feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring#1482
Open
BilalG1 wants to merge 47 commits into
Open
feat(hexclave): PR 3 — native @hexclave/* source rename + delete dual-publish wiring#1482BilalG1 wants to merge 47 commits into
BilalG1 wants to merge 47 commits into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
Important Review skippedToo many files! This PR contains 300 files, which is 150 over the limit of 150. To get a review, narrow the scope: ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (300)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
No issues found across 1005 files
Partial review: This PR has more than 50 files, so cubic reviewed the highest-priority files first. During the trial, paid plans get a higher file limit.
You can try an ultrareview to bypass the file limit, comment @cubic-dev-ai ultrareview. Learn more.
Re-trigger cubic
Rebased onto dev after PR 1475 (cl/hexclave-pr1) was squash-merged. Squashes the original 46-commit branch (including PR1-duplicate commits that arrived via cherry-picks/merges) into a single commit containing only PR2's net delta over dev. Original PR 1481 head: 94872de (kept locally at backup/cl-romantic-mendel-5a2c25-pre-rebase)
BilalG1
force-pushed
the
cl/romantic-mendel-5a2c25
branch
from
94872de to
d4f6f58
Compare
Source rename across the monorepo. Every publishable package now ships
under its @hexclave/* name natively, no rewrite-at-publish indirection.
Workflow + tooling:
- Delete scripts/rewrite-packages-to-hexclave.ts (one-shot mirror).
- Remove the mirror-publish block from .github/workflows/npm-publish.yaml.
The remaining `pnpm publish -r` step publishes @hexclave/* natively.
- Flip the auto-bump changeset target from @stackframe/stack to
@hexclave/next so 'Update package versions on dev' keeps working.
- Delete packages/template/src/internal/deprecation-warning.ts and its
imports — @hexclave/* never warns about itself, and after PR 3 no
@stackframe/* artifact is ever built from source again.
Package renames (publishable):
@stackframe/react → @hexclave/react
@stackframe/stack → @hexclave/next
@stackframe/js → @hexclave/js
@stackframe/stack-shared → @hexclave/shared
@stackframe/stack-ui → @hexclave/ui
@stackframe/stack-sc → @hexclave/sc
@stackframe/stack-cli → @hexclave/cli
@stackframe/tanstack-start → @hexclave/tanstack-start
@stackframe/dashboard-ui-components → @hexclave/dashboard-ui-components
Internal monorepo packages (private, never published) also renamed for
brand consistency: backend, dashboard, docs, mcp, skills, e2e-tests,
example apps, the swift-sdk, the monorepo root, etc. Cost is mechanical;
payoff is no stray @stackframe/* names left under apps/, examples/, sdks/.
Carve-outs intentionally kept under their legacy names:
- @stackframe/emails — virtual module imported by customer-stored email
templates; the renderer in apps/backend/src/lib/email-rendering.tsx
dual-aliases both names to the same backing module indefinitely.
- @stackframe/template — internal codegen source, never published; per
docs-mintlify/migration.mdx 'internal packages keep names'.
- @stackframe/init-stack — deprecated; now marked private: true so the
last published version on npm continues to serve old install commands
but the workspace stops publishing it.
Backward-compat detection (so projects still on the last @stackframe/*
release keep working):
- packages/stack-shared/src/config-rendering.ts — CONFIG_IMPORT_PACKAGES
table includes both @hexclave/* (canonical, first match wins) and
legacy @stackframe/* names. Function renamed
detectStackframeImportPackage → detectConfigImportPackage.
- apps/dashboard/src/lib/github-config-push.ts — import detection regex
now matches both @hexclave/<name> and @stackframe/<name>, hexclave
preferred.
Versions: every renamed package reset to 1.0.0 in source. The repo's
existing 'bump versions before merging to main' flow will move them to
1.0.1 on the first publish run, so the dual-publish 1.0.0 from PR 2 is
not overwritten.
Other touch-ups discovered during sweep:
- Root package.json: 'fern' script filter was @stackframe/docs (legacy
typo, never resolved) → @hexclave/docs.
- README.md contributor note: @stackframe/XYZ → @hexclave/XYZ.
- packages/stack-cli/package.json: register `hexclave` bin alongside
the legacy `stack` bin so `npx @hexclave/cli init` works on the
natively-published artifact (PR 1481's rewrite script did this at
publish time; now it's in source).
- packages/template/package-template.json: per-platform names + version
flipped to hexclave + 1.0.0 to stay in sync with generated package.json.
- docs/package.json (legacy fumadocs folder, otherwise carved out of the
brand sweep): workspace deps and name updated minimally so `pnpm
install` resolves — content (MDX) intentionally untouched per the
PR 2 scoping decision.
Carve-out files (skipped entirely by the sweep, intentional history):
- docs-mintlify/migration.mdx — teaches the rename, references both.
- RENAME-TO-HEXCLAVE.md — planning doc, references both indefinitely.
- legacy docs/ folder — content untouched per PR 2 carve-out.
generate-sdks regenerated packages/{react,stack,js} from template.
pnpm-lock.yaml regenerated. Typecheck green on stack-shared, stack, js,
react. Dashboard typecheck has pre-existing 'X is of type unknown'
errors that need to be investigated separately (likely a local
node_modules build state issue, not source).
Six fixes from the four parallel reviewers on the rename PR: 1. **Backend .well-known/ routes** — the sweep's directory walker had a bug that skipped every dot-prefixed dir (intended to exclude .git / .turbo / etc.), which also caught Next.js .well-known/ route folders. Two route handlers under apps/backend/.well-known/ still imported @stackframe/stack-shared/dist/* — flipped to @hexclave/shared/dist/*. 2. **Legacy docs/ folder excluded from workspace** — docs/ is the legacy fumadocs site, no longer maintained (replaced by docs-mintlify/). Per user direction, kept on disk for migration reference but dropped from pnpm-workspace.yaml so it no longer gates install / typecheck / lint. This is the right call given the typecheck failures in docs/src/ from the sweep carve-out were never going to be fixed. 3. **Root package.json scripts** — removed every `--filter=@hexclave/docs` reference now that docs/ isn't in the workspace: build:docs (rerouted to @hexclave/docs-mintlify), dev / dev:tui / dev:docs (dropped the filter), and the dead 'fern' script (was @hexclave/docs-only). 4. **build:demo filter** — fixed pre-existing bug where the script filtered package name 'demo-app', but the package is '@hexclave/example-demo-app'. Never resolved before, fixed now. 5. **github-config-push.test.ts legacy fallback** — the sweep flipped the test 'preserves the existing @stackframe/* import package…' from @stackframe/react to @hexclave/react, which made it a duplicate of the test above it and eliminated all coverage of the legacy regex branch in detectImportPackage. Renamed the modified test to reflect what it now tests, and added a new parallel test that feeds an @stackframe/react import and asserts the legacy import is preserved on output. Both branches of the dual-name regex are now covered. 6. **examples/react-example version** — the only package the sweep missed for the 1.0.0 version reset (unscoped name 'react-example' wasn't in the rename map). Bumped 2.8.103 → 1.0.0 for consistency. Verification on a clean install: - `pnpm install --frozen-lockfile` — clean (only pre-existing @vercel/mcp-adapter bin warnings). - `pnpm typecheck` — 28/28 tasks green across the whole workspace. - `pnpm lint` — 28/28 tasks green. Reviewers flagged but I did NOT change (out of scope or non-actionable): - npm-publish.yaml GH Environment name still says 'hexclave/stack-auth' — env names are managed in repo settings, not in YAML; cosmetic. - RENAME-TO-HEXCLAVE.md references the deleted rewrite script — it's a planning doc / historical record, leaving as-is. - code-examples and migration.mdx user-facing references to @stackframe/* — these are documentation that teaches the rename, by design they mention both names.
Three small fixes from the parallel reviewers on PR 3: 1. **tanstack-start-demo vite SSR regex** — examples/tanstack-start-demo/ vite.config.ts:76 had `noExternal: [/^@StackFrame\//, ...]`. The regex was missed by the source rename sweep because it's a regex pattern, not a string literal. After the rename no @stackframe/* package exists in the workspace, so the regex matched nothing and workspace deps (`@hexclave/tanstack-start`, `@hexclave/shared`, `@hexclave/ui`) stopped being inlined for SSR. Without inlining, the Nitro server hits ERR_REQUIRE_ESM on first request because the CJS bundles import ESM-only transitive deps (jose, oauth4webapi). Flipped to /^@hexclave\// to match the renamed packages. 2. **docs.json footer GitHub link** — pointed at hexclave/stack (404, no such repo). The navbar at line 34 already uses hexclave/hexclave per the plan, so aligned the footer to match. 3. **README cleanups**: - Alt text 'Stack Logo' → 'Hexclave Logo' on the header image. - Removed broken /docs/next prefix on the setup-guide link (the actual docs structure is /getting-started/setup, no /docs/next). - contrib.rocks image now points at hexclave/hexclave (was the old stack-auth/stack URL). What I did NOT touch (out of PR 3 scope, surfaced separately for a follow-up doc-pedagogy PR): - 14+ docs-mintlify pages teaching STACK_* env vars instead of HEXCLAVE_* (works via dual-read, but contradicts migration.mdx's 'new code should use HEXCLAVE_*' recommendation). - REST API code samples teaching X-Stack-* headers instead of X-Hexclave-* (works via dual-accept proxy). - docs-mintlify/sdk/objects/stack-app.mdx broken in-page anchors (#stackclientapp etc. — body headings renamed in PR 2 but anchor IDs weren't updated). - MCP server name inconsistency (`stack-auth` in init-prompt.ts vs `hexclave` in dashboard setup-page). - The `ask_stack_auth` MCP tool was removed despite RENAME-TO-HEXCLAVE.md saying it should stay registered as a compat alias indefinitely. - AI prompts (apps/backend/src/lib/ai/prompts.ts, apps/skills/) still teach legacy header / env-var names in generated code examples. All of those are PR 2 pedagogy carry-over, not introduced by this PR, and work functionally via the dual-read/dual-accept compat layers PR 1 + PR 2 put in place. They're documentation polish, not bugs that block PR 3 shipping.
apps/e2e/tests/js/auth-like.test.ts:68 asserts clientApp.version matches `^js @stackframe/js@…`, but the build-time sentinel is stamped from packages/js/package.json's `name` field (configs/tsdown/plugins.ts:10), which PR 3 renamed @stackframe/js → @hexclave/js. Post-rename the sentinel is `js @hexclave/js@1.0.0` (or 1.0.1 after auto-bump), so the old regex fails. Caught by a follow-up reviewer pass — the published-artifact sentinel is the most direct observable that's affected by a source-name rename, and this is the one e2e test that asserts on it directly.
…ertionError suffix The HexclaveAssertionError disclaimer was simplified from "...error in Hexclave (formerly Stack Auth)." to "...error in Hexclave." but the inline snapshots in url-targets and redirect-urls tests still expected the longer text. Updates the template source-of-truth; SDK mirrors regenerate via the preinstall generate-sdks hook.
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
There was a problem hiding this comment.
Additional Suggestions:
- Multiple stale imports from @stackframe/stack-shared instead of @hexclave/shared in docs app
- Documentation code examples still reference outdated @StackFrame package names instead of @hexclave, misleading users about correct packages to install
…erCache Result.or returns T | U synchronously, so awaiting it tripped @typescript-eslint/await-thenable and @typescript-eslint/return-await in the generated packages/stack and packages/react SDKs.
…mple apps PR 1481's sweep missed four user-visible spots in the examples/ tree: - examples/demo: page title 'Stack Demo' + description 'using Stack...' - examples/docs-examples: page title 'Stack Demo' + description 'using Stack...' - examples/tanstack-start-demo: 'Stack TanStack Demo' link text in header - examples/middleware: description 'A demo of Stack\'s middleware capabilities.' (title was already flipped; only the description was missed)
The MDX content was flipped to Hexclave in PR 1481, but the URL slug itself (/guides/other/tutorials/build-a-saas-with-stack-auth) was still public-facing. Rename the file and update the five internal links: - docs.json navigation reference - 3 in-MDX cross-links in build-a-team-based-app.mdx - 2 in-MDX cross-links in ship-production-ready-auth.mdx
PR 1481 carved out binary visual assets pending design work, but we now have the Hexclave brand mark from PR 1493 (the neon-gradient benzene ring) and a full wordmark variant. Swap them in everywhere the dashboard, docs site, and example demo rendered the Stack Auth logo. Icon-only variant (PR 1493's hexclave-icon.svg, neon-gradient benzene mark) replaces: - apps/dashboard/public/logo.svg + logo-bright.svg - examples/demo/public/logo.svg + logo-bright.svg Full wordmark variant (benzene mark + 'Hexclave' text in Jersey 10) replaces: - apps/dashboard/public/logo-full.svg (black text — light mode) - apps/dashboard/public/logo-full-bright.svg (white text — dark mode) - docs-mintlify/images/logo-light.svg (black text) - docs-mintlify/images/logo-dark.svg (white text) The benzene mark uses a colored gradient that reads on both light and dark backgrounds, so logo.svg and logo-bright.svg now share identical content — the dark-mode SmartImage swap in logo.tsx is effectively a no-op but the file pair is preserved to avoid touching the component API. Same applies to examples/demo. Also drop the 'dark:invert' className on examples/demo's <Image> — the new gradient mark should not be color-inverted on dark backgrounds (it already reads correctly on both).
Three favicon.ico files and the dashboard's open-graph-image.png are
regenerated from the canonical Hexclave benzene-mark SVG committed in
the previous logo-swap commit (apps/dashboard/public/logo.svg).
Favicons (all three: dashboard, dev-launchpad, docs-mintlify) bundle
16x16, 32x32, and 48x48 PNG-encoded variants — 32bpp RGBA for crisp
rendering on retina + dark-mode tab strips. dev-launchpad's old icon
was a 4bpp 16x16 single-frame; it now matches the other two.
OG image is 1200x630 with a centered 360px gradient benzene mark on a
dark canvas with a subtle radial glow. No wordmark — Jersey 10 isn't
available at rasterize time and the mark alone reads cleanly on the
standard OG card preview area in Slack / Twitter / LinkedIn.
The dashboard layout's openGraph.images metadata points at
${apiUrl}/open-graph-image.png — the backend deploy needs to serve
this file from the same path so social previews actually resolve.
Tracked separately as ops work.
## Summary Adds a one-time informational modal that announces the **Stack Auth → Hexclave** rebrand to existing logged-in dashboard users. Brand-new users signing up after the cutoff already land on a fully Hexclave-branded experience and don't see the modal — they have no "Stack Auth" mental model to update. Stacked on top of **PR #1481** (the visible-rebrand flip).  ## What's in here - **Component**: [`apps/dashboard/src/components/hexclave-rebrand-modal.tsx`](https://github.com/hexclave/stack-auth/blob/cl/hexclave-rebrand-modal/apps/dashboard/src/components/hexclave-rebrand-modal.tsx) — the modal itself plus the static `RebrandIllustration` (Stack Auth mark → arrow → Hexclave benzene mark). - **Mount**: [`apps/dashboard/src/app/(main)/(protected)/layout-client.tsx`](https://github.com/hexclave/stack-auth/blob/cl/hexclave-rebrand-modal/apps/dashboard/src/app/(main)/(protected)/layout-client.tsx) — single `<HexclaveRebrandModal />` inside `ConfigUpdateDialogProvider` so it covers every authenticated dashboard route. - **Asset**: `apps/dashboard/public/hexclave-icon.svg` — the benzene-ring mark pulled from `https://hexclave.com/icon.svg` (the canonical Hexclave brand mark). Stack Auth side uses the existing `/logo.svg` + `/logo-bright.svg` (dark mode variant). ## Targeting Three independent conditions must all hold for the modal to render: 1. **Logged-in user** — `useUser({ or: "return-null" })` opts out of the sign-in redirect so guests are silently skipped. 2. **`user.signedUpAt < REBRAND_CUTOFF`** where `REBRAND_CUTOFF = 2026-05-27T00:00:00Z`. This is the cleanest "pre-rebrand user" signal — more accurate than cookie inspection (the existing `stack-is-https` hint cookie gets dual-written for new and returning users alike since [`packages/template/src/lib/cookie.ts:201`](https://github.com/hexclave/stack-auth/blob/cl/hexclave-rebrand-modal/packages/template/src/lib/cookie.ts#L201), so it can't distinguish), and it follows the same user across browsers/devices. 3. **No `hexclave-rebrand-modal-dismissed=true` in localStorage**. Any dismissal path (Got it button, X, overlay click, Escape) routes through `onOpenChange` and writes this flag, so the modal never re-opens for that browser. ## Behavior verification End-to-end checked against a live dev dashboard: - ✅ Modal opens once on first authenticated dashboard view for a pre-cutoff user. - ✅ `localStorage["hexclave-rebrand-modal-dismissed"]` flips to `"true"` on any dismissal path. - ✅ Reload after dismissal: zero `[role=dialog]` elements rendered, localStorage flag persists. - ✅ Not rendered for guests (no useUser → early `return null`, no auth-redirect). - ✅ Not rendered for users with `signedUpAt >= REBRAND_CUTOFF`. - ✅ SSR-safe: hooks into `useEffect` to read storage post-hydration; `try/catch` around storage access so private-mode / sandboxed iframes degrade silently. - ✅ `pnpm --filter @stackframe/dashboard lint` clean. ## Notes - **`pnpm typecheck`** was not run as part of this change because the dashboard typecheck depends on `codegen-prisma` against a live DB (pre-existing infra debt noted in PR #1481). Lint covers the type-shape of the touched files via the project's strict TS-aware ESLint rules. - **Migration link** points to [`docs.hexclave.com/migration`](https://docs.hexclave.com/migration), the same URL referenced from [`packages/template/src/internal/deprecation-warning.ts:36`](https://github.com/hexclave/stack-auth/blob/cl/hexclave-rebrand-modal/packages/template/src/internal/deprecation-warning.ts#L36) — single source of truth for the migration story. - **No animation** by design — the modal is static; entry/exit uses the existing Radix Dialog fade. <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Adds a one-time modal in the dashboard to announce the Stack Auth → Hexclave rebrand for pre-rebrand users. It shows once per account per browser, inlines the import-rename step, links the migration guide, and doesn’t show for new signups or in dev/preview environments. - **New Features** - Shows only for logged-in users with `signedUpAt < '2026-05-27T00:00:00Z'`; guests, post-cutoff signups, and local emulator/remote dev/preview never see it. - Dismissal persists via `localStorage["hexclave-rebrand-modal-dismissed:<user.id>"]="true"`; all close paths set the flag. - Mounted in the protected dashboard layout so it covers all authenticated routes once per account per browser. - Includes illustration (`/logo.svg` → arrow → `/hexclave-icon.svg`) and links to app.hexclave.com and the migration guide; copy tells users to rename `@stackframe/*` to `@hexclave/*` (`@stackframe/stack` → `@hexclave/next`). <sup>Written for commit 92c07f2. Summary will update on new commits. <a href="https://cubic.dev/pr/hexclave/stack-auth/pull/1493?utm_source=github">Review in cubic</a></sup> <!-- End of auto-generated description by cubic. -->
…cl/hexclave-pr3 # Conflicts: # .github/workflows/npm-publish.yaml
Removes the data migration that renamed the internal Project row's displayName/description from 'Stack Dashboard' to 'Hexclave Dashboard'. Fresh installs still get the new name via seed.ts; existing deployments will keep the old strings until renamed by hand or in a later PR.
The rebrand modal was added on the rebrand-modal branch (PR #1493) and still imported useUser from the pre-rename package name @stackframe/stack. After this branch's source rename to @hexclave/*, that package no longer exists in the workspace, causing the dashboard Turbopack build to fail with 'Module not found: Can't resolve @stackframe/stack' and aborting the E2E job.
# Conflicts: # README.md # RENAME-TO-HEXCLAVE.md # apps/backend/package.json # apps/backend/src/app/api/latest/integrations/idp.ts # apps/dashboard/package.json # apps/dashboard/src/components/hexclave-rebrand-modal.tsx # apps/dashboard/src/lib/apps-frontend.tsx # apps/dev-launchpad/package.json # apps/e2e/package.json # apps/mcp/package.json # apps/mock-oauth-server/package.json # apps/skills/package.json # docs-mintlify/docs.json # examples/cjs-test/package.json # examples/convex/package.json # examples/demo/package.json # examples/docs-examples/package.json # examples/e-commerce/package.json # examples/js-example/package.json # examples/lovable-react-18-example/package.json # examples/middleware/package.json # examples/react-example/package.json # examples/supabase/package.json # examples/tanstack-start-demo/package.json # examples/tanstack-start-demo/src/routes/index.tsx # packages/dashboard-ui-components/package.json # packages/init-stack/package.json # packages/js/package.json # packages/react/package.json # packages/stack-cli/package.json # packages/stack-cli/src/commands/fix.ts # packages/stack-sc/package.json # packages/stack-shared/package.json # packages/stack-ui/package.json # packages/stack/package.json # packages/tanstack-start/package.json # packages/template/package-template.json # packages/template/package.json # packages/template/src/index.ts # packages/template/src/lib/stack-app/apps/implementations/common.ts # packages/template/src/lib/stack-app/index.ts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stacked on #1481 (
cl/romantic-mendel-5a2c25, PR 2's visible rebrand). Diff vs that base = ~1000 files of mechanical source rename + deletion of the dual-publish indirection.This is PR 3 of the Stack Auth → Hexclave rebrand: native source rename. PR 2 added the rewrite-at-publish-time mechanism that re-published every
@stackframe/*artifact as a@hexclave/*mirror on each push tomain. PR 3 makes Hexclave the canonical source identity — every publishable package is renamed in source,scripts/rewrite-packages-to-hexclave.tsis deleted, the workflow's mirror-publish block is gone, and the deprecation-warning runtime is removed (no@stackframe/*artifact is ever built from source again).Cutover ordering
PR 3 is intentionally landed after the first publish triggered by PR 2's mirror flow:
mainpublishes@stackframe/*@<bumped>(carrying the deprecation warning) AND@hexclave/*@1.0.0(the one-shot mirror, version hardcoded in PR 2's workflow).Update package versions on devpre-merge bump moves source from1.0.0→1.0.1, so the first push tomainafter this lands publishes@hexclave/*@1.0.1natively (no collision with PR 2's@hexclave/*@1.0.0).@stackframe/*is frozen at its final warning version on npm; only@hexclave/*is published.What's implemented (per the plan's PR 3 scope)
Package renames
The 9 publishable packages, native source rename:
@stackframe/react@hexclave/react@stackframe/stack@hexclave/next@stackframe/js@hexclave/js@stackframe/stack-shared@hexclave/shared@stackframe/stack-ui@hexclave/ui@stackframe/stack-sc@hexclave/sc@stackframe/stack-cli@hexclave/cli@stackframe/tanstack-start@hexclave/tanstack-start@stackframe/dashboard-ui-components@hexclave/dashboard-ui-componentsInternal monorepo packages (
backend,dashboard,mcp,skills,e2e-tests,swift-sdk, all examples, the monorepo root, etc.) also renamed to@hexclave/*for brand consistency. All private, never published — cost is purely mechanical, payoff is no stray@stackframe/*names left inapps/,examples/,sdks/.Deleted
scripts/rewrite-packages-to-hexclave.ts(~200 lines) — no longer needed; source packages publish natively.packages/template/src/internal/deprecation-warning.ts+ its import sites inpackages/template/src/index.tsand generated SDKs (~60 lines) — no@stackframe/*artifact is ever built from source again, so the runtime warning has nothing to detect..github/workflows/npm-publish.yaml(~30 lines):Checkout main for Hexclave mirror rewrite,Rewrite package names to @hexclave/*,Publish @hexclave/* mirror packages. The remainingPublish packagesstep publishes@hexclave/*natively."@stackframe/stack": patchto"@hexclave/next": patch.Versions reset to 1.0.0
Every renamed publishable package + the kept-name
@stackframe/template+@stackframe/init-stackreset to1.0.0. The existingUpdate package versions on devpre-merge bump moves them to1.0.1on first run — that's the first natively-published Hexclave version, sequenced after PR 2's mirror-published1.0.0.Carve-outs (deliberately kept under their legacy names)
@stackframe/emails— virtual module imported by customer-stored email templates. The renderer at apps/backend/src/lib/email-rendering.tsx:89 dual-aliases both@stackframe/emailsand@hexclave/emailsto the same backing module — old stored templates keep rendering indefinitely. ~47 references in e2e test fixtures (embedded TSX-as-string) preserved as-is.@stackframe/template— internal codegen source inpackages/template/. Never published. Per docs-mintlify/migration.mdx, "internal packages keep names."@stackframe/init-stack— deprecated; nowprivate: truein packages/init-stack/package.json so the workspace stops publishing it. The last@stackframe/init-stack@<last>on npm continues to serve any stalenpx @stackframe/init-stack@latestcalls.Backward-compat detection (so projects pinned to the last legacy release keep working)
CONFIG_IMPORT_PACKAGEStable lists@hexclave/*first (canonical, wins on tie) then@stackframe/*legacy. Function renameddetectStackframeImportPackage→detectConfigImportPackage. Vitest cases cover priority ordering, hexclave-preferred, legacy-only fallback.detectImportPackageregex matches both scopes, hexclave preferred. Test coverage for both branches in github-config-push.test.ts.includes("@stackframe/") && includes("@hexclave/")checks preserved; correctly detect when neither scope is present so the wizard can scaffold fresh files.Hexclave CLI bin alias
packages/stack-cli/package.json declares both
hexclaveandstackbins natively in source. PR 2's rewrite script added this at publish time; PR 3 bakes it in.Legacy
docs/folder excluded from workspacedocs/is the legacy fumadocs site, no longer maintained — replaced bydocs-mintlify/. Dropped frompnpm-workspace.yamlso it no longer gates install / typecheck / lint. Folder kept on disk for migration reference. Root scripts that filtered@hexclave/docs(build:docs,dev,dev:tui,dev:docs,fern) rerouted to@hexclave/docs-mintlifyor dropped.Multi-agent diff review
Four parallel reviewers (package/deps integrity, source-level rename correctness, workflow/CI/scripts, e2e tests + fixtures) audited the diff. Six actionable findings, all addressed:
.well-known/routes still on@stackframe/stack-shared/dist/*— original sweep's dir walker had a bug that skipped dot-prefixed dirs (intended to exclude.git/.turbo); also caught Next.js's.well-known/. Fixed.docs/src/had 25 unresolved imports breaking@hexclave/docstypecheck — fixed by removing legacydocs/from workspace per direction.github-config-push.test.tslegacy-fallback test was silently de-tested by the sweep — fixed by renaming the modified test and adding a new parallel case exercising the legacy regex branch.examples/react-example/package.jsonversion still2.8.103(sweep missed unscoped name) — bumped to1.0.0.build:demofilter targeted nonexistentdemo-app(pre-existing bug) — fixed to@hexclave/example-demo-app....--filter=@hexclave/docsreferences in root scripts after Backend design doc #2 — rerouted to@hexclave/docs-mintlify.Verification
pnpm install --frozen-lockfile— clean.pnpm typecheck— 28/28 tasks green across the whole workspace.pnpm lint— 28/28 tasks green.839d6fe86.Diff stats
~1000 files, mostly mechanical. The non-mechanical surface fits in:
docs/workspace removal.Test plan
@hexclave/*@1.0.0on first push to main, verify the pre-merge bump moves PR 3's source from1.0.0→1.0.1.@hexclave/*@1.0.1natively (no rewrite step). Spot-check:npm view @hexclave/next@1.0.1.@stackframe/*@<new>ever publishes again — the workflow's firstPublish packagesstep is now the only one, and it publishes the renamed source.npx @hexclave/cli@1.0.1 initworks on the natively-published artifact (no longer depends on the rewrite script's dist-rewrite of cross-package require() specifiers).@stackframe/stack@<final>release with config importingimport type { StackConfig } from "@stackframe/stack"— the dashboard's GitHub config-push flow preserves that legacy import on re-render (covered by the new test case).Summary by cubic
Renamed all publishable packages to the
@hexclave/*scope and removed the dual‑publish mirror so we build and publish natively as Hexclave. Updated imports, CI/workflows (including qemu), docs, and tests to match.Refactors
@hexclave/*and updated workspaces/imports;apps/backendis now@hexclave/backend.scripts/rewrite-packages-to-hexclave.ts; auto‑bump now targets@hexclave/next.1.0.0(first native publish is1.0.1); carve‑outs kept:@stackframe/emails,@stackframe/template,@stackframe/init-stack(private).hexclaveCLI bin; switched CI/build filters (including qemu emulator build) to@hexclave/*.docs/from the workspace.Bug Fixes
noExternalregex/^@hexclave\//; fixed leftover@stackframe/*imports in Next.js.well-known/routes; corrected demo build filters.clientApp.versionsentinel (@hexclave/js), CLI doctor import regex, and legacy import fallback test.@hexclave/nextto fix Turbopack build.Written for commit 0e8aa52. Summary will update on new commits. Review in cubic