v0.9.2 — Tokenmgr + Home Redesign
Highlights
Self-service API token management
A new apps/tokenmgr/ app lands at /smallstack/tokens/. Authenticated users can mint, view (once), and revoke their own API tokens; staff manage all tokens; superusers can mint at any access level. The MCP OAuth consent page now deep-links here so users who signed in through Claude Desktop or the Claude.ai Connectors UI can manage the auto-minted tokens without needing staff access. Falls back to /explorer/auth/apitoken/ for projects that don't install apps.tokenmgr.
Home page redesign
The / route is now an editorial product page that names the four shapes you can ship with SmallStack — scheduler / website / API server / MCP server — and surfaces the model→three-surfaces pipeline (one CRUDView declaration produces HTML, REST, and MCP). Auth-aware: staff see live admin links; everyone else gets deep-linked into the help docs. Light and dark mode safe.
Pagination fix
page_range_display is now set on every list-pagination path (CRUDView legacy, displays.paginate_queryset, and the standalone helper) so display-based list templates can render elided page ranges without the underlying generator being consumed before render.
Toolbar polish
Tokens list ships with a search box, filter dropdowns, and inline revoke buttons. The is_active filter defaults to "Yes" on first load so revoked tokens stay out of the way unless explicitly requested.
Stats
- 37 new tokenmgr tests covering the full permissions matrix
- 734 tests passing
- No new dependencies
- No migrations required for existing tokens (uses the existing
APITokenmodel)
Upgrading
git pull origin main
make migrate # no-op; here for safetyIf you're a downstream project pulling from upstream, see docs/skills/integration-workflow.md.
Full changelog
See the commit log between v0.9.1 and v0.9.2.