Fix build and lint failures on dev

[N2D4]

Fixes two issues causing CI failures on dev:

1. CLI typecheck error
resolveSessionAuth() was refactored to take no arguments, but whoami.ts was still passing flags to it — causing error TS2554: Expected 0 arguments, but got 1.

2. Dashboard build failure in workflows using build:packages
Since @stackframe/stack-cli#build depends on @stackframe/dashboard#build:rde-standalone (via turbo.json), running build:packages now also builds the dashboard. Without .env.production.local, new URL(getPublicEnvVar('NEXT_PUBLIC_STACK_API_URL') || '') in layout.tsx throws TypeError: Invalid URL.

Added the .env.production.local copy step (already present in lint-and-build.yaml) to:

• check-prisma-migrations.yaml
• setup-tests.yaml
• setup-tests-with-custom-base-port.yaml

Link to Devin session: https://app.devin.ai/sessions/5ac9f5f6d4f0405e946b3993c6b08cd8
Requested by: @N2D4

---

Note

Medium Risk
Touches server-side initialization paths in the dashboard by replacing a global stackServerApp export with a lazy getStackServerApp() accessor; mistakes here could surface as runtime failures in server actions/pages. Other changes are straightforward build/typecheck fixes (URL guarding and CLI arg removal).

Overview
Fixes dashboard build/runtime edge cases by replacing the exported stackServerApp singleton with a lazy, memoized getStackServerApp() (including the remote-dev-environment guard) and updating server actions/pages to call the accessor.

Hardens apps/dashboard metadata generation to avoid constructing new URL('') when NEXT_PUBLIC_STACK_API_URL is missing, and updates the CLI whoami command to match the refactored resolveSessionAuth() signature (no args).

^{Reviewed by Cursor Bugbot for commit e321ee5. Bugbot is set up for automated code reviews on this repo. Configure here.}

Summary by CodeRabbit

• Refactor

  • Moved server app initialization to a lazy, memoized accessor used across dashboard pages and integrations for more robust initialization and environment checks.
  • Simplified whoami command authentication resolution to rely on resolved session auth.

• Improvements

  • Unified dashboard metadata generation to derive metadata base and social image URLs from a single API URL, including images only when available.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
stack-auth-hosted-components	Ready	Preview, Comment	May 20, 2026 2:11am
stack-auth-mcp	Ready	Preview, Comment	May 20, 2026 2:11am
stack-auth-skills	Ready	Preview, Comment	May 20, 2026 2:11am
stack-backend	Ready	Preview, Comment	May 20, 2026 2:11am
stack-dashboard	Ready	Preview, Comment	May 20, 2026 2:11am
stack-demo	Ready	Preview, Comment	May 20, 2026 2:11am
stack-docs	Ready	Preview, Comment	May 20, 2026 2:11am
stack-preview-backend	Ready	Preview, Comment	May 20, 2026 2:11am
stack-preview-dashboard	Ready	Preview, Comment	May 20, 2026 2:11am

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The PR converts the dashboard server export to a lazy, memoized accessor, updates callers to use getStackServerApp(), centralizes dashboard metadata to derive from NEXT_PUBLIC_STACK_API_URL, and simplifies whoami's auth resolution call.

Changes

Server app lazy singleton pattern

Layer / File(s)	Summary
Lazy singleton in server.tsx apps/dashboard/src/stack/server.tsx	stackServerApp constant replaced with getStackServerApp() function that lazily initializes and memoizes StackServerApp instance, enforcing remote-dev environment guard at call time.
Projects actions with dynamic getServerApp helper apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/projects/actions.ts	New getServerApp() helper dynamically imports @/stack/server and calls getStackServerApp() for each invocation; listInvitations and inviteUser obtain the server app via this helper.
Integration pages using getStackServerApp apps/dashboard/src/app/(main)/integrations/featurebase/sso/page.tsx, apps/dashboard/src/app/(main)/integrations/oauth-confirm-page.tsx	Featurebase SSO and OAuth confirm page imports and server-side user-fetch calls updated to use getStackServerApp().getUser() instead of the eager stackServerApp singleton.

CLI and dashboard metadata updates

Layer / File(s)	Summary
Whoami command auth simplification packages/stack-cli/src/commands/whoami.ts	whoami command now calls resolveSessionAuth() with no arguments instead of passing the CLI flags object.
Dashboard layout metadata from API URL apps/dashboard/src/app/layout.tsx	metadataBase and conditional Open Graph/Twitter images derived from a single top-level apiUrl constant sourced from NEXT_PUBLIC_STACK_API_URL, replacing inline per-field env lookups.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• nams1570
• mantrakp04
• BilalG1

Poem

🐰 I hopped through code, made singletons wait,
Lazy and tidy, now they initialize straight.
One API URL guides the dashboard's face,
CLI trimmed its call — a neater little trace.
Cheers from a rabbit, bounding with grace.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Fix build and lint failures on dev' directly and clearly summarizes the main objective of the PR, which is to resolve CI failures on the dev branch.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description clearly explains the two CI failures being fixed (CLI typecheck and dashboard build failures) and documents the remedies applied.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch devin/1779237083-fix-build-lint-dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR fixes two unrelated CI failures on dev: a TypeScript error in whoami.ts where resolveSessionAuth() was called with a now-removed argument, and a dashboard build crash in several workflows that was missing the .env.production.local file required by NEXT_PUBLIC_STACK_API_URL.

• whoami.ts: Drops the stale flags argument from resolveSessionAuth(); flags is still declared and used correctly for JSON output formatting later in the same action handler.
• Workflow YAML files: Adds cp apps/dashboard/.env.development apps/dashboard/.env.production.local to check-prisma-migrations.yaml, setup-tests.yaml, and setup-tests-with-custom-base-port.yaml — matching the step already present in lint-and-build.yaml.

Confidence Score: 5/5

Both fixes are targeted and correct; the workflow env file copy and the removed argument are straightforward corrections with no side effects.

The whoami.ts change removes a now-invalid argument and leaves all other logic intact. The three workflow changes mirror a step already working in lint-and-build.yaml. The only callout is a minor step-ordering inconsistency in check-prisma-migrations.yaml that has no runtime impact.

No files require special attention; the check-prisma-migrations.yaml ordering note is cosmetic only.

Important Files Changed

Filename	Overview
packages/stack-cli/src/commands/whoami.ts	Removes the stale flags argument from resolveSessionAuth() call; flags is still correctly used downstream for JSON output formatting.
.github/workflows/setup-tests.yaml	Adds .env.production.local copy step (after pnpm install) so the dashboard build doesn't crash on a missing NEXT_PUBLIC_STACK_API_URL.
.github/workflows/setup-tests-with-custom-base-port.yaml	Same .env.production.local copy fix as setup-tests.yaml, placed consistently after pnpm install.
.github/workflows/check-prisma-migrations.yaml	Adds .env.production.local copy step, but placed before pnpm install — inconsistent with the other three workflows where it appears after install.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[CI Workflow triggered] --> B{build:packages}
    B --> C[stack-cli#build]
    C --> D[dashboard#build:rde-standalone\nvia turbo.json dependency]
    D --> E{.env.production.local\nexists?}
    E -- No --> F["TypeError: Invalid URL\n(NEXT_PUBLIC_STACK_API_URL empty)"]
    E -- Yes --> G[Build succeeds]

    subgraph "Fix applied to 3 workflows"
        H["cp .env.development\n→ .env.production.local"]
    end
    H --> E

Loading

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
.github/workflows/check-prisma-migrations.yaml:45-49
The `.env.production.local` copy step is placed before `pnpm install` here, while the equivalent step in `setup-tests.yaml` and `setup-tests-with-custom-base-port.yaml` is placed after install. Functionally this makes no difference (the source file is a committed repo file), but moving it after `pnpm install` would keep all three workflows consistent with each other and with `lint-and-build.yaml`.

```suggestion
      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Create .env.production.local file for apps/dashboard
        run: cp apps/dashboard/.env.development apps/dashboard/.env.production.local
```

_{Reviews (1): Last reviewed commit: "Fix build and lint failures on dev" | Re-trigger Greptile}

[greptile-apps]

The .env.production.local copy step is placed before pnpm install here, while the equivalent step in setup-tests.yaml and setup-tests-with-custom-base-port.yaml is placed after install. Functionally this makes no difference (the source file is a committed repo file), but moving it after pnpm install would keep all three workflows consistent with each other and with lint-and-build.yaml.

Suggested change

	- name: Create .env.production.local file for apps/dashboard
	run: cp apps/dashboard/.env.development apps/dashboard/.env.production.local
	- name: Install dependencies
	run: pnpm install --frozen-lockfile
	- name: Install dependencies
	run: pnpm install --frozen-lockfile
	- name: Create .env.production.local file for apps/dashboard
	run: cp apps/dashboard/.env.development apps/dashboard/.env.production.local

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/workflows/check-prisma-migrations.yaml
Line: 45-49

Comment:
The `.env.production.local` copy step is placed before `pnpm install` here, while the equivalent step in `setup-tests.yaml` and `setup-tests-with-custom-base-port.yaml` is placed after install. Functionally this makes no difference (the source file is a committed repo file), but moving it after `pnpm install` would keep all three workflows consistent with each other and with `lint-and-build.yaml`.

```suggestion
      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Create .env.production.local file for apps/dashboard
        run: cp apps/dashboard/.env.development apps/dashboard/.env.production.local
```

How can I resolve this? If you propose a fix, please make it concise.

[Copilot]

Pull request overview

Fixes CI failures on dev by addressing a Stack CLI typecheck break and ensuring the dashboard can be built as an indirect dependency of build:packages in workflows that previously didn’t prepare dashboard production env files.

Changes:

• Update stack-cli’s whoami command to call resolveSessionAuth() with no arguments (matching the refactor).
• Add a GitHub Actions step to create apps/dashboard/.env.production.local (copied from .env.development) before running build:packages in additional workflows.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
packages/stack-cli/src/commands/whoami.ts	Removes the now-invalid flags argument when calling resolveSessionAuth(), fixing TS2554.
.github/workflows/setup-tests.yaml	Creates apps/dashboard/.env.production.local before build:packages so dashboard builds don’t fail due to missing public env vars.
.github/workflows/setup-tests-with-custom-base-port.yaml	Same env-file preparation as above for the custom base port workflow.
.github/workflows/check-prisma-migrations.yaml	Ensures dashboard env file exists before build:packages runs as part of the migrations check workflow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/setup-tests.yaml (1)

38-39: 💤 Low value

Consider standardizing step placement across workflows.

In check-prisma-migrations.yaml, this step runs before pnpm install, while here and in setup-tests-with-custom-base-port.yaml, it runs after. Both work since the file is only needed for the build step, but consistent placement would improve maintainability.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/setup-tests.yaml around lines 38 - 39, The "Create
.env.production.local file for apps/dashboard" step is placed after pnpm install
in this workflow but before pnpm install in check-prisma-migrations and after in
setup-tests-with-custom-base-port, causing inconsistency; pick one standard
placement (e.g., move the "Create .env.production.local file for apps/dashboard"
step to run before the pnpm install step across all workflows, or consistently
keep it after) and update this workflow to match that convention so all
workflows (check-prisma-migrations, setup-tests-with-custom-base-port, and this
file) have the same ordering.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/setup-tests.yaml:
- Around line 38-39: The "Create .env.production.local file for apps/dashboard"
step is placed after pnpm install in this workflow but before pnpm install in
check-prisma-migrations and after in setup-tests-with-custom-base-port, causing
inconsistency; pick one standard placement (e.g., move the "Create
.env.production.local file for apps/dashboard" step to run before the pnpm
install step across all workflows, or consistently keep it after) and update
this workflow to match that convention so all workflows
(check-prisma-migrations, setup-tests-with-custom-base-port, and this file) have
the same ordering.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ad425c96-d148-4114-977e-236288f7a0ba

📥 Commits

Reviewing files that changed from the base of the PR and between bb90106 and 085434d.

📒 Files selected for processing (4)

• .github/workflows/check-prisma-migrations.yaml
• .github/workflows/setup-tests-with-custom-base-port.yaml
• .github/workflows/setup-tests.yaml
• packages/stack-cli/src/commands/whoami.ts