- Incremented application version from 2.21.0 to 2.21.2 in package.json.
- Added logic to conditionally show email option in account settings based on enabled authentication methods.
- Updated PersonalAccountSettingsContainer to utilize the new showLinkEmailOption feature flag.
- Refactored migration script to correct delimiter usage for better parsing of migration lines.
* chore: update project dependencies and documentation for Next.js 16
- Upgraded Next.js from version 15 to 16 across various documentation files and components.
- Updated references to Next.js 16 in AGENTS.md and CLAUDE.md for consistency.
- Incremented application version to 2.21.0 in package.json.
- Refactored identity setup components to improve user experience and added confirmation dialogs for authentication methods.
- Enhanced invitation flow with new logic for handling user redirection and token generation.
* refactor: streamline invitation flow in e2e tests
- Simplified the invitation flow test by using a predefined email instead of generating a random one.
- Removed unnecessary steps such as clearing cookies and reloading the page before user sign-up.
- Enhanced clarity by eliminating commented-out code related to identity verification and user membership checks.
* refactor: improve code readability in IdentitiesPage and UpdatePasswordForm components
- Enhanced formatting of JSX elements in IdentitiesPage and UpdatePasswordForm for better readability.
- Adjusted indentation and line breaks to maintain consistent coding style across components.
* refactor: enhance LinkAccountsList component with user redirection logic
- Updated the LinkAccountsList component to include a redirectToPath option in the useLinkIdentityWithProvider hook for improved user experience.
- Removed redundant user hook declaration to streamline the code structure.
* refactor: update account setup logic in JoinTeamAccountPage
- Introduced a check for email-only authentication support to streamline account setup requirements.
- Adjusted the conditions for determining if a new account should set up additional authentication methods, enhancing user experience for new users.
- Incremented application version from 2.20.1 to 2.20.2 in package.json.
- Added captchaSiteKey prop to SignUpPage for enhanced security.
- Refactored captcha field rendering in various authentication components to ensure consistent placement and functionality.
* chore: bump version to 2.20.1 in package.json and refactor layout and form components
- Incremented application version from 2.20.0 to 2.20.1 in package.json.
- Refactored RootLayout to optimize asynchronous calls and introduced getRootClassName function for better class management.
- Updated font handling in getFontsClassName function to streamline class generation.
- Enhanced various authentication form components by replacing Input with EmailInput and PasswordInput for improved consistency and usability.
- Adjusted layout styles in AuthLayoutShell and other components for better responsiveness.
* fix: improve content rendering fallback logic in ContentRenderer component
- Enhanced the ContentRenderer function to explicitly check for the presence of a renderer before returning content.
- Added a fallback mechanism to return raw content as React nodes when no renderer is found, improving robustness and user experience.
* feat: add changelog feature and update site navigation
- Introduced a new Changelog page with pagination and detailed entry views.
- Added components for displaying changelog entries, pagination, and entry details.
- Updated site navigation to include a link to the new Changelog page.
- Enhanced localization for changelog-related texts in marketing.json.
* refactor: enhance Changelog page layout and entry display
- Increased the number of changelog entries displayed per page from 2 to 20 for better visibility.
- Improved the layout of the Changelog page by adjusting the container styles and removing unnecessary divs.
- Updated the ChangelogEntry component to enhance the visual presentation of entries, including a new date badge with an icon.
- Refined the CSS styles for Markdoc headings to improve typography and spacing.
* refactor: enhance Changelog page functionality and layout
- Increased the number of changelog entries displayed per page from 20 to 50 for improved user experience.
- Updated ChangelogEntry component to make the highlight prop optional and refined the layout for better visual clarity.
- Adjusted styles in ChangelogHeader and ChangelogPagination components for a more cohesive design.
- Removed unnecessary order fields from changelog markdown files to streamline content management.
* feat: enhance Changelog entry navigation and data loading
- Refactored ChangelogEntry page to load previous and next entries for improved navigation.
- Introduced ChangelogNavigation component to facilitate navigation between changelog entries.
- Updated ChangelogDetail component to display navigation links and entry details.
- Enhanced data fetching logic to retrieve all changelog entries alongside the current entry.
- Added localization keys for navigation text in marketing.json.
* Update package dependencies and enhance documentation layout
- Upgraded various packages including @turbo/gen and turbo to version 2.6.0, and react-hook-form to version 7.66.0.
- Updated lucide-react to version 0.552.0 across multiple packages.
- Refactored documentation layout components for improved styling and structure.
- Removed deprecated loading components and adjusted navigation elements for better user experience.
- Added placeholder notes in changelog entries for clarity.
* Upgraded to Next.js 16
* Refactored code to comply with React 19.2 ESLint rules
* Refactored some useEffect usages with the new useEffectEvent
* Added Identities page and added second step to set up an identity after accepting an invitation
* Updated all dependencies
* Introduced PNPM catalogs for some frequently updated dependencies
* Bugs fixing and improvements
- Incremented application version from 2.18.1 to 2.18.2 in package.json.
- Refactored GlobalErrorPage component to improve structure and readability, encapsulating the error content in a separate function and ensuring proper HTML semantics.
- Bumped application version from 2.17.0 to 2.17.1 in package.json.
- Updated Node.js engine requirement from >=v18.18.0 to >=20.10.0.
- Upgraded Supabase dependency from 2.47.2 to 2.48.3 in both package.json and pnpm-lock.yaml.
- Updated schema-utils from 4.3.2 to 4.3.3 in pnpm-lock.yaml.
- Changed major version in Supabase configuration from 15 to 17.
* Enhance Marketing Pages and UI Components
- Updated the marketing homepage to include an Ecosystem Showcase component, improving the presentation of the SaaS Starter Kit.
- Refined various UI components, including adjustments to spacing, typography, and layout for better visual consistency.
- Improved accessibility by adding aria-labels and ensuring proper semantic structure in components.
- Adjusted styles across multiple components to enhance responsiveness and user experience.
- Updated the pricing table and feature cards to align with the new design standards, ensuring a cohesive look and feel throughout the application.
- Updated plan picker design
- Added Feature Policy API: a declarative system to enable/disable/modify default behavior in the SaaS kit
- Team invitation policies with pre-checks using the Feature Policy API: Invite Members dialog now shows loading, errors, and clear reasons when invitations are blocked
- Version bump to 2.16.0 and widespread dependency updates (Supabase, React types, react-i18next, etc.).
- Added comprehensive docs for the new policy system and orchestrators.
- Subscription cancellations now trigger immediate invoicing explicitly
- Removed `react-is` and `require-in-the-middle` overrides from `package.json` and `pnpm-lock.yaml`.
- Updated various dependencies across multiple packages, including `@types/node` to `^24.5.2`, `react-hook-form` to `^7.63.0`, and `@ai-sdk/openai` to `^2.0.32`.
- Deleted the `loading.tsx` component from the admin accounts directory, streamlining the codebase.
- Adjusted `playwright.config.ts` to use a configurable number of workers for CI environments, enhancing test performance.
- Improved error handling in user ban and reactivation dialogs to provide clearer feedback to the admin user.
- Use ESM for building the MCP Server
- Added own Postgres dependency to MCP Server for querying tables and other entities in MCP
- Vastly improved AI Agent rules
- Added MCP Prompts for reviewing code and planning features
- Minor refactoring
* Update AGENTS.md and CLAUDE.md for improved clarity and structure
* Added MCP Server
* Added missing triggers to tables that should have used them
* Updated all dependencies
* Fixed rare bug in React present in the Admin layout which prevents navigating to pages (sometimes...)
* feat(docs): add interactive examples and API references for Button, Card, and LoadingFallback components
- Updated dependencies
- Set `retries` to a fixed value of 3 for consistent test retries across environments.
- Increased `timeout` from 60 seconds to 120 seconds to allow more time for tests to complete.
- Reduced `expect` timeout from 10 seconds to 5 seconds for quicker feedback on assertions.
- Incremented version in package.json from 2.12.1 to 2.12.2.
- Updated the UpdatePasswordPage component to utilize the new requireUser function for improved user session handling.
- Refactored requireUser function to include a next parameter for redirecting after authentication failures, enhancing user experience.
- Introduced a helper function getRedirectTo for cleaner redirect logic.
* chore(version): bump version to 2.12.1 and update auth middleware to use getClaims instead of getUser
- Incremented version in package.json from 2.12.0 to 2.12.1.
- Refactored middleware to replace supabase.auth.getUser() with supabase.auth.getClaims() for improved claims handling.
- Updated user checks in middleware to validate claims instead of user object.
* refactor(middleware): update user authentication to utilize getClaims for improved claims validation
- Replaced calls to supabase.auth.getUser() with supabase.auth.getClaims() in middleware for better claims handling.
- Adjusted user validation checks to ensure claims are used instead of the user object, enhancing security and consistency in authentication flow.
* refactor(auth): update VerifyPage to use getClaims for user validation
- Replaced the use of supabase.auth.getUser() with supabase.auth.getClaims() in the VerifyPage component for improved claims handling.
- Adjusted user validation logic to check for claims instead of the user object, enhancing security and consistency in the authentication flow.
* refactor(auth): replace Supabase `User` type with new `JWTUserData` type across the codebase
- Replaced usage of Supabase's `User` type with the newly defined `JWTUserData` type for better type mapping and alignment with JWT claims.
- Refactored session-related components and hooks (`useUser`, `requireUser`) to use the updated user structure.
- Updated Supabase client keys to use `publicKey` instead of `anonKey`.
- Adjusted multi-factor authentication logic and components to use `aal` and additional properties.
- Applied consistent naming for Supabase secret key functions.
- Incremented version to 2.12.0.
- Introduced a new `deprecated` property in the `EnvVariableModel` type to handle deprecated environment variables.
- Updated the `EnvList` component to display a warning badge for deprecated variables, including reason and alternative suggestions.
- Enhanced filtering logic to allow users to toggle the visibility of deprecated variables.
- Added new deprecated variables for Supabase keys with appropriate reasons and alternatives.
- Added support for filtering deprecated environment variables in the `FilterSwitcher` component.
- Updated the `Summary` component to display a badge for the count of deprecated variables.
- Introduced a button to filter and display only deprecated variables.
- Adjusted filtering logic to include deprecated variables in the overall state management.
add BILLING_MODE configuration to environment variables
- Introduced a new environment variable `BILLING_MODE` to configure billing options for the application.
- The variable supports two values: `subscription` and `one-time`.
- Marked as deprecated with a reason indicating that this configuration is no longer required, as billing mode is now automatically determined.
- Added validation logic for the new variable to ensure correct value parsing.
* Update billing page data handling and version bump to 2.12.0
- Refactored billing page components to streamline data loading for subscriptions and orders.
- Introduced `getProductPlan` function to encapsulate product plan resolution logic.
- Updated `package.json` version from 2.11.0 to 2.12.0.
- Bumped dependencies: `lucide-react`, `react-hook-form`, `@supabase/supabase-js`, `@tanstack/react-query`, `@sentry/nextjs`, and more.
- Added `react-dropzone` to `@kit/ui` for file upload support.
- Adjusted `reset-password.html` to streamline style usage and HTML structure.
- Added new translation keys for file upload functionality.
- Cleaned up import order in `existing-account-hint.tsx`.
- Export `MultiFactorAuthError` from `require-user` for reuse.
- Implement MFA handling during team invitations' sign-in flow.
- Add E2E test for team invitation flow with MFA.
- Update components to improve i18n translation handling.
* Refactor sign-in flow to ensure fallback return paths
Updated logic to use fallback values for `returnPath` to prevent potential undefined behavior. Improved consistency in handling default paths during sign-in and redirection processes.
* Add Cloudflare generator with Wrangler and OpenNext support
This update introduces a new Cloudflare generator to streamline configuration and deployment via Wrangler and OpenNext. It registers the necessary templates, modifies project files, and adds Cloudflare-specific scripts and dependencies to the package.json. Additionally, .hbs files are updated in .prettierignore for formatting consistency.
* Add GitHub username prompt and improve setup scripts
Introduce a prompt for GitHub username to personalize project setup. Enhance the setup scripts by adding PNPM verification, configuring `upstream` remote, and removing the `origin` remote. Adjust health check and error handling for better reliability.
* Add Dockerfile generator to turbo generators
Introduced a new generator to create Dockerfile configurations for standalone Next.js applications. This includes modifying `next.config.mjs` for standalone output, updating dependencies in `package.json`, and adding a Dockerfile template. The generator is now registered in the turbo setup.
* Add console-based logger implementation. This is required for edge environments such as Cloudflare.
* Remove deprecated Supabase client utilities
The `server-actions-client`, `route-handler-client`, and `server-component-client` utilities have been removed in favor of `getSupabaseServerClient`. This simplifies and consolidates the API, ensuring consistency across server-side usage. Version bumped to 2.9.0 to reflect breaking changes.
* Update team member check in join page to use RPC call
Replaces direct API call with an RPC function to verify if a user is already a team member. This improves efficiency and ensures consistency with database operations.
* Add CSP nonce support and enhance security headers
Introduced secure headers and CSP nonce to improve app security by integrating `@nosecone/next`. Updated middleware, root providers, and layout to handle nonce propagation, enabling stricter CSP policies when configured. Also upgraded dependencies and tooling versions.
* Add OTP and security guidelines documentation and additional checks on client-provided values
- Introduced additional checks on client-provided values such as cookies
- Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations.
- Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling.
These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices.
* Update Stripe SDK and dependencies
1. Upgrade `stripe` package from version 17.7.0 to 18.0.0 in `package.json`.
2. Update `STRIPE_API_VERSION` in `stripe-sdk.ts` to '2025-03-31.basil'.
3. Refactor `StripeWebhookHandlerService` to retrieve subscription details using Supabase client, ensuring compatibility with the new Stripe version.
4. Introduce helper methods `getPeriodStartsAt` and `getPeriodEndsAt` for better handling of subscription periods based on the Stripe API changes.
These changes enhance the integration with the latest Stripe API and improve the overall reliability of the billing service.
* Refactor billing payload builders to remove config dependency
Removed direct dependency on `BillingConfig` in subscription payload builders.
Introduced `PlanTypeMap` to streamline plan type resolutions. Updated webhook handlers and event processing functions to handle plan types more efficiently and improve extensibility.
* Refactor Stripe subscription handling for improved accuracy
1. Add user creation and password reset dialog functionalities; added Junie guidelines
Introduced new `AdminCreateUserDialog` and `AdminResetPasswordDialog` components for managing user accounts in the admin panel. Updated the `AdminAccountsTable` page with a button for user creation and implemented backend logic for password resets with robust error handling.
2. Added Jetbrains AI guidelines
* Add OTP and security guidelines documentation and additional checks on client-provided values
- Introduced additional checks on client-provided values such as cookies
- Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations.
- Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling.
These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices.
* Add OTP API documentation and enhance security guidelines
- Introduced comprehensive documentation for the OTP API, detailing the creation and verification of OTP tokens for sensitive operations.
- Enhanced security guidelines for Next.js, emphasizing the importance of input validation, environment variable management, and error handling.
- Implemented additional checks for client-provided values to improve overall security posture.
These updates provide clear instructions for developers and strengthen the project's security framework.
1. Marketing Layout: speed up rendering by retrieving user session from cookies instead of using server side request
2. Use "redirecting" state when signing in to keep displaying a loading state while Next.js redirects to home page
3. Use "useCallback" to prevent double tracking when switching pages
4. Add links pre-fetching in marketing navigation
5. Add new pending state to MFA verification form
6. Pre-fetch sign-in/sign-up pages
7. Fix i18n when using regional languages
8. currency formatter should default to the region if it exists
9. Update packages
1. Update data loaders (#223)
2. Use new data loader functionality to allow filtering by both name and email in Super Admin
3. Update test to use email filtering
* Set default oAuth scopes for azure and keycloak. Allow passing custom query parameters from the OauthProviders component.
* Pass return path if a next query parameter is provided. Use home path otherwise.
* Allow Super Admin to view tables using RLS
* Replace previous usages of the Admin client using the authed client using the new RLS
* Enforce MFA for Super Admin users
* Enforce RLS when user opted in to MFA.
* Add Super Admin Access Policies and Update Database Types
* Consolidate super admin logic into a single function that uses the RPC is_super_admin
* Added Super Admin E2E tests
* Fixes and improvements
* Bump version to 2.5.0
One-Time Password (OTP) package added with comprehensive token management, including OTP verification for team account deletion and ownership transfer.
