Merge remote-tracking branch 'origin/dev' into custom-dashboards-and-unified-ai-no-playground

Author: aadesh18

.github/workflows/npm-publish.yaml

@@ -43,6 +43,6 @@ jobs:
 
       - name: Publish packages
         # pnpm publish skips versions that already exist on npm by default
-        run: pnpm publish -r --no-git-checks
+        run: pnpm publish -r --no-git-checks --access public
         env:
           NPM_CONFIG_PROVENANCE: true

README.md

@@ -75,12 +75,7 @@ To install Stack Auth in your Next.js project (for React, JavaScript, or other f
 
 1. Run Stack Auth's installation wizard with the following command:
     ```bash
-    npx @stackframe/init-stack@latest
-    ```
-   
-   If you prefer not to open a browser during setup (useful for CI/CD environments or restricted environments):
-    ```bash
-    npx @stackframe/init-stack@latest --no-browser
+    npx @stackframe/stack-cli@latest init
     ```
 
 2. Then, create an account on the [Stack Auth dashboard](https://app.stack-auth.com/projects), create a new project with an API key, and copy its environment variables into the .env.local file of your Next.js project:

apps/backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/backend",
-  "version": "2.8.73",
+  "version": "2.8.74",
   "repository": "https://github.com/stack-auth/stack-auth",
   "private": true,
   "type": "module",

apps/backend/src/app/api/latest/integrations/ai-proxy/[[...path]]/route.ts

@@ -0,0 +1,68 @@
+import { handleApiRequest } from "@/route-handlers/smart-route-handler";
+import { getEnvVariable } from "@stackframe/stack-shared/dist/utils/env";
+import { StatusError } from "@stackframe/stack-shared/dist/utils/errors";
+import { NextRequest } from "next/server";
+
+const OPENROUTER_BASE_URL = "https://openrouter.ai/api";
+const OPENROUTER_MODEL = "anthropic/claude-sonnet-4.6";
+
+function sanitizeBody(raw: ArrayBuffer): Uint8Array {
+  const text = new TextDecoder().decode(raw);
+  let parsed;
+  try {
+    parsed = JSON.parse(text);
+  } catch {
+    throw new StatusError(400, "Request body must be valid JSON");
+  }
+
+  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+    throw new StatusError(400, "Request body must be a JSON object");
+  }
+
+  parsed.model = OPENROUTER_MODEL;
+
+  // OpenRouter limits metadata.user_id to 128 characters
+  if (parsed.metadata?.user_id && parsed.metadata.user_id.length > 128) {
+    parsed.metadata.user_id = parsed.metadata.user_id.slice(0, 128);
+  }
+
+  return new TextEncoder().encode(JSON.stringify(parsed));
+}
+
+async function proxyToOpenRouter(req: NextRequest, options: { params: Promise<{ path?: string[] }> }) {
+  const apiKey = getEnvVariable("STACK_OPENROUTER_API_KEY");
+  const params = await options.params;
+  const subpath = params.path?.join("/") ?? "";
+  const targetUrl = `${OPENROUTER_BASE_URL}/${subpath}${req.nextUrl.search}`;
+
+  const headers: Record<string, string> = {
+    "Authorization": `Bearer ${apiKey}`,
+    "anthropic-version": "2023-06-01",
+  };
+
+  const contentType = req.headers.get("Content-Type");
+  if (contentType) {
+    headers["Content-Type"] = contentType;
+  }
+
+  const body = req.method !== "GET" && req.method !== "HEAD"
+    ? Buffer.from(sanitizeBody(await req.arrayBuffer()))
+    : undefined;
+
+  const response = await fetch(targetUrl, {
+    method: req.method,
+    headers,
+    body,
+  });
+
+  return new Response(response.body, {
+    status: response.status,
+    headers: {
+      "Content-Type": response.headers.get("Content-Type") ?? "application/json",
+      "Cache-Control": "no-cache",
+    },
+  });
+}
+
+export const GET = handleApiRequest(proxyToOpenRouter);
+export const POST = handleApiRequest(proxyToOpenRouter);

apps/backend/src/app/api/latest/internal/config/override/[level]/route.tsx

@@ -18,7 +18,7 @@ import { globalPrismaClient, rawQuery } from "@/prisma-client";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
 import { branchConfigSchema, environmentConfigSchema, getConfigOverrideErrors, migrateConfigOverride, projectConfigSchema } from "@stackframe/stack-shared/dist/config/schema";
 import { adaptSchema, adminAuthTypeSchema, branchConfigSourceSchema, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
-import { StatusError, captureError } from "@stackframe/stack-shared/dist/utils/errors";
+import { StackAssertionError, StatusError, captureError } from "@stackframe/stack-shared/dist/utils/errors";
 import * as yup from "yup";
 type BranchConfigSourceApi = yup.InferType<typeof branchConfigSourceSchema>;
 
@@ -194,7 +194,7 @@ async function warnOnValidationFailure(
       captureError("config-override-validation-warning", `Config override validation warning for project ${options.projectId} (this may not be a logic error, but rather a client/implementation issue — e.g. dot notation into non-existent record entries): ${validationResult.error}`);
     }
   } catch (e) {
-    captureError("config-override-validation-check-failed", e);
+    captureError("config-override-validation-check-failed", new StackAssertionError("Config override validation check failed. This may be really bad! Make sure to check the error and the config.", { cause: e, options, levelConfig }));
   }
 }
 

apps/dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/dashboard",
-  "version": "2.8.73",
+  "version": "2.8.74",
   "repository": "https://github.com/stack-auth/stack-auth",
   "private": true,
   "scripts": {

apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/(overview)/setup-page.tsx

@@ -63,10 +63,10 @@ export default function SetupPage(props: { toMetrics: () => void }) {
         </Typography>
         <CodeBlock
           language="bash"
-          content={`npx @stackframe/init-stack@latest`}
+          content={`npx @stackframe/stack-cli@latest init`}
           customRender={
             <div className="p-4 font-mono text-sm">
-              <span className={commandClasses}>pnpx</span> <span className={nameClasses}>@stackframe/init-stack@latest</span>
+              <span className={commandClasses}>pnpx</span> <span className={nameClasses}>@stackframe/stack-cli@latest</span> init
             </div>
           }
           title="Terminal"

apps/dev-launchpad/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/dev-launchpad",
-  "version": "2.8.73",
+  "version": "2.8.74",
   "repository": "https://github.com/stack-auth/stack-auth",
   "private": true,
   "scripts": {

apps/e2e/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackframe/e2e-tests",
-  "version": "2.8.73",
+  "version": "2.8.74",
   "repository": "https://github.com/stack-auth/stack-auth",
   "private": true,
   "type": "module",

apps/e2e/tests/general/cli.test.ts

@@ -345,4 +345,119 @@ describe("Stack CLI", () => {
     expect(exitCode).toBe(1);
     expect(stderr).toContain("plain `config` object");
   });
+
+  // --- init command tests ---
+
+  it("init create writes stack.config.ts with selected apps", async ({ expect }) => {
+    const initDir = path.join(tmpDir, "init-create");
+    fs.mkdirSync(initDir, { recursive: true });
+
+    const { stdout, exitCode } = await runCli([
+      "init", "--mode", "create", "--apps", "authentication,teams", "--output-dir", initDir,
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain("Config file written to");
+
+    const content = fs.readFileSync(path.join(initDir, "stack.config.ts"), "utf-8");
+    expect(content).toContain("export const config");
+    const configMatch = content.match(/export const config = (.+);/s);
+    expect(configMatch).toBeTruthy();
+    const parsed = JSON.parse(configMatch![1]);
+    expect(parsed.apps.installed.authentication).toEqual({ enabled: true });
+    expect(parsed.apps.installed.teams).toEqual({ enabled: true });
+  });
+
+  it("init create with single app", async ({ expect }) => {
+    const initDir = path.join(tmpDir, "init-create-single");
+    fs.mkdirSync(initDir, { recursive: true });
+
+    const { stdout, exitCode } = await runCli([
+      "init", "--mode", "create", "--apps", "authentication", "--output-dir", initDir,
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain("Config file written to");
+
+    const content = fs.readFileSync(path.join(initDir, "stack.config.ts"), "utf-8");
+    const configMatch = content.match(/export const config = (.+);/s);
+    const parsed = JSON.parse(configMatch![1]);
+    expect(Object.keys(parsed.apps.installed)).toEqual(["authentication"]);
+  });
+
+  it("init link-config with valid path", async ({ expect }) => {
+    // Create a dummy config file to link to
+    const dummyConfig = path.join(tmpDir, "dummy-stack.config.ts");
+    fs.writeFileSync(dummyConfig, "export const config = {};\n");
+
+    const { stdout, exitCode } = await runCli([
+      "init", "--mode", "link-config", "--config-file", dummyConfig,
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain("Linked to config file");
+    expect(stdout).toContain(dummyConfig);
+  });
+
+  it("init link-config with invalid path fails", async ({ expect }) => {
+    const { stderr, exitCode } = await runCli([
+      "init", "--mode", "link-config", "--config-file", "/nonexistent/stack.config.ts",
+    ]);
+    expect(exitCode).toBe(1);
+    expect(stderr).toContain("File not found");
+  });
+
+  it("init link-cloud creates .env with API keys", async ({ expect }) => {
+    expect(createdProjectId).toBeDefined();
+
+    const initDir = path.join(tmpDir, "init-cloud");
+    fs.mkdirSync(initDir, { recursive: true });
+
+    const { stdout, exitCode } = await runCli([
+      "init", "--mode", "link-cloud", "--select-project-id", createdProjectId, "--output-dir", initDir,
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain("Created .env with Stack Auth keys");
+
+    const envContent = fs.readFileSync(path.join(initDir, ".env"), "utf-8");
+    expect(envContent).toContain("# Stack Auth");
+    expect(envContent).toContain(`NEXT_PUBLIC_STACK_PROJECT_ID=${createdProjectId}`);
+    expect(envContent).toContain("NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY=");
+    expect(envContent).toContain("STACK_SECRET_SERVER_KEY=");
+  });
+
+  it("init link-cloud appends to existing .env", async ({ expect }) => {
+    expect(createdProjectId).toBeDefined();
+
+    const initDir = path.join(tmpDir, "init-cloud-append");
+    fs.mkdirSync(initDir, { recursive: true });
+    fs.writeFileSync(path.join(initDir, ".env"), "EXISTING_VAR=hello\n");
+
+    const { stdout, exitCode } = await runCli([
+      "init", "--mode", "link-cloud", "--select-project-id", createdProjectId, "--output-dir", initDir,
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain("Appended Stack Auth keys to .env");
+
+    const envContent = fs.readFileSync(path.join(initDir, ".env"), "utf-8");
+    expect(envContent).toContain("EXISTING_VAR=hello");
+    expect(envContent).toContain("# Stack Auth");
+    expect(envContent).toContain(`NEXT_PUBLIC_STACK_PROJECT_ID=${createdProjectId}`);
+  });
+
+  it("init link-cloud fails with invalid project ID", async ({ expect }) => {
+    const { stderr, exitCode } = await runCli([
+      "init", "--mode", "link-cloud", "--select-project-id", "nonexistent-project-id",
+    ]);
+    expect(exitCode).toBe(1);
+    expect(stderr).toContain("not found");
+  });
+
+  it("init outputs setup instructions", async ({ expect }) => {
+    const initDir = path.join(tmpDir, "init-instructions");
+    fs.mkdirSync(initDir, { recursive: true });
+
+    const { stdout, exitCode } = await runCli([
+      "init", "--mode", "create", "--apps", "authentication", "--output-dir", initDir,
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain("STACK AUTH SETUP INSTRUCTIONS");
+  });
 });