Speed up tests

[N2D4]

---

Note

Focuses on faster, more reliable tests and minor infra polish.

• Replace Auth.Otp.signIn() with Auth.fastSignUp() across many e2e suites; update contexts to token-based auth and remove unnecessary magic-link gating
• Tighten a user creation assertion to validate both status and presence of id
• Gate the long-running setup wizard test to run only in CI
• CI: use pnpm run prisma:dev … migrate diff in Prisma migration check workflow
• Backend: ensure STACK_DATABASE_CONNECTION_STRING is set for codegen-prisma:watch; add a 5s startup delay in scripts/run-email-queue.ts

^{Written by Cursor Bugbot for commit 50e2aa7. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• Tests

  • Switched many e2e tests from OTP sign-in to a faster signup flow for quicker, more consistent setups.
  • Updated tests to use token-based auth contexts and simplified project setup (removed magic-link gating).
  • Strengthened a response assertion to validate status 201 and presence of an id.
  • Made one long-running setup test run only in CI.

• Chores

  • Added an env-var fallback for a dev watch script and a short startup delay in the email queue runner.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[cmux-agent]

Older cmux preview screenshots (latest comment is below)

Preview Screenshots

Open Diff Heatmap

⏳ Preview screenshots are being captured...

Workspace and dev browser links will appear here once the preview environment is ready.

---

Generated by cmux preview system

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
stack-backend	Ready	Preview, Comment	Dec 28, 2025 7:31pm
stack-dashboard	Ready	Preview, Comment	Dec 28, 2025 7:31pm
stack-demo	Ready	Preview, Comment	Dec 28, 2025 7:31pm
stack-docs	Ready	Preview, Comment	Dec 28, 2025 7:31pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

This PR migrates many e2e backend tests from OTP-based sign-in to fast signup, moves several tests from mailbox-based to token-based auth contexts, removes explicit magic-link project configs, tightens a User.create assertion to structural matching, and adds a short startup delay in an email-queue script.

Changes

Cohort / File(s)	Summary
Backend helpers apps/e2e/tests/backend/backend-helpers.ts	Changed post-call assertion for User.create to use toMatchObject asserting status: 201 and body contains id: string.
Auth migration — bulk tests apps/e2e/tests/backend/endpoints/api/v1/**/*.test.ts (many files)	Replaced Auth.Otp.signIn() with Auth.fastSignUp() across numerous test suites; request/response assertions otherwise unchanged.
Integrations (custom & neon) apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/*, apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/*	Swapped OTP sign-in to fastSignUp in integration tests; downstream token usage and API calls preserved.
Internal endpoints & projects apps/e2e/tests/backend/endpoints/api/v1/internal/*.test.ts, apps/e2e/tests/backend/endpoints/api/v1/internal/projects*.test.ts	Added InternalProjectKeys usage and backendContext.set in internal projects tests; migrated mailbox-based flows to token-based and replaced OTP sign-ins with fastSignUp.
Teams, memberships & profiles apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts, .../team-memberships.test.ts, .../team-member-profiles.test.ts	Replaced OTP sign-in with fastSignUp; removed mailbox usage in places, added User import and userAuth caching/restore; updated snapshots/defaults.
Payments & purchases apps/e2e/tests/backend/endpoints/api/v1/payments/**/*.test.ts	Replaced OTP sign-in calls with fastSignUp in payment-related tests; flows and assertions unchanged.
OAuth, providers & permissions apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts, .../project-permissions.test.ts	Switched to fastSignUp and removed some magic_link_enabled project configs in setup calls.
Users, invitations & notifications apps/e2e/tests/backend/endpoints/api/v1/users.test.ts, .../team-invitations.test.ts, .../notification-preferences.test.ts	Auth flow changed to fastSignUp; removed bumpEmailAddress() and explicit magic-link configs; adjusted invite/signup flows to use verified signup.
General test gating apps/e2e/tests/general/setup-wizard.test.ts	Test registration gated to CI via it.runIf(!!process.env.CI); test body unchanged.
Backend scripts & package apps/backend/scripts/run-email-queue.ts, apps/backend/package.json, .github/workflows/check-prisma-migrations.yaml	Added 5s delay after computing base URL in run-email-queue.ts; prefixed codegen-prisma:watch script with STACK_DATABASE_CONNECTION_STRING=... and adjusted CI step to use pnpm run prisma:dev migrate diff.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~45 minutes

Possibly related PRs

• Significantly faster users/[user_id] endpoint (and some others) #998 — Edits the same apps/e2e/tests/backend/backend-helpers.ts (related assertion/ProjectKeys changes).
• Speed up tests #1063 — Overlaps test auth-flow and backend-helpers updates (fastSignUp migration).
• Upgrade Prisma to v7 #1064 — Related changes to STACK_DATABASE_CONNECTION_STRING usage in scripts and CI.

Poem

🐰 A hop, a nibble, tests take flight,

Fast signup hums through staging night,
Mailboxes tucked, tokens hold the key,
CI gates the run — green lights we see,
The rabbit cheers: tests pass with delight!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title "Speed up tests" directly and clearly describes the primary objective of the PR, which is to accelerate test execution through auth flow optimization and infrastructure improvements.
Description check	✅ Passed	The PR description comprehensively covers all major changes: auth flow migration, test simplification, snapshot updates, and backend infrastructure tweaks, fulfilling the template requirement.

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c4f1074 and 50e2aa7.

📒 Files selected for processing (1)

• .github/workflows/check-prisma-migrations.yaml

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR optimizes test execution speed by replacing the slower OTP-based authentication flow (Auth.Otp.signIn()) with a faster direct user creation and session setup approach (Auth.fastSignUp()). This eliminates the need for magic link email verification in tests.

Key changes:

• Migrated from Auth.Otp.signIn() to Auth.fastSignUp() across all e2e tests
• Removed unnecessary magic_link_enabled: true configuration flags from test project setups
• Simplified user creation by eliminating redundant bumpEmailAddress() calls since fastSignUp() creates unique users automatically

Reviewed changes

Copilot reviewed 33 out of 33 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
apps/e2e/tests/general/setup-wizard.test.ts	Conditionally runs test only in CI environments
apps/e2e/tests/backend/endpoints/api/v1/users.test.ts	Replaces OTP sign-in with fast signup; removes magic_link config
apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts	Updates auth method and fixes test name for deletion permission test
apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts	Migrates to fast signup authentication
apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts	Updates auth and adjusts snapshots for users without email auth
apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts	Changes from mailbox-based to userAuth-based context switching
apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts	Migrates to fast signup with email parameters for invitation tests
apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts	Updates all project tests to use fast signup
apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts	Migrates permission tests to fast signup
apps/e2e/tests/backend/endpoints/api/v1/payments/*.test.ts	Updates payment-related tests to fast signup
apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts	Migrates OAuth provider tests to fast signup
apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts	Updates notification preference tests
apps/e2e/tests/backend/endpoints/api/v1/internal/*.test.ts	Updates internal API tests with proper context switching
apps/e2e/tests/backend/endpoints/api/v1/integrations/**/*.test.ts	Migrates integration tests to fast signup
apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts	Updates data vault tests
apps/e2e/tests/backend/backend-helpers.ts	Enhances User.create() response validation

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 8

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (6)

apps/e2e/tests/general/setup-wizard.test.ts (1)

9-14: Remove unreachable code.

Lines 9-14 are unreachable due to the throw on line 8. If the test is truly disabled, remove the dead code. If the test should be active, remove the throw on line 8 instead.

Apply this diff if the test is permanently/temporarily disabled:

-    const [error, stdout, stderr] = await new Promise<[Error | null, string, string]>((resolve) => {
-      exec("pnpm -C packages/init-stack run test-run", (error, stdout, stderr) => {
-        resolve([error, stdout, stderr]);
-      });
-    });
-    expect(error, `Expected no error to be thrown!\n\n\n\nstdout: ${stdout}\n\n\n\nstderr: ${stderr}`).toBeNull();

apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts (1)

91-91: Remove magic_link_enabled: true to align with PR objective.

The PR aims to remove magic-link-enabled configurations for test speedup. This test doesn't validate magic link functionality—it focuses on permission creation and granting. The flag should be removed.

Apply this diff:

-  const { adminAccessToken } = await Project.createAndGetAdminToken({ config: { magic_link_enabled: true } });
+  const { adminAccessToken } = await Project.createAndGetAdminToken();

apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts (1)

493-503: Guard against code extraction returning undefined (flaky wrong-error failure)

If the regex match fails, you’ll send code: undefined and likely get a schema/validation error instead of ITEM_QUANTITY_INSUFFICIENT_AMOUNT. Add a precondition assertion.

   backendContext.set({ mailbox: mailboxB });
   await Auth.fastSignUp({ primary_email: mailboxB.emailAddress, primary_email_verified: true });

   const invitationMessages = await mailboxB.waitForMessagesWithSubject("join");
+  const code =
+    invitationMessages
+      .findLast((m) => m.subject.includes("join"))
+      ?.body?.text
+      .match(/http:\/\/localhost:12345\/some-callback-url\?code=([a-zA-Z0-9]+)/)
+      ?.[1];
+  expect(code).toBeTruthy();

   const acceptResponse = await niceBackendFetch("/api/v1/team-invitations/accept", {
     method: "POST",
     accessType: "client",
     body: {
-      code: invitationMessages.findLast((m) => m.subject.includes("join"))?.body?.text.match(/http:\/\/localhost:12345\/some-callback-url\?code=([a-zA-Z0-9]+)/)?.[1],
+      code,
     },
   });

apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts (1)

100-109: Test name mismatch: “invalid customer_id” vs actual assertion (“customer type mismatch”).

This test asserts PRODUCT_CUSTOMER_TYPE_DOES_NOT_MATCH (team vs user product), not an invalid customer_id. Consider renaming the test to reflect what it’s actually validating (or change the request to truly represent an invalid customer_id scenario).

apps/e2e/tests/backend/endpoints/api/v1/users.test.ts (1)

520-531: Remove unused secret local in the “valid base64” test.
It’s currently dead code.

 it("should be able to update totp_secret_base64 to valid base64", async ({ expect }) => {
   await Auth.fastSignUp();
-  const secret = generateSecureRandomString(32);
   const response = await niceBackendFetch("/api/v1/users/me", {
     accessType: "client",
     method: "PATCH",
     body: {
       totp_secret_base64: "ZXhhbXBsZSB2YWx1ZQ==",
     },
   });
   expect(response.status).toEqual(200);
 });

apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts (1)

303-330: Multi-user flow likely depends on Auth.fastSignUp() switching the active auth context—make that dependency explicit (or document it).

Right now team2 creation occurs after signing up user2, but you don’t explicitly set backendContext.userAuth to user2. If fastSignUp() ever stops switching context, team2 may be created as user1 and weaken the “not a member” assertion.

One option is to capture user2 tokens + set context before creating team2:

-    const { userId: user2Id } = await Auth.fastSignUp();
+    const { userId: user2Id, accessToken: user2AccessToken, refreshToken: user2RefreshToken } = await Auth.fastSignUp();
+    backendContext.set({ userAuth: { accessToken: user2AccessToken, refreshToken: user2RefreshToken } });

(or add a short comment that fastSignUp() switches backendContext.userAuth as a contract).

🧹 Nitpick comments (10)

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts (1)

55-58: Consider consolidating repeated signup setup (if isolation permits)

Doing await Auth.fastSignUp(); in each test is fine for isolation, but if fastSignUp is expensive and safe to share, consider a beforeEach/beforeAll helper for the suite to reduce overhead.

apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts (1)

4-18: Remove unnecessary magic_link_enabled: true from project configuration.

Since Auth.fastSignUp() doesn't depend on or use magic_link_enabled, this configuration flag can be removed from the createAndSwitchToOAuthEnabledProject() helper function to keep test setup minimal.

apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts (1)

249-263: Permission tests look consistent after auth migration; same caution about project/session coupling

If any of these accessType: "client" calls rely on an implicit current project, consider consistently calling Project.createAndSwitch() at the top of such tests to avoid hidden dependencies.

apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts (1)

92-114: Auth.fastSignUp() swap is good; consider making the Stripe URL assertion less brittle if this ever flakes.
E.g., assert status + url origin/path prefix (instead of the full URL string).

apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts (1)

303-310: Auth.fastSignUp() usage is clean here; optionally re-check if magic_link_enabled: true is still required.

Also applies to: 440-450

apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts (1)

303-309: Auth.fastSignUp() swap looks correct; optionally confirm magic_link_enabled can be dropped for more speed.

apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts (1)

5-14: Make the fastSignUp → backendContext.userAuth dependency explicit (and store a stable copy).
This avoids “mystery” failures if Auth.fastSignUp() ever stops populating backendContext.value.userAuth.

 async function signInAndCreateTeam() {
   const { userId: userId1 } = await Auth.fastSignUp();
-  const userAuth = backendContext.value.userAuth;
+  const userAuth = backendContext.value.userAuth;
+  expect(userAuth).not.toBeNull();
+  const userAuth1 = { ...userAuth! };

   await bumpEmailAddress();
   const { userId: userId2 } = await Auth.fastSignUp();

   await bumpEmailAddress();
   const { userId: userId3 } = await Auth.fastSignUp();
@@
   // Sign back in as user 1
   backendContext.set({
-    userAuth: userAuth,
+    userAuth: userAuth1,
   });
   const currentUser = await User.getCurrent();
   expect(currentUser.id).toBe(userId1);

Also applies to: 54-60

apps/e2e/tests/backend/endpoints/api/v1/users.test.ts (1)

593-621: Avoid redundant sign-up right before clearing userAuth (saves time).
If the test only needs “no user auth”, you can skip Auth.fastSignUp() here.

 it("should not be able to read a user", async ({ expect }) => {
-  await Auth.fastSignUp();
   backendContext.set({
     userAuth: null,
   });
   const response = await niceBackendFetch("/api/v1/users/123", {
     accessType: "client",
   });
   expect(response).toMatchInlineSnapshot(`
     NiceResponse {
       "status": 401,
       "body": {
         "code": "INSUFFICIENT_ACCESS_TYPE",
         "details": {
           "actual_access_type": "client",
           "allowed_access_types": [
             "server",
             "admin",
           ],
         },
         "error": "The x-stack-access-type header must be 'server' or 'admin', but was 'client'.",
       },
       "headers": Headers {
         "x-stack-known-error": "INSUFFICIENT_ACCESS_TYPE",
         <some fields may have been hidden>,
       },
     }
   `);
 });

apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts (1)

782-796: Consider replacing fixed wait(5000) with polling for webhook delivery.
This is often a bigger win for “speed up tests” (and reduces flakiness).

apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts (1)

2-2: Context switching looks intentional; consider scoping it to avoid cross-test leakage.
If available, prefer backendContext.with({ projectKeys: ... }, async () => { ... }) over backendContext.set(...) for temporary key changes.

Also applies to: 46-67, 109-123, 400-403

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a3137d2 and ff77394.

📒 Files selected for processing (33)

• apps/e2e/tests/backend/backend-helpers.ts (1 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts (6 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts (5 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts (3 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts (6 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts (1 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts (6 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts (5 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts (3 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts (3 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts (6 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts (1 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts (2 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts (2 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts (5 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts (7 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts (3 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts (20 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts (3 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts (1 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts (4 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts (2 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts (1 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts (2 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts (7 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts (14 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts (17 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts (2 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts (26 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts (7 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts (21 hunks)
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts (16 hunks)
• apps/e2e/tests/general/setup-wizard.test.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Always add new E2E tests when changing the API or SDK interface
For blocking alerts and errors, never use toast; use alerts instead as they are less easily missed by the user
NEVER try-catch-all, NEVER void a promise, and NEVER .catch(console.error); use loading indicators and async callbacks instead, or use runAsynchronously/runAsynchronouslyWithAlert for error handling
Use ES6 maps instead of records wherever you can

Files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts
• apps/e2e/tests/backend/backend-helpers.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Prefer .toMatchInlineSnapshot over other selectors in tests when possible; check snapshot-serializer.ts for formatting details

Files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

**/*.{ts,tsx,css}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,css}: Keep hover/click transitions snappy and fast; avoid fade-in delays on hover. Apply transitions after action completion instead, like smooth fade-out when hover ends
Use hover-exit transitions instead of hover-enter transitions; for example, use 'transition-colors hover:transition-none' instead of fade-in on hover

Files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts
• apps/e2e/tests/backend/backend-helpers.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

apps/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

NEVER use Next.js dynamic functions if you can avoid them; prefer using client components and hooks like usePathname instead of await params to keep pages static

Files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts
• apps/e2e/tests/backend/backend-helpers.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

{.env*,**/*.{ts,tsx,js}}

📄 CodeRabbit inference engine (AGENTS.md)

Prefix environment variables with STACK_ (or NEXT_PUBLIC_STACK_ if public) so changes are picked up by Turborepo and improves readability

Files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts
• apps/e2e/tests/backend/backend-helpers.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

apps/e2e/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Always add new E2E tests when changing API or SDK interface; err on the side of creating too many tests due to the critical nature of the industry

Files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts
• apps/e2e/tests/backend/backend-helpers.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

🧠 Learnings (5)

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to apps/e2e/**/*.{ts,tsx} : Always add new E2E tests when changing API or SDK interface; err on the side of creating too many tests due to the critical nature of the industry

Applied to files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts
• apps/e2e/tests/backend/backend-helpers.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to **/*.{ts,tsx} : Always add new E2E tests when changing the API or SDK interface

Applied to files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts
• apps/e2e/tests/backend/backend-helpers.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/users.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/domain.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/internal/payments/setup.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

📚 Learning: 2025-12-03T07:19:44.433Z

Learnt from: madster456
Repo: stack-auth/stack-auth PR: 1040
File: packages/stack-shared/src/interface/crud/oauth-providers.ts:62-87
Timestamp: 2025-12-03T07:19:44.433Z
Learning: In packages/stack-shared/src/interface/crud/oauth-providers.ts and similar CRUD files, the tag "Oauth" (not "OAuth") is the correct capitalization format as it's used by the documentation generation system and follows OpenAPI conventions.

Applied to files:

• apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Run typecheck, lint, and test to ensure changes are working. You can save time by only linting and testing changed files and related E2E tests

Applied to files:

• apps/e2e/tests/general/setup-wizard.test.ts

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to **/*.test.{ts,tsx} : Prefer .toMatchInlineSnapshot over other selectors in tests when possible; check snapshot-serializer.ts for formatting details

Applied to files:

• apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts

🧬 Code graph analysis (14)

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts (2)

packages/template/src/lib/stack-app/index.ts (1)

• Auth (96-96)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

apps/e2e/tests/backend/endpoints/api/v1/projects.test.ts (2)

packages/template/src/lib/stack-app/index.ts (1)

• Auth (96-96)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts (5)

packages/template/src/lib/stack-app/index.ts (3)

• Auth (96-96)
• Project (76-76)
• Team (87-87)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

packages/template/src/lib/stack-app/projects/index.ts (1)

• Project (9-13)

packages/template/src/lib/stack-app/teams/index.ts (1)

• Team (36-50)

apps/e2e/tests/helpers.ts (1)

• it (12-12)

apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts (1)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts (1)

apps/e2e/tests/backend/backend-helpers.ts (1)

• backendContext (35-57)

apps/e2e/tests/general/setup-wizard.test.ts (1)

apps/e2e/tests/helpers.ts (1)

• it (12-12)

apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts (2)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

packages/template/src/lib/stack-app/projects/index.ts (1)

• Project (9-13)

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts (4)

packages/template/src/lib/stack-app/index.ts (1)

• Auth (96-96)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

apps/e2e/tests/backend/backend-helpers.ts (1)

• niceBackendFetch (109-173)

apps/e2e/tests/helpers.ts (1)

• it (12-12)

apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts (2)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

apps/e2e/tests/backend/backend-helpers.ts (2)

• backendContext (35-57)
• InternalProjectKeys (77-82)

apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts (2)

packages/template/src/lib/stack-app/index.ts (1)

• Auth (96-96)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts (2)

packages/template/src/lib/stack-app/index.ts (1)

• Auth (96-96)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts (1)

apps/e2e/tests/backend/backend-helpers.ts (2)

• backendContext (35-57)
• bumpEmailAddress (179-187)

apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts (1)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts (4)

packages/template/src/lib/stack-app/index.ts (3)

• Auth (96-96)
• Team (87-87)
• Project (76-76)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

packages/template/src/lib/stack-app/teams/index.ts (1)

• Team (36-50)

apps/e2e/tests/backend/backend-helpers.ts (1)

• backendContext (35-57)

🪛 Biome (2.1.2)

apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts

[error] 160-160: Unexpected empty object pattern.

(lint/correctness/noEmptyPattern)

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts

[error] 160-160: Unexpected empty object pattern.

(lint/correctness/noEmptyPattern)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: Agent
• GitHub Check: CodeQL analysis (javascript-typescript)
• GitHub Check: Vercel Agent Review
• GitHub Check: Cursor Bugbot
• GitHub Check: lint_and_build (latest)
• GitHub Check: all-good
• GitHub Check: check_prisma_migrations (22.x)
• GitHub Check: build (22.x)
• GitHub Check: setup-tests
• GitHub Check: build (22.x)
• GitHub Check: restart-dev-and-test
• GitHub Check: docker
• GitHub Check: restart-dev-and-test-with-custom-base-port
• GitHub Check: build (22.x)

🔇 Additional comments (49)

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/current.test.ts (2)

5-7: Verify Auth.fastSignUp() provides the expected auth context for Project.createAndGetAdminToken()

If Project.createAndGetAdminToken() depends on an existing authenticated session/user, confirm Auth.fastSignUp() establishes that deterministically (and doesn’t introduce cross-test state that could make this test flaky).

---

112-115: Double-check user/project coupling assumptions with fast signup

This test mutates project config; verify Auth.fastSignUp() doesn’t accidentally reuse a shared user/project (or cached identity) that could cause order-dependent failures when tests run in parallel or are retried.

apps/e2e/tests/backend/endpoints/api/v1/internal/email-templates.test.ts (2)

5-9: Verify Auth.fastSignUp() actually establishes the admin/auth context needed by Project.createAndGetAdminToken().

If Project.createAndGetAdminToken() doesn’t depend on the current auth session, Auth.fastSignUp() here may be redundant; if it does, this change is correct but should be explicit in helper docs/usages to avoid future flakiness. (Based on learnings, apps/e2e tests are critical.)

---

48-63: No action needed — both tests properly establish admin access. Test 2's Project.createAndSwitch() automatically sets adminAccessToken in the project context, which niceBackendFetch() includes in request headers when accessType: "admin" is specified. The approaches differ by design (explicit vs. context-based), but both are correct and consistent with the test helper architecture.

apps/e2e/tests/backend/endpoints/api/v1/payments/items.test.ts (2)

340-340: LGTM! Authentication method updated to speed up tests.

The replacement of OTP-based sign-in with fastSignUp aligns with the PR objective to speed up test execution while maintaining the same test coverage.

---

374-374: LGTM! Consistent authentication method change.

The replacement maintains test integrity while improving execution speed. The subsequent invitation acceptance flow remains properly tested.

apps/e2e/tests/backend/endpoints/api/v1/project-permissions.test.ts (7)

5-5: LGTM: Auth flow optimized for speed.

The change from OTP-based sign-in to fastSignUp() appropriately speeds up test setup while maintaining the same authentication context needed for this test.

---

21-21: LGTM: Auth flow optimized for speed.

The change to fastSignUp() appropriately obtains the userId needed for testing permission grants while improving test performance.

---

45-46: LGTM: Test setup optimized.

The addition of Project.createAndSwitch() ensures test isolation, and the change to fastSignUp() speeds up authentication setup while maintaining necessary context for permission scope validation.

---

180-180: LGTM: Initial auth setup optimized.

The change to fastSignUp() speeds up the initial test setup. The subsequent use of Auth.Password.signUpWithEmail on line 253 is appropriate for testing default permission assignment to a newly created user.

---

279-279: LGTM: Auth flow optimized for speed.

The change to fastSignUp() appropriately obtains the userId needed for testing permission grants and webhook triggers while improving test performance.

---

318-318: LGTM: Auth flow optimized for speed.

The change to fastSignUp() speeds up the test setup for validating permission revocation and webhook events.

---

364-364: LGTM: Auth flow optimized for speed.

The change to fastSignUp() appropriately speeds up authentication setup for testing duplicate permission ID validation.

apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts (3)

257-280: LGTM for server path; consider adding a minimal assertion that the URL is tied to the signed-up user only if that’s a contract.
Current assertions validate 200 + URL shape; that’s probably sufficient for this endpoint test, and fastSignUp() is a clean speedup.

---

100-109: Confirm Auth.fastSignUp() establishes client auth context (not just a user record).
This test’s client request expects a 400 (customer/product type mismatch). If Auth.fastSignUp() doesn’t also authenticate the client (cookies/session), this could start failing with 401/403 and mask the intended assertion.

Search in stack-auth repo docs/usage for `Auth.fastSignUp` in e2e tests: does it authenticate the session/cookies for subsequent client fetches, or only create a user?

---

177-199: Looks good; the test correctly validates the client-access restriction.

Using fastSignUp() to establish a session with valid tokens is correct here. The niceBackendFetch with accessType: "client" receives the access token from backendContext.userAuth (set by fastSignUp) and includes it in request headers. The "Cannot specify product_inline when calling from client" error is triggered by the backend validating the access type restriction, not by missing authentication. Note that userId is used in the request body as customer_id, so no unused variables here.

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts (6)

29-41: Auth swap looks correct for transfer confirmation flow (initiate → sign up → confirm).
This keeps the “Neon initiates” step independent while still ensuring the confirm runs under an authenticated client context.

---

70-73: Good: use Auth.fastSignUp() before Project.create() to avoid OTP latency.

---

126-138: Potential flake vector: ensure Auth.fastSignUp() produces the expected client auth context for repeated confirms.
If Auth.fastSignUp() relies on shared/global state (cookie jar) across tests, parallel runs can get noisy—worth confirming this file passes under the CI’s parallelization settings.

---

165-177: LGTM: auth setup moved to fast path without changing assertions/coverage.

---

247-259: LGTM: fast signup before confirm/check keeps the test intent unchanged.

---

268-287: LGTM: fast signup before confirm preserves the “already used” check semantics.

apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts (1)

367-367: LGTM! Auth method change aligns with PR objectives.

The switch from Auth.Otp.signIn() to Auth.fastSignUp() appropriately supports the "speed up tests" objective while maintaining test correctness. The test only requires a valid userId, so the authentication method doesn't affect the inline product granting functionality being tested.

apps/e2e/tests/backend/endpoints/api/v1/oauth-providers.test.ts (1)

22-22: LGTM! Systematic refactoring to speed up tests.

The replacement of Auth.Otp.signIn() with Auth.fastSignUp() across all test cases is consistent and well-executed. The change:

• Maintains all test assertions and expected behavior
• Properly preserves return values where needed for multi-user scenarios
• Aligns with the PR objective to speed up test execution
• Only modifies test infrastructure without changing the API surface being tested

Also applies to: 60-60, 104-104, 154-154, 199-199, 247-247, 298-298, 316-316, 337-337, 355-355, 374-374, 475-475, 496-496, 622-622, 694-694, 722-722, 749-749, 815-815, 935-935, 956-956

apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts (10)

26-28: Potential test coupling: Auth.fastSignUp() without an explicit project switch before client calls

This test later performs a accessType: "client" request; if Auth.fastSignUp() doesn’t guarantee an active project context, this can become order-dependent/flaky. Consider adding await Project.createAndSwitch() here (or document that fastSignUp implicitly selects a project).

---

60-63: Good speedup path; verify createAndAddCurrentUserWithoutMemberPermission() still targets the intended “current” user

Project.createAndSwitch() + Auth.fastSignUp() should make User.getCurrent() deterministic for the helper; this looks aligned with the PR goal.

---

76-79: Recipient fast-signup looks right; ensure context isolation across sign-ups

Switching to Auth.fastSignUp({ primary_email, primary_email_verified: true }) is consistent with the suite-wide migration. Just ensure backendContext/session reset is intentional since the test signs up multiple users.

---

133-136: Nice cleanup of “no current server user” flow; watch for backendContext leakage

Setting backendContext.set({ userAuth: null }) earlier and then signing up here is fine as long as the harness resets context per test; otherwise, add a reset at the end.

---

146-149: Auth.fastSignUp() swap is fine; consider explicit project setup if required by your auth helper

---

211-214: Multiple fastSignUp() calls: ensure the “acting user” matches the accessType: "client" request

This test intentionally ends with the “teamAdmin” user as the current session before the client GET—good. Just verify Team.addMember(teamId, teamAdmin) is truly server-privileged (i.e., not relying on whichever user is currently signed in).

Also applies to: 223-225

---

319-332: Good migration to fastSignUp(); keep tests deterministic re: current project

---

368-381: Good: inviter/admin setup is much faster; verify team membership mutations don’t depend on current session

---

427-441: Good coverage retained after migration; same “acting user” verification for revoke permission paths

---

467-471: Looks correct with InternalProjectKeys; confirm fastSignUp() respects the set project keys

apps/e2e/tests/backend/endpoints/api/v1/internal/api-keys.test.ts (1)

59-59: Approved. Authentication method updated for faster test execution.

The replacement of Auth.Otp.signUp() with Auth.fastSignUp() aligns with the PR's goal to speed up tests. Both tests verify admin operations using accessType: "admin" in subsequent fetch calls, which combine the user authentication context established by fastSignUp() with admin credentials from the internal project keys.

⛔ Skipped due to learnings

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to apps/e2e/**/*.{ts,tsx} : Always add new E2E tests when changing API or SDK interface; err on the side of creating too many tests due to the critical nature of the industry

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to **/*.{ts,tsx} : Always add new E2E tests when changing the API or SDK interface

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth-providers.test.ts (1)

6-6: LGTM! Auth.fastSignUp() provides equivalent authentication context for these tests.

The migration from Auth.Otp.signIn() to Auth.fastSignUp() is clean and consistent across all test cases. Both methods create a user account and retrieve an admin token via the same getAdminToken() call, producing functionally equivalent tokens. The OAuth provider tests don't depend on email verification state, so skipping the OTP flow has no impact on test validity. This change safely accelerates test execution while preserving test functionality.

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts (1)

154-154: LGTM! OAuth flow tests work correctly with fast signup.

The auth method migration is safe for OAuth integration tests. Each test properly isolates the OAuth flow with independent project creation, and the authorization code exchanges validate correctly with proper token generation.

apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts (1)

173-199: Auth.fastSignUp() usage looks consistent with needing an authenticated client context.

Capturing { userId } from fastSignUp() and using it as customer_id is coherent and keeps the tests deterministic.

Also applies to: 253-280, 282-365

apps/e2e/tests/backend/backend-helpers.ts (1)

1352-1367: Improved User.create() assertion (status + structural body check).

Checking 201 plus { id: string } is a good balance: stricter than status-only, while still tolerant of additional response fields.

apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/projects/transfer.test.ts (1)

29-41: Auth.fastSignUp() placement is consistent with requiring accessType: "client" auth for confirm/check paths.

Given these endpoints are called with accessType: "client" and rely on me/current-user semantics, setting user auth via fastSignUp() here makes sense.

Also applies to: 70-73, 126-138, 165-168, 247-255, 268-276

apps/e2e/tests/backend/endpoints/api/v1/notification-preferences.test.ts (1)

33-35: Auth.fastSignUp() before me preference endpoints is appropriate.

This keeps the tests fast (no mailbox polling) and preserves behavior for authenticated “me” routes.

Also applies to: 55-57, 89-91

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/api-keys.test.ts (1)

57-66: Auth.fastSignUp() swap looks fine for establishing authenticated context before admin calls.

apps/e2e/tests/backend/endpoints/api/v1/team-member-profiles.test.ts (1)

3-3: Importing User for token-based “current user” verification makes sense.

apps/e2e/tests/backend/endpoints/api/v1/integrations/custom/oauth.test.ts (1)

154-154: Auth.fastSignUp migration looks consistent with the test intent (and should speed up).

Also applies to: 161-161, 193-193, 247-247

apps/e2e/tests/backend/endpoints/api/v1/team-permissions.test.ts (1)

4-7: Auth.fastSignUp + simplified project setup updates look correct for these permission tests.

Also applies to: 21-24, 46-50, 197-200, 271-276, 316-321, 360-363

apps/e2e/tests/backend/endpoints/api/v1/users.test.ts (1)

206-246: Auth.fastSignUp swaps look consistent with the surrounding assertions.

Also applies to: 336-368, 370-410, 533-745, 746-780, 873-956, 2097-2129

apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts (1)

5-15: Auth.fastSignUp + simplified project setup changes look correct across these team endpoint tests.

Also applies to: 17-28, 30-56, 58-85, 86-115, 117-136, 138-176, 178-237, 239-277, 279-319, 321-353, 355-387, 389-423, 425-468, 470-503, 505-558, 560-605, 606-632, 634-668, 669-698

apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts (1)

6-35: fastSignUp migration + updated snapshots look coherent for membership scenarios.

Also applies to: 37-195, 197-367, 455-525, 527-580, 583-618, 621-663, 664-699, 701-837

apps/e2e/tests/backend/endpoints/api/v1/internal/projects/transfer.test.ts (1)

112-119: Good: explicit user switching via backendContext.set({ userAuth }) keeps the intent clear.

Also applies to: 183-184

[greptile-apps]

Greptile Overview

Greptile Summary

This PR optimizes E2E test execution time by replacing the slow Auth.Otp.signIn() flow (which requires email sending/receiving via mailbox) with a new Auth.fastSignUp() helper that creates users directly via the server API and session endpoints.

• New Auth.fastSignUp() helper: Creates a user via User.create() and immediately establishes a session via the /api/v1/auth/sessions endpoint, bypassing the OTP email verification flow entirely
• Test refactoring across 32 files: All backend E2E tests now use fastSignUp() instead of Otp.signIn(), eliminating unnecessary email round-trips
• Snapshot updates: Inline snapshots updated to reflect users created via fastSignUp have different auth states (no email verification, auth_with_email: false, team names as "Personal Team")
• Simplified test setup: Removed redundant bumpEmailAddress() calls and magic_link_enabled config where no longer needed
• Setup wizard change: Modified to run only in CI environments, but has a critical bug that will cause it to always fail

Confidence Score: 3/5

• Most changes are straightforward test refactoring, but the setup wizard test has a critical bug that will cause CI failures.
• The bulk of this PR is a safe and beneficial refactoring to speed up tests. However, the setup wizard test has been modified to throw an error unconditionally when running in CI, which will cause test failures. This needs to be addressed before merging.
• apps/e2e/tests/general/setup-wizard.test.ts - contains throw new Error("Not implemented") that will always fail in CI.

Important Files Changed

File Analysis

Filename	Score	Overview
apps/e2e/tests/backend/backend-helpers.ts	5/5	Added Auth.fastSignUp() helper that creates users via server API and session endpoints, bypassing OTP email flow; strengthened User.create response assertions.
apps/e2e/tests/general/setup-wizard.test.ts	1/5	Test modified to run only in CI with it.runIf(!!process.env.CI), but has a throw new Error("Not implemented") that will always fail in CI.
apps/e2e/tests/backend/endpoints/api/v1/users.test.ts	5/5	Replaced Auth.Otp.signIn() with Auth.fastSignUp() throughout; removed unnecessary magic_link_enabled configs and bumpEmailAddress() calls.
apps/e2e/tests/backend/endpoints/api/v1/teams.test.ts	5/5	Replaced Auth.Otp.signIn() with Auth.fastSignUp() across all test cases; removed bumpEmailAddress() calls; removed magic_link_enabled config where unnecessary.
apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts	5/5	Replaced OTP sign-in with fastSignUp; updated inline snapshots to reflect users without email authentication (email-related fields now false/null, team names now "Personal Team").
apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts	5/5	Replaced OTP sign-in with fastSignUp; passes primary_email and primary_email_verified to fastSignUp when users need to receive/accept invitations by email.

Sequence Diagram

sequenceDiagram
    participant Test as E2E Test
    participant Helper as Auth.fastSignUp()
    participant UserAPI as /api/v1/users
    participant SessionAPI as /api/v1/auth/sessions
    participant Context as backendContext

    Note over Test,Context: Before (Auth.Otp.signIn)
    Test->>Helper: Auth.Otp.signIn()
    Helper->>UserAPI: Send OTP email
    Helper->>Helper: Wait for email delivery
    Helper->>Helper: Parse email for code
    Helper->>SessionAPI: Sign in with code
    SessionAPI-->>Helper: access_token, refresh_token
    Helper->>Context: Set userAuth
    Helper-->>Test: Return userId

    Note over Test,Context: After (Auth.fastSignUp)
    Test->>Helper: Auth.fastSignUp()
    Helper->>UserAPI: POST /api/v1/users (server access)
    UserAPI-->>Helper: userId
    Helper->>SessionAPI: POST /api/v1/auth/sessions
    SessionAPI-->>Helper: access_token, refresh_token
    Helper->>Context: Set userAuth
    Helper-->>Test: Return userId, tokens

Loading

[greptile-apps]

_{33 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[cmux-agent]

Older cmux preview screenshots (latest comment is below)

Preview Screenshots

Open Diff Heatmap

⏳ Preview screenshots are being captured...

Workspace and dev browser links will appear here once the preview environment is ready.

---

Generated by cmux preview system

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

apps/e2e/tests/general/setup-wizard.test.ts (1)

6-7: Test is now CI-only to speed up local development.

The past review comments flagging a throw new Error("Not implemented") statement are no longer applicable, as that issue has been resolved.

The current change makes this test run only in CI environments to speed up local test execution (aligning with the PR's "Speed up tests" objective). Given the 240-second timeout, this appears to be an expensive integration test.

However, this reduces local test coverage and means developers won't catch setup wizard issues until CI runs. Consider whether:

1. The comment on line 6 should explain why this is CI-only (e.g., "expensive integration test", "requires full environment")
2. This test could be optimized to run locally with acceptable performance
3. The trade-off between local feedback and test speed is acceptable for your workflow

🧹 Nitpick comments (1)

apps/e2e/tests/backend/backend-helpers.ts (1)

219-246: Good JWT validation logic.

The token verification correctly validates signature, issuer, and payload structure. The expect.toSatisfy(() => true) matchers (lines 238-241) intentionally accept any value including null, which provides flexibility for different test scenarios.

Optional: Consider reducing JWKS fetch timeout

The 20-second timeout (line 225) may slow down tests in failure scenarios. Consider reducing to 5-10 seconds if your test environment reliably responds faster, or make it configurable via environment variable.

 const jwks = jose.createRemoteJWKSet(
   new URL(`api/v1/projects/${aud}/.well-known/jwks.json`, STACK_BACKEND_BASE_URL),
-  { timeoutDuration: 20_000 },
+  { timeoutDuration: 10_000 },
 );

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ff77394 and 673d986.

📒 Files selected for processing (2)

• apps/e2e/tests/backend/backend-helpers.ts
• apps/e2e/tests/general/setup-wizard.test.ts

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Always add new E2E tests when changing the API or SDK interface
For blocking alerts and errors, never use toast; use alerts instead as they are less easily missed by the user
NEVER try-catch-all, NEVER void a promise, and NEVER .catch(console.error); use loading indicators and async callbacks instead, or use runAsynchronously/runAsynchronouslyWithAlert for error handling
Use ES6 maps instead of records wherever you can

Files:

• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/backend-helpers.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Prefer .toMatchInlineSnapshot over other selectors in tests when possible; check snapshot-serializer.ts for formatting details

Files:

• apps/e2e/tests/general/setup-wizard.test.ts

**/*.{ts,tsx,css}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,css}: Keep hover/click transitions snappy and fast; avoid fade-in delays on hover. Apply transitions after action completion instead, like smooth fade-out when hover ends
Use hover-exit transitions instead of hover-enter transitions; for example, use 'transition-colors hover:transition-none' instead of fade-in on hover

Files:

• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/backend-helpers.ts

apps/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

NEVER use Next.js dynamic functions if you can avoid them; prefer using client components and hooks like usePathname instead of await params to keep pages static

Files:

• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/backend-helpers.ts

{.env*,**/*.{ts,tsx,js}}

📄 CodeRabbit inference engine (AGENTS.md)

Prefix environment variables with STACK_ (or NEXT_PUBLIC_STACK_ if public) so changes are picked up by Turborepo and improves readability

Files:

• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/backend-helpers.ts

apps/e2e/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Always add new E2E tests when changing API or SDK interface; err on the side of creating too many tests due to the critical nature of the industry

Files:

• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/backend-helpers.ts

🧠 Learnings (4)

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to apps/e2e/**/*.{ts,tsx} : Always add new E2E tests when changing API or SDK interface; err on the side of creating too many tests due to the critical nature of the industry

Applied to files:

• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/backend-helpers.ts

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to **/*.{ts,tsx} : Always add new E2E tests when changing the API or SDK interface

Applied to files:

• apps/e2e/tests/general/setup-wizard.test.ts
• apps/e2e/tests/backend/backend-helpers.ts

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Run typecheck, lint, and test to ensure changes are working. You can save time by only linting and testing changed files and related E2E tests

Applied to files:

• apps/e2e/tests/general/setup-wizard.test.ts

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to **/*.test.{ts,tsx} : Prefer .toMatchInlineSnapshot over other selectors in tests when possible; check snapshot-serializer.ts for formatting details

Applied to files:

• apps/e2e/tests/general/setup-wizard.test.ts

🧬 Code graph analysis (1)

apps/e2e/tests/general/setup-wizard.test.ts (1)

apps/e2e/tests/helpers.ts (1)

• it (12-12)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: all-good
• GitHub Check: Vercel Agent Review
• GitHub Check: lint_and_build (latest)
• GitHub Check: check_prisma_migrations (22.x)
• GitHub Check: Cursor Bugbot
• GitHub Check: build (22.x)
• GitHub Check: setup-tests
• GitHub Check: restart-dev-and-test
• GitHub Check: restart-dev-and-test-with-custom-base-port
• GitHub Check: E2E Tests (Node 22.x, Freestyle prod)
• GitHub Check: E2E Tests (Node 22.x, Freestyle mock)
• GitHub Check: docker
• GitHub Check: setup-tests-with-custom-base-port
• GitHub Check: build (22.x)

🔇 Additional comments (2)

apps/e2e/tests/backend/backend-helpers.ts (2)

190-217: LGTM! Effective test acceleration approach.

The fastSignUp helper correctly bypasses the OTP flow by directly creating a user and session via server API, which should significantly speed up test setup. The implementation properly updates the auth context and validates the response structure.

---

1358-1363: LGTM! Strengthened assertion improves test reliability.

The change from a simple status check to a structural assertion ensures both the status code and response body shape are validated, which better protects against regressions.

[cmux-agent]

Preview Screenshots

Open Diff Heatmap

⏳ Preview screenshots are being captured...

Workspace and dev browser links will appear here once the preview environment is ready.

---

Generated by cmux preview system

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

apps/backend/scripts/run-email-queue.ts (1)

11-12: Consider a health check or retry mechanism instead of a fixed delay.

The 5-second fixed delay may be insufficient on slower systems or excessive on fast ones. A more robust approach would be to poll the server's health endpoint with exponential backoff until it responds successfully.

🔎 Proposed health check implementation

-  // Wait a few seconds to make sure the server is fully started
-  await wait(5_000);
+  // Wait for the server to be ready
+  console.log("Waiting for server to be ready...");
+  let retries = 0;
+  const maxRetries = 30;
+  while (retries < maxRetries) {
+    try {
+      const healthRes = await fetch(`${baseUrl}/api/health`, { 
+        method: "GET",
+        signal: AbortSignal.timeout(2_000)
+      });
+      if (healthRes.ok) {
+        console.log("Server is ready.");
+        break;
+      }
+    } catch (e) {
+      // Server not ready yet
+    }
+    retries++;
+    if (retries >= maxRetries) {
+      throw new StackAssertionError("Server failed to start within timeout period");
+    }
+    await wait(Math.min(1_000 * Math.pow(1.5, retries), 5_000));
+  }

Note: This assumes a /api/health endpoint exists. If not, you could ping any lightweight endpoint or verify the fix with a script.

apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts (1)

469-469: Inconsistent Auth.fastSignUp() call.

This call passes an empty object {}, while all other similar calls in this file (lines 27, 62, 147, 213, 223, etc.) invoke Auth.fastSignUp() without arguments. For consistency, consider removing the empty object parameter.

🔎 Proposed fix for consistency

-  await Auth.fastSignUp({});
+  await Auth.fastSignUp();

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 673d986 and c4f1074.

📒 Files selected for processing (4)

• apps/backend/package.json
• apps/backend/scripts/run-email-queue.ts
• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts
• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/e2e/tests/backend/endpoints/api/v1/data-vault.test.ts

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Always add new E2E tests when changing the API or SDK interface
For blocking alerts and errors, never use toast; use alerts instead as they are less easily missed by the user
NEVER try-catch-all, NEVER void a promise, and NEVER .catch(console.error); use loading indicators and async callbacks instead, or use runAsynchronously/runAsynchronouslyWithAlert for error handling
Use ES6 maps instead of records wherever you can

Files:

• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/backend/scripts/run-email-queue.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Prefer .toMatchInlineSnapshot over other selectors in tests when possible; check snapshot-serializer.ts for formatting details

Files:

• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts

**/*.{ts,tsx,css}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,css}: Keep hover/click transitions snappy and fast; avoid fade-in delays on hover. Apply transitions after action completion instead, like smooth fade-out when hover ends
Use hover-exit transitions instead of hover-enter transitions; for example, use 'transition-colors hover:transition-none' instead of fade-in on hover

Files:

• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/backend/scripts/run-email-queue.ts

apps/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

NEVER use Next.js dynamic functions if you can avoid them; prefer using client components and hooks like usePathname instead of await params to keep pages static

Files:

• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/backend/scripts/run-email-queue.ts

{.env*,**/*.{ts,tsx,js}}

📄 CodeRabbit inference engine (AGENTS.md)

Prefix environment variables with STACK_ (or NEXT_PUBLIC_STACK_ if public) so changes are picked up by Turborepo and improves readability

Files:

• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts
• apps/backend/scripts/run-email-queue.ts

apps/e2e/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Always add new E2E tests when changing API or SDK interface; err on the side of creating too many tests due to the critical nature of the industry

Files:

• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts

🧠 Learnings (5)

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to apps/e2e/**/*.{ts,tsx} : Always add new E2E tests when changing API or SDK interface; err on the side of creating too many tests due to the critical nature of the industry

Applied to files:

• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to **/*.{ts,tsx} : Always add new E2E tests when changing the API or SDK interface

Applied to files:

• apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to {.env*,**/*.{ts,tsx,js}} : Prefix environment variables with STACK_ (or NEXT_PUBLIC_STACK_ if public) so changes are picked up by Turborepo and improves readability

Applied to files:

• apps/backend/package.json

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Applies to packages/stack-shared/src/config/schema.ts : Whenever making backwards-incompatible changes to the config schema, update the migration functions in packages/stack-shared/src/config/schema.ts

Applied to files:

• apps/backend/package.json

📚 Learning: 2025-12-04T18:03:49.984Z

Learnt from: CR
Repo: stack-auth/stack-auth PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-04T18:03:49.984Z
Learning: Run pnpm install to install dependencies, pnpm test run for testing with Vitest, pnpm lint for linting (use --fix flag to auto-fix), pnpm typecheck for type checking

Applied to files:

• apps/backend/package.json

🧬 Code graph analysis (2)

apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts (2)

packages/template/src/lib/stack-app/users/index.ts (1)

• Auth (71-77)

packages/template/src/lib/stack-app/projects/index.ts (1)

• Project (9-13)

apps/backend/scripts/run-email-queue.ts (1)

packages/stack-shared/src/utils/promises.tsx (1)

• wait (260-268)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: Vercel Agent Review
• GitHub Check: Cursor Bugbot
• GitHub Check: check_prisma_migrations (22.x)
• GitHub Check: lint_and_build (latest)
• GitHub Check: restart-dev-and-test
• GitHub Check: E2E Tests (Node 22.x, Freestyle prod)
• GitHub Check: E2E Tests (Node 22.x, Freestyle mock)
• GitHub Check: setup-tests
• GitHub Check: build (22.x)
• GitHub Check: all-good
• GitHub Check: docker
• GitHub Check: restart-dev-and-test-with-custom-base-port
• GitHub Check: setup-tests-with-custom-base-port
• GitHub Check: build (22.x)

🔇 Additional comments (6)

apps/backend/package.json (1)

19-19: LGTM! Consistent environment variable handling.

The script now matches the pattern from line 18's codegen-prisma script, ensuring consistent handling of STACK_DATABASE_CONNECTION_STRING for both watch and non-watch variants.

apps/e2e/tests/backend/endpoints/api/v1/team-invitations.test.ts (5)

3-3: LGTM: Import additions support the test migration.

The addition of InternalProjectKeys to imports is necessary for the project keys context switching used in the test at line 468.

---

27-27: LGTM: Consistent migration to fastSignUp for user creation.

The replacement of OTP-based sign-in with Auth.fastSignUp() is consistent across all these test cases and aligns with the PR's objective to modernize and accelerate E2E test flows.

Also applies to: 62-62, 147-147, 213-213, 223-223, 250-250, 261-261, 320-320, 330-330, 369-369, 379-379, 428-428, 439-439

---

77-77: LGTM: Correct pattern for invitation recipient signup.

The use of Auth.fastSignUp({ primary_email: ..., primary_email_verified: true }) is appropriate for creating invitation recipients who need verified email addresses to accept team invitations.

Also applies to: 134-134, 494-494

---

61-61: LGTM: Project context operations support test isolation.

The additions of Project.createAndSwitch() (lines 61, 212) and backendContext.set({ projectKeys: InternalProjectKeys }) (line 468) appropriately establish isolated project contexts for the respective test scenarios.

Also applies to: 212-212, 468-468

---

1-553: Excellent migration to fastSignUp-based authentication.

This file successfully migrates all team invitation tests from OTP-based authentication to the new Auth.fastSignUp() pattern. The changes are thorough and maintain test coverage while modernizing the auth flow as per the PR objectives. All snapshots have been appropriately updated to reflect the new authentication method.