@hexclave/tanstack-start 1.0.24 → 1.0.26

package/src/dev-tool/dev-tool-core.ts

@@ -638,11 +638,6 @@ function createOverviewTab(app: StackClientApp<true>): TabResult {
 
   const actions = h('div', { className: 'sdt-ov-actions' });
   const toast = h('div', { className: 'sdt-ov-toast', style: { display: 'none' } });
-  const emailRow = h('div', { className: 'sdt-ov-email-input' });
-  const emailInput = h('input', { type: 'email', placeholder: 'Sign in as email\u2026' }) as HTMLInputElement;
-  const emailBtn = h('button', null);
-  setHtml(emailBtn, '<svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><line x1="5" y1="12" x2="19" y2="12"/><polyline points="12 5 19 12 12 19"/></svg>');
-  emailRow.append(emailInput, emailBtn);
 
   function isBestEffortOverviewError(error: unknown) {
     if (error instanceof DOMException && error.name === 'AbortError') {
@@ -704,15 +699,14 @@ function createOverviewTab(app: StackClientApp<true>): TabResult {
       });
       actions.append(signOutBtn, randomBtn);
     } else {
-      const quickBtn = h('button', { className: 'sdt-ov-btn sdt-ov-btn-primary sdt-ov-btn-wide' }, loading ? 'Working\u2026' : 'Quick Sign In');
+      const quickBtn = h('button', { className: 'sdt-ov-btn sdt-ov-btn-primary sdt-ov-btn-wide' }, loading ? 'Working\u2026' : 'Quick Sign Up');
       quickBtn.disabled = loading;
       quickBtn.addEventListener('click', () => {
         runAsynchronously(doQuickSignIn());
       });
       actions.appendChild(quickBtn);
     }
-    emailInput.placeholder = currentUser ? 'Switch to email\u2026' : 'Sign in as email\u2026';
-    actions.appendChild(emailRow);
+
   }
 
   async function doQuickSignIn() {
@@ -744,54 +738,6 @@ function createOverviewTab(app: StackClientApp<true>): TabResult {
     await refreshUser();
   }
 
-  async function doSignInAs(targetEmail: string) {
-    if (!targetEmail.trim()) return;
-    if (!isLocalhost(window.location.href)) {
-      showToast('Quick sign-in is only available on localhost', 'error');
-      return;
-    }
-    loading = true;
-    rebuildActions();
-    const trimmed = targetEmail.trim();
-    try {
-      const signInResult = await app.signInWithCredential({ email: trimmed, password: trimmed, noRedirect: true });
-      if (signInResult.status === 'ok') {
-        showToast(`Signed in as ${trimmed}`, 'success');
-        emailInput.value = '';
-        loading = false;
-        await refreshUser();
-        return;
-      }
-      const signUpResult = await app.signUpWithCredential({ email: trimmed, password: trimmed, noRedirect: true } as any);
-      if (signUpResult.status === 'error') {
-        showToast(`Failed: ${signUpResult.error.message}`, 'error');
-        loading = false;
-        rebuildActions();
-        return;
-      }
-      const retryResult = await app.signInWithCredential({ email: trimmed, password: trimmed, noRedirect: true });
-      if (retryResult.status === 'error') {
-        showToast(`Sign in failed: ${retryResult.error.message}`, 'error');
-      } else {
-        showToast(`Signed in as ${trimmed}`, 'success');
-        emailInput.value = '';
-      }
-    } catch (e: any) {
-      showToast(e.message || 'Unknown error', 'error');
-    }
-    loading = false;
-    await refreshUser();
-  }
-
-  emailBtn.addEventListener('click', () => {
-    runAsynchronously(doSignInAs(emailInput.value));
-  });
-  emailInput.addEventListener('keydown', (e) => {
-    if (e.key === 'Enter') {
-      runAsynchronously(doSignInAs(emailInput.value));
-    }
-  });
-
   heroCard.append(actions, toast);
 
   // ── Auth methods card ──────────────────────────────────────────────────────
@@ -855,7 +801,7 @@ function createOverviewTab(app: StackClientApp<true>): TabResult {
   function buildChecklist() {
     checksCard.innerHTML = '';
     const currentUserCheck = hasPersistentTokenStore
-      ? { ok: !!currentUser, label: 'Sign in a test user', hint: 'Use \u201cQuick Sign In\u201d above \u2192' }
+      ? { ok: !!currentUser, label: 'Sign in a test user', hint: 'Use \u201cQuick Sign Up\u201d above \u2192' }
       : { ok: true, label: 'Current-user tools unavailable', hint: null };
     const checks = [
       { ok: !!projectId && projectId !== 'default', label: 'Project configured', hint: null },
@@ -925,7 +871,7 @@ function createOverviewTab(app: StackClientApp<true>): TabResult {
         } else {
           avatar.textContent = initials;
         }
-        userName.textContent = currentUser.displayName || 'Anonymous';
+        userName.textContent = currentUser.displayName || '(No display name)';
         userEmail.textContent = currentUser.primaryEmail || 'No email';
         authIndicator.style.display = '';
       } else {
@@ -1905,7 +1851,7 @@ function createSupportTab(app: StackClientApp<true>): HTMLElement {
 function createComponentsTab(app: StackClientApp<true>): HTMLElement {
   const container = h('div', { className: 'sdt-pg-layout' });
   const apiBaseUrl = resolveApiBaseUrl(app);
-  const urls = app.urls;
+  const urls = app[hexclaveAppInternalsSymbol].getUrls();
   const urlOptions: HandlerUrlOptions = app[hexclaveAppInternalsSymbol].getConstructorOptions().urls ?? {};
 
   const PAGE_ENTRIES: { key: keyof HandlerUrls; label: string }[] = [

package/src/lib/hexclave-app/apps/implementations/admin-app-impl.ts

@@ -24,6 +24,7 @@ import { EmailConfig, hexclaveAppInternalsSymbol } from "../../common";
 import { AdminEmailTemplate } from "../../email-templates";
 import { InternalApiKey, InternalApiKeyBase, InternalApiKeyBaseCrudRead, InternalApiKeyCreateOptions, InternalApiKeyFirstView, internalApiKeyCreateOptionsToCrud } from "../../internal-api-keys";
 import { AdminProjectPermission, AdminProjectPermissionDefinition, AdminProjectPermissionDefinitionCreateOptions, AdminProjectPermissionDefinitionUpdateOptions, AdminTeamPermission, AdminTeamPermissionDefinition, AdminTeamPermissionDefinitionCreateOptions, AdminTeamPermissionDefinitionUpdateOptions, adminProjectPermissionDefinitionCreateOptionsToCrud, adminProjectPermissionDefinitionUpdateOptionsToCrud, adminTeamPermissionDefinitionCreateOptionsToCrud, adminTeamPermissionDefinitionUpdateOptionsToCrud } from "../../permissions";
+import type { PlanUsage } from "../../plan-usage";
 import { AdminOwnedProject, AdminProject, AdminProjectUpdateOptions, PushConfigOptions, adminProjectUpdateOptionsToCrud } from "../../projects";
 import type { AdminSessionReplay, AdminSessionReplayChunk, ListSessionReplayChunksOptions, ListSessionReplayChunksResult, ListSessionReplaysOptions, ListSessionReplaysResult, SessionReplayAllEventsResult } from "../../session-replays";
 import { ManagedEmailProviderListItem, ManagedEmailProviderSetupResult, ManagedEmailProviderStatus, EmailOutboxUpdateOptions, StackAdminApp, StackAdminAppConstructorOptions } from "../interfaces/admin-app";
@@ -37,6 +38,7 @@ import { PushedConfigSource } from "../../projects";
 import { useAsyncCache } from "./common"; // THIS_LINE_PLATFORM react-like
 
 type BranchConfigSourceApi = yup.InferType<typeof branchConfigSourceSchema>;
+type PlanUsageResponse = Awaited<ReturnType<HexclaveAdminInterface["getPlanUsage"]>>;
 /**
  * Converts a PushedConfigSource (SDK camelCase) to BranchConfigSourceApi (API snake_case).
  */
@@ -79,6 +81,9 @@ export class _HexclaveAdminAppImplIncomplete<HasTokenStore extends boolean, Proj
   private readonly _adminProjectCache = createCache(async () => {
     return await this._interface.getProject();
   });
+  private readonly _planUsageCache = createCache(async () => {
+    return await this._interface.getPlanUsage();
+  });
   private readonly _internalApiKeysCache = createCache(async () => {
     const res = await this._interface.listInternalApiKeys();
     return res;
@@ -196,10 +201,17 @@ export class _HexclaveAdminAppImplIncomplete<HasTokenStore extends boolean, Proj
       isDevelopmentEnvironment: data.is_development_environment,
       ownerTeamId: data.owner_team_id,
       onboardingStatus: data.onboarding_status,
+      onboardingState: data.onboarding_state ?? null,
       logoUrl: data.logo_url,
       logoFullUrl: data.logo_full_url,
       logoDarkModeUrl: data.logo_dark_mode_url,
       logoFullDarkModeUrl: data.logo_full_dark_mode_url,
+      pushedConfigError: data.pushed_config_error == null ? null : {
+        message: data.pushed_config_error.message,
+      },
+      configWarnings: data.config_warnings.map((warning) => ({
+        message: warning.message,
+      })),
       config: {
         signUpEnabled: data.config.sign_up_enabled,
         credentialEnabled: data.config.credential_enabled,
@@ -331,6 +343,28 @@ export class _HexclaveAdminAppImplIncomplete<HasTokenStore extends boolean, Proj
     };
   }
 
+  _planUsageFromCrud(data: PlanUsageResponse): PlanUsage {
+    return {
+      ownerTeamId: data.owner_team_id,
+      ownerTeamDisplayName: data.owner_team_display_name,
+      planId: data.plan_id,
+      planDisplayName: data.plan_display_name,
+      periodStart: new Date(data.period_start_millis),
+      periodEnd: new Date(data.period_end_millis),
+      nextPlanId: data.next_plan_id,
+      rows: data.rows.map((row) => ({
+        itemId: row.item_id,
+        displayName: row.display_name,
+        kind: row.kind,
+        used: row.used,
+        limit: row.limit,
+        remaining: row.remaining,
+        overage: row.overage,
+        isUnlimited: row.is_unlimited,
+      })),
+    };
+  }
+
   override async getProject(): Promise<AdminProject> {
     return this._adminProjectFromCrud(
       Result.orThrow(await this._adminProjectCache.getOrWait([], "write-only")),
@@ -346,6 +380,15 @@ export class _HexclaveAdminAppImplIncomplete<HasTokenStore extends boolean, Proj
     ), [crud]);
   }
 
+  async getPlanUsage(): Promise<PlanUsage> {
+    return this._planUsageFromCrud(Result.orThrow(await this._planUsageCache.getOrWait([], "write-only")));
+  }
+
+  usePlanUsage(): PlanUsage {
+    const crud = useAsyncCache(this._planUsageCache, [], "adminApp.usePlanUsage()");
+    return useMemo(() => this._planUsageFromCrud(crud), [crud]);
+  }
+
   protected _createInternalApiKeyBaseFromCrud(data: InternalApiKeyBaseCrudRead): InternalApiKeyBase {
     const app = this;
     return {
@@ -1140,7 +1183,7 @@ export class _HexclaveAdminAppImplIncomplete<HasTokenStore extends boolean, Proj
   }
 
   async getStripeAccountInfo(): Promise<null | { account_id: string, charges_enabled: boolean, details_submitted: boolean, payouts_enabled: boolean }> {
-    return await this._interface.getStripeAccountInfo();
+    return Result.orThrow(await this._stripeAccountInfoCache.getOrWait([], "write-only"));
   }
 
   useStripeAccountInfo(): { account_id: string, charges_enabled: boolean, details_submitted: boolean, payouts_enabled: boolean } | null {

package/src/lib/hexclave-app/apps/implementations/client-app-impl.ts

@@ -2,8 +2,7 @@
 //===========================================
 // THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template
 //===========================================
-import { WebAuthnError, startAuthentication, startRegistration } from "@simplewebauthn/browser";
-import { KnownError, KnownErrors, HexclaveClientInterface } from "@hexclave/shared";
+import { HexclaveClientInterface, KnownError, KnownErrors } from "@hexclave/shared";
 import type { RequestListener } from "@hexclave/shared/dist/interface/client-interface";
 import { ContactChannelsCrud } from "@hexclave/shared/dist/interface/crud/contact-channels";
 import { CurrentUserCrud } from "@hexclave/shared/dist/interface/crud/current-user";
@@ -42,14 +41,15 @@ import { BotChallengeExecutionFailedError, BotChallengeUserCancelledError, withB
 import { createUrlIfValid, getRelativePart, isRelative } from "@hexclave/shared/dist/utils/urls";
 import { generateUuid } from "@hexclave/shared/dist/utils/uuids";
 import * as tanstackStartServerContext from "@hexclave/tanstack-start/tanstack-start-server-context"; // THIS_LINE_PLATFORM tanstack-start
+import { WebAuthnError, startAuthentication, startRegistration } from "@simplewebauthn/browser";
 import * as TanStackRouter from "@tanstack/react-router"; // THIS_LINE_PLATFORM tanstack-start
 import * as cookie from "cookie";
 import React, { useCallback, useMemo } from "react"; // THIS_LINE_PLATFORM react-like
 import type * as yup from "yup";
+import { envVars } from "../../../../generated/env";
 import { constructRedirectUrl } from "../../../../utils/url";
 import { callOAuthCallback, getNewOAuthProviderOrScopeUrl } from "../../../auth";
 import { CookieHelper, createBrowserCookieHelper, createCookieHelper, createPlaceholderCookieHelper, deleteCookie, deleteCookieClient, getCookieClient, isSecure as isSecureCookieContext, saveVerifierAndState, setOrDeleteCookie, setOrDeleteCookieClient } from "../../../cookie";
-import { envVars } from "../../../../generated/env";
 import { ApiKey, ApiKeyCreationOptions, ApiKeyUpdateOptions, apiKeyCreationOptionsToCrud } from "../../api-keys";
 import { ConvexCtx, GetCurrentPartialUserOptions, GetCurrentUserOptions, HandlerUrlOptions, HandlerUrls, OAuthScopesOnSignIn, RedirectMethod, RedirectToOptions, RequestLike, ResolvedHandlerUrls, TokenStoreInit, hexclaveAppInternalsSymbol } from "../../common";
 import { DeprecatedOAuthConnection, OAuthConnection } from "../../connected-accounts";
@@ -73,6 +73,7 @@ import { AnalyticsOptions, SessionRecorder, analyticsOptionsFromJson, analyticsO
 import { useAsyncCache } from "./common";
 import { mountClickmapOverlay } from "../../../../clickmap";
 import { mountDevTool } from "../../../../dev-tool";
+import { mountPushedConfigErrorOverlay } from "../../../../pushed-config-error-overlay";
 
 let isReactServer = false;
 
@@ -356,7 +357,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
         {
           provider,
           redirectUrl: this._getOAuthCallbackRedirectUri(),
-          errorRedirectUrl: this.urls.error,
+          errorRedirectUrl: this._getUrls().error,
           providerScope: mergeScopeStrings(scopeString, (this._oauthScopesOnSignIn[provider as ProviderType] ?? []).join(" ")),
         },
         session,
@@ -559,7 +560,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
         {
           provider: options.providerId,
           redirectUrl: this._getOAuthCallbackRedirectUri(),
-          errorRedirectUrl: this.urls.error,
+          errorRedirectUrl: this._getUrls().error,
           providerScope: mergeScopeStrings(options.scope || "", (this._oauthScopesOnSignIn[options.providerId] ?? []).join(" ")),
         },
         options.session,
@@ -742,6 +743,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
       // when a dashboard-minted token is handed over, so the listener is
       // mounted unconditionally (the heavy UI is lazy-loaded on demand).
       mountClickmapOverlay(this as any);
+      mountPushedConfigErrorOverlay(this as any);
     }
   }
 
@@ -863,7 +865,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
 
   protected _getOAuthCallbackRedirectUri(): string {
     if (!this._isOAuthCallbackUrlHosted()) {
-      return this.urls.oauthCallback;
+      return this._getUrls().oauthCallback;
     }
     if (typeof window === "undefined") {
       throw new HexclaveAssertionError("Hosted OAuth callback URLs require a browser environment to use the current URL as the redirect URI");
@@ -1636,6 +1638,12 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
     return {
       id: crud.id,
       displayName: crud.display_name,
+      pushedConfigError: crud.pushed_config_error == null ? null : {
+        message: crud.pushed_config_error.message,
+      },
+      configWarnings: crud.config_warnings.map((warning) => ({
+        message: warning.message,
+      })),
       config: {
         signUpEnabled: crud.config.sign_up_enabled,
         credentialEnabled: crud.config.credential_enabled,
@@ -3030,13 +3038,13 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
   async redirectToMfa(options?: RedirectToOptions) { return await this._redirectToHandler("mfa", options); }
 
   async sendForgotPasswordEmail(email: string, options?: { callbackUrl?: string }): Promise<Result<undefined, KnownErrors["UserNotFound"]>> {
-    return await this._interface.sendForgotPasswordEmail(email, options?.callbackUrl ?? constructRedirectUrl(this.urls.passwordReset, "callbackUrl"));
+    return await this._interface.sendForgotPasswordEmail(email, options?.callbackUrl ?? constructRedirectUrl(this._getUrls().passwordReset, "callbackUrl"));
   }
 
   async sendMagicLinkEmail(email: string, options?: {
     callbackUrl?: string,
   }): Promise<Result<{ nonce: string }, KnownErrors["RedirectUrlNotWhitelisted"] | KnownErrors["BotChallengeFailed"]>> {
-    const callbackUrl = options?.callbackUrl ?? constructRedirectUrl(this.urls.magicLinkCallback, "callbackUrl");
+    const callbackUrl = options?.callbackUrl ?? constructRedirectUrl(this._getUrls().magicLinkCallback, "callbackUrl");
     return await this._executeResultWithBotChallengeFlow({
       action: "send_magic_link_email",
       execute: async (challenge) => {
@@ -3325,7 +3333,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
       return await this._interface.authorizeOAuth({
         provider,
         redirectUrl: constructRedirectUrl(this._getOAuthCallbackRedirectUri(), "redirectUrl"),
-        errorRedirectUrl: constructRedirectUrl(this.urls.error, "errorRedirectUrl"),
+        errorRedirectUrl: constructRedirectUrl(this._getUrls().error, "errorRedirectUrl"),
         afterCallbackRedirectUrl,
         type: "authenticate",
         providerScope: this._oauthScopesOnSignIn[provider]?.join(" "),
@@ -3445,7 +3453,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
     }
     this._ensurePersistentTokenStore();
     const session = await this._getSession();
-    const emailVerificationRedirectUrl = options.noVerificationCallback ? undefined : options.verificationCallbackUrl ?? constructRedirectUrl(this.urls.emailVerification, "verificationCallbackUrl");
+    const emailVerificationRedirectUrl = options.noVerificationCallback ? undefined : options.verificationCallbackUrl ?? constructRedirectUrl(this._getUrls().emailVerification, "verificationCallbackUrl");
 
     const executeSignUp = async (challenge: { token?: string, phase?: "invisible" | "visible", unavailable?: true }) => {
       let result = await this._interface.signUpWithCredential(
@@ -3608,7 +3616,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
 
     // Step 2: Open the browser for the user to authenticate and display the verification code
     const url = buildCliAuthConfirmUrl({
-      cliAuthConfirmUrl: this.urls.cliAuthConfirm,
+      cliAuthConfirmUrl: this._getUrls().cliAuthConfirm,
       appUrl: options.appUrl,
       loginCode,
     });
@@ -4046,6 +4054,7 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
       ) => {
         return await this._interface.sendClientRequest(path, requestOptions, await this._getSession(), requestType);
       },
+      getUrls: () => this._getUrls(),
       getRedirectMethod: () => this._redirectMethod ?? throwErr("Redirect method should have been initialized in the Stack client app constructor"),
       redirectToUrl: async (url: string | URL, options?: { replace?: boolean }) => {
         await this._redirectTo({ url, ...options });

package/src/lib/hexclave-app/apps/implementations/event-tracker.test.ts

@@ -391,6 +391,39 @@ describe("EventTracker", () => {
     }
   });
 
+  it("silently ignores network errors caused by ad blockers", async () => {
+    vi.useFakeTimers();
+    document.body.innerHTML = "<button>Click me</button>";
+
+    const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
+    const sentBodies: string[] = [];
+    const tracker = new EventTracker({
+      projectId: "internal",
+      sendBatch: async (body) => {
+        sentBodies.push(body);
+        return Result.error(new TypeError("Failed to fetch"));
+      },
+    });
+
+    try {
+      tracker.start();
+
+      await advancePastFlush();
+      expect(sentBodies).toHaveLength(1);
+      expect(warnSpy).not.toHaveBeenCalled();
+
+      // Unlike ANALYTICS_NOT_ENABLED, ad blocker errors do NOT disable the
+      // tracker — subsequent flushes continue attempting delivery.
+      document.querySelector("button")?.dispatchEvent(new MouseEvent("click", { bubbles: true }));
+      await advancePastFlush();
+      expect(sentBodies).toHaveLength(2);
+      expect(warnSpy).not.toHaveBeenCalled();
+    } finally {
+      tracker.stop();
+      warnSpy.mockRestore();
+    }
+  });
+
   it("silently disables when client interface returns ANALYTICS_NOT_ENABLED as an error", async () => {
     vi.useFakeTimers();
     document.body.innerHTML = "<button>Click me</button>";

package/src/lib/hexclave-app/apps/implementations/event-tracker.ts

@@ -8,7 +8,7 @@ import { cssEscapeIdent } from "@hexclave/shared/dist/utils/dom";
 import { buildElementsChain, ELEMENTS_CHAIN_MAX_DEPTH } from "@hexclave/shared/dist/utils/elements-chain";
 import { runAsynchronously } from "@hexclave/shared/dist/utils/promises";
 import { Result } from "@hexclave/shared/dist/utils/results";
-import { generateUuid, isAnalyticsNotEnabledError } from "./session-replay";
+import { generateUuid, isAdBlockerNetworkError, isAnalyticsNotEnabledError } from "./session-replay";
 
 const FLUSH_INTERVAL_MS = 10_000;
 const MAX_EVENTS_PER_BATCH = 50;
@@ -511,6 +511,11 @@ export class EventTracker {
         this._disable();
         return;
       }
+      // Ad blockers commonly block analytics endpoints, causing network
+      // errors. These are expected and should not pollute the console.
+      if (isAdBlockerNetworkError(res.error)) {
+        return;
+      }
       console.warn("EventTracker flush failed:", res.error);
       return;
     }

package/src/lib/hexclave-app/apps/implementations/session-replay.test.ts

@@ -49,6 +49,58 @@ describe("analytics option JSON conversion", () => {
 });
 
 describe("SessionRecorder flush", () => {
+  it("silently ignores network errors caused by ad blockers", async () => {
+    vi.useFakeTimers();
+
+    const storageKey = `hexclave:session-replay:v1:test-project`;
+    localStorage.setItem(storageKey, JSON.stringify({
+      session_id: "test-session",
+      created_at_ms: Date.now(),
+      last_activity_ms: Date.now(),
+    }));
+
+    const sentBodies: string[] = [];
+    const recorder = new SessionRecorder(
+      {
+        projectId: "test-project",
+        sendBatch: async (body) => {
+          sentBodies.push(body);
+          return Result.error(new TypeError("Failed to fetch"));
+        },
+      },
+      {},
+    );
+
+    const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
+
+    try {
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      (recorder as any)._events = [{ type: 2, timestamp: Date.now(), data: {} }];
+
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+      (recorder as any)._tick();
+      await vi.advanceTimersByTimeAsync(0);
+
+      expect(sentBodies).toHaveLength(1);
+      expect(warnSpy).not.toHaveBeenCalled();
+
+      // Unlike ANALYTICS_NOT_ENABLED, ad blocker errors do NOT disable the
+      // recorder — subsequent flushes continue attempting delivery.
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      (recorder as any)._events = [{ type: 3, timestamp: Date.now(), data: {} }];
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+      (recorder as any)._tick();
+      await vi.advanceTimersByTimeAsync(0);
+      expect(sentBodies).toHaveLength(2);
+      expect(warnSpy).not.toHaveBeenCalled();
+    } finally {
+      recorder.stop();
+      warnSpy.mockRestore();
+      localStorage.removeItem(storageKey);
+      vi.useRealTimers();
+    }
+  });
+
   it("silently disables when client interface returns ANALYTICS_NOT_ENABLED as an error", async () => {
     vi.useFakeTimers();
 

package/src/lib/hexclave-app/apps/implementations/session-replay.ts

@@ -170,6 +170,21 @@ export function isAnalyticsNotEnabledError(error: unknown): boolean {
   return KnownErrors.AnalyticsNotEnabled.isInstance(error);
 }
 
+/**
+ * Whether the error looks like a network failure caused by an ad blocker or
+ * similar extension blocking analytics requests. These are expected in
+ * production and should be silently ignored rather than logged as warnings.
+ */
+export function isAdBlockerNetworkError(error: unknown): boolean {
+  if (error instanceof Error) {
+    return error.message.includes("Failed to fetch")
+      || error.message.includes("NetworkError")
+      || error.message.includes("Load failed")
+      || error.message.includes("network connection");
+  }
+  return false;
+}
+
 export class SessionRecorder {
   private _started = false;
   private _cancelled = false;
@@ -278,6 +293,11 @@ export class SessionRecorder {
           this._disable();
           return;
         }
+        // Ad blockers commonly block analytics endpoints, causing network
+        // errors. These are expected and should not pollute the console.
+        if (isAdBlockerNetworkError(res.error)) {
+          return;
+        }
         captureWarning("SessionRecorder.flush", res.error);
         return;
       }

package/src/lib/hexclave-app/apps/interfaces/admin-app.ts

@@ -13,6 +13,7 @@ import { AsyncStoreProperty, EmailConfig } from "../../common";
 import { AdminEmailOutbox, AdminSentEmail } from "../../email";
 import { InternalApiKey, InternalApiKeyCreateOptions, InternalApiKeyFirstView } from "../../internal-api-keys";
 import { AdminProjectPermission, AdminProjectPermissionDefinition, AdminProjectPermissionDefinitionCreateOptions, AdminProjectPermissionDefinitionUpdateOptions, AdminTeamPermission, AdminTeamPermissionDefinition, AdminTeamPermissionDefinitionCreateOptions, AdminTeamPermissionDefinitionUpdateOptions } from "../../permissions";
+import type { PlanUsage } from "../../plan-usage";
 import { AdminProject } from "../../projects";
 import { _HexclaveAdminAppImpl } from "../implementations";
 import { StackServerApp, StackServerAppConstructorOptions } from "./server-app";
@@ -75,6 +76,7 @@ export type StackAdminAppConstructorOptions<HasTokenStore extends boolean, Proje
 /** @deprecated Use `HexclaveAdminApp` from the `@hexclave/*` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. */
 export type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (
   & AsyncStoreProperty<"project", [], AdminProject, false>
+  & AsyncStoreProperty<"planUsage", [], PlanUsage, false>
   & AsyncStoreProperty<"internalApiKeys", [], InternalApiKey[], true>
   & AsyncStoreProperty<"teamPermissionDefinitions", [], AdminTeamPermissionDefinition[], true>
   & AsyncStoreProperty<"projectPermissionDefinitions", [], AdminProjectPermissionDefinition[], true>

package/src/lib/hexclave-app/apps/interfaces/client-app.ts

@@ -131,6 +131,7 @@ export type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId ex
       sendAnalyticsEventBatch(body: string, options: { keepalive: boolean }): Promise<Result<Response, Error>>,
       addRequestListener(listener: RequestListener): () => void,
       sendRequest(path: string, requestOptions: RequestInit, requestType?: "client" | "server" | "admin"): Promise<Response>,
+      getUrls(): Readonly<ResolvedHandlerUrls>,
       getRedirectMethod(): RedirectMethod,
       redirectToUrl(url: string | URL, options?: { replace?: boolean }): Promise<void>,
       redirectToHandler(handlerName: keyof HandlerUrls, options?: RedirectToOptions): Promise<void>,

package/src/lib/hexclave-app/index.ts

@@ -118,6 +118,14 @@ export type {
   PushedConfigSource
 } from "./projects";
 
+export type {
+  PlanUsage,
+  PlanUsageKind,
+  PlanUsageNextPlanId,
+  PlanUsagePlanId,
+  PlanUsageRow,
+} from "./plan-usage";
+
 export type {
   EditableTeamMemberProfile, ReceivedTeamInvitation,
   SentTeamInvitation, ServerListUsersOptions,

package/src/lib/hexclave-app/plan-usage/index.ts

@@ -0,0 +1,29 @@
+
+//===========================================
+// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template
+//===========================================
+export type PlanUsageKind = "current" | "metered" | "capability";
+export type PlanUsagePlanId = "free" | "team" | "growth";
+export type PlanUsageNextPlanId = "team" | "growth";
+
+export type PlanUsageRow = {
+  itemId: string,
+  displayName: string,
+  kind: PlanUsageKind,
+  used: number | null,
+  limit: number | null,
+  remaining: number | null,
+  overage: number | null,
+  isUnlimited: boolean,
+};
+
+export type PlanUsage = {
+  ownerTeamId: string,
+  ownerTeamDisplayName: string,
+  planId: PlanUsagePlanId,
+  planDisplayName: string,
+  periodStart: Date,
+  periodEnd: Date,
+  nextPlanId: PlanUsageNextPlanId | null,
+  rows: PlanUsageRow[],
+};

package/src/lib/hexclave-app/projects/index.ts

@@ -30,6 +30,8 @@ export type PushConfigOptions = {
 export type Project = {
   readonly id: string,
   readonly displayName: string,
+  readonly pushedConfigError: { message: string } | null,
+  readonly configWarnings: { message: string }[],
   readonly config: ProjectConfig,
 };
 
@@ -42,6 +44,7 @@ export type AdminProject = {
   readonly isDevelopmentEnvironment: boolean,
   readonly ownerTeamId: string | null,
   readonly onboardingStatus: ProjectOnboardingStatus,
+  readonly onboardingState: NonNullable<ProjectsCrud["Admin"]["Read"]["onboarding_state"]> | null,
   readonly logoUrl: string | null | undefined,
   readonly logoFullUrl: string | null | undefined,
   readonly logoDarkModeUrl: string | null | undefined,