Version 3 of the kit:
- Radix UI replaced with Base UI (using the Shadcn UI patterns)
- next-intl replaces react-i18next
- enhanceAction deprecated; usage moved to next-safe-action
- main layout now wrapped with [locale] path segment
- Teams only mode
- Layout updates
- Zod v4
- Next.js 16.2
- Typescript 6
- All other dependencies updated
- Removed deprecated Edge CSRF
- Dynamic Github Action runner
* chore: bump version to 2.23.13 and update dependencies
- Updated application version from 2.23.12 to 2.23.13 in package.json.
- Upgraded several dependencies including @marsidev/react-turnstile to 1.4.2, @next/bundle-analyzer to 16.1.6, @next/eslint-plugin-next to 16.1.6, and others for improved functionality and security.
- Adjusted package versions in pnpm-lock.yaml and pnpm-workspace.yaml for consistency across the project.
- Removed unused AI translation functionality from translations-comparison component to streamline the codebase.
* refactor: clean up code formatting and update Stripe API version
- Removed unnecessary blank lines in LineItemDetails component for improved readability.
- Enhanced formatting in PricingItem component for better clarity.
- Updated Stripe API version from '2025-12-15.clover' to '2026-01-28.clover' for compatibility with the latest features.
- Adjusted i18n initialization in email templates for consistency.
- Reformatted props in AdminReactivateUserDialog for better structure.
- Cleaned up type imports in ImageUploadInput component.
* chore: bump version to 2.23.2 and enhance team account creation
- Updated application version from 2.23.1 to 2.23.2 in package.json.
- Enhanced team account creation to support slugs for non-Latin names, including validation and UI updates.
- Updated localization files to reflect new slug requirements and error messages.
- Refactored related schemas and server actions to accommodate slug handling in team account creation and updates.
* refactor: remove old trigger and function for adding current user to new account
- Dropped the trigger "add_current_user_to_new_account" and the associated function from the database schema.
- Updated permissions for the function public.create_team_account to ensure proper access control.
* chore: bump version to 2.22.1 and update dependencies
- Updated application version from 2.22.0 to 2.22.1 in package.json.
- Updated various dependencies including @marsidev/react-turnstile to 1.4.1, @stripe/react-stripe-js to 5.4.1, @stripe/stripe-js to 8.6.1, and react-hook-form to 7.70.0.
- Adjusted lucide-react version to be referenced from the catalog across multiple package.json files.
- Enhanced consistency in pnpm-lock.yaml and pnpm-workspace.yaml with updated package versions.
* chore: bump version to 2.23.0 and update dependencies
- Updated application version from 2.22.1 to 2.23.0 in package.json.
- Upgraded turbo dependency from 2.7.1 to 2.7.3 in package.json and pnpm-lock.yaml.
- Enhanced end-to-end testing documentation in AGENTS.md and CLAUDE.md with instructions for running tests.
- Updated AuthPageObject to use a new secret for user creation in auth.po.ts.
- Refactored team ownership transfer and member role update dialogs to close on success.
- Improved error handling for weak passwords in AuthErrorAlert component.
- Adjusted database schemas and tests to reflect changes in invitation policies and role management.
* feat: add validation for team names to restrict non-Latin characters
- Implemented a new test case to ensure team accounts cannot be created using non-Latin characters, including Cyrillic, Chinese, Japanese, Arabic, and emoji.
- Updated the team name schema to include a regex validation for Latin characters only.
- Added corresponding error message in the localization file for non-Latin character restrictions.
* chore: bump version to 2.21.18 in package.json
* - Replaced Supabase local environment variables
- Updates packages
- Force Zod v3 if peer deps require Zod v4
- Updated Dev Tool
* Use correct field for pnpm overrides
* Fix inaccuracies in the Agents files; fix type casting in `useForm`
* Updated lock file
* Be more specific when intercepting POST request in flaky e2e test
* chore: bump version to 2.21.13 and update dependencies
- Updated application version from 2.21.12 to 2.21.13 in package.json.
- Upgraded dependencies including @next/bundle-analyzer and @next/eslint-plugin-next to 16.0.8.
- Incremented @supabase/supabase-js to version 2.87.1 across multiple package.json files.
- Updated @types/node to version 24.10.2 for consistency in pnpm-lock.yaml and pnpm-workspace.yaml.
- Adjusted various package.json files to reflect updated versions for @ai-sdk/openai and @marsidev/react-turnstile.
* refactor: enhance invitation form submission handling
- Updated the invitation form submission process to wait for the response from the server after clicking the submit button, ensuring that the request is completed before proceeding.
- Cleaned up the locator for the continue button for improved readability.
* chore: bump version to 2.21.12 and implement safe redirect path validation
- Updated application version from 2.21.11 to 2.21.12 in package.json.
- Introduced `getSafeRedirectPath` and `isSafeRedirectPath` utility functions to validate user-supplied redirect URLs, enhancing security against open redirect attacks.
* fix: address page reload issue in Admin tests for CI
* chore: update project dependencies and documentation for Next.js 16
- Upgraded Next.js from version 15 to 16 across various documentation files and components.
- Updated references to Next.js 16 in AGENTS.md and CLAUDE.md for consistency.
- Incremented application version to 2.21.0 in package.json.
- Refactored identity setup components to improve user experience and added confirmation dialogs for authentication methods.
- Enhanced invitation flow with new logic for handling user redirection and token generation.
* refactor: streamline invitation flow in e2e tests
- Simplified the invitation flow test by using a predefined email instead of generating a random one.
- Removed unnecessary steps such as clearing cookies and reloading the page before user sign-up.
- Enhanced clarity by eliminating commented-out code related to identity verification and user membership checks.
* refactor: improve code readability in IdentitiesPage and UpdatePasswordForm components
- Enhanced formatting of JSX elements in IdentitiesPage and UpdatePasswordForm for better readability.
- Adjusted indentation and line breaks to maintain consistent coding style across components.
* refactor: enhance LinkAccountsList component with user redirection logic
- Updated the LinkAccountsList component to include a redirectToPath option in the useLinkIdentityWithProvider hook for improved user experience.
- Removed redundant user hook declaration to streamline the code structure.
* refactor: update account setup logic in JoinTeamAccountPage
- Introduced a check for email-only authentication support to streamline account setup requirements.
- Adjusted the conditions for determining if a new account should set up additional authentication methods, enhancing user experience for new users.
* Upgraded to Next.js 16
* Refactored code to comply with React 19.2 ESLint rules
* Refactored some useEffect usages with the new useEffectEvent
* Added Identities page and added second step to set up an identity after accepting an invitation
* Updated all dependencies
* Introduced PNPM catalogs for some frequently updated dependencies
* Bugs fixing and improvements
- Removed the test for displaying personal account details in the admin E2E tests to streamline the test suite.
- Added TODO comments to reload the page as a temporary measure until the related issue is resolved.
- Improved overall test clarity and maintainability by focusing on essential user flows.
- Added Feature Policy API: a declarative system to enable/disable/modify default behavior in the SaaS kit
- Team invitation policies with pre-checks using the Feature Policy API: Invite Members dialog now shows loading, errors, and clear reasons when invitations are blocked
- Version bump to 2.16.0 and widespread dependency updates (Supabase, React types, react-i18next, etc.).
- Added comprehensive docs for the new policy system and orchestrators.
- Subscription cancellations now trigger immediate invoicing explicitly
* Enhance E2E Tests and Configuration
- Updated `.gitignore` to exclude `.auth/` directory for cleaner test environment.
- Added `test:fast` script in `package.json` for faster Playwright test execution.
- Configured Playwright to include a setup project for initializing tests.
- Introduced `AUTH_STATES` utility for managing authentication states in tests.
- Created `auth.setup.ts` for user authentication tests, ensuring proper login flows.
- Refactored various test files to utilize the new authentication state management, improving test reliability and maintainability.
- Adjusted team and user billing tests to streamline setup and enhance clarity.
- Refactored some dialogs
* Update AGENTS.md and CLAUDE.md for improved clarity and structure
* Added MCP Server
* Added missing triggers to tables that should have used them
* Updated all dependencies
* Fixed rare bug in React present in the Admin layout which prevents navigating to pages (sometimes...)
* fix: enhance DataTable pagination examples and improve display logic
- Added a note in the DataTableStory component to clarify that examples show only the first page of data for demonstration purposes.
- Adjusted pagination examples to reflect smaller datasets, changing the displayed data slices for better clarity and testing.
- Updated the Pagination component to calculate and display the current record range more accurately based on the current page index and size.
* chore(dependencies): update package versions for improved compatibility
- Upgraded `@supabase/supabase-js` from `2.55.0` to `2.57.0` for enhanced functionality and performance.
- Bumped `@tanstack/react-query` from `5.85.5` to `5.85.9` to incorporate the latest improvements.
- Updated `ai` from `5.0.28` to `5.0.30` for better performance.
- Incremented `nodemailer` from `7.0.5` to `7.0.6` for stability.
- Updated `typescript-eslint` from `8.41.0` to `8.42.0` for improved type definitions and linting capabilities.
- Adjusted various package dependencies across multiple components to ensure compatibility and stability.
* chore(dependencies): update package versions for improved compatibility
- Upgraded `@ai-sdk/openai` from `2.0.23` to `2.0.24` for enhanced functionality.
- Bumped `@tanstack/react-query` from `5.85.9` to `5.86.0` to incorporate the latest improvements.
- Updated `ai` from `5.0.30` to `5.0.33` for better performance.
- Incremented `@types/node` from `24.3.0` to `24.3.1` for type safety enhancements.
- Updated `dotenv` from `17.2.1` to `17.2.2` for stability.
- Adjusted `tailwindcss` and related packages to `4.1.13` for improved styling capabilities.
- Updated `react-i18next` from `15.7.3` to `15.7.3` to include the latest localization fixes.
- Incremented `@sentry/nextjs` from `10.8.0` to `10.10.0` for enhanced monitoring features.
- Updated various package dependencies across multiple components to ensure compatibility and stability.
* fix(config): conditionally disable `devIndicators` in CI environment
* feat(settings): encapsulate danger zone actions in a styled card component
- Introduced a new `DangerZoneCard` component to enhance the visual presentation of danger zone actions in the team account settings.
- Updated `TeamAccountDangerZone` to wrap deletion and leave actions within the `DangerZoneCard` for improved user experience.
- Removed redundant card structure from `TeamAccountSettingsContainer` to streamline the component hierarchy.
* fix(e2e): improve admin account tests for response handling and visibility checks
- Enhanced the admin test suite by adding a check for the POST request method when waiting for the response from the `/admin/accounts` endpoint.
- Reduced wait times in the `filterAccounts` function for improved test performance.
- Updated the `selectAccount` function to ensure the account link is visible before clicking, enhancing reliability in the test flow.
* chore(dependencies): update package versions for improved compatibility
- Upgraded `@supabase/supabase-js` from `2.57.0` to `2.57.2` for enhanced functionality and performance.
- Bumped `@tanstack/react-query` from `5.86.0` to `5.87.1` to incorporate the latest improvements.
- Updated `i18next` from `25.5.1` to `25.5.2` for better localization support.
- Incremented `eslint` from `9.34.0` to `9.35.0` for improved linting capabilities.
- Adjusted various package dependencies across multiple components to ensure compatibility and stability.
* feat(admin): enhance user ban and reactivation actions with success handling
- Updated `AdminBanUserDialog` and `AdminReactivateUserDialog` components to handle success states based on the results of the respective actions.
- Modified `banUserAction` and `reactivateUserAction` to return success status and log errors if the actions fail.
- Introduced `revalidatePage` function to refresh the user account page after banning or reactivating a user.
- Improved error handling in the dialogs to provide better feedback to the admin user.
* feat(admin): refactor user ban and reactivation dialogs for improved structure and error handling
- Introduced `BanUserForm` and `ReactivateUserForm` components to encapsulate form logic within the respective dialogs, enhancing readability and maintainability.
- Updated the `AdminBanUserDialog` and `AdminReactivateUserDialog` components to utilize the new form components, streamlining the user interface.
- Enhanced error handling to provide clearer feedback to the admin user during ban and reactivation actions.
- Removed unnecessary revalidation calls in the server actions to optimize performance and maintain clarity in the action flow.
- Added `@types/react-dom` dependency for improved type definitions.
* refactor(admin): streamline user dialogs and server actions for improved clarity
- Removed unnecessary `useRouter` imports from `AdminBanUserDialog` and `AdminReactivateUserDialog` components to simplify the code.
- Updated `revalidateAdmin` function calls to use `revalidatePath` with specific paths, enhancing clarity in the server actions.
- Ensured that the user dialogs maintain a clean structure while focusing on form logic and error handling.
* feat(docs): add interactive examples and API references for Button, Card, and LoadingFallback components
- Updated dependencies
- Set `retries` to a fixed value of 3 for consistent test retries across environments.
- Increased `timeout` from 60 seconds to 120 seconds to allow more time for tests to complete.
- Reduced `expect` timeout from 10 seconds to 5 seconds for quicker feedback on assertions.
- Export `MultiFactorAuthError` from `require-user` for reuse.
- Implement MFA handling during team invitations' sign-in flow.
- Add E2E test for team invitation flow with MFA.
- Update components to improve i18n translation handling.
* Update dependencies across all packages
Updated multiple dependencies to their latest versions to ensure compatibility, security, and performance improvements. This includes packages like @supabase/supabase-js, @tanstack/react-query, @types/react, and zod across various projects.
* Update selector for Stripe form submission button
Replaced the form button selector with a `data-testid` attribute selector for improved reliability and maintainability. This ensures the test is less prone to breaks from UI changes.
1. Update data loaders (#223)
2. Use new data loader functionality to allow filtering by both name and email in Super Admin
3. Update test to use email filtering
1. Update dependencies
2. Use cssnano for production
3. Assign an environment variable to Sentry's environment settings
4. `Pill` now accepts React Nodes so we can pass translations using Trans component
5. Switch to mailpit API during tests
6. Do not require Email Sender to be of type email and add proper error messages
* Add validation for team account names
- Prevent creating teams with reserved names like 'billing' and 'settings'
- Add regex validation to block team names with special characters
- Update localization for new error messages
- Extend E2E tests to cover various invalid team name scenarios
* Enhance team account name validation and slug generation
- Add comprehensive tests for account slug generation in Supabase
- Improve team name validation schema to handle special characters
- Add form validation message display in update team account name form
- Refine slug generation to handle various edge cases like special characters, non-ASCII text, and mixed case
* Allow Super Admin to view tables using RLS
* Replace previous usages of the Admin client using the authed client using the new RLS
* Enforce MFA for Super Admin users
* Enforce RLS when user opted in to MFA.
* Add Super Admin Access Policies and Update Database Types
* Consolidate super admin logic into a single function that uses the RPC is_super_admin
* Added Super Admin E2E tests
* Fixes and improvements
* Bump version to 2.5.0
One-Time Password (OTP) package added with comprehensive token management, including OTP verification for team account deletion and ownership transfer.
1. Handle expired links on signup
2.Reject invitations when user is already a member
3. Make sure not to display errors due to Next.js redirection during team creation
4. Fix documentation sidebar
In this update, several end-to-end (e2e) tests were refactored to use Promise.all for parallel execution of operations. This was done to improve the efficiency and stability of the tests, as waiting for each operation one by one could cause bottlenecks and potential failures in the test execution. Receives and click actions were grouped together to allow them to be executed concurrently where possible. The changes were applied across different test scenarios.
Several changes have been made to optimize the testing and validation workflows. The end-to-end tests for user billing, invitations, account, team billing, and team accounts have been retouched for improved performance and better accuracy. There has been a minor modification in the validation rules for plan-picker in the billing component. Furthermore, modifications are made to several utility functions to fine-tune their operations.
The redundant console.log statement that was previously used for debugging, was removed from the auth.po.ts file of authentication tests. This change keeps the code cleaner and prevents unnecessary output during testing.
This commit contains several changes including the removal of an unused onClick event handler in remove-member-dialog.tsx. It also includes an update to the POST handler in the Webhook route of the database API where the authentication property has been updated. Lastly, it also brings improvements in error handling and logging in various areas, such as e2e authentication tests and the mailbox utility.
This commit includes three main changes. First, it updates the Zod library from version 3.23.4 to 3.23.5 across all relevant packages. Second, code readability has been enhanced by formatting modifications in several TypeScript files. Lastly, the user feedback on certain operations such as creating a team or charging for a payment is strengthened, by displaying an awaiting indicator until the operation is complete.
The commit updates the expected billing status from 'Trial' to 'Active' in both user-billing and team-billing end-to-end tests. Additionally, it changes the import order in both test files but doesn't affect any functionalities.
Altered import order and formatting in the invitations.spec.ts file. Additionally, the text used for member-role-badge assertion tests has been capitalized to match the correct output. All changes were made to improve code readability and testing accuracy.
Changes include updating the user and team billing specs to increase visibility timeout and alter navigation route post-billing. Minor adjustments have been made to the page aesthetics and redirection logic. Also, refactored import statements for code organization purposes. Changes in the build script are also reflected in the commit.
The code changes incorporate UI updates for better usability and user experience. E2E test scripts(in `user-billing.spec.ts` and `team-billing.spec.ts`) were also updated for improved efficiency and accuracy, primarily replacing 'Active' status check with 'Trial'. Changes have been made in the trialDays configuration, with the term 'trialPeriod' now replaced by 'trialDays' across different components. Notably, a new error handling case is included in `lemon-squeezy-billing-strategy.service.ts` for failed subscription cancellation attempts.
Updated the locator for the 'manageBillingButton' in the end-to-end billing test. Instead of an id, the locator now targets a data property. This change was also reflected in the Button component within 'billing-portal-card.tsx' where the attribute data-test was added for test recognition.
Updated end-to-end tests to adjust for changes in user and team billing. Changes include adding await for URL on user-billing.spec.ts and adjusting selectors in billing.po.ts and team-accounts.po.ts. Additionally, we updated test parameters on team-billing.spec.ts.
The end-to-end tests have been refactored for clarity and maintainability. This includes changes in how the 'Billing' link is accessed, addition of comments and small coding improvements. Moreover, the test timeout has been reduced from 2 minutes to 1 for efficiency. Changes were also applied to the text content in locales file and minor fixes in component styling.
The commit changes the expected text for billing status in both 'user-billing.spec.ts' and 'team-billing.spec.ts' from 'active' to 'Active'. In addition, the waiting time for the page to return to home in 'billing.po.ts' has been increased from 500ms to 1000ms to improve testing reliability.
Updated the user billing process to add a return to home function and redirect users to their specific account page after payment. Enhanced error handling in the billing event handler to handle scenarios where no account id is found in the subscription. Removed unused billing page object from the stripe page object.
