This PR implements unified AI endpoint and custom dashboards.
**Unified AI Endpoint**
We now use a single endpoint throughout the codebase that makes the call
to openrouter. Specifically, email drafts, email templates, email
themes, wysiwyg, cmd centre ai search and docs ai, all use this unified
ai endpoint. All the tools are defined in the backend, all the prompts
exist in the backend.
How to review this PR for unified ai endpoint:
This PR will be easier to review if we look at the different folders
that were affected.
under packages - We added streaming functionality, and made renaming
changes
under docs - there are three files that have changed
package.json - we updated the package (we were previously using a very
old version of the package)
route.ts - we changed the call from a direct call to openrouter to the
unified ai endpoint
ai-chat.tsx - because of updating the package, we had to make changes to
adapt to the latest versions of the package
under backend
route.ts - the main unified ai endpoint. this endpoint uses various
support files
forward.ts - this is the forward to production functionality
models.ts - consists of the models, and the rules for selecting those
models
prompts.ts - consists of the base prompt + specific system prompts
depending upon the usage
schema.ts
every single file under ai/tools folder - which as the name suggests,
consists of the implementations of the different tools that can be
provided to the llm
route-handlers - added support for streaming to SmartRoute and response
under dashboard
ai-search/route.ts - refactored the file to use unified ai endpoint
chat-adapters.ts - refactored the file to use unified ai endpoint and
created extra checks for the ai generated code
**Custom Dashboards**
We let the user write their query in english. We then use AI to create
dashboards that are interactive, live and savable. This PR includes a
new package called dashboard-ui-components. This package has components
that are used in the dashboard and more importantly, these components
are being imported from esm in the ai generated code for custom
dashboards. We also change the bar at the top for the products pages.
How to review this PR:
Review the new package (package/dashboard-ui-components), the setup and
the files inside it.
Review the schema changes in stack-shared/src
Review the changes in dashboard. The following changes have been made
Updated the design-components folder since we moved the dashboard
components to the new package
Updated imports for these components accordingly
Updated the title bar of the product pages
Created the files for custom dashboards under the dashboards folder and
components under commands/create-dashboard
Created a script under dashboard/scripts that generates the file with
type definitions that would go to the llm
Review the backend
Started using unified ai endpoint
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added custom dashboards feature allowing users to create and manage
personalized dashboards with AI assistance.
* Integrated AI-assisted dashboard code generation with visual preview
and editing capabilities.
* Introduced new AI query endpoints supporting stream and generate modes
with configurable model quality/speed settings.
* **Improvements**
* Reorganized UI components into a dedicated component library package
for better code reuse.
* Enhanced chat architecture with improved message handling and tool
integration.
* Updated AI provider integration with improved configuration
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
Co-authored-by: Bilal Godil <bg2002@gmail.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated installation and setup instructions across all documentation,
README files, and getting started guides to use the new Stack CLI
command format for project initialization. Users will now see the
updated command throughout documentation and framework-specific setup
guides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
[Open this suggestion in Promptless to view citations and reasoning
process](https://app.gopromptless.ai/change-history/e6033b34-4005-4a9e-9d21-d809e2d57896)
Adds documentation for the two new built-in email templates:
`payment_receipt` (sent when payments succeed) and `payment_failed`
(sent when payments fail). Updates the Emails guide to list these new
templates alongside existing authentication templates, and adds a
"Payment Emails" section to the Payments guide explaining that these
notifications are sent automatically for both one-time purchases and
subscription renewals.
### Trigger Events
<details>
<summary><a
href="https://github.com/stack-auth/stack-auth/pull/1106">stack-auth/stack-auth
PR #1106: payment email templates</a></summary>
<br>
**Promptless Research** (1 GitHub PR)
- [Reviewed
stack-auth/stack-auth#1106](https://github.com/stack-auth/stack-auth/pull/1106)
**Agent Response**
> I've completed the documentation updates for PR #1106. Here's a
summary of the changes:
>
> ## Documentation Suggestion Created
>
> **Title:** Document payment email templates
>
> **Changes made:**
>
> 1. **Emails guide** (`docs/content/docs/(guides)/apps/emails.mdx`):
> - Added `payment_receipt` and `payment_failed` to the "Built-in Email
Templates" section, keeping them consistent with the existing format for
other templates
>
> 2. **Payments guide**
(`docs/content/docs/(guides)/apps/payments.mdx`):
> - Added a new "Payment Emails" subsection under Dashboard Management
explaining that Stack Auth automatically sends email notifications when
payments are processed
> - Documents both templates with their key details (receipt link,
failure reason, etc.)
> - Notes that these apply to both one-time purchases and subscription
renewals
> - Includes a pointer to where templates can be customized
>
> The suggestion is ready for review at:
https://app.gopromptless.ai/change-history/e6033b34-4005-4a9e-9d21-d809e2d57896
</details>
---
**Help us improve Promptless** — If this suggestion missed the mark,
please [share quick
feedback](https://app.gopromptless.ai/change-history/e6033b34-4005-4a9e-9d21-d809e2d57896?openFeedback=1).
*If you want Promptless to make further changes on this PR, feel free to
leave a comment tagging Promptless (It won't show up in the user drop
down but Promptless will get it!)*
Co-authored-by: promptless[bot] <179508745+promptless[bot]@users.noreply.github.com>
Co-authored-by: Madison <madison.w.kennedy@gmail.com>
[Open this suggestion in Promptless to view citations and reasoning
process](https://app.gopromptless.ai/change-history/ea7c7471-778d-42ea-9845-fa380f013560)
Documents the new `is_restricted` and `restricted_reason` JWT claims
introduced for the onboarding/restricted users feature. Updates the JWT
documentation to explain these fields in the claims section, adds them
to the example payload, documents the restricted user token structure,
and adds the `include_restricted` JWKS parameter for manual token
verification.
### Trigger Events
<details>
<summary><a
href="e400985754...de0f937f46">stack-auth/stack-auth
commit (dev): de0f937 [CHANGELOG] - 2026.01.21</a></summary>
<br>
**Promptless Research** (1 webpage, 1 GitHub PR)
- [Read webpage from
github.com](e400985754...de0f937f46)
- [Reviewed
stack-auth/stack-auth#1069](https://github.com/stack-auth/stack-auth/pull/1069)
**Agent Response**
> I've completed my analysis of the changelog entry and created the
necessary documentation update.
>
> ## Summary
>
> After reviewing the changelog entry for **2026.01.21**, I identified:
>
> ### Already Covered by Existing Suggestions
> The payment-related items were already documented by existing
suggestions:
> - **Payments Settings page** → covered by the "Document payment
settings" suggestion
> - **Subscription renewal emails** → covered by the "Document payment
email templates" suggestion
> - **Invoice visibility** → covered by the "Document invoice listing
feature" suggestion
>
> ### New Documentation Created
> I created a new suggestion to address the remaining item: **"Updated
JWT documentation to include `isRestricted` and `restrictedReason`"**
>
> The suggestion updates the JWT Tokens documentation with:
> - **New claims documentation**: Added `is_restricted` (boolean) and
`restricted_reason` (nullable object with `type` field) to the Stack
Auth Specific Claims section
> - **Updated example payload**: Added the new fields to the example JWT
payload
> - **Restricted user tokens**: Documented how restricted user tokens
differ (`:restricted` audience suffix)
> - **JWKS parameter**: Added documentation for the
`include_restricted=true` parameter in the Manual JWT Verification
section
>
> These fields were introduced in PR #1069 "Onboarding app & restricted
users" to support the new onboarding flow where users who haven't
completed requirements (like email verification) are marked as
"restricted."
</details>
---
**Help us improve Promptless** — If this suggestion missed the mark,
please [share quick
feedback](https://app.gopromptless.ai/change-history/ea7c7471-778d-42ea-9845-fa380f013560?openFeedback=1).
*If you want Promptless to make further changes on this PR, feel free to
leave a comment tagging Promptless (It won't show up in the user drop
down but Promptless will get it!)*
---------
Co-authored-by: promptless[bot] <179508745+promptless[bot]@users.noreply.github.com>
Co-authored-by: Madison <madison.w.kennedy@gmail.com>
[Open this suggestion in Promptless to view citations and reasoning
process](https://app.gopromptless.ai/suggestions/9355c2e9-3f8e-4b9e-8857-92e937f4b7df)
Adds the required `lastModified` field to the sign-up-rules.mdx
frontmatter. Per client documentation requirements, all new MDX
documents must include a `lastModified` field in the frontmatter with
the current date.
### Trigger Events
<details>
<summary><a
href="e9886bc45a...4af15344eb">stack-auth/stack-auth
commit (dev): 4af1534 docs: Document Sign-up Rules feature
(#1183)</a></summary>
<br>
**Promptless Research** (1 GitHub PR)
- [Reviewed
stack-auth/stack-auth#1183](https://github.com/stack-auth/stack-auth/pull/1183)
**Agent Response**
> I've completed my analysis of this commit and created a suggestion to
fix an issue I found.
>
> ## Summary
>
> **Trigger:** Commit `4af1534` merged PR #1183 which documented the
Sign-up Rules feature.
>
> **What I found:** The new `sign-up-rules.mdx` file was missing the
required `lastModified` field in its frontmatter. Per documentation
requirements, all new MDX documents must include this field with the
current date.
>
> **Fix created:** I created a
[suggestion](https://app.gopromptless.ai/suggestions/9355c2e9-3f8e-4b9e-8857-92e937f4b7df)
that adds the missing `lastModified: "2026-02-24"` field to the
sign-up-rules.mdx frontmatter.
>
> The underlying Sign-up Rules documentation content itself is
comprehensive and well-written, covering rule creation, conditions,
actions, priority/default settings, common use cases, analytics, and the
rule testing feature.
</details>
---
_Tip: Set up a GitHub Issues trigger in
[Projects](https://app.gopromptless.ai/projects) to enable @Promptless
mentions in issues 🐙_
Co-authored-by: promptless[bot] <179508745+promptless[bot]@users.noreply.github.com>
Co-authored-by: Madison <madison.w.kennedy@gmail.com>
[Open this suggestion in Promptless to view citations and reasoning
process](https://app.gopromptless.ai/change-history/f3f4cc12-c710-4d2d-96cd-e5443c52c8f1)
Updates the Email Configuration documentation to mention that port 2465
is now supported alongside port 465 for implicit TLS (SMTPS)
connections. Also clarifies the terminology: 587 uses STARTTLS while
465/2465 use implicit TLS from byte 1.
### Trigger Events
<details>
<summary><a
href="02c67ef532...2288c9c65c">stack-auth/stack-auth
commit (dev): 2288c9c Port 2465 should have implicit TLS from byte
1</a></summary>
<br>
**Promptless Research** (1 webpage)
- [Read webpage from
github.com](02c67ef532...2288c9c65c)
**Agent Response**
> I've completed my analysis and created a documentation suggestion for
this commit.
>
> ## Summary
>
> The commit `2288c9c` adds port 2465 as a supported implicit TLS
(SMTPS) port alongside the existing port 465. This is a small but
meaningful fix for users who use non-standard SMTP ports.
>
> ## Documentation Change
>
> I created a suggestion that updates the **Email Configuration**
section in the Emails guide:
>
> **Before:**
> > Port: SMTP port (typically 587 for TLS or 465 for SSL)
>
> **After:**
> > Port: SMTP port (typically 587 for STARTTLS, or 465/2465 for
implicit TLS)
>
> This change:
> 1. Documents the newly supported port 2465 for implicit TLS
connections
> 2. Clarifies the terminology (STARTTLS vs implicit TLS) to be more
technically precise
>
> The suggestion is available for review at:
https://app.gopromptless.ai/change-history/f3f4cc12-c710-4d2d-96cd-e5443c52c8f1
</details>
---
_Tip: Add or adjust Promptless's style guide in [Agent Knowledge
Base](https://app.gopromptless.ai/configure/settings) ✍️_
Co-authored-by: promptless[bot] <179508745+promptless[bot]@users.noreply.github.com>
Co-authored-by: Madison <madison.w.kennedy@gmail.com>
[Open this suggestion in Promptless to view citations and reasoning
process](https://app.gopromptless.ai/change-history/ec26b3ff-78d8-4ae0-818b-2ad8b29f9f85)
Adds documentation for the new partial refund feature in the Payments
dashboard. Documents that USD transactions support both full and partial
refunds (specifying an amount up to the original charge), while non-USD
transactions only support full refunds. Also clarifies refund
eligibility requirements (non-test mode purchases with associated
prices).
### Trigger Events
<details>
<summary><a
href="https://github.com/stack-auth/stack-auth/pull/1123">stack-auth/stack-auth
PR #1123: Partial refunds frontend</a></summary>
<br>
**Promptless Research** (1 GitHub PR)
- [Reviewed
stack-auth/stack-auth#1123](https://github.com/stack-auth/stack-auth/pull/1123)
**Agent Response**
> I've completed the documentation update for this PR.
>
> ## Summary
>
> I reviewed PR #1123 which adds partial refund functionality to the
payments system, allowing admins to specify custom USD refund amounts
instead of being limited to full refunds.
>
> ### Documentation Update Created
>
> I updated the **Payments** guide
(`docs/content/docs/(guides)/apps/payments.mdx`) to document this new
feature:
>
> - Added a new **"Issuing Refunds"** subsection under the Transactions
section
> - Documented that USD transactions support both full and partial
refunds (specifying an amount up to the original charge)
> - Noted that non-USD transactions only support full refunds
> - Clarified refund eligibility requirements (non-test mode purchases
with associated prices)
>
> **Suggestion URL**:
https://app.gopromptless.ai/change-history/ec26b3ff-78d8-4ae0-818b-2ad8b29f9f85
</details>
This PR ties with #1123
---
**Help us improve Promptless** — If this suggestion missed the mark,
please [share quick
feedback](https://app.gopromptless.ai/change-history/ec26b3ff-78d8-4ae0-818b-2ad8b29f9f85?openFeedback=1).
*If you want Promptless to make further changes on this PR, feel free to
leave a comment tagging Promptless (It won't show up in the user drop
down but Promptless will get it!)*
Co-authored-by: promptless[bot] <179508745+promptless[bot]@users.noreply.github.com>
Co-authored-by: Madison <madison.w.kennedy@gmail.com>
[Open this suggestion in Promptless to view citations and reasoning
process](https://app.gopromptless.ai/change-history/09aa88eb-2871-4b0b-9014-bf08503ee645)
Adds new documentation for the Sign-up Rules feature that allows admins
to control who can sign up for their application. Documents how to
create rules in the dashboard, the available context variables (email,
emailDomain, authMethod, oauthProvider), the available actions (allow,
reject, restrict, log), rule priority ordering, default action settings,
common use cases like blocking disposable emails or restricting to
corporate domains, and how to use the built-in rule tester to simulate
sign-up requests before deploying rules. Placed under the Concepts
section.
### Trigger Events
<details>
<summary><a
href="13cd1f0f2b...7a35751f8e">stack-auth/stack-auth
commit (dev): 7a35751 Sign up rules (#1138)</a></summary>
<br>
**Promptless Research** (1 GitHub PR)
- [Reviewed
stack-auth/stack-auth#1138](https://github.com/stack-auth/stack-auth/pull/1138)
**Agent Response**
> I've completed the documentation for the Sign-up Rules feature
introduced in PR #1138.
>
> ## Summary
>
> Created a new documentation page for **Sign-up Rules** that covers:
>
> - **Overview**: How rules let admins control who can sign up using
conditions and actions
> - **Creating Rules**: Step-by-step instructions for the dashboard UI
> - **Available Conditions**: Documented all context variables (`email`,
`emailDomain`, `authMethod`, `oauthProvider`) and supported operations
(`contains`, `startsWith`, `endsWith`, `matches`, `==`, `!=`)
> - **Actions**: Explained all four action types:
> - **Allow** - Let users sign up normally
> - **Reject** - Block sign-up with optional internal logging message
> - **Restrict** - Allow sign-up but mark user for admin review (links
to JWT docs for restricted user tokens)
> - **Log** - Track patterns without affecting sign-up
> - **Priority & Default Action**: How rule ordering works and when to
use reject-by-default
> - **Common Use Cases**: Practical examples like blocking disposable
emails, corporate-only domains, and different rules per auth method
> - **Analytics**: Brief mention of the dashboard analytics showing rule
triggers
>
> The new page has been added to the navigation under the "Apps"
section, positioned near other authentication-related documentation.
</details>
<details>
<summary><a
href="457ff2bdbe...6fcf1a888f">stack-auth/stack-auth
commit (dev): 6fcf1a8 Test sign-up rules widget</a></summary>
<br>
**Promptless Research** (1 webpage)
- [Read webpage from
github.com](457ff2bdbe...6fcf1a888f)
**Agent Response**
> I've completed the documentation update for this commit. Here's a
summary:
>
> ## Summary
>
> I updated the existing [Sign-up Rules documentation
suggestion](https://app.gopromptless.ai/change-history/09aa88eb-2871-4b0b-9014-bf08503ee645)
to document the new **Test Rules widget** introduced in commit 6fcf1a8.
>
> ### Changes Made
>
> Added a new **"Testing rules"** section to the sign-up rules
documentation that covers:
>
> - **How to access the tester**: Navigate to the Sign-up Rules page and
click "Open tester"
> - **Test inputs**: Email address, authentication method (Password,
OTP, OAuth, Passkey), and OAuth provider
> - **Understanding results**:
> - **Outcome** - Whether the sign-up would be allowed or rejected, and
why
> - **Triggered rules** - All rules that matched, with their conditions
and actions
> - **Evaluation trace** - Detailed view of how every rule was evaluated
> - **Normalized context** - How the input was parsed (useful for
debugging conditions)
>
> This addition complements the existing sign-up rules documentation and
helps users test their rule configurations before deploying them to
production.
</details>
---
_Tip: Planning a big docs refactor? Use [Deep
Analysis](https://app.gopromptless.ai/deep-analysis) to get help with
the heavy lifting 🔍_
---------
Co-authored-by: promptless[bot] <179508745+promptless[bot]@users.noreply.github.com>
Co-authored-by: Madison <madison.w.kennedy@gmail.com>
https://www.loom.com/share/3b7c9288149e4f878693281778c9d7e0
## Todos (future PRs)
- Fix pre-login recording
- Better session search (filters, cmd-k, etc)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Analytics → Replays: session recording & multi-tab replay with
timeline, speed, seek, and playback settings; dashboard UI for listing
and viewing replays.
* **Admin APIs**
* Admin endpoints to list recordings, list chunks, fetch chunk events,
and retrieve all events (paginated).
* **Client**
* Client-side rrweb recording with batching, deduplication, upload API
and a send-batch client method.
* **Configuration**
* New STACK_S3_PRIVATE_BUCKET for private session storage.
* **Tests**
* Extensive unit and end-to-end tests for replay logic, streams,
playback, and APIs.
* **Chores**
* Removed an E2E API test GitHub Actions workflow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Switched AI provider for improved streaming and model selection.
* Updated chat UI: smoother near-bottom scrolling, refined layout, and
visual enhancements.
* **Documentation**
* Removed legacy Stack Auth setup guide from docs.
* **Chores**
* Updated docs dependencies and environment configuration; added new API
key variable and removed an old global key.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* API error responses now include richer metadata (URL, HTTP method, and
inferred error type).
* Error panels show an error type badge (when known) and request
duration for failed calls.
* POST/PUT/PATCH requests consistently send JSON bodies and include
Content-Type headers, even when empty.
* Code examples (curl/JS/Python) updated to reflect consistent body and
header handling.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
[Open this suggestion in Promptless to view citations and reasoning
process](https://app.gopromptless.ai/change-history/2b709902-b62c-491c-ad6d-966069ad5ea7)
Adds documentation for configuring Apple Bundle IDs in the Stack Auth
dashboard, which is required for native iOS/macOS apps using Apple Sign
In. The new "Native App Configuration" section explains that Bundle IDs
are needed in addition to the existing web OAuth setup when using the
Swift SDK's native `ASAuthorizationController` flow, and provides
step-by-step instructions for adding Bundle IDs in the Apple
authentication method modal.
### Trigger Events
<details>
<summary><a
href="2a6b17339a...c8694c7ff5">stack-auth/stack-auth
commit (dev): c8694c7 [Fix] [Feat] Update OAuth Sign-In and Get Token
Functions to Work (#1130)</a></summary>
<br>
**Promptless Research** (1 GitHub PR)
- [Reviewed
stack-auth/stack-auth#1130](https://github.com/stack-auth/stack-auth/pull/1130)
**Agent Response**
> I've completed my analysis of PR #1130 and created a documentation
suggestion.
>
> ## Summary
>
> **PR #1130** adds Apple Native Sign In for iOS/macOS apps, which
requires users to configure Bundle IDs in the Stack Auth dashboard (in
addition to the existing web OAuth setup with Service IDs).
>
> ### What I found:
> - An existing suggestion already documents the Swift SDK and its OAuth
flows
> - However, the **Apple authentication provider page** didn't mention
Bundle IDs configuration for native apps
>
> ### Documentation created:
>
> **New suggestion: "Document Apple Bundle IDs for native iOS/macOS app
sign-in"**
>
> I added a new "Native App Configuration (iOS/macOS)" section to the
Apple authentication page that:
> - Explains that native iOS/macOS apps using the Swift SDK require
Bundle ID configuration
> - Clarifies that this is in addition to the web OAuth setup (not a
replacement)
> - Provides step-by-step instructions for adding Bundle IDs in the
Stack Auth dashboard
> - Notes that Bundle IDs are only required for native apps, not web
applications
>
> This complements the existing Swift SDK documentation suggestion by
covering the Apple-specific dashboard configuration that native app
developers need to complete.
</details>
---
**Help us improve Promptless** — If this suggestion missed the mark,
please [share quick
feedback](https://app.gopromptless.ai/change-history/2b709902-b62c-491c-ad6d-966069ad5ea7?openFeedback=1).
*If you want Promptless to make further changes on this PR, feel free to
leave a comment tagging Promptless (It won't show up in the user drop
down but Promptless will get it!)*
Co-authored-by: promptless[bot] <179508745+promptless[bot]@users.noreply.github.com>
Co-authored-by: Madison <madison.w.kennedy@gmail.com>
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Removed Features**
* Dashboard embed functionality has been removed from the platform.
* Python template documentation and guides have been removed.
* **Documentation**
* Documentation structure has been significantly reorganized and
simplified.
* Extensive template content and component guides have been removed.
* Apple OAuth integration guide updated with streamlined secret
generation flow.
* **Refactor**
* Button component styling and variant system updated.
* Routing configuration updated with simplified path handling.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
Updates the API Docs auth panel for a new look.
<img width="404" height="346" alt="image"
src="https://github.com/user-attachments/assets/5791a6ea-ac28-4e35-9d8c-c88a64f86386"
/>
<img width="394" height="622" alt="image"
src="https://github.com/user-attachments/assets/ca7ba243-52f0-49e4-ad21-a4acd652bfe1"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added project dropdown selector with automatic authentication setup
* Introduced manual mode for direct header configuration
* Added authentication status indicators
* **Bug Fixes**
* Unified error handling across desktop and mobile views
* **Style**
* Improved mobile interface with better spacing and safe-area
accommodations
* Refined panel layout and transition animations
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
This PR improves the documentation for GitHub authentication setup and
self-hosting.
## Changes
### GitHub OAuth/App Setup Guide
- Updated
[github.mdx](cci:7://file:///Users/madison/source/stack-auth/docs/content/docs/%28guides%29/concepts/auth-providers/github.mdx:0:0-0:0)
with clearer instructions differentiating between **GitHub OAuth App**
and **GitHub App** setup
- Added better explanations for when to use each option
### Self-Hosting Documentation
- Added prominent danger warning about self-hosting responsibilities
- Migrated inline shell commands to structured code examples using
[PlatformCodeblock](cci:1://file:///Users/madison/source/stack-auth/docs/src/components/mdx/platform-codeblock.tsx:242:0-673:1)
component
- Created
[docs/code-examples/self-host.ts](cci:7://file:///Users/madison/source/stack-auth/docs/code-examples/self-host.ts:0:0-0:0)
with all self-hosting commands
### Info Component
- Added new `danger` type for critical warnings with red accent styling
- Updated component styling with modern left accent bar and gradient
backgrounds
### PlatformCodeblock Component
- Added `hidePlatformSelector` prop to hide platform dropdown for
single-platform code examples
- Added Shell platform support for terminal commands (Docker, Git, pnpm)
- Filtered Shell platform from user-selectable options in both the
codeblock and header selectors
### Platform Config
- Added Shell platform with Docker, Git, and pnpm frameworks
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added comprehensive self-hosting and authentication customization
example collections for copy-paste use.
* New "danger" info style with visual accent for important warnings.
* **Documentation**
* GitHub integration guide now centers on GitHub App with an alternate
OAuth path retained.
* Replaced many inline snippets with platform-driven code blocks and
improved platform/framework selector behavior (single-platform
optimization; option to hide selector).
* Pages now surface "Last updated" above descriptions.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
We update the sdk dependencies (the ones present in
`package-template.json`) to the latest versions. Since several packages
have major version bumps, this results in a variety of breaking changes
that have been handled here. Incidentally, when possible, we update
similar dependencies across the codebase.
We decide to defer the tailwind update to another PR owing to its scale.
The rest of the updates and changes have been catalogued below:
1.
[Bumping](https://github.com/panva/oauth4webapi/blob/v3.x/CHANGELOG.md)
`oauth4webapi` to 3.8.3: this was a major version changed. While there
were no compatibility issues in the sdk, there were several breaking
changes in `stack-shared`. Namely:
a. The removal of `isOauth2Error`. We used this to check if the results
of our `oauth4webapi` api invocations had issues. The functions were
changed to explicitly throw either `ResponseBodyErrors` or
`AuthorizationResponseErrors`, so the code was reworked to account for
that with no loss in error handling.
b. Dropping of support for http broadly: `oauth4webapi` now only accepts
https. This is desired, but I add a carve out for our test environments
only.
c. `refreshTokenGrantRequest` and `authorizationCodeGrantRequest` now
require `clientAuthentication` to be passed explicitly to them.
d. Changes in how we handle our `MultiFactorAuthenticationRequired`
error: This is an error that we created and is passed to the
`oauth4webapi` API if there are MFA issues. Since the
`processAuthorizationCodeResponse` now explicitly throws a
`ResponseBodyError`, we access the error cause from the body of the
error instead.
2. [Bumping](https://github.com/Qix-/color/releases) `color` to 5.0.4:
this was a major version bump. Simple type checking change, I checked
the API for the correct interface.
3.
[Bumping](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md)
`simplewebauthn` to 13.2.2: two major version bumps, but no
incompatibilities surprisingly
4. [Bumping](https://github.com/jshttp/cookie/releases) `cookie` to
1.1.1: this was a major version bump.
a. Changing `parse` to `parseCookie`. In the most recent version,
`parse` is still maintained as an alias for `parseCookie` for backwards
compatibility, but I thought it would be best to change it over now. No
change in functionality.
b. Typing is now strongly enforced. A cookie can be `string |
undefined`, and the `Cookies` are now `Record<string, string |
undefined>`. We already have code to handle if a cookie is returned as
undefined/ null, so the changes here were more to ensure type
compatibility rather than big changes in functionality.
5. [Bumping ](https://github.com/isaacs/rimraf#readme)`rimraf` to 6.1.2:
No breaking changes, mostly just bug fixes.
6. [Bumping](https://github.com/panva/jose/releases?page=1) `jose` to
6.1.3: This is another major version bump. We update it across the
codebase to ensure compatibility. We use this for importing and
processing jwk tokens. There are a few big changes in the version bump,
but the only one that applies to us is that `importJwk` now yields a
`CryptoKey` instead of a `KeyObject` in Node.js. However, this doesn't
appear to break our code. We use `importJwk` in
`stack-auth/packages/stack-shared/src/utils/jwt.tsx`.
7. [Bumping](https://github.com/react-hook-form/resolvers/releases)
`hookform/resolvers` to 5.2.2 (two major version jumps), and
consequently bumping `react-hook-form` to 7.70.0: We already use the
patterns that `hookform/resolvers`' latest versions seem to be
enforcing. The only other breaking change is that it requires version
7.55.0+ of `react-hook-form`. Though we should pay attention to any
interactions with zod and `hookform/resolvers`, some people have
reported compatibility issues if they aren't using the latest compatible
versions of both.
8. [Bumping](https://github.com/jquense/yup/blob/master/CHANGELOG.md)
`yup` to 1.7.1: this was a minor version change, but we had
incompatibility issues with this change. Versions 1.4.1 and 1.7.1 cannot
exist in the same codebase due to incompatibility, so we bumped it up
across the codebase, including in peer dependencies.
9. Some minor version changes for some packages, but these were mostly
bug fixes.
10. **Edited to add**: Bumping freestyle to 0.1.6, and reworking the
freestyle mock server. In 0.1.6, freestyle changed their API in two
ways:
a. We're now supposed to hit their `execute/v2/...` endpoint and
b. They've flattened the `config` argument to `serverless.runs.create`.
These changes are minor, but are important. As part of a general suite
of dependency bumps, this was judged to fit here.
We have linked the changelogs for the packages on each line.
## Summary
- Added missing language codes to the `lang` prop type in StackProvider
documentation
- Added: `ja-JP`, `ko-KR`, `zh-CN`, `zh-TW`
## Context
The `quetzal-translations.ts` file already contains translations for
these languages, but the documentation didn't list them as supported
options for the `lang` prop.
This fixes a documentation inconsistency where users couldn't discover
that Japanese, Korean, and Chinese translations are available.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added support for Japanese, Korean, Simplified Chinese, and
Traditional Chinese language options in localization settings.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Madison <madison.w.kennedy@gmail.com>
Previously, the documentation mentioned importing `stackServerApp` from
`stack/client.ts`. This has been updated to reflect where it is actually
imported from.
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
- restricted users
- onboarding app
- waitlist app
- fixed an exception when setting primary email
- automatically update the JWT token on the client when the user object
changes
<!--
Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md
-->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* ~~Consolidated all release notes into a single root changelog as the
authoritative source for all changes~~
* ~~Updated individual package changelogs with deprecation notices
directing users to the root changelog~~
* Removes all changelog.md files from each app/package and consolidates
into root changelog.app.
* **Chores**
* ~~Updated build directory exclusions~~
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
