npm - create-githat-app - Versions diffs - 1.8.2 → 1.8.5 - Mend

create-githat-app 1.8.2 → 1.8.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/cli.js CHANGED Viewed

@@ -21,7 +21,7 @@ var DEPS = {
       next: "^16.0.0",
       react: "^19.0.0",
       "react-dom": "^19.0.0",
-      "@githat/nextjs": "^0.12.0",
+      "@githat/nextjs": "^0.13.0",
       "@githat/ui": "^1.0.0"
     },
     devDependencies: {
@@ -36,7 +36,7 @@ var DEPS = {
       react: "^19.0.0",
       "react-dom": "^19.0.0",
       "react-router-dom": "^7.0.0",
-      "@githat/nextjs": "^0.12.0",
+      "@githat/nextjs": "^0.13.0",
       "@githat/ui": "^1.0.0"
     },
     devDependencies: {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "create-githat-app",
-  "version": "1.8.2",
+  "version": "1.8.5",
   "description": "GitHat CLI — scaffold apps and manage the skills marketplace",
   "type": "module",
   "bin": {

package/templates/agent/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/agent/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/base/README.md.hbs CHANGED Viewed

@@ -100,6 +100,43 @@ const domains = await list();      // includes verificationStatus
 Once verified, links in emails point to `https://{{domain}}/reset-password?token=…`
 — users never see githat.io.
+## Two-factor authentication
+Users can enable TOTP-based 2FA at `/account/security` (the page is
+scaffolded for you). After enrollment, sign-in flows automatically
+gate behind a 6-digit code from any authenticator app (1Password,
+Authy, Google Authenticator, etc.). Recovery codes are generated
+once at enrollment for account recovery.
+`<SignInForm/>` and `<MfaChallenge/>` from `@githat/nextjs` handle
+the entire flow end-to-end — no integration code needed.
+## Magic-link sign-in (passwordless)
+`<SignInForm/>` exposes a "Use a magic link instead" toggle. Users
+type their email, get a one-time link, and sign in without a password.
+The route at `/sign-in/magic` is scaffolded for you and renders
+`<MagicLinkVerify/>`, which handles the token verification and
+MFA-challenge handoff automatically.
+Magic-link emails ship from the same per-app branded sender as
+password-reset emails (verify your domain at `/account/security`
+or via `useEmailDomains()` to upgrade from `auth@githat.io` to
+`auth@yourdomain`).
+## Passkey sign-in (Face ID, Touch ID, hardware keys)
+`<SignInForm/>` automatically shows a passkey button when the
+browser supports WebAuthn. Users can register a passkey from
+`/account/security` (in `<MfaManager/>`'s "Your passkeys" section).
+Once registered, sign-in is one click + biometric — no email,
+no password, no codes.
+Passkeys are origin-bound to your domain — they only work on
+your site, never elsewhere, even if a user has the same passkey
+"saved" in their password manager. This is the correct security
+model.
 ## Learn More
 - [GitHat Documentation](https://githat.io/docs)

package/templates/base/githat/dashboard/layout.tsx.hbs CHANGED Viewed

@@ -24,6 +24,7 @@ const navItems = [
 {{#if includeAgentModule}}
   { label: 'AI Agents', href: '/dashboard/agents' },
 {{/if}}
+  { label: 'Security', href: '/account/security' },
 ];
 export function DashboardLayout({ children }{{#if typescript}}: { children: React.ReactNode }{{/if}}) {

package/templates/classroom/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/classroom/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/content/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/content/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/dashboard/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/dashboard/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/marketplace/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/marketplace/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/nextjs/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/nextjs/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/plain/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/plain/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/portfolio/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/portfolio/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/saas/app/(auth)/sign-in/magic/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,11 @@
+'use client';
+import { Suspense } from 'react';
+import { MagicLinkVerify } from '@githat/nextjs';
+export default function MagicLinkPage() {
+  return (
+    <Suspense fallback={null}>
+      <MagicLinkVerify />
+    </Suspense>
+  );
+}

package/templates/saas/app/account/security/page.tsx.hbs ADDED Viewed

@@ -0,0 +1,32 @@
+'use client';
+import { MfaManager } from '@githat/nextjs';
+/**
+ * /account/security — TOTP 2FA management for {{businessName}}.
+ *
+ * The <MfaManager/> component reads the current user's mfaEnabled flag
+ * and renders either an "Enable 2FA" CTA or the disable / regenerate-
+ * recovery-codes controls. All flows are gated behind the GitHat API
+ * (api.githat.io) — no integration code lives in this scaffold.
+ */
+export default function SecurityPage() {
+  return (
+    <main
+      style=\{{
+        maxWidth: '640px',
+        margin: '0 auto',
+        padding: 'var(--space-8, 2rem) var(--space-4, 1rem)',
+        color: 'var(--fg, #111)',
+      }}
+    >
+      <header style=\{{ marginBottom: '1.5rem' }}>
+        <h1 style=\{{ fontSize: '1.875rem', fontWeight: 700, margin: 0 }}>Security</h1>
+        <p style=\{{ color: 'var(--fg-muted, #666)', marginTop: '0.25rem' }}>
+          Manage two-factor authentication for your {{businessName}} account.
+        </p>
+      </header>
+      <MfaManager />
+    </main>
+  );
+}

package/templates/saas/app/admin/page.tsx.hbs CHANGED Viewed

@@ -49,9 +49,10 @@ export default function AdminPage() {
           gridTemplateColumns: 'repeat(auto-fit, minmax(220px, 1fr))',
           gap: 'var(--space-3)',
         }}>
-          <AdminLink href="/admin/team"     title="Team"     hint="Invite members, set roles" />
-          <AdminLink href="/admin/billing"  title="Billing"  hint="Subscription, invoices, payment method" />
-          <AdminLink href="/admin/settings" title="Settings" hint="Org name, custom domain, branding" />
+          <AdminLink href="/admin/team"      title="Team"     hint="Invite members, set roles" />
+          <AdminLink href="/admin/billing"   title="Billing"  hint="Subscription, invoices, payment method" />
+          <AdminLink href="/admin/settings"  title="Settings" hint="Org name, custom domain, branding" />
+          <AdminLink href="/account/security" title="Security" hint="Two-factor auth, recovery codes" />
         </nav>
       </div>
     </div>