Skip to content

Releases: Artificer-Innovations/BeakerStack

2026.006

04 Jun 00:31
@github-actions github-actions
2026.006
254563d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2026.006 Latest
Latest

CalVer release notes

Summary

This promotion brings three commits to production since CalVer tag 2026.005: a security patch for React Router, targeted code-quality fixes in setup and mobile help flows, and restored 100% package test coverage after the Vitest 4 upgrade. The headline change for adopters is upgrading react-router-dom to 6.30.4, which addresses open-redirect vulnerability CVE-2026-40181. There are no new database migrations, required secrets, or pending npm changesets in this release.

Highlights

  • Security: Upgrade react-router-dom to 6.30.4 across web, admin, and articles packages (CVE-2026-40181) (#398)
  • Mobile: Scope lazy-loaded ProfileEditor state to the component instead of module-level mutable state (#399)
  • Setup & help: Use path-based main-module detection in setup-full.mjs; parse help markdown synchronously via marked.lexer / marked.parser (#399)
  • Testing / CI: Restore 100% package coverage under Vitest 4 with targeted tests for async cancellation, dynamic import fallbacks, and edge-case branches in billing, admin, connections, observability, kit, shared, and waitlist packages (#400)

Stats: 3 commits, +453 / −42 lines across 21 files.

Adopter notes

Area Action
Secrets None new
Database No new migrations
Likely merge conflicts package-lock.json, apps/web/package.json, packages/admin/package.json, packages/articles/package.json (react-router bump); fork-customized scripts/setup-full.mjs, apps/mobile/src/screens/ProfileScreen.tsx
npm packages None — no pending changesets

2026.006 — 2026-06-04

Fixes

  • Restore 100% package coverage after Vitest 4 upgrade (#400) (#400)

  • Address Copilot coverage test quality on #401 (#402) (#402)

Assets 2
Loading

2026.005

03 Jun 21:24
@github-actions github-actions
2026.005
3a6da1b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2026.005

CalVer release notes

Summary

This promotion advances BeakerStack from CalVer 2026.004 with three new content and social packages, a full user-connections feature on web, and OAuth profile sync so Google/Apple sign-in populates display name and avatar automatically. Adopters get markdown-driven Help and Articles pages (with prerender/SEO), a Connections UI backed by new Supabase RPCs and RLS, and setup-wizard support for syncing Supabase service role keys into GitHub Actions. Apply five new database migrations and regenerate TypeScript types after merging; forks that customize nav, adopter content, or CI secrets should review the adopter notes below.

Highlights

Packages

  • @beakerstack/connections — connection requests, incoming/outgoing status, username search, and discoverability hooks with web components and Supabase client helpers (#393)
  • @beakerstack/help — build-time markdown help center with accordion UI, search, and feedback form (#391)
  • @beakerstack/articles — build-time articles with frontmatter schema, related-post logic, sanitized HTML, SEO head tags, and sitemap generation (#391)
  • Shared slug helpers slugBaseFromBrandingText / slugBaseFromAppConfigText with unit tests (#384)

Web & auth

  • Connections page (/connections) and profile discoverability controls integrated into the web app (#393)
  • Help (/help) and Articles index, tag, and detail routes with prerender script and nav links (#391)
  • OAuth display name and avatar sync into user_profiles on signup and backfill on later sign-in when fields are empty; documented in docs/OAUTH.md (#392)

Database

  • OAuth profile sync trigger and backfill (20260531120200_oauth_profile_sync.sql)
  • User discoverability column and connections v1 schema with search and enum-based discoverability (#393)

CI & tooling

  • Setup wizard syncs staging, production, and preview Supabase service role keys to GitHub Actions secrets (#386)
  • CI fails when generated help or articles content is stale; new unit-coverage shards for help, articles, and connections
  • Security: Vitest upgraded to 4.1.8 (#394); tmp overridden to ^0.2.6 for CVE-2026-44705 (#390)

Adopter notes

Area Action
Secrets Setup wizard now syncs STAGING_SUPABASE_SERVICE_ROLE_KEY, PRODUCTION_SUPABASE_SERVICE_ROLE_KEY, and PR_TESTING_SUPABASE_SERVICE_ROLE_KEY to GitHub Actions (#386). Re-run setup or add these manually if CI/integration tests need service-role access — see github-actions-secrets.md.
Database Apply migrations: 20260531120200_oauth_profile_sync.sql, 20260601155900_user_profiles_is_discoverable.sql, 20260601160000_bs_connections_v1.sql, 20260602130000_connections_search_exact_username.sql, 20260603140000_connection_discoverability_enum.sql. Run npm run gen:types (or your usual Supabase typegen) after applying.
Likely merge conflicts adopter/content/**, adopter/config/landing-seo.ts, apps/web/src/components/landing/sections/Nav.tsx, apps/web/src/App.tsx, package.json (new lint/test/coverage scripts), apps/web/src/types/database.ts, scripts/lib/setup-manifest.mjs
npm packages No pending changesets on develop

7 commits, +10,940 / −483 lines since 2026.004.

2026.005 — 2026-06-03

Features

  • Add @beakerstack/help and @beakerstack/articles packages (#391) (#391)

  • Add @beakerstack/connections package and template integration (#393) (#393)

  • Sync OAuth display name and avatar into user_profiles (#392) (#392)

Fixes

Loading

2026.004

25 May 00:31
@github-actions github-actions
2026.004
a0e4096
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2026.004

CalVer release notes

Summary

This release includes major improvements in functionality and quality including: production-grade observability (Sentry), two email channels (transactional via Resend, lifecycle marketing via Kit), and a major adopter zones refactor that keeps your product code in adopter/ while template upgrades stay mergeable. Quality and delivery upgrades: Playwright E2E, broad unit and integration coverage, and parallel CI/CD for tests and deploys. The admin panel is now a real ops surface — operators, waitlist, and marketing-email settings — so you can run a product without building back-office UI first.

Forks must apply 18 Supabase migrations (supabase db push, then npm run db:apply-adopter). Resend, Kit, and Sentry are optional but fully guided via setup:email, setup:kit, and env.example. Upgrading across adopter zones: docs/UPGRADING.md.

Stats: 60 commits, 809 files changed, +66,294 / −4,276 lines (since 2026.003).

Highlights

Observability — know when things break (#288, #302)

  • @beakerstack/observability and @beakerstack/logger as the shared logging sink across web, mobile, and Edge
  • Sentry integration with documented VITE_SENTRY_DSN / EXPO_PUBLIC_SENTRY_DSN env vars for error reporting in preview, staging, and production builds

Transactional email — Resend (#284, #298, #329)

  • Pure HTML email templates with generated deploy artifacts; CAN-SPAM footer and branded header
  • npm run setup:email wizard with Route 53 DNS automation for domain verification
  • Supabase Auth hooks and app flows (signup, recovery, waitlist invites) routed through the @beakerstack/email adapter

Marketing email — Kit Creator API (#286, #305#356, #361)

  • Full lifecycle pipeline: DB schema, event emission, kit-sync worker, kit-webhook for unsubscribes/GDPR
  • Admin UI for per-environment settings (namespace, form ID, tier tags) and marketing overview card
  • npm run setup:kit with shared KIT_* GitHub secrets and CI webhook provisioning across preview, staging, and production

Adopter zones — your code, their upgrades (#369, #372, #375, #376)

  • Fork-safe adopter/ tree: config, content, assets, web/mobile extensions, and adopter/db schema
  • .gitattributes merge=ours on adopter/** so upstream template merges don't clobber your product
  • db:apply-adopter -- --linked in deploy CI with Supavisor pooler URLs for reliable IPv4 migrations

Testing — confidence to ship (#364, #365, #368, #301, #342)

  • Web E2E migrated to Playwright with approval-gated PR runs and category-grouped CI reports
  • ESLint test-quality rules, raised Jest coverage floors, and expanded Supabase integration + Edge test suites
  • 100% coverage targets reached for admin, billing, marketing-email, and shared packages

CI/CD — faster feedback, safer deploys (#304, #306, #336, #310, #357)

  • Parallel unit-test matrix, parallel PR preview web/mobile deploys, and scoped test/preview jobs
  • Parallel staging and production deploy pipelines; Supabase test summary comments on PRs
  • Manifest-driven edge-shared sync so workspace packages bundle correctly in Deno deploys

Admin panel — ops UI included (#261, #274, #328#339, #334, #356)

  • Operator grant/revoke with promote/demote UI, admin menu gating, and sidebar navigation
  • Waitlist capture, signup gating, invite flows, and admin management RPCs
  • Dashboard → Overview with summary cards; marketing-email settings and sync status at a glance

Also in this release

  • Forgot password / account recovery (#277); Stripe webhook auto-provision in setup:full (#260)
  • Waitlist and billing fixes; ws security bump (#283)

Adopter notes

Area Action
Secrets Optional Kit (marketing email): KIT_API_KEY, KIT_CRON_SECRET, KIT_WEBHOOK_SECRET — shared across preview/staging/production; run npm run setup:kit. Per-env namespace/form/tags still configured in Admin → Marketing Email Settings. Email: RESEND_SMTP_PASS / SMTP vars (see env.example, npm run setup:email). Optional observability: VITE_SENTRY_DSN, EXPO_PUBLIC_SENTRY_DSN. No new required secrets for core auth/billing.
Database 18 migrations — run supabase db push, then npm run db:init-adopter and npm run db:apply-adopter locally; CI runs db:apply-adopter -- --linked after push. New files: 20260518000000_admin_v1.sql through 20260523000000_marketing_email_admin_rpcs_volatile.sql (admin, waitlist, marketing email, kit-sync cron).
Likely merge conflicts README.md, QUICKSTART.md, env.example, adopter/config/* (branding, landing, legal), adopter/content/*, apps/web/src landing/theme paths, docs/CUSTOMIZING.md, fork-specific workflow copies. Use .gitattributes adopter/** merge=ours after adopting zones.
npm packages None pending on develop (no open .changeset/*.md version files). Post-merge changeset PR may publish @beakerstack/* if consumed on main.

2026.004 — 2026-05-25

Features

  • Stripe phase and safer fork rename defaults (#256) (#256)

  • Auto-provision Stripe webhooks in setup:full (#260) (#260)

  • Operator panel, RPCs, and grant CLI (#261) (#261)

  • Signup gating, invites, capture, and admin workflows (#274) (#274)

  • Forgot password / account recovery flow (#271) (#277) (#277)

  • Transactional email templates and setup (#284) (#287) (#287)

  • Promote lifecycle system to @beakerstack/shared — Phase 0 of #286 (#293) (#293)

  • Add @beakerstack/observability package (#288) (#288)

  • Extract @beakerstack/logger as the sole console sink (#302) (#302)

  • Phase 1 — @beakerstack/marketing-email skeleton + Kit adapter (#305) (#305)

  • Phase 2 — DB schema + lifecycle event emission (#308) (#308)

  • Supabase test report PR comment (#310) (#310)

  • Phase 3 Kit Creator API sync worker (#311) (#311)

  • Automate Resend domain setup with Route 53 DNS (#298) (#298)

  • Light header + logo, copy hardening, CAN-SPAM footer (#314) (#323) (#323)

  • Pure templates + generated deploy artifacts (#324) (#329) (#329)

  • Sidebar footer with Dashboard and Sign out (#330) (#333) (#333)

  • Show Admin menu item for admin users (#335) (#335)

  • Promote/demote operators via UI (#331) (#334) (#334)

  • Rename Dashboard to Overview, add summary cards (#338) (#339) (#339)

  • Kit-webhook Edge Function + user.deleted GDPR wiring (Phase 4) (#340) (#340)

  • Phase 5a - admin UI for marketing_email_settings (#343) (#343)

  • Refactor waitlist invite email to use email adapter pattern (#344) (#344)

  • Phase 5b — marketing email overview card (#356) (#356)

  • Manifest-driven sync pipeline for workspace packages (#346) (#357) (#357)

  • Adopter-owned app zones for fork-safe customization (#369) (#372) (#372)

Fixes

  • Preserve URL hash when toggling billing cadence (#275) (#276) (#276)

  • Bump ws to 8.20.1 for GHSA-58qx-3vcg-4xpx (#283) (#283)

  • Route password recovery callbacks to reset-password (#290) (#290)

  • Show email confirmation pending state after signup (#317) (#317)

  • Kit phase 3 follow-up — deploy gating, plan_id pipeline, config guards (#316) (#316)

  • Gate config push on Google OAuth secrets and wizard collection (#327) (#327)

  • VOLATILE RPCs, marketing-email breadcrumbs, non-admin pgTAP test (#350) (#350)

  • E...

Read more
Loading

2026.003

17 May 23:03
@github-actions github-actions
2026.003
102daf0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2026.003

CalVer release notes

Summary

This release includes a much clearer first-run setup story for adopters and a tighter CalVer release pipeline for maintainers. The setup wizard now includes a prep checklist, optional brief/full in-terminal guides, phased readiness briefings before AWS/Expo/Google/GitHub work, and safer GitHub secret sync with confirmation when targeting the upstream template repo. Release automation now pulls the CalVer release notes section from the merged develop→main promotion PR into the GitHub Release, with git-cliff anchored on the latest YYYY.NNN tag across years.

No new required secrets or database migrations are in this promotion. Forks that customized setup scripts or top-level docs should expect merge conflicts in those paths.

Highlights

Documentation & setup

  • Add setup prep checklist covering have-ready items, wizard prompts, and optional CloudFront signed-cookie setup (#254)
  • Wire prep doc through QUICKSTART, setup menu, and in-terminal prerequisites banner with --guide=brief (#254)
  • Phase preflight briefings (Enter-gated) before AWS, Expo, Google, and GitHub setup phases (#254)
  • Safer gh secret sync: confirm target repo; type-to-confirm when syncing to upstream template (#254)
  • Recover EAS project ID when eas init cannot patch dynamic app.config.js (#254)

Release & CI

  • develop→main promotion PR template with CalVer release notes section consumed by Release Template workflow (#253)
  • scripts/extract-calver-release-notes.sh extracts published notes; git-cliff diffs since latest CalVer tag across years (#253)
  • Release Template workflow: auto-detect merged promotion PR, optional promotion_pr / skip_pr_body inputs (#253)
  • Cursor skill .cursor/skills/promote-develop-to-main/ to draft promotion PRs (#253)

Fixes

  • AWS preview teardown: avoid exporting empty AWS_PROFILE into Python subprocesses (#254)

Adopter notes

Area Action
Secrets None new. Prep checklist documents existing wizard/CI secret names (see docs/setup-prep-checklist.md).
Database No new migrations.
Likely merge conflicts README.md, QUICKSTART.md, docs/**, scripts/setup-full.mjs, scripts/lib/setup-*.mjs, CONTRIBUTING.md
npm packages None — no pending changesets on develop.

4 commits since 2026.002, +2,837 / −407 lines across 24 files.

2026.003 — 2026-05-17

Features

  • CalVer notes from promotion PR template and workflow

  • CalVer notes from promotion PR template and workflow (#253) (#253)

Loading

2026.002

17 May 18:57
@github-actions github-actions
2026.002
51601a0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2026.002

Summary

2026.002 is the second CalVer snapshot of Beaker Stack — focused on OSS-ready documentation, a shared design-token foundation, billing and mobile polish, and clearer production deployment visibility. No new required secrets or database migrations; forks can merge from 2026.001 with routine conflict resolution on docs and theme-related files.

Headline changes: evaluator-friendly docs (README, SECURITY, consolidated OAuth), centralized theme colors in @beakerstack/shared, Free plan pricing display fix, mobile auth UX improvements, and GitHub Deployments for production.

2026.002 — 2026-05-17

Features

  • Centralized theme colors — semantic color tokens in @beakerstack/shared; web Tailwind config wired to shared indigo/gray scales; mobile and shared components updated to remove hardcoded brand colors and blue→indigo drift (#249)
  • Mobile: auto-redirect when signed in — authenticated users on Home go to Dashboard instead of seeing the marketing-style home screen (#241)

Fixes

  • Billing: Free tier price — show $0 via Intl.NumberFormat on web landing, billing pages, and plan cards (replaces hardcoded US$0) (#240)
  • Mobile billing layout — use shared AppHeader instead of a one-off back link in billing screens (#236)
  • Seed data — remove feature_c from beakerstack_max in web and mobile seed files (#246)

Documentation

  • OSS presentation for evaluators — README thesis (fork model, agents, environments), SECURITY.md, docs/DEVELOPMENT.md, expanded docs/VERSIONING.md, README screenshots, GitHub issue templates; guides consolidated under docs/ (architecture, upgrading, OAuth) (#232)
  • PR preview troubleshooting — document PRPathRouter instead of deprecated SubdomainFolders (#247)
  • Contributing — document npm-only package manager policy (#248)

CI / infrastructure

  • Production GitHub Deployments — register a deployment to the production environment after each successful main web deploy (#242)
  • PR preview teardown — clean up GitHub deployments and environment records when a preview is torn down (#238)

Adopter notes (forks upgrading from 2026.001)

Area Action
Secrets None new
Database No new migrations in this snapshot
Likely merge conflicts README.md, docs/**, packages/shared/src/theme/colors.ts, apps/web/tailwind.config.ts, mobile screens using colors
npm packages No new @beakerstack/* publish from this promotion; test-utils@0.0.1 unchanged on npm

If you customized colors or docs heavily, merge main (or tag 2026.002) deliberately and re-apply your branding on top of the shared token file rather than keeping old hardcoded hex values.

Full promotion

Merged via #252 (developmain, merge commit).

Full Changelog

Full Changelog: 2026.001...2026.002

Loading

2026.001

16 May 22:45
@github-actions github-actions
2026.001
b35772c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2026.001

Summary

2026.001 is the first public CalVer release of BeakerStack — an opinionated Supabase template for web and mobile with integrated auth, Stripe billing, PR previews on AWS, and a one-command local setup wizard.

Headline capabilities: cross-platform shared logic, three-environment CI/CD, pre-rendered marketing SEO, and documented upgrade paths for forks.

2026.001 — 2026-05-16

Features

  • Initialize monorepo structure
  • Setup shared package structure
  • Setup web app foundation with React, Vite, and Tailwind
  • Complete Task 1.4 - Mobile app foundation setup
  • Phase 6 - Avatar Upload & Storage
  • Complete Testing Infrastructure Implementation
  • Complete Development Scripts & Tooling Setup
  • EAS preview, staging, and production builds with OAuth and CI (#17) (#17)
  • Interactive provisioning wizard, AWS/Supabase automation, and docs
  • Npm package publishing infrastructure (#22) (#22)
  • V1 plans, Stripe, and dashboard
  • Add B2C landing page for unauthenticated users (closes #50) (#52) (#52)
  • Expand feature content and strengthen CTAs (#56) (#56)
  • Monthly/annual cadence toggle on pricing section (#57) (#57)
  • Post-signup upgrade funnel — plan intent, billing redirect, OAuth/email storage (#69) (#69)
  • Pre-render marketing home page for SEO and social sharing (#72) (#72)
  • Web-only / mobile-optional template path (#76) (#76)
  • Combined dark mode — foundation, components, and tests (#79) (#79)
  • CalVer template releases with git-cliff changelog (issue #82) (#83) (#83)
  • CloudFront signed-cookie access control (issue #80) (#90) (#90)
  • Per-component status table in PR preview comment (#85) (#110) (#110)
  • Enforce pre-commit hooks with lint-staged (#99) (#111) (#111)
  • Add marketing/SEO feature rows and reorder grid for B2C audience (#141) (#141)
  • Lighthouse CI for PR preview environments (#96) (#112) (#112)
  • Add CSP report-only header via custom CloudFront policy (#154) (#154)
  • Static marketing pricing table (issue #163) (#164) (#164)
  • Update SEO hero image (#185) (#185)
  • Redesign /dashboard as annotated sample-app showcase (#174) (#174)
  • Prerender-home with renderToStaticMarkup; unconditional createRoot (#175 PR 1/3) (#180) (#180)
  • Lazy-load below-fold landing sections (#175 PR 2/3) (#181) (#181)
  • AuthShell composition wrapper, lazy-loaded; drop hydrateRoot (#182) (#182)
  • Crossfade carousel in landing hero (issue #194) (#200) (#200)
  • PublicShell + lazy auth; marketing session hint; policy/header polish (#214) (#214)
  • Web-parity billing dashboard and billing fixes (#218) (#218)
  • Render AnnotatedPrimitive tooltip as visible inline text (#221) (#221)
  • Read-only billing UI and shared presentation package (#220) (#220)

Fixes

  • Set NODE_AUTH_TOKEN for npm publish with setup-node registry-url (#28) (#28)
  • Resolve Dependabot alerts via npm overrides and lockfile refresh (#41) (#41)
  • GitHub Code Quality AI findings (DebugTools, test helpers) (#42) (#42)
  • Correct invalid JSDoc @link syntax in test email helpers (#45) (#45)
  • Correct JSDoc @link targets for integration and E2E test email generators (#46) (#46)
  • Remove self-referencing JSDoc links in test-emails.ts (#47) (#48) (#48)
  • Address Brad's review feedback on legal footer (#51) (#51)
  • AI code quality findings — landing copy, test mocks, jest regex (closes #62) (#64) (#64)
  • Address AI findings from issue #91 (#92) (#92)
  • Handle PR base-branch retargeting via pull_request edited event (#102) (#102)
  • Avoid secrets in workflow if expressions (#107) (#108) (#108)
  • Dark mode for auth, billing, dashboard, and profile components (#103) (#103)
  • Add dark variants to ProtectedRoute loading state (#109) (#109)
  • Fix GitHub Deployment visibility for PR previews (#140) (#149) (#149)
  • Decorative nav logo alt for a11y (#145) (#151) (#151)
  • Fix robots.txt returning HTML on PR preview domain (#142) (#152) (#152)
  • HTTP/2+3 for all CloudFront distributions and cache headers for robots.txt (#143) (#156) (#156)
  • Do not cancel CI on PR title/body edits (#162) (#162)
  • Prevent white screen after login (#164) (#184) (#184)
  • Allow Supabase Storage origins in img-src (#183) (#186) (#186)
  • Align dashboard content width with header/footer (#193) (#193)
  • Block all Summarize buttons while any summarize RPC is in flight (#199) (#199)
  • True image crossfade in hero carousel (issue #207) (#211) (#211)
  • Share critical theme CSS for FOUC (inline + bundle) (#213) (#213)
  • Scroll to top on route navigation (#222) (#222)
  • Standardize public header — delegate PolicyPublicHeader to Nav (issue #215) (#223) (#223)
  • Landing and app UI polish — images, layout, nav, and branding (#224) (#224)
  • De-scope test-utils from npm; fix template release notes
  • Install git-cliff binary for template release notes (#229) (#229)
  • Fix git-cliff template remote PR links for template release

Contributors

link
Loading

@beakerstack/test-utils@0.0.1

24 Apr 16:58
@github-actions github-actions
@beakerstack/test-utils@0.0.1
03c712c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
@beakerstack/test-utils@0.0.1

Patch Changes

  • #22 a81cece Thanks @ZappoMan! - Initial release of test-utils package. Provides wait() and testId() helpers for use in BeakerStack-based test suites.
Loading