Complete migration to Clerk from NextAuth.js#3
Conversation
Co-authored-by: adam <adam@medreport.ai>
WalkthroughThis change completes a comprehensive migration from NextAuth.js to Clerk for authentication, session, and security management across the application. All NextAuth.js code, configuration, and dependencies were removed. Clerk is now fully integrated, with updated authentication hooks, middleware, session handling, documentation, environment variables, and deployment templates. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant UI
participant ClerkSDK
participant ClerkDashboard
participant AppAPI
User->>UI: Initiate login (email/password, OAuth, SSO, magic link)
UI->>ClerkSDK: Call useSignIn / useAuth hook
ClerkSDK->>ClerkDashboard: Authenticate user & manage session
ClerkDashboard-->>ClerkSDK: Return user/org/session info
ClerkSDK-->>UI: Provide session/user/org context
UI->>AppAPI: Make authenticated API request with Clerk session
AppAPI->>ClerkDashboard: Validate session via Clerk middleware
ClerkDashboard-->>AppAPI: Return user/org context for authorization
AppAPI-->>UI: Respond with protected resource/data
Possibly related PRs
Poem
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
npm error Exit handler never called! ✨ Finishing Touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
|
Looks like there are a few issues preventing this PR from being merged!
If you'd like me to help, just leave a comment, like
Feel free to include any additional details that might help me get this PR into a better state. You can manage your notification settings |
There was a problem hiding this comment.
Actionable comments posted: 19
🔭 Outside diff range comments (2)
components/shared/shell/Header.tsx (1)
3-30:Loadingcomponent imported but never displayedCI flags the unused import. Either remove it or render it while the session is loading:
- if (status === 'loading' || !data) { - return null; - } + if (status === 'loading' || !data) { + return <Loading />; + }This keeps the UX responsive and satisfies ESLint.
components/auth/MagicLink.tsx (1)
15-17: Remove unusedcsrfTokenparameter.The
csrfTokenparameter is no longer needed with Clerk authentication and should be removed to clean up the interface.-interface MagicLinkProps { - csrfToken: string | undefined; -} - -const MagicLink = ({ csrfToken }: MagicLinkProps) => { +const MagicLink = () => {
🧹 Nitpick comments (6)
pages/api/auth/reset-password.ts (1)
6-6: Remove unused import.The
envimport is not used anywhere in the file and should be removed to clean up the code.-import env from '@/lib/env';components/team/Members.tsx (1)
3-3: Resolve global name shadowing issue.The
Errorimport shadows the globalErrorconstructor, which can cause confusion. Consider renaming this import to avoid conflicts.import { - Error, + ErrorMessage, LetterAvatar, Loading, } from '@/components/shared';Then update the usage on line 43:
- return <Error message={isError.message} />; + return <ErrorMessage message={isError.message} />;hooks/useSession.ts (1)
38-42: Consider providing a more helpful update function.The current
updatefunction only logs a warning and returnsnull, which may confuse developers expecting NextAuth-style session updates. Consider either removing it entirely or providing a more helpful implementation.- // Update function for compatibility - Clerk automatically syncs user data - const update = async () => { - console.warn('Session update is not supported. User data is automatically synced.'); - return null; - }; + // Update function for compatibility - Clerk automatically syncs user data + const update = async () => { + if (process.env.NODE_ENV === 'development') { + console.warn('Session update is not needed with Clerk. User data syncs automatically.'); + } + // Return current session data to maintain compatibility + return { data, status }; + };.do/deploy.template.yaml (1)
12-14: Minor: quote interpolation braces to avoid unintended templatingLines referencing
${saas-starter-kit-db.DATABASE_URL}work for DO App-Spec, but quoting them makes the YAML safer when processed by other tooling.- value: ${saas-starter-kit-db.DATABASE_URL} + value: "${saas-starter-kit-db.DATABASE_URL}"Also applies to: 34-39
.cursor/rules/auth-security.mdc (2)
50-64: Example still implies bespoke session helpers instead of Clerk SDKThe snippet uses
getCurrentUserWithTeamand session checks reminiscent of the old NextAuth flow.
Since Clerk exposesauth()/currentUserhelpers, consider updating the example to:import { auth } from "@clerk/nextjs/server" const { userId, orgId } = auth() if (!userId) { return res.status(401).json({ error: "Unauthorized" }) } await throwIfNoTeamAccess(orgId, teamId) await throwIfNotAllowed(userId, "team_webhook", "create")Keeps documentation consistent with the new runtime.
6-13: Broken inline link:mdc:middleware.tsThe custom
mdc:scheme won’t render on GitHub/MD; switch to a relative path (../middleware.ts) or fully qualify the URL so readers can follow it outside Cursor.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (44)
.cursor/rules/auth-security.mdc(1 hunks).cursor/rules/project-overview.mdc(1 hunks).cursor/rules/testing-patterns.mdc(1 hunks).do/deploy.template.yaml(1 hunks).github/workflows/main.yml(2 hunks)CLAUDE.md(3 hunks)CLERK_MIGRATION_GUIDE.md(0 hunks)MIGRATION_COMPLETE.md(1 hunks)README.md(4 hunks)app.json(1 hunks)components/account/ManageSessions.tsx(4 hunks)components/account/UpdateName.tsx(3 hunks)components/auth/GithubButton.tsx(1 hunks)components/auth/GoogleButton.tsx(1 hunks)components/auth/MagicLink.tsx(4 hunks)components/shared/TeamDropdown.tsx(1 hunks)components/shared/shell/AppShell.tsx(2 hunks)components/shared/shell/Header.tsx(2 hunks)components/team/Members.tsx(2 hunks)docs/authentication.md(1 hunks)hooks/auth.ts(1 hunks)hooks/useAuth.ts(1 hunks)hooks/useCustomSignout.ts(1 hunks)hooks/useSession.ts(1 hunks)lib/auth.ts(2 hunks)lib/clerk.ts(0 hunks)lib/env.ts(1 hunks)lib/nextAuth.ts(0 hunks)lib/session.ts(1 hunks)package.json(0 hunks)pages/_app.tsx(2 hunks)pages/api/auth/[...nextauth].ts(0 hunks)pages/api/auth/custom-signout.ts(0 hunks)pages/api/auth/reset-password.ts(1 hunks)pages/api/password.ts(1 hunks)pages/api/sessions/index.ts(1 hunks)pages/auth/idp-login.tsx(2 hunks)pages/auth/sso/index.tsx(3 hunks)pages/invitations/[token].tsx(1 hunks)pages/settings/security.tsx(1 hunks)pages/teams/switch.tsx(1 hunks)tsconfig.json(1 hunks)types/next-auth.d.ts(0 hunks)types/next.ts(1 hunks)
💤 Files with no reviewable changes (7)
- lib/clerk.ts
- package.json
- pages/api/auth/[...nextauth].ts
- types/next-auth.d.ts
- CLERK_MIGRATION_GUIDE.md
- pages/api/auth/custom-signout.ts
- lib/nextAuth.ts
🧰 Additional context used
📓 Path-based instructions (24)
`components/**/*`: React UI components are organized by feature in `/components`...
components/**/*: React UI components are organized by feature in/componentsand shared components in/components/shared
Tailwind CSS with DaisyUI is used for styling UI components
📄 Source: CodeRabbit Inference Engine (CLAUDE.md)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxcomponents/shared/shell/Header.tsxcomponents/auth/GithubButton.tsxcomponents/auth/GoogleButton.tsxcomponents/team/Members.tsxcomponents/shared/shell/AppShell.tsxcomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`components/**/*.{js,jsx,ts,tsx}`: Use `useTranslation` hook from react-i18next for translations Images are optimized using Next.js Image component
components/**/*.{js,jsx,ts,tsx}: UseuseTranslationhook from react-i18next for translations
Images are optimized using Next.js Image component
📄 Source: CodeRabbit Inference Engine (CLAUDE.md)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxcomponents/shared/shell/Header.tsxcomponents/auth/GithubButton.tsxcomponents/auth/GoogleButton.tsxcomponents/team/Members.tsxcomponents/shared/shell/AppShell.tsxcomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`**/*.{ts,tsx}`: TypeScript is used throughout the codebase with strict mode ena...
**/*.{ts,tsx}: TypeScript is used throughout the codebase with strict mode enabled
Path aliases are configured for@/lib/*and@/components/*
Zod is used for runtime validation
Yup is used for form validation with Formik
📄 Source: CodeRabbit Inference Engine (CLAUDE.md)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxpages/invitations/[token].tsxcomponents/shared/shell/Header.tsxpages/teams/switch.tsxpages/api/auth/reset-password.tspages/api/password.tspages/_app.tsxpages/auth/idp-login.tsxcomponents/auth/GithubButton.tsxhooks/auth.tspages/api/sessions/index.tscomponents/auth/GoogleButton.tsxhooks/useSession.tscomponents/team/Members.tsxpages/auth/sso/index.tsxcomponents/shared/shell/AppShell.tsxhooks/useCustomSignout.tslib/auth.tspages/settings/security.tsxlib/env.tshooks/useAuth.tslib/session.tstypes/next.tscomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`components/**/*.{ts,tsx}`: UI components that enforce RBAC should use the AccessControl wrapper.
components/**/*.{ts,tsx}: UI components that enforce RBAC should use the AccessControl wrapper.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/auth-security.mdc)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxcomponents/shared/shell/Header.tsxcomponents/auth/GithubButton.tsxcomponents/auth/GoogleButton.tsxcomponents/team/Members.tsxcomponents/shared/shell/AppShell.tsxcomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`{components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts}`: Use TypeScript for all components and hooks Use SWR for data fetching in components and hooks
{components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts}: Use TypeScript for all components and hooks
Use SWR for data fetching in components and hooks
📄 Source: CodeRabbit Inference Engine (.cursor/rules/frontend-patterns.mdc)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxpages/invitations/[token].tsxcomponents/shared/shell/Header.tsxpages/teams/switch.tsxpages/_app.tsxpages/auth/idp-login.tsxcomponents/auth/GithubButton.tsxhooks/auth.tscomponents/auth/GoogleButton.tsxhooks/useSession.tscomponents/team/Members.tsxpages/auth/sso/index.tsxcomponents/shared/shell/AppShell.tsxhooks/useCustomSignout.tspages/settings/security.tsxhooks/useAuth.tscomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`components/**`: Colocate related components in feature folders within the components/ directory
components/**: Colocate related components in feature folders within the components/ directory
📄 Source: CodeRabbit Inference Engine (.cursor/rules/frontend-patterns.mdc)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxcomponents/shared/shell/Header.tsxcomponents/auth/GithubButton.tsxcomponents/auth/GoogleButton.tsxcomponents/team/Members.tsxcomponents/shared/shell/AppShell.tsxcomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`{components/**/*.tsx,pages/**/*.tsx}`: Handle loading and error states consiste...
{components/**/*.tsx,pages/**/*.tsx}: Handle loading and error states consistently using the WithLoadingAndError wrapper
Use semantic HTML elements
Add aria-labels for accessibility
Memoize expensive computations with useMemo
Avoid inline styles - use Tailwind CSS utility classes
Use Tailwind CSS utility classes for styling
Use DaisyUI components for UI elements
Support dark mode using Tailwind's dark: classes
Implement responsive design using Tailwind's responsive utility classes
Use Formik for form handling and Yup for validation in forms
Use the useTranslation hook from next-i18next for internationalization
Use the AccessControl component for permission-based rendering
Use react-hot-toast for toast notifications
📄 Source: CodeRabbit Inference Engine (.cursor/rules/frontend-patterns.mdc)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxpages/invitations/[token].tsxcomponents/shared/shell/Header.tsxpages/teams/switch.tsxpages/_app.tsxpages/auth/idp-login.tsxcomponents/auth/GithubButton.tsxcomponents/auth/GoogleButton.tsxcomponents/team/Members.tsxpages/auth/sso/index.tsxcomponents/shared/shell/AppShell.tsxpages/settings/security.tsxcomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`{pages,components,lib,models,hooks,types}/**/*.{ts,tsx}`: Use TypeScript for all source code files
{pages,components,lib,models,hooks,types}/**/*.{ts,tsx}: Use TypeScript for all source code files
📄 Source: CodeRabbit Inference Engine (.cursor/rules/project-overview.mdc)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxpages/invitations/[token].tsxcomponents/shared/shell/Header.tsxpages/teams/switch.tsxpages/api/auth/reset-password.tspages/api/password.tspages/_app.tsxpages/auth/idp-login.tsxcomponents/auth/GithubButton.tsxhooks/auth.tspages/api/sessions/index.tscomponents/auth/GoogleButton.tsxhooks/useSession.tscomponents/team/Members.tsxpages/auth/sso/index.tsxcomponents/shared/shell/AppShell.tsxhooks/useCustomSignout.tslib/auth.tspages/settings/security.tsxlib/env.tshooks/useAuth.tslib/session.tstypes/next.tscomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`components/**/*`: React components should be organized by feature within the `components/` directory
components/**/*: React components should be organized by feature within thecomponents/directory
📄 Source: CodeRabbit Inference Engine (.cursor/rules/project-overview.mdc)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxcomponents/shared/shell/Header.tsxcomponents/auth/GithubButton.tsxcomponents/auth/GoogleButton.tsxcomponents/team/Members.tsxcomponents/shared/shell/AppShell.tsxcomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`{components,pages}/**/*.tsx`: The `frontend-patterns.mdc` rule establishes Reac...
{components,pages}/**/*.tsx: Thefrontend-patterns.mdcrule establishes React and frontend development patterns, including component patterns, styling conventions, form handling, data fetching, custom hooks, and UI best practices, and is automatically applied when working on React components (components/**/*.tsx,pages/**/*.tsx) and hooks.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/README.md)
List of files the instruction was applied to:
components/shared/TeamDropdown.tsxpages/invitations/[token].tsxcomponents/shared/shell/Header.tsxpages/teams/switch.tsxpages/_app.tsxpages/auth/idp-login.tsxcomponents/auth/GithubButton.tsxcomponents/auth/GoogleButton.tsxcomponents/team/Members.tsxpages/auth/sso/index.tsxcomponents/shared/shell/AppShell.tsxpages/settings/security.tsxcomponents/auth/MagicLink.tsxcomponents/account/ManageSessions.tsxcomponents/account/UpdateName.tsx
`pages/**/*.{ts,tsx}`: Protected pages must require authentication and validate team membership for team-specific routes.
pages/**/*.{ts,tsx}: Protected pages must require authentication and validate team membership for team-specific routes.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/auth-security.mdc)
List of files the instruction was applied to:
pages/invitations/[token].tsxpages/teams/switch.tsxpages/api/auth/reset-password.tspages/api/password.tspages/_app.tsxpages/auth/idp-login.tsxpages/api/sessions/index.tspages/auth/sso/index.tsxpages/settings/security.tsx
`pages/api/**/*`: Next.js API routes are located in `pages/api/` directory Protected API routes use authentication guards
pages/api/**/*: Next.js API routes are located inpages/api/directory
Protected API routes use authentication guards
📄 Source: CodeRabbit Inference Engine (CLAUDE.md)
List of files the instruction was applied to:
pages/api/auth/reset-password.tspages/api/password.tspages/api/sessions/index.ts
`pages/api/**/*.ts`: All API routes must follow Next.js conventions in the pages...
pages/api/**/*.ts: All API routes must follow Next.js conventions in the pages/api/ directory, organizing endpoints by resource (e.g., auth/, teams/[slug]/, users.ts, sessions/, webhooks/).
API responses must use the standard format: success responses as { data: ... }, error responses as { error: { message: ... } }, empty success as {}, and delete success with status 204 and no body.
API route handlers must use the provided request handler pattern: async default export, try/catch for error handling, method switch, and consistent error responses.
Always validate request data using Zod schemas in API routes.
Perform session checks, team access checks, and permission checks in API routes as appropriate, using getSession, throwIfNoTeamAccess, and throwIfNotAllowed.
Use the custom ApiError class for consistent error responses in API routes.
Use Prisma only through model abstractions in the models/ directory; do not use direct Prisma client calls in API routes.
Never expose sensitive data in API responses; always use select to exclude sensitive fields.
Check feature flags before exposing endpoints in API routes.
Implement rate limiting in API routes as needed.
Perform audit logging for sensitive operations in API routes.
Record metrics for important operations in API routes using recordMetric.
Use common utilities such as extractAuthToken, generateToken, validateEmail, slugify, and forceConsume in API routes as appropriate.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/api-patterns.mdc)
List of files the instruction was applied to:
pages/api/auth/reset-password.tspages/api/password.tspages/api/sessions/index.ts
`pages/{api/auth,auth}/**/*.{ts,tsx}`: Protect login, signup, and password reset forms with reCAPTCHA, configured via RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY.
pages/{api/auth,auth}/**/*.{ts,tsx}: Protect login, signup, and password reset forms with reCAPTCHA, configured via RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/auth-security.mdc)
List of files the instruction was applied to:
pages/api/auth/reset-password.tspages/auth/idp-login.tsxpages/auth/sso/index.tsx
`pages/api/**/*.{ts,tsx}`: API routes must check for authenticated sessions and ...
pages/api/**/*.{ts,tsx}: API routes must check for authenticated sessions and appropriate permissions before allowing access.
Never return sensitive data (passwords, API keys) in API responses.
Use validateWithSchema for input validation with Zod.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/auth-security.mdc)
List of files the instruction was applied to:
pages/api/auth/reset-password.tspages/api/password.tspages/api/sessions/index.ts
`pages/api/**/*.{js,ts}`: RESTful endpoints should be implemented in the `pages/api/` directory following Next.js conventions
pages/api/**/*.{js,ts}: RESTful endpoints should be implemented in thepages/api/directory following Next.js conventions
📄 Source: CodeRabbit Inference Engine (.cursor/rules/project-overview.mdc)
List of files the instruction was applied to:
pages/api/auth/reset-password.tspages/api/password.tspages/api/sessions/index.ts
`pages/api/**/*.ts`: The `api-patterns.mdc` rule defines API development pattern...
pages/api/**/*.ts: Theapi-patterns.mdcrule defines API development patterns and conventions, including API route structure, response formats, request handlers, validation patterns, error handling, and security practices, and is automatically applied when working on files inpages/api/**/*.ts.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/README.md)
List of files the instruction was applied to:
pages/api/auth/reset-password.tspages/api/password.tspages/api/sessions/index.ts
`hooks/**/*`: Custom hooks for data operations are placed in `/hooks` directory
hooks/**/*: Custom hooks for data operations are placed in/hooksdirectory
📄 Source: CodeRabbit Inference Engine (CLAUDE.md)
List of files the instruction was applied to:
hooks/auth.tshooks/useSession.tshooks/useCustomSignout.tshooks/useAuth.ts
`hooks/**/*.ts`: Extract reusable logic into custom hooks
hooks/**/*.ts: Extract reusable logic into custom hooks
📄 Source: CodeRabbit Inference Engine (.cursor/rules/frontend-patterns.mdc)
List of files the instruction was applied to:
hooks/auth.tshooks/useSession.tshooks/useCustomSignout.tshooks/useAuth.ts
`hooks/**/*`: Custom React hooks should be placed in the `hooks/` directory
hooks/**/*: Custom React hooks should be placed in thehooks/directory
📄 Source: CodeRabbit Inference Engine (.cursor/rules/project-overview.mdc)
List of files the instruction was applied to:
hooks/auth.tshooks/useSession.tshooks/useCustomSignout.tshooks/useAuth.ts
`lib/auth.ts`: Enforce password policies in lib/auth.ts: minimum 8 characters (c...
lib/auth.ts: Enforce password policies in lib/auth.ts: minimum 8 characters (configurable), maximum 70 characters, validated on signup and password reset.
Hash passwords with bcrypt using 12 rounds.
Generate secure tokens with crypto.randomBytes.
Clear all sessions on password reset.
Validate email domains for business emails only (optional).
Optional email verification must block login until email is verified and provide resend verification email functionality.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/auth-security.mdc)
List of files the instruction was applied to:
lib/auth.ts
`{lib,prisma}/**/*.ts`: Use prepared statements via Prisma to prevent SQL injection.
{lib,prisma}/**/*.ts: Use prepared statements via Prisma to prevent SQL injection.
📄 Source: CodeRabbit Inference Engine (.cursor/rules/auth-security.mdc)
List of files the instruction was applied to:
lib/auth.tslib/env.tslib/session.ts
`lib/env.ts`: Define environment variables and configuration in `lib/env.ts`
lib/env.ts: Define environment variables and configuration inlib/env.ts
📄 Source: CodeRabbit Inference Engine (.cursor/rules/project-overview.mdc)
List of files the instruction was applied to:
lib/env.ts
`types/**/*`: TypeScript type definitions should be placed in the `types/` directory
types/**/*: TypeScript type definitions should be placed in thetypes/directory
📄 Source: CodeRabbit Inference Engine (.cursor/rules/project-overview.mdc)
List of files the instruction was applied to:
types/next.ts
🧠 Learnings (38)
📓 Common learnings
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Default session duration should be 14 days.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Session tokens must be stored in secure HTTP-only cookies.
components/shared/TeamDropdown.tsx (14)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Default session duration should be 14 days.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooks
pages/invitations/[token].tsx (12)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
components/shared/shell/Header.tsx (19)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use the WithLoadingAndError wrapper for loading and error states
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use the WithLoadingAndError wrapper for loading and error states
pages/teams/switch.tsx (12)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/**/*.{ts,tsx} : Protected pages must require authentication and validate team membership for team-specific routes.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
pages/api/auth/reset-password.ts (11)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Clear all sessions on password reset.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Enforce password policies in lib/auth.ts: minimum 8 characters (configurable), maximum 70 characters, validated on signup and password reset.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/accountLock.ts : Implement account lockout logic in lib/accountLock.ts, including configurable max login attempts (default 5), unlock email with verification token, and clearing attempts on successful login.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: Applies to models/**/*.ts : Use generateToken(), slugify(), hashPassword(), verifyPassword() utilities for their respective purposes
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:59.981Z
Learning: Applies to models/**/*.ts : Use generateToken(), slugify(), hashPassword(), and verifyPassword() utilities for their respective purposes
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : Use common utilities such as extractAuthToken, generateToken, validateEmail, slugify, and forceConsume in API routes as appropriate.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : Perform session checks, team access checks, and permission checks in API routes as appropriate, using getSession, throwIfNoTeamAccess, and throwIfNotAllowed.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Optional email verification must block login until email is verified and provide resend verification email functionality.
.cursor/rules/project-overview.mdc (13)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `project-overview.mdc` rule provides a high-level overview of the entire project, including tech stack, key features, project structure, environment configuration, and development workflow, and is always applied to every AI interaction.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Always apply the rules from `project-overview.mdc` to every AI interaction, as it provides a high-level overview of the entire project including tech stack, key features, project structure, environment configuration, and development workflow.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: The app uses PostgreSQL with Prisma ORM; key models include User, Team, TeamMember, Invitation, ApiKey, Subscription/Price/Service
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : All API routes must follow Next.js conventions in the pages/api/ directory, organizing endpoints by resource (e.g., auth/, teams/[slug]/, users.ts, sessions/, webhooks/).
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to pages/api/**/*.{js,ts} : RESTful endpoints should be implemented in the `pages/api/` directory following Next.js conventions
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to **/*.{ts,tsx} : TypeScript is used throughout the codebase with strict mode enabled
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to pages/api/**/*.{js,ts,jsx,tsx} : RESTful endpoints in `pages/api/` must follow Next.js conventions
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
pages/api/password.ts (18)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Clear all sessions on password reset.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:59.981Z
Learning: Applies to models/**/*.ts : Use generateToken(), slugify(), hashPassword(), and verifyPassword() utilities for their respective purposes
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: Applies to models/**/*.ts : Use generateToken(), slugify(), hashPassword(), verifyPassword() utilities for their respective purposes
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Enforce password policies in lib/auth.ts: minimum 8 characters (configurable), maximum 70 characters, validated on signup and password reset.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : Never return sensitive data (passwords, API keys) in API responses.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : Use common utilities such as extractAuthToken, generateToken, validateEmail, slugify, and forceConsume in API routes as appropriate.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/accountLock.ts : Implement account lockout logic in lib/accountLock.ts, including configurable max login attempts (default 5), unlock email with verification token, and clearing attempts on successful login.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : All API routes must follow Next.js conventions in the pages/api/ directory, organizing endpoints by resource (e.g., auth/, teams/[slug]/, users.ts, sessions/, webhooks/).
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Session tokens must be stored in secure HTTP-only cookies.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to pages/api/**/* : Next.js API routes are located in `pages/api/` directory
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to pages/api/**/*.{js,ts,jsx,tsx} : RESTful endpoints in `pages/api/` must follow Next.js conventions
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : API route handlers must use the provided request handler pattern: async default export, try/catch for error handling, method switch, and consistent error responses.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Hash passwords with bcrypt using 12 rounds.
tsconfig.json (14)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to **/*.{ts,tsx} : Path aliases are configured for `@/lib/*` and `@/components/*`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:59.981Z
Learning: Applies to models/**/*.ts : Use include in Prisma queries only when necessary
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to **/*.{ts,tsx} : TypeScript is used throughout the codebase with strict mode enabled
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to **/{__tests__,tests}/**/*.{spec,test}.ts : Mock modules (e.g., Prisma, NextAuth) in unit test files using jest.mock
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to {pages,components,lib,models,hooks,types}/**/*.{ts,tsx} : Use TypeScript for all source code files
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to {pages,components,lib,models,hooks,types}/**/*.{ts,tsx} : Use TypeScript for all source code files
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:59.981Z
Learning: Applies to models/**/*.ts : Always use model files in models/ instead of direct Prisma client usage
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: Applies to models/**/*.ts : Always use model files in models/ instead of direct Prisma client usage
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to types/**/* : TypeScript type definitions must be placed in the `types/` directory
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to types/**/* : TypeScript type definitions should be placed in the `types/` directory
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Applies to **/*.{spec,test}.ts : Automatically apply the rules from `testing-patterns.mdc` when working on test files (`*.spec.ts`, `*.test.ts`), covering unit testing with Jest, E2E testing with Playwright, page object patterns, test fixtures, and debugging tips.
pages/_app.tsx (24)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use react-hot-toast for toast notifications
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use the AccessControl component for permission-based rendering
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Avoid inline styles; use Tailwind CSS utility classes for styling
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to next.config.js : Security headers are configured in `next.config.js`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the AccessControl component for permission-based rendering
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use Tailwind CSS utility classes for styling
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Support dark mode in component styling
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use react-hot-toast for toast notifications
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use react-hot-toast for toast notifications
pages/auth/idp-login.tsx (14)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooks
components/auth/GithubButton.tsx (14)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use react-hot-toast for toast notifications
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use react-hot-toast for toast notifications
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
hooks/auth.ts (13)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to hooks/**/* : Custom React hooks should be placed in the `hooks/` directory
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : Use common utilities such as extractAuthToken, generateToken, validateEmail, slugify, and forceConsume in API routes as appropriate.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
pages/api/sessions/index.ts (13)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Session tokens must be stored in secure HTTP-only cookies.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Clear all sessions on password reset.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Default session duration should be 14 days.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : Perform session checks, team access checks, and permission checks in API routes as appropriate, using getSession, throwIfNoTeamAccess, and throwIfNotAllowed.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : Use common utilities such as extractAuthToken, generateToken, validateEmail, slugify, and forceConsume in API routes as appropriate.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : API route handlers must use the provided request handler pattern: async default export, try/catch for error handling, method switch, and consistent error responses.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : All API routes must follow Next.js conventions in the pages/api/ directory, organizing endpoints by resource (e.g., auth/, teams/[slug]/, users.ts, sessions/, webhooks/).
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to pages/api/**/* : Next.js API routes are located in `pages/api/` directory
components/auth/GoogleButton.tsx (12)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use react-hot-toast for toast notifications
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
MIGRATION_COMPLETE.md (5)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
hooks/useSession.ts (12)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Default session duration should be 14 days.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
components/team/Members.tsx (20)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/**/*.{ts,tsx} : Protected pages must require authentication and validate team membership for team-specific routes.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to components/**/*.{ts,tsx} : UI components that enforce RBAC should use the AccessControl wrapper.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use the AccessControl component for permission-based rendering
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/* : React UI components are organized by feature in `/components` and shared components in `/components/shared`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the AccessControl component for permission-based rendering
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use the WithLoadingAndError wrapper for loading and error states
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use react-hot-toast for toast notifications
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use react-hot-toast for toast notifications
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use the AccessControl component for permission-based rendering
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/permissions.ts : Define permissions and roles (OWNER, ADMIN, MEMBER) in lib/permissions.ts for the RBAC system.
.cursor/rules/testing-patterns.mdc (16)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to **/{__tests__,tests}/**/*.{spec,test}.ts : Mock modules (e.g., Prisma, NextAuth) in unit test files using jest.mock
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to tests/e2e/**/*.ts : Mock external services (e.g., Stripe, email) in E2E tests
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: Applies to **/*.{spec,test}.ts : The `testing-patterns.mdc` rule outlines testing conventions and patterns, including unit testing with Jest, E2E testing with Playwright, page object patterns, test fixtures, and debugging tips, and is automatically applied when working on test files (`*.spec.ts`, `*.test.ts`).
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Applies to **/*.{spec,test}.ts : Automatically apply the rules from `testing-patterns.mdc` when working on test files (`*.spec.ts`, `*.test.ts`), covering unit testing with Jest, E2E testing with Playwright, page object patterns, test fixtures, and debugging tips.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to **/{__tests__,tests}/**/*.{spec,test}.ts : Unit tests must use Jest and Testing Library as the testing stack
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to **/{__tests__,tests}/**/*.{spec,test}.ts : Use Jest assertions in unit test files
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Test user interactions with Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Test user interactions with Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to tests/**/*.e2e.{ts,tsx} : End-to-end (E2E) tests must be written using Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to tests/e2e/**/*.ts : E2E tests must use Playwright as the testing stack
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to tests/e2e/**/*.ts : Use Playwright assertions in E2E test files
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to tests/**/*.e2e.{ts,tsx} : End-to-end (E2E) tests should be written using Playwright and placed in the `tests/` directory
pages/auth/sso/index.tsx (15)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to lib/jackson/**/* : SAML SSO integration logic is placed in `/lib/jackson`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Optional email verification must block login until email is verified and provide resend verification email functionality.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/**/*.{ts,tsx} : Protected pages must require authentication and validate team membership for team-specific routes.
.github/workflows/main.yml (14)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: The app uses PostgreSQL with Prisma ORM; key models include User, Team, TeamMember, Invitation, ApiKey, Subscription/Price/Service
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to tests/**/*.e2e.{ts,tsx} : End-to-end (E2E) tests should be written using Playwright and placed in the `tests/` directory
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Run unit tests with `npm run test` and E2E tests with `npm run test:e2e`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to tests/**/*.e2e.{ts,tsx} : End-to-end (E2E) tests must be written using Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to tests/e2e/**/*.ts : E2E tests must use Playwright as the testing stack
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Test user interactions with Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Test user interactions with Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to tests/e2e/**/*.ts : Use Playwright assertions in E2E test files
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to tests/e2e/**/* : E2E tests are placed in `/tests/e2e` directory
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Tests run automatically on pull requests via CI
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to **/{__tests__,tests}/**/*.{spec,test}.ts : Unit tests must use Jest and Testing Library as the testing stack
components/shared/shell/AppShell.tsx (21)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use the WithLoadingAndError wrapper for loading and error states
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use the WithLoadingAndError wrapper for loading and error states
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use the AccessControl component for permission-based rendering
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the AccessControl component for permission-based rendering
hooks/useCustomSignout.ts (2)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
lib/auth.ts (13)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Enforce password policies in lib/auth.ts: minimum 8 characters (configurable), maximum 70 characters, validated on signup and password reset.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Hash passwords with bcrypt using 12 rounds.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Generate secure tokens with crypto.randomBytes.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:59.981Z
Learning: Applies to models/**/*.ts : Use generateToken(), slugify(), hashPassword(), and verifyPassword() utilities for their respective purposes
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: Applies to models/**/*.ts : Use generateToken(), slugify(), hashPassword(), verifyPassword() utilities for their respective purposes
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/env.ts : Define environment variables and configuration in `lib/env.ts`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to lib/env.ts : Define environment variables in `lib/env.ts`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Optional email verification must block login until email is verified and provide resend verification email functionality.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/accountLock.ts : Implement account lockout logic in lib/accountLock.ts, including configurable max login attempts (default 5), unlock email with verification token, and clearing attempts on successful login.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : Use common utilities such as extractAuthToken, generateToken, validateEmail, slugify, and forceConsume in API routes as appropriate.
pages/settings/security.tsx (12)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to next.config.js : Security headers are configured in `next.config.js`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
lib/env.ts (12)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/env.ts : Define environment variables and configuration in `lib/env.ts`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to lib/env.ts : Define environment variables in `lib/env.ts`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Default session duration should be 14 days.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Session tokens must be stored in secure HTTP-only cookies.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to **/*.{ts,tsx} : Path aliases are configured for `@/lib/*` and `@/components/*`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to next.config.js : Security headers are configured in `next.config.js`
hooks/useAuth.ts (11)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
lib/session.ts (8)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : Perform session checks, team access checks, and permission checks in API routes as appropriate, using getSession, throwIfNoTeamAccess, and throwIfNotAllowed.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Default session duration should be 14 days.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Clear all sessions on password reset.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Session tokens must be stored in secure HTTP-only cookies.
types/next.ts (14)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : All API routes must follow Next.js conventions in the pages/api/ directory, organizing endpoints by resource (e.g., auth/, teams/[slug]/, users.ts, sessions/, webhooks/).
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to pages/api/**/*.{js,ts,jsx,tsx} : RESTful endpoints in `pages/api/` must follow Next.js conventions
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/**/*.{ts,tsx} : Protected pages must require authentication and validate team membership for team-specific routes.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use the AccessControl component for permission-based rendering
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapper
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the AccessControl component for permission-based rendering
components/auth/MagicLink.tsx (19)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use next-i18next's useTranslation hook for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to components/**/*.{js,jsx,ts,tsx} : Use `useTranslation` hook from react-i18next for translations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Extract reusable logic into custom hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use TypeScript for all components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Applies to {components,pages}/**/*.tsx : Automatically apply the rules from `frontend-patterns.mdc` when working on React components (`components/**/*.tsx`, `pages/**/*.tsx`) and hooks, including component patterns, styling conventions, form handling, data fetching, custom hooks, and UI best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Optional email verification must block login until email is verified and provide resend verification email functionality.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/accountLock.ts : Implement account lockout logic in lib/accountLock.ts, including configurable max login attempts (default 5), unlock email with verification token, and clearing attempts on successful login.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to **/*.{ts,tsx} : Yup is used for form validation with Formik
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/{api/auth,auth}/**/*.{ts,tsx} : Protect login, signup, and password reset forms with reCAPTCHA, configured via RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY.
docs/authentication.md (7)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/{api/auth,auth}/**/*.{ts,tsx} : Protect login, signup, and password reset forms with reCAPTCHA, configured via RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY.
app.json (4)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/env.ts : Define environment variables and configuration in `lib/env.ts`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to lib/env.ts : Define environment variables in `lib/env.ts`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: The app uses PostgreSQL with Prisma ORM; key models include User, Team, TeamMember, Invitation, ApiKey, Subscription/Price/Service
components/account/ManageSessions.tsx (15)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Default session duration should be 14 days.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/auth.ts : Clear all sessions on password reset.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Session tokens must be stored in secure HTTP-only cookies.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to hooks/**/*.ts : Use SWR for data fetching in components and hooks
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use react-hot-toast for toast notifications
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use react-hot-toast for toast notifications
CLAUDE.md (14)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Run unit tests with `npm run test` and E2E tests with `npm run test:e2e`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: The app uses PostgreSQL with Prisma ORM; key models include User, Team, TeamMember, Invitation, ApiKey, Subscription/Price/Service
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/**/*.{ts,tsx} : Protected pages must require authentication and validate team membership for team-specific routes.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to pages/api/**/* : Next.js API routes are located in `pages/api/` directory
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/api-patterns.mdc:0-0
Timestamp: 2025-07-03T07:38:24.757Z
Learning: Applies to pages/api/**/*.ts : All API routes must follow Next.js conventions in the pages/api/ directory, organizing endpoints by resource (e.g., auth/, teams/[slug]/, users.ts, sessions/, webhooks/).
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to pages/api/{teams,users,invitations}/**/* : RESTful endpoints for teams, users, invitations are implemented in `pages/api/`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/{api/auth,auth}/**/*.{ts,tsx} : Protect login, signup, and password reset forms with reCAPTCHA, configured via RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to pages/api/**/*.{js,ts} : RESTful endpoints should be implemented in the `pages/api/` directory following Next.js conventions
.cursor/rules/auth-security.mdc (13)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: Applies to prisma/schema.prisma : The `database-patterns.mdc` rule documents database and Prisma usage patterns, including schema overview, Prisma best practices, query optimization, security patterns, migrations, and performance tips, and is automatically applied when working on Prisma schema or model files.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/{api/auth,auth}/**/*.{ts,tsx} : Protect login, signup, and password reset forms with reCAPTCHA, configured via RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/accountLock.ts : Implement account lockout logic in lib/accountLock.ts, including configurable max login attempts (default 5), unlock email with verification token, and clearing attempts on successful login.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: Applies to pages/api/**/*.ts : The `api-patterns.mdc` rule defines API development patterns and conventions, including API route structure, response formats, request handlers, validation patterns, error handling, and security practices, and is automatically applied when working on files in `pages/api/**/*.ts`.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/**/*.{ts,tsx} : Protected pages must require authentication and validate team membership for team-specific routes.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Session tokens must be stored in secure HTTP-only cookies.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : Never return sensitive data (passwords, API keys) in API responses.
components/account/UpdateName.tsx (12)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to **/*.{ts,tsx} : Yup is used for form validation with Formik
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Use Formik for form handling and Yup for validation in forms
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/api/**/*.{ts,tsx} : Use validateWithSchema for input validation with Zod.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: Applies to models/**/*.ts : Use the upsert pattern for create-or-update operations
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to components/**/*.{ts,tsx} : UI components that enforce RBAC should use the AccessControl wrapper.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to **/*.{ts,tsx} : Zod is used for runtime validation
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the useTranslation hook from next-i18next for internationalization
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to components/**/*.tsx : Add aria-labels for accessibility in components
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Add aria-labels for accessibility
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Applies to pages/**/*.tsx : Add aria-labels for accessibility in components
README.md (18)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Configure NextAuth.js in lib/nextAuth.ts to support multiple authentication providers: Credentials (with bcrypt), Magic Links, OAuth (GitHub, Google), SAML SSO (BoxyHQ), and IdP-initiated SAML flows.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.js
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:50.933Z
Learning: Apply the rules from `auth-security.mdc` when working on authentication, authorization, or security features, including NextAuth configuration, session management, security features, authorization patterns, and best practices.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/README.md:0-0
Timestamp: 2025-07-03T07:37:56.463Z
Learning: The `auth-security.mdc` rule details authentication and security patterns, including NextAuth configuration, session management, security features, authorization patterns, and best practices, and is applied when working on authentication, authorization, or security features.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:51.623Z
Learning: Applies to tests/**/*.e2e.{ts,tsx} : End-to-end (E2E) tests should be written using Playwright and placed in the `tests/` directory
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to tests/e2e/**/*.ts : E2E tests must use Playwright as the testing stack
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/project-overview.mdc:0-0
Timestamp: 2025-07-03T07:39:45.076Z
Learning: Applies to tests/**/*.e2e.{ts,tsx} : End-to-end (E2E) tests must be written using Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:29.909Z
Learning: Test user interactions with Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/frontend-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:35.571Z
Learning: Test user interactions with Playwright
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to tests/e2e/**/*.ts : Use Playwright assertions in E2E test files
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to **/{__tests__,tests}/**/*.{spec,test}.ts : Mock modules (e.g., Prisma, NextAuth) in unit test files using jest.mock
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/testing-patterns.mdc:0-0
Timestamp: 2025-07-03T07:40:17.152Z
Learning: Applies to **/{__tests__,tests}/**/*.{spec,test}.ts : Unit tests must use Jest and Testing Library as the testing stack
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Database sessions should enable features like session management UI and revocation.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to lib/nextAuth.ts : Support both JWT and database session strategies, configurable via NEXTAUTH_SESSION_STRATEGY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to next.config.js : Security headers are configured in `next.config.js`
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/auth-security.mdc:0-0
Timestamp: 2025-07-03T07:38:40.730Z
Learning: Applies to pages/{api/auth,auth}/**/*.{ts,tsx} : Protect login, signup, and password reset forms with reCAPTCHA, configured via RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY.
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: The app uses PostgreSQL with Prisma ORM; key models include User, Team, TeamMember, Invitation, ApiKey, Subscription/Price/Service
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-03T07:37:37.818Z
Learning: Applies to pages/api/{teams,users,invitations}/**/* : RESTful endpoints for teams, users, invitations are implemented in `pages/api/`
.do/deploy.template.yaml (1)
Learnt from: CR
PR: adamsardo/saas-starter-kit#0
File: .cursor/rules/database-patterns.mdc:0-0
Timestamp: 2025-07-03T07:39:09.328Z
Learning: The app uses PostgreSQL with Prisma ORM; key models include User, Team, TeamMember, Invitation, ApiKey, Subscription/Price/Service
🧬 Code Graph Analysis (9)
pages/api/auth/reset-password.ts (1)
models/session.ts (1)
deleteManySessions(3-7)
pages/api/password.ts (1)
models/session.ts (1)
deleteManySessions(3-7)
pages/auth/idp-login.tsx (1)
hooks/useAuth.ts (1)
useSignIn(6-65)
components/auth/GithubButton.tsx (1)
hooks/useAuth.ts (1)
useSignIn(6-65)
components/auth/GoogleButton.tsx (1)
hooks/useAuth.ts (1)
useSignIn(6-65)
lib/auth.ts (2)
types/base.ts (1)
AUTH_PROVIDER(60-66)lib/common.ts (1)
passwordPolicies(16-18)
lib/session.ts (1)
lib/clerk.ts (1)
getCurrentUserWithTeam(16-47)
components/account/ManageSessions.tsx (1)
types/base.ts (1)
ApiResponse(9-17)
components/account/UpdateName.tsx (4)
hooks/auth.ts (2)
useSession(4-4)useUser(9-9)hooks/useSession.ts (1)
useSession(7-45)lib/common.ts (1)
maxLengthPolicies(28-48)types/base.ts (1)
ApiResponse(9-17)
🪛 GitHub Actions: Build
components/shared/shell/Header.tsx
[error] 15-15: ESLint: 'Loading' is defined but never used. (@typescript-eslint/no-unused-vars)
pages/teams/switch.tsx
[error] 16-17: ESLint: 'useTeams' and 'Link' are defined but never used. (@typescript-eslint/no-unused-vars)
pages/api/auth/reset-password.ts
[error] 6-6: ESLint: 'env' is defined but never used. (@typescript-eslint/no-unused-vars)
components/team/Members.tsx
[error] 2-20: ESLint: 'EmptyState' and 'AccessControl' are defined but never used. (@typescript-eslint/no-unused-vars)
pages/auth/sso/index.tsx
[error] 24-24: ESLint: 'signIn' is assigned a value but never used. (@typescript-eslint/no-unused-vars)
components/shared/shell/AppShell.tsx
[error] 14-18: ESLint: 'isSignedIn', 'isLoading', 'isAuthenticated' are assigned values but never used. (@typescript-eslint/no-unused-vars)
lib/auth.ts
[error] 3-3: ESLint: 'env' is defined but never used. (@typescript-eslint/no-unused-vars)
pages/settings/security.tsx
[error] 3-3: ESLint: 'InferGetServerSidePropsType' is defined but never used. (@typescript-eslint/no-unused-vars)
[error] 10-10: ESLint: 'getSession' is defined but never used. (@typescript-eslint/no-unused-vars)
[error] 13-13: ESLint: 't' is assigned a value but never used. (@typescript-eslint/no-unused-vars)
components/auth/MagicLink.tsx
[error] 19-19: ESLint: 'csrfToken' is defined but never used. (@typescript-eslint/no-unused-vars)
components/account/ManageSessions.tsx
[error] 6-19: ESLint: Multiple unused variables: 'defaultHeaders', 'env', 'loading', 'setLoading'. (@typescript-eslint/no-unused-vars)
components/account/UpdateName.tsx
[error] 15-15: ESLint: 'update' is assigned a value but never used. (@typescript-eslint/no-unused-vars)
🪛 Biome (1.9.4)
components/team/Members.tsx
[error] 3-3: Do not shadow the global "Error" property.
Consider renaming this variable. It's easy to confuse the origin of variables when they're named after a known global.
(lint/suspicious/noShadowRestrictedNames)
🪛 LanguageTool
docs/authentication.md
[uncategorized] ~116-~116: Possible missing article found.
Context: ...ement, and user data are now handled by Clerk. ### Key Changes: - Sessions managed b...
(AI_HYDRA_LEO_MISSING_THE)
🪛 YAMLlint (1.37.1)
.do/deploy.template.yaml
[error] 31-31: duplication of key "name" in mapping
(key-duplicates)
🔇 Additional comments (53)
components/shared/TeamDropdown.tsx (1)
9-21: ConfirmuseSessioncompatibility with previous consumer codeThe component keeps using
data.userand the status strings ('authenticated','unauthenticated') that were provided by NextAuth.
Please double-check that the new Clerk-backeduseSessionhook exposes:
data.userwith identical shape (at leastid,name,statusvalues matching the old literal strings (or that every consumer has been updated).A silent mismatch here will break all dropdown/user-menu logic at runtime.
If the API differs, add an adapter layer in@/hooks/author update the callers.pages/invitations/[token].tsx (1)
4-21:statusvalue assumptions need verificationSame concern as in
TeamDropdown: the code relies onstatus === 'authenticated' | 'unauthenticated'.
Ensure@/hooks/authreturns those exact strings or refactor the checks (e.g.isSignedIn) to avoid a logic regression in the invitation flow.tsconfig.json (1)
28-30: Removal ofnext-auth.d.tslooks correctExcluding the obsolete declaration cleans up the compile scope. No further action required.
pages/api/auth/reset-password.ts (1)
76-78: LGTM! Session deletion aligns with Clerk migration.The unconditional session deletion correctly reflects the migration from NextAuth.js to Clerk, where session management is handled by Clerk's infrastructure rather than conditional database strategies.
.cursor/rules/project-overview.mdc (1)
11-11: LGTM! Documentation correctly updated for Clerk migration.The authentication reference has been properly updated to reflect the migration from NextAuth.js to Clerk, pointing to the new middleware configuration.
pages/auth/idp-login.tsx (4)
1-1: LGTM! Import correctly updated for Clerk migration.The import has been properly changed from NextAuth.js to the custom authentication hook that wraps Clerk functionality.
7-7: LGTM! Hook usage aligns with new authentication architecture.Using the
useSignInhook correctly implements the Clerk-based authentication pattern established in the migration.
18-18: LGTM! Type casting ensures type safety.The explicit string casting for the
codeparameter ensures type safety and aligns with the hook's expected interface.
20-20: LGTM! Dependency array correctly updated.Adding
signInto the dependency array is necessary since it's now obtained from a hook and ensures the effect re-runs if the function reference changes.pages/_app.tsx (2)
19-19: LGTM! PageProps handling simplified for Clerk migration.Removing session extraction from pageProps is correct since authentication state is now managed by Clerk's context provider.
52-70: LGTM! App structure correctly updated for Clerk.The removal of SessionProvider wrapper and direct nesting of components within ClerkProvider correctly implements the new authentication architecture using Clerk.
components/auth/GoogleButton.tsx (2)
1-1: LGTM! Import correctly updated for Clerk migration.The import has been properly changed to use the custom authentication hook that wraps Clerk's Google OAuth functionality.
9-9: LGTM! Hook usage implements Clerk authentication pattern.Using the
useSignInhook correctly implements the new authentication architecture. The hook handles Google OAuth through Clerk'sauthenticateWithRedirectmethod as shown in the relevant code snippets.components/auth/GithubButton.tsx (1)
1-1: Migration to Clerk authentication looks correct.The changes successfully replace NextAuth.js
signInwith the customuseSignInhook that wraps Clerk's authentication functionality. The component maintains the same interface and behavior while integrating with the new authentication system.Also applies to: 9-9
pages/api/password.ts (1)
56-61: Session deletion logic correctly simplified for Clerk migration.The removal of conditional session strategy checks and unconditional deletion of all user sessions aligns with Clerk's centralized session management. Since Clerk handles session tokens separately, this simplification is appropriate and maintains the security requirement of invalidating sessions after password changes.
hooks/useCustomSignout.ts (1)
1-1: Successful migration to Clerk's sign-out functionality.The refactoring correctly replaces the custom API endpoint with Clerk's built-in
signOutmethod. This eliminates the need for the custom/api/auth/custom-signoutroute and leverages Clerk's optimized sign-out process while maintaining the same error handling and navigation behavior.Also applies to: 6-6, 10-10
components/team/Members.tsx (1)
11-11: Migration to Clerk authentication hook is correct.The import change from
next-auth/reactto@/hooks/authfor theuseSessionhook correctly integrates with the new Clerk-based authentication system.hooks/auth.ts (1)
1-13: Well-structured barrel export for authentication hooks.This centralized export file provides a clean API for authentication hooks, supporting the migration to Clerk while maintaining consistent import patterns across the codebase. The separation of custom hooks and direct Clerk re-exports is well-organized and follows good practices for barrel exports.
.github/workflows/main.yml (3)
40-42: LGTM! Proper Clerk environment variables configuration.The migration from NextAuth environment variables to Clerk-specific ones is correctly implemented. The fake test values follow proper Clerk key naming conventions.
80-87: Good practice: Explicit environment variables for unit tests.Adding explicit environment variable configuration for the unit test step ensures tests run with the correct Clerk authentication context, preventing potential test failures due to missing environment variables.
93-103: Improved test execution and comprehensive environment setup.The changes improve the CI pipeline by:
- Removing the
-xflag allows all Playwright tests to run instead of stopping on first failure- Comprehensive environment variable setup ensures E2E tests have all necessary configuration
.cursor/rules/testing-patterns.mdc (2)
45-71: Excellent Clerk testing mock implementation.The mock correctly replaces NextAuth with Clerk hooks, providing realistic data structures that match Clerk's API. The mock covers the essential hooks (
useAuth,useUser,useOrganization) with appropriate user and organization data.
72-79: Good practice: Test environment isolation.Explicitly setting test environment variables ensures consistent test execution and proper isolation from development/production environments.
lib/env.ts (2)
7-7: Clean migration: NextAuth configuration successfully removed.The environment configuration has been properly updated to remove NextAuth dependencies while maintaining the comprehensive configuration structure for other services.
16-25: Well-structured Clerk configuration.The Clerk configuration includes all necessary environment variables with appropriate defaults for sign-in/sign-up URLs and webhook handling, supporting a complete authentication flow.
pages/auth/sso/index.tsx (1)
65-72: Correct SAML SSO flow implementation.The migration properly replaces NextAuth's
signIn('boxyhq-saml', ...)with a manual redirect to the SAML authorization endpoint. This approach gives more control over the SAML flow while maintaining compatibility with the existing Jackson SAML infrastructure.pages/api/sessions/index.ts (1)
38-43: Reasonable compromise for Clerk session management.The comment clearly explains why the current session detection is disabled. Since Clerk manages sessions differently than NextAuth and doesn't expose the current session token, marking all sessions as
isCurrent: falseis an acceptable limitation that preserves the core session listing functionality.hooks/useSession.ts (2)
1-5: LGTM! Clean imports and dependencies.The imports are well-organized and all necessary dependencies are included for the Clerk-based session hook implementation.
11-15: Status calculation logic is correct.The status determination properly handles the loading states from both user and organization contexts, ensuring consistent state management.
components/shared/shell/AppShell.tsx (2)
3-3: LGTM! Import updated for Clerk migration.The import correctly switches from NextAuth's useSession to the custom hook, aligning with the authentication migration.
20-27: Simplify conditional rendering using only useSession status.Since the custom
useSessionhook provides comprehensive authentication state, the component can rely solely on itsstatusfor conditional rendering.The current implementation is correct and the authentication flow works properly. The status checks are appropriately handling loading and unauthenticated states.
⛔ Skipped due to learnings
Learnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:29.909Z Learning: Applies to components/**/*.tsx : Use the AccessControl component for permission-based renderingLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:29.909Z Learning: Applies to pages/**/*.tsx : Use the AccessControl component for permission-based renderingLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:35.571Z Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Use the AccessControl component for permission-based renderingLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/project-overview.mdc:0-0 Timestamp: 2025-07-03T07:39:51.623Z Learning: Applies to lib/nextAuth.ts : Authentication logic should be implemented in `lib/nextAuth.ts` using NextAuth.jsLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:29.909Z Learning: Applies to components/**/*.tsx : Use SWR for data fetching in components and hooksLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/auth-security.mdc:0-0 Timestamp: 2025-07-03T07:38:40.730Z Learning: Applies to pages/api/**/*.{ts,tsx} : API routes must check for authenticated sessions and appropriate permissions before allowing access.Learnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:29.909Z Learning: Applies to components/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapperLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/auth-security.mdc:0-0 Timestamp: 2025-07-03T07:38:40.730Z Learning: Applies to components/**/*.{ts,tsx} : UI components that enforce RBAC should use the AccessControl wrapper.Learnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:35.571Z Learning: Applies to {components/**/*.tsx,pages/**/*.tsx,hooks/**/*.ts} : Use SWR for data fetching in components and hooksLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:35.571Z Learning: Applies to {components/**/*.tsx,pages/**/*.tsx} : Handle loading and error states consistently using the WithLoadingAndError wrapperLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:29.909Z Learning: Applies to pages/**/*.tsx : Handle loading and error states consistently using the WithLoadingAndError wrapperLearnt from: CR PR: adamsardo/saas-starter-kit#0 File: .cursor/rules/frontend-patterns.mdc:0-0 Timestamp: 2025-07-03T07:39:29.909Z Learning: Applies to pages/**/*.tsx : Use the WithLoadingAndError wrapper for loading and error statesCLAUDE.md (3)
16-17: Good markdown formatting improvement.The code block formatting for the Development section is now properly structured.
140-147: Excellent authentication documentation update.The documentation correctly reflects the migration to Clerk, accurately describing Clerk's features including session management, attack protection, 2FA, and organization-based access control.
424-449: Valuable implementation patterns section.The new "Key Implementation Patterns" section provides clear guidance on the authentication flow and essential environment variables for Clerk integration.
app.json (1)
8-22: Environment variables correctly updated for Clerk migration.The replacement of NextAuth environment variables with Clerk equivalents is accurate and complete. The reorganization with
DATABASE_URLandAPP_URLat the top provides better structure.lib/session.ts (1)
6-6: Ignore incorrect import path suggestionThe
getCurrentUserWithTeamused in lib/session.ts is correctly imported from@/lib/clerk-session, as that implementation expects(req, res)parameters. No changes are needed here.Likely an incorrect or invalid review comment.
hooks/useAuth.ts (1)
68-86: LGTM: Clean signOut implementationThe signOut wrapper properly handles the redirect flow and includes appropriate error handling.
lib/auth.ts (1)
14-14: Static auth provider list verified
I searched for any dynamic provider-detection calls (e.g.getAuthProviders,isAuthProviderEnabled, etc.) and found none. Using the staticauthProviders: AUTH_PROVIDER[] = ['github', 'google']aligns with Clerk’s configuration model and won’t break existing functionality.MIGRATION_COMPLETE.md (1)
1-111: Excellent migration documentationThis comprehensive documentation provides clear guidance for the completed migration from NextAuth.js to Clerk. It includes:
- Complete checklist of removed NextAuth.js components
- Detailed list of Clerk implementations
- Benefits and next steps
- Support resources
The documentation is well-structured and will be valuable for future reference and onboarding.
types/next.ts (3)
7-7: LGTM: Generalized pageProps typeThe change from specific session typing to
Record<string, any>appropriately removes NextAuth-specific assumptions and provides flexibility for Clerk's different prop structure.
10-15: LGTM: Enhanced NextPageWithLayout genericsThe addition of proper generic parameters
PandIPaligns with the underlyingNextPagetype signature and provides better type safety.
17-22: LGTM: New NextPageWithUser type for authorizationThe new type with
requireAuthproperty provides a clean way to indicate pages that require authentication, supporting the new Clerk-based authorization patterns.README.md (3)
55-56: LGTM! Clerk properly added to tech stack.The description accurately reflects Clerk's role as the authentication and user management solution.
275-285: Great addition! Tech stack section provides clear overview.The new tech stack section effectively communicates the core technologies used in the project.
168-188: Clerk Environment Variables Documentation ConfirmedAll environment variables listed in README.md are declared in
app.jsonand actively used in the codebase (e.g.,lib/env.ts,pages/api/webhooks/clerk.ts,scripts/migrate-users-to-clerk.ts). No additional variables are required—this section is complete.components/auth/MagicLink.tsx (2)
6-6: LGTM! Proper migration to custom authentication hooks.The import correctly uses the centralized authentication hooks that wrap Clerk's functionality.
39-51: LGTM! Form submission properly updated for Clerk.The try-catch pattern with the
signInhook is correctly implemented for Clerk's authentication flow.docs/authentication.md (2)
116-116: Fix minor grammatical issue.Add the missing article "by" for better readability.
-and user data are now handled by Clerk. +and user data are now handled by Clerk.Actually, this is a false positive from the static analysis tool. The sentence is grammatically correct as written.
1-147: Excellent comprehensive documentation!This documentation thoroughly covers all aspects of Clerk authentication including setup, configuration, usage patterns, and troubleshooting. It provides clear guidance for developers working with the new authentication system.
components/account/ManageSessions.tsx (1)
15-15: LGTM! Improved type safety and state management.The type alias rename from
NextAuthSessiontoUserSessionand the dialog state variable improvements enhance code clarity and maintainability.Also applies to: 22-22, 54-54, 92-92, 104-104, 107-107
components/account/UpdateName.tsx (2)
49-59: LGTM! Proper Clerk user profile integration.The direct integration with Clerk's user update API is correctly implemented with proper error handling and name parsing logic.
23-27: LGTM! Proper form validation with Yup.The migration from Zod to Yup validation follows the coding guidelines and uses the correct max length policies.
.do/deploy.template.yaml (1)
15-21: Environment entries are missingvalue/value_from; DigitalOcean spec will reject them
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY,CLERK_SECRET_KEY, andCLERK_WEBHOOK_SECRETonly declarekeyandscope.
In the DO App-Spec eithervalueorvalue_fromis mandatory for each env item.Example fix:
- - key: NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY - scope: RUN_AND_BUILD_TIME + - key: NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY + scope: RUN_AND_BUILD_TIME + value: ${NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY} # or value_from: ...Double-check all three Clerk variables before shipping.
| import { useSession } from '@/hooks/auth'; | ||
| import { useTranslation } from 'next-i18next'; | ||
| import { serverSideTranslations } from 'next-i18next/serverSideTranslations'; | ||
| import { useRouter } from 'next/router'; | ||
| import { type ReactElement, useEffect } from 'react'; | ||
| import toast from 'react-hot-toast'; | ||
| import type { NextPageWithLayout } from 'types'; | ||
| import useTeams from 'hooks/useTeams'; | ||
| import Link from 'next/link'; | ||
|
|
There was a problem hiding this comment.
Failing build: remove or use the unused imports
useTeams and Link are imported but never used, causing the ESLint error reported by CI.
-import { useSession } from '@/hooks/auth';
-import { useTranslation } from 'next-i18next';
-import { serverSideTranslations } from 'next-i18next/serverSideTranslations';
-import { useRouter } from 'next/router';
-import { type ReactElement, useEffect } from 'react';
-import toast from 'react-hot-toast';
-import type { NextPageWithLayout } from 'types';
-import useTeams from 'hooks/useTeams';
-import Link from 'next/link';
+import { useSession } from '@/hooks/auth';
+import { useTranslation } from 'next-i18next';
+import { serverSideTranslations } from 'next-i18next/serverSideTranslations';
+import { useRouter } from 'next/router';
+import { type ReactElement, useEffect } from 'react';
+import toast from 'react-hot-toast';
+import type { NextPageWithLayout } from 'types';If you actually intend to list the teams in the client, keep the imports and use them; otherwise drop them to unblock the pipeline.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| import { useSession } from '@/hooks/auth'; | |
| import { useTranslation } from 'next-i18next'; | |
| import { serverSideTranslations } from 'next-i18next/serverSideTranslations'; | |
| import { useRouter } from 'next/router'; | |
| import { type ReactElement, useEffect } from 'react'; | |
| import toast from 'react-hot-toast'; | |
| import type { NextPageWithLayout } from 'types'; | |
| import useTeams from 'hooks/useTeams'; | |
| import Link from 'next/link'; | |
| import { useSession } from '@/hooks/auth'; | |
| import { useTranslation } from 'next-i18next'; | |
| import { serverSideTranslations } from 'next-i18next/serverSideTranslations'; | |
| import { useRouter } from 'next/router'; | |
| import { type ReactElement, useEffect } from 'react'; | |
| import toast from 'react-hot-toast'; | |
| import type { NextPageWithLayout } from 'types'; |
🧰 Tools
🪛 GitHub Actions: Build
[error] 16-17: ESLint: 'useTeams' and 'Link' are defined but never used. (@typescript-eslint/no-unused-vars)
🤖 Prompt for AI Agents
In pages/teams/switch.tsx around lines 9 to 18, the imports for useTeams and
Link are unused, causing ESLint errors and build failure. To fix this, either
remove these two imports if they are not needed or implement their usage in the
component if you plan to list teams or use links. This will resolve the unused
import errors and unblock the build pipeline.
| import { | ||
| EmptyState, | ||
| Error, | ||
| LetterAvatar, | ||
| Loading, | ||
| } from '@/components/shared'; |
There was a problem hiding this comment.
Remove unused imports flagged by pipeline.
The pipeline indicates that EmptyState and AccessControl are imported but never used in this component. Please remove these unused imports to clean up the code.
import {
- EmptyState,
Error,
LetterAvatar,
Loading,
} from '@/components/shared';-import { AccessControl } from '@/components/shared/AccessControl';Also applies to: 20-20
🧰 Tools
🪛 Biome (1.9.4)
[error] 3-3: Do not shadow the global "Error" property.
Consider renaming this variable. It's easy to confuse the origin of variables when they're named after a known global.
(lint/suspicious/noShadowRestrictedNames)
🤖 Prompt for AI Agents
In components/team/Members.tsx at lines 1 to 6 and line 20, remove the unused
imports EmptyState and AccessControl since they are imported but never used in
the component. This will clean up the code and resolve the pipeline warnings.
| > = ({ jacksonProductId }) => { | ||
| const { t } = useTranslation('common'); | ||
| const { status } = useSession(); | ||
| const signIn = useSignIn(); |
There was a problem hiding this comment.
Remove unused variable to fix ESLint error.
The signIn hook is imported and assigned but never used in the updated logic, causing a pipeline failure.
- const signIn = useSignIn();📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const signIn = useSignIn(); |
🧰 Tools
🪛 GitHub Actions: Build
[error] 24-24: ESLint: 'signIn' is assigned a value but never used. (@typescript-eslint/no-unused-vars)
🤖 Prompt for AI Agents
In pages/auth/sso/index.tsx at line 24, the variable signIn is assigned using
the useSignIn hook but never used, causing an ESLint error. Remove the
declaration of the signIn variable to fix the unused variable issue and prevent
the pipeline failure.
| const role = membership?.role as keyof typeof CLERK_ROLES; | ||
| const mappedRole = CLERK_ROLES[role] || Role.MEMBER; |
There was a problem hiding this comment.
Add null safety for membership role mapping.
The role mapping assumes membership exists when determining the user's role, but membership could be null if the user isn't part of the current organization.
- const role = membership?.role as keyof typeof CLERK_ROLES;
- const mappedRole = CLERK_ROLES[role] || Role.MEMBER;
+ const role = membership?.role as keyof typeof CLERK_ROLES;
+ const mappedRole = role ? (CLERK_ROLES[role] || Role.MEMBER) : Role.MEMBER;📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const role = membership?.role as keyof typeof CLERK_ROLES; | |
| const mappedRole = CLERK_ROLES[role] || Role.MEMBER; | |
| const role = membership?.role as keyof typeof CLERK_ROLES; | |
| const mappedRole = role ? (CLERK_ROLES[role] || Role.MEMBER) : Role.MEMBER; |
🤖 Prompt for AI Agents
In hooks/useSession.ts around lines 20 to 21, the code assumes membership is
always defined when mapping the role, but membership can be null if the user is
not part of the organization. To fix this, add a null check for membership
before accessing membership.role, and safely handle the case when membership is
null by defaulting the role to a safe fallback like Role.MEMBER.
| const { isLoaded: clerkLoaded, isSignedIn, user } = useUser(); | ||
|
|
||
| // Use Clerk auth status if available, otherwise fall back to NextAuth | ||
| // Check authentication status | ||
| const isLoading = clerkLoaded === false || (clerkLoaded && !user && status === 'loading'); | ||
| const isAuthenticated = user || status === 'authenticated'; |
There was a problem hiding this comment.
Remove unused variables and simplify authentication logic.
The pipeline indicates that isSignedIn, isLoading, and isAuthenticated are unused. The logic is also redundant since the custom useSession hook already handles all authentication state.
- const { isLoaded: clerkLoaded, isSignedIn, user } = useUser();
-
- // Check authentication status
- const isLoading = clerkLoaded === false || (clerkLoaded && !user && status === 'loading');
- const isAuthenticated = user || status === 'authenticated';
+ const { isLoaded: clerkLoaded, user } = useUser();📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const { isLoaded: clerkLoaded, isSignedIn, user } = useUser(); | |
| // Use Clerk auth status if available, otherwise fall back to NextAuth | |
| // Check authentication status | |
| const isLoading = clerkLoaded === false || (clerkLoaded && !user && status === 'loading'); | |
| const isAuthenticated = user || status === 'authenticated'; | |
| const { isLoaded: clerkLoaded, user } = useUser(); |
🧰 Tools
🪛 GitHub Actions: Build
[error] 14-18: ESLint: 'isSignedIn', 'isLoading', 'isAuthenticated' are assigned values but never used. (@typescript-eslint/no-unused-vars)
🤖 Prompt for AI Agents
In components/shared/shell/AppShell.tsx around lines 14 to 18, remove the unused
variables isSignedIn, isLoading, and isAuthenticated from the useUser hook
destructuring and subsequent logic. Simplify the code by relying solely on the
custom useSession hook for authentication state, eliminating redundant checks
and variables related to authentication status.
| import { defaultHeaders } from '@/lib/common'; | ||
| import toast from 'react-hot-toast'; | ||
| import { WithLoadingAndError } from '@/components/shared'; | ||
| import ConfirmationDialog from '@/components/shared/ConfirmationDialog'; | ||
| import { Table } from '@/components/shared/table/Table'; | ||
| import env from '@/lib/env'; | ||
| import { ApiResponse } from 'types'; |
There was a problem hiding this comment.
Remove unused imports and variables.
Multiple imports and variables are not used and should be removed to clean up the code.
-import { defaultHeaders } from '@/lib/common';
-import env from '@/lib/env';
- const [loading, setLoading] = useState(false);Also applies to: 19-19
🧰 Tools
🪛 GitHub Actions: Build
[error] 6-19: ESLint: Multiple unused variables: 'defaultHeaders', 'env', 'loading', 'setLoading'. (@typescript-eslint/no-unused-vars)
🤖 Prompt for AI Agents
In components/account/ManageSessions.tsx around lines 6 to 12 and line 19, there
are multiple imports and variables that are not used anywhere in the file.
Identify all unused imports and variables in these lines and remove them to
clean up the code and improve maintainability.
| data: UserSession[]; | ||
| }>>('/api/sessions', fetcher); | ||
|
|
There was a problem hiding this comment.
Fix incorrect SWR typing.
The SWR hook has incorrect double-nested typing. Based on the relevant code snippet from types/base.ts, the ApiResponse should directly wrap the array.
- const { data, error, mutate, isLoading } = useSWR<ApiResponse<{
- data: UserSession[];
- }>>('/api/sessions', fetcher);
+ const { data, error, mutate, isLoading } = useSWR<ApiResponse<UserSession[]>>('/api/sessions', fetcher);And update the data access:
- const sessions = data?.data ?? [];
+ const sessions = data?.data ?? [];📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const { data, error, mutate, isLoading } = useSWR<ApiResponse<{ | |
| data: UserSession[]; | |
| }>>('/api/sessions', fetcher); | |
| const { data, error, mutate, isLoading } = useSWR<ApiResponse<UserSession[]>>( | |
| '/api/sessions', | |
| fetcher | |
| ); | |
| const sessions = data?.data ?? []; |
🤖 Prompt for AI Agents
In components/account/ManageSessions.tsx around lines 23 to 25, the SWR hook
typing incorrectly nests ApiResponse inside another data object. Update the
generic type to ApiResponse<UserSession[]> to match the correct structure. Then
adjust any data access in the component to directly use data.data instead of
data.data.data.
| const UpdateName = ({ user }: { user: Partial<User> }) => { | ||
| const UpdateName = ({ user }: { user: any }) => { | ||
| const { t } = useTranslation('common'); | ||
| const { update } = useSession(); |
There was a problem hiding this comment.
Remove unused update variable.
The update variable from useSession() is no longer used since the component directly updates the Clerk user profile.
- const { update } = useSession();📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const { update } = useSession(); |
🧰 Tools
🪛 GitHub Actions: Build
[error] 15-15: ESLint: 'update' is assigned a value but never used. (@typescript-eslint/no-unused-vars)
🤖 Prompt for AI Agents
In components/account/UpdateName.tsx at line 15, the variable `update` is
destructured from `useSession()` but is not used anywhere in the component.
Remove the `update` variable from the destructuring assignment to clean up
unused code.
| import { updateAccountSchema } from '@/lib/zod'; | ||
|
|
||
| const UpdateName = ({ user }: { user: Partial<User> }) => { | ||
| const UpdateName = ({ user }: { user: any }) => { |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Improve type safety for user prop.
Using any type reduces type safety. Define a proper interface or use a more specific type.
-const UpdateName = ({ user }: { user: any }) => {
+interface UserProps {
+ name?: string;
+}
+
+const UpdateName = ({ user }: { user: UserProps }) => {📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const UpdateName = ({ user }: { user: any }) => { | |
| // Define a specific type for the user prop | |
| interface UserProps { | |
| name?: string; | |
| } | |
| const UpdateName = ({ user }: { user: UserProps }) => { | |
| // …rest of implementation… | |
| } |
🤖 Prompt for AI Agents
In components/account/UpdateName.tsx at line 13, the user prop is typed as any,
which reduces type safety. Define a proper TypeScript interface or type that
describes the expected shape of the user object, including relevant properties
used in the component, and replace any with this specific type to improve type
safety.
| http_port: 4002 | ||
| instance_count: 1 | ||
| instance_size_slug: basic-xxs | ||
| name: saas-starter-kit | ||
| run_command: npm start | ||
| source_dir: / |
There was a problem hiding this comment.
Duplicate name key inside the same service block breaks YAML parsing
- name: web (line 4) already defines the service’s identifier.
Re-declaring name: at line 31 produces the YAMLlint key-duplicates error and will prevent the template from being applied.
@@
- instance_size_slug: basic-xxs
- name: saas-starter-kit # ← remove or rename
+ instance_size_slug: basic-xxsRemove the second key or convert it to a different attribute (e.g., app_name) if you really need it.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| http_port: 4002 | |
| instance_count: 1 | |
| instance_size_slug: basic-xxs | |
| name: saas-starter-kit | |
| run_command: npm start | |
| source_dir: / | |
| http_port: 4002 | |
| instance_count: 1 | |
| instance_size_slug: basic-xxs | |
| run_command: npm start | |
| source_dir: / |
🧰 Tools
🪛 YAMLlint (1.37.1)
[error] 31-31: duplication of key "name" in mapping
(key-duplicates)
🤖 Prompt for AI Agents
In .do/deploy.template.yaml around lines 28 to 33, there is a duplicate `name`
key within the same service block, which causes YAML parsing errors. Remove the
second `name: saas-starter-kit` key or rename it to a different attribute like
`app_name` if you need to keep that value, ensuring no duplicate keys exist in
the same block.
Complete the full migration from NextAuth.js to Clerk for authentication.
This PR completes the comprehensive migration of the application's authentication system from NextAuth.js to Clerk. It involves removing all NextAuth.js code, updating API routes and UI components to use Clerk's session management and hooks, and thoroughly updating all relevant documentation and configuration files to reflect the new authentication provider.
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Refactor
Chores