mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-13 21:01:21 +08:00
f7e389809e
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
DB migration compat / Check if migrations changed (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Lint & build / lint_and_build (24) (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
DB migration compat / No migration changes (skipped) (push) Has been cancelled
## Summary
**Stacked on #1468** (`docs/hexclave-rename-plan` — the plan doc). Diff
vs that base = the actual PR 1 code.
This is **PR 1 of the Hexclave rebrand: the invisible compatibility
layer**. Everything is additive. Old SDKs, old wire identifiers, and old
env var names keep working unchanged. The backend dual-accepts and
dual-emits; new SDK code emits `x-hexclave-*` headers and the
`hexclave_` Bearer prefix; cookies dual-write; env vars dual-read across
every category. **No user-visible rebranding lands here** — that's PR 2.
See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 1
implementation guide"* for the full per-work-area spec, file pointers,
and chosen approach.
## What's implemented (all 14 PR-1 work-areas)
- **SDK export aliases** — `Hexclave*` aliases for the user-facing
`Stack*` exports added in `packages/template`; codegen propagates them
to `@stackframe/{js,stack,react,tanstack-start}`. React-only aliases
correctly excluded from `@stackframe/js`. (`e60550a2`)
- **JWT issuer dual-accept** — `decodeAccessToken` accepts both
`api.stack-auth.com` and `api.hexclave.com` issuers. Signing unchanged.
(`fc781def`)
- **Request-header dual-accept** — backend + dashboard proxies normalize
`x-hexclave-*` → `x-stack-*` at the existing empty proxy hook (so
`smart-request.tsx` and every route schema keep working unchanged); CORS
allowlists extended via a derive-once helper. (`2a056eac`)
- **MCP `ask_hexclave`** — registered alongside `ask_stack_auth` via a
shared helper; `ask_stack_auth` behavior byte-identical. (`30ffd604`)
- **Dev-tool** — DOM ids + header emit switched.
`window.HexclaveDevTool` exposed alongside `window.StackDevTool`.
(`32131ea7`)
- **The big consolidated commit** (`7fed864a`):
- **Env vars** — central `getEnvVariable` prefix-transform (HEXCLAVE
first, STACK fallback); dashboard + template client env files dual-read;
`turbo.json` globalEnv; `NEXT_PUBLIC_STACK_PORT_PREFIX` renamed outright
across ~82 files including docker.
- **Cookies** — dual-write/dual-read auth (`stack-access`/`-refresh-*`
and custom-domain variants), OAuth-state
(`stack-oauth-{inner,outer}-*`), and low-risk cookies (`stack-is-https`,
`stack-last-seen-changelog-version`). Bypass sites patched (backend
OAuth callback, dashboard remote-dev auth route, impersonation snippets,
snapshot serializer).
- **Bearer prefix** — SDK token parser accepts both `stackauth_` and
`hexclave_`; emits `hexclave_`. Discovery correction: this is purely
SDK-internal — the backend never parses it.
- **Response headers** — backend dual-emits
`x-hexclave-{request-id,actual-status,known-error}`; SDKs dual-read (new
first, stack fallback).
- **SDK request-header emit switch** —
`client/server/admin-interface.ts` + dashboard `api-headers.ts` +
`internal-project-headers.ts` + `feedback-form.tsx` switched to
`x-hexclave-*`. Plus `stack_response_mode` query param.
- **Storage keys** — dev-tool / cli-auth / oauth-button / docs keys
renamed (straight); `stack:session-replay:v1` dual-read so in-progress
recordings survive SDK upgrades; `stack_mfa_attempt_code` dual-read.
- **Query params** — cross-domain params dual-emit/dual-accept via
shared helpers; backend `oauth/authorize` accepts
`hexclave_response_mode` and `stack_response_mode`; `stack-init-id`
renamed.
- **`Symbol.for`** — app-internals symbol gets a parallel
`Symbol.for("Hexclave--app-internals")` getter on each attach site (no
read-site churn — old symbol still attached). 3 file-private symbols
renamed outright.
- **Config discovery** — prefer `hexclave.config.ts`, fall back to
`stack.config.ts` at every discovery site (CLI / dashboard / backend /
local-emulator); `init` writes the new filename; CLI credentials path
migrates.
- **Internal renames** — `StackAssertionError`,
`StackClient/Server/AdminInterface` renamed outright (no alias, per the
"internal-only → rename" rule). ~264 files touched.
- **Review-pass fixes** (`21217fbe`) — three real bugs found by parallel
review agents and fixed:
- `snapshot-serializer.ts` was interpolating the whole
`keyedCookieNamePrefixes` array (`${arr}`) — adding a second prefix
would have corrupted **every** OAuth-cookie snapshot, not just new ones.
- **Docker port-prefix producer/consumer mismatch** —
`entrypoint.sh`/`run-emulator.sh`/cloud-init `user-data` were still
producing `NEXT_PUBLIC_STACK_PORT_PREFIX` while the dashboard sentinel +
consumers had been renamed; silent self-host regression (custom port
prefix would be ignored).
- **Missing `hexclave-oauth-inner-*` dual-write** in the OAuth authorize
route — callback's fallback masked it but the dual-write was specified
by the plan.
- Plus: `mcp.test.ts` tool-list assertions updated to include
`ask_hexclave`; two dashboard header-emit sites switched to
`x-hexclave-*` for consistency.
- **E2E snapshot serializer follow-up** (`4b16cc5d`) —
`x-hexclave-request-id` added to the hidden-headers list (mirroring
`x-stack-request-id` treatment), and 2 sample inline snapshots
regenerated in `projects.test.ts` to include the new dual-emitted
headers.
## Verification
- **`pnpm typecheck`** — clean (the fresh-worktree `@/.source` / Prisma
codegen gap in `stack-docs` is pre-existing and unrelated).
- **`pnpm lint`** — 29/29 packages green.
- **`pnpm exec turbo run build --filter=./packages/*`** — 13/13 packages
build (including `@stackframe/stack-cli` once the dashboard standalone
is present).
- **Live E2E** against a running backend on `cl/hexclave-pr1`:
- `pnpm test run
apps/e2e/tests/backend/endpoints/api/v1/internal/mcp.test.ts` — **6/6
pass** (verifies the new `ask_hexclave` tool — the hand-written inline
snapshot matched actual MCP server output).
- `pnpm test run
apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts` —
**11/11 pass** (verifies wire dual-accept + dual-emit end-to-end; the
snapshot serializer fix was found and applied during this check).
A four-agent parallel **review pass** also audited the full diff for
logic/runtime bugs across the work-areas (wire headers + JWT, cookies +
bearer + symbols, env vars, query params + config + MCP + aliases). All
in-slice review verdicts were ✓ except the three bugs listed above,
which are now fixed.
## Known follow-ups (out of scope for this PR)
- **E2E snapshots across the rest of the suite** — backend now
dual-emits `x-hexclave-{known-error,actual-status}` alongside
`x-stack-*`, which legitimately appears in inline snapshots throughout
`apps/e2e`. Two were regenerated here as a sample; the rest should regen
with `vitest -u` in CI.
- **Docker shell env vars beyond `PORT_PREFIX`** — `entrypoint.sh` still
reads `STACK_*` env vars directly (the JS-side `getEnvVariable`
transform doesn't help the shell). JS consumers dual-read so it works in
practice; full shell-level dual-read is a deeper self-host follow-up.
- **`@stackframe/stack-cli` build ordering** — pre-existing; needs
`build:rde-standalone` first. Not affected by this PR.
## Test plan
- [ ] CI runs full e2e suite (with `vitest -u` to absorb dual-emit
snapshot deltas, then committed back)
- [ ] Spot-check: an old SDK build (emitting only `x-stack-*`) still
authenticates against the new backend
- [ ] Spot-check: a new SDK (emitting `x-hexclave-*` / `Bearer
hexclave_*`) still authenticates against an old backend during deploy
ordering
- [ ] Manual: `npx @stackframe/stack-cli@latest init` (new onboarding
entrypoint) generates `hexclave.config.ts`
- [ ] Manual: existing `stack.config.ts`-only project still resolves (no
migration required)
---------
Co-authored-by: bilal <bilal@stack-auth.com>
133 lines
4.9 KiB
JSON
133 lines
4.9 KiB
JSON
{
|
|
"name": "@stackframe/dashboard",
|
|
"version": "2.8.103",
|
|
"repository": "https://github.com/hexclave/stack-auth",
|
|
"private": true,
|
|
"scripts": {
|
|
"clean": "rimraf .next && rimraf node_modules",
|
|
"typecheck": "tsc --noEmit",
|
|
"with-env": "dotenv -c development --",
|
|
"with-env:prod": "dotenv -c --",
|
|
"dev": "concurrently -n \"dev,bundle-type-defs\" -k \"next dev --turbopack --port ${NEXT_PUBLIC_HEXCLAVE_PORT_PREFIX:-81}01\" \"pnpm run bundle-type-definitions:watch\"",
|
|
"bundle-type-definitions": "tsx scripts/bundle-type-definitions.ts",
|
|
"bundle-type-definitions:watch": "tsx watch --clear-screen=false scripts/bundle-type-definitions.ts",
|
|
"build": "pnpm run bundle-type-definitions && next build",
|
|
"build:rde-standalone": "NEXT_CONFIG_OUTPUT=standalone STACK_NEXT_CONFIG_DISABLE_TYPESCRIPT=true pnpm run build",
|
|
"docker-build": "pnpm run bundle-type-definitions && next build --experimental-build-mode compile",
|
|
"analyze-bundle": "next experimental-analyze",
|
|
"start": "next start --port ${NEXT_PUBLIC_HEXCLAVE_PORT_PREFIX:-81}01",
|
|
"psql": "pnpm run with-env bash -c 'psql $STACK_DATABASE_CONNECTION_STRING'",
|
|
"lint": "eslint ."
|
|
},
|
|
"dependencies": {
|
|
"@ai-sdk/react": "^3.0.72",
|
|
"@assistant-ui/react": "^0.10.24",
|
|
"@assistant-ui/react-ai-sdk": "^0.10.14",
|
|
"@assistant-ui/react-markdown": "^0.10.5",
|
|
"@dnd-kit/core": "^6.3.1",
|
|
"@dnd-kit/sortable": "^10.0.0",
|
|
"@dnd-kit/utilities": "^3.2.2",
|
|
"@hookform/resolvers": "^3.3.4",
|
|
"@monaco-editor/react": "4.7.0",
|
|
"@phosphor-icons/react": "^2.1.10",
|
|
"@radix-ui/react-accordion": "^1.2.1",
|
|
"@radix-ui/react-alert-dialog": "^1.1.2",
|
|
"@radix-ui/react-aspect-ratio": "^1.1.0",
|
|
"@radix-ui/react-avatar": "^1.1.1",
|
|
"@radix-ui/react-checkbox": "^1.1.2",
|
|
"@radix-ui/react-collapsible": "^1.1.1",
|
|
"@radix-ui/react-context": "^1.1.1",
|
|
"@radix-ui/react-context-menu": "^2.2.2",
|
|
"@radix-ui/react-dialog": "^1.1.2",
|
|
"@radix-ui/react-dropdown-menu": "^2.1.2",
|
|
"@radix-ui/react-hover-card": "^1.1.2",
|
|
"@radix-ui/react-icons": "^1.3.1",
|
|
"@radix-ui/react-label": "^2.1.0",
|
|
"@radix-ui/react-menubar": "^1.1.2",
|
|
"@radix-ui/react-navigation-menu": "^1.2.1",
|
|
"@radix-ui/react-popover": "^1.1.2",
|
|
"@radix-ui/react-progress": "^1.1.0",
|
|
"@radix-ui/react-radio-group": "^1.2.1",
|
|
"@radix-ui/react-scroll-area": "^1.2.0",
|
|
"@radix-ui/react-select": "^2.1.2",
|
|
"@radix-ui/react-separator": "^1.1.0",
|
|
"@radix-ui/react-slider": "^1.2.1",
|
|
"@radix-ui/react-slot": "^1.2.3",
|
|
"@radix-ui/react-switch": "^1.1.1",
|
|
"@radix-ui/react-tabs": "^1.1.1",
|
|
"@radix-ui/react-toast": "^1.2.2",
|
|
"@radix-ui/react-toggle": "^1.1.0",
|
|
"@radix-ui/react-toggle-group": "^1.1.0",
|
|
"@radix-ui/react-tooltip": "^1.1.3",
|
|
"@react-hook/resize-observer": "^2.0.2",
|
|
"@sentry/nextjs": "^10.11.0",
|
|
"@stackframe/dashboard-ui-components": "workspace:*",
|
|
"@stackframe/stack": "workspace:*",
|
|
"@stackframe/stack-shared": "workspace:*",
|
|
"@stripe/connect-js": "^3.3.27",
|
|
"@stripe/react-connect-js": "^3.3.24",
|
|
"@stripe/react-stripe-js": "^3.8.1",
|
|
"@stripe/stripe-js": "^7.7.0",
|
|
"@tanstack/react-table": "^8.20.5",
|
|
"@tanstack/react-virtual": "^3.13.18",
|
|
"@vercel/analytics": "^1.2.2",
|
|
"@vercel/speed-insights": "^1.0.12",
|
|
"ai": "^6.0.0",
|
|
"browser-image-compression": "^2.0.2",
|
|
"canvas-confetti": "^1.9.2",
|
|
"class-variance-authority": "^0.7.0",
|
|
"clsx": "^2.1.1",
|
|
"cmdk": "^1.0.4",
|
|
"date-fns": "^3.6.0",
|
|
"dotenv-cli": "^7.3.0",
|
|
"export-to-csv": "^1.4.0",
|
|
"geist": "^1",
|
|
"input-otp": "^1.4.1",
|
|
"jose": "^6.1.3",
|
|
"libsodium-wrappers": "^0.8.2",
|
|
"lodash": "^4.17.21",
|
|
"next": "16.1.7",
|
|
"next-themes": "^0.2.1",
|
|
"posthog-js": "^1.336.1",
|
|
"react": "19.2.3",
|
|
"react-day-picker": "^9.6.7",
|
|
"react-dom": "19.2.3",
|
|
"react-globe.gl": "^2.28.2",
|
|
"react-hook-form": "^7.53.1",
|
|
"react-icons": "^5.0.1",
|
|
"react-markdown": "^9.0.1",
|
|
"react-resizable-panels": "^2.1.6",
|
|
"react-syntax-highlighter": "^15.6.1",
|
|
"recharts": "^2.14.1",
|
|
"remark-gfm": "^4.0.1",
|
|
"rrweb": "^1.1.3",
|
|
"svix": "^1.32.0",
|
|
"svix-react": "^1.13.0",
|
|
"tailwind-merge": "^2.3.0",
|
|
"tailwindcss-animate": "^1.0.7",
|
|
"three": "^0.169.0",
|
|
"use-debounce": "^10.0.5",
|
|
"yup": "^1.7.1",
|
|
"zod": "^4.0.0"
|
|
},
|
|
"devDependencies": {
|
|
"@types/canvas-confetti": "^1.6.4",
|
|
"@types/lodash": "^4.17.5",
|
|
"@types/node": "20.17.6",
|
|
"@types/react": "19.2.7",
|
|
"@types/react-dom": "19.2.3",
|
|
"@types/react-syntax-highlighter": "^15.5.13",
|
|
"@types/three": "^0.169.0",
|
|
"autoprefixer": "^10.4.17",
|
|
"concurrently": "^8.2.2",
|
|
"glob": "^10.4.1",
|
|
"import-in-the-middle": "1.14.2",
|
|
"postcss": "^8.4.38",
|
|
"require-in-the-middle": "^7.4.0",
|
|
"rimraf": "^5.0.5",
|
|
"tailwindcss": "^3.4.1",
|
|
"tsx": "^4.7.2"
|
|
},
|
|
"packageManager": "pnpm@10.23.0"
|
|
}
|