Skip to content

v0.9.2 — Tokenmgr + Home Redesign

Choose a tag to compare

@emichaud emichaud released this 16 Jun 03:39

Highlights

Self-service API token management

A new apps/tokenmgr/ app lands at /smallstack/tokens/. Authenticated users can mint, view (once), and revoke their own API tokens; staff manage all tokens; superusers can mint at any access level. The MCP OAuth consent page now deep-links here so users who signed in through Claude Desktop or the Claude.ai Connectors UI can manage the auto-minted tokens without needing staff access. Falls back to /explorer/auth/apitoken/ for projects that don't install apps.tokenmgr.

Home page redesign

The / route is now an editorial product page that names the four shapes you can ship with SmallStack — scheduler / website / API server / MCP server — and surfaces the model→three-surfaces pipeline (one CRUDView declaration produces HTML, REST, and MCP). Auth-aware: staff see live admin links; everyone else gets deep-linked into the help docs. Light and dark mode safe.

Pagination fix

page_range_display is now set on every list-pagination path (CRUDView legacy, displays.paginate_queryset, and the standalone helper) so display-based list templates can render elided page ranges without the underlying generator being consumed before render.

Toolbar polish

Tokens list ships with a search box, filter dropdowns, and inline revoke buttons. The is_active filter defaults to "Yes" on first load so revoked tokens stay out of the way unless explicitly requested.

Stats

  • 37 new tokenmgr tests covering the full permissions matrix
  • 734 tests passing
  • No new dependencies
  • No migrations required for existing tokens (uses the existing APIToken model)

Upgrading

git pull origin main
make migrate  # no-op; here for safety

If you're a downstream project pulling from upstream, see docs/skills/integration-workflow.md.

Full changelog

See the commit log between v0.9.1 and v0.9.2.