npm - @mars-stack/cli - Versions diffs - 8.0.3 → 8.0.5 - Mend

@mars-stack/cli 8.0.3 → 8.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.js +10 -3
package/dist/index.js.map +1 -1
package/package.json +3 -3
package/template/e2e/README.md +2 -0
package/template/package.json +7 -7
package/template/playwright.config.ts +7 -10
package/template/scripts/playwright-web-server.mjs +2 -1
package/template/scripts/seed.ts +1 -1
package/template/src/app/(protected)/settings/page.tsx +22 -7
package/template/src/app/api/csrf/route.test.ts +4 -1
package/template/src/app/api/csrf/route.ts +3 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mars-stack/cli",
-  "version": "8.0.3",
+  "version": "8.0.5",
   "description": "MARS CLI: scaffold, configure, and maintain SaaS apps",
   "license": "MIT",
   "repository": {
@@ -48,10 +48,10 @@
   "devDependencies": {
     "@types/fs-extra": "^11.0.0",
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^25.5.0",
+    "@types/node": "^25.5.2",
     "@types/prompts": "^2.4.0",
     "tsup": "^8.0.0",
-    "typescript": "^5.7.0",
+    "typescript": "^6.0.2",
     "vitest": "^4.1.2"
   }
 }

package/template/e2e/README.md CHANGED Viewed

@@ -10,6 +10,8 @@ Browser-level tests for user-visible behaviour. Run: `yarn test:e2e` from the pr
 Monorepo CI runs this on pull requests via the `template-e2e` job in `.github/workflows/ci.yml` (Postgres service + `E2E_USE_CI_SERVER=1` + `scripts/start-e2e-server.mjs`).
+**Local default web server:** `playwright-web-server.mjs` runs `ensure-db`, then **`npx prisma db seed`**, then `yarn dev` — same seeded-user assumption as CI (`user@example.com` / `Password123!` from `scripts/seed.ts`). You no longer need a separate manual `yarn db:seed` before `yarn test:e2e` on a fresh scaffold.
 ## Kitchen-sink CLI catalog (MARS-041, Option A)
 Full **`mars generate`** surface is exercised against a **materialized kitchen-sink fixture** (not the bare template tree):

package/template/package.json CHANGED Viewed

@@ -32,15 +32,15 @@
     "@mars-stack/ui": "*",
     "@prisma/adapter-pg": "^7.6.0",
     "@prisma/client": "^7.6.0",
-    "dotenv": "^17.3.1",
-    "@react-email/components": "^1.0.10",
+    "dotenv": "^17.4.1",
+    "@react-email/components": "^1.0.11",
     "@sendgrid/mail": "^8.1.0",
     "@upstash/ratelimit": "^2.0.0",
     "@upstash/redis": "^1.37.0",
     "bcryptjs": "^3.0.3",
     "clsx": "^2.1.1",
     "jose": "^6.2.2",
-    "next": "^16.2.1",
+    "next": "^16.2.2",
     "pino": "^9.6.0",
     "pino-pretty": "^13.0.0",
     "react": "^19.0.0",
@@ -56,17 +56,17 @@
   },
   "devDependencies": {
     "@eslint/eslintrc": "^3.3.5",
-    "@playwright/test": "^1.50.0",
+    "@playwright/test": "^1.59.1",
     "@tailwindcss/postcss": "^4.2.2",
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/react": "^16.0.0",
     "@types/bcryptjs": "^3.0.0",
-    "@types/node": "^25.5.0",
+    "@types/node": "^25.5.2",
     "@types/react": "^19.0.0",
     "@types/react-dom": "^19.0.0",
     "@vitejs/plugin-react": "^5.1.4",
     "eslint": "^9.0.0",
-    "eslint-config-next": "^16.2.1",
+    "eslint-config-next": "^16.2.2",
     "jsdom": "^29.0.1",
     "postcss": "^8.5.0",
     "prettier": "^3.5.0",
@@ -74,7 +74,7 @@
     "prisma": "^7.6.0",
     "tailwindcss": "^4.0.0",
     "tsx": "^4.0.0",
-    "typescript": "^5.7.0",
+    "typescript": "^6.0.2",
     "vitest": "^4.1.2"
   }
 }

package/template/playwright.config.ts CHANGED Viewed

@@ -23,16 +23,13 @@ export default defineConfig({
     trace: 'on-first-retry',
     screenshot: 'only-on-failure',
   },
-  projects: [
-    {
-      name: 'chromium',
-      use: { ...devices['Desktop Chrome'] },
-    },
-    {
-      name: 'mobile',
-      use: { ...devices['iPhone 14'] },
-    },
-  ],
+  // CI (`template-e2e`) installs Chromium only — match that here so dogfood/automation does not fail on WebKit.
+  projects: process.env.CI
+    ? [{ name: 'chromium', use: { ...devices['Desktop Chrome'] } }]
+    : [
+        { name: 'chromium', use: { ...devices['Desktop Chrome'] } },
+        { name: 'mobile', use: { ...devices['iPhone 14'] } },
+      ],
   webServer:
     process.env.E2E_USE_CI_SERVER === '1'
       ? {

package/template/scripts/playwright-web-server.mjs CHANGED Viewed

@@ -10,7 +10,8 @@ import { fileURLToPath } from 'node:url';
 const ROOT = resolve(dirname(fileURLToPath(import.meta.url)), '..');
-const child = spawn('sh', ['-c', 'node scripts/ensure-db.mjs && yarn dev'], {
+/** Match CI `start-e2e-server.mjs`: seed so smoke tests find `user@example.com` without a manual `db:seed`. */
+const child = spawn('sh', ['-c', 'node scripts/ensure-db.mjs && npx prisma db seed && yarn dev'], {
   cwd: ROOT,
   stdio: 'inherit',
   shell: false,

package/template/scripts/seed.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { PrismaClient } from '../prisma/generated/prisma/client.js';
+import { PrismaClient } from '@db';
 import { PrismaPg } from '@prisma/adapter-pg';
 import { hashPassword } from '@mars-stack/core/auth/password-hash';

package/template/src/app/(protected)/settings/page.tsx CHANGED Viewed

@@ -35,8 +35,9 @@ function parseUserAgent(ua: string | null): string {
 }
 export default function Settings() {
-  const { getCSRFHeaders } = useCSRFContext();
+  const { getCSRFHeaders, csrfToken, isLoading: csrfLoading } = useCSRFContext();
   const { user, isLoading: authLoading, updateUser } = useAuth();
+  const csrfReady = !csrfLoading && csrfToken !== null;
   const [name, setName] = useState('');
   const [nameInitialized, setNameInitialized] = useState(false);
@@ -77,10 +78,12 @@ export default function Settings() {
     }
   }, [user, fetchSessions]);
-  if (!nameInitialized && user?.name) {
-    setName(user.name);
-    setNameInitialized(true);
-  }
+  useEffect(() => {
+    if (!nameInitialized && user?.name) {
+      setName(user.name);
+      setNameInitialized(true);
+    }
+  }, [nameInitialized, user?.name]);
   if (authLoading) {
     return (
@@ -96,6 +99,7 @@ export default function Settings() {
   async function handleNameSubmit(event: FormEvent<HTMLFormElement>) {
     event.preventDefault();
+    if (!csrfReady) return;
     setNameStatus(null);
     setNameSaving(true);
@@ -124,6 +128,7 @@ export default function Settings() {
   }
   async function handleRevokeSession(sessionId: string) {
+    if (!csrfReady) return;
     setRevokingId(sessionId);
     setSessionsStatus(null);
     try {
@@ -147,6 +152,7 @@ export default function Settings() {
   }
   async function handleRevokeAllSessions() {
+    if (!csrfReady) return;
     setRevokingAll(true);
     setSessionsStatus(null);
     try {
@@ -171,6 +177,7 @@ export default function Settings() {
   async function handlePasswordSubmit(event: FormEvent<HTMLFormElement>) {
     event.preventDefault();
+    if (!csrfReady) return;
     setPasswordStatus(null);
     if (newPassword !== confirmPassword) {
@@ -236,7 +243,11 @@ export default function Settings() {
               </p>
             )}
-            <Button type="submit" loading={nameSaving} disabled={!name.trim()}>
+            <Button
+              type="submit"
+              loading={nameSaving}
+              disabled={!name.trim() || !csrfReady}
+            >
               Save Name
             </Button>
           </form>
@@ -299,7 +310,9 @@ export default function Settings() {
             <Button
               type="submit"
               loading={passwordSaving}
-              disabled={!currentPassword || !newPassword || !confirmPassword}
+              disabled={
+                !currentPassword || !newPassword || !confirmPassword || !csrfReady
+              }
             >
               Change Password
             </Button>
@@ -314,6 +327,7 @@ export default function Settings() {
                 variant="subtle"
                 size="sm"
                 loading={revokingAll}
+                disabled={!csrfReady}
                 onClick={handleRevokeAllSessions}
               >
                 Revoke All
@@ -359,6 +373,7 @@ export default function Settings() {
                     variant="subtle"
                     size="sm"
                     loading={revokingId === session.id}
+                    disabled={!csrfReady}
                     onClick={() => handleRevokeSession(session.id)}
                   >
                     Revoke

package/template/src/app/api/csrf/route.test.ts CHANGED Viewed

@@ -1,11 +1,13 @@
 // @vitest-environment node
 import { describe, it, expect, vi, beforeEach } from 'vitest';
-const { mockRequireCSRFToken } = vi.hoisted(() => ({
+const { mockRequireCSRFToken, mockGetSession } = vi.hoisted(() => ({
   mockRequireCSRFToken: vi.fn(),
+  mockGetSession: vi.fn(),
 }));
 vi.mock('@/lib/mars', () => ({
+  getSession: mockGetSession,
   requireCSRFToken: mockRequireCSRFToken,
 }));
@@ -14,6 +16,7 @@ import { GET } from './route';
 describe('GET /api/csrf', () => {
   beforeEach(() => {
     vi.clearAllMocks();
+    mockGetSession.mockResolvedValueOnce(null);
   });
   it('returns token and csrfToken with the same value', async () => {

package/template/src/app/api/csrf/route.ts CHANGED Viewed

@@ -1,9 +1,10 @@
-import { requireCSRFToken } from '@/lib/mars';
+import { getSession, requireCSRFToken } from '@/lib/mars';
 import { NextResponse } from 'next/server';
 export async function GET() {
   try {
-    const token = await requireCSRFToken();
+    const session = await getSession();
+    const token = await requireCSRFToken(session?.fingerprint);
     return NextResponse.json({ token, csrfToken: token }, { status: 200 });
   } catch (error) {
     console.error('CSRF token generation error:', error);