From 57c8195b77a4468bb2a6b5f519a8f32b4557dbac Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Sat, 23 May 2026 01:55:57 +0000
Subject: [PATCH 1/3] =?UTF-8?q?fix:=20CI=20failures=20=E2=80=94=20Node=202?=
 =?UTF-8?q?2=20for=20setup=20tests,=20increase=20test/transaction=20timeou?=
 =?UTF-8?q?ts?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Upgrade setup-tests workflows from Node 20 to Node 22 (fixes INVALID_PROJECT_FOR_ACCESS_TOKEN errors caused by fetch bugs in Node 20)
- Increase ClickHouse polling retries in internal-metrics tests for eventual consistency under CI load
- Add explicit test timeouts for ClickHouse-dependent tests (token-refresh-events, analytics-events, analytics-events-batch) that can exceed the default 60s under CI
- Add timeout to team-invitations acceptance test
- Add timeout option to retryTransaction and use 90s for seed bulk-insert transactions (fixes QEMU arm64 build where default 5s is insufficient)

Co-Authored-By: Konstantin Wohlwend <n2d4xc@gmail.com>
---
 .../setup-tests-with-custom-base-port.yaml       |  4 ++--
 .github/workflows/setup-tests.yaml               |  4 ++--
 apps/backend/src/lib/seed-dummy-data.ts          |  4 ++--
 apps/backend/src/prisma-client.tsx               |  3 ++-
 .../api/v1/analytics-events-batch.test.ts        |  4 ++--
 .../endpoints/api/v1/analytics-events.test.ts    |  2 +-
 .../endpoints/api/v1/internal-metrics.test.ts    |  6 +++---
 .../api/v1/token-refresh-events.test.ts          | 16 ++++++++--------
 apps/e2e/tests/js/team-invitations.test.ts       |  2 +-
 9 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/setup-tests-with-custom-base-port.yaml b/.github/workflows/setup-tests-with-custom-base-port.yaml
index b6f511ecea..e8acdda9a8 100644
--- a/.github/workflows/setup-tests-with-custom-base-port.yaml
+++ b/.github/workflows/setup-tests-with-custom-base-port.yaml
@@ -26,10 +26,10 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Setup Node.js v20
+      - name: Setup Node.js v22
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
-          node-version: 20
+          node-version: 22
 
       - name: Setup pnpm
         uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
diff --git a/.github/workflows/setup-tests.yaml b/.github/workflows/setup-tests.yaml
index 89ee109cd5..1bdc1ebdd4 100644
--- a/.github/workflows/setup-tests.yaml
+++ b/.github/workflows/setup-tests.yaml
@@ -24,10 +24,10 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Setup Node.js v20
+      - name: Setup Node.js v22
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
-          node-version: 20
+          node-version: 22
 
       - name: Setup pnpm
         uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
diff --git a/apps/backend/src/lib/seed-dummy-data.ts b/apps/backend/src/lib/seed-dummy-data.ts
index f217c15b2c..11ce225854 100644
--- a/apps/backend/src/lib/seed-dummy-data.ts
+++ b/apps/backend/src/lib/seed-dummy-data.ts
@@ -681,7 +681,7 @@ async function seedDummyUsers(options: SeedDummyUsersOptions): Promise<Map<strin
       if (directPermissionRows.length > 0) {
         await tx.projectUserDirectPermission.createMany({ data: directPermissionRows });
       }
-    });
+    }, { timeout: 90_000 });
   }
 
   // Team memberships for the named seed users — bulk-inserted the same way.
@@ -725,7 +725,7 @@ async function seedDummyUsers(options: SeedDummyUsersOptions): Promise<Map<strin
       if (teamMemberPermissionRows.length > 0) {
         await tx.teamMemberDirectPermission.createMany({ data: teamMemberPermissionRows });
       }
-    });
+    }, { timeout: 90_000 });
   }
 
   return userEmailToId;
diff --git a/apps/backend/src/prisma-client.tsx b/apps/backend/src/prisma-client.tsx
index 53c18cd084..94cba5609c 100644
--- a/apps/backend/src/prisma-client.tsx
+++ b/apps/backend/src/prisma-client.tsx
@@ -480,7 +480,7 @@ class TransactionErrorThatShouldNotBeRetried extends Error {
 /**
  * @deprecated Prisma transactions are slow and lock the database. Use rawQuery with CTEs instead. Ask Konsti if you're confused or think you need transactions.
  */
-export async function retryTransaction<T>(client: Omit<PrismaClient, "$on">, fn: (tx: PrismaClientTransaction) => Promise<T>, options: { level?: "default" | "serializable" } = {}): Promise<T> {
+export async function retryTransaction<T>(client: Omit<PrismaClient, "$on">, fn: (tx: PrismaClientTransaction) => Promise<T>, options: { level?: "default" | "serializable", timeout?: number } = {}): Promise<T> {
   // serializable transactions are currently off by default, later we may turn them on
   const enableSerializable = options.level === "serializable";
 
@@ -524,6 +524,7 @@ export async function retryTransaction<T>(client: Omit<PrismaClient, "$on">, fn:
               return res;
             }, {
               isolationLevel: enableSerializable ? Prisma.TransactionIsolationLevel.Serializable : undefined,
+              ...(options.timeout != null ? { timeout: options.timeout } : {}),
             }));
           } catch (e) {
             // we don't want to retry too aggressively here, because the error may have been thrown after the transaction was already committed
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/analytics-events-batch.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/analytics-events-batch.test.ts
index 0989df2167..d63ef7f614 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/analytics-events-batch.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/analytics-events-batch.test.ts
@@ -634,7 +634,7 @@ it("rejects batch when analytics event quota is exhausted", async ({ expect }) =
   expect(res.body.code).toBe("ITEM_QUANTITY_INSUFFICIENT_AMOUNT");
 });
 
-it("accepts batch and debits event quota correctly", async ({ expect }) => {
+it("accepts batch and debits event quota correctly", { timeout: 120_000 }, async ({ expect }) => {
   const { ownerTeamId } = await setupProjectWithPlan("free");
   await Auth.Otp.signIn();
 
@@ -673,7 +673,7 @@ it("accepts batch and debits event quota correctly", async ({ expect }) => {
 // We don't support metered pricing or partial batches for now, so the entire
 // batch is rejected when remaining quota is less than the batch size, and
 // the quota must remain unchanged (no partial debit).
-it("rejects batch when remaining quota is less than batch size and does not debit", async ({ expect }) => {
+it("rejects batch when remaining quota is less than batch size and does not debit", { timeout: 120_000 }, async ({ expect }) => {
   const { ownerTeamId } = await setupProjectWithPlan("free");
   await Auth.Otp.signIn();
 
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/analytics-events.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/analytics-events.test.ts
index a7dd30283b..526e182251 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/analytics-events.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/analytics-events.test.ts
@@ -214,7 +214,7 @@ it("cannot read events from other projects", async ({ expect }) => {
   `);
 });
 
-it("filters analytics events by user within a project", async ({ expect }) => {
+it("filters analytics events by user within a project", { timeout: 120_000 }, async ({ expect }) => {
   await Project.createAndSwitch({ config: { magic_link_enabled: true } });
   const { userId: userA } = await Auth.Otp.signIn();
   await bumpEmailAddress();
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts
index cc33e34bb1..cb49f4efa8 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts
@@ -43,7 +43,7 @@ async function ensureAnonymousUsersAreStillExcluded(metricsResponse: NiceRespons
 
   // ClickHouse ingestion is async; poll until anonymous users are excluded again.
   let response!: NiceResponse;
-  for (let i = 0; i < 10; i++) {
+  for (let i = 0; i < 30; i++) {
     await wait(2_000);
     response = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
     const noAnonymousInRecentlyRegistered = (response.body.recently_registered as MetricsUser[]).every((user) => !user.is_anonymous);
@@ -72,7 +72,7 @@ async function ensureAnonymousUsersAreStillExcluded(metricsResponse: NiceRespons
 
 async function waitForMetricsToIncludeUsersByCountry(options: { countryCode: string, expectedCount: number }): Promise<NiceResponse> {
   let response!: NiceResponse;
-  for (let i = 0; i < 15; i++) {
+  for (let i = 0; i < 30; i++) {
     response = await niceBackendFetch("/api/v1/internal/metrics", { accessType: 'admin' });
     if (response.body?.users_by_country?.[options.countryCode] === options.expectedCount) {
       return response;
@@ -88,7 +88,7 @@ async function waitForMetricsMatch(
 ): Promise<NiceResponse> {
   let response!: NiceResponse;
   const suffix = includeAnonymous ? "?include_anonymous=true" : "";
-  for (let i = 0; i < 20; i++) {
+  for (let i = 0; i < 60; i++) {
     response = await niceBackendFetch(`/api/v1/internal/metrics${suffix}`, { accessType: 'admin' });
     if (predicate(response)) {
       return response;
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/token-refresh-events.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/token-refresh-events.test.ts
index b3d726a3d7..c333c35217 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/token-refresh-events.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/token-refresh-events.test.ts
@@ -189,7 +189,7 @@ it("anonymous signup creates exactly one $token-refresh event", async ({ expect
   });
 });
 
-it("OAuth signup creates exactly one $token-refresh event", async ({ expect }) => {
+it("OAuth signup creates exactly one $token-refresh event", { timeout: 120_000 }, async ({ expect }) => {
   const { projectId } = await Project.createAndSwitch({
     config: {
       oauth_providers: [{
@@ -223,7 +223,7 @@ it("OAuth signup creates exactly one $token-refresh event", async ({ expect }) =
 // Signin Tests
 // ============================================================================
 
-it("password signin (existing user) creates exactly one additional $token-refresh event", async ({ expect }) => {
+it("password signin (existing user) creates exactly one additional $token-refresh event", { timeout: 120_000 }, async ({ expect }) => {
   const { projectId } = await Project.createAndSwitch({
     config: { credential_enabled: true },
   });
@@ -246,7 +246,7 @@ it("password signin (existing user) creates exactly one additional $token-refres
   expect(events.every((e: AnalyticsEvent) => e.user_id === userId)).toBe(true);
 });
 
-it("OTP signin (existing user) creates exactly one additional $token-refresh event", async ({ expect }) => {
+it("OTP signin (existing user) creates exactly one additional $token-refresh event", { timeout: 120_000 }, async ({ expect }) => {
   const { projectId } = await Project.createAndSwitch({
     config: { magic_link_enabled: true },
   });
@@ -267,7 +267,7 @@ it("OTP signin (existing user) creates exactly one additional $token-refresh eve
   expect(events.every((e: AnalyticsEvent) => e.user_id === userId)).toBe(true);
 });
 
-it("OAuth signin (existing user) creates exactly one additional $token-refresh event", async ({ expect }) => {
+it("OAuth signin (existing user) creates exactly one additional $token-refresh event", { timeout: 120_000 }, async ({ expect }) => {
   const { projectId } = await Project.createAndSwitch({
     config: {
       oauth_providers: [{
@@ -299,7 +299,7 @@ it("OAuth signin (existing user) creates exactly one additional $token-refresh e
 // Session Refresh Tests
 // ============================================================================
 
-it("session refresh endpoint creates exactly one additional $token-refresh event", async ({ expect }) => {
+it("session refresh endpoint creates exactly one additional $token-refresh event", { timeout: 120_000 }, async ({ expect }) => {
   const { projectId } = await Project.createAndSwitch({
     config: { magic_link_enabled: true },
   });
@@ -317,7 +317,7 @@ it("session refresh endpoint creates exactly one additional $token-refresh event
   expect(events.every((e: AnalyticsEvent) => e.user_id === userId)).toBe(true);
 });
 
-it("multiple session refreshes create one event each", async ({ expect }) => {
+it("multiple session refreshes create one event each", { timeout: 180_000 }, async ({ expect }) => {
   const { projectId } = await Project.createAndSwitch({
     config: { magic_link_enabled: true },
   });
@@ -344,7 +344,7 @@ it("multiple session refreshes create one event each", async ({ expect }) => {
 // OAuth Refresh Token Grant Tests
 // ============================================================================
 
-it("OAuth refresh token grant creates exactly one additional $token-refresh event", async ({ expect }) => {
+it("OAuth refresh token grant creates exactly one additional $token-refresh event", { timeout: 120_000 }, async ({ expect }) => {
   const { projectId } = await Project.createAndSwitch({
     config: {
       oauth_providers: [{
@@ -391,7 +391,7 @@ it("OAuth refresh token grant creates exactly one additional $token-refresh even
   expect(events.every((e: AnalyticsEvent) => e.user_id === userId)).toBe(true);
 });
 
-it("multiple OAuth refresh token grants create one event each", async ({ expect }) => {
+it("multiple OAuth refresh token grants create one event each", { timeout: 180_000 }, async ({ expect }) => {
   const { projectId } = await Project.createAndSwitch({
     config: {
       oauth_providers: [{
diff --git a/apps/e2e/tests/js/team-invitations.test.ts b/apps/e2e/tests/js/team-invitations.test.ts
index 83782943a7..10b1b1e994 100644
--- a/apps/e2e/tests/js/team-invitations.test.ts
+++ b/apps/e2e/tests/js/team-invitations.test.ts
@@ -198,7 +198,7 @@ it("should list invitations from multiple teams", async ({ expect }) => {
 });
 
 
-it("should accept a team invitation via the client SDK", async ({ expect }) => {
+it("should accept a team invitation via the client SDK", { timeout: 120_000 }, async ({ expect }) => {
   const { clientApp, serverApp } = await createApp({ config: { clientTeamCreationEnabled: true } });
 
   // Create a team

From bd8d4dcd681ea597a4e5823730d6cc3056eaefd4 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Sat, 23 May 2026 02:13:55 +0000
Subject: [PATCH 2/3] chore: regenerate docs after MCP setup prompt removal

Co-Authored-By: Konstantin Wohlwend <n2d4xc@gmail.com>
---
 docs-mintlify/guides/getting-started/setup.mdx | 2 +-
 docs-mintlify/snippets/home-prompt-island.jsx  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs-mintlify/guides/getting-started/setup.mdx b/docs-mintlify/guides/getting-started/setup.mdx
index 4d7aed61ee..a66d5b14e5 100644
--- a/docs-mintlify/guides/getting-started/setup.mdx
+++ b/docs-mintlify/guides/getting-started/setup.mdx
@@ -6,7 +6,7 @@ sidebarTitle: Setup
 
 {/* This file is auto-generated by scripts/generate-setup-prompt-docs.ts. Do not edit it manually; edit packages/stack-shared/src/ai/prompts.ts instead. */}
 
-export const generatedSetupPromptText = "# Setting up Stack Auth\n\nThis prompt explains how to set up Stack Auth in your project.\n\nTo use it, you can use the sections below to set up Stack Auth in the project. For example, if you are setting up a Svelte project, you would follow the SDK setup instructions for a frontend JS project.\n\n## SDK Setup Instructions\n\nFollow these instructions in order to set up and get started with the Stack Auth SDK in various languages.\n\nNot all steps are applicable to every type of application; for example, React apps have some extra steps that are not needed with other frameworks.\n\nThe frameworks and languages with explicit SDK support are:\n\n- Next.js\n- React\n- TanStack Start\n- Other JS & TS (both frontend and backend)\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Install dependencies\">\n    Stack Auth has SDKs for various languages, frameworks, and libraries. Use the most specific package each, so, for example, even though a Next.js project uses both Next.js and React, use the Next.js package. If a programming language is not supported entirely, you may have to use the REST API to interface with Stack Auth.\n    \n    #### JavaScript & TypeScript\n    \n    For JS & TS, the following packages are available:\n    \n    - Next.js: `@stackframe/stack`\n    - React: `@stackframe/react`\n    - TanStack Start: `@stackframe/tanstack-start`\n    - Other & vanilla JS: `@stackframe/js`\n    \n    You can install the correct JavaScript Stack Auth SDK into your project by running the following command:\n\n      ```sh\n      npm i <the-sdk-from-above>\n      # or: pnpm i <the-sdk-from-above>\n      # or: yarn add <the-sdk-from-above>\n      # or: bun add <the-sdk-from-above>\n      ```\n  </Step>\n  \n  <Step title=\"Initializing the Stack App\">\n    Next, let us create the Stack App object for your project. This is the most important object in a Stack Auth project.\n\n    In a frontend where you cannot keep a secret key safe, you would use the `StackClientApp` constructor:\n    \n    ```ts src/stack/client.ts\n    import { StackClientApp } from \"<the-sdk-from-above>\";\n    \n    export const stackClientApp = new StackClientApp({\n      tokenStore: \"cookie\", // \"nextjs-cookie\" for Next.js, \"cookie\" for other web frontends, null for backend environments\n      urls: {\n        default: {\n          type: \"hosted\",\n        }\n      },\n    });\n    ```\n\n    In a backend where you can keep a secret key safe, you can use the `StackServerApp`, which provides access to more sensitive APIs compared to `StackClientApp`:\n    \n    ```ts src/stack/server.ts\n    import { StackServerApp } from \"<the-sdk-from-above>\";\n    \n    export const stackServerApp = new StackServerApp({\n      tokenStore: null,\n      urls: {\n        default: {\n          type: \"hosted\",\n        }\n      },\n    });\n    ```\n    \n    In frameworks that are both front- and backend, like Next.js, you can also create a `StackServerApp` from a `StackClientApp` object:\n    \n    ```ts src/stack/server.ts\n    import { StackServerApp } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./client\";\n    \n    export const stackServerApp = new StackServerApp({\n      inheritsFrom: stackClientApp,\n    });\n    ```\n    \n    Note that the secret server key should **never** be exposed to the client, as it can be used to read and write everything in your Stack Auth project. In web frontends or bundled applications, you should therefore always only ever create a `StackClientApp` object.\n  </Step>\n\n  <Step title=\"Setting up the project\">\n    It's now time to connect your code to a Stack Auth project.\n\n    You can either run Stack Auth's dev environment locally, or connect to a production project hosted in the cloud.\n\n    If you already use Stack Auth for your product, we recommend you re-use the same project to share your configuration between the two.\n\n    <AccordionGroup>\n      <Accordion title=\"Option 1: Running Stack Auth's dev environment (recommended)\" defaultOpen>\n        First, create a `stack.config.ts` configuration file in the root directory of the workspace (or anywhere else):\n\n        ```ts stack.config.ts\n        import type { StackConfig } from \"<the-sdk-from-above>\";\n\n        // default: show-onboarding, which shows the onboarding flow for this project when Stack Auth starts\n        export const config: StackConfig = \"show-onboarding\";\n        ```\n\n        To run your application with Stack Auth, you can then start the dev environment and set environment variables expected by your application. Stack Auth's CLI has a `dev` command does both of these, so let's install it as a dev dependency and wrap your existing `dev` script in your package.json:\n\n        ```sh\n        npm i -D @stackframe/stack-cli\n        # or: pnpm i -D @stackframe/stack-cli\n        # or: yarn add -D @stackframe/stack-cli\n        # or: bun add --dev @stackframe/stack-cli\n        ```\n\n        ```json package.json\n        {\n          // ...\n          \"scripts\": {\n            // ...\n            \"dev\": \"stack dev --config-file ./stack.config.ts -- npm run dev:without-stack-auth\",\n            \"dev:without-stack-auth\": \"<your-existing-dev-script>\"\n          }\n        }\n        ```\n      </Accordion>\n\n      <Accordion title=\"Option 2: Connecting to a production project hosted in the cloud\">\n        Note: If you're an AI agent, and you don't already have the information you need from the Cloud project, you may have to ask the user for help on this step. You can either ask them to provide the environment variables, or just leave them empty for now and ask the user to complete them at the end.\n\n        If you'd rather run your development environment on our infrastructure, or you already have an existing product, you can also connect a cloud project.\n\n        This process is slightly different depending on whether you're setting up a frontend or a backend (whether your app can keep a secret key safe or not).\n\n        #### Frontend\n\n        Go to your project's dashboard on [app.stack-auth.com](https://app.stack-auth.com) and get the project ID. You can find it in the URL after the `/projects/` part. Copy-paste it into your `.env.local` file (or wherever your environment variables are stored):\n\n        Some projects have the `requirePublishableClientKey` config option enabled. In that case, a publishable client key will also be necessary. However, this is extremely uncommon; for most projects this is not true, so don't ask the user for one unless you have confirmation that the publishable client key is required. If it's not required, the project ID is the only environment variable required to use Stack Auth on a client.\n        \n        ```.env .env.local\n        STACK_PROJECT_ID=<your-project-id>\n        ```\n\n        Alternatively, you can also just set the project ID in the `stack/client.ts` file:\n\n        ```ts src/stack/client.ts\n        export const stackClientApp = new StackClientApp({\n          // ...\n          projectId: \"your-project-id\",\n        });\n        ```\n\n\n        #### Backend (or both frontend and backend)\n\n        First, navigate to the [Project Keys](https://app.stack-auth.com/projects/-selector-/project-keys) page in the Stack Auth dashboard and generate a new set of keys.\n\n        Then, copy-paste them into your `.env.local` file (or wherever your environment variables are stored):\n\n        If the `requirePublishableClientKey` config option is enabled as described above, a publishable client key will also be necessary. Otherwise, these two are the only environment variables required to use Stack Auth on a server.\n        \n        ```.env .env.local\n        STACK_PROJECT_ID=<your-project-id>\n        STACK_SECRET_SERVER_KEY=<your-secret-server-key>\n        ```\n\n        They'll automatically be picked up by the `StackServerApp` constructor.\n      </Accordion>\n    </AccordionGroup>\n  </Step>\n\n  <Step title=\"React: Creating a <StackProvider /> and <StackTheme />\">\n    In React frameworks, Stack Auth provides `StackProvider` and `StackTheme` components that should wrap your entire app at the root level.\n  \n    For example, if you have an `App.tsx` file, update it as follows:\n    \n    ```tsx src/App.tsx\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./stack/client\";\n    \n    export default function App() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            {/* your app content */}\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    For Next.js specifically: You can do this in the `layout.tsx` file in the `app` directory:\n    \n    ```tsx src/app/layout.tsx\n    import { Suspense } from \"react\";\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackServerApp } from \"@/stack/server\";\n    \n    export default function RootLayout({ children }: { children: React.ReactNode }) {\n      return (\n        <StackProvider app={stackServerApp}>\n          <StackTheme>\n            {children}\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    For TanStack Start specifically: TanStack Start uses file-based routes. The provider goes inside the root route's `component` (the inner React tree), while the document shell stays in `shellComponent`. Update `src/routes/__root.tsx`:\n    \n    ```tsx src/routes/__root.tsx\n    import { StackProvider, StackTheme } from \"@stackframe/tanstack-start\";\n    import { createRootRoute, HeadContent, Outlet, Scripts } from \"@tanstack/react-router\";\n    import type { ReactNode } from \"react\";\n    import { stackClientApp } from \"../stack/client\";\n    \n    export const Route = createRootRoute({\n      shellComponent: RootDocument,\n      component: RootComponent,\n    });\n    \n    function RootDocument({ children }: { children: ReactNode }) {\n      return (\n        <html lang=\"en\" suppressHydrationWarning>\n          <head>\n            <HeadContent />\n          </head>\n          <body>\n            {children}\n            <Scripts />\n          </body>\n        </html>\n      );\n    }\n    \n    function RootComponent() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            <Outlet />\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n    \n    Do not edit `src/routeTree.gen.ts` — it is regenerated automatically by the TanStack Start router from the files under `src/routes/`.\n  </Step>\n  \n  <Step title=\"React: Add Suspense boundary\">\n    Stack Auth also provides additional `useXyz` React hooks for `getXyz`/`listXyz` functions. For example, `useUser` is like `getUser`, but as a suspending React hook.\n  \n    To support the suspension, you need to add a suspense boundary around your app.\n    \n    The easiest way to do this is to just wrap your entire app in a `Suspense` component:\n    \n    ```tsx src/App.tsx\n    import { Suspense } from \"react\";\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./stack/client\";\n    \n    export default function App() {\n      return (\n        <Suspense fallback={<div>Loading...</div>}>\n          <StackProvider app={stackClientApp}>\n            <StackTheme>\n              {/* your app content */}\n            </StackTheme>\n          </StackProvider>\n        </Suspense>\n      );\n    }\n    ```\n  \n    In Next.js, this can be easily done by adding a `loading.tsx` file in the `app` directory:\n    \n    ```tsx src/app/loading.tsx\n    export default function Loading() {\n      return <div>Loading...</div>;\n    }\n    ```\n  \n    In TanStack Start: wrap the `<Outlet />` in your root route with a `Suspense` boundary so the document shell can stream while child routes wait on Stack Auth. Update `RootComponent` in `src/routes/__root.tsx`:\n    \n    ```tsx src/routes/__root.tsx\n    import { Suspense } from \"react\";\n    // ...other imports...\n    \n    function RootComponent() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            <Suspense fallback={<div>Loading...</div>}>\n              <Outlet />\n            </Suspense>\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    Note: If you are an AI agent, make sure to make the loading indicator visually appealing and match the design of your app, instead of the example that just says \"Loading...\".\n  </Step>\n  \n  <Step title=\"TanStack Start: Add the Stack handler route\">\n    Stack Auth's auth flows (sign-in, sign-up, OAuth callbacks, password reset, etc.) are rendered by a single `StackHandler` component mounted at `/handler/*`. In TanStack Start, expose it as a splat file route at `src/routes/handler/$.tsx`:\n  \n    ```tsx src/routes/handler/$.tsx\n    import { StackHandler } from \"@stackframe/tanstack-start\";\n    import { createFileRoute, useLocation } from \"@tanstack/react-router\";\n  \n    export const Route = createFileRoute(\"/handler/$\")({\n      ssr: false,\n      component: HandlerPage,\n    });\n  \n    function HandlerPage() {\n      const { pathname } = useLocation();\n      return <StackHandler fullPage location={pathname} />;\n    }\n    ```\n  \n    Two TanStack-specific notes:\n  \n    - The route is opted out of SSR with `ssr: false`. The handler runs browser-only auth flows (cookies, redirects, popups), so rendering it on the server provides no benefit and can fight with hydration. Other routes can opt into or out of SSR per-route the same way.\n    - Stack Auth resolves the current user during SSR by reading TanStack Start's request cookies through `@stackframe/tanstack-start`'s server context. No extra wiring is required — `useUser()` \"just works\" on both server and client routes as long as `tokenStore: \"cookie\"` is set on `StackClientApp`.\n  </Step>\n\n  <Step title=\"Backend: Update callers with header & get user\">\n    You are now ready to use the Stack Auth SDK. If you have any frontends calling your backend endpoints, you may want to pass along the Stack Auth tokens in a header such that you can access the same user object on your backend.\n  \n    The most ergonomic way to do this is to pass the result of `stackClientApp.getAuthorizationHeader()` as the `Authorization` header into your backend endpoints when the user is signed in:\n  \n    ```ts\n    // NOTE: This is your frontend's code\n    const authorizationHeader = await stackClientApp.getAuthorizationHeader();\n    const response = await fetch(\"/my-backend-endpoint\", {\n      headers: {\n        ...(authorizationHeader ? { Authorization: authorizationHeader } : {}),\n      },\n    });\n    // ...\n    ```\n  \n    In most backend frameworks you can then access the user object by passing the request object as a `tokenStore` of the functions that access the user object:\n  \n    ```ts\n    // NOTE: This is your backend's code\n    const user = await stackServerApp.getUser({ tokenStore: request });\n    return new Response(\"Hello, \" + user.displayName, { headers: { \"Cache-Control\": \"private, no-store\" } });\n    ```\n  \n    This will work as long as `request` is an object that follows the shape `{ headers: Record<string, string | null> | { get: (name: string) => string | null } }`.\n  \n    <Note>\n      Make sure that HTTP caching is disabled with `Cache-Control: private, no-store` for authenticated backend endpoints.\n    </Note>\n  \n    If you cannot use `getAuthorizationHeader()`, for example because you are using a protocol other than HTTP, you can use `getAuthJson()` instead:\n  \n    ```ts\n    // Frontend:\n    await rpcCall(\"my-rpc-endpoint\", {\n      data: {\n        auth: await stackClientApp.getAuthJson(),\n      },\n    });\n  \n    // Backend:\n    const user = await stackServerApp.getUser({ tokenStore: data.auth });\n    return new RpcResponse(\"Hello, \" + user.displayName);\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## MCP Setup\n\n<Note>\n  This prompt is not yet implemented.\n</Note>\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Install dependencies\">\n    Install the MCP package:\n  </Step>\n  <Step title=\"Done!\" />\n</Steps>\n\n## Convex Setup\n\nFollow these instructions to integrate Stack Auth with Convex.\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Create or identify the Convex app\">\n    If the project does not already use Convex, initialize a Convex + Next.js app:\n\n    ```sh\n    npm create convex@latest\n    ```\n\n    When prompted, choose **Next.js** and **No auth**. Stack Auth will provide auth.\n\n    During development, run the Convex backend and the app dev server:\n\n    ```sh\n    npx convex dev\n    npm run dev\n    ```\n  </Step>\n\n  <Step title=\"Install and configure Stack Auth\">\n    Install Stack Auth in the app. If you have not already completed the SDK setup steps above, run the setup wizard:\n\n    ```sh\n    npx @stackframe/stack-cli@latest init\n    ```\n\n    Create or select a Stack Auth project in the dashboard. Copy the Stack Auth environment variables into the app's `.env.local` file.\n\n    Also add the same Stack Auth environment variables to the Convex deployment environment in the Convex dashboard.\n  </Step>\n\n  <Step title=\"Configure Convex auth providers\">\n    Create or update `convex/auth.config.ts`:\n\n    ```ts convex/auth.config.ts\n    import { getConvexProvidersConfig } from \"@stackframe/js\";\n    // or: import { getConvexProvidersConfig } from \"@stackframe/react\";\n    // or: import { getConvexProvidersConfig } from \"@stackframe/stack\";\n\n    export default {\n      providers: getConvexProvidersConfig({\n        projectId: process.env.STACK_PROJECT_ID, // or process.env.NEXT_PUBLIC_STACK_PROJECT_ID\n      }),\n    };\n    ```\n  </Step>\n\n  <Step title=\"Connect Convex clients to Stack Auth\">\n    Update the Convex client setup so Convex receives Stack Auth tokens.\n\n    In browser JavaScript:\n\n    ```ts\n    convexClient.setAuth(stackClientApp.getConvexClientAuth({}));\n    ```\n\n    In React:\n\n    ```ts\n    convexReactClient.setAuth(stackClientApp.getConvexClientAuth({}));\n    ```\n\n    For Convex HTTP clients on the server, pass a request-like token store:\n\n    ```ts\n    convexHttpClient.setAuth(stackClientApp.getConvexHttpClientAuth({ tokenStore: requestObject }));\n    ```\n  </Step>\n\n  <Step title=\"Use Stack Auth user data in Convex functions\">\n    In Convex queries and mutations, use Stack Auth's Convex integration to read the current user.\n\n    ```ts convex/myFunctions.ts\n    import { query } from \"./_generated/server\";\n    import { stackServerApp } from \"../src/stack/server\";\n\n    export const myQuery = query({\n      handler: async (ctx, args) => {\n        const user = await stackServerApp.getPartialUser({ from: \"convex\", ctx });\n        return user;\n      },\n    });\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## Supabase Setup\n\n<Note>\n  This setup covers Supabase Row Level Security (RLS) with Stack Auth JWTs. It does not sync user data between Supabase and Stack Auth. Use Stack Auth webhooks if you need data sync.\n</Note>\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Create Supabase RLS policies\">\n    In the Supabase SQL editor, enable Row Level Security for your tables and write policies based on Supabase JWT claims.\n\n    For example, this sample table demonstrates public rows, authenticated rows, and user-owned rows:\n\n    ```sql\n    CREATE TABLE data (\n      id bigint PRIMARY KEY,\n      text text NOT NULL,\n      user_id UUID\n    );\n\n    INSERT INTO data (id, text, user_id) VALUES\n      (1, 'Everyone can see this', NULL),\n      (2, 'Only authenticated users can see this', NULL),\n      (3, 'Only user with specific id can see this', NULL);\n\n    ALTER TABLE data ENABLE ROW LEVEL SECURITY;\n\n    CREATE POLICY \"Public read\" ON \"public\".\"data\" TO public\n    USING (id = 1);\n\n    CREATE POLICY \"Authenticated access\" ON \"public\".\"data\" TO authenticated\n    USING (id = 2);\n\n    CREATE POLICY \"User access\" ON \"public\".\"data\" TO authenticated\n    USING (id = 3 AND auth.uid() = user_id);\n    ```\n  </Step>\n\n  <Step title=\"Install Stack Auth and Supabase dependencies\">\n    If you are starting from scratch with Next.js, you can use Supabase's template and then initialize Stack Auth:\n\n    ```sh\n    npx create-next-app@latest -e with-supabase stack-supabase\n    cd stack-supabase\n    npx @stackframe/stack-cli@latest init\n    ```\n\n    Add the Supabase environment variables to `.env.local`:\n\n    ```.env .env.local\n    NEXT_PUBLIC_SUPABASE_URL=<your-supabase-url>\n    NEXT_PUBLIC_SUPABASE_ANON_KEY=<your-supabase-anon-key>\n    SUPABASE_JWT_SECRET=<your-supabase-jwt-secret>\n    ```\n\n    Also add the Stack Auth environment variables:\n\n    ```.env .env.local\n    # The project ID is the only client-exposed Stack Auth variable; in Next.js it must\n    # be prefixed with NEXT_PUBLIC_. STACK_SECRET_SERVER_KEY is server-only and must\n    # NEVER be prefixed or exposed to the client.\n    NEXT_PUBLIC_STACK_PROJECT_ID=<your-stack-project-id>\n    STACK_SECRET_SERVER_KEY=<your-secret-server-key>\n    ```\n  </Step>\n\n  <Step title=\"Mint Supabase JWTs from Stack Auth users\">\n    Create a server action that signs a Supabase JWT using the current Stack Auth user ID:\n\n    ```tsx utils/actions.ts\n    'use server';\n\n    import { stackServerApp } from \"@/stack/server\";\n    import * as jose from \"jose\";\n\n    export const getSupabaseJwt = async () => {\n      const user = await stackServerApp.getUser();\n\n      if (!user) {\n        return null;\n      }\n\n      const token = await new jose.SignJWT({\n        sub: user.id,\n        role: \"authenticated\",\n      })\n        .setProtectedHeader({ alg: \"HS256\" })\n        .setIssuedAt()\n        .setExpirationTime(\"1h\")\n        .sign(new TextEncoder().encode(process.env.SUPABASE_JWT_SECRET));\n\n      return token;\n    };\n    ```\n  </Step>\n\n  <Step title=\"Create a Supabase client that uses the Stack Auth JWT\">\n    Create a helper that passes the server-generated JWT to Supabase:\n\n    ```tsx utils/supabase-client.ts\n    import { createBrowserClient } from \"@supabase/ssr\";\n    import { getSupabaseJwt } from \"./actions\";\n\n    export const createSupabaseClient = () => {\n      return createBrowserClient(\n        process.env.NEXT_PUBLIC_SUPABASE_URL!,\n        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,\n        { accessToken: async () => await getSupabaseJwt() || \"\" },\n      );\n    };\n    ```\n  </Step>\n\n  <Step title=\"Fetch Supabase data\">\n    Use the Supabase client from your UI. The RLS policies will decide which rows the user can read based on the Stack Auth user ID embedded in the Supabase JWT.\n\n    ```tsx app/page.tsx\n    'use client';\n\n    import { createSupabaseClient } from \"@/utils/supabase-client\";\n    import { useStackApp, useUser } from \"@stackframe/stack\";\n    import Link from \"next/link\";\n    import { useEffect, useState } from \"react\";\n\n    export default function Page() {\n      const app = useStackApp();\n      const user = useUser();\n      const supabase = createSupabaseClient();\n      const [data, setData] = useState<null | any[]>(null);\n\n      useEffect(() => {\n        supabase.from(\"data\").select().then(({ data }) => setData(data ?? []));\n      }, []);\n\n      const listContent = data === null\n        ? <p>Loading...</p>\n        : data.length === 0\n          ? <p>No notes found</p>\n          : data.map((note) => <li key={note.id}>{note.text}</li>);\n\n      return (\n        <div>\n          {user ? (\n            <>\n              <p>You are signed in</p>\n              <p>User ID: {user.id}</p>\n              <Link href={app.urls.signOut}>Sign Out</Link>\n            </>\n          ) : (\n            <Link href={app.urls.signIn}>Sign In</Link>\n          )}\n          <h3>Supabase data</h3>\n          <ul>{listContent}</ul>\n        </div>\n      );\n    }\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## CLI Setup\n\nFollow these instructions to authenticate users in a command line application with Stack Auth.\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Add the CLI auth template\">\n    Download the Stack Auth CLI authentication template and place it in your project. For Python apps, copy it as `stack_auth_cli_template.py`.\n\n    Example project layout:\n\n    ```text\n    my-python-app/\n    ├─ main.py\n    └─ stack_auth_cli_template.py\n    ```\n  </Step>\n\n  <Step title=\"Prompt the user to log in\">\n    Import and call `prompt_cli_login`. It opens the browser, lets the user authenticate, and returns a refresh token.\n\n    ```py main.py\n    from stack_auth_cli_template import prompt_cli_login\n\n    refresh_token = prompt_cli_login(\n      app_url=\"https://your-app-url.example.com\",\n      project_id=\"your-project-id-here\",\n      publishable_client_key=\"your-publishable-client-key-here\",\n    )\n\n    if refresh_token is None:\n      print(\"User cancelled the login process. Exiting\")\n      exit(1)\n    ```\n\n    You can store the refresh token in a local file or keychain and only prompt the user again when no saved refresh token exists.\n  </Step>\n\n  <Step title=\"Exchange the refresh token for an access token\">\n    Use the refresh token with Stack Auth's REST API to get an access token.\n\n    ```py\n    def get_access_token(refresh_token):\n      access_token_response = stack_auth_request(\n        \"post\",\n        \"/api/v1/auth/sessions/current/refresh\",\n        headers={\n          \"x-stack-refresh-token\": refresh_token,\n        },\n      )\n\n      return access_token_response[\"access_token\"]\n    ```\n  </Step>\n\n  <Step title=\"Fetch the current user\">\n    Use the access token to call the Stack Auth REST API as the logged-in user.\n\n    ```py\n    def get_user_object(access_token):\n      return stack_auth_request(\n        \"get\",\n        \"/api/v1/users/me\",\n        headers={\n          \"x-stack-access-token\": access_token,\n        },\n      )\n\n    user = get_user_object(get_access_token(refresh_token))\n    print(\"The user is logged in as\", user[\"display_name\"] or user[\"primary_email\"])\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>";
+export const generatedSetupPromptText = "# Setting up Stack Auth\n\nThis prompt explains how to set up Stack Auth in your project.\n\nTo use it, you can use the sections below to set up Stack Auth in the project. For example, if you are setting up a Svelte project, you would follow the SDK setup instructions for a frontend JS project.\n\n## SDK Setup Instructions\n\nFollow these instructions in order to set up and get started with the Stack Auth SDK in various languages.\n\nNot all steps are applicable to every type of application; for example, React apps have some extra steps that are not needed with other frameworks.\n\nThe frameworks and languages with explicit SDK support are:\n\n- Next.js\n- React\n- TanStack Start\n- Other JS & TS (both frontend and backend)\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Install dependencies\">\n    Stack Auth has SDKs for various languages, frameworks, and libraries. Use the most specific package each, so, for example, even though a Next.js project uses both Next.js and React, use the Next.js package. If a programming language is not supported entirely, you may have to use the REST API to interface with Stack Auth.\n    \n    #### JavaScript & TypeScript\n    \n    For JS & TS, the following packages are available:\n    \n    - Next.js: `@stackframe/stack`\n    - React: `@stackframe/react`\n    - TanStack Start: `@stackframe/tanstack-start`\n    - Other & vanilla JS: `@stackframe/js`\n    \n    You can install the correct JavaScript Stack Auth SDK into your project by running the following command:\n\n      ```sh\n      npm i <the-sdk-from-above>\n      # or: pnpm i <the-sdk-from-above>\n      # or: yarn add <the-sdk-from-above>\n      # or: bun add <the-sdk-from-above>\n      ```\n  </Step>\n  \n  <Step title=\"Initializing the Stack App\">\n    Next, let us create the Stack App object for your project. This is the most important object in a Stack Auth project.\n\n    In a frontend where you cannot keep a secret key safe, you would use the `StackClientApp` constructor:\n    \n    ```ts src/stack/client.ts\n    import { StackClientApp } from \"<the-sdk-from-above>\";\n    \n    export const stackClientApp = new StackClientApp({\n      tokenStore: \"cookie\", // \"nextjs-cookie\" for Next.js, \"cookie\" for other web frontends, null for backend environments\n      urls: {\n        default: {\n          type: \"hosted\",\n        }\n      },\n    });\n    ```\n\n    In a backend where you can keep a secret key safe, you can use the `StackServerApp`, which provides access to more sensitive APIs compared to `StackClientApp`:\n    \n    ```ts src/stack/server.ts\n    import { StackServerApp } from \"<the-sdk-from-above>\";\n    \n    export const stackServerApp = new StackServerApp({\n      tokenStore: null,\n      urls: {\n        default: {\n          type: \"hosted\",\n        }\n      },\n    });\n    ```\n    \n    In frameworks that are both front- and backend, like Next.js, you can also create a `StackServerApp` from a `StackClientApp` object:\n    \n    ```ts src/stack/server.ts\n    import { StackServerApp } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./client\";\n    \n    export const stackServerApp = new StackServerApp({\n      inheritsFrom: stackClientApp,\n    });\n    ```\n    \n    Note that the secret server key should **never** be exposed to the client, as it can be used to read and write everything in your Stack Auth project. In web frontends or bundled applications, you should therefore always only ever create a `StackClientApp` object.\n  </Step>\n\n  <Step title=\"Setting up the project\">\n    It's now time to connect your code to a Stack Auth project.\n\n    You can either run Stack Auth's dev environment locally, or connect to a production project hosted in the cloud.\n\n    If you already use Stack Auth for your product, we recommend you re-use the same project to share your configuration between the two.\n\n    <AccordionGroup>\n      <Accordion title=\"Option 1: Running Stack Auth's dev environment (recommended)\" defaultOpen>\n        First, create a `stack.config.ts` configuration file in the root directory of the workspace (or anywhere else):\n\n        ```ts stack.config.ts\n        import type { StackConfig } from \"<the-sdk-from-above>\";\n\n        // default: show-onboarding, which shows the onboarding flow for this project when Stack Auth starts\n        export const config: StackConfig = \"show-onboarding\";\n        ```\n\n        To run your application with Stack Auth, you can then start the dev environment and set environment variables expected by your application. Stack Auth's CLI has a `dev` command does both of these, so let's install it as a dev dependency and wrap your existing `dev` script in your package.json:\n\n        ```sh\n        npm i -D @stackframe/stack-cli\n        # or: pnpm i -D @stackframe/stack-cli\n        # or: yarn add -D @stackframe/stack-cli\n        # or: bun add --dev @stackframe/stack-cli\n        ```\n\n        ```json package.json\n        {\n          // ...\n          \"scripts\": {\n            // ...\n            \"dev\": \"stack dev --config-file ./stack.config.ts -- npm run dev:without-stack-auth\",\n            \"dev:without-stack-auth\": \"<your-existing-dev-script>\"\n          }\n        }\n        ```\n      </Accordion>\n\n      <Accordion title=\"Option 2: Connecting to a production project hosted in the cloud\">\n        Note: If you're an AI agent, and you don't already have the information you need from the Cloud project, you may have to ask the user for help on this step. You can either ask them to provide the environment variables, or just leave them empty for now and ask the user to complete them at the end.\n\n        If you'd rather run your development environment on our infrastructure, or you already have an existing product, you can also connect a cloud project.\n\n        This process is slightly different depending on whether you're setting up a frontend or a backend (whether your app can keep a secret key safe or not).\n\n        #### Frontend\n\n        Go to your project's dashboard on [app.stack-auth.com](https://app.stack-auth.com) and get the project ID. You can find it in the URL after the `/projects/` part. Copy-paste it into your `.env.local` file (or wherever your environment variables are stored):\n\n        Some projects have the `requirePublishableClientKey` config option enabled. In that case, a publishable client key will also be necessary. However, this is extremely uncommon; for most projects this is not true, so don't ask the user for one unless you have confirmation that the publishable client key is required. If it's not required, the project ID is the only environment variable required to use Stack Auth on a client.\n        \n        ```.env .env.local\n        STACK_PROJECT_ID=<your-project-id>\n        ```\n\n        Alternatively, you can also just set the project ID in the `stack/client.ts` file:\n\n        ```ts src/stack/client.ts\n        export const stackClientApp = new StackClientApp({\n          // ...\n          projectId: \"your-project-id\",\n        });\n        ```\n\n\n        #### Backend (or both frontend and backend)\n\n        First, navigate to the [Project Keys](https://app.stack-auth.com/projects/-selector-/project-keys) page in the Stack Auth dashboard and generate a new set of keys.\n\n        Then, copy-paste them into your `.env.local` file (or wherever your environment variables are stored):\n\n        If the `requirePublishableClientKey` config option is enabled as described above, a publishable client key will also be necessary. Otherwise, these two are the only environment variables required to use Stack Auth on a server.\n        \n        ```.env .env.local\n        STACK_PROJECT_ID=<your-project-id>\n        STACK_SECRET_SERVER_KEY=<your-secret-server-key>\n        ```\n\n        They'll automatically be picked up by the `StackServerApp` constructor.\n      </Accordion>\n    </AccordionGroup>\n  </Step>\n\n  <Step title=\"React: Creating a <StackProvider /> and <StackTheme />\">\n    In React frameworks, Stack Auth provides `StackProvider` and `StackTheme` components that should wrap your entire app at the root level.\n  \n    For example, if you have an `App.tsx` file, update it as follows:\n    \n    ```tsx src/App.tsx\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./stack/client\";\n    \n    export default function App() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            {/* your app content */}\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    For Next.js specifically: You can do this in the `layout.tsx` file in the `app` directory:\n    \n    ```tsx src/app/layout.tsx\n    import { Suspense } from \"react\";\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackServerApp } from \"@/stack/server\";\n    \n    export default function RootLayout({ children }: { children: React.ReactNode }) {\n      return (\n        <StackProvider app={stackServerApp}>\n          <StackTheme>\n            {children}\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    For TanStack Start specifically: TanStack Start uses file-based routes. The provider goes inside the root route's `component` (the inner React tree), while the document shell stays in `shellComponent`. Update `src/routes/__root.tsx`:\n    \n    ```tsx src/routes/__root.tsx\n    import { StackProvider, StackTheme } from \"@stackframe/tanstack-start\";\n    import { createRootRoute, HeadContent, Outlet, Scripts } from \"@tanstack/react-router\";\n    import type { ReactNode } from \"react\";\n    import { stackClientApp } from \"../stack/client\";\n    \n    export const Route = createRootRoute({\n      shellComponent: RootDocument,\n      component: RootComponent,\n    });\n    \n    function RootDocument({ children }: { children: ReactNode }) {\n      return (\n        <html lang=\"en\" suppressHydrationWarning>\n          <head>\n            <HeadContent />\n          </head>\n          <body>\n            {children}\n            <Scripts />\n          </body>\n        </html>\n      );\n    }\n    \n    function RootComponent() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            <Outlet />\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n    \n    Do not edit `src/routeTree.gen.ts` — it is regenerated automatically by the TanStack Start router from the files under `src/routes/`.\n  </Step>\n  \n  <Step title=\"React: Add Suspense boundary\">\n    Stack Auth also provides additional `useXyz` React hooks for `getXyz`/`listXyz` functions. For example, `useUser` is like `getUser`, but as a suspending React hook.\n  \n    To support the suspension, you need to add a suspense boundary around your app.\n    \n    The easiest way to do this is to just wrap your entire app in a `Suspense` component:\n    \n    ```tsx src/App.tsx\n    import { Suspense } from \"react\";\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./stack/client\";\n    \n    export default function App() {\n      return (\n        <Suspense fallback={<div>Loading...</div>}>\n          <StackProvider app={stackClientApp}>\n            <StackTheme>\n              {/* your app content */}\n            </StackTheme>\n          </StackProvider>\n        </Suspense>\n      );\n    }\n    ```\n  \n    In Next.js, this can be easily done by adding a `loading.tsx` file in the `app` directory:\n    \n    ```tsx src/app/loading.tsx\n    export default function Loading() {\n      return <div>Loading...</div>;\n    }\n    ```\n  \n    In TanStack Start: wrap the `<Outlet />` in your root route with a `Suspense` boundary so the document shell can stream while child routes wait on Stack Auth. Update `RootComponent` in `src/routes/__root.tsx`:\n    \n    ```tsx src/routes/__root.tsx\n    import { Suspense } from \"react\";\n    // ...other imports...\n    \n    function RootComponent() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            <Suspense fallback={<div>Loading...</div>}>\n              <Outlet />\n            </Suspense>\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    Note: If you are an AI agent, make sure to make the loading indicator visually appealing and match the design of your app, instead of the example that just says \"Loading...\".\n  </Step>\n  \n  <Step title=\"TanStack Start: Add the Stack handler route\">\n    Stack Auth's auth flows (sign-in, sign-up, OAuth callbacks, password reset, etc.) are rendered by a single `StackHandler` component mounted at `/handler/*`. In TanStack Start, expose it as a splat file route at `src/routes/handler/$.tsx`:\n  \n    ```tsx src/routes/handler/$.tsx\n    import { StackHandler } from \"@stackframe/tanstack-start\";\n    import { createFileRoute, useLocation } from \"@tanstack/react-router\";\n  \n    export const Route = createFileRoute(\"/handler/$\")({\n      ssr: false,\n      component: HandlerPage,\n    });\n  \n    function HandlerPage() {\n      const { pathname } = useLocation();\n      return <StackHandler fullPage location={pathname} />;\n    }\n    ```\n  \n    Two TanStack-specific notes:\n  \n    - The route is opted out of SSR with `ssr: false`. The handler runs browser-only auth flows (cookies, redirects, popups), so rendering it on the server provides no benefit and can fight with hydration. Other routes can opt into or out of SSR per-route the same way.\n    - Stack Auth resolves the current user during SSR by reading TanStack Start's request cookies through `@stackframe/tanstack-start`'s server context. No extra wiring is required — `useUser()` \"just works\" on both server and client routes as long as `tokenStore: \"cookie\"` is set on `StackClientApp`.\n  </Step>\n\n  <Step title=\"Backend: Update callers with header & get user\">\n    You are now ready to use the Stack Auth SDK. If you have any frontends calling your backend endpoints, you may want to pass along the Stack Auth tokens in a header such that you can access the same user object on your backend.\n  \n    The most ergonomic way to do this is to pass the result of `stackClientApp.getAuthorizationHeader()` as the `Authorization` header into your backend endpoints when the user is signed in:\n  \n    ```ts\n    // NOTE: This is your frontend's code\n    const authorizationHeader = await stackClientApp.getAuthorizationHeader();\n    const response = await fetch(\"/my-backend-endpoint\", {\n      headers: {\n        ...(authorizationHeader ? { Authorization: authorizationHeader } : {}),\n      },\n    });\n    // ...\n    ```\n  \n    In most backend frameworks you can then access the user object by passing the request object as a `tokenStore` of the functions that access the user object:\n  \n    ```ts\n    // NOTE: This is your backend's code\n    const user = await stackServerApp.getUser({ tokenStore: request });\n    return new Response(\"Hello, \" + user.displayName, { headers: { \"Cache-Control\": \"private, no-store\" } });\n    ```\n  \n    This will work as long as `request` is an object that follows the shape `{ headers: Record<string, string | null> | { get: (name: string) => string | null } }`.\n  \n    <Note>\n      Make sure that HTTP caching is disabled with `Cache-Control: private, no-store` for authenticated backend endpoints.\n    </Note>\n  \n    If you cannot use `getAuthorizationHeader()`, for example because you are using a protocol other than HTTP, you can use `getAuthJson()` instead:\n  \n    ```ts\n    // Frontend:\n    await rpcCall(\"my-rpc-endpoint\", {\n      data: {\n        auth: await stackClientApp.getAuthJson(),\n      },\n    });\n  \n    // Backend:\n    const user = await stackServerApp.getUser({ tokenStore: data.auth });\n    return new RpcResponse(\"Hello, \" + user.displayName);\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## Convex Setup\n\nFollow these instructions to integrate Stack Auth with Convex.\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Create or identify the Convex app\">\n    If the project does not already use Convex, initialize a Convex + Next.js app:\n\n    ```sh\n    npm create convex@latest\n    ```\n\n    When prompted, choose **Next.js** and **No auth**. Stack Auth will provide auth.\n\n    During development, run the Convex backend and the app dev server:\n\n    ```sh\n    npx convex dev\n    npm run dev\n    ```\n  </Step>\n\n  <Step title=\"Install and configure Stack Auth\">\n    Install Stack Auth in the app. If you have not already completed the SDK setup steps above, run the setup wizard:\n\n    ```sh\n    npx @stackframe/stack-cli@latest init\n    ```\n\n    Create or select a Stack Auth project in the dashboard. Copy the Stack Auth environment variables into the app's `.env.local` file.\n\n    Also add the same Stack Auth environment variables to the Convex deployment environment in the Convex dashboard.\n  </Step>\n\n  <Step title=\"Configure Convex auth providers\">\n    Create or update `convex/auth.config.ts`:\n\n    ```ts convex/auth.config.ts\n    import { getConvexProvidersConfig } from \"@stackframe/js\";\n    // or: import { getConvexProvidersConfig } from \"@stackframe/react\";\n    // or: import { getConvexProvidersConfig } from \"@stackframe/stack\";\n\n    export default {\n      providers: getConvexProvidersConfig({\n        projectId: process.env.STACK_PROJECT_ID, // or process.env.NEXT_PUBLIC_STACK_PROJECT_ID\n      }),\n    };\n    ```\n  </Step>\n\n  <Step title=\"Connect Convex clients to Stack Auth\">\n    Update the Convex client setup so Convex receives Stack Auth tokens.\n\n    In browser JavaScript:\n\n    ```ts\n    convexClient.setAuth(stackClientApp.getConvexClientAuth({}));\n    ```\n\n    In React:\n\n    ```ts\n    convexReactClient.setAuth(stackClientApp.getConvexClientAuth({}));\n    ```\n\n    For Convex HTTP clients on the server, pass a request-like token store:\n\n    ```ts\n    convexHttpClient.setAuth(stackClientApp.getConvexHttpClientAuth({ tokenStore: requestObject }));\n    ```\n  </Step>\n\n  <Step title=\"Use Stack Auth user data in Convex functions\">\n    In Convex queries and mutations, use Stack Auth's Convex integration to read the current user.\n\n    ```ts convex/myFunctions.ts\n    import { query } from \"./_generated/server\";\n    import { stackServerApp } from \"../src/stack/server\";\n\n    export const myQuery = query({\n      handler: async (ctx, args) => {\n        const user = await stackServerApp.getPartialUser({ from: \"convex\", ctx });\n        return user;\n      },\n    });\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## Supabase Setup\n\n<Note>\n  This setup covers Supabase Row Level Security (RLS) with Stack Auth JWTs. It does not sync user data between Supabase and Stack Auth. Use Stack Auth webhooks if you need data sync.\n</Note>\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Create Supabase RLS policies\">\n    In the Supabase SQL editor, enable Row Level Security for your tables and write policies based on Supabase JWT claims.\n\n    For example, this sample table demonstrates public rows, authenticated rows, and user-owned rows:\n\n    ```sql\n    CREATE TABLE data (\n      id bigint PRIMARY KEY,\n      text text NOT NULL,\n      user_id UUID\n    );\n\n    INSERT INTO data (id, text, user_id) VALUES\n      (1, 'Everyone can see this', NULL),\n      (2, 'Only authenticated users can see this', NULL),\n      (3, 'Only user with specific id can see this', NULL);\n\n    ALTER TABLE data ENABLE ROW LEVEL SECURITY;\n\n    CREATE POLICY \"Public read\" ON \"public\".\"data\" TO public\n    USING (id = 1);\n\n    CREATE POLICY \"Authenticated access\" ON \"public\".\"data\" TO authenticated\n    USING (id = 2);\n\n    CREATE POLICY \"User access\" ON \"public\".\"data\" TO authenticated\n    USING (id = 3 AND auth.uid() = user_id);\n    ```\n  </Step>\n\n  <Step title=\"Install Stack Auth and Supabase dependencies\">\n    If you are starting from scratch with Next.js, you can use Supabase's template and then initialize Stack Auth:\n\n    ```sh\n    npx create-next-app@latest -e with-supabase stack-supabase\n    cd stack-supabase\n    npx @stackframe/stack-cli@latest init\n    ```\n\n    Add the Supabase environment variables to `.env.local`:\n\n    ```.env .env.local\n    NEXT_PUBLIC_SUPABASE_URL=<your-supabase-url>\n    NEXT_PUBLIC_SUPABASE_ANON_KEY=<your-supabase-anon-key>\n    SUPABASE_JWT_SECRET=<your-supabase-jwt-secret>\n    ```\n\n    Also add the Stack Auth environment variables:\n\n    ```.env .env.local\n    # The project ID is the only client-exposed Stack Auth variable; in Next.js it must\n    # be prefixed with NEXT_PUBLIC_. STACK_SECRET_SERVER_KEY is server-only and must\n    # NEVER be prefixed or exposed to the client.\n    NEXT_PUBLIC_STACK_PROJECT_ID=<your-stack-project-id>\n    STACK_SECRET_SERVER_KEY=<your-secret-server-key>\n    ```\n  </Step>\n\n  <Step title=\"Mint Supabase JWTs from Stack Auth users\">\n    Create a server action that signs a Supabase JWT using the current Stack Auth user ID:\n\n    ```tsx utils/actions.ts\n    'use server';\n\n    import { stackServerApp } from \"@/stack/server\";\n    import * as jose from \"jose\";\n\n    export const getSupabaseJwt = async () => {\n      const user = await stackServerApp.getUser();\n\n      if (!user) {\n        return null;\n      }\n\n      const token = await new jose.SignJWT({\n        sub: user.id,\n        role: \"authenticated\",\n      })\n        .setProtectedHeader({ alg: \"HS256\" })\n        .setIssuedAt()\n        .setExpirationTime(\"1h\")\n        .sign(new TextEncoder().encode(process.env.SUPABASE_JWT_SECRET));\n\n      return token;\n    };\n    ```\n  </Step>\n\n  <Step title=\"Create a Supabase client that uses the Stack Auth JWT\">\n    Create a helper that passes the server-generated JWT to Supabase:\n\n    ```tsx utils/supabase-client.ts\n    import { createBrowserClient } from \"@supabase/ssr\";\n    import { getSupabaseJwt } from \"./actions\";\n\n    export const createSupabaseClient = () => {\n      return createBrowserClient(\n        process.env.NEXT_PUBLIC_SUPABASE_URL!,\n        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,\n        { accessToken: async () => await getSupabaseJwt() || \"\" },\n      );\n    };\n    ```\n  </Step>\n\n  <Step title=\"Fetch Supabase data\">\n    Use the Supabase client from your UI. The RLS policies will decide which rows the user can read based on the Stack Auth user ID embedded in the Supabase JWT.\n\n    ```tsx app/page.tsx\n    'use client';\n\n    import { createSupabaseClient } from \"@/utils/supabase-client\";\n    import { useStackApp, useUser } from \"@stackframe/stack\";\n    import Link from \"next/link\";\n    import { useEffect, useState } from \"react\";\n\n    export default function Page() {\n      const app = useStackApp();\n      const user = useUser();\n      const supabase = createSupabaseClient();\n      const [data, setData] = useState<null | any[]>(null);\n\n      useEffect(() => {\n        supabase.from(\"data\").select().then(({ data }) => setData(data ?? []));\n      }, []);\n\n      const listContent = data === null\n        ? <p>Loading...</p>\n        : data.length === 0\n          ? <p>No notes found</p>\n          : data.map((note) => <li key={note.id}>{note.text}</li>);\n\n      return (\n        <div>\n          {user ? (\n            <>\n              <p>You are signed in</p>\n              <p>User ID: {user.id}</p>\n              <Link href={app.urls.signOut}>Sign Out</Link>\n            </>\n          ) : (\n            <Link href={app.urls.signIn}>Sign In</Link>\n          )}\n          <h3>Supabase data</h3>\n          <ul>{listContent}</ul>\n        </div>\n      );\n    }\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## CLI Setup\n\nFollow these instructions to authenticate users in a command line application with Stack Auth.\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Add the CLI auth template\">\n    Download the Stack Auth CLI authentication template and place it in your project. For Python apps, copy it as `stack_auth_cli_template.py`.\n\n    Example project layout:\n\n    ```text\n    my-python-app/\n    ├─ main.py\n    └─ stack_auth_cli_template.py\n    ```\n  </Step>\n\n  <Step title=\"Prompt the user to log in\">\n    Import and call `prompt_cli_login`. It opens the browser, lets the user authenticate, and returns a refresh token.\n\n    ```py main.py\n    from stack_auth_cli_template import prompt_cli_login\n\n    refresh_token = prompt_cli_login(\n      app_url=\"https://your-app-url.example.com\",\n      project_id=\"your-project-id-here\",\n      publishable_client_key=\"your-publishable-client-key-here\",\n    )\n\n    if refresh_token is None:\n      print(\"User cancelled the login process. Exiting\")\n      exit(1)\n    ```\n\n    You can store the refresh token in a local file or keychain and only prompt the user again when no saved refresh token exists.\n  </Step>\n\n  <Step title=\"Exchange the refresh token for an access token\">\n    Use the refresh token with Stack Auth's REST API to get an access token.\n\n    ```py\n    def get_access_token(refresh_token):\n      access_token_response = stack_auth_request(\n        \"post\",\n        \"/api/v1/auth/sessions/current/refresh\",\n        headers={\n          \"x-stack-refresh-token\": refresh_token,\n        },\n      )\n\n      return access_token_response[\"access_token\"]\n    ```\n  </Step>\n\n  <Step title=\"Fetch the current user\">\n    Use the access token to call the Stack Auth REST API as the logged-in user.\n\n    ```py\n    def get_user_object(access_token):\n      return stack_auth_request(\n        \"get\",\n        \"/api/v1/users/me\",\n        headers={\n          \"x-stack-access-token\": access_token,\n        },\n      )\n\n    user = get_user_object(get_access_token(refresh_token))\n    print(\"The user is logged in as\", user[\"display_name\"] or user[\"primary_email\"])\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>";
 export const setupToolIds = ["nextjs","react","js","tanstack-start","tanstack-query","nodejs","bun","convex","supabase","cli"];
 export const setupTabMetadata = [{"toolId":"nextjs","title":"Next.js"},{"toolId":"react","title":"React"},{"toolId":"js","title":"JS/TS"},{"toolId":"tanstack-start","title":"Tanstack Start"},{"toolId":"nodejs","title":"Node.js"},{"toolId":"bun","title":"Bun"},{"toolId":"convex","title":"Convex"},{"toolId":"supabase","title":"Supabase"},{"toolId":"cli","title":"CLI"}];
 export const unifiedAiPromptTabTitle = "Unified AI Prompt";
diff --git a/docs-mintlify/snippets/home-prompt-island.jsx b/docs-mintlify/snippets/home-prompt-island.jsx
index 3a40f53543..2a9e6c158a 100644
--- a/docs-mintlify/snippets/home-prompt-island.jsx
+++ b/docs-mintlify/snippets/home-prompt-island.jsx
@@ -1,6 +1,6 @@
 // This file is auto-generated by scripts/generate-setup-prompt-docs.ts. Do not edit it manually; edit packages/stack-shared/src/ai/prompts.ts instead.
 
-export const generatedSetupPromptText = "# Setting up Stack Auth\n\nThis prompt explains how to set up Stack Auth in your project.\n\nTo use it, you can use the sections below to set up Stack Auth in the project. For example, if you are setting up a Svelte project, you would follow the SDK setup instructions for a frontend JS project.\n\n## SDK Setup Instructions\n\nFollow these instructions in order to set up and get started with the Stack Auth SDK in various languages.\n\nNot all steps are applicable to every type of application; for example, React apps have some extra steps that are not needed with other frameworks.\n\nThe frameworks and languages with explicit SDK support are:\n\n- Next.js\n- React\n- TanStack Start\n- Other JS & TS (both frontend and backend)\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Install dependencies\">\n    Stack Auth has SDKs for various languages, frameworks, and libraries. Use the most specific package each, so, for example, even though a Next.js project uses both Next.js and React, use the Next.js package. If a programming language is not supported entirely, you may have to use the REST API to interface with Stack Auth.\n    \n    #### JavaScript & TypeScript\n    \n    For JS & TS, the following packages are available:\n    \n    - Next.js: `@stackframe/stack`\n    - React: `@stackframe/react`\n    - TanStack Start: `@stackframe/tanstack-start`\n    - Other & vanilla JS: `@stackframe/js`\n    \n    You can install the correct JavaScript Stack Auth SDK into your project by running the following command:\n\n      ```sh\n      npm i <the-sdk-from-above>\n      # or: pnpm i <the-sdk-from-above>\n      # or: yarn add <the-sdk-from-above>\n      # or: bun add <the-sdk-from-above>\n      ```\n  </Step>\n  \n  <Step title=\"Initializing the Stack App\">\n    Next, let us create the Stack App object for your project. This is the most important object in a Stack Auth project.\n\n    In a frontend where you cannot keep a secret key safe, you would use the `StackClientApp` constructor:\n    \n    ```ts src/stack/client.ts\n    import { StackClientApp } from \"<the-sdk-from-above>\";\n    \n    export const stackClientApp = new StackClientApp({\n      tokenStore: \"cookie\", // \"nextjs-cookie\" for Next.js, \"cookie\" for other web frontends, null for backend environments\n      urls: {\n        default: {\n          type: \"hosted\",\n        }\n      },\n    });\n    ```\n\n    In a backend where you can keep a secret key safe, you can use the `StackServerApp`, which provides access to more sensitive APIs compared to `StackClientApp`:\n    \n    ```ts src/stack/server.ts\n    import { StackServerApp } from \"<the-sdk-from-above>\";\n    \n    export const stackServerApp = new StackServerApp({\n      tokenStore: null,\n      urls: {\n        default: {\n          type: \"hosted\",\n        }\n      },\n    });\n    ```\n    \n    In frameworks that are both front- and backend, like Next.js, you can also create a `StackServerApp` from a `StackClientApp` object:\n    \n    ```ts src/stack/server.ts\n    import { StackServerApp } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./client\";\n    \n    export const stackServerApp = new StackServerApp({\n      inheritsFrom: stackClientApp,\n    });\n    ```\n    \n    Note that the secret server key should **never** be exposed to the client, as it can be used to read and write everything in your Stack Auth project. In web frontends or bundled applications, you should therefore always only ever create a `StackClientApp` object.\n  </Step>\n\n  <Step title=\"Setting up the project\">\n    It's now time to connect your code to a Stack Auth project.\n\n    You can either run Stack Auth's dev environment locally, or connect to a production project hosted in the cloud.\n\n    If you already use Stack Auth for your product, we recommend you re-use the same project to share your configuration between the two.\n\n    <AccordionGroup>\n      <Accordion title=\"Option 1: Running Stack Auth's dev environment (recommended)\" defaultOpen>\n        First, create a `stack.config.ts` configuration file in the root directory of the workspace (or anywhere else):\n\n        ```ts stack.config.ts\n        import type { StackConfig } from \"<the-sdk-from-above>\";\n\n        // default: show-onboarding, which shows the onboarding flow for this project when Stack Auth starts\n        export const config: StackConfig = \"show-onboarding\";\n        ```\n\n        To run your application with Stack Auth, you can then start the dev environment and set environment variables expected by your application. Stack Auth's CLI has a `dev` command does both of these, so let's install it as a dev dependency and wrap your existing `dev` script in your package.json:\n\n        ```sh\n        npm i -D @stackframe/stack-cli\n        # or: pnpm i -D @stackframe/stack-cli\n        # or: yarn add -D @stackframe/stack-cli\n        # or: bun add --dev @stackframe/stack-cli\n        ```\n\n        ```json package.json\n        {\n          // ...\n          \"scripts\": {\n            // ...\n            \"dev\": \"stack dev --config-file ./stack.config.ts -- npm run dev:without-stack-auth\",\n            \"dev:without-stack-auth\": \"<your-existing-dev-script>\"\n          }\n        }\n        ```\n      </Accordion>\n\n      <Accordion title=\"Option 2: Connecting to a production project hosted in the cloud\">\n        Note: If you're an AI agent, and you don't already have the information you need from the Cloud project, you may have to ask the user for help on this step. You can either ask them to provide the environment variables, or just leave them empty for now and ask the user to complete them at the end.\n\n        If you'd rather run your development environment on our infrastructure, or you already have an existing product, you can also connect a cloud project.\n\n        This process is slightly different depending on whether you're setting up a frontend or a backend (whether your app can keep a secret key safe or not).\n\n        #### Frontend\n\n        Go to your project's dashboard on [app.stack-auth.com](https://app.stack-auth.com) and get the project ID. You can find it in the URL after the `/projects/` part. Copy-paste it into your `.env.local` file (or wherever your environment variables are stored):\n\n        Some projects have the `requirePublishableClientKey` config option enabled. In that case, a publishable client key will also be necessary. However, this is extremely uncommon; for most projects this is not true, so don't ask the user for one unless you have confirmation that the publishable client key is required. If it's not required, the project ID is the only environment variable required to use Stack Auth on a client.\n        \n        ```.env .env.local\n        STACK_PROJECT_ID=<your-project-id>\n        ```\n\n        Alternatively, you can also just set the project ID in the `stack/client.ts` file:\n\n        ```ts src/stack/client.ts\n        export const stackClientApp = new StackClientApp({\n          // ...\n          projectId: \"your-project-id\",\n        });\n        ```\n\n\n        #### Backend (or both frontend and backend)\n\n        First, navigate to the [Project Keys](https://app.stack-auth.com/projects/-selector-/project-keys) page in the Stack Auth dashboard and generate a new set of keys.\n\n        Then, copy-paste them into your `.env.local` file (or wherever your environment variables are stored):\n\n        If the `requirePublishableClientKey` config option is enabled as described above, a publishable client key will also be necessary. Otherwise, these two are the only environment variables required to use Stack Auth on a server.\n        \n        ```.env .env.local\n        STACK_PROJECT_ID=<your-project-id>\n        STACK_SECRET_SERVER_KEY=<your-secret-server-key>\n        ```\n\n        They'll automatically be picked up by the `StackServerApp` constructor.\n      </Accordion>\n    </AccordionGroup>\n  </Step>\n\n  <Step title=\"React: Creating a <StackProvider /> and <StackTheme />\">\n    In React frameworks, Stack Auth provides `StackProvider` and `StackTheme` components that should wrap your entire app at the root level.\n  \n    For example, if you have an `App.tsx` file, update it as follows:\n    \n    ```tsx src/App.tsx\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./stack/client\";\n    \n    export default function App() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            {/* your app content */}\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    For Next.js specifically: You can do this in the `layout.tsx` file in the `app` directory:\n    \n    ```tsx src/app/layout.tsx\n    import { Suspense } from \"react\";\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackServerApp } from \"@/stack/server\";\n    \n    export default function RootLayout({ children }: { children: React.ReactNode }) {\n      return (\n        <StackProvider app={stackServerApp}>\n          <StackTheme>\n            {children}\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    For TanStack Start specifically: TanStack Start uses file-based routes. The provider goes inside the root route's `component` (the inner React tree), while the document shell stays in `shellComponent`. Update `src/routes/__root.tsx`:\n    \n    ```tsx src/routes/__root.tsx\n    import { StackProvider, StackTheme } from \"@stackframe/tanstack-start\";\n    import { createRootRoute, HeadContent, Outlet, Scripts } from \"@tanstack/react-router\";\n    import type { ReactNode } from \"react\";\n    import { stackClientApp } from \"../stack/client\";\n    \n    export const Route = createRootRoute({\n      shellComponent: RootDocument,\n      component: RootComponent,\n    });\n    \n    function RootDocument({ children }: { children: ReactNode }) {\n      return (\n        <html lang=\"en\" suppressHydrationWarning>\n          <head>\n            <HeadContent />\n          </head>\n          <body>\n            {children}\n            <Scripts />\n          </body>\n        </html>\n      );\n    }\n    \n    function RootComponent() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            <Outlet />\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n    \n    Do not edit `src/routeTree.gen.ts` — it is regenerated automatically by the TanStack Start router from the files under `src/routes/`.\n  </Step>\n  \n  <Step title=\"React: Add Suspense boundary\">\n    Stack Auth also provides additional `useXyz` React hooks for `getXyz`/`listXyz` functions. For example, `useUser` is like `getUser`, but as a suspending React hook.\n  \n    To support the suspension, you need to add a suspense boundary around your app.\n    \n    The easiest way to do this is to just wrap your entire app in a `Suspense` component:\n    \n    ```tsx src/App.tsx\n    import { Suspense } from \"react\";\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./stack/client\";\n    \n    export default function App() {\n      return (\n        <Suspense fallback={<div>Loading...</div>}>\n          <StackProvider app={stackClientApp}>\n            <StackTheme>\n              {/* your app content */}\n            </StackTheme>\n          </StackProvider>\n        </Suspense>\n      );\n    }\n    ```\n  \n    In Next.js, this can be easily done by adding a `loading.tsx` file in the `app` directory:\n    \n    ```tsx src/app/loading.tsx\n    export default function Loading() {\n      return <div>Loading...</div>;\n    }\n    ```\n  \n    In TanStack Start: wrap the `<Outlet />` in your root route with a `Suspense` boundary so the document shell can stream while child routes wait on Stack Auth. Update `RootComponent` in `src/routes/__root.tsx`:\n    \n    ```tsx src/routes/__root.tsx\n    import { Suspense } from \"react\";\n    // ...other imports...\n    \n    function RootComponent() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            <Suspense fallback={<div>Loading...</div>}>\n              <Outlet />\n            </Suspense>\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    Note: If you are an AI agent, make sure to make the loading indicator visually appealing and match the design of your app, instead of the example that just says \"Loading...\".\n  </Step>\n  \n  <Step title=\"TanStack Start: Add the Stack handler route\">\n    Stack Auth's auth flows (sign-in, sign-up, OAuth callbacks, password reset, etc.) are rendered by a single `StackHandler` component mounted at `/handler/*`. In TanStack Start, expose it as a splat file route at `src/routes/handler/$.tsx`:\n  \n    ```tsx src/routes/handler/$.tsx\n    import { StackHandler } from \"@stackframe/tanstack-start\";\n    import { createFileRoute, useLocation } from \"@tanstack/react-router\";\n  \n    export const Route = createFileRoute(\"/handler/$\")({\n      ssr: false,\n      component: HandlerPage,\n    });\n  \n    function HandlerPage() {\n      const { pathname } = useLocation();\n      return <StackHandler fullPage location={pathname} />;\n    }\n    ```\n  \n    Two TanStack-specific notes:\n  \n    - The route is opted out of SSR with `ssr: false`. The handler runs browser-only auth flows (cookies, redirects, popups), so rendering it on the server provides no benefit and can fight with hydration. Other routes can opt into or out of SSR per-route the same way.\n    - Stack Auth resolves the current user during SSR by reading TanStack Start's request cookies through `@stackframe/tanstack-start`'s server context. No extra wiring is required — `useUser()` \"just works\" on both server and client routes as long as `tokenStore: \"cookie\"` is set on `StackClientApp`.\n  </Step>\n\n  <Step title=\"Backend: Update callers with header & get user\">\n    You are now ready to use the Stack Auth SDK. If you have any frontends calling your backend endpoints, you may want to pass along the Stack Auth tokens in a header such that you can access the same user object on your backend.\n  \n    The most ergonomic way to do this is to pass the result of `stackClientApp.getAuthorizationHeader()` as the `Authorization` header into your backend endpoints when the user is signed in:\n  \n    ```ts\n    // NOTE: This is your frontend's code\n    const authorizationHeader = await stackClientApp.getAuthorizationHeader();\n    const response = await fetch(\"/my-backend-endpoint\", {\n      headers: {\n        ...(authorizationHeader ? { Authorization: authorizationHeader } : {}),\n      },\n    });\n    // ...\n    ```\n  \n    In most backend frameworks you can then access the user object by passing the request object as a `tokenStore` of the functions that access the user object:\n  \n    ```ts\n    // NOTE: This is your backend's code\n    const user = await stackServerApp.getUser({ tokenStore: request });\n    return new Response(\"Hello, \" + user.displayName, { headers: { \"Cache-Control\": \"private, no-store\" } });\n    ```\n  \n    This will work as long as `request` is an object that follows the shape `{ headers: Record<string, string | null> | { get: (name: string) => string | null } }`.\n  \n    <Note>\n      Make sure that HTTP caching is disabled with `Cache-Control: private, no-store` for authenticated backend endpoints.\n    </Note>\n  \n    If you cannot use `getAuthorizationHeader()`, for example because you are using a protocol other than HTTP, you can use `getAuthJson()` instead:\n  \n    ```ts\n    // Frontend:\n    await rpcCall(\"my-rpc-endpoint\", {\n      data: {\n        auth: await stackClientApp.getAuthJson(),\n      },\n    });\n  \n    // Backend:\n    const user = await stackServerApp.getUser({ tokenStore: data.auth });\n    return new RpcResponse(\"Hello, \" + user.displayName);\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## MCP Setup\n\n<Note>\n  This prompt is not yet implemented.\n</Note>\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Install dependencies\">\n    Install the MCP package:\n  </Step>\n  <Step title=\"Done!\" />\n</Steps>\n\n## Convex Setup\n\nFollow these instructions to integrate Stack Auth with Convex.\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Create or identify the Convex app\">\n    If the project does not already use Convex, initialize a Convex + Next.js app:\n\n    ```sh\n    npm create convex@latest\n    ```\n\n    When prompted, choose **Next.js** and **No auth**. Stack Auth will provide auth.\n\n    During development, run the Convex backend and the app dev server:\n\n    ```sh\n    npx convex dev\n    npm run dev\n    ```\n  </Step>\n\n  <Step title=\"Install and configure Stack Auth\">\n    Install Stack Auth in the app. If you have not already completed the SDK setup steps above, run the setup wizard:\n\n    ```sh\n    npx @stackframe/stack-cli@latest init\n    ```\n\n    Create or select a Stack Auth project in the dashboard. Copy the Stack Auth environment variables into the app's `.env.local` file.\n\n    Also add the same Stack Auth environment variables to the Convex deployment environment in the Convex dashboard.\n  </Step>\n\n  <Step title=\"Configure Convex auth providers\">\n    Create or update `convex/auth.config.ts`:\n\n    ```ts convex/auth.config.ts\n    import { getConvexProvidersConfig } from \"@stackframe/js\";\n    // or: import { getConvexProvidersConfig } from \"@stackframe/react\";\n    // or: import { getConvexProvidersConfig } from \"@stackframe/stack\";\n\n    export default {\n      providers: getConvexProvidersConfig({\n        projectId: process.env.STACK_PROJECT_ID, // or process.env.NEXT_PUBLIC_STACK_PROJECT_ID\n      }),\n    };\n    ```\n  </Step>\n\n  <Step title=\"Connect Convex clients to Stack Auth\">\n    Update the Convex client setup so Convex receives Stack Auth tokens.\n\n    In browser JavaScript:\n\n    ```ts\n    convexClient.setAuth(stackClientApp.getConvexClientAuth({}));\n    ```\n\n    In React:\n\n    ```ts\n    convexReactClient.setAuth(stackClientApp.getConvexClientAuth({}));\n    ```\n\n    For Convex HTTP clients on the server, pass a request-like token store:\n\n    ```ts\n    convexHttpClient.setAuth(stackClientApp.getConvexHttpClientAuth({ tokenStore: requestObject }));\n    ```\n  </Step>\n\n  <Step title=\"Use Stack Auth user data in Convex functions\">\n    In Convex queries and mutations, use Stack Auth's Convex integration to read the current user.\n\n    ```ts convex/myFunctions.ts\n    import { query } from \"./_generated/server\";\n    import { stackServerApp } from \"../src/stack/server\";\n\n    export const myQuery = query({\n      handler: async (ctx, args) => {\n        const user = await stackServerApp.getPartialUser({ from: \"convex\", ctx });\n        return user;\n      },\n    });\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## Supabase Setup\n\n<Note>\n  This setup covers Supabase Row Level Security (RLS) with Stack Auth JWTs. It does not sync user data between Supabase and Stack Auth. Use Stack Auth webhooks if you need data sync.\n</Note>\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Create Supabase RLS policies\">\n    In the Supabase SQL editor, enable Row Level Security for your tables and write policies based on Supabase JWT claims.\n\n    For example, this sample table demonstrates public rows, authenticated rows, and user-owned rows:\n\n    ```sql\n    CREATE TABLE data (\n      id bigint PRIMARY KEY,\n      text text NOT NULL,\n      user_id UUID\n    );\n\n    INSERT INTO data (id, text, user_id) VALUES\n      (1, 'Everyone can see this', NULL),\n      (2, 'Only authenticated users can see this', NULL),\n      (3, 'Only user with specific id can see this', NULL);\n\n    ALTER TABLE data ENABLE ROW LEVEL SECURITY;\n\n    CREATE POLICY \"Public read\" ON \"public\".\"data\" TO public\n    USING (id = 1);\n\n    CREATE POLICY \"Authenticated access\" ON \"public\".\"data\" TO authenticated\n    USING (id = 2);\n\n    CREATE POLICY \"User access\" ON \"public\".\"data\" TO authenticated\n    USING (id = 3 AND auth.uid() = user_id);\n    ```\n  </Step>\n\n  <Step title=\"Install Stack Auth and Supabase dependencies\">\n    If you are starting from scratch with Next.js, you can use Supabase's template and then initialize Stack Auth:\n\n    ```sh\n    npx create-next-app@latest -e with-supabase stack-supabase\n    cd stack-supabase\n    npx @stackframe/stack-cli@latest init\n    ```\n\n    Add the Supabase environment variables to `.env.local`:\n\n    ```.env .env.local\n    NEXT_PUBLIC_SUPABASE_URL=<your-supabase-url>\n    NEXT_PUBLIC_SUPABASE_ANON_KEY=<your-supabase-anon-key>\n    SUPABASE_JWT_SECRET=<your-supabase-jwt-secret>\n    ```\n\n    Also add the Stack Auth environment variables:\n\n    ```.env .env.local\n    # The project ID is the only client-exposed Stack Auth variable; in Next.js it must\n    # be prefixed with NEXT_PUBLIC_. STACK_SECRET_SERVER_KEY is server-only and must\n    # NEVER be prefixed or exposed to the client.\n    NEXT_PUBLIC_STACK_PROJECT_ID=<your-stack-project-id>\n    STACK_SECRET_SERVER_KEY=<your-secret-server-key>\n    ```\n  </Step>\n\n  <Step title=\"Mint Supabase JWTs from Stack Auth users\">\n    Create a server action that signs a Supabase JWT using the current Stack Auth user ID:\n\n    ```tsx utils/actions.ts\n    'use server';\n\n    import { stackServerApp } from \"@/stack/server\";\n    import * as jose from \"jose\";\n\n    export const getSupabaseJwt = async () => {\n      const user = await stackServerApp.getUser();\n\n      if (!user) {\n        return null;\n      }\n\n      const token = await new jose.SignJWT({\n        sub: user.id,\n        role: \"authenticated\",\n      })\n        .setProtectedHeader({ alg: \"HS256\" })\n        .setIssuedAt()\n        .setExpirationTime(\"1h\")\n        .sign(new TextEncoder().encode(process.env.SUPABASE_JWT_SECRET));\n\n      return token;\n    };\n    ```\n  </Step>\n\n  <Step title=\"Create a Supabase client that uses the Stack Auth JWT\">\n    Create a helper that passes the server-generated JWT to Supabase:\n\n    ```tsx utils/supabase-client.ts\n    import { createBrowserClient } from \"@supabase/ssr\";\n    import { getSupabaseJwt } from \"./actions\";\n\n    export const createSupabaseClient = () => {\n      return createBrowserClient(\n        process.env.NEXT_PUBLIC_SUPABASE_URL!,\n        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,\n        { accessToken: async () => await getSupabaseJwt() || \"\" },\n      );\n    };\n    ```\n  </Step>\n\n  <Step title=\"Fetch Supabase data\">\n    Use the Supabase client from your UI. The RLS policies will decide which rows the user can read based on the Stack Auth user ID embedded in the Supabase JWT.\n\n    ```tsx app/page.tsx\n    'use client';\n\n    import { createSupabaseClient } from \"@/utils/supabase-client\";\n    import { useStackApp, useUser } from \"@stackframe/stack\";\n    import Link from \"next/link\";\n    import { useEffect, useState } from \"react\";\n\n    export default function Page() {\n      const app = useStackApp();\n      const user = useUser();\n      const supabase = createSupabaseClient();\n      const [data, setData] = useState<null | any[]>(null);\n\n      useEffect(() => {\n        supabase.from(\"data\").select().then(({ data }) => setData(data ?? []));\n      }, []);\n\n      const listContent = data === null\n        ? <p>Loading...</p>\n        : data.length === 0\n          ? <p>No notes found</p>\n          : data.map((note) => <li key={note.id}>{note.text}</li>);\n\n      return (\n        <div>\n          {user ? (\n            <>\n              <p>You are signed in</p>\n              <p>User ID: {user.id}</p>\n              <Link href={app.urls.signOut}>Sign Out</Link>\n            </>\n          ) : (\n            <Link href={app.urls.signIn}>Sign In</Link>\n          )}\n          <h3>Supabase data</h3>\n          <ul>{listContent}</ul>\n        </div>\n      );\n    }\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## CLI Setup\n\nFollow these instructions to authenticate users in a command line application with Stack Auth.\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Add the CLI auth template\">\n    Download the Stack Auth CLI authentication template and place it in your project. For Python apps, copy it as `stack_auth_cli_template.py`.\n\n    Example project layout:\n\n    ```text\n    my-python-app/\n    ├─ main.py\n    └─ stack_auth_cli_template.py\n    ```\n  </Step>\n\n  <Step title=\"Prompt the user to log in\">\n    Import and call `prompt_cli_login`. It opens the browser, lets the user authenticate, and returns a refresh token.\n\n    ```py main.py\n    from stack_auth_cli_template import prompt_cli_login\n\n    refresh_token = prompt_cli_login(\n      app_url=\"https://your-app-url.example.com\",\n      project_id=\"your-project-id-here\",\n      publishable_client_key=\"your-publishable-client-key-here\",\n    )\n\n    if refresh_token is None:\n      print(\"User cancelled the login process. Exiting\")\n      exit(1)\n    ```\n\n    You can store the refresh token in a local file or keychain and only prompt the user again when no saved refresh token exists.\n  </Step>\n\n  <Step title=\"Exchange the refresh token for an access token\">\n    Use the refresh token with Stack Auth's REST API to get an access token.\n\n    ```py\n    def get_access_token(refresh_token):\n      access_token_response = stack_auth_request(\n        \"post\",\n        \"/api/v1/auth/sessions/current/refresh\",\n        headers={\n          \"x-stack-refresh-token\": refresh_token,\n        },\n      )\n\n      return access_token_response[\"access_token\"]\n    ```\n  </Step>\n\n  <Step title=\"Fetch the current user\">\n    Use the access token to call the Stack Auth REST API as the logged-in user.\n\n    ```py\n    def get_user_object(access_token):\n      return stack_auth_request(\n        \"get\",\n        \"/api/v1/users/me\",\n        headers={\n          \"x-stack-access-token\": access_token,\n        },\n      )\n\n    user = get_user_object(get_access_token(refresh_token))\n    print(\"The user is logged in as\", user[\"display_name\"] or user[\"primary_email\"])\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>";
+export const generatedSetupPromptText = "# Setting up Stack Auth\n\nThis prompt explains how to set up Stack Auth in your project.\n\nTo use it, you can use the sections below to set up Stack Auth in the project. For example, if you are setting up a Svelte project, you would follow the SDK setup instructions for a frontend JS project.\n\n## SDK Setup Instructions\n\nFollow these instructions in order to set up and get started with the Stack Auth SDK in various languages.\n\nNot all steps are applicable to every type of application; for example, React apps have some extra steps that are not needed with other frameworks.\n\nThe frameworks and languages with explicit SDK support are:\n\n- Next.js\n- React\n- TanStack Start\n- Other JS & TS (both frontend and backend)\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Install dependencies\">\n    Stack Auth has SDKs for various languages, frameworks, and libraries. Use the most specific package each, so, for example, even though a Next.js project uses both Next.js and React, use the Next.js package. If a programming language is not supported entirely, you may have to use the REST API to interface with Stack Auth.\n    \n    #### JavaScript & TypeScript\n    \n    For JS & TS, the following packages are available:\n    \n    - Next.js: `@stackframe/stack`\n    - React: `@stackframe/react`\n    - TanStack Start: `@stackframe/tanstack-start`\n    - Other & vanilla JS: `@stackframe/js`\n    \n    You can install the correct JavaScript Stack Auth SDK into your project by running the following command:\n\n      ```sh\n      npm i <the-sdk-from-above>\n      # or: pnpm i <the-sdk-from-above>\n      # or: yarn add <the-sdk-from-above>\n      # or: bun add <the-sdk-from-above>\n      ```\n  </Step>\n  \n  <Step title=\"Initializing the Stack App\">\n    Next, let us create the Stack App object for your project. This is the most important object in a Stack Auth project.\n\n    In a frontend where you cannot keep a secret key safe, you would use the `StackClientApp` constructor:\n    \n    ```ts src/stack/client.ts\n    import { StackClientApp } from \"<the-sdk-from-above>\";\n    \n    export const stackClientApp = new StackClientApp({\n      tokenStore: \"cookie\", // \"nextjs-cookie\" for Next.js, \"cookie\" for other web frontends, null for backend environments\n      urls: {\n        default: {\n          type: \"hosted\",\n        }\n      },\n    });\n    ```\n\n    In a backend where you can keep a secret key safe, you can use the `StackServerApp`, which provides access to more sensitive APIs compared to `StackClientApp`:\n    \n    ```ts src/stack/server.ts\n    import { StackServerApp } from \"<the-sdk-from-above>\";\n    \n    export const stackServerApp = new StackServerApp({\n      tokenStore: null,\n      urls: {\n        default: {\n          type: \"hosted\",\n        }\n      },\n    });\n    ```\n    \n    In frameworks that are both front- and backend, like Next.js, you can also create a `StackServerApp` from a `StackClientApp` object:\n    \n    ```ts src/stack/server.ts\n    import { StackServerApp } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./client\";\n    \n    export const stackServerApp = new StackServerApp({\n      inheritsFrom: stackClientApp,\n    });\n    ```\n    \n    Note that the secret server key should **never** be exposed to the client, as it can be used to read and write everything in your Stack Auth project. In web frontends or bundled applications, you should therefore always only ever create a `StackClientApp` object.\n  </Step>\n\n  <Step title=\"Setting up the project\">\n    It's now time to connect your code to a Stack Auth project.\n\n    You can either run Stack Auth's dev environment locally, or connect to a production project hosted in the cloud.\n\n    If you already use Stack Auth for your product, we recommend you re-use the same project to share your configuration between the two.\n\n    <AccordionGroup>\n      <Accordion title=\"Option 1: Running Stack Auth's dev environment (recommended)\" defaultOpen>\n        First, create a `stack.config.ts` configuration file in the root directory of the workspace (or anywhere else):\n\n        ```ts stack.config.ts\n        import type { StackConfig } from \"<the-sdk-from-above>\";\n\n        // default: show-onboarding, which shows the onboarding flow for this project when Stack Auth starts\n        export const config: StackConfig = \"show-onboarding\";\n        ```\n\n        To run your application with Stack Auth, you can then start the dev environment and set environment variables expected by your application. Stack Auth's CLI has a `dev` command does both of these, so let's install it as a dev dependency and wrap your existing `dev` script in your package.json:\n\n        ```sh\n        npm i -D @stackframe/stack-cli\n        # or: pnpm i -D @stackframe/stack-cli\n        # or: yarn add -D @stackframe/stack-cli\n        # or: bun add --dev @stackframe/stack-cli\n        ```\n\n        ```json package.json\n        {\n          // ...\n          \"scripts\": {\n            // ...\n            \"dev\": \"stack dev --config-file ./stack.config.ts -- npm run dev:without-stack-auth\",\n            \"dev:without-stack-auth\": \"<your-existing-dev-script>\"\n          }\n        }\n        ```\n      </Accordion>\n\n      <Accordion title=\"Option 2: Connecting to a production project hosted in the cloud\">\n        Note: If you're an AI agent, and you don't already have the information you need from the Cloud project, you may have to ask the user for help on this step. You can either ask them to provide the environment variables, or just leave them empty for now and ask the user to complete them at the end.\n\n        If you'd rather run your development environment on our infrastructure, or you already have an existing product, you can also connect a cloud project.\n\n        This process is slightly different depending on whether you're setting up a frontend or a backend (whether your app can keep a secret key safe or not).\n\n        #### Frontend\n\n        Go to your project's dashboard on [app.stack-auth.com](https://app.stack-auth.com) and get the project ID. You can find it in the URL after the `/projects/` part. Copy-paste it into your `.env.local` file (or wherever your environment variables are stored):\n\n        Some projects have the `requirePublishableClientKey` config option enabled. In that case, a publishable client key will also be necessary. However, this is extremely uncommon; for most projects this is not true, so don't ask the user for one unless you have confirmation that the publishable client key is required. If it's not required, the project ID is the only environment variable required to use Stack Auth on a client.\n        \n        ```.env .env.local\n        STACK_PROJECT_ID=<your-project-id>\n        ```\n\n        Alternatively, you can also just set the project ID in the `stack/client.ts` file:\n\n        ```ts src/stack/client.ts\n        export const stackClientApp = new StackClientApp({\n          // ...\n          projectId: \"your-project-id\",\n        });\n        ```\n\n\n        #### Backend (or both frontend and backend)\n\n        First, navigate to the [Project Keys](https://app.stack-auth.com/projects/-selector-/project-keys) page in the Stack Auth dashboard and generate a new set of keys.\n\n        Then, copy-paste them into your `.env.local` file (or wherever your environment variables are stored):\n\n        If the `requirePublishableClientKey` config option is enabled as described above, a publishable client key will also be necessary. Otherwise, these two are the only environment variables required to use Stack Auth on a server.\n        \n        ```.env .env.local\n        STACK_PROJECT_ID=<your-project-id>\n        STACK_SECRET_SERVER_KEY=<your-secret-server-key>\n        ```\n\n        They'll automatically be picked up by the `StackServerApp` constructor.\n      </Accordion>\n    </AccordionGroup>\n  </Step>\n\n  <Step title=\"React: Creating a <StackProvider /> and <StackTheme />\">\n    In React frameworks, Stack Auth provides `StackProvider` and `StackTheme` components that should wrap your entire app at the root level.\n  \n    For example, if you have an `App.tsx` file, update it as follows:\n    \n    ```tsx src/App.tsx\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./stack/client\";\n    \n    export default function App() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            {/* your app content */}\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    For Next.js specifically: You can do this in the `layout.tsx` file in the `app` directory:\n    \n    ```tsx src/app/layout.tsx\n    import { Suspense } from \"react\";\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackServerApp } from \"@/stack/server\";\n    \n    export default function RootLayout({ children }: { children: React.ReactNode }) {\n      return (\n        <StackProvider app={stackServerApp}>\n          <StackTheme>\n            {children}\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    For TanStack Start specifically: TanStack Start uses file-based routes. The provider goes inside the root route's `component` (the inner React tree), while the document shell stays in `shellComponent`. Update `src/routes/__root.tsx`:\n    \n    ```tsx src/routes/__root.tsx\n    import { StackProvider, StackTheme } from \"@stackframe/tanstack-start\";\n    import { createRootRoute, HeadContent, Outlet, Scripts } from \"@tanstack/react-router\";\n    import type { ReactNode } from \"react\";\n    import { stackClientApp } from \"../stack/client\";\n    \n    export const Route = createRootRoute({\n      shellComponent: RootDocument,\n      component: RootComponent,\n    });\n    \n    function RootDocument({ children }: { children: ReactNode }) {\n      return (\n        <html lang=\"en\" suppressHydrationWarning>\n          <head>\n            <HeadContent />\n          </head>\n          <body>\n            {children}\n            <Scripts />\n          </body>\n        </html>\n      );\n    }\n    \n    function RootComponent() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            <Outlet />\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n    \n    Do not edit `src/routeTree.gen.ts` — it is regenerated automatically by the TanStack Start router from the files under `src/routes/`.\n  </Step>\n  \n  <Step title=\"React: Add Suspense boundary\">\n    Stack Auth also provides additional `useXyz` React hooks for `getXyz`/`listXyz` functions. For example, `useUser` is like `getUser`, but as a suspending React hook.\n  \n    To support the suspension, you need to add a suspense boundary around your app.\n    \n    The easiest way to do this is to just wrap your entire app in a `Suspense` component:\n    \n    ```tsx src/App.tsx\n    import { Suspense } from \"react\";\n    import { StackProvider, StackTheme } from \"<the-sdk-from-above>\";\n    import { stackClientApp } from \"./stack/client\";\n    \n    export default function App() {\n      return (\n        <Suspense fallback={<div>Loading...</div>}>\n          <StackProvider app={stackClientApp}>\n            <StackTheme>\n              {/* your app content */}\n            </StackTheme>\n          </StackProvider>\n        </Suspense>\n      );\n    }\n    ```\n  \n    In Next.js, this can be easily done by adding a `loading.tsx` file in the `app` directory:\n    \n    ```tsx src/app/loading.tsx\n    export default function Loading() {\n      return <div>Loading...</div>;\n    }\n    ```\n  \n    In TanStack Start: wrap the `<Outlet />` in your root route with a `Suspense` boundary so the document shell can stream while child routes wait on Stack Auth. Update `RootComponent` in `src/routes/__root.tsx`:\n    \n    ```tsx src/routes/__root.tsx\n    import { Suspense } from \"react\";\n    // ...other imports...\n    \n    function RootComponent() {\n      return (\n        <StackProvider app={stackClientApp}>\n          <StackTheme>\n            <Suspense fallback={<div>Loading...</div>}>\n              <Outlet />\n            </Suspense>\n          </StackTheme>\n        </StackProvider>\n      );\n    }\n    ```\n  \n    Note: If you are an AI agent, make sure to make the loading indicator visually appealing and match the design of your app, instead of the example that just says \"Loading...\".\n  </Step>\n  \n  <Step title=\"TanStack Start: Add the Stack handler route\">\n    Stack Auth's auth flows (sign-in, sign-up, OAuth callbacks, password reset, etc.) are rendered by a single `StackHandler` component mounted at `/handler/*`. In TanStack Start, expose it as a splat file route at `src/routes/handler/$.tsx`:\n  \n    ```tsx src/routes/handler/$.tsx\n    import { StackHandler } from \"@stackframe/tanstack-start\";\n    import { createFileRoute, useLocation } from \"@tanstack/react-router\";\n  \n    export const Route = createFileRoute(\"/handler/$\")({\n      ssr: false,\n      component: HandlerPage,\n    });\n  \n    function HandlerPage() {\n      const { pathname } = useLocation();\n      return <StackHandler fullPage location={pathname} />;\n    }\n    ```\n  \n    Two TanStack-specific notes:\n  \n    - The route is opted out of SSR with `ssr: false`. The handler runs browser-only auth flows (cookies, redirects, popups), so rendering it on the server provides no benefit and can fight with hydration. Other routes can opt into or out of SSR per-route the same way.\n    - Stack Auth resolves the current user during SSR by reading TanStack Start's request cookies through `@stackframe/tanstack-start`'s server context. No extra wiring is required — `useUser()` \"just works\" on both server and client routes as long as `tokenStore: \"cookie\"` is set on `StackClientApp`.\n  </Step>\n\n  <Step title=\"Backend: Update callers with header & get user\">\n    You are now ready to use the Stack Auth SDK. If you have any frontends calling your backend endpoints, you may want to pass along the Stack Auth tokens in a header such that you can access the same user object on your backend.\n  \n    The most ergonomic way to do this is to pass the result of `stackClientApp.getAuthorizationHeader()` as the `Authorization` header into your backend endpoints when the user is signed in:\n  \n    ```ts\n    // NOTE: This is your frontend's code\n    const authorizationHeader = await stackClientApp.getAuthorizationHeader();\n    const response = await fetch(\"/my-backend-endpoint\", {\n      headers: {\n        ...(authorizationHeader ? { Authorization: authorizationHeader } : {}),\n      },\n    });\n    // ...\n    ```\n  \n    In most backend frameworks you can then access the user object by passing the request object as a `tokenStore` of the functions that access the user object:\n  \n    ```ts\n    // NOTE: This is your backend's code\n    const user = await stackServerApp.getUser({ tokenStore: request });\n    return new Response(\"Hello, \" + user.displayName, { headers: { \"Cache-Control\": \"private, no-store\" } });\n    ```\n  \n    This will work as long as `request` is an object that follows the shape `{ headers: Record<string, string | null> | { get: (name: string) => string | null } }`.\n  \n    <Note>\n      Make sure that HTTP caching is disabled with `Cache-Control: private, no-store` for authenticated backend endpoints.\n    </Note>\n  \n    If you cannot use `getAuthorizationHeader()`, for example because you are using a protocol other than HTTP, you can use `getAuthJson()` instead:\n  \n    ```ts\n    // Frontend:\n    await rpcCall(\"my-rpc-endpoint\", {\n      data: {\n        auth: await stackClientApp.getAuthJson(),\n      },\n    });\n  \n    // Backend:\n    const user = await stackServerApp.getUser({ tokenStore: data.auth });\n    return new RpcResponse(\"Hello, \" + user.displayName);\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## Convex Setup\n\nFollow these instructions to integrate Stack Auth with Convex.\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Create or identify the Convex app\">\n    If the project does not already use Convex, initialize a Convex + Next.js app:\n\n    ```sh\n    npm create convex@latest\n    ```\n\n    When prompted, choose **Next.js** and **No auth**. Stack Auth will provide auth.\n\n    During development, run the Convex backend and the app dev server:\n\n    ```sh\n    npx convex dev\n    npm run dev\n    ```\n  </Step>\n\n  <Step title=\"Install and configure Stack Auth\">\n    Install Stack Auth in the app. If you have not already completed the SDK setup steps above, run the setup wizard:\n\n    ```sh\n    npx @stackframe/stack-cli@latest init\n    ```\n\n    Create or select a Stack Auth project in the dashboard. Copy the Stack Auth environment variables into the app's `.env.local` file.\n\n    Also add the same Stack Auth environment variables to the Convex deployment environment in the Convex dashboard.\n  </Step>\n\n  <Step title=\"Configure Convex auth providers\">\n    Create or update `convex/auth.config.ts`:\n\n    ```ts convex/auth.config.ts\n    import { getConvexProvidersConfig } from \"@stackframe/js\";\n    // or: import { getConvexProvidersConfig } from \"@stackframe/react\";\n    // or: import { getConvexProvidersConfig } from \"@stackframe/stack\";\n\n    export default {\n      providers: getConvexProvidersConfig({\n        projectId: process.env.STACK_PROJECT_ID, // or process.env.NEXT_PUBLIC_STACK_PROJECT_ID\n      }),\n    };\n    ```\n  </Step>\n\n  <Step title=\"Connect Convex clients to Stack Auth\">\n    Update the Convex client setup so Convex receives Stack Auth tokens.\n\n    In browser JavaScript:\n\n    ```ts\n    convexClient.setAuth(stackClientApp.getConvexClientAuth({}));\n    ```\n\n    In React:\n\n    ```ts\n    convexReactClient.setAuth(stackClientApp.getConvexClientAuth({}));\n    ```\n\n    For Convex HTTP clients on the server, pass a request-like token store:\n\n    ```ts\n    convexHttpClient.setAuth(stackClientApp.getConvexHttpClientAuth({ tokenStore: requestObject }));\n    ```\n  </Step>\n\n  <Step title=\"Use Stack Auth user data in Convex functions\">\n    In Convex queries and mutations, use Stack Auth's Convex integration to read the current user.\n\n    ```ts convex/myFunctions.ts\n    import { query } from \"./_generated/server\";\n    import { stackServerApp } from \"../src/stack/server\";\n\n    export const myQuery = query({\n      handler: async (ctx, args) => {\n        const user = await stackServerApp.getPartialUser({ from: \"convex\", ctx });\n        return user;\n      },\n    });\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## Supabase Setup\n\n<Note>\n  This setup covers Supabase Row Level Security (RLS) with Stack Auth JWTs. It does not sync user data between Supabase and Stack Auth. Use Stack Auth webhooks if you need data sync.\n</Note>\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Create Supabase RLS policies\">\n    In the Supabase SQL editor, enable Row Level Security for your tables and write policies based on Supabase JWT claims.\n\n    For example, this sample table demonstrates public rows, authenticated rows, and user-owned rows:\n\n    ```sql\n    CREATE TABLE data (\n      id bigint PRIMARY KEY,\n      text text NOT NULL,\n      user_id UUID\n    );\n\n    INSERT INTO data (id, text, user_id) VALUES\n      (1, 'Everyone can see this', NULL),\n      (2, 'Only authenticated users can see this', NULL),\n      (3, 'Only user with specific id can see this', NULL);\n\n    ALTER TABLE data ENABLE ROW LEVEL SECURITY;\n\n    CREATE POLICY \"Public read\" ON \"public\".\"data\" TO public\n    USING (id = 1);\n\n    CREATE POLICY \"Authenticated access\" ON \"public\".\"data\" TO authenticated\n    USING (id = 2);\n\n    CREATE POLICY \"User access\" ON \"public\".\"data\" TO authenticated\n    USING (id = 3 AND auth.uid() = user_id);\n    ```\n  </Step>\n\n  <Step title=\"Install Stack Auth and Supabase dependencies\">\n    If you are starting from scratch with Next.js, you can use Supabase's template and then initialize Stack Auth:\n\n    ```sh\n    npx create-next-app@latest -e with-supabase stack-supabase\n    cd stack-supabase\n    npx @stackframe/stack-cli@latest init\n    ```\n\n    Add the Supabase environment variables to `.env.local`:\n\n    ```.env .env.local\n    NEXT_PUBLIC_SUPABASE_URL=<your-supabase-url>\n    NEXT_PUBLIC_SUPABASE_ANON_KEY=<your-supabase-anon-key>\n    SUPABASE_JWT_SECRET=<your-supabase-jwt-secret>\n    ```\n\n    Also add the Stack Auth environment variables:\n\n    ```.env .env.local\n    # The project ID is the only client-exposed Stack Auth variable; in Next.js it must\n    # be prefixed with NEXT_PUBLIC_. STACK_SECRET_SERVER_KEY is server-only and must\n    # NEVER be prefixed or exposed to the client.\n    NEXT_PUBLIC_STACK_PROJECT_ID=<your-stack-project-id>\n    STACK_SECRET_SERVER_KEY=<your-secret-server-key>\n    ```\n  </Step>\n\n  <Step title=\"Mint Supabase JWTs from Stack Auth users\">\n    Create a server action that signs a Supabase JWT using the current Stack Auth user ID:\n\n    ```tsx utils/actions.ts\n    'use server';\n\n    import { stackServerApp } from \"@/stack/server\";\n    import * as jose from \"jose\";\n\n    export const getSupabaseJwt = async () => {\n      const user = await stackServerApp.getUser();\n\n      if (!user) {\n        return null;\n      }\n\n      const token = await new jose.SignJWT({\n        sub: user.id,\n        role: \"authenticated\",\n      })\n        .setProtectedHeader({ alg: \"HS256\" })\n        .setIssuedAt()\n        .setExpirationTime(\"1h\")\n        .sign(new TextEncoder().encode(process.env.SUPABASE_JWT_SECRET));\n\n      return token;\n    };\n    ```\n  </Step>\n\n  <Step title=\"Create a Supabase client that uses the Stack Auth JWT\">\n    Create a helper that passes the server-generated JWT to Supabase:\n\n    ```tsx utils/supabase-client.ts\n    import { createBrowserClient } from \"@supabase/ssr\";\n    import { getSupabaseJwt } from \"./actions\";\n\n    export const createSupabaseClient = () => {\n      return createBrowserClient(\n        process.env.NEXT_PUBLIC_SUPABASE_URL!,\n        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,\n        { accessToken: async () => await getSupabaseJwt() || \"\" },\n      );\n    };\n    ```\n  </Step>\n\n  <Step title=\"Fetch Supabase data\">\n    Use the Supabase client from your UI. The RLS policies will decide which rows the user can read based on the Stack Auth user ID embedded in the Supabase JWT.\n\n    ```tsx app/page.tsx\n    'use client';\n\n    import { createSupabaseClient } from \"@/utils/supabase-client\";\n    import { useStackApp, useUser } from \"@stackframe/stack\";\n    import Link from \"next/link\";\n    import { useEffect, useState } from \"react\";\n\n    export default function Page() {\n      const app = useStackApp();\n      const user = useUser();\n      const supabase = createSupabaseClient();\n      const [data, setData] = useState<null | any[]>(null);\n\n      useEffect(() => {\n        supabase.from(\"data\").select().then(({ data }) => setData(data ?? []));\n      }, []);\n\n      const listContent = data === null\n        ? <p>Loading...</p>\n        : data.length === 0\n          ? <p>No notes found</p>\n          : data.map((note) => <li key={note.id}>{note.text}</li>);\n\n      return (\n        <div>\n          {user ? (\n            <>\n              <p>You are signed in</p>\n              <p>User ID: {user.id}</p>\n              <Link href={app.urls.signOut}>Sign Out</Link>\n            </>\n          ) : (\n            <Link href={app.urls.signIn}>Sign In</Link>\n          )}\n          <h3>Supabase data</h3>\n          <ul>{listContent}</ul>\n        </div>\n      );\n    }\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>\n\n## CLI Setup\n\nFollow these instructions to authenticate users in a command line application with Stack Auth.\n\n<Steps titleSize=\"h3\">\n  <Step title=\"Add the CLI auth template\">\n    Download the Stack Auth CLI authentication template and place it in your project. For Python apps, copy it as `stack_auth_cli_template.py`.\n\n    Example project layout:\n\n    ```text\n    my-python-app/\n    ├─ main.py\n    └─ stack_auth_cli_template.py\n    ```\n  </Step>\n\n  <Step title=\"Prompt the user to log in\">\n    Import and call `prompt_cli_login`. It opens the browser, lets the user authenticate, and returns a refresh token.\n\n    ```py main.py\n    from stack_auth_cli_template import prompt_cli_login\n\n    refresh_token = prompt_cli_login(\n      app_url=\"https://your-app-url.example.com\",\n      project_id=\"your-project-id-here\",\n      publishable_client_key=\"your-publishable-client-key-here\",\n    )\n\n    if refresh_token is None:\n      print(\"User cancelled the login process. Exiting\")\n      exit(1)\n    ```\n\n    You can store the refresh token in a local file or keychain and only prompt the user again when no saved refresh token exists.\n  </Step>\n\n  <Step title=\"Exchange the refresh token for an access token\">\n    Use the refresh token with Stack Auth's REST API to get an access token.\n\n    ```py\n    def get_access_token(refresh_token):\n      access_token_response = stack_auth_request(\n        \"post\",\n        \"/api/v1/auth/sessions/current/refresh\",\n        headers={\n          \"x-stack-refresh-token\": refresh_token,\n        },\n      )\n\n      return access_token_response[\"access_token\"]\n    ```\n  </Step>\n\n  <Step title=\"Fetch the current user\">\n    Use the access token to call the Stack Auth REST API as the logged-in user.\n\n    ```py\n    def get_user_object(access_token):\n      return stack_auth_request(\n        \"get\",\n        \"/api/v1/users/me\",\n        headers={\n          \"x-stack-access-token\": access_token,\n        },\n      )\n\n    user = get_user_object(get_access_token(refresh_token))\n    print(\"The user is logged in as\", user[\"display_name\"] or user[\"primary_email\"])\n    ```\n  </Step>\n\n  <Step title=\"Done!\" />\n</Steps>";
 export const setupToolIds = ["nextjs","react","js","tanstack-start","tanstack-query","nodejs","bun","convex","supabase","cli"];
 export const setupTabMetadata = [{"toolId":"nextjs","title":"Next.js"},{"toolId":"react","title":"React"},{"toolId":"js","title":"JS/TS"},{"toolId":"tanstack-start","title":"Tanstack Start"},{"toolId":"nodejs","title":"Node.js"},{"toolId":"bun","title":"Bun"},{"toolId":"convex","title":"Convex"},{"toolId":"supabase","title":"Supabase"},{"toolId":"cli","title":"CLI"}];
 export const unifiedAiPromptTabTitle = "Unified AI Prompt";

From c787096c6a09391fa730743145e931ffc626ff15 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Sat, 23 May 2026 03:04:52 +0000
Subject: [PATCH 3/3] fix: add timeout to 'should return metrics data' test

Co-Authored-By: Konstantin Wohlwend <n2d4xc@gmail.com>
---
 .../e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts
index cb49f4efa8..958e99a3a1 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/internal-metrics.test.ts
@@ -123,7 +123,7 @@ async function waitForAnalyticsRowsForSessionReplaySegment(
   throw new Error(`Timed out waiting for ${expectedCount} analytics rows for session replay segment ${sessionReplaySegmentId}`);
 }
 
-it("should return metrics data", async ({ expect }) => {
+it("should return metrics data", { timeout: 120_000 }, async ({ expect }) => {
   await Project.createAndSwitch({
     config: {
       magic_link_enabled: true,