mirror of https://github.com/stack-auth/stack.git synced 2026-06-19 21:00:40 +08:00

开源的用户管理解决方案，自带前端组件和管理后台。

Go to file

Mantra f38c9d85e7 Replace writeConfigObject with AI-aware updateConfigObject (#1537 ) ## Summary Replaces `writeConfigObject` (destructive overwrite) with `updateConfigObject` — an async, AI-aware updater that preserves user-authored config structure (imports, external file references, helpers). Dual-path approach: - Fast path (deterministic, no AI): plain static literal configs → `override()` + in-memory validation + atomic write - Agent path (custom structure): configs with `import x from "./file.txt" with { type: "text" }` etc. → Claude agent edits the external files in place, then validates Safety guarantees: - Snapshot/restore: config + all relative imports are captured before the agent runs; rolled back on any failure - In-memory validation on fast path (never write unvalidated bytes) - Semantic check when config is evaluable; no-op detection + structural check when it isn't - Path traversal guard on imports (rejects `../` escapes) - Agent isolation: `settingSources: []`, `strictMcpConfig: true`, `CLAUDE_CODE_DISABLE_AUTO_MEMORY`, no Bash tool - `scheduleSync` only fires after a successful update - Bounded 120s timeout on agent runs (configurable via env var) CI failures are preexisting on `dev` (`ERR_PNPM_LOCKFILE_CONFIG_MISMATCH` from overrides move without lockfile regen); this branch has zero lockfile changes vs dev. Link to Devin session: https://app.devin.ai/sessions/cc7409a357bc472ea19fbed065f1229f Requested by: @mantrakp04 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Introduced partial configuration update functionality with validation and automatic rollback on failures. * Enhanced configuration management with support for more complex file structures and external references. * Chores * Added Claude Agent SDK dependency for configuration update operations. <!-- end of auto-generated comment: release notes by coderabbit.ai --> ## Documentation Docs for this feature were added in this branch: - New page `docs-mintlify/guides/going-further/local-development.mdx` — covers `stack dev`, the development-environment flow, and how dashboard edits are written back to the local config file (structure-preserving fast path vs. assistant path, external `import … with { type: "text" }` templates, validation + rollback). Added to `docs.json` nav; also fixes the previously-broken `/guides/going-further/local-development` links from `index.mdx` and `self-host.mdx`. - `docs-mintlify/guides/going-further/cli.mdx` — added a `stack dev` ("Run a development environment") section. - Skill-site AI prompts — filled in the `config-docs` and `dashboard-instructions` placeholders under `packages/stack-shared/src/ai/unified-prompts/skill-site-prompt-parts/`, and added a structure-preserving note to the setup prompt. - `CHANGELOG.md` — user-facing entry. --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: mantra <mantra@stack-auth.com>		2026-06-15 12:00:24 -07:00
.agents/skills	feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481 )	2026-05-26 19:18:20 -07:00
.changeset	Disable changesets changelogs	2026-01-12 15:21:56 -08:00
.claude	Support local dashboard in remote SSH and GH Codespaces (#1538 )	2026-06-04 16:36:17 -07:00
.cursor	Update pre-push.md	2026-06-04 10:44:39 -07:00
.devcontainer	feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481 )	2026-05-26 19:18:20 -07:00
.github	feat(hexclave): PR 5 — internal symbol/path/package renames + brand strings (#1547 )	2026-06-03 18:57:09 -07:00
.vscode	Fix Vite environment variables	2026-06-05 16:42:11 -07:00
apps	Replace writeConfigObject with AI-aware updateConfigObject (#1537 )	2026-06-15 12:00:24 -07:00
configs	[Fix] Infinite Loop on handler/sign-in due to useStackApp not being able to find the StackProvider given context (#1248 )	2026-03-12 22:28:47 -07:00
docker	[codex] Add analytics overview filters (#1496 )	2026-06-10 17:50:35 -07:00
docs	chore: update package versions	2026-06-13 01:26:27 +00:00
docs-mintlify	chore: update package versions	2026-06-13 01:26:27 +00:00
examples	Replace writeConfigObject with AI-aware updateConfigObject (#1537 )	2026-06-15 12:00:24 -07:00
packages	Replace writeConfigObject with AI-aware updateConfigObject (#1537 )	2026-06-15 12:00:24 -07:00
patches	Fix MS OAuth (#457 )	2025-02-21 19:39:22 +01:00
scripts	Fix build	2026-06-08 10:29:42 -07:00
sdks	chore: update package versions	2026-06-13 01:26:27 +00:00
skills/hexclave	feat(hexclave): PR 5 — internal symbol/path/package renames + brand strings (#1547 )	2026-06-03 18:57:09 -07:00
.dockerignore	feat(hexclave): PR 5 — internal symbol/path/package renames + brand strings (#1547 )	2026-06-03 18:57:09 -07:00
.gitignore	feat(hexclave): PR 5 — internal symbol/path/package renames + brand strings (#1547 )	2026-06-03 18:57:09 -07:00
.gitmodules	Update GitHub URL	2026-05-19 10:27:53 -07:00
AGENTS.md	Remove CLAUDE-KNOWLEDGE file	2026-06-01 15:06:23 -07:00
CHANGELOG.md	Update changelog	2026-06-05 17:04:29 -07:00
CLAUDE.md	feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481 )	2026-05-26 19:18:20 -07:00
CONTRIBUTING.md	Rename port prefix envvar	2026-05-27 18:09:52 -07:00
LICENSE	feat(hexclave): PR 2 — visible rebrand (Hexclave brand goes public) (#1481 )	2026-05-26 19:18:20 -07:00
package.json	feat(hexclave): PR 5 — internal symbol/path/package renames + brand strings (#1547 )	2026-06-03 18:57:09 -07:00
pnpm-lock.yaml	Replace writeConfigObject with AI-aware updateConfigObject (#1537 )	2026-06-15 12:00:24 -07:00
pnpm-workspace.yaml	Fix Docker builds for pnpm v11 (#1532 )	2026-06-02 14:41:18 -07:00
README.md	Add "For AI agents" section to README (#1563 )	2026-06-05 17:01:13 -07:00
skills-lock.json	Auth app redesign (#1367 )	2026-05-19 23:03:46 -07:00
turbo.json	Replace writeConfigObject with AI-aware updateConfigObject (#1537 )	2026-06-15 12:00:24 -07:00
vitest.shared.ts	Fix tests	2026-02-17 19:57:08 -08:00
vitest.workspace.ts	Hosted components (#1229 )	2026-03-10 11:29:05 -07:00

README.md

Hexclave

The user infrastructure platform.

Hexclave handles everything around your users: authentication, teams, payments, emails, analytics, and much more. Start in minutes on the hosted cloud. Your data is always yours to export and self-host.

Website · Docs · Dashboard · Discord

Where Hexclave fits in the infrastructure stack

Get started

Setting up Hexclave is one prompt. Paste this into your coding agent of choice:

Read skill.hexclave.com and help me setup hexclave in this project

For AI agents

If you're an AI coding agent, use your web fetch tool or curl the skill documentation for up-to-date integration instructions:

curl -sSL "https://skill.hexclave.com?question=<your-question>&context=<your-context>"

What's included

Hexclave ships as a catalog of apps you switch on as your product needs them. Each one is built on the same user model, and new apps land regularly.

Authentication

Authentication that just works with passkeys, OAuth, and CLI auth. Drop in one component and ship the whole flow; auth methods toggle from the dashboard with no code changes needed.

Teams

Build for teams, not just users, with workspaces, email invites, and roles that actually gate the work. The workspace switcher remembers selection, invites auto sign up new users, and permissions hold up under audit.

RBAC

Permissions, sorted: roles that nest and one permission check that works the same on server or client. Define them in the dashboard, check them anywhere in your code.

API Keys

API keys without the footguns: leaked keys get auto-revoked, work for users and teams, and show the full secret only once. We never keep the plaintext after creation.

Payments

Payments without the plumbing for subscriptions, one-time charges, and usage metering with credits. Bill a person or a whole team with one model, no separate codepath.

Emails

Email that delivers and tells you so, handling transactional and marketing sends from one API. Edit templates with an AI editor, theme once, and track every open and click.

Analytics

Know your users with no data stack required, with live active user counts and session replays out of the box. Ask in plain English to build dashboards or write SQL to save queries, all with one flag enabled.

Webhooks

React to every user event in real time with signed, tamper-proof webhooks. Retries and backoff are handled for you; verify in five lines and manage endpoints from the dashboard.

Data Vault

A safe for the secrets your users hand you, locked with your secret so we never see the plaintext. Store and retrieve tokens in two lines each, server-only by design.

Launch Checklist

Run through the must-do checks before flipping to production: domain setup, callbacks locked, secrets rotated. The progress tracker keeps your team aligned so nothing critical slips through on launch day.

Contributing

Hexclave is open source, and contributions are welcome. Read CONTRIBUTING.md to get started, and say hello in Discord before picking up anything large. Found a security issue? Email security@hexclave.com.