Merge branch 'dev' into chore/move-mcp-to-a-sep-app

Author: mantrakp04

apps/backend/.env

@@ -14,8 +14,8 @@ STACK_SEED_INTERNAL_PROJECT_USER_EMAIL=# default user added to the dashboard
 STACK_SEED_INTERNAL_PROJECT_USER_PASSWORD=# default user's password, paired with STACK_SEED_INTERNAL_PROJECT_USER_EMAIL
 STACK_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS=# if the default user has access to the internal dashboard project
 STACK_SEED_INTERNAL_PROJECT_USER_GITHUB_ID=# add github oauth id to the default user
-STACK_SEED_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY=# default publishable client key for the internal project
-STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY=# default secret server key for the internal project
+STACK_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY=# default publishable client key for the internal project
+STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY=# default secret server key for the internal project
 STACK_SEED_INTERNAL_PROJECT_SUPER_SECRET_ADMIN_KEY=# default super secret admin key for the internal project
 
 # OAuth mock provider settings

apps/backend/.env.development

@@ -13,8 +13,8 @@ STACK_SEED_INTERNAL_PROJECT_ALLOW_LOCALHOST=true
 STACK_SEED_INTERNAL_PROJECT_OAUTH_PROVIDERS=github,spotify,google,microsoft
 STACK_SEED_INTERNAL_PROJECT_USER_GITHUB_ID=admin@example.com
 STACK_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS=true
-STACK_SEED_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY=this-publishable-client-key-is-for-local-development-only
-STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY=this-secret-server-key-is-for-local-development-only
+STACK_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY=this-publishable-client-key-is-for-local-development-only
+STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY=this-secret-server-key-is-for-local-development-only
 STACK_SEED_INTERNAL_PROJECT_SUPER_SECRET_ADMIN_KEY=this-super-secret-admin-key-is-for-local-development-only
 
 STACK_OAUTH_MOCK_URL=http://localhost:${NEXT_PUBLIC_STACK_PORT_PREFIX:-81}14

apps/backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/backend",
-  "version": "2.8.86",
+  "version": "2.8.87",
   "repository": "https://github.com/stack-auth/stack-auth",
   "private": true,
   "type": "module",

apps/backend/prisma/seed.ts

@@ -1,5 +1,6 @@
 /* eslint-disable no-restricted-syntax */
 import { usersCrudHandlers } from '@/app/api/latest/users/crud';
+import { CustomerType, Prisma, PurchaseCreationSource, SubscriptionStatus } from '@/generated/prisma/client';
 import { overrideBranchConfigOverride } from '@/lib/config';
 import {
   LOCAL_EMULATOR_ADMIN_EMAIL,
@@ -15,9 +16,12 @@ import { DEFAULT_BRANCH_ID, getSoleTenancyFromProjectBranch } from '@/lib/tenanc
 import { getPrismaClientForTenancy, globalPrismaClient } from '@/prisma-client';
 import { ALL_APPS } from '@stackframe/stack-shared/dist/apps/apps-config';
 import { ITEM_IDS, PLAN_LIMITS } from '@stackframe/stack-shared/dist/plans';
+import { DayInterval } from '@stackframe/stack-shared/dist/utils/dates';
 import { throwErr } from '@stackframe/stack-shared/dist/utils/errors';
 import { typedEntries, typedFromEntries } from '@stackframe/stack-shared/dist/utils/objects';
 
+const MONTHLY_REPEAT: DayInterval = [1, "month"];
+
 const DUMMY_PROJECT_ID = '6fbbf22e-f4b2-4c6e-95a1-beab6fa41063';
 
 let didEnableSeedLogTimestamps = false;
@@ -159,9 +163,10 @@ export async function seed() {
             includedItems: {
               [ITEM_IDS.seats]: { quantity: PLAN_LIMITS.free.seats, repeat: "never" as const, expires: "when-purchase-expires" as const },
               [ITEM_IDS.authUsers]: { quantity: PLAN_LIMITS.free.authUsers, repeat: "never" as const, expires: "when-purchase-expires" as const },
-              [ITEM_IDS.emailsPerMonth]: { quantity: PLAN_LIMITS.free.emailsPerMonth, repeat: "never" as const, expires: "when-purchase-expires" as const },
+              [ITEM_IDS.emailsPerMonth]: { quantity: PLAN_LIMITS.free.emailsPerMonth, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
               [ITEM_IDS.analyticsTimeoutSeconds]: { quantity: PLAN_LIMITS.free.analyticsTimeoutSeconds, repeat: "never" as const, expires: "when-purchase-expires" as const },
-              [ITEM_IDS.analyticsEvents]: { quantity: PLAN_LIMITS.free.analyticsEvents, repeat: "never" as const, expires: "when-purchase-expires" as const },
+              [ITEM_IDS.analyticsEvents]: { quantity: PLAN_LIMITS.free.analyticsEvents, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
+              [ITEM_IDS.sessionReplays]: { quantity: PLAN_LIMITS.free.sessionReplays, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
             },
           },
           team: {
@@ -173,16 +178,18 @@ export async function seed() {
             prices: {
               monthly: {
                 USD: "49",
-                interval: [1, "month"] as any,
+                interval: MONTHLY_REPEAT,
                 serverOnly: false,
               },
             },
             includedItems: {
               [ITEM_IDS.seats]: { quantity: PLAN_LIMITS.team.seats, repeat: "never" as const, expires: "when-purchase-expires" as const },
               [ITEM_IDS.authUsers]: { quantity: PLAN_LIMITS.team.authUsers, repeat: "never" as const, expires: "when-purchase-expires" as const },
-              [ITEM_IDS.emailsPerMonth]: { quantity: PLAN_LIMITS.team.emailsPerMonth, repeat: "never" as const, expires: "when-purchase-expires" as const },
+              [ITEM_IDS.emailsPerMonth]: { quantity: PLAN_LIMITS.team.emailsPerMonth, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
               [ITEM_IDS.analyticsTimeoutSeconds]: { quantity: PLAN_LIMITS.team.analyticsTimeoutSeconds, repeat: "never" as const, expires: "when-purchase-expires" as const },
-              [ITEM_IDS.analyticsEvents]: { quantity: PLAN_LIMITS.team.analyticsEvents, repeat: "never" as const, expires: "when-purchase-expires" as const },
+              [ITEM_IDS.analyticsEvents]: { quantity: PLAN_LIMITS.team.analyticsEvents, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
+              [ITEM_IDS.sessionReplays]: { quantity: PLAN_LIMITS.team.sessionReplays, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
+              [ITEM_IDS.onboardingCall]: { quantity: 1, repeat: "never" as const, expires: "when-purchase-expires" as const },
             },
           },
           growth: {
@@ -194,16 +201,18 @@ export async function seed() {
             prices: {
               monthly: {
                 USD: "299",
-                interval: [1, "month"] as any,
+                interval: MONTHLY_REPEAT,
                 serverOnly: false,
               },
             },
             includedItems: {
               [ITEM_IDS.seats]: { quantity: PLAN_LIMITS.growth.seats, repeat: "never" as const, expires: "when-purchase-expires" as const },
               [ITEM_IDS.authUsers]: { quantity: PLAN_LIMITS.growth.authUsers, repeat: "never" as const, expires: "when-purchase-expires" as const },
-              [ITEM_IDS.emailsPerMonth]: { quantity: PLAN_LIMITS.growth.emailsPerMonth, repeat: "never" as const, expires: "when-purchase-expires" as const },
+              [ITEM_IDS.emailsPerMonth]: { quantity: PLAN_LIMITS.growth.emailsPerMonth, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
               [ITEM_IDS.analyticsTimeoutSeconds]: { quantity: PLAN_LIMITS.growth.analyticsTimeoutSeconds, repeat: "never" as const, expires: "when-purchase-expires" as const },
-              [ITEM_IDS.analyticsEvents]: { quantity: PLAN_LIMITS.growth.analyticsEvents, repeat: "never" as const, expires: "when-purchase-expires" as const },
+              [ITEM_IDS.analyticsEvents]: { quantity: PLAN_LIMITS.growth.analyticsEvents, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
+              [ITEM_IDS.sessionReplays]: { quantity: PLAN_LIMITS.growth.sessionReplays, repeat: MONTHLY_REPEAT, expires: "when-repeated" as const },
+              [ITEM_IDS.onboardingCall]: { quantity: 1, repeat: "never" as const, expires: "when-purchase-expires" as const },
             },
           },
           "extra-seats": {
@@ -215,7 +224,7 @@ export async function seed() {
             prices: {
               monthly: {
                 USD: "29",
-                interval: [1, "month"] as any,
+                interval: MONTHLY_REPEAT,
                 serverOnly: false,
               },
             },
@@ -234,6 +243,8 @@ export async function seed() {
           [ITEM_IDS.emailsPerMonth]: { displayName: "Emails per Month", customerType: "team" as const },
           [ITEM_IDS.analyticsTimeoutSeconds]: { displayName: "Analytics Timeout (seconds)", customerType: "team" as const },
           [ITEM_IDS.analyticsEvents]: { displayName: "Analytics Events", customerType: "team" as const },
+          [ITEM_IDS.sessionReplays]: { displayName: "Session Replays", customerType: "team" as const },
+          [ITEM_IDS.onboardingCall]: { displayName: "Onboarding Call", customerType: "team" as const },
         },
       },
       apps: {
@@ -292,23 +303,77 @@ export async function seed() {
     console.log('Internal team created');
   }
 
+  // The team-create CRUD path auto-grants the free plan to every team in the
+  // internal project, but the internal team itself is written directly above
+  // (bypassing that code path), so it would otherwise end up with zero
+  // entitlements and trip the plan-limit enforcement. Grant it the Growth plan
+  // so Stack Auth employees using the dashboard get full quotas. Idempotent —
+  // skipped if an active Growth subscription already exists.
+  //
+  // We create the subscription with raw Prisma (matching seed-dummy-data.ts)
+  // rather than grantProductToCustomer because bulldozer storage tables
+  // aren't initialized at this point in the seed yet. The Bulldozer init
+  // call right below this block ingresses the row into the ledger.
+  const growthProduct = updatedInternalTenancy.config.payments.products.growth;
+  if (growthProduct.customerType === 'team') {
+    const existingGrowthSub = await internalPrisma.subscription.findFirst({
+      where: {
+        tenancyId: internalTenancy.id,
+        customerId: internalTeamId,
+        customerType: CustomerType.TEAM,
+        productId: 'growth',
+        status: SubscriptionStatus.active,
+      },
+    });
+    if (!existingGrowthSub) {
+      const growthPrices = growthProduct.prices === 'include-by-default' ? {} : growthProduct.prices;
+      const firstPriceId = Object.keys(growthPrices)[0] ?? null;
+      const now = new Date();
+      // Clone to ensure the stored JSON snapshot is independent of the config object
+      // (mirrors the pattern used in seed-dummy-data.ts).
+      const storedProduct = JSON.parse(JSON.stringify(growthProduct)) as Prisma.InputJsonValue;
+      // Mirror what a real Stripe checkout would produce, based on whether
+      // the internal project is running in test mode.
+      const creationSource = updatedInternalTenancy.config.payments.testMode
+        ? PurchaseCreationSource.TEST_MODE
+        : PurchaseCreationSource.PURCHASE_PAGE;
+      await internalPrisma.subscription.create({
+        data: {
+          tenancyId: internalTenancy.id,
+          customerId: internalTeamId,
+          customerType: CustomerType.TEAM,
+          status: SubscriptionStatus.active,
+          productId: 'growth',
+          priceId: firstPriceId,
+          product: storedProduct,
+          quantity: 1,
+          currentPeriodStart: now,
+          currentPeriodEnd: new Date('2099-12-31T23:59:59Z'),
+          cancelAtPeriodEnd: false,
+          creationSource,
+        },
+      });
+      console.log('Granted Growth plan to internal team');
+    }
+  }
+
   // Upsert the internal API key set before any flake-prone work (dummy-project
   // seed, email/svix, clickhouse). The emulator CLI authenticates against the
   // internal project using the pck stored here, so it must land before the rest
   // of the seed even if something later fails.
   const isLocalEmulator = process.env.NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR === 'true';
-  const rawPck = process.env.STACK_SEED_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY;
+  const rawPck = process.env.STACK_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY;
   if (isLocalEmulator && !rawPck) {
     // Emulator images build before a per-VM pck is available. Runtime boots set
-    // STACK_SEED_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY from the VM-generated
+    // STACK_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY from the VM-generated
     // random value and re-run the seed, which upserts the internal key set then.
     console.log('Skipping internal API key set (no pck provided; emulator mode).');
   } else {
     const keySet = {
-      publishableClientKey: rawPck || throwErr('STACK_SEED_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY is not set'),
+      publishableClientKey: rawPck || throwErr('STACK_INTERNAL_PROJECT_PUBLISHABLE_CLIENT_KEY is not set'),
       secretServerKey: isLocalEmulator
-        ? (process.env.STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY ?? null)
-        : (process.env.STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY || throwErr('STACK_SEED_INTERNAL_PROJECT_SECRET_SERVER_KEY is not set')),
+        ? (process.env.STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY ?? null)
+        : (process.env.STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY || throwErr('STACK_INTERNAL_PROJECT_SECRET_SERVER_KEY is not set')),
       superSecretAdminKey: isLocalEmulator
         ? (process.env.STACK_SEED_INTERNAL_PROJECT_SUPER_SECRET_ADMIN_KEY ?? null)
         : (process.env.STACK_SEED_INTERNAL_PROJECT_SUPER_SECRET_ADMIN_KEY || throwErr('STACK_SEED_INTERNAL_PROJECT_SUPER_SECRET_ADMIN_KEY is not set')),

apps/backend/src/app/api/latest/analytics/events/batch/route.tsx

@@ -1,14 +1,20 @@
 import { getClickhouseAdminClient } from "@/lib/clickhouse";
+import { getBillingTeamId } from "@/lib/plan-entitlements";
 import { findRecentSessionReplay } from "@/lib/session-replays";
+import { getStackServerApp } from "@/stack";
 import { getPrismaClientForTenancy } from "@/prisma-client";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
 import { KnownErrors } from "@stackframe/stack-shared";
+import { ITEM_IDS } from "@stackframe/stack-shared/dist/plans";
 import { adaptSchema, clientOrHigherAuthTypeSchema, yupArray, yupMixed, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StatusError } from "@stackframe/stack-shared/dist/utils/errors";
+import * as zlib from "node:zlib";
 
 const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
 
 const MAX_EVENTS = 500;
+const MAX_COMPRESSED_BYTES = 1 * 1024 * 1024;
+const MAX_DECOMPRESSED_BYTES = 8 * 1024 * 1024;
 
 // Lone surrogates (\uD800-\uDFFF not part of a valid pair) are technically
 // representable in JS strings but rejected by ClickHouse's JSON parser.
@@ -32,6 +38,35 @@ function stripLoneSurrogates(value: unknown): unknown {
   return value;
 }
 
+// Bodies sent as application/octet-stream are gzipped JSON. The encoding is
+// purely to evade keyword-matching adblockers (e.g. filters on "$click").
+// We gunzip + JSON.parse here so the rest of the schema can validate the
+// decoded object normally.
+function maybeDecodeBinaryBody(value: unknown): unknown {
+  let bytes: Uint8Array | undefined;
+  if (value instanceof ArrayBuffer) {
+    bytes = new Uint8Array(value);
+  } else if (value instanceof Uint8Array) {
+    bytes = value;
+  }
+  if (!bytes) return value;
+
+  if (bytes.byteLength > MAX_COMPRESSED_BYTES) {
+    throw new StatusError(StatusError.BadRequest, "Encoded analytics body too large");
+  }
+  let decompressed: Buffer;
+  try {
+    decompressed = zlib.gunzipSync(bytes, { maxOutputLength: MAX_DECOMPRESSED_BYTES });
+  } catch {
+    throw new StatusError(StatusError.BadRequest, "Invalid encoded analytics body");
+  }
+  try {
+    return JSON.parse(decompressed.toString("utf-8"));
+  } catch {
+    throw new StatusError(StatusError.BadRequest, "Invalid encoded analytics body");
+  }
+}
+
 export const POST = createSmartRouteHandler({
   metadata: {
     summary: "Upload analytics event batch",
@@ -57,7 +92,7 @@ export const POST = createSmartRouteHandler({
           data: yupMixed().defined(),
         }).defined(),
       ).defined().min(1).max(MAX_EVENTS),
-    }).defined(),
+    }).defined().transform((_value, originalValue) => maybeDecodeBinaryBody(originalValue)),
   }),
   response: yupObject({
     statusCode: yupNumber().oneOf([200]).defined(),
@@ -83,6 +118,17 @@ export const POST = createSmartRouteHandler({
     const refreshTokenId = auth.refreshTokenId;
     const tenancyId = auth.tenancy.id;
 
+    const app = getStackServerApp();
+
+    const billingTeamId = getBillingTeamId(auth.tenancy.project);
+    if (billingTeamId != null) {
+      const eventsItem = await app.getItem({ itemId: ITEM_IDS.analyticsEvents, teamId: billingTeamId });
+      const isDebited = await eventsItem.tryDecreaseQuantity(body.events.length);
+      if (!isDebited) {
+        throw new KnownErrors.ItemQuantityInsufficientAmount(ITEM_IDS.analyticsEvents, billingTeamId, body.events.length);
+      }
+    }
+
     const prisma = await getPrismaClientForTenancy(auth.tenancy);
     const recentSession = await findRecentSessionReplay(prisma, { tenancyId, refreshTokenId });
 

apps/backend/src/app/api/latest/integrations/stripe/webhooks/route.tsx

@@ -48,6 +48,7 @@ const ignoredEvents = [
   "charge.failed",
   "balance.available",
   "customer.updated",
+  "customer.created",
 ] as const satisfies Stripe.Event.Type[];
 
 const isSubscriptionChangedEvent = (event: Stripe.Event): event is Stripe.Event & { type: (typeof subscriptionChangedEvents)[number] } => {

apps/backend/src/app/api/latest/internal/analytics/query/route.ts

@@ -1,13 +1,16 @@
 import { getClickhouseExternalClient } from "@/lib/clickhouse";
 import { getSafeClickhouseErrorMessage } from "@/lib/clickhouse-errors";
+import { getBillingTeamId } from "@/lib/plan-entitlements";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
+import { getStackServerApp } from "@/stack";
 import { KnownErrors } from "@stackframe/stack-shared";
+import { ITEM_IDS, PLAN_LIMITS } from "@stackframe/stack-shared/dist/plans";
 import { adaptSchema, adminAuthTypeSchema, jsonSchema, yupBoolean, yupMixed, yupNumber, yupObject, yupRecord, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StackAssertionError } from "@stackframe/stack-shared/dist/utils/errors";
 import { Result } from "@stackframe/stack-shared/dist/utils/results";
 import { randomUUID } from "crypto";
 
-const MAX_QUERY_TIMEOUT_MS = 120_000;
+const MAX_QUERY_TIMEOUT_MS = Math.max(...Object.values(PLAN_LIMITS).map(p => p.analyticsTimeoutSeconds)) * 1000;
 const DEFAULT_QUERY_TIMEOUT_MS = 10_000;
 
 export const POST = createSmartRouteHandler({
@@ -36,6 +39,23 @@ export const POST = createSmartRouteHandler({
     if (body.include_all_branches) {
       throw new StackAssertionError("include_all_branches is not supported yet");
     }
+
+    let effectiveTimeoutMs = body.timeout_ms;
+    const billingTeamId = getBillingTeamId(auth.tenancy.project);
+    if (billingTeamId != null) {
+      const app = getStackServerApp();
+      const timeoutItem = await app.getItem({ itemId: ITEM_IDS.analyticsTimeoutSeconds, teamId: billingTeamId });
+      // clickHouse treats max_execution_time=0 as
+      // "unlimited", so a customer with zero timeout entitlement (no active
+      // plan in the plans line, or a transient gap between paid-plan end
+      // and free regrant) would otherwise get unbounded query execution.
+      if (timeoutItem.quantity <= 0) {
+        throw new KnownErrors.ItemQuantityInsufficientAmount(ITEM_IDS.analyticsTimeoutSeconds, billingTeamId, 1);
+      }
+      const maxAllowedMs = timeoutItem.quantity * 1000;
+      effectiveTimeoutMs = Math.min(body.timeout_ms, maxAllowedMs);
+    }
+
     const client = getClickhouseExternalClient();
     const queryId = `${auth.tenancy.project.id}:${auth.tenancy.branchId}:${randomUUID()}`;
     const resultSet = await Result.fromPromise(client.query({
@@ -45,7 +65,7 @@ export const POST = createSmartRouteHandler({
       clickhouse_settings: {
         SQL_project_id: auth.tenancy.project.id,
         SQL_branch_id: auth.tenancy.branchId,
-        max_execution_time: body.timeout_ms / 1000,
+        max_execution_time: effectiveTimeoutMs / 1000,
         readonly: "1",
         allow_ddl: 0,
         max_result_rows: MAX_RESULT_ROWS.toString(),