Better auth migration#21
Open
ChunkyMonkey11 wants to merge 266 commits into
Open
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…webhook logging, invalidation + max-topup)
- e2b.Dockerfile: reset WORKDIR to /home/user (the build WORKDIR was deleted, which broke the v2 builder's config script), and install tw-animate-css so the generated globals.css import resolves. - README + docs/agent-pipeline.md: `template build --name --cmd` is deprecated and no-ops in CLI v2; use `template create <name> --cmd --ready-cmd`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
feat: Stripe USD credit wallet (buy credits, pay-per-generation)
- next.config.ts: mark rate-limiter-flexible as serverExternalPackages so webpack stops bundling (and failing to parse) its .d.ts files. This webpack parse error was the real 'next build' failure blocking Vercel. - bump next 15.3.4 -> 15.5.19 (+ eslint-config-next): clears the critical Next.js advisories (RCE/SSRF/cache poisoning/content injection) + postcss. - inngest pinned to 3.54.0 (the exploitable serve() path uses the top-level SDK, already post-fix). Remaining audit items (agent-kit's nested inngest high; postcss moderate bundled inside next) are non-exploitable here and need breaking major bumps. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- src/lib/stripe.ts: lazy Stripe client so importing the module never throws without STRIPE_SECRET_KEY (the import-throw broke CI/builds that import the tRPC router via tests and next build). - prisma/migrations: single combined init covering Project.orgId + Wallet + CreditTransaction (replaces the org-only init). - package-lock: reconciled after merging main (adds stripe). Integrated app verified locally: build, tests (3/3), typecheck, lint all pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Org-scoped tenancy + testing + CI/CD (+ agent-context docs)
Reflects reality post-launch: org-tenancy (orgProcedure, per-org projects) + Stripe credit-wallet (per-user credits), live on app.skarmy.ai. Fixes stale claims (no tests, no migrations, empty next.config, userId-scoped tenancy, e2b template build) and adds the build/deploy gotchas that actually blocked us (rate-limiter serverExternalPackages, lazy stripe.ts, single Neon DB, Inngest prod sync, concurrent-session schema collisions). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Generations hung forever on "Thinking..." because @inngest/agent-kit@0.8.4 reads the live Inngest step via getAsyncCtx().ctx.step, but inngest 3.54 relocated it to getAsyncCtx().execution.ctx.step. asyncCtx.ctx was undefined, so the agent threw "Cannot read properties of undefined (reading 'step')" during inference. Inngest retried then failed, so no ASSISTANT message was ever written and the client polled indefinitely. inngest can't just be downgraded: <=3.53.1 carries a HIGH-severity advisory (GHSA-2jf5-6wwv-vhxx) that leaks env vars via the serve() handler at /api/inngest. The only working AND secure combination is agent-kit 0.13.x (handles both old and new async-ctx shapes) on patched inngest 3.54.x. - @inngest/agent-kit ^0.8.3 -> ^0.13.2 - zod ^3.25.67 -> ^4.0.0 (agent-kit 0.13 peer requirement; app uses only z.object/z.string/z.array, so drop-in) - inngest kept at ^3.54.0, now a single deduped copy (no nested 3.32.5) Verified locally: typecheck, tests (3/3), production build, single inngest@3.54.2, no high/critical vulns. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
fix: restore app generation (agent-kit 0.13 ↔ inngest 3.54 step compat)
Generated apps failed with "Module not found: Can't resolve '@/lib/utils'"
because the sandbox template was missing lib/utils.ts AND the clsx /
tailwind-merge packages. In the non-interactive Docker build, `shadcn init`
created components.json, the 56 component files (via `add --all`), and the CSS
theme — but never set up the cn() helper or installed its dependencies. Since
every shadcn component imports `cn` from "@/lib/utils", any generated app that
uses a component fails to compile.
Fix: explicitly install clsx + tailwind-merge and write the standard shadcn
lib/utils.ts before the app is moved into place.
Verified by inspecting the live template (no lib/, no clsx/tailwind-merge),
reproducing the exact error in a sandbox (GET /probe -> 500, "Can't resolve
'@/lib/utils'"), applying the fix, and confirming a production `next build` of
a page using cn() + Button/Card/Input compiles successfully.
NOTE: the E2B template must be rebuilt for this to take effect:
e2b template create vibe-nextjs-test-2 -p sandbox-templates/nextjs \
--cmd "/compile_page.sh" \
--ready-cmd "curl -s -o /dev/null http://localhost:3000" \
--cpu-count 2 --memory-mb 1024
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The printf-based heredoc wrote lib/utils.ts as a single line with literal "n" instead of newlines (Dockerfile shell escaping), producing a syntax error: "Expected ';', got 'nimport'". COPY a real file from the build context instead. Verified on the rebuilt template: lib/utils.ts has real newlines and a clean `next build` of a cn() + Button/Card/Input page compiles successfully. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…B cn)
Two production incidents resolved this session, now documented in CLAUDE.md +
docs/gotchas.md:
1. agent-kit/inngest/zod version lock — agent-kit <=0.12 hangs generation on
inngest >=3.54 ("reading 'step' of undefined"); inngest <=3.53 has a HIGH
env-var-leak vuln. Fixed combo: agent-kit >=0.13 + inngest >=3.54 + zod 4 (#5).
2. E2B template missing shadcn cn()/lib/utils.ts + clsx/tailwind-merge — every
generated app failed "Can't resolve '@/lib/utils'". Dockerfile now installs
the deps + COPYs a real utils.ts; rebuild required (#6).
Also corrected the stale "non-exploitable npm audit highs" note — the inngest
high was exploitable and is now cleared.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
fix(e2b): create cn() utility in sandbox template
docs: refresh agent context for the integrated, deployed app
Gate projects.getMany on isSignedIn so the query doesn't fire (and fail unauthorized) on the landing page before auth resolves. projects stays undefined for signed-out users, which the optional-chaining render already handles. Recovered from an uncommitted change in the stripe-credits worktree. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- code/title/reply agents now use gpt-5.5 (was gpt-4.1 / gpt-4o) - drop temperature:0.1 from code agent — gpt-5.5 is a reasoning model and rejects the temperature param (would 400 every generation) - conversation memory take: 5 -> 20 - network maxIter: 15 -> 100 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Root cause: gpt-5.5 ran `tsc` during generation; in the 1GB E2B sandbox that pushed memory over the cgroup limit and the kernel OOM-killer killed next-server. Nothing restarts it, so the preview URL pointed at a dead port 3000 even though the generated code was fine. - prompt.ts: forbid tsc / type-check / build commands (the dev server already compiles on save); explain the OOM consequence. - functions.ts: in get-sandbox-url, verify :3000 responds and restart `next dev` in the background if it died, before returning the URL. Verified against a live OOM'd sandbox: server came back up (HTTP 200). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…istent sessions) Full design for redesigning Vibe's generation engine into a live, streaming, interactive coding-session product: harness-in-sandbox behind a Skarmy edge (broker + provider-agnostic inference gateway + authed preview proxy), append-only Event log canonical with Message/Fragment as read-models, GitHub-App repo-per-project with session branches + explicit Publish, E2B pause/resume + R2 persistence, two-meter billing into the existing wallet, generation fencing/idempotency/leases, phased delivery (0 spikes → 1 internal → 2a/2b/2c → 3), with acceptance criteria, feature-flag/rollback, schema migration order, failure-mode matrix, trust-boundary diagram, non-goals, and scaling triggers. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ntract Adversarial 6-lens review (completeness/consistency/security/distsys/ops/feasibility) applied. Closes blockers: testing-strategy section; sessionToken JWT (subprotocol-only, re-authz on reconnect); viewer-bound preview proxy; egress enforced outside sandbox via git proxy; generation-gated seq allocation (Lua) + durable seqHi (no split-brain); Redis-loss reseed+gen-bump; E2B concurrency admission control; fail-closed budget store; steer redefined to next-turn-boundary (mid-turn deferred to Phase 3). Adds harness integration contract (unix-socket command set, versioned checkpoints, fake harness), versioning/compat, SLO/capacity targets, expanded failure matrix, quantified scaling triggers. 22 sections. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…e 2a foundations - 00-roadmap: phase sequence (0→1→2a→2b→2c→3), dependencies, child-plan map, fake-harness parallelization, integration-milestone gate, feature-flag/rollback runbook, SLO/capacity numeric gates. - phase0-spikes: 8 TDD tasks / 63 steps covering spikes 0.1–0.6 (harness RSS+image, pause/resume incl. #884, adapter-over-unix-socket, browser↔sandbox WSS, harness-through-Anthropic-compatible-gateway, authed preview proxy incl. HMR WS), each with runnable @e2b/code-interpreter scripts + numeric pass/fail + evidence. - phase2a-foundations: 16 tasks / ~91 steps, spec-locked + buildable now against the FAKE HARNESS (zero real-harness dep, legacy path untouched): Prisma M1–M4, normalized protocol/EventKind types, fence-gated seq + idempotency + 3-tier replay broker core, Anthropic-compatible gateway w/ fail-closed budget + idempotent metering, getEngine flag, org-isolation tests incl. cross-org attach. Phases 1/2b/2c/3 to be authored after Phase 0 resolves the real harness/adapter API. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds src/edge/protocol.ts with PROTOCOL_VERSION, MAX_EVENT_PAYLOAD_BYTES, all shared types (EventKindName, SessionStatusName, LifecycleReason, Role, RunMode, NormalizedEvent, TokenFrame, ClientMsg, ServerMsg) and validators (isValidCmdId, payloadByteSize) per design spec. TDD: 7/7 tests pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The user-facing app was already branded Skarmy (title, domain, OG). This renames the remaining internal product references: package.json name, code comments in the edge adapter, the design-system header, and the docs prose. Deliberately NOT renamed (would break or be nonsensical): - visualVibe/designVibe — the English word 'vibe' (a design's feel), not the brand - E2B template names (vibe-live*) — registered infra; renaming breaks provisioning - local Postgres creds (vibe:vibe@/vibe) — local DB identity - skarmyvibe — the repo name itself
Replace ProjectsSidebar with new DashboardSidebar in the home dashboard. Presentational component mirroring Lovable's layout (workspace switcher, Dashboard/Connectors nav, Agents section, Recents, footer cards) in Skarmy's glass aesthetic. Intentionally unwired — design pass only; selection/data wiring to follow.
deploy/edge was deleted; deploy/ now holds only the gateway. README's repository-layout table was the last doc still listing it.
Wire the sidebar 'All agents' tab to an in-page Agents view: a 3-column grid of role cards (developer, marketing, hiring, legal, research, finances, design, customer support) that toggle add/remove. Added agents are lifted to the dashboard page and mirrored as a sub-list under 'All agents' in the sidebar. Selection is local state only (placeholder, not persisted).
Replace the broken dual-biller setup (flat 25c/generation on a dead legacy path + per-token gateway, both hitting one per-user wallet) with a single org-scoped model. App-builder billing: - Wallet re-keyed to orgId; every spend stamps the triggering userId (attribution) - Gateway per-token UsageEvent -> wallet debit is the only charge. Remove the flat consumeCredits path, the free-generation tier, and the dead GatewayMeter / EnvKeyProvider (provider.ts) code - $1 starter grant per org (ensureOrgWallet, idempotent on the orgId PK) - Claude-style subscriptions (Pro/Max5/Max20): gateway is coverage-aware via decideCoverage. Subscribers within their rolling 5h/weekly window are covered with no wallet debit (window = SUM over UsageEvent, no counter table); overage spills to the wallet only when the org opts in - Stripe subscription checkout + billing portal + overage toggle + webhook sync; pricing UI rebuilt with tier cards + live window usage Skarmy API side-product (LiteLLM): - ApiKey model + apiKeys router (create/list/revoke): per-org virtual keys minted against a LiteLLM proxy, budget-capped to the wallet, secret shown once - reconcileApiKey debits LiteLLM spend into the same org wallet (UsageEvent source=API, API_USAGE ledger), re-caps budgets. Cron route + on-revoke settle - docker-compose.litellm.yml + config.yaml, env additions, dashboard UI Migrations applied to LOCAL only; the prod migration is destructive (drops Wallet.userId, wipes per-user balances) — see human_next_steps.md. Docs updated (AGENTS.md data model/tenancy, HANDOFF.md items 6 + 8).
Add the standard gray hover wash to the added-agent rows, a thin left guide line grouping them under the All agents tab, and tighter row spacing so the sub-list reads as part of the nav.
…gnostics Give the discovery agent live web search during the founder interview, routed through MCP, plus a visual diagnostics tool to verify the integration and watch the agent use it. Opt-in via SEARXNG_BASE_URL; no behavior change when unset. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Extract the sign-in card into a shared SignInForm component and render it inline on / when there's no session, instead of only at /sign-in. Lets the sign-in flow be tested end-to-end on the main page. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds AuthUser/AuthSession/AuthAccount/AuthVerification/Organization/Member/ Invitation. Generated from a prod diff, keeping only CREATE statements so it cannot drop existing tables/columns. Already applied to prod Neon via migrate deploy. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Dashboard data is org-scoped (orgProcedure), so a signed-in user with no active organization would hit FORBIDDEN on every query with no recovery path. Gate the home page: redirect to the workspace picker until an active org is set. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Status, remaining prod tasks, drift warning, and verification notes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Ready-to-create GitHub issue summarizing Better Auth prod status and remaining tasks. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Rebuild the Billing (Plans & credits) page in the dashboard's glass/navy aesthetic and mount the DashboardSidebar with a new "Billing" nav item under Connectors. NavRow is now route-aware (renders Link with href, or button with onClick) so Dashboard/Agents keep in-page switching on the dashboard and fall back to links elsewhere; Billing links to /pricing. Home page reads ?view=agents (under Suspense) so "All agents" works when navigated in. All billing logic preserved: balance, subscribe/switch/manage, 5h+week usage bars, overage toggle, credit packs, custom top-up, posthog events, busy-state disabling. Plus a11y: input focus ring + label association, aria-current on active nav.
Better Auth rejects sign-in from random *.vercel.app preview hostnames (403 INVALID_ORIGIN) since Origin != baseURL. Documented in AGENTS.md gotchas: test auth on https://app.skarmy.ai. Adds better-auth skill set. [vercel skip] Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Inline sign-in/sign-up in a single frosted-glass modal (sign-in-form), removing the standalone sign-up page - Add account menu, convergence backdrop, and dev auto-login helper - Restyle the choose-workspace screen to match the auth modal's light palette so the sign-up -> workspace handoff reads as one surface - Update home page, navbar, and sidebars for the new auth surface Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Important Review skippedToo many files! This PR contains 353 files, which is 203 over the limit of 150. To get a review, narrow the scope: Upgrade to a paid plan to raise the limit. ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (14)
📒 Files selected for processing (353)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+10
to
+27
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: oven-sh/setup-bun@v2 | ||
| - run: bun install --frozen-lockfile || bun install | ||
| - run: bunx prisma generate | ||
| # Playbooks: regenerate the registry from the markdown sources. This both validates | ||
| # frontmatter against the taxonomy (a malformed file throws) and fails if the committed | ||
| # registry has drifted from the sources (someone forgot `bun run playbooks:gen`). | ||
| - name: Validate playbooks | ||
| run: | | ||
| bun run playbooks:gen | ||
| git diff --exit-code src/lib/playbooks/registry.generated.ts | ||
| - run: bun run lint | ||
| - run: bun run typecheck | ||
| # `bun run test` runs the package.json script (vitest run); `bun test` would use | ||
| # Bun's native runner, which lacks vi.stubEnv and times out the WS socket tests. | ||
| - run: bun run test |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I approve this message and now we have UI for sign in with better auth working end to end.