` table in `migration.sql`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 0fbb79db5c. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added dark‑mode logo support for projects with separate logo and
full‑logo variants.
* Email themes/templates now render project logos and automatically
select light/dark variants with fallbacks.
* **Refactor**
* Project logo fields and public payloads renamed/reorganized to support
the new dark‑mode variants and consistent naming.
* **Tests**
* Updated test snapshots to reflect the new project logo fields.
* **Chores**
* Database migration applied to add/rename logo columns.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Adds light/dark logo variants, renames full-logo fields, and passes
project logos into email themes; updates DB, schemas, API, UI, and
tests.
>
> - **Database/Prisma**:
> - Rename `Project.fullLogoUrl` to `logoFullUrl`; add `logoDarkModeUrl`
and `logoFullDarkModeUrl`.
> - **Backend**:
> - Email rendering now accepts `themeProps` with `projectLogos` and
spreads into `EmailTheme` (single/batched).
> - Provide project logo URLs to email render/send and internal template
preview routes.
> - Add `@stackframe/emails` components (`Logo`, `FullLogo`,
`ProjectLogo`) with light/dark fallbacks.
> - Projects CRUD: map/upload new logo fields; rename API fields to
`logo_full_url` and add dark-mode fields.
> - **Emails (themes)**:
> - Light/Dark themes render `<ProjectLogo>`; improve dark-theme
unsubscribe link contrast.
> - **Dashboard/UI**:
> - Project settings support `logoFullUrl`, `logoDarkModeUrl`,
`logoFullDarkModeUrl` uploads.
> - Code editor types: add `ThemeProps.projectLogos`, relax TS option,
and Tailwind DTS fix.
> - **Shared Schemas/Types**:
> - Update `schema-fields` and CRUD read/update models to new/extra logo
fields; propagate through template app types.
> - **Tests**:
> - Update snapshots for new project logo fields and theme source
output.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4d97561839. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: Bilal Godil <bg2002@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<img width="216" height="245" alt="image"
src="https://github.com/user-attachments/assets/f59f754f-b9d7-4e82-a552-8e407878eb01"
/>
<img width="940" height="564" alt="image"
src="https://github.com/user-attachments/assets/3218914e-5128-4cff-a183-29637adfb9f2"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* New "Apps" section with dedicated pages for API Keys, Emails, OAuth,
Permissions (RBAC), Orgs & Teams, Auth Providers, and Webhooks; API Keys
content moved into this section.
* New API Keys guide and updated overview content including an Apps grid
and app tiles.
* Added redirects from old concept pages to new Apps pages.
* **Style**
* Sidebar now shows icons for docs links; improved hover animations and
tile styling across docs.
* **New Features**
* App tile/card components added for displaying apps in docs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Introduces a new “Apps” docs section (API Keys, Emails, OAuth, RBAC,
Orgs & Teams, Webhooks), adds reusable app UI components, updates
navigation, and removes the old API Keys concept doc.
>
> - **Docs**:
> - **Apps section**: Add `docs/content/docs/(guides)/apps/*` (API Keys,
Emails, OAuth, RBAC Permissions, Orgs & Teams, Webhooks) with icons and
examples; remove `concepts/api-keys.mdx` and update related links (e.g.,
JWT).
> - **Overview & Nav**: Insert AppGrid on `overview`, add “Apps” pages
to `meta.json`, add “Welcome” nav item, and refine “Guides” active-state
logic.
> - **Code examples**: Wire `docs/code-examples/index.ts` to load
`apps/api-keys` examples.
> - **UI/Components**:
> - Add `AppCard`/`AppGrid` in `docs/src/components/mdx/app-card.tsx`
and register in `mdx-components`.
> - Tweak homepage hover card styles (`iconHover.tsx`) and sidebar links
to support icons.
> - **Shared**:
> - Add `packages/stack-shared/src/apps/apps-ui.tsx` with `AppIcon` and
sizing constants; note UI export guidance in `stack-shared` `index.ts`.
> - **Styling/Infra**:
> - Add Tailwind `@source` in global CSS; minor layout/link icon
plumbing.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2487b877aa. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
https://www.loom.com/share/ade557d34b674ecb9ae1d703b5332c9d
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for inline webhook configuration portal rendering when
available
* Enhanced webhooks page with improved theming support
* **Refactor**
* Updated webhook token API to return structured data including optional
server URL alongside token
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Enables embedded Svix portal on the Webhooks page when available,
updating the token API and shared types to return an optional portal URL
and wiring it through the admin app.
>
> - **Frontend (Dashboard Webhooks page)**:
> - Conditionally render Svix `AppPortal` when `svixToken.url` is
provided; otherwise fall back to `SvixProvider` with token.
> - Integrate theme support (`next-themes`) for portal `darkMode`;
import `svix-react` styles.
> - **Backend (API)**:
> - Update `POST /api/latest/webhooks/svix-token` to return `{ token,
url? }`, deriving `url` only when no `STACK_SVIX_SERVER_URL` is set.
> - **Shared Types/SDK**:
> - Extend `svixTokenAdminReadSchema` to include optional `url`.
> - Change admin app `useSvixToken()` to return `{ token, url }` and
propagate through implementation.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
9f5dc52ecf. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Projects now expose a domains field in the client API.
- Cookie API expanded: domain and secure options added, plus getAll and
isSecure helpers.
- **Refactor**
- Domain-aware cookie and token handling for cross-domain refresh flows.
- Minor signature/formatting tweaks to IP and URL utilities.
- **Tests**
- E2E coverage added: refresh-cookie scenarios and a project scaffolding
test.
- Backend snapshot updated to include domains.
- **Chores**
- Added a new dependency for domain parsing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
https://www.loom.com/share/abbd19d1deaa4b3d8f8ae9c1f2f9b098?sid=d105ee21-f380-4c37-85f1-a58610cfff9d
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR adds webhook testing functionality to the dashboard, allowing
users to send test events to their configured webhook endpoints and
verify they're working correctly. The implementation adds a new backend
API endpoint that creates a `stack.test` event via Svix, verifies
successful delivery, and provides clear feedback. The dashboard UI is
enhanced with a test dialog that shows a preview of the test payload and
displays success or error messages, with the test action accessible both
from the endpoint creation flow and the action menu for existing
endpoints.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `packages/stack-shared/src/interface/admin-interface.ts` |
| 2 | `packages/template/src/lib/stack-app/apps/interfaces/admin-app.ts`
|
| 3 |
`packages/template/src/lib/stack-app/apps/implementations/admin-app-impl.ts`
|
| 4 |
`apps/backend/src/app/api/latest/internal/send-test-webhook/route.tsx` |
| 5 |
`apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/webhooks/page-client.tsx`
|
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add functionality to test webhooks from the dashboard, including
backend route and frontend UI updates.
>
> - **Backend**:
> - Adds `POST` route in `send-test-webhook/route.tsx` to handle test
webhook requests.
> - Validates request and response schemas using `yup`.
> - Implements logic to send test webhook using `svix` and handle
success/error cases.
> - **Frontend**:
> - Updates `page-client.tsx` to include a dialog for creating and
testing endpoints.
> - Adds `TestEndpointDialog` component to handle the test webhook UI.
> - Modifies `CreateDialog` and `ActionMenu` to support triggering the
test webhook.
> - **Admin Interface**:
> - Adds `sendTestWebhook` method to `StackAdminInterface` in
`admin-interface.ts`.
> - Implements `sendTestWebhook` in `_StackAdminAppImplIncomplete` in
`admin-app-impl.ts`.
> - Updates `StackAdminApp` interface in `admin-app.ts` to include
`sendTestWebhook` method.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for c9bc00cb50. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Sign-up accepts an optional verification callback URL and a new
opt-out flag to disable email verification; when opted-out or absent,
URL checks and verification emails are skipped.
* Client APIs and runtime validation updated to forbid providing a
callback URL when opting out. Sign-up now retries without a callback if
a redirect URL is not whitelisted.
* **Tests**
* End-to-end tests added for sign-up without verification and for
conflicting verification settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <N2D4@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR adds support for custom `metadata` to inline products in the
payments system. The change allows developers to attach arbitrary
metadata to products created inline (without pre-configuration), which
Stack Auth will store and return with the product. This enables
applications to associate custom data such as feature flags, reference
IDs, or other application-specific attributes with products. The
implementation adds a new `productSchemaWithMetadata` schema, updates
the product type handling in the backend, and includes comprehensive e2e
tests verifying metadata is persisted and returned correctly through
purchase creation, validation, and listing endpoints.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `packages/stack-shared/src/schema-fields.ts` |
| 2 | `apps/backend/src/lib/payments.tsx` |
| 3 |
`apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts`
|
| 4 |
`apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts`
|
| 5 |
`apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts` |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Products now support custom metadata (client, client read-only, and
server) and expose these fields in inline product representations.
* Metadata is preserved and propagated through purchase creation,
validation, grants, and owned-product listings so it’s available after
purchase.
* **Tests**
* Added end-to-end tests verifying metadata is accepted, persisted, and
returned in purchase creation, validation, grant, and listing flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds support for custom metadata in inline products, updating schemas
and functions to handle metadata, with comprehensive tests verifying the
changes.
>
> - **Behavior**:
> - Adds support for custom metadata in inline products, allowing
arbitrary metadata attachment.
> - Updates `ensureProductIdOrInlineProduct()` and
`productToInlineProduct()` in `payments.tsx` to handle metadata.
> - Metadata is preserved and returned in purchase creation, validation,
and listing endpoints.
> - **Schemas**:
> - Adds `productSchemaWithMetadata` in `schema-fields.ts` to include
`clientMetadata`, `clientReadOnlyMetadata`, and `serverMetadata`.
> - Updates `inlineProductSchema` to support metadata fields.
> - **Tests**:
> - Adds e2e tests in `purchase-session.test.ts`,
`create-purchase-url.test.ts`, and `products.test.ts` to verify metadata
handling.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 1b5601c991. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
<!--
ONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR changes the default development ports for several background
services to avoid conflicts. PostgreSQL moves from port `5432` to
`8128`, Inbucket SMTP from `2500` to `8129`, Inbucket POP3 from `1100`
to `8130`, and the OpenTelemetry collector from `4318` to `8131`. All
references across configuration files, Docker Compose setups,
environment files, CI/CD workflows, test files, and documentation have
been updated to reflect these new port assignments. A knowledge base
document has been added to document the new port mappings.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
| --- | --- |
| 1 | `claude/CLAUDE-KNOWLEDGE.md` |
| 2 | `apps/dev-launchpad/public/index.html` |
| 3 | `docker/dependencies/docker.compose.yaml` |
| 4 | `docker/emulator/docker.compose.yaml` |
| 5 | `apps/backend/.env` |
| 6 | `apps/backend/.env.development` |
| 7 | `docker/server/.env.example` |
| 8 | `package.json` |
| 9 | `.devcontainer/devcontainer.json` |
| 10 | `apps/e2e/.env.development` |
| 11 | `.github/workflows/check-prisma-migrations.yaml` |
| 12 | `.github/workflows/docker-server-test.yaml` |
| 13 | `.github/workflows/e2e-api-tests.yaml` |
| 14 | `.github/workflows/e2e-source-of-truth-api-tests.yaml` |
| 15 | `.github/workflows/restart-dev-and-test.yaml` |
| 16 |
`apps/e2e/tests/backend/endpoints/api/v1/internal/email-drafts.test.ts`
|
| 17 | `apps/e2e/tests/backend/endpoints/api/v1/internal/email.test.ts`
|
| 18 | `apps/e2e/tests/backend/endpoints/api/v1/send-email.test.ts` |
| 19 |
`apps/e2e/tests/backend/endpoints/api/v1/unsubscribe-link.test.ts` |
| 20 | `apps/e2e/tests/backend/workflows.test.ts` |
| 21 | `docs/templates/others/self-host.mdx` |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> This PR introduces customizable development ports using
`NEXT_PUBLIC_STACK_PORT_PREFIX`, updating configurations, documentation,
and tests accordingly.
>
> - **Behavior**:
> - Default development ports for services are now customizable via
`NEXT_PUBLIC_STACK_PORT_PREFIX`.
> - PostgreSQL port changed from `5432` to
`${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}28`.
> - Inbucket SMTP port changed from `2500` to
`${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}29`.
> - Inbucket POP3 port changed from `1100` to
`${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}30`.
> - OpenTelemetry collector port changed from `4318` to
`${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}31`.
> - **Configuration**:
> - Updated `docker.compose.yaml` to use new port variables for services
like PostgreSQL, Inbucket, and OpenTelemetry.
> - Environment files in `apps/backend`, `apps/dashboard`, and
`apps/e2e` updated to use `NEXT_PUBLIC_STACK_PORT_PREFIX`.
> - `package.json` scripts updated to reflect new port configurations.
> - **Documentation**:
> - Added `CLAUDE-KNOWLEDGE.md` to document new port mappings.
> - Updated `self-host.mdx` to reflect new port configurations.
> - **Testing**:
> - Updated test files in `apps/e2e/tests` to use new port
configurations.
> - Added `helpers/ports.ts` for port-related utilities in tests.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 76ef55f58f. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enable configurable development ports via a
NEXT_PUBLIC_STACK_PORT_PREFIX, allowing parallel local environments with
custom port prefixes.
- **Bug Fixes**
- Updated local service port mappings and CI/workflow settings so
tooling and tests use the new prefixed ports consistently.
- **Documentation**
- Added docs and contributor guidance for running multiple parallel
workspaces with custom port prefixes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: N2D4 <N2D4@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR fixes payment test mode behavior by changing the default test
mode setting to `true` and refactoring the test mode bypass UI. The
bypass functionality is moved from a floating card in the purchase page
into the checkout form itself, providing a cleaner and more integrated
experience. Additionally, the database migration configuration is
updated to increase the `maxWait` timeout to handle concurrent migration
attempts more gracefully in high-contention scenarios like CI
environments.
⏱️ Estimated Review Time: 5-15 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `packages/stack-shared/src/config/schema.ts` |
| 2 | `apps/dashboard/src/app/(main)/purchase/[code]/page-client.tsx` |
| 3 | `apps/dashboard/src/components/payments/checkout.tsx` |
| 4 | `apps/backend/src/auto-migrations/index.tsx` |
</details>
<details>
<summary>⚠️ Inconsistent Changes Detected</summary>
| File Path | Warning |
|-----------|---------|
| `apps/backend/src/auto-migrations/index.tsx` | Database migration
timeout configuration changes appear unrelated to payment test mode
fixes, which is the stated purpose of this PR |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Sets payment test mode to default true, integrates test mode bypass
into checkout form, and updates migration timeout.
>
> - **Behavior**:
> - Default `testMode` set to `true` in `schema.ts`.
> - Integrates test mode bypass into `CheckoutForm` in `checkout.tsx`.
> - Removes separate bypass panel from `page-client.tsx`.
> - **Database**:
> - Increases `maxWait` timeout in `index.tsx` to handle concurrent
migration attempts.
> - **Tests**:
> - Updates tests in `backend-helpers.ts` and `validate-code.test.ts` to
reflect test mode behavior.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 6313c0bfed. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a test-mode checkout path with a “Complete test purchase” action
when test mode is active.
* **Refactor**
* Consolidated test-mode bypass into the checkout component and removed
the separate bypass UI.
* **Bug Fixes**
* Improved reliability of database migrations by extending the
transaction wait window, reducing timeout errors under load.
* **Chores**
* Payments now default to test mode enabled.
* **Tests**
* Updated tests and payload expectations to reflect test mode defaults
and behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
https://www.loom.com/share/2767f799df9d48519c737a1d082fc3f4?sid=967802e9-5bfb-438d-96cd-2f6fcbd2f69b
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR adds a "Grant Product" feature to the dashboard's customer page,
allowing administrators to manually grant products to users, teams, or
custom customers. The UI has been updated to rename "Items" to
"Customers" in the navigation, and the page now includes a dialog for
selecting a product and quantity (for stackable products) to grant.
Additionally, the backend payment logic has been enhanced to properly
set `currentPeriodEnd` and `cancelAtPeriodEnd` when canceling
conflicting subscriptions during product grants.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 |
`apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/sidebar-layout.tsx`
|
| 2 |
`apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/payments/customers/page.tsx`
|
| 3 |
`apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/payments/customers/page-client.tsx`
|
| 4 | `apps/backend/src/lib/payments.tsx` |
| 5 |
`packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts`
|
</details>
<details>
<summary>⚠️ Inconsistent Changes Detected</summary>
| File Path | Warning |
|-----------|---------|
|
`packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts`
| This appears to be a simple variable rename (cache to itemsCache) that
seems unrelated to adding grant product functionality to the dashboard |
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Adds "Grant Product" feature to dashboard, enabling admins to grant
products to customers, with new API endpoints, UI updates, and backend
logic enhancements.
>
> - **Behavior**:
> - Adds "Grant Product" feature to dashboard's customer page, allowing
admins to grant products to users, teams, or custom customers.
> - Updates UI to rename "Items" to "Customers" in navigation and adds
dialogs for product selection and quantity.
> - Enhances backend payment logic to set `currentPeriodEnd` and
`cancelAtPeriodEnd` when canceling conflicting subscriptions.
> - **API**:
> - New endpoints in `route.ts` for listing customer products and
granting products.
> - Implements `grantProductToCustomer()` in `payments.tsx` to handle
product grants.
> - **SDK**:
> - Adds `grantProduct` (server) and `listProducts` (client/server)
methods.
> - Updates `client-app-impl.ts` and `server-app-impl.ts` to support new
product functionalities.
> - **Models**:
> - Adds `CustomerProduct` and `CustomerProductsList` types in
`customers/index.ts`.
> - **Misc**:
> - Introduces `PRODUCT_ALREADY_GRANTED` error in `known-errors.tsx`.
> - Updates tests in `products.test.ts` and other test files to cover
new product grant scenarios.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for f0d112f578. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Dashboard: New "Customers" page to view customers, grant products, and
manage items with dialogs and selectors for users, teams, or custom IDs.
- API/SDK: Endpoints and client/server SDK methods to list a customer’s
products (paginated) and to grant products.
- **Improvements**
- Error responses for already-owned non-stackable products are now
structured with clear codes and headers.
- Product payloads include server_only, included_items, and new
stackable support.
- **UI**
- Team search table and clickable team rows for faster navigation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
…or non stackable offer
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR improves error messaging in the payments system by addressing
two main issues: (1) providing clearer error messages when an item ID is
mistakenly used as a product ID, including distinguishing between
non-existent products, server-only products, and cases where an item
exists with that ID, and (2) preventing checkout creation for
non-stackable products that a customer already owns by adding an early
validation check. The changes update the `ProductDoesNotExist` known
error to include contextual information, introduce a new
`getCustomerPurchaseContext` helper function to check existing
purchases, and update related test snapshots to reflect the improved
error messages.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `packages/stack-shared/src/known-errors.tsx` |
| 2 | `apps/backend/src/lib/payments.tsx` |
| 3 |
`apps/backend/src/app/api/latest/payments/purchases/create-purchase-url/route.ts`
|
| 4 |
`apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts`
|
| 5 |
`apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts`
|
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Enhances payment error handling by adding context to error messages
and preventing duplicate purchases of non-stackable products.
>
> - **Behavior**:
> - Adds early validation in `create-purchase-url/route.ts` to prevent
checkout for non-stackable products already owned by the customer.
> - Updates `ensureProductIdOrInlineProduct` in `payments.tsx` to
include context in `ProductDoesNotExist` error.
> - Introduces `getCustomerPurchaseContext` in `payments.tsx` to check
existing purchases.
> - **Errors**:
> - Modifies `ProductDoesNotExist` in `known-errors.tsx` to include
`context` (null, server_only, item_exists).
> - **Tests**:
> - Updates test cases in `create-purchase-url.test.ts`,
`purchase-session.test.ts`, and `validate-code.test.ts` to reflect new
error messages and behavior.
> - Adds tests for blocking repeat purchases of non-stackable products.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 5495b9c269. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Blocks creating a purchase URL when a customer already owns a
non-stackable product, preventing duplicate checkouts.
- Bug Fixes
- Standardized error responses for missing or server-only products with
consistent codes, messages, and structured details.
- Error payloads now include details.context (null, server_only, or
item_exists) instead of access_type.
- Tests
- Added and updated tests to cover blocking repeat purchases and the new
standardized error format (including inline snapshot updates).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
https://www.loom.com/share/59ff826f88324a61bb2fefc51769f840?sid=3fe23444-c56e-46c8-a402-8df38a69403c
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR improves the payment products UI by relocating the save/cancel
buttons from the top to the bottom of the product card and replacing the
generic `EditableInput` component with a custom `ProductEditableInput`
component that better handles the specific styling and interaction
patterns needed for product fields. The changes include better visual
feedback during editing and improved layout alignment for the price
input field.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 |
`apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/payments/products/page-client-catalogs-view.tsx`
|
</details>
[](https://discord.gg/n3SsVDAW6U)
[
<!-- RECURSEML_SUMMARY:END -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* New Features
- Unified editable product input with read-only and inline editing
modes, placeholder support, and explicit Cancel/Save actions.
* Style
- Improved price-editing layout: aligned currency symbol, spacing, and
input visuals for clearer monetary entry.
- Polished input appearance for consistent look and feel across product
views.
* Refactor
- Replaced scattered editable fields with a single reusable input
component across product editing screens for consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Move save/cancel buttons to bottom and replace `EditableInput` with
`ProductEditableInput` for improved UI in
`page-client-catalogs-view.tsx`.
>
> - **UI Changes**:
> - Move save/cancel buttons to the bottom of the product card in
`ProductCard`.
> - Replace `EditableInput` with `ProductEditableInput` for better
styling and interaction in `ProductCard`.
> - **Component Changes**:
> - Add `ProductEditableInput` component to handle product-specific
input styling and behavior.
> - Update `ProductPriceRow` to improve price input layout and visuals.
> - **Misc**:
> - Remove unused import of `EditableInput`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for c09cb54306. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
<!-- ELLIPSIS_HIDDEN -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR implements a comprehensive renaming of "offer" to "product" and
"offer group" to "product catalog" throughout the codebase. The changes
include database migrations, schema updates, API compatibility layers,
function renames, and updates to client and server implementations.
Backwards compatibility is maintained through migration layers that
handle requests using the old terminology, translating them to the new
terminology before processing. The PR includes documentation of this
approach in CLAUDE-KNOWLEDGE.md. This rename affects multiple parts of
the system including the database schema, API endpoints, error types,
and SDK interfaces.
⏱️ Estimated Review Time: 1-3 hours
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 |
`apps/backend/prisma/migrations/20250923191615_rename_offers_to_products/migration.sql`
|
| 2 |
`apps/backend/src/app/api/migrations/v2beta1/payments/purchases/offers-compat.ts`
|
| 3 |
`apps/backend/src/app/api/migrations/v2beta1/payments/purchases/create-purchase-url/route.ts`
|
| 4 |
`apps/backend/src/app/api/migrations/v2beta1/payments/purchases/validate-code/route.ts`
|
| 5 | `apps/backend/src/lib/payments.tsx` |
| 6 | `.claude/CLAUDE-KNOWLEDGE.md` |
| 7 | `packages/stack-shared/src/schema-fields.ts` |
| 8 | `packages/stack-shared/src/known-errors.tsx` |
| 9 | `packages/stack-shared/src/config/schema.ts` |
| 10 | `packages/template/src/lib/stack-app/customers/index.ts` |
| 11 |
`packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts`
|
| 12 |
`packages/template/src/lib/stack-app/apps/implementations/server-app-impl.ts`
|
</details>
[](https://discord.gg/n3SsVDAW6U)
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Renames 'offer' to 'product' and 'offer group' to 'product catalog'
across the codebase, updating database schema, API endpoints, and
application logic for consistency and backward compatibility.
>
> - **Database**:
> - Rename columns `offer` to `product` and `offerId` to `productId` in
`OneTimePurchase` and `Subscription` tables in `migration.sql`.
> - **API & Migrations**:
> - Update API endpoints to accept `product_id`/`product_inline` instead
of `offer_id`/`offer_inline`.
> - Add `v2beta5` compatibility layer to map legacy `offer` fields to
`product` equivalents.
> - **Shared Schemas**:
> - Rename `offerSchema` to `productSchema` and related schemas in
`schema-fields.ts`.
> - **Server Implementation**:
> - Update `createCheckoutUrl` method in `server-app-impl.ts` to use
`productId`/`InlineProduct`.
> - **Tests**:
> - Update tests to reflect renaming in `backend-helpers.ts` and other
test files.
> - **Miscellaneous**:
> - Remove dummy data related to offers in `dummy-data.tsx`.
> - Update documentation and comments to reflect terminology changes.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for e3227bcbd2. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Backwards-compatibility: legacy offer_id/offer_inline requests are
accepted, normalized, and routed to product-based handlers.
* **Refactor**
* Global rename from Offer/Group → Product/Catalog across UI, APIs,
types, client/server interfaces, and error codes.
* **Bug Fixes**
* Responses, webhooks and UI consistently surface product_display_name
and product-related metadata.
* **Documentation**
* Migration notes and docs updated to explain compatibility and
parameter changes.
* **Tests**
* Unit and E2E suites updated to cover product/catalog flows.
* **Chores**
* Database schema migration, seed and config updates applied.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Renames offers→products and groups→catalogs end-to-end (DB, APIs,
schemas, UI, SDK, docs), adding v2beta5 compatibility to accept legacy
offer fields while updating all internals.
>
> - **Backend/DB**:
> - Prisma migration: rename `offer`/`offerId`→`product`/`productId` in
`OneTimePurchase` and `Subscription`.
> - Update Stripe webhook, purchase-session, and internal test-mode
flows to use `product*` metadata/fields.
> - **API & Migrations**:
> - Latest endpoints now accept `product_id`/`product_inline`.
> - Add `v2beta5` compat layer mapping legacy `offer_id`/`offer_inline`
to product equivalents; responses alias conflicting products.
> - **Shared Schemas/Errors/Config**:
> - `offerSchema`→`productSchema`,
`inlineOfferSchema`→`inlineProductSchema`, prices/types renamed.
> - KnownErrors renamed (e.g., `PRODUCT_DOES_NOT_EXIST`).
> - Config: `groups`→`catalogs`, defaults/migrations updated; improved
override validation messages; ID regex loosened; formatter tweaks; add
schema fuzzer tests.
> - **Payments Lib**:
> - Rename APIs and logic (`offers`→`products`, `groupId`→`catalogId`),
subscription and item-quantity computation updated.
> - **Dashboard/UI**:
> - Routes, dialogs, editors, tables, and code samples switched to
products/catalogs; removed offers dummy data.
> - **SDK/Template**:
> - Client/server `createCheckoutUrl` now uses
`productId`/`InlineProduct`.
> - **Tests/Docs/Utilities**:
> - E2E and unit tests updated; add legacy (pre-rename) tests.
> - Docs and knowledge base revised; minor script tweaks (recent-first,
limits).
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
e6e20ecd72. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: BilalG1 <bg2002@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add Convex integration with new auth helpers, update access token
handling, and include documentation, examples, and tests for the new
features.
>
> - **Features**:
> - Add Convex integration with new auth helpers for Convex clients and
HTTP in `client-app-impl.ts` and `server-app-impl.ts`.
> - Support for Convex context in user APIs and partial user retrieval.
> - Access tokens now include `is_anonymous` for better anonymous
handling in `tokens.tsx`.
> - **Documentation**:
> - Add Convex integration guide in `docs/templates/others/convex.mdx`.
> - Update docs navigation in `docs/docs-platform.yml` and
`docs/templates/meta.json`.
> - **Examples**:
> - Add Convex + Next.js example app in `examples/convex` with auth
wiring, functions, schema, and UI.
> - **Tests**:
> - Add E2E tests for Convex auth flows in `convex.test.ts`.
> - Update JWT payload checks in `backend-helpers.ts` and
`anonymous-comprehensive.test.ts`.
> - **Chores**:
> - Add Convex dependencies in `package.json` files.
> - Update CI steps for example environments in `e2e-api-tests.yaml` and
`e2e-source-of-truth-api-tests.yaml`.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for aa0983a8b7. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Convex integration: auth helpers for Convex clients/HTTP, Convex-aware
user APIs, and partial-user retrieval (token/convex).
- Access tokens now surface is_anonymous for clearer anonymous handling.
- **Documentation**
- Added Convex integration guide and nav entries.
- **Examples**
- New Convex + Next.js example app with auth wiring, backend functions,
schema, and UI.
- **Tests**
- Added E2E tests covering Convex auth flows and JWT payload checks.
- **Chores**
- Added Convex deps, CI env steps, and workspace/test config updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- RECURSEML_SUMMARY:START -->
## High-level PR Summary
This PR adds a new `priceId` field to the `OneTimePurchase` and
`Subscription` models in the database to store Stripe price identifiers.
The change includes database schema updates, corresponding migration
files, and modifications to payment processing logic to properly track
and store price IDs throughout the purchase flow. The implementation
consistently propagates the price ID from Stripe's API responses through
various payment processing endpoints and webhooks handlers, ensuring the
data is properly stored and synced with the database models.
⏱️ Estimated Review Time: 15-30 minutes
<details>
<summary>💡 Review Order Suggestion</summary>
| Order | File Path |
|-------|-----------|
| 1 | `apps/backend/prisma/schema.prisma` |
| 2 |
`apps/backend/prisma/migrations/20250917193043_store_price_id/migration.sql`
|
| 3 | `apps/backend/src/lib/stripe.tsx` |
| 4 |
`apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx`
|
| 5 |
`apps/backend/src/app/api/latest/internal/payments/test-mode-purchase-session/route.tsx`
|
| 6 |
`apps/backend/src/app/api/latest/integrations/stripe/webhooks/route.tsx`
|
| 7 | `apps/e2e/tests/backend/endpoints/api/v1/stripe-webhooks.test.ts`
|
</details>
<!-- RECURSEML_SUMMARY:END -->
<!-- ELLIPSIS_HIDDEN -->
----
> [!IMPORTANT]
> Add `priceId` field to track Stripe price identifiers in purchase and
subscription models, updating schema, payment logic, and tests.
>
> - **Database Changes**:
> - Add `priceId` field to `OneTimePurchase` and `Subscription` models
in `schema.prisma`.
> - Update database schema with migration
`20250917193043_store_price_id/migration.sql`.
> - **Payment Processing**:
> - Update `processStripeWebhookEvent()` in `webhooks/route.tsx` to
handle `priceId`.
> - Modify `POST` handlers in `purchase-session/route.tsx` and
`test-mode-purchase-session/route.tsx` to include `priceId` in metadata.
> - Update `syncStripeSubscriptions()` in `stripe.tsx` to sync
`priceId`.
> - **Testing**:
> - Add tests in `stripe-webhooks.test.ts` to validate `priceId`
handling in webhook and purchase flows.
>
> <sup>This description was created by </sup>[<img alt="Ellipsis"
src="https://img.shields.io/badge/Ellipsis-blue?color=175173">](https://www.ellipsis.dev?ref=stack-auth%2Fstack-auth&utm_source=github&utm_medium=referral)<sup>
for 4950494d62. You can
[customize](https://app.ellipsis.dev/stack-auth/settings/summaries) this
summary. It will automatically update as commits are pushed.</sup>
----
<!-- ELLIPSIS_HIDDEN -->
<!-- RECURSEML_ANALYSIS:START -->
## Review by RecurseML
_🔍 Review performed on
[e48ffa6..4950494](e48ffa67ee...4950494d62)_
| Severity | Location | Issue
| Delete |
|:----------:|----------|-------|:--------:|
|  |
[apps/e2e/tests/backend/endpoints/api/v1/stripe-webhooks.test.ts:153](https://github.com/stack-auth/stack-auth/pull/900#discussion_r2356623574)
| The field `priceId` uses camelCase instead of the required snake_case
for API parameters |
[
|
|  |
[apps/e2e/tests/backend/endpoints/api/v1/stripe-webhooks.test.ts:245](https://github.com/stack-auth/stack-auth/pull/900#discussion_r2356623664)
| The field `priceId` uses camelCase instead of the required snake_case
for API parameters |
[
|
|  |
[apps/e2e/tests/backend/endpoints/api/v1/stripe-webhooks.test.ts:358](https://github.com/stack-auth/stack-auth/pull/900#discussion_r2356623721)
| The field `priceId` uses camelCase instead of the required snake_case
for API parameters |
[
|
<details>
<summary>✅ Files analyzed, no issues (4)</summary>
• `apps/backend/src/lib/stripe.tsx`
•
`apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx`
•
`apps/backend/src/app/api/latest/integrations/stripe/webhooks/route.tsx`
•
`apps/backend/src/app/api/latest/internal/payments/test-mode-purchase-session/route.tsx`
</details>
<details>
<summary>⏭️ Files skipped (trigger manually) (2)</summary>
| Locations | Trigger Analysis |
|-----------|:------------------:|
`apps/backend/prisma/migrations/20250917193043_store_price_id/migration.sql`
|
[
`apps/backend/prisma/schema.prisma` |
[
</details>
[](https://discord.gg/n3SsVDAW6U)
<!-- RECURSEML_ANALYSIS:END -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Persist the selected price ID with one-time purchases and
subscriptions.
- Carry the price ID through payment flows and Stripe metadata for
better tracking and reporting.
- Test mode purchases now also record the price ID.
- Chores
- Database migration adds a price ID field to purchase and subscription
records.
- Tests
- Updated end-to-end tests to validate price ID handling in webhook and
purchase flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
