mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-30 21:01:54 +08:00
|
Some checks are pending
all-good: Did all the other checks pass? / all-good (push) Waiting to run
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Waiting to run
Docker Server Build and Push / Docker Build and Push Server (push) Waiting to run
Docker Server Build and Run / docker (push) Waiting to run
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Waiting to run
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Waiting to run
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Waiting to run
Runs E2E API Tests with custom port prefix / build (22.x) (push) Waiting to run
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Waiting to run
Lint & build / lint_and_build (24) (push) Waiting to run
Publish npm packages / publish (push) Waiting to run
Publish Swift SDK to prerelease repo / publish (push) Waiting to run
TOC Generator / TOC Generator (push) Waiting to run
## Summary
Replace `parseHexclaveConfigFileContent` /
`evaluateStaticConfigExpression` (Babel AST walker) with
`evalConfigFileContent` using `jiti.evalModule()`. Move
`renderConfigFileContent` from `hexclave-config-file.ts` →
`config-rendering.ts`.
Added `jiti` dep to `@hexclave/shared` (already used in shared-backend,
dashboard, backend, cli).
Link to Devin session:
https://app.devin.ai/sessions/cb098b1fb62b4dfeaf3324bc2e1377f1
Requested by: @mantrakp04
<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
Migrates trusted config evaluation to `jiti` and moves GitHub config
edits to a server‑side repo agent running in a Vercel Sandbox with an
apply → review → commit flow. Adds run tracking, safer defaults, and a
dashboard diff review with clear, user‑facing errors.
- **New Features**
- Two‑phase flow and endpoints: POST `/internal/config/github/apply`,
`.../commit`, `.../cancel`, plus GET `.../run`; each run tracked by
`run_id` in `ConfigAgentRun` (status, stage, progress, diff, base
commit, sandbox id). Run ids validated as UUIDs.
- Repo agent runs in a fresh sandboxed clone; warm‑boot via base
snapshot (`apps/backend/scripts/config-agent/build-image.ts`,
`HEXCLAVE_CONFIG_AGENT_BASE_SNAPSHOT_ID`). Captures a unified diff and
base commit, stops the sandbox at review, then rebuilds files from the
stored diff on commit. Returns `commitSha`, uses a safe conflict error,
and strips OAuth tokens from git remotes.
- Dashboard: non‑dismissible progress and diff preview using
`@pierre/diffs` with a cross‑tab run watcher; blocks conflicting edits
and supports cancel/commit review flow. Adds an RDE “apply” path with
progress UI.
- AI proxy defaults to `/api/latest/integrations/ai-proxy` (production
passthrough via `PRODUCTION_AI_PROXY_BASE_URL`); adds
`anthropic/claude-haiku-4.5`.
- **Refactors and Fixes**
- Trusted eval via `@hexclave/shared` `config-eval` using `jiti`;
browser‑safe parsing for untrusted GitHub content; rendering remains in
`config-rendering`. Clear separation of Node‑only code into
`config-eval`.
- Shared agent/updater logic moved to `@hexclave/shared-backend`;
removed deterministic fast path so all writes go through the agent to
preserve authoring. CLI and emulator updated to use `config-eval`.
- Defaults/renames: config file `hexclave.config.ts` (CLI `config pull`
defaults to this path), workflow `hexclave-config-sync.yml`; env
prefixes standardized to `HEXCLAVE_*`.
- Integrity and UX: commit advancement gated to the current linked
repo/branch; cancel clears any captured diff; elapsed timer handles late
starts and the not‑started sentinel; loader vs invalid config export
errors separated for accurate messaging.
- Onboarding and seeds: wizard now uses environment‑based OAuth provider
setup with updated tests; corrected GitHub owner in dummy project
seeding.
<sup>Written for commit
|
||
|---|---|---|
| .. | ||
| 20240306152532_initial_migration | ||
| 20240313024014_authroization_code_new_user | ||
| 20240418090527_magic_link | ||
| 20240507195652_team | ||
| 20240518151916_email_config | ||
| 20240520152704_selected_team | ||
| 20240528090210_email_templates | ||
| 20240529121811_spotify_oauth | ||
| 20240608142105_oauth_access_token | ||
| 20240610085756_outer_oauth_info | ||
| 20240618150845_system_team_permission | ||
| 20240701161229_fix_selected_team_and_added_ondelete | ||
| 20240702050143_verification_codes | ||
| 20240707043509_team_profile_image | ||
| 20240714031259_more_backend_endpoints | ||
| 20240722004703_events | ||
| 20240725161939_team_profiles | ||
| 20240726225154_facebook_config_id | ||
| 20240730175523_oauth_access_token | ||
| 20240802011240_password_reset_verification | ||
| 20240804210316_team_invitation | ||
| 20240809231417_disable_sign_up | ||
| 20240810052738_multi_factor_authentication | ||
| 20240811194548_client_team_creation | ||
| 20240812013545_project_on_delete | ||
| 20240815125620_discord_oauth | ||
| 20240820045300_client_read_only_metadata | ||
| 20240823172201_gitlab_oauth | ||
| 20240830010429_event_index | ||
| 20240901224341_connected_account | ||
| 20240904155848_add_bitbucket_oauth | ||
| 20240905201445_ms_tenant | ||
| 20240909201430_project_on_delete | ||
| 20240910211533_remove_shared_facebook | ||
| 20240912185510_password_auth_unique_key | ||
| 20240912212547_linkedin_oauth | ||
| 20240914210306_apple_oauth | ||
| 20240917182207_account_deletion | ||
| 20240919223009_x_and_slack_oauth | ||
| 20240923165906_otp_attempts | ||
| 20240929194058_remove_otp_contact_channel | ||
| 20241007162201_legacy_jwt | ||
| 20241013185548_remove_client_id_unique | ||
| 20241024234115_passkey_support | ||
| 20241026024655_user_sorting_indices | ||
| 20241116221711_geolocation_events | ||
| 20241124163535_verification_code_handler_index | ||
| 20241201043500_idp | ||
| 20241207223510_neon_project_transfers | ||
| 20241220033652_event_indices | ||
| 20241223205737_remove_empty_profile_images | ||
| 20241223225110_fill_empty_project_config_values | ||
| 20241223231022_remove_empty_team_profile_images | ||
| 20241223231023_onlyhttps_domains | ||
| 20241228033652_more_event_indices | ||
| 20250206063807_tenancies | ||
| 20250206073652_branch_event_indices | ||
| 20250207071519_tenancies_finalization | ||
| 20250214175437_create_user_indices | ||
| 20250221013242_sent_email_table | ||
| 20250225200753_add_tenancy_cascade | ||
| 20250225200857_add_another | ||
| 20250227004548_make_project_description_non_nullable | ||
| 20250303231152_add_cli_auth | ||
| 20250304004231_merge_oauth_methods | ||
| 20250304200822_add_project_user_count | ||
| 20250310172256_add_id_and_impersonation_field | ||
| 20250320223454_anonymous_users | ||
| 20250325235813_project_user_permissions | ||
| 20250327194649_api_keys | ||
| 20250401220515_permission_unique_constraint | ||
| 20250415175023_environment_config_override | ||
| 20250425171311_remove_old_config | ||
| 20250501033443_remove_unnecessary_enums | ||
| 20250520185503_rename_neon | ||
| 20250612094816_sign_in_invitation | ||
| 20250619200740_user_notification_pref | ||
| 20250623074155_source_of_truth | ||
| 20250624065420_project_config_override | ||
| 20250624070114_remove_mirroredproject_fkey | ||
| 20250710181826_tenancy_foreign_keys | ||
| 20250711232750_oauth_method | ||
| 20250712011643_thread_messages | ||
| 20250714205101_oauth_token_is_valid | ||
| 20250715181353_remove_msg_role | ||
| 20250717230045_remove_triggers | ||
| 20250718232921_drop_user_count | ||
| 20250723001607_twitch | ||
| 20250801204029_logo_url | ||
| 20250805195319_subscriptions | ||
| 20250806171211_add_team_based_project_ownership | ||
| 20250809002037_item_quantity_change | ||
| 20250815012830_email_drafts | ||
| 20250820164831_custom_customer_types | ||
| 20250820175830_grant_internal_users_team_admin | ||
| 20250821175509_test_mode_subscriptions | ||
| 20250821212828_subscription_quantity | ||
| 20250822203223_subscription_offer_id | ||
| 20250825221947_stripe_account_id | ||
| 20250830000849_data_vault | ||
| 20250831003652_session_id_event_indices | ||
| 20250903080405_workflows | ||
| 20250911230246_one_time_purchase | ||
| 20250917193043_store_price_id | ||
| 20250918005821_item_quantity_change_customer_type | ||
| 20250923191615_rename_offers_to_products | ||
| 20251008182311_api_grant_purchase_source | ||
| 20251009231948_enable_and_pin_apps | ||
| 20251010120000_drop_workflows | ||
| 20251020210214_add_cache_entry | ||
| 20251107182739_subscription_invoice | ||
| 20251107210602_one_time_payment_refunds | ||
| 20251112215249_subscription_refunds | ||
| 20251114221105_project_logos | ||
| 20251125030551_external_db_sync | ||
| 20251125030552_external_db_sync_indexes | ||
| 20251212180000_email_outbox | ||
| 20251212183000_migrate_sent_email | ||
| 20251212185000_add_no_email_provided_skip_reason | ||
| 20251230020000_email_outbox_partial_indices | ||
| 20251231000000_add_skipped_details | ||
| 20251231010000_add_manually_cancelled_skip_reason | ||
| 20251231020000_skipped_at_any_time_drop_columns | ||
| 20251231020001_skipped_at_any_time_add_columns | ||
| 20251231020002_skipped_at_any_time_update_constraint | ||
| 20251231020003_skipped_at_any_time_validate_constraint | ||
| 20251231020004_email_outbox_status_index | ||
| 20251231020005_email_outbox_simple_status_index | ||
| 20260101000000_add_last_active_at_columns | ||
| 20260101000001_backfill_user_last_active_at | ||
| 20260101000002_create_temporary_session_backfill_index | ||
| 20260101000003_backfill_session_last_active_at | ||
| 20260101000004_drop_session_backfill_index | ||
| 20260101000005_backfill_orphaned_rows | ||
| 20260101000006_set_last_active_at_not_null | ||
| 20260201000000_subscription_invoice_fields | ||
| 20260201200000_branch_config_override | ||
| 20260201210000_testmode_to_environment_config | ||
| 20260201220000_branch_config_source | ||
| 20260201230004_env_to_branch_config | ||
| 20260201240000_event_created_at_index | ||
| 20260201400000_add_restricted_by_admin_fields | ||
| 20260201400001_add_restricted_by_admin_constraint | ||
| 20260209180554_add_email_capacity_boost_expires_at_to_tenancy | ||
| 20260210000000_deferred_email_retry | ||
| 20260210000001_deferred_email_retry_validate | ||
| 20260210120000_session_recordings_mvp | ||
| 20260213000000_outgoing_request_partial_dedup_index | ||
| 20260213004424_email_outbox_is_queued_index | ||
| 20260214000000_fix_trusted_domains_config | ||
| 20260216000000_rename_tab_id_to_session_replay_segment_id | ||
| 20260216120000_project_require_publishable_client_key | ||
| 20260218194816_add_product_versions | ||
| 20260224000000_managed_email_domains | ||
| 20260226100000_add_local_emulator_project_mapping | ||
| 20260308000000_add_signup_fraud_protection | ||
| 20260308000001_backfill_signup_fraud_protection | ||
| 20260308000002_finalize_signup_fraud_protection | ||
| 20260310150000_add_oauth_authorization_code_refresh_token_id | ||
| 20260312000000_add_project_onboarding_status | ||
| 20260312000001_validate_project_onboarding_status_constraint | ||
| 20260316000000_add_team_team_member_sequence_columns | ||
| 20260316000001_add_email_outbox_sequence_columns | ||
| 20260316000002_add_session_replay_sequence_columns | ||
| 20260317000000_add_team_permission_invitation_sequence_columns | ||
| 20260317000001_add_project_permission_notification_preference_sequence_columns | ||
| 20260318000000_add_sequence_id_to_refresh_tokens_and_oauth_accounts | ||
| 20260318000001_add_sequence_indexes_concurrently | ||
| 20260323120000_add_bulldozer_data | ||
| 20260323150000_add_bulldozer_timefold_queue | ||
| 20260327000000_add_ai_conversations | ||
| 20260331000000_add_anon_refresh_token_to_cli_auth | ||
| 20260406000000_add_signup_email_normalized_recent_idx | ||
| 20260413040008_add_subscription_ended_at | ||
| 20260413043028_add_revoked_at_to_otp | ||
| 20260415000000_add_welcome_onboarding_status | ||
| 20260415000001_validate_welcome_onboarding_status | ||
| 20260415200000_add_subscription_canceled_at | ||
| 20260417000000_bulldozer_timefold_downstream_cascade | ||
| 20260420000000_add_conversations | ||
| 20260420000000_add_project_onboarding_state | ||
| 20260421000000_drop_include_by_default_snapshots | ||
| 20260507000000_add_project_user_last_active_at_idx | ||
| 20260513000000_add_project_development_environment | ||
| 20260514000000_add_subscription_product_revoked_at | ||
| 20260526060000_nullable_oauth_access_token_expires_at | ||
| 20260622000000_add_stripe_webhook_event | ||
| 20260623000000_add_branch_config_pushed_error | ||
| 20260623010000_add_plan_usage_range_indexes | ||
| 20260624000000_add_is_available_as_preview_project | ||
| 20260626000000_add_config_agent_run_table | ||
| migration_lock.toml | ||