LOADING…
0%
Build history

Every step,
from the first commit.

A complete build timeline of Grainstash taking shape—from early sequencer experiments to the product it is today.

Commits
1,543
Since
2024
Through
2026

Showing 451–500 of 1,543

Page 10 of 31

3 commits
  1. fix: skip migrations gracefully when drizzle folder missing (worker deployments)

    Cursor Agent 474e12f1

    Commit notes

    The migrate-deploy.ts script was throwing an error when the drizzle migration journal was not found. This caused worker deployments to fail when: 1. The .dockerignore excludes the drizzle/ folder 2. The worker service uses the same railway.json as the API Now the script gracefully exits with success (exit code 0) when the migration journal is not found, logging a warning message. This is expected behavior for worker deployments which don't need to run migrations - only the API service should handle migrations. Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +30
    Removed
    −22
  2. refactor: Use drizzle-kit migrate for safer migration execution

    Cursor Agent 6fd44472

    Commit notes

    The deploy migration script now: - Uses bunx drizzle-kit migrate for actual migration execution - Only handles connection retries and db:push detection as a wrapper - Drizzle Kit manages transactions and SQL execution properly This is safer than custom SQL parsing and execution. Co-authored-by: armin.naimi <[email redacted]>

    Files
    2
    Added
    +103
    Removed
    −199
17 commits
  1. feat: Add reliable database migration system for Railway deployments

    Cursor Agent 8713dd8e

    Commit notes

    This commit introduces a robust migration system that handles: - Fresh databases and databases set up with db:push - Automatic migration running on Railway deployments - Connection retries with exponential backoff - Clear diagnostics and logging Changes: - Add scripts/migrate-deploy.ts: Deploy-safe migration script with retry logic - Add scripts/sync-migrations.ts: Tool to sync migrations with database state - Update scripts/check-migrations.ts: Better diagnostics and JSON output - Update railway.json: Run migrations before app starts - Update package.json: Add new migration commands - Update _journal.json: Add missing 0017_password_reset_tokens entry - Update RAILWAY.md: Document new migration workflow - Update LIVE_MIGRATION_STRATEGY.md: Document deploy migration script New commands: - bun run db:migrate:deploy - Deploy-safe migration with retries - bun run db:sync status|mark-all|reset|introspect - Migration sync tools - bun run db:check --json|--verbose|--fix - Enhanced migration checking Co-authored-by: armin.naimi <[email redacted]>

    Files
    8
    Added
    +1135
    Removed
    −47
  2. Add new skills for marketing and user engagement

    Armin Naimi 4149380c

    Commit notes

    - Introduced multiple new skills including copy-editing, copywriting, email-sequence, form-cro, launch-strategy, marketing-ideas, marketing-psychology, onboarding-cro, popup-cro, pricing-strategy, programmatic-seo, referral-program, and signup-flow-cro. - Each skill includes detailed descriptions, core principles, and practical guidance to enhance user experience and marketing effectiveness. - These additions aim to provide comprehensive resources for users looking to optimize their marketing strategies and user engagement processes.

    Files
    15
    Added
    +6934
    Removed
    −126
  3. fix: regenerate bun lockfiles and fix lint errors

    Cursor Agent 8ce87b8c

    Commit notes

    - Regenerate backend/bun.lock to fix frozen-lockfile CI failures - Regenerate root bun.lock for workspace consistency - Fix lint errors in share-events.ts (use optional chaining, avoid non-null assertion) - Fix lint error in crypto.test.ts (use template literal instead of concatenation) - Apply auto-fixes from biome linter to various files Co-authored-by: armin.naimi <[email redacted]>

    Files
    18
    Added
    +1049
    Removed
    −432
  4. Fix UI Skills violations across frontend components

    Cursor Agent 3a023b35

    Commit notes

    Accessibility fixes: - Add aria-label to icon-only buttons in SequencerTrack, Header, library page - Add aria-label and role=checkbox to sample selection buttons - Replace native confirm() with accessible AlertDialog component Animation/Performance fixes: - Replace transition-all with specific properties (transform, opacity, etc.) - Fix animation durations exceeding 200ms (300ms -> 200ms) - Use transition-[width] instead of transition-all for progress bars Typography fixes: - Add text-balance to headings - Add text-pretty to body paragraphs Layout fixes: - Replace arbitrary z-60/z-61 with semantic z-modal-backdrop/z-modal utilities - Replace w-* h-* with size-* for square elements - Add z-index utilities to app.css New component: - AlertDialog.svelte for destructive action confirmations Co-authored-by: armin.naimi <[email redacted]>

    Files
    13
    Added
    +389
    Removed
    −197
  5. Add frontend UI skills review document

    Cursor Agent acaf8850

    Commit notes

    Comprehensive review of frontend code against UI Skills constraints: - Stack: No violations found - Components: 6 violations (missing aria-labels on icon-only buttons) - Interaction: 3 violations (confirm() usage, backdrop-blur on large surfaces) - Animation: 4 violations (transition-all, duration exceeding 200ms) - Typography: 2 violations (missing text-balance/text-pretty) - Layout: 2 violations (arbitrary z-index, w-* h-* instead of size-*) - Performance: 2 violations (backdrop-blur surfaces) - Design: 3 violations (gradients without explicit request) Includes detailed code snippets, explanations, and suggested fixes. Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +463
    Removed
    −0
  6. refactor: Use Bun native crypto across codebase

    Cursor Agent 6e55c5f8

    Commit notes

    - Replace node:crypto createHash with Bun.CryptoHasher in hash.ts - Replace node:crypto randomBytes with generateSecureToken in mollie-connect.ts - Consistent use of Bun's native crypto APIs for better performance - Removes all node:crypto dependencies from the codebase Co-authored-by: armin.naimi <[email redacted]>

    Files
    2
    Added
    +13
    Removed
    −11
  7. refactor(security): Use Bun native crypto functions

    Cursor Agent 0039c08f

    Commit notes

    - Replace node:crypto timingSafeEqual with XOR-based constant-time comparison - Use Bun.CryptoHasher for SHA-256 hashing (synchronous, faster) - Use Bun.hash() for timing normalization in length mismatch case - Remove async/await from hashToken and verifyTokenHash (now synchronous) - Update tests to reflect synchronous function signatures Performance improvement: Bun's native crypto is significantly faster than Web Crypto API's async digest functions. Co-authored-by: armin.naimi <[email redacted]>

    Files
    3
    Added
    +63
    Removed
    −57
  8. test(security): Add comprehensive tests for crypto utilities

    Cursor Agent b139104a

    Commit notes

    Tests for: - safeCompare: timing-safe string comparison - generateSecureToken: cryptographic random token generation - hashToken: SHA-256 token hashing - verifyTokenHash: combined hash verification Also includes integration tests simulating: - Full token generation and verification workflow - Password reset token flow Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +159
    Removed
    −0
  9. feat(security): Enhance log redaction and update security review

    Cursor Agent 87647a49

    Commit notes

    Logger improvements: - Add additional sensitive field redaction (iban, apiKey, apiSecret, secret) - Add hash field redaction (passwordHash, tokenHash) - Add nested path patterns for common sensitive data structures - Prevent accidental PII leakage in payout details Update security review: - Mark CSRF timing attack as FIXED - Mark password reset token vulnerability as FIXED - Mark admin audit logging as FIXED - Document Mollie webhook IP validation as MITIGATED - Add implementation status section documenting all changes Co-authored-by: armin.naimi <[email redacted]>

    Files
    2
    Added
    +64
    Removed
    −13
  10. feat(security): Add audit logging and secure password reset tokens

    Cursor Agent e5aea6a6

    Commit notes

    Admin Audit Logging: - Add audit-log service for tracking sensitive operations - Log admin user deletion actions with details - Log admin payout processing actions - Stores events in analytics_events table with structured metadata Password Reset Token Security: - Hash tokens before database storage using SHA-256 - Store hash instead of plaintext token (prevents DB leak exposure) - Hash incoming token before lookup (timing-safe verification) - Use generateSecureToken(32) for 256-bit entropy Both changes address HIGH priority items from security review. Co-authored-by: armin.naimi <[email redacted]>

    Files
    4
    Added
    +329
    Removed
    −10
  11. feat(security): Add security improvements and review

    Cursor Agent 1c5f7be3

    Commit notes

    Security Review: - Created comprehensive BACKEND_SECURITY_REVIEW.md documenting findings Security Fixes: - Add constant-time comparison utility (src/utils/crypto.ts) - safeCompare() for timing-safe string comparison - hashToken() for secure token storage - generateSecureToken() for cryptographic random tokens - Update CSRF middleware to use constant-time comparison - Prevents timing attacks on CSRF token validation - Add IP validation for Mollie webhooks (defense-in-depth) - Logs warning when webhook from non-Mollie IP - Still processes (API verification is primary check) Review documented: - P0: Missing webhook signature verification - P1: Timing attack vulnerabilities (now fixed for CSRF) - P2: Virus scanning not implemented - P3: Admin audit logging recommendations Co-authored-by: armin.naimi <[email redacted]>

    Files
    5
    Added
    +617
    Removed
    −4
30 commits
  1. Enhance UI components and styles

    Armin Naimi e3b23656

    Commit notes

    - Added z-index variables for modal and overlay in app.css to improve layering of UI components. - Updated various Svelte components to use consistent sizing classes for better responsiveness. - Removed unnecessary inline styles and replaced them with Tailwind CSS classes for cleaner code. - Adjusted class names and styles in multiple components to enhance visual consistency and maintainability. - Updated page layouts to use 'min-h-dvh' for better handling of dynamic viewport heights. These changes aim to streamline the UI and improve the overall user experience across the application.

    Files
    25
    Added
    +57
    Removed
    −72
  2. Implement all email integrations

    Cursor Agent ec81b3e1

    Commit notes

    This commit implements all critical email integrations throughout the application: Authentication: - Add welcome email to user registration and Google OAuth - Implement password reset flow with new endpoints (/forgot-password, /reset-password) - Add password_reset_tokens and email_verification_tokens tables to schema - Create database migration for new tables Subscription: - Send subscription confirmation email on upgrade - Send payment failed email on payment failure - Send subscription cancelled email on cancellation - Send storage warning emails at 80% and 100% thresholds Marketplace: - Send purchase receipt to buyers - Send sale notification to creators - Send payout requested email on payout request - Send payout completed email on successful payout - Send payout failed email on failed payout Collaboration: - Send workspace invitation email when inviting users - Send share link access notification (based on user preferences) - Send share link download notification (based on user preferences) All emails are sent non-blocking to prevent transaction delays. User preferences are respected for notification emails. Proper error logging is in place for failed sends. Updated EMAIL_SETUP_REVIEW.md to reflect implementation status. Co-authored-by: armin.naimi <[email redacted]>

    Files
    9
    Added
    +7164
    Removed
    −3185
  3. Add comprehensive email setup review

    Cursor Agent 4c718136

    Commit notes

    - Reviewed email service architecture (Nodemailer/Resend abstraction) - Audited all 15 email templates for quality and completeness - Identified critical gap: email functions exist but are never called - Documented required integration points for each email type - Listed missing features (password reset, email verification) - Provided prioritized recommendations for implementation - Included testing instructions for local and production Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +351
    Removed
    −0
  4. docs: update EMAIL_REQUIREMENTS.md with implementation status

    Cursor Agent d4268a94

    Commit notes

    Mark all implemented templates with checkmarks and add: - Implementation summary table with file paths and functions - Technical implementation details - Usage examples - Development preview instructions Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +159
    Removed
    −84
  5. feat(emails): add remaining email templates

    Cursor Agent fa88df21

    Commit notes

    - Payment failed email for failed subscription charges - Subscription cancelled email with feature loss details - Payout emails (requested, completed, failed) for creators - Share link notification emails (access, download) - Password reset email with security details - Email verification email for new accounts All templates use consistent EmailLayout and Tailwind styling. Co-authored-by: armin.naimi <[email redacted]>

    Files
    10
    Added
    +1473
    Removed
    −0
  6. feat(email): Add high-priority email templates

    Cursor Agent 671cf776

    Commit notes

    Created 5 transactional email templates using React Email + Tailwind: 1. Purchase Receipt (buyer) - Order details with pack info - Amount, date, order ID - Download button and library link 2. Sale Notification (creator) - Earnings highlight with gradient card - Sale breakdown (amount, fee, earnings) - Balance summary with dashboard link 3. Workspace Invitation - Personal message from inviter - Role badge with description - Accept button with expiration notice 4. Subscription Confirmation - Plan features checklist - Storage limit highlight - Billing details and next payment date 5. Storage Warning - Visual progress bar - Conditional messaging (80% vs 100%) - Upgrade and library management options All templates: - Use consistent EmailLayout component - Support Tailwind CSS styling - Include preview props for React Email playground - Export typed helper functions for easy use Co-authored-by: armin.naimi <[email redacted]>

    Files
    6
    Added
    +1013
    Removed
    −2
  7. feat(email): Integrate React Email with Nodemailer/Resend

    Cursor Agent f4d0b45a

    Commit notes

    Set up email infrastructure with environment-based provider switching: - Nodemailer for development (local SMTP like Mailpit) - Resend for production Added: - Email service (backend/src/services/email.ts) with dual provider support - Base email layout components (backend/src/emails/components/layout.tsx) - Welcome email template (backend/src/emails/templates/welcome.tsx) - Email index with helper functions (backend/src/emails/index.ts) - Email configuration to environment schema - React Email dev script for template preview Dependencies added: - @react-email/components, react, react-dom - resend (production provider) - nodemailer (development provider) - react-email (dev preview tool) TypeScript config updated for JSX support (react-jsx). Co-authored-by: armin.naimi <[email redacted]>

    Files
    17
    Added
    +1368
    Removed
    −167
  8. docs: Add comprehensive email requirements analysis

    Cursor Agent dca7ef09

    Commit notes

    Analyzed the entire Samplestep codebase to identify all email types needed: Authentication & Account: - Welcome, email verification, password reset, account deletion Subscription & Billing: - Confirmation, receipts, payment failures, cancellation, expiry notices Storage Alerts: - 80% warning, 100% limit reached (schema already supports) Marketplace: - Purchase receipts (buyer), sale notifications (creator), refunds Payouts: - Request confirmation, completion, failure notifications Workspace Collaboration: - Invitations, acceptance/decline, member removal, role changes Share Links (user-configurable preferences exist): - Access, download, comment, expiring, upload received Upload Links: - Created, uploads received, review notifications Creator Onboarding: - Mollie Connect status updates System: - Weekly/monthly digests, announcements, security alerts Includes priority matrix and technical implementation recommendations. Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +266
    Removed
    −0
  9. feat(frontend): add auto-save to UserProfileDrawer and Edit Project drawer

    Cursor Agent 1c787dc9

    Commit notes

    - UserProfileDrawer now auto-saves name, bio, and share notification preferences - Edit Project drawer now auto-saves project name, description, color, and visibility - Both use the existing createAutoSave hook with debounced saving (1s) - Shows save status indicators (saving/saved/pending/error) - Save immediately on drawer close if there are pending changes - Simplified footer buttons from Cancel/Save to just Done Co-authored-by: armin.naimi <[email redacted]>

    Files
    2
    Added
    +180
    Removed
    −87
  10. feat: implement auto-save for forms with draft/publish mode for packs

    Cursor Agent aa48297c

    Commit notes

    - Add draftData and draftUpdatedAt columns to samplePacks schema - Add backend API endpoints for draft save, publish, and discard - Create useAutoSave hook for debounced auto-save functionality - Update PackEditDrawer with auto-save to draft and 'Publish Changes' button - Update SampleEditDrawer with direct auto-save on field changes - Add visual indicators for save status (saving, saved, pending, error) - Add discard draft button to revert to published values Co-authored-by: armin.naimi <[email redacted]>

    Files
    8
    Added
    +815
    Removed
    −39
  11. feat(drawer): add nested drawer support with vaul-svelte NestedRoot

    Cursor Agent 24bdb009

    Commit notes

    - Add 'nested' prop to Drawer component for proper drawer stacking - When nested=true, use Drawer.NestedRoot which allows parent drawer to scale down and the nested drawer to appear on top - Update ShareDialog to use nested=true since it's always opened from within another drawer (SampleEditDrawer or PackEditDrawer) - Move ShareDialog inside parent drawer content in SampleEditDrawer for proper vaul context inheritance - The dismissible prop is forwarded to handle clicking outside to close Co-authored-by: armin.naimi <[email redacted]>

    Files
    3
    Added
    +114
    Removed
    −51
  12. fix: use unsaved form values for AI cover generation

    Cursor Agent 74d0abc1

    Commit notes

    Pass the current form state (name, description) to AICoverGenerator instead of the saved pack values. This allows users to update the pack name or description and have those changes reflected in the AI cover generation without needing to save first. Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +11
    Removed
    −11
  13. Fix SharePopover positioning by using correct Melt UI popover pattern

    Cursor Agent 0f6a7efc

    Commit notes

    - Changed floatingConfig from function to object form to match other working popover implementations (Header, WorkspaceSwitcher, SequencerTrack) - Removed external 'open' state management in favor of popover's internal state - Moved state reset logic to () that reacts to popover.open changes - This fixes the issue where the popover appeared at top-left of screen instead of positioned relative to the trigger button Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +13
    Removed
    −15
  14. feat: remove prompting from AI cover generation

    Cursor Agent f971f634

    Commit notes

    - Remove custom prompt input field from UI - Remove refinement/refine functionality entirely - Remove embedPackName toggle - Remove context override toggles (pack name, description, project name) - Simplify to one-click generation based purely on pack metadata - Backend now only uses pack name, description, categories, moods, and tags - Frontend flow: Generate → Select → Apply (no prompting steps) AI covers are now generated automatically from: - Pack name (thematic hints) - Pack tags (visual hints) - Sample categories (visual elements) - Sample mood tags (color palette) Co-authored-by: armin.naimi <[email redacted]>

    Files
    6
    Added
    +82
    Removed
    −677
  15. feat: switch to Fal Flux Schnell for AI cover generation

    Cursor Agent 25185ea0

    Commit notes

    - Replace DALL-E 2 with Fal Flux Schnell (~$0.003 per image) - Much faster generation (1-2 seconds vs 10+ seconds) - Uses FAL_KEY environment variable (already configured) - Returns URLs that work with existing apply endpoint - 4 inference steps optimized for Schnell model Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +82
    Removed
    −44
  16. feat: use DALL-E 2 for cheaper AI cover generation

    Cursor Agent f9fe6f6a

    Commit notes

    - Switch from gpt-image-1 to dall-e-2 (~--.018 per image vs higher cost) - Use 512x512 resolution instead of 1024x1024 for placeholders - Faster generation and lower cost while still suitable for inspiration Co-authored-by: armin.naimi <[email redacted]>

    Files
    1
    Added
    +9
    Removed
    −15
  17. feat: unify AI cover generation to consistent placeholder style

    Cursor Agent bdfe4fea

    Commit notes

    - Replace 3 distinct styles (abstract, photographic, illustrated) with a unified minimalist placeholder aesthetic - All generated covers now share the same base style but vary through: - Variation emphasis (rounded/angular/flowing shapes) - Mood-based color palettes - Category-inspired visual elements - Pack name thematic hints - Update frontend labels from style names to variation descriptions - Update UI text to reflect 'placeholder inspiration' purpose - Maintain backwards compatibility with existing API contracts The unified style creates a consistent, recognizable aesthetic across all generated covers while still allowing contextual variation based on pack content. This makes the covers serve as clear placeholders and inspiration rather than final artwork. Co-authored-by: armin.naimi <[email redacted]>

    Files
    5
    Added
    +192
    Removed
    −148
  18. feat: enhance upload link form and received files panel

    Cursor Agent 88a75125

    Commit notes

    - Add workspace selector to upload link creation form - Add allow folder upload toggle option - Update ReceivedFilesPanel to show pending files summary - Link to full received files review page Co-authored-by: armin.naimi <[email redacted]>

    Files
    2
    Added
    +74
    Removed
    −26
  19. feat: add frontend support for folder uploads and received files review

    Cursor Agent 892d2286

    Commit notes

    - Update upload page with single file and folder upload modes - Add batch upload support with progress tracking - Create enhanced received files page with review UI - Add accept/reject actions for individual files and batches - Support creating packs from folder uploads - Add query hooks for pending files and review mutations - Update API client with new endpoint functions Co-authored-by: armin.naimi <[email redacted]>

    Files
    6
    Added
    +738
    Removed
    −28
  20. feat: add workspace upload links with batch/folder support and review system

    Cursor Agent 361224ee

    Commit notes

    - Add workspaceId and allowFolderUpload to uploadLinks table - Add review status, batch tracking, and target placement to uploadLinkFiles - Add review endpoints: accept/reject files, accept batch as pack - Support folder paths and batch IDs for grouped uploads - Create database migration 0016_workspace_upload_links.sql Co-authored-by: armin.naimi <[email redacted]>

    Files
    4
    Added
    +715
    Removed
    −4