chore: update versions (#2900)

This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @nhost/dashboard@1.30.0

### Minor Changes

- 50441a8: feat: add ui for project autoscaler settings and run services
autoscaler settings

## @nhost/docs@2.18.0

### Minor Changes

-   c4aa159: feat: added advanced TLS document

### Patch Changes

-   91f0465: feat: added turnstile guide

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.github/workflows/gen_ai_review.yaml

@@ -0,0 +1,28 @@
+---
+name: "gen: AI review"
+on:
+  pull_request:
+    types: [opened, reopened, ready_for_review]
+  issue_comment:
+jobs:
+  pr_agent_job:
+    if: ${{ github.event.sender.type != 'Bot' }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    permissions:
+      issues: write
+      pull-requests: write
+      contents: write
+    name: Run pr agent on every pull request, respond to user comments
+    steps:
+      - name: PR Agent action step
+        id: pragent
+        uses: Codium-ai/pr-agent@v0.24
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OPENAI_KEY: ${{ secrets.OPENAI_API_KEY }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          config.max_model_tokens: 100000
+          config.model: "anthropic/claude-3-5-sonnet-20240620"
+          config.model_turbo: "anthropic/claude-3-5-sonnet-20240620"
+          ignore.glob: "['pnpm-lock.yaml','**/pnpm-lock.yaml']"

audit-ci.jsonc

@@ -2,5 +2,5 @@
   // $schema provides code completion hints to IDEs.
   "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
   "moderate": true,
-  "allowlist": ["vue-template-compiler", "micromatch"]
+  "allowlist": ["vue-template-compiler", "micromatch", "path-to-regexp"]
 }

dashboard/.env.example

@@ -24,3 +24,4 @@ NEXT_PUBLIC_ZENDESK_USER_EMAIL=
 
 CODEGEN_GRAPHQL_URL=https://local.graphql.nhost.run/v1
 CODEGEN_HASURA_ADMIN_SECRET=nhost-admin-secret
+NEXT_PUBLIC_TURNSTILE_SITE_KEY=FIXME

dashboard/.npmrc

@@ -1 +1,3 @@
-link-workspace-packages = false
+link-workspace-packages = false
+auto-install-peers = false
+resolution-mode=highest

dashboard/CHANGELOG.md

@@ -1,5 +1,57 @@
 # @nhost/dashboard
 
+## 1.30.0
+
+### Minor Changes
+
+- 50441a8: feat: add ui for project autoscaler settings and run services autoscaler settings
+
+## 1.29.0
+
+### Minor Changes
+
+- 55d8bb5: feat: integrate turnstile for signup verification
+- 2a2e54c: fix: update docs url in run services form tooltip
+- 18f942f: fix: display long error messages in error toast without overflow
+
+### Patch Changes
+
+- @nhost/react-apollo@13.0.0
+- @nhost/nextjs@2.1.22
+
+## 1.28.2
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+- Updated dependencies [52a38fe]
+  - @nhost/nextjs@2.1.21
+
+## 1.28.1
+
+### Patch Changes
+
+- 9735fa2: chore: remove broken link
+
+## 1.28.0
+
+### Minor Changes
+
+- 526183a: feat: allow filtering users in "make request as" in graphql section
+- be3b85b: feat: add conceal errors toggle on auth settings page
+
+### Patch Changes
+
+- 35a2f12: fix: prevent run service details from opening when attempting to delete
+  - @nhost/react-apollo@12.0.6
+  - @nhost/nextjs@2.1.20
+
+## 1.27.0
+
+### Minor Changes
+
+- a7cd02c: fix: resolve rate limit query
+
 ## 1.26.0
 
 ### Minor Changes

dashboard/e2e/auth/ban-user.test.ts

@@ -1,6 +1,6 @@
 import {
-  TEST_PROJECT_NAME,
-  TEST_PROJECT_SLUG,
+  PRO_TEST_PROJECT_NAME,
+  PRO_TEST_PROJECT_SLUG,
   TEST_WORKSPACE_SLUG,
 } from '@/e2e/env';
 import { createUser, generateTestEmail, openProject } from '@/e2e/utils';
@@ -12,9 +12,9 @@ test('should be able to ban and unban a user', async ({ page }) => {
 
   await openProject({
     page,
-    projectName: TEST_PROJECT_NAME,
+    projectName: PRO_TEST_PROJECT_NAME,
     workspaceSlug: TEST_WORKSPACE_SLUG,
-    projectSlug: TEST_PROJECT_SLUG,
+    projectSlug: PRO_TEST_PROJECT_SLUG,
   });
 
   await page
@@ -22,7 +22,9 @@ test('should be able to ban and unban a user', async ({ page }) => {
     .getByRole('link', { name: /auth/i })
     .click();
 
-  await page.waitForURL(`/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/users`);
+  await page.waitForURL(
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/users`,
+  );
 
   const email = generateTestEmail();
   const password = faker.internet.password();

dashboard/e2e/auth/create-user.test.ts

@@ -1,6 +1,6 @@
 import {
-  TEST_PROJECT_NAME,
-  TEST_PROJECT_SLUG,
+  PRO_TEST_PROJECT_NAME,
+  PRO_TEST_PROJECT_SLUG,
   TEST_WORKSPACE_SLUG,
 } from '@/e2e/env';
 import { createUser, generateTestEmail, openProject } from '@/e2e/utils';
@@ -19,9 +19,9 @@ test.beforeEach(async () => {
 
   await openProject({
     page,
-    projectName: TEST_PROJECT_NAME,
+    projectName: PRO_TEST_PROJECT_NAME,
     workspaceSlug: TEST_WORKSPACE_SLUG,
-    projectSlug: TEST_PROJECT_SLUG,
+    projectSlug: PRO_TEST_PROJECT_SLUG,
   });
 
   await page
@@ -29,7 +29,9 @@ test.beforeEach(async () => {
     .getByRole('link', { name: /auth/i })
     .click();
 
-  await page.waitForURL(`/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/users`);
+  await page.waitForURL(
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/users`,
+  );
 });
 
 test.afterAll(async () => {

dashboard/e2e/auth/delete-user.test.ts

@@ -1,6 +1,6 @@
 import {
-  TEST_PROJECT_NAME,
-  TEST_PROJECT_SLUG,
+  PRO_TEST_PROJECT_NAME,
+  PRO_TEST_PROJECT_SLUG,
   TEST_WORKSPACE_SLUG,
 } from '@/e2e/env';
 import { createUser, generateTestEmail, openProject } from '@/e2e/utils';
@@ -19,9 +19,9 @@ test.beforeEach(async () => {
 
   await openProject({
     page,
-    projectName: TEST_PROJECT_NAME,
+    projectName: PRO_TEST_PROJECT_NAME,
     workspaceSlug: TEST_WORKSPACE_SLUG,
-    projectSlug: TEST_PROJECT_SLUG,
+    projectSlug: PRO_TEST_PROJECT_SLUG,
   });
 
   await page
@@ -29,7 +29,9 @@ test.beforeEach(async () => {
     .getByRole('link', { name: /auth/i })
     .click();
 
-  await page.waitForURL(`/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/users`);
+  await page.waitForURL(
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/users`,
+  );
 });
 
 test.afterAll(async () => {

dashboard/e2e/auth/verify-user.test.ts

@@ -1,6 +1,6 @@
 import {
-  TEST_PROJECT_NAME,
-  TEST_PROJECT_SLUG,
+  PRO_TEST_PROJECT_NAME,
+  PRO_TEST_PROJECT_SLUG,
   TEST_WORKSPACE_SLUG,
 } from '@/e2e/env';
 import { createUser, generateTestEmail, openProject } from '@/e2e/utils';
@@ -19,9 +19,9 @@ test.beforeEach(async () => {
 
   await openProject({
     page,
-    projectName: TEST_PROJECT_NAME,
+    projectName: PRO_TEST_PROJECT_NAME,
     workspaceSlug: TEST_WORKSPACE_SLUG,
-    projectSlug: TEST_PROJECT_SLUG,
+    projectSlug: PRO_TEST_PROJECT_SLUG,
   });
 
   await page
@@ -29,7 +29,9 @@ test.beforeEach(async () => {
     .getByRole('link', { name: /auth/i })
     .click();
 
-  await page.waitForURL(`/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/users`);
+  await page.waitForURL(
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/users`,
+  );
 });
 
 test.afterAll(async () => {

dashboard/e2e/database/create-table.test.ts

@@ -1,6 +1,6 @@
 import {
-  TEST_PROJECT_NAME,
-  TEST_PROJECT_SLUG,
+  PRO_TEST_PROJECT_NAME,
+  PRO_TEST_PROJECT_SLUG,
   TEST_WORKSPACE_SLUG,
 } from '@/e2e/env';
 import { openProject, prepareTable } from '@/e2e/utils';
@@ -20,9 +20,9 @@ test.beforeEach(async () => {
 
   await openProject({
     page,
-    projectName: TEST_PROJECT_NAME,
+    projectName: PRO_TEST_PROJECT_NAME,
     workspaceSlug: TEST_WORKSPACE_SLUG,
-    projectSlug: TEST_PROJECT_SLUG,
+    projectSlug: PRO_TEST_PROJECT_SLUG,
   });
 
   await page
@@ -55,7 +55,7 @@ test('should create a simple table', async () => {
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
   );
 
   await expect(
@@ -84,7 +84,7 @@ test('should create a table with unique constraints', async () => {
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
   );
 
   await expect(
@@ -113,7 +113,7 @@ test('should create a table with nullable columns', async () => {
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
   );
 
   await expect(
@@ -146,7 +146,7 @@ test('should create a table with an identity column', async () => {
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
   );
 
   await expect(
@@ -174,7 +174,7 @@ test('should create table with foreign key constraint', async () => {
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${firstTableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${firstTableName}`,
   );
 
   await page.getByRole('button', { name: /new table/i }).click();
@@ -219,7 +219,7 @@ test('should create table with foreign key constraint', async () => {
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${secondTableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${secondTableName}`,
   );
 
   await expect(
@@ -247,7 +247,7 @@ test('should not be able to create a table with a name that already exists', asy
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
   );
 
   await page.getByRole('button', { name: /new table/i }).click();

dashboard/e2e/database/delete-table.test.ts

@@ -1,6 +1,6 @@
 import {
-  TEST_PROJECT_NAME,
-  TEST_PROJECT_SLUG,
+  PRO_TEST_PROJECT_NAME,
+  PRO_TEST_PROJECT_SLUG,
   TEST_WORKSPACE_SLUG,
 } from '@/e2e/env';
 import { deleteTable, openProject, prepareTable } from '@/e2e/utils';
@@ -20,9 +20,9 @@ test.beforeEach(async () => {
 
   await openProject({
     page,
-    projectName: TEST_PROJECT_NAME,
+    projectName: PRO_TEST_PROJECT_NAME,
     workspaceSlug: TEST_WORKSPACE_SLUG,
-    projectSlug: TEST_PROJECT_SLUG,
+    projectSlug: PRO_TEST_PROJECT_SLUG,
   });
 
   await page
@@ -53,7 +53,7 @@ test('should delete a table', async () => {
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${tableName}`,
   );
 
   await deleteTable({
@@ -63,7 +63,7 @@ test('should delete a table', async () => {
 
   // navigate to next URL
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/**`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/**`,
   );
 
   await expect(
@@ -91,7 +91,7 @@ test('should not be able to delete a table if other tables have foreign keys ref
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${firstTableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${firstTableName}`,
   );
 
   await page.getByRole('button', { name: /new table/i }).click();
@@ -138,7 +138,7 @@ test('should not be able to delete a table if other tables have foreign keys ref
   await page.getByRole('button', { name: /create/i }).click();
 
   await page.waitForURL(
-    `/${TEST_WORKSPACE_SLUG}/${TEST_PROJECT_SLUG}/database/browser/default/public/${secondTableName}`,
+    `/${TEST_WORKSPACE_SLUG}/${PRO_TEST_PROJECT_SLUG}/database/browser/default/public/${secondTableName}`,
   );
 
   await expect(

dashboard/e2e/run/run.test.ts

@@ -39,34 +39,14 @@ test('should create and delete a run service', async () => {
   await page.getByPlaceholder(/service name/i).click();
   await page.getByPlaceholder(/service name/i).fill('test');
 
-  const sliderRail = page.locator(
-    '.space-y-4 > .MuiSlider-root > .MuiSlider-rail',
-  );
-
-  // Get the bounding box of the slider rail to determine where to click
-  const box = await sliderRail.boundingBox();
-
-  if (box) {
-    // Calculate the position to click (start of the rail)
-    const x = box.x + 1; // A little offset to ensure click inside the rail
-    const y = box.y + box.height / 2; // Middle of the rail height-wise
-
-    // Perform the click
-    await page.mouse.click(x, y);
-  }
-
   await page.getByRole('button', { name: /create/i }).click();
 
   await expect(
     page.getByRole('heading', { name: /confirm resources/i }),
   ).toBeVisible();
 
-  await page.waitForTimeout(1000);
-
   await page.getByRole('button', { name: /confirm/i }).click();
 
-  await expect(page.getByRole('dialog')).toBeVisible();
-
   await expect(
     page.getByRole('heading', { name: /service details/i }),
   ).toBeVisible();
@@ -74,16 +54,14 @@ test('should create and delete a run service', async () => {
   await page.getByRole('button', { name: /ok/i }).click();
 
   await expect(page.getByRole('heading', { name: /test/i })).toBeVisible();
+
   await page.getByLabel(/more options/i).click();
+
   await page.getByRole('menuitem', { name: /delete service/i }).click();
 
   await page.getByLabel(/confirm delete project #/i).check();
-  await page
-    .getByText(/delete service/i)
-    .nth(2)
-    .click();
 
-  await page.getByLabel('Close').click();
+  await page.getByRole('button', { name: /delete service/i }).click();
 
   await expect(
     page

dashboard/next-env.d.ts

@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/basic-features/typescript for more information.
+// see https://nextjs.org/docs/pages/building-your-application/configuring/typescript for more information.

dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/dashboard",
-  "version": "1.26.0",
+  "version": "1.30.0",
   "private": true,
   "scripts": {
     "preinstall": "npx only-allow pnpm",
@@ -35,6 +35,7 @@
     "@heroicons/react": "^1.0.6",
     "@hookform/resolvers": "^3.3.4",
     "@iarna/toml": "^2.2.5",
+    "@marsidev/react-turnstile": "^1.0.2",
     "@mui/base": "5.0.0-beta.31",
     "@mui/material": "^5.15.14",
     "@mui/system": "^5.15.14",
@@ -65,7 +66,7 @@
     "graphql-ws": "^5.16.0",
     "just-kebab-case": "^4.2.0",
     "lodash.debounce": "^4.0.8",
-    "next": "^14.1.4",
+    "next": "^14.2.10",
     "next-seo": "^6.5.0",
     "node-pg-format": "^1.3.5",
     "pluralize": "^8.0.0",
@@ -165,7 +166,7 @@
     "tailwindcss": "^3.4.3",
     "ts-node": "^10.9.2",
     "tsconfig-paths-webpack-plugin": "^4.1.0",
-    "vite": "^5.2.7",
+    "vite": "^5.4.6",
     "vite-tsconfig-paths": "^4.3.2",
     "vitest": "^0.32.4"
   },

dashboard/playwright.config.ts

@@ -10,10 +10,10 @@ export default defineConfig({
   expect: {
     timeout: 5000,
   },
-  fullyParallel: true,
+  fullyParallel: false,
   forbidOnly: !!process.env.CI,
   retries: process.env.CI ? 2 : 0,
-  workers: process.env.CI ? 1 : undefined,
+  workers: 1,
   reporter: 'html',
   globalTeardown: require.resolve('./global-teardown'),
   use: {

dashboard/src/components/ui/v2/ErrorToast/ErrorToast.tsx

@@ -112,18 +112,24 @@ export default function ErrorToast({
             bounce: 0.1,
           }}
         >
-          <div className="flex w-full flex-row items-center justify-between space-x-4">
-            <button onClick={close} type="button" aria-label="Close">
+          <div className="flex w-full flex-row items-center justify-between gap-4">
+            <button
+              className="flex-shrink-0"
+              onClick={close}
+              type="button"
+              aria-label="Close"
+            >
               <XIcon className="h-4 w-4 text-white" />
             </button>
-            <span>
+            <span className="flex-grow overflow-hidden break-words">
               {msg ?? 'An unkown error has occured, please try again later!'}
             </span>
 
             <button
               type="button"
               onClick={() => setShowInfo(!showInfo)}
-              className="flex flex-row items-center justify-center space-x-2 text-white"
+              className="flex flex-shrink-0 flex-row items-center justify-center space-x-2 text-white"
+              aria-label="Show error details"
             >
               <span>Info</span>
               {showInfo ? (

dashboard/src/components/ui/v2/icons/InfoOutlinedIcon/InfoOutlinedIcon.tsx

@@ -0,0 +1,45 @@
+import type { IconProps } from '@/components/ui/v2/icons';
+import { SvgIcon } from '@/components/ui/v2/icons/SvgIcon';
+import type { ForwardedRef } from 'react';
+import { forwardRef } from 'react';
+
+function InfoOutlinedIcon(props: IconProps, ref: ForwardedRef<SVGSVGElement>) {
+  return (
+    <SvgIcon
+      width="24"
+      height="24"
+      xmlns="http://www.w3.org/2000/svg"
+      viewBox="0 0 24 24"
+      aria-label="Info"
+      stroke="currentColor"
+      ref={ref}
+      {...props}
+    >
+      <path
+        fill="none"
+        d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z"
+        strokeWidth="2"
+        strokeLinecap="round"
+        strokeLinejoin="round"
+      />
+      <path
+        fill="none"
+        d="M12 16V12"
+        strokeWidth="2"
+        strokeLinecap="round"
+        strokeLinejoin="round"
+      />
+      <path
+        fill="none"
+        d="M12 8H12.01"
+        strokeWidth="2"
+        strokeLinecap="round"
+        strokeLinejoin="round"
+      />
+    </SvgIcon>
+  );
+}
+
+InfoOutlinedIcon.displayName = 'NhostInfoOutlinedIcon';
+
+export default forwardRef(InfoOutlinedIcon);

dashboard/src/components/ui/v2/icons/InfoOutlinedIcon/index.ts

@@ -0,0 +1 @@
+export { default as InfoOutlinedIcon } from './InfoOutlinedIcon';

dashboard/src/features/authentication/settings/components/ConcealErrorsSettings/ConcealErrorsSettings.tsx

@@ -0,0 +1,136 @@
+import { ApplyLocalSettingsDialog } from '@/components/common/ApplyLocalSettingsDialog';
+import { useDialog } from '@/components/common/DialogProvider';
+import { useUI } from '@/components/common/UIProvider';
+import { Form } from '@/components/form/Form';
+import { SettingsContainer } from '@/components/layout/SettingsContainer';
+import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
+import { useCurrentWorkspaceAndProject } from '@/features/projects/common/hooks/useCurrentWorkspaceAndProject';
+import { useIsPlatform } from '@/features/projects/common/hooks/useIsPlatform';
+import { useLocalMimirClient } from '@/hooks/useLocalMimirClient';
+import { execPromiseWithErrorToast } from '@/utils/execPromiseWithErrorToast';
+import {
+  GetAuthenticationSettingsDocument,
+  useGetAuthenticationSettingsQuery,
+  useUpdateConfigMutation,
+} from '@/utils/__generated__/graphql';
+import { useEffect } from 'react';
+import { FormProvider, useForm } from 'react-hook-form';
+import * as Yup from 'yup';
+
+const validationSchema = Yup.object({
+  enabled: Yup.boolean(),
+});
+
+export type ToggleConcealErrorsFormValues = Yup.InferType<
+  typeof validationSchema
+>;
+
+export default function ConcealErrorsSettings() {
+  const { openDialog } = useDialog();
+  const isPlatform = useIsPlatform();
+  const { maintenanceActive } = useUI();
+  const localMimirClient = useLocalMimirClient();
+  const { currentProject } = useCurrentWorkspaceAndProject();
+  const [updateConfig] = useUpdateConfigMutation({
+    refetchQueries: [GetAuthenticationSettingsDocument],
+    ...(!isPlatform ? { client: localMimirClient } : {}),
+  });
+
+  const { data, loading, error } = useGetAuthenticationSettingsQuery({
+    variables: { appId: currentProject?.id },
+    ...(!isPlatform ? { client: localMimirClient } : {}),
+  });
+
+  const form = useForm<ToggleConcealErrorsFormValues>({
+    reValidateMode: 'onSubmit',
+    defaultValues: {
+      enabled: data?.config?.auth?.misc?.concealErrors,
+    },
+  });
+
+  useEffect(() => {
+    if (!loading) {
+      form.reset({
+        enabled: data?.config?.auth?.misc?.concealErrors,
+      });
+    }
+  }, [loading, data, form]);
+
+  if (loading) {
+    return (
+      <ActivityIndicator
+        delay={1000}
+        label="Loading conceal error settings..."
+        className="justify-center"
+      />
+    );
+  }
+
+  if (error) {
+    throw error;
+  }
+
+  const { formState } = form;
+
+  const handleToggleConcealErrors = async (
+    values: ToggleConcealErrorsFormValues,
+  ) => {
+    const updateConfigPromise = updateConfig({
+      variables: {
+        appId: currentProject.id,
+        config: {
+          auth: {
+            misc: {
+              concealErrors: values.enabled,
+            },
+          },
+        },
+      },
+    });
+
+    await execPromiseWithErrorToast(
+      async () => {
+        await updateConfigPromise;
+        form.reset(values);
+
+        if (!isPlatform) {
+          openDialog({
+            title: 'Apply your changes',
+            component: <ApplyLocalSettingsDialog />,
+            props: {
+              PaperProps: {
+                className: 'max-w-2xl',
+              },
+            },
+          });
+        }
+      },
+      {
+        loadingMessage: 'Updating conceal error settings...',
+        successMessage: 'Conceal error settings updated successfully.',
+        errorMessage:
+          'Failed to update conceal error settings. Please try again.',
+      },
+    );
+  };
+
+  return (
+    <FormProvider {...form}>
+      <Form onSubmit={handleToggleConcealErrors}>
+        <SettingsContainer
+          title="Conceal errors"
+          description="If set, conceals sensitive error messages to prevent leaking information about user accounts."
+          switchId="enabled"
+          showSwitch
+          slotProps={{
+            submitButton: {
+              disabled: !formState.isDirty || maintenanceActive,
+              loading: formState.isSubmitting,
+            },
+          }}
+          className="hidden"
+        />
+      </Form>
+    </FormProvider>
+  );
+}

dashboard/src/features/authentication/settings/components/ConcealErrorsSettings/index.ts

@@ -0,0 +1 @@
+export { default as ConcealErrorsSettings } from './ConcealErrorsSettings';

dashboard/src/features/authentication/settings/gql/getAuthenticationSettings.gql

@@ -50,6 +50,9 @@ query GetAuthenticationSettings($appId: uuid!) {
           default
         }
       }
+      misc {
+        concealErrors
+      }
       version
     }
   }

dashboard/src/features/database/dataGrid/components/DataBrowserSidebar/DataBrowserSidebar.tsx

@@ -12,7 +12,6 @@ import { Chip } from '@/components/ui/v2/Chip';
 import { Divider } from '@/components/ui/v2/Divider';
 import { Dropdown } from '@/components/ui/v2/Dropdown';
 import { IconButton } from '@/components/ui/v2/IconButton';
-import { ArrowRightIcon } from '@/components/ui/v2/icons/ArrowRightIcon';
 import { DotsHorizontalIcon } from '@/components/ui/v2/icons/DotsHorizontalIcon';
 import { LockIcon } from '@/components/ui/v2/icons/LockIcon';
 import { PencilIcon } from '@/components/ui/v2/icons/PencilIcon';
@@ -20,7 +19,6 @@ import { PlusIcon } from '@/components/ui/v2/icons/PlusIcon';
 import { TerminalIcon } from '@/components/ui/v2/icons/TerminalIcon';
 import { TrashIcon } from '@/components/ui/v2/icons/TrashIcon';
 import { UsersIcon } from '@/components/ui/v2/icons/UsersIcon';
-import { Link } from '@/components/ui/v2/Link';
 import { List } from '@/components/ui/v2/List';
 import { ListItem } from '@/components/ui/v2/ListItem';
 import { Option } from '@/components/ui/v2/Option';
@@ -312,15 +310,6 @@ function DataBrowserSidebarContent({
               Your project is connected to GitHub. Please use the CLI to make
               schema changes.
             </Text>
-            <Link
-              href="https://docs.nhost.io/platform/github-integration"
-              target="_blank"
-              rel="noopener noreferrer"
-              underline="hover"
-              className="grid items-center justify-start grid-flow-col gap-1"
-            >
-              Learn More <ArrowRightIcon />
-            </Link>
           </Box>
         )}
         {!isSelectedSchemaLocked && (

dashboard/src/features/graphql/common/components/UserSelect/UserSelect.tsx

@@ -1,11 +1,12 @@
-import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
-import { Option } from '@/components/ui/v2/Option';
-import { Select } from '@/components/ui/v2/Select';
+import { Autocomplete } from '@/components/ui/v2/Autocomplete';
 import { DEFAULT_ROLES } from '@/features/graphql/common/utils/constants';
-import { useCurrentWorkspaceAndProject } from '@/features/projects/common/hooks/useCurrentWorkspaceAndProject';
 import { useRemoteApplicationGQLClient } from '@/hooks/useRemoteApplicationGQLClient';
-import type { RemoteAppGetUsersCustomQuery } from '@/utils/__generated__/graphql';
-import { useRemoteAppGetUsersCustomQuery } from '@/utils/__generated__/graphql';
+import {
+  useRemoteAppGetUsersCustomLazyQuery,
+  type RemoteAppGetUsersCustomQuery,
+} from '@/utils/__generated__/graphql';
+import { debounce } from '@mui/material/utils';
+import { useCallback, useEffect, useMemo, useState } from 'react';
 
 export interface UserSelectProps {
   /**
@@ -13,7 +14,7 @@ export interface UserSelectProps {
    */
   onUserChange: (userId: string, availableRoles?: string[]) => void;
   /**
-   * Class name to be applied to the `<Select />` element.
+   * Class name to be applied to the `<Autocomplete />` element.
    */
   className?: string;
 }
@@ -22,35 +23,87 @@ export default function UserSelect({
   onUserChange,
   ...props
 }: UserSelectProps) {
-  const { currentProject } = useCurrentWorkspaceAndProject();
+  const [inputValue, setInputValue] = useState('');
+  const [users, setUsers] = useState([]);
+  const [active, setActive] = useState(true);
+
   const userApplicationClient = useRemoteApplicationGQLClient();
-  const { data, loading, error } = useRemoteAppGetUsersCustomQuery({
+
+  const [fetchAppUsers, { loading }] = useRemoteAppGetUsersCustomLazyQuery({
     client: userApplicationClient,
-    variables: { where: {}, limit: 250, offset: 0 },
-    skip: !currentProject,
+    variables: {
+      where: {},
+      limit: 250,
+      offset: 0,
+    },
   });
 
-  if (loading) {
-    return (
-      <div className={props.className}>
-        <ActivityIndicator label="Loading users..." delay={500} />
-      </div>
-    );
-  }
+  const fetchUsers = useCallback(
+    async (
+      request: { input: string },
+      callback: (results?: RemoteAppGetUsersCustomQuery['users']) => void,
+    ) => {
+      const ilike = `%${request.input === 'Admin' ? '' : request.input}%`;
+      const { data } = await fetchAppUsers({
+        client: userApplicationClient,
+        variables: {
+          where: {
+            displayName: { _ilike: ilike },
+          },
+          limit: 250,
+          offset: 0,
+        },
+      });
 
-  if (error) {
-    throw error;
-  }
+      callback(data?.users);
+    },
+    [fetchAppUsers, userApplicationClient],
+  );
+
+  const fetchOptions = useMemo(() => debounce(fetchUsers, 1000), [fetchUsers]);
+
+  useEffect(() => {
+    fetchOptions({ input: inputValue }, (results) => {
+      if (active || inputValue === '') {
+        setUsers(results);
+      }
+    });
+  }, [inputValue, fetchOptions, active]);
+
+  const autocompleteOptions = [
+    {
+      value: 'admin',
+      label: 'Admin',
+      group: 'Admin',
+    },
+    ...users.map((user) => ({
+      value: user.id,
+      label: user.displayName,
+      group: 'Users',
+    })),
+  ];
 
   return (
-    <Select
+    <Autocomplete
       {...props}
       id="user-select"
-      label="Make Request As"
-      hideEmptyHelperText
-      defaultValue="admin"
-      slotProps={{ root: { className: 'truncate' } }}
-      onChange={(_event, userId) => {
+      label="Make request as"
+      options={autocompleteOptions}
+      defaultValue={{
+        value: 'admin',
+        label: 'Admin',
+        group: 'Admin',
+      }}
+      autoComplete
+      fullWidth
+      autoSelect
+      groupBy={(option) => option.group}
+      autoHighlight
+      includeInputInList
+      loading={loading}
+      onChange={(_event, _value, reason, details) => {
+        setActive(false);
+        const userId = details.option.value;
         if (typeof userId !== 'string') {
           return;
         }
@@ -61,22 +114,23 @@ export default function UserSelect({
           return;
         }
 
-        const user: RemoteAppGetUsersCustomQuery['users'][0] = data?.users.find(
+        const user: RemoteAppGetUsersCustomQuery['users'][0] = users.find(
           ({ id }) => id === userId,
         );
 
-        const roles = user?.roles.map(({ role }) => role);
+        const roles = user?.roles?.map(({ role }) => role);
 
-        onUserChange(user.id, roles);
+        onUserChange(userId, roles ?? DEFAULT_ROLES);
+
+        fetchUsers({ input: '' }, (results) => {
+          if (results) {
+            setUsers(results);
+          }
+        });
       }}
-    >
-      <Option value="admin">Admin</Option>
-
-      {data?.users.map(({ id, displayName, email, phoneNumber }) => (
-        <Option key={id} value={id}>
-          {displayName || email || phoneNumber || id}
-        </Option>
-      ))}
-    </Select>
+      onInputChange={(event, newInputValue) => {
+        setInputValue(newInputValue);
+      }}
+    />
   );
 }

dashboard/src/features/graphql/common/hooks/index.ts

@@ -0,0 +1 @@
+export { default as useGetAppUsers } from './useGetAppUsers';

dashboard/src/features/graphql/common/hooks/useGetAppUsers.ts

@@ -0,0 +1,54 @@
+import { useCurrentWorkspaceAndProject } from '@/features/projects/common/hooks/useCurrentWorkspaceAndProject';
+import { useRemoteApplicationGQLClient } from '@/hooks/useRemoteApplicationGQLClient';
+import type {
+  RemoteAppGetUsersCustomQuery,
+  RemoteAppGetUsersCustomQueryVariables,
+} from '@/utils/__generated__/graphql';
+import { useRemoteAppGetUsersCustomQuery } from '@/utils/__generated__/graphql';
+import type { QueryHookOptions } from '@apollo/client';
+
+export type UseFilesOptions = {
+  searchString?: string;
+  limit?: number;
+  offset?: number;
+  /**
+   * Custom options for the query.
+   */
+  options?: QueryHookOptions<
+    RemoteAppGetUsersCustomQuery,
+    RemoteAppGetUsersCustomQueryVariables
+  >;
+};
+
+export default function useGetAppUsers({
+  searchString,
+  limit = 250,
+  offset = 0,
+  options = {},
+}: UseFilesOptions) {
+  const { currentProject } = useCurrentWorkspaceAndProject();
+  const userApplicationClient = useRemoteApplicationGQLClient();
+  const { data, error, loading } = useRemoteAppGetUsersCustomQuery({
+    ...options,
+    client: userApplicationClient,
+    variables: {
+      ...options.variables,
+      where: searchString
+        ? {
+            displayName: { _ilike: `%${searchString}%` },
+          }
+        : {},
+      limit,
+      offset,
+    },
+    skip: !currentProject,
+  });
+
+  const users = data?.users || [];
+
+  return {
+    users,
+    loading,
+    error,
+  };
+}

dashboard/src/features/projects/rate-limiting/settings/components/AuthLimitingForm/AuthLimitingForm.tsx

@@ -248,8 +248,6 @@ export default function AuthLimitingForm() {
       >
         <SettingsContainer
           title="Auth"
-          switchId="enabled"
-          showSwitch
           slotProps={{
             submitButton: {
               disabled: !formState.isDirty || maintenanceActive,

dashboard/src/features/projects/rate-limiting/settings/hooks/useGetRateLimits/useGetRateLimits.ts

@@ -13,7 +13,7 @@ export default function useGetRateLimits() {
   const { data, loading } = useGetRateLimitConfigQuery({
     variables: {
       appId: currentProject?.id,
-      resolve: false,
+      resolve: true,
     },
     skip: !currentProject,
     ...(!isPlatform ? { client: localMimirClient } : {}),

dashboard/src/features/projects/resources/settings/components/ResourcesForm/ResourcesForm.test.tsx

@@ -14,6 +14,7 @@ import {
   fireEvent,
   render,
   screen,
+  waitFor,
   waitForElementToBeRemoved,
   within,
 } from '@/tests/testUtils';
@@ -78,7 +79,7 @@ test('should show the sliders if the switch is enabled', async () => {
   await user.click(screen.getByRole('checkbox'));
 
   expect(screen.queryByText(/enable this feature/i)).not.toBeInTheDocument();
-  expect(screen.getAllByRole('slider')).toHaveLength(12);
+  expect(screen.getAllByRole('slider')).toHaveLength(9);
 });
 
 test('should not show an empty state message if there is data available', async () => {
@@ -89,7 +90,7 @@ test('should not show an empty state message if there is data available', async
   ).toBeInTheDocument();
 
   expect(screen.queryByText(/enable this feature/i)).not.toBeInTheDocument();
-  expect(screen.getAllByRole('slider')).toHaveLength(12);
+  expect(screen.getAllByRole('slider')).toHaveLength(9);
   expect(screen.getByText(/^vcpus:/i)).toHaveTextContent(/vcpus: 8/i);
   expect(screen.getByText(/^memory:/i)).toHaveTextContent(/memory: 16384 mib/i);
 });
@@ -267,7 +268,7 @@ test('should display a red button when custom resources are disabled', async ()
     await screen.findByRole('slider', { name: /total available vcpu/i }),
   ).toBeInTheDocument();
 
-  await user.click(screen.getByRole('checkbox'));
+  await user.click(screen.getAllByRole('checkbox')[0]);
 
   expect(screen.getByText(/enable this feature/i)).toBeInTheDocument();
   expect(screen.getByText(/approximate cost:/i)).toHaveTextContent(
@@ -297,7 +298,8 @@ test('should hide the pricing information when custom resource allocation is dis
     await screen.findByRole('slider', { name: /total available vcpu/i }),
   ).toBeInTheDocument();
 
-  await user.click(screen.getByRole('checkbox'));
+  await user.click(screen.getAllByRole('checkbox')[0]);
+
   await user.click(screen.getByRole('button', { name: /save/i }));
 
   expect(await screen.findByRole('dialog')).toBeInTheDocument();
@@ -333,6 +335,8 @@ test('should show a warning message when resources are overallocated', async ()
 });
 
 test('should change pricing based on selected replicas', async () => {
+  const user = userEvent.setup();
+
   render(<ResourcesForm />);
 
   expect(
@@ -343,23 +347,31 @@ test('should change pricing based on selected replicas', async () => {
     /approximate cost: \$425\.00\/mo/i,
   );
 
-  changeSliderValue(
-    screen.getByRole('slider', { name: /hasura graphql replicas/i }),
-    2,
+  const hasuraReplicasInput = screen.getAllByPlaceholderText('Replicas')[0];
+
+  await user.click(hasuraReplicasInput);
+  await user.clear(hasuraReplicasInput);
+  await user.type(hasuraReplicasInput, '2');
+
+  await new Promise((resolve) => {
+    setTimeout(resolve, 1000);
+  });
+
+  await waitFor(() =>
+    expect(screen.getByText(/approximate cost:/i)).toHaveTextContent(
+      /approximate cost: \$525\.00\/mo/i,
+    ),
   );
 
-  expect(screen.getByText(/approximate cost:/i)).toHaveTextContent(
-    /approximate cost: \$525\.00\/mo/i,
-  );
+  await user.click(hasuraReplicasInput);
+  await user.clear(hasuraReplicasInput);
+  await user.type(hasuraReplicasInput, '1');
 
-  changeSliderValue(
-    screen.getByRole('slider', { name: /hasura graphql replicas/i }),
-    1,
-  );
-
-  expect(screen.getByText(/approximate cost:/i)).toHaveTextContent(
-    /approximate cost: \$425\.00\/mo/i,
-  );
+  await waitFor(() => {
+    expect(screen.getByText(/approximate cost:/i)).toHaveTextContent(
+      /approximate cost: \$425\.00\/mo/i,
+    );
+  });
 });
 
 test('should validate if vCPU and Memory match the 1:2 ratio if more than 1 replica is selected', async () => {
@@ -378,10 +390,10 @@ test('should validate if vCPU and Memory match the 1:2 ratio if more than 1 repl
     20 * RESOURCE_VCPU_MULTIPLIER,
   );
 
-  changeSliderValue(
-    screen.getByRole('slider', { name: /storage replicas/i }),
-    2,
-  );
+  const storageReplicasInput = screen.getAllByPlaceholderText('Replicas')[2];
+  await user.click(storageReplicasInput);
+  await user.clear(storageReplicasInput);
+  await user.type(storageReplicasInput, '2');
 
   changeSliderValue(
     screen.getByRole('slider', { name: /storage vcpu/i }),
@@ -402,12 +414,13 @@ test('should validate if vCPU and Memory match the 1:2 ratio if more than 1 repl
     ),
   ).toBeInTheDocument();
 
-  const validationErrorMessage = screen.getByLabelText(
-    /vcpu and memory for this service must match the 1:2 ratio if more than one replica is selected\./i,
-  );
-
-  expect(validationErrorMessage).toBeInTheDocument();
-  expect(validationErrorMessage).toHaveStyle({ color: '#f13154' });
+  await waitFor(() => {
+    const validationErrorMessage = screen.getByText(
+      /vCPU and Memory for this service must follow a 1:2 ratio when more than one replica is selected or when the autoscaler is activated\./i,
+    );
+    expect(validationErrorMessage).toBeInTheDocument();
+    expect(validationErrorMessage).toHaveStyle({ color: '#f13154' });
+  });
 });
 
 test('should take replicas into account when confirming the resources', async () => {
@@ -436,11 +449,11 @@ test('should take replicas into account when confirming the resources', async ()
     4 * RESOURCE_MEMORY_MULTIPLIER,
   );
 
-  // setting up hasura
-  changeSliderValue(
-    screen.getByRole('slider', { name: /hasura graphql replicas/i }),
-    3,
-  );
+  const hasuraReplicasInput = screen.getAllByPlaceholderText('Replicas')[0];
+  await user.click(hasuraReplicasInput);
+  await user.clear(hasuraReplicasInput);
+  await user.type(hasuraReplicasInput, '3');
+
   changeSliderValue(
     screen.getByRole('slider', { name: /hasura graphql vcpu/i }),
     2.5 * RESOURCE_VCPU_MULTIPLIER,
@@ -450,8 +463,12 @@ test('should take replicas into account when confirming the resources', async ()
     5 * RESOURCE_MEMORY_MULTIPLIER,
   );
 
+  const authReplicasInput = screen.getAllByPlaceholderText('Replicas')[1];
   // setting up auth
-  changeSliderValue(screen.getByRole('slider', { name: /auth replicas/i }), 2);
+  await user.click(authReplicasInput);
+  await user.clear(authReplicasInput);
+  await user.type(authReplicasInput, '2');
+
   changeSliderValue(
     screen.getByRole('slider', { name: /auth vcpu/i }),
     1.5 * RESOURCE_VCPU_MULTIPLIER,
@@ -461,11 +478,12 @@ test('should take replicas into account when confirming the resources', async ()
     3 * RESOURCE_MEMORY_MULTIPLIER,
   );
 
+  const storageReplicasInput = screen.getAllByPlaceholderText('Replicas')[2];
   // setting up storage
-  changeSliderValue(
-    screen.getByRole('slider', { name: /storage replicas/i }),
-    4,
-  );
+  await user.click(storageReplicasInput);
+  await user.clear(storageReplicasInput);
+  await user.type(storageReplicasInput, '4');
+
   changeSliderValue(
     screen.getByRole('slider', { name: /storage vcpu/i }),
     2.5 * RESOURCE_VCPU_MULTIPLIER,

dashboard/src/features/projects/resources/settings/components/ResourcesForm/ResourcesForm.tsx

@@ -37,12 +37,14 @@ function getInitialServiceResources(
   data: GetResourcesQuery,
   service: Exclude<keyof GetResourcesQuery['config'], '__typename'>,
 ) {
-  const { compute, replicas } = data?.config?.[service]?.resources || {};
+  const { compute, replicas, autoscaler } =
+    data?.config?.[service]?.resources || {};
 
   return {
     replicas,
     vcpu: compute?.cpu || 0,
     memory: compute?.memory || 0,
+    autoscale: autoscaler || null,
   };
 }
 
@@ -100,21 +102,29 @@ export default function ResourcesForm() {
         replicas: initialDatabaseResources.replicas || 1,
         vcpu: initialDatabaseResources.vcpu || 1000,
         memory: initialDatabaseResources.memory || 2048,
+        autoscale: !!initialDatabaseResources.autoscale || false,
+        maxReplicas: initialDatabaseResources.autoscale?.maxReplicas || 10,
       },
       hasura: {
         replicas: initialHasuraResources.replicas || 1,
         vcpu: initialHasuraResources.vcpu || 500,
         memory: initialHasuraResources.memory || 1536,
+        autoscale: !!initialHasuraResources.autoscale || false,
+        maxReplicas: initialHasuraResources.autoscale?.maxReplicas || 10,
       },
       auth: {
         replicas: initialAuthResources.replicas || 1,
         vcpu: initialAuthResources.vcpu || 250,
         memory: initialAuthResources.memory || 256,
+        autoscale: !!initialAuthResources.autoscale || false,
+        maxReplicas: initialAuthResources.autoscale?.maxReplicas || 10,
       },
       storage: {
         replicas: initialStorageResources.replicas || 1,
         vcpu: initialStorageResources.vcpu || 250,
         memory: initialStorageResources.memory || 256,
+        autoscale: !!initialStorageResources.autoscale || false,
+        maxReplicas: initialStorageResources.autoscale?.maxReplicas || 10,
       },
     },
     resolver: yupResolver(resourceSettingsValidationSchema),
@@ -181,6 +191,11 @@ export default function ResourcesForm() {
                     memory: formValues.database.memory,
                   },
                   replicas: formValues.database.replicas,
+                  autoscaler: formValues.database.autoscale
+                    ? {
+                        maxReplicas: formValues.database.maxReplicas,
+                      }
+                    : null,
                 }
               : null,
           },
@@ -192,6 +207,11 @@ export default function ResourcesForm() {
                     memory: formValues.hasura.memory,
                   },
                   replicas: formValues.hasura.replicas,
+                  autoscaler: formValues.hasura.autoscale
+                    ? {
+                        maxReplicas: formValues.hasura.maxReplicas,
+                      }
+                    : null,
                 }
               : null,
           },
@@ -203,6 +223,11 @@ export default function ResourcesForm() {
                     memory: formValues.auth.memory,
                   },
                   replicas: formValues.auth.replicas,
+                  autoscaler: formValues.auth.autoscale
+                    ? {
+                        maxReplicas: formValues.auth.maxReplicas,
+                      }
+                    : null,
                 }
               : null,
           },
@@ -214,6 +239,11 @@ export default function ResourcesForm() {
                     memory: formValues.storage.memory,
                   },
                   replicas: formValues.storage.replicas,
+                  autoscaler: formValues.storage.autoscale
+                    ? {
+                        maxReplicas: formValues.storage.maxReplicas,
+                      }
+                    : null,
                 }
               : null,
           },
@@ -253,21 +283,29 @@ export default function ResourcesForm() {
           totalAvailableMemory: 4096,
           database: {
             replicas: 1,
+            maxReplicas: 1,
+            autoscale: false,
             vcpu: 1000,
             memory: 2048,
           },
           hasura: {
             replicas: 1,
+            maxReplicas: 1,
+            autoscale: false,
             vcpu: 500,
             memory: 1536,
           },
           auth: {
             replicas: 1,
+            maxReplicas: 1,
+            autoscale: false,
             vcpu: 250,
             memory: 256,
           },
           storage: {
             replicas: 1,
+            maxReplicas: 1,
+            autoscale: false,
             vcpu: 250,
             memory: 256,
           },

dashboard/src/features/projects/resources/settings/components/ServiceResourcesFormFragment/ServiceResourcesFormFragment.tsx

@@ -1,24 +1,30 @@
+import { ControlledSwitch } from '@/components/form/ControlledSwitch';
 import { Box } from '@/components/ui/v2/Box';
 import { ExclamationIcon } from '@/components/ui/v2/icons/ExclamationIcon';
+import { InfoOutlinedIcon } from '@/components/ui/v2/icons/InfoOutlinedIcon';
+import { Input } from '@/components/ui/v2/Input';
 import { Slider } from '@/components/ui/v2/Slider';
 import { Text } from '@/components/ui/v2/Text';
+import { Link } from '@/components/ui/v2/Link';
 import { Tooltip } from '@/components/ui/v2/Tooltip';
 import { prettifyMemory } from '@/features/projects/resources/settings/utils/prettifyMemory';
 import { prettifyVCPU } from '@/features/projects/resources/settings/utils/prettifyVCPU';
 import type { ResourceSettingsFormValues } from '@/features/projects/resources/settings/utils/resourceSettingsValidationSchema';
+import { Alert } from '@/components/ui/v2/Alert';
 import {
   MAX_SERVICE_MEMORY,
-  MAX_SERVICE_REPLICAS,
   MAX_SERVICE_VCPU,
   MIN_SERVICE_MEMORY,
-  MIN_SERVICE_REPLICAS,
   MIN_SERVICE_VCPU,
 } from '@/features/projects/resources/settings/utils/resourceSettingsValidationSchema';
 import {
+  RESOURCE_MEMORY_LOCKED_STEP,
   RESOURCE_MEMORY_STEP,
   RESOURCE_VCPU_STEP,
 } from '@/utils/constants/common';
+import debounce from 'lodash.debounce';
 import { useFormContext, useWatch } from 'react-hook-form';
+import { ArrowSquareOutIcon } from '@/components/ui/v2/icons/ArrowSquareOutIcon';
 
 export interface ServiceResourcesFormFragmentProps {
   /**
@@ -52,10 +58,14 @@ export default function ServiceResourcesFormFragment({
     setValue,
     trigger: triggerValidation,
     formState,
+    register,
   } = useFormContext<ResourceSettingsFormValues>();
   const formValues = useWatch<ResourceSettingsFormValues>();
   const serviceValues = formValues[serviceKey];
 
+  const isRatioLocked = serviceValues.replicas > 1 || serviceValues.autoscale;
+  const resourceMemoryStep = isRatioLocked ? RESOURCE_MEMORY_LOCKED_STEP : RESOURCE_MEMORY_STEP;
+
   // Total allocated CPU for all resources
   const totalAllocatedVCPU = Object.keys(formValues)
     .filter(
@@ -83,15 +93,27 @@ export default function ServiceResourcesFormFragment({
     formValues.totalAvailableMemory - totalAllocatedMemory;
   const allowedMemory = remainingMemory + serviceValues.memory;
 
-  function handleReplicaChange(value: string) {
+  // Debounce revalidation to prevent excessive re-renders
+  const handleReplicaChange = debounce((value: string) => {
     const updatedReplicas = parseInt(value, 10);
 
-    if (updatedReplicas < MIN_SERVICE_REPLICAS) {
-      return;
-    }
-
     setValue(`${serviceKey}.replicas`, updatedReplicas, { shouldDirty: true });
-    triggerValidation(`${serviceKey}.replicas`);
+    triggerValidation(`${serviceKey}.replicas`)
+    triggerValidation(`${serviceKey}.memory`);
+  }, 500);
+
+  const handleMaxReplicasChange = debounce((value: string) => {
+    const updatedMaxReplicas = parseInt(value, 10);
+
+    setValue(`${serviceKey}.maxReplicas`, updatedMaxReplicas, {
+      shouldDirty: true,
+    });
+    triggerValidation(`${serviceKey}.maxReplicas`);
+    triggerValidation(`${serviceKey}.memory`);
+  }, 500);
+
+  const handleSwitchChange = () => {
+    triggerValidation(`${serviceKey}.memory`);
   }
 
   function handleVCPUChange(value: string) {
@@ -103,9 +125,13 @@ export default function ServiceResourcesFormFragment({
 
     setValue(`${serviceKey}.vcpu`, updatedVCPU, { shouldDirty: true });
 
+    if (isRatioLocked) {
+      setValue(`${serviceKey}.memory`, updatedVCPU * 2.048, { shouldDirty: true });
+    }
+
     // trigger validation for "replicas" field
     if (!disableReplicas) {
-      triggerValidation(`${serviceKey}.replicas`);
+      triggerValidation(`${serviceKey}.memory`);
     }
   }
 
@@ -118,9 +144,13 @@ export default function ServiceResourcesFormFragment({
 
     setValue(`${serviceKey}.memory`, updatedMemory, { shouldDirty: true });
 
+    if (isRatioLocked) {
+      setValue(`${serviceKey}.vcpu`, updatedMemory / 2.048, { shouldDirty: true });
+    }
+
     // trigger validation for "replicas" field
     if (!disableReplicas) {
-      triggerValidation(`${serviceKey}.replicas`);
+      triggerValidation(`${serviceKey}.memory`);
     }
   }
 
@@ -135,7 +165,7 @@ export default function ServiceResourcesFormFragment({
       </Box>
 
       <Box className="grid grid-flow-row gap-2">
-        <Box className="grid grid-flow-col items-center justify-between gap-2">
+        <Box className="grid items-center justify-between grid-flow-col gap-2">
           <Text>
             Allocated vCPUs:{' '}
             <span className="font-medium">
@@ -165,7 +195,7 @@ export default function ServiceResourcesFormFragment({
       </Box>
 
       <Box className="grid grid-flow-row gap-2">
-        <Box className="grid grid-flow-col items-center justify-between gap-2">
+        <Box className="grid items-center justify-between grid-flow-col gap-2">
           <Text>
             Allocated Memory:{' '}
             <span className="font-medium">
@@ -187,53 +217,112 @@ export default function ServiceResourcesFormFragment({
           value={serviceValues.memory}
           onChange={(_event, value) => handleMemoryChange(value.toString())}
           max={MAX_SERVICE_MEMORY}
-          step={RESOURCE_MEMORY_STEP}
+          step={resourceMemoryStep}
           allowed={allowedMemory}
           aria-label={`${title} Memory`}
           marks
         />
+        {formState.errors[serviceKey]?.memory?.message ? (
+          <Alert severity="error">
+            {formState.errors[serviceKey]?.memory?.message}
+          </Alert>
+        ) : null}
       </Box>
 
       {!disableReplicas && (
-        <Box className="grid grid-flow-row gap-2">
-          <Box className="grid grid-flow-col items-center justify-start gap-2">
-            <Text
-              color={
-                formState.errors?.[serviceKey]?.replicas?.message
-                  ? 'error'
-                  : 'primary'
-              }
-              aria-errormessage={`${serviceKey}-replicas-error-tooltip`}
-            >
-              Replicas:{' '}
-              <span className="font-medium">{serviceValues.replicas}</span>
-            </Text>
-
-            {formState.errors?.[serviceKey]?.replicas?.message ? (
-              <Tooltip
-                title={formState.errors[serviceKey].replicas.message}
-                id={`${serviceKey}-replicas-error-tooltip`}
-              >
-                <ExclamationIcon
-                  color="error"
-                  className="h-4 w-4"
-                  aria-hidden="false"
-                />
-              </Tooltip>
-            ) : null}
+        <Box className="flex flex-col justify-between gap-4 lg:flex-row">
+          <Box className="flex flex-col gap-4 lg:flex-row lg:gap-8">
+            <Box className="flex flex-row items-center gap-2">
+              {formState.errors?.[serviceKey]?.replicas?.message ? (
+                <Tooltip
+                  title={formState.errors[serviceKey]?.replicas?.message}
+                  id={`${serviceKey}-replicas-error-tooltip`}
+                >
+                  <ExclamationIcon
+                    color="error"
+                    className="w-4 h-4"
+                    aria-hidden="false"
+                  />
+                </Tooltip>
+              ) : null}
+              <Text className="w-28 lg:w-auto">Replicas</Text>
+              <Input
+                {...register(`${serviceKey}.replicas`)}
+                onChange={(event) => handleReplicaChange(event.target.value)}
+                type="number"
+                id={`${serviceKey}.replicas`}
+                data-testid={`${serviceKey}.replicas`}
+                placeholder="Replicas"
+                className="max-w-28"
+                hideEmptyHelperText
+                error={!!formState.errors?.[serviceKey]?.replicas}
+                fullWidth
+                autoComplete="off"
+              />
+            </Box>
+            <Box className="flex flex-row items-center gap-2">
+              {formState.errors?.[serviceKey]?.maxReplicas?.message ? (
+                <Tooltip
+                  title={formState.errors[serviceKey]?.maxReplicas?.message}
+                  id={`${serviceKey}-maxReplicas-error-tooltip`}
+                >
+                  <ExclamationIcon
+                    color="error"
+                    className="w-4 h-4"
+                    aria-hidden="false"
+                  />
+                </Tooltip>
+              ) : null}
+              <Text className="w-28 text-nowrap lg:w-auto">Max Replicas</Text>
+              <Input
+                {...register(`${serviceKey}.maxReplicas`)}
+                onChange={(event) =>
+                  handleMaxReplicasChange(event.target.value)
+                }
+                type="number"
+                id={`${serviceKey}.maxReplicas`}
+                placeholder="10"
+                disabled={!formValues[serviceKey].autoscale}
+                className="max-w-28"
+                hideEmptyHelperText
+                error={!!formState.errors?.[serviceKey]?.maxReplicas}
+                fullWidth
+                autoComplete="off"
+              />
+            </Box>
+          </Box>
+          <Box className="flex flex-row items-center gap-3">
+            <ControlledSwitch
+              {...register(`${serviceKey}.autoscale`)}
+              onChange={handleSwitchChange}
+            />
+            <Text>Autoscaler</Text>
+            <Tooltip
+              title={`Enable autoscaler to automatically provision extra ${title} replicas when needed.`}
+            >
+              <InfoOutlinedIcon className="w-4 h-4 text-black" />
+            </Tooltip>
           </Box>
-
-          <Slider
-            value={serviceValues.replicas}
-            onChange={(_event, value) => handleReplicaChange(value.toString())}
-            min={0}
-            max={MAX_SERVICE_REPLICAS}
-            step={1}
-            aria-label={`${title} Replicas`}
-            marks
-          />
         </Box>
       )}
+
+      {
+        !disableReplicas && (
+          <Text>
+            Learn more about{' '}
+            <Link
+              href="https://docs.nhost.io/platform/service-replicas"
+              target="_blank"
+              rel="noopener noreferrer"
+              underline="hover"
+              className="font-medium"
+            >
+              Service Replicas
+              <ArrowSquareOutIcon className="w-4 h-4 ml-1" />
+            </Link>
+          </Text>
+        )
+      }
     </Box>
   );
 }

dashboard/src/features/projects/resources/settings/components/TotalResourcesFormFragment/TotalResourcesFormFragment.tsx

@@ -2,6 +2,7 @@ import { Alert } from '@/components/ui/v2/Alert';
 import { Box } from '@/components/ui/v2/Box';
 import { ArrowRightIcon } from '@/components/ui/v2/icons/ArrowRightIcon';
 import { Slider, sliderClasses } from '@/components/ui/v2/Slider';
+import { calculateBillableResources } from '@/features/projects/resources/settings/utils/calculateBillableResources';
 import { Text } from '@/components/ui/v2/Text';
 import { useIsPlatform } from '@/features/projects/common/hooks/useIsPlatform';
 import { useProPlan } from '@/features/projects/common/hooks/useProPlan';
@@ -46,6 +47,7 @@ export default function TotalResourcesFormFragment({
     error: proPlanError,
     loading: proPlanLoading,
   } = useProPlan();
+  
   const { setValue } = useFormContext<ResourceSettingsFormValues>();
   const formValues = useWatch<ResourceSettingsFormValues>();
 
@@ -65,9 +67,38 @@ export default function TotalResourcesFormFragment({
     (formValues.totalAvailableVCPU / RESOURCE_VCPU_MULTIPLIER) *
     RESOURCE_VCPU_PRICE;
 
-  const updatedPrice = isPlatform
-    ? priceForTotalAvailableVCPU + proPlan.price
-    : 0;
+  const billableResources = calculateBillableResources(
+    {
+      replicas: formValues.database?.replicas,
+      vcpu: formValues.database?.vcpu,
+    },
+    {
+      replicas: formValues.hasura?.replicas,
+      vcpu: formValues.hasura?.vcpu,
+    },
+    {
+      replicas: formValues.auth?.replicas,
+      vcpu: formValues.auth?.vcpu,
+    },
+    {
+      replicas: formValues.storage?.replicas,
+      vcpu: formValues.storage?.vcpu,
+    },
+  );
+
+  const computeUpdatedPrice = () => {
+    if (!isPlatform) {
+      return 0;
+    }
+
+    return (
+      Math.max(
+        priceForTotalAvailableVCPU,
+        (billableResources.vcpu / RESOURCE_VCPU_MULTIPLIER) *
+          RESOURCE_VCPU_PRICE,
+      ) + proPlan.price
+    );
+  };
 
   const { vcpu: allocatedVCPU, memory: allocatedMemory } =
     getAllocatedResources(formValues);
@@ -114,14 +145,14 @@ export default function TotalResourcesFormFragment({
               Total available compute for your project:
             </Text>
 
-            {initialPrice !== updatedPrice && (
+            {initialPrice !== computeUpdatedPrice() && (
               <Text className="flex flex-row items-center justify-end gap-2">
                 <Text component="span" color="secondary">
                   ${initialPrice.toFixed(2)}/mo
                 </Text>
                 <ArrowRightIcon />
                 <Text component="span" className="font-medium">
-                  ${updatedPrice.toFixed(2)}/mo
+                  ${computeUpdatedPrice().toFixed(2)}/mo
                 </Text>
               </Text>
             )}

dashboard/src/features/projects/resources/settings/gql/getResources.gql

@@ -6,6 +6,9 @@ fragment ServiceResources on ConfigConfig {
         memory
       }
       replicas
+      autoscaler {
+        maxReplicas
+      }
     }
   }
   hasura {
@@ -15,6 +18,9 @@ fragment ServiceResources on ConfigConfig {
         memory
       }
       replicas
+      autoscaler {
+        maxReplicas
+      }
     }
   }
   postgres {
@@ -24,6 +30,9 @@ fragment ServiceResources on ConfigConfig {
         memory
       }
       replicas
+      autoscaler {
+        maxReplicas
+      }
     }
   }
   storage {
@@ -33,6 +42,9 @@ fragment ServiceResources on ConfigConfig {
         memory
       }
       replicas
+      autoscaler {
+        maxReplicas
+      }
     }
   }
 }

dashboard/src/features/projects/resources/settings/utils/resourceSettingsValidationSchema/resourceSettingsValidationSchema.ts

@@ -81,23 +81,13 @@ const serviceValidationSchema = Yup.object({
     .label('Replicas')
     .required()
     .min(1)
-    .max(MAX_SERVICE_REPLICAS)
-    .test(
-      'is-matching-ratio',
-      `vCPU and Memory for this service must match the 1:${RESOURCE_VCPU_MEMORY_RATIO} ratio if more than one replica is selected.`,
-      (replicas: number, { parent }) => {
-        if (replicas === 1) {
-          return true;
-        }
-
-        return (
-          parent.memory /
-            RESOURCE_MEMORY_MULTIPLIER /
-            (parent.vcpu / RESOURCE_VCPU_MULTIPLIER) ===
-          RESOURCE_VCPU_MEMORY_RATIO
-        );
-      },
-    ),
+    .max(MAX_SERVICE_REPLICAS),
+  maxReplicas: Yup.number()
+    .label('Max Replicas')
+    .required()
+    .min(MIN_SERVICE_REPLICAS)
+    .max(MAX_SERVICE_REPLICAS),
+  autoscale: Yup.boolean().label('Autoscale').required(),
   vcpu: Yup.number()
     .label('vCPUs')
     .required()
@@ -106,7 +96,23 @@ const serviceValidationSchema = Yup.object({
   memory: Yup.number()
     .required()
     .min(MIN_SERVICE_MEMORY)
-    .max(MAX_SERVICE_MEMORY),
+    .max(MAX_SERVICE_MEMORY)
+    .test(
+      'is-matching-ratio',
+      `vCPU and Memory for this service must follow a 1:${RESOURCE_VCPU_MEMORY_RATIO} ratio when more than one replica is selected or when the autoscaler is activated.`,
+      (memory: number, { parent }) => {
+        if (parent.replicas === 1 && !parent.autoscale) {
+          return true;
+        }
+
+        return (
+          memory /
+            RESOURCE_MEMORY_MULTIPLIER /
+            (parent.vcpu / RESOURCE_VCPU_MULTIPLIER) ===
+          RESOURCE_VCPU_MEMORY_RATIO
+        );
+      },
+    ),
 });
 
 export const resourceSettingsValidationSchema = Yup.object({

dashboard/src/features/services/components/ServiceForm/ServiceForm.tsx

@@ -78,6 +78,7 @@ export default function ServiceForm({
         memory: 128,
       },
       replicas: 1,
+      autoscaler: null,
     },
     reValidateMode: 'onSubmit',
     resolver: yupResolver(validationSchema),
@@ -123,6 +124,11 @@ export default function ServiceForm({
           capacity: item.capacity,
         })),
         replicas: sanitizedValues.replicas,
+        autoscaler: sanitizedValues.autoscaler
+          ? {
+              maxReplicas: sanitizedValues.autoscaler?.maxReplicas,
+            }
+          : null,
       },
       environment: sanitizedValues.environment.map((item) => ({
         name: item.name,
@@ -316,7 +322,7 @@ export default function ServiceForm({
               <Tooltip title="Name of the service, must be unique per project.">
                 <InfoIcon
                   aria-label="Info"
-                  className="h-4 w-4"
+                  className="w-4 h-4"
                   color="primary"
                 />
               </Tooltip>
@@ -356,7 +362,7 @@ export default function ServiceForm({
               >
                 <InfoIcon
                   aria-label="Info"
-                  className="h-4 w-4"
+                  className="w-4 h-4"
                   color="primary"
                 />
               </Tooltip>
@@ -387,7 +393,7 @@ export default function ServiceForm({
               <Tooltip title="Command to run when to start the service. This is optional as the image may already have a baked-in command.">
                 <InfoIcon
                   aria-label="Info"
-                  className="h-4 w-4"
+                  className="w-4 h-4"
                   color="primary"
                 />
               </Tooltip>
@@ -435,7 +441,7 @@ export default function ServiceForm({
         {createServiceFormError && (
           <Alert
             severity="error"
-            className="grid grid-flow-col items-center justify-between px-4 py-3"
+            className="grid items-center justify-between grid-flow-col px-4 py-3"
           >
             <span className="text-left">
               <strong>Error:</strong> {createServiceFormError.message}

dashboard/src/features/services/components/ServiceForm/ServiceFormTypes.ts

@@ -25,6 +25,12 @@ export const validationSchema = Yup.object({
     memory: Yup.number().min(MIN_SERVICES_MEM).max(MAX_SERVICES_MEM).required(),
   }),
   replicas: Yup.number().min(0).max(MAX_SERVICE_REPLICAS).required(),
+  autoscaler: Yup.object()
+    .shape({
+      maxReplicas: Yup.number().min(0).max(MAX_SERVICE_REPLICAS),
+    })
+    .nullable()
+    .default(undefined),
   ports: Yup.array().of(
     Yup.object().shape({
       port: Yup.number().required(),

dashboard/src/features/services/components/ServiceForm/components/ComputeFormSection/ComputeFormSection.tsx

@@ -70,7 +70,7 @@ export default function ComputeFormSection({
                 <a
                   target="_blank"
                   rel="noopener noreferrer"
-                  href="https://docs.nhost.io/run/resources"
+                  href="https://docs.nhost.io/guides/run/resources"
                   className="underline"
                 >
                   resources

dashboard/src/features/services/components/ServiceForm/components/PortsFormSection/PortsFormSection.tsx

@@ -38,7 +38,8 @@ export default function PortsFormSection() {
 
   const showURL = (index: number) =>
     formValues.subdomain &&
-    formValues.ports[index]?.type === PortTypes.HTTP &&
+    (formValues.ports[index]?.type === PortTypes.HTTP ||
+      formValues.ports[index]?.type === PortTypes.GRPC) &&
     formValues.ports[index]?.publish;
 
   return (
@@ -106,7 +107,7 @@ export default function PortsFormSection() {
                   },
                 }}
               >
-                {['http', 'tcp', 'udp']?.map((portType) => (
+                {['http', 'tcp', 'udp', 'grpc']?.map((portType) => (
                   <Option key={portType} value={portType}>
                     {portType}
                   </Option>

dashboard/src/features/services/components/ServiceForm/components/PortsFormSection/PortsFormSectionTypes.ts

@@ -2,4 +2,5 @@ export enum PortTypes {
   HTTP = 'http',
   TCP = 'tcp',
   UDP = 'udp',
+  GRPC = 'grpc',
 }

dashboard/src/features/services/components/ServiceForm/components/ReplicasFormSection/ReplicasFormSection.tsx

@@ -1,16 +1,32 @@
 import { Box } from '@/components/ui/v2/Box';
 import { InfoIcon } from '@/components/ui/v2/icons/InfoIcon';
-import { Slider } from '@/components/ui/v2/Slider';
+import { InfoOutlinedIcon } from '@/components/ui/v2/icons/InfoOutlinedIcon';
+import { Input } from '@/components/ui/v2/Input';
+import { Switch } from '@/components/ui/v2/Switch';
 import { Text } from '@/components/ui/v2/Text';
 import { Tooltip } from '@/components/ui/v2/Tooltip';
-import { MAX_SERVICE_REPLICAS } from '@/features/projects/resources/settings/utils/resourceSettingsValidationSchema';
 import type { ServiceFormValues } from '@/features/services/components/ServiceForm/ServiceFormTypes';
+import { useState } from 'react';
 import { useFormContext, useWatch } from 'react-hook-form';
 
 export default function ReplicasFormSection() {
-  const { setValue } = useFormContext<ServiceFormValues>();
+  const {
+    register,
+    setValue,
+    trigger: triggerValidation,
+  } = useFormContext<ServiceFormValues>();
+  const { replicas, autoscaler } = useWatch<ServiceFormValues>();
+  const [autoscalerEnabled, setAutoscalerEnabled] = useState(!!autoscaler);
 
-  const { replicas } = useWatch<ServiceFormValues>();
+  const toggleAutoscalerEnabled = async (enabled: boolean) => {
+    setAutoscalerEnabled(enabled);
+
+    if (!enabled) {
+      setValue('autoscaler', null);
+    } else {
+      setValue('autoscaler.maxReplicas', 10);
+    }
+  };
 
   const handleReplicasChange = (value: string) => {
     const updatedReplicas = parseInt(value, 10);
@@ -20,42 +36,85 @@ export default function ReplicasFormSection() {
     // TODO Trigger revalidate storage
   };
 
+  const handleMaxReplicasChange = (value: string) => {
+    const updatedReplicas = parseInt(value, 10);
+
+    setValue('autoscaler.maxReplicas', updatedReplicas, { shouldDirty: true });
+
+    triggerValidation('autoscaler.maxReplicas');
+  };
+
   return (
-    <Box className="space-y-4 rounded border-1 p-4">
+    <Box className="p-4 space-y-4 rounded border-1">
       <Box className="flex flex-row items-center space-x-2">
         <Text variant="h4" className="font-semibold">
           Replicas ({replicas})
         </Text>
         <Tooltip
           title={
-            <span>
-              Number of replicas for the service. Multiple replicas can process
-              requests/work in parallel. You can set replicas to 0 to pause the
-              service. Refer to{' '}
+            <Text className="text-white">
+              Learn more about{' '}
               <a
                 target="_blank"
                 rel="noopener noreferrer"
-                href="https://docs.nhost.io/run/resources"
+                href="https://docs.nhost.io/platform/service-replicas"
                 className="underline"
               >
-                resources
-              </a>{' '}
-              for more information.
-            </span>
+                Service Replicas
+              </a>
+            </Text>
           }
         >
-          <InfoIcon aria-label="Info" className="h-4 w-4" color="primary" />
+          <InfoIcon aria-label="Info" className="w-4 h-4" color="primary" />
         </Tooltip>
       </Box>
-      <Slider
-        value={replicas}
-        onChange={(_event, value) => handleReplicasChange(value.toString())}
-        min={0}
-        max={MAX_SERVICE_REPLICAS}
-        step={1}
-        aria-label="Replicas"
-        marks
-      />
+
+      <Box className="flex flex-col justify-between gap-4 lg:flex-row">
+        <Box className="flex flex-col gap-4 lg:flex-row lg:gap-8">
+          <Box className="flex flex-row items-center gap-2">
+            <Text className="w-28 lg:w-auto">Replicas</Text>
+            <Input
+              {...register('replicas')}
+              onChange={(event) => handleReplicasChange(event.target.value)}
+              type="number"
+              id="replicas"
+              placeholder="Replicas"
+              className="max-w-28"
+              hideEmptyHelperText
+              fullWidth
+              onWheel={(e) => (e.target as HTMLInputElement).blur()}
+              autoComplete="off"
+            />
+          </Box>
+          <Box className="flex flex-row items-center gap-2">
+            <Text className="w-28 text-nowrap lg:w-auto">Max Replicas</Text>
+            <Input
+              value={autoscaler?.maxReplicas}
+              onChange={(event) => handleMaxReplicasChange(event.target.value)}
+              type="number"
+              id="maxReplicas"
+              placeholder="10"
+              disabled={!autoscalerEnabled}
+              className="max-w-28"
+              hideEmptyHelperText
+              fullWidth
+              onWheel={(e) => (e.target as HTMLInputElement).blur()}
+              autoComplete="off"
+            />
+          </Box>
+        </Box>
+        <Box className="flex flex-row items-center gap-3">
+          <Switch
+            checked={autoscalerEnabled}
+            onChange={(e) => toggleAutoscalerEnabled(e.target.checked)}
+            className="self-center"
+          />
+          <Text>Autoscaler</Text>
+          <Tooltip title="Enable autoscaler to automatically provision extra run service replicas when needed.">
+            <InfoOutlinedIcon className="w-4 h-4 text-black" />
+          </Tooltip>
+        </Box>
+      </Box>
     </Box>
   );
 }

dashboard/src/features/services/components/ServicesList/ServicesList.tsx

@@ -50,7 +50,7 @@ export default function ServicesList({
     openDrawer({
       title: (
         <Box className="flex flex-row items-center space-x-2">
-          <CubeIcon className="h-5 w-5" />
+          <CubeIcon className="w-5 h-5" />
           <Text>Edit {service.config?.name ?? 'unset'}</Text>
         </Box>
       ),
@@ -73,6 +73,7 @@ export default function ServicesList({
               cpu: 62,
               memory: 128,
             },
+            autoscaler: service?.config?.resources?.autoscaler,
             replicas: service.config?.resources?.replicas,
             storage: service.config?.resources?.storage,
           }}
@@ -108,13 +109,13 @@ export default function ServicesList({
           onClick={() => viewService(service)}
         >
           <Box
-            className="flex w-full flex-row justify-between"
+            className="flex flex-row justify-between w-full"
             sx={{
               backgroundColor: 'transparent',
             }}
           >
-            <div className="flex flex-1 flex-row items-center space-x-4">
-              <CubeIcon className="h-5 w-5" />
+            <div className="flex flex-row items-center flex-1 space-x-4">
+              <CubeIcon className="w-5 h-5" />
               <div className="flex flex-col">
                 <Text variant="h4" className="font-semibold">
                   {service.config?.name ?? 'unset'}
@@ -130,7 +131,7 @@ export default function ServicesList({
               </div>
             </div>
 
-            <div className="hidden flex-row items-center space-x-2 md:flex">
+            <div className="flex-row items-center hidden space-x-2 md:flex">
               <Text variant="subtitle1" className="font-mono text-xs">
                 {service.id ?? service.serviceID}
               </Text>
@@ -143,7 +144,7 @@ export default function ServicesList({
                 }}
                 aria-label="Service Id"
               >
-                <CopyIcon className="h-4 w-4" />
+                <CopyIcon className="w-4 h-4" />
               </IconButton>
             </div>
           </Box>
@@ -173,17 +174,20 @@ export default function ServicesList({
                 onClick={() => viewService(service)}
                 className="z-50 grid grid-flow-col items-center gap-2 p-2 text-sm+ font-medium"
               >
-                <UserIcon className="h-4 w-4" />
+                <UserIcon className="w-4 h-4" />
                 <Text className="font-medium">View Service</Text>
               </Dropdown.Item>
               <Divider component="li" />
               <Dropdown.Item
                 className="grid grid-flow-col items-center gap-2 p-2 text-sm+ font-medium"
                 sx={{ color: 'error.main' }}
-                onClick={() => deleteService(service)}
+                onClick={(e) => {
+                  e.stopPropagation();
+                  deleteService(service);
+                }}
                 disabled={!isPlatform}
               >
-                <TrashIcon className="h-4 w-4" />
+                <TrashIcon className="w-4 h-4" />
                 <Text className="font-medium" color="error">
                   Delete Service
                 </Text>
@@ -194,4 +198,4 @@ export default function ServicesList({
       ))}
     </Box>
   );
-}
+}

dashboard/src/gql/services/getRunService.graphql

@@ -19,6 +19,9 @@ query getRunService($id: uuid!, $resolve: Boolean!) {
           capacity
         }
         replicas
+        autoscaler {
+          maxReplicas
+        }
       }
       environment {
         name

dashboard/src/gql/services/getRunServices.graphql

@@ -15,6 +15,9 @@ fragment RunServiceConfig on ConfigRunServiceConfig {
       capacity
     }
     replicas
+    autoscaler {
+      maxReplicas
+    }
   }
   environment {
     name

dashboard/src/pages/[workspaceSlug]/[appSlug]/services/index.tsx

@@ -48,7 +48,7 @@ export default function ServicesPage() {
           openDrawer({
             title: (
               <Box className="flex flex-row items-center space-x-2">
-                <CubeIcon className="h-5 w-5" />
+                <CubeIcon className="w-5 h-5" />
                 <Text>Create a new run service</Text>
               </Box>
             ),
@@ -60,6 +60,7 @@ export default function ServicesPage() {
                     cpu: 62,
                     memory: 128,
                   },
+                  autoscaler: parsedConfig?.resources?.autoscaler,
                   image: parsedConfig?.image?.image,
                   command: parsedConfig?.command?.join(' '),
                   ports: parsedConfig?.ports.map((item) => ({
@@ -104,7 +105,7 @@ export default function ServicesPage() {
     openDrawer({
       title: (
         <Box className="flex flex-row items-center space-x-2">
-          <CubeIcon className="h-5 w-5" />
+          <CubeIcon className="w-5 h-5" />
           <Text>Create a new service</Text>
         </Box>
       ),
@@ -125,23 +126,23 @@ export default function ServicesPage() {
 
   if (services.length === 0 && !loading) {
     return (
-      <Container className="mx-auto max-w-9xl space-y-5 overflow-x-hidden">
+      <Container className="mx-auto space-y-5 overflow-x-hidden max-w-9xl">
         <div className="flex flex-row place-content-end">
           <Button
             variant="contained"
             color="primary"
             onClick={openCreateServiceDialog}
-            startIcon={<PlusIcon className="h-4 w-4" />}
+            startIcon={<PlusIcon className="w-4 h-4" />}
             disabled={!isPlatform}
           >
             Add service
           </Button>
         </div>
 
-        <Box className="flex flex-col items-center justify-center space-y-5 rounded-lg border px-48 py-12 shadow-sm">
-          <ServicesIcon className="h-10 w-10" />
+        <Box className="flex flex-col items-center justify-center px-48 py-12 space-y-5 border rounded-lg shadow-sm">
+          <ServicesIcon className="w-10 h-10" />
           <div className="flex flex-col space-y-1">
-            <Text className="text-center font-medium" variant="h3">
+            <Text className="font-medium text-center" variant="h3">
               No custom services are available
             </Text>
             <Text variant="subtitle1" className="text-center">
@@ -149,13 +150,13 @@ export default function ServicesPage() {
             </Text>
           </div>
           {isPlatform ? (
-            <div className="flex flex-row place-content-between rounded-lg ">
+            <div className="flex flex-row rounded-lg place-content-between ">
               <Button
                 variant="contained"
                 color="primary"
                 className="w-full"
                 onClick={openCreateServiceDialog}
-                startIcon={<PlusIcon className="h-4 w-4" />}
+                startIcon={<PlusIcon className="w-4 h-4" />}
               >
                 Add service
               </Button>
@@ -168,12 +169,12 @@ export default function ServicesPage() {
 
   return (
     <div className="flex flex-col">
-      <Box className="flex flex-row place-content-end border-b-1 p-4">
+      <Box className="flex flex-row p-4 place-content-end border-b-1">
         <Button
           variant="contained"
           color="primary"
           onClick={openCreateServiceDialog}
-          startIcon={<PlusIcon className="h-4 w-4" />}
+          startIcon={<PlusIcon className="w-4 h-4" />}
           disabled={!isPlatform}
         >
           Add service

dashboard/src/pages/[workspaceSlug]/[appSlug]/settings/authentication/index.tsx

@@ -6,6 +6,7 @@ import { AllowedRedirectURLsSettings } from '@/features/authentication/settings/
 import { AuthServiceVersionSettings } from '@/features/authentication/settings/components/AuthServiceVersionSettings';
 import { BlockedEmailSettings } from '@/features/authentication/settings/components/BlockedEmailSettings';
 import { ClientURLSettings } from '@/features/authentication/settings/components/ClientURLSettings';
+import { ConcealErrorsSettings } from '@/features/authentication/settings/components/ConcealErrorsSettings';
 import { DisableNewUsersSettings } from '@/features/authentication/settings/components/DisableNewUsersSettings';
 import { GravatarSettings } from '@/features/authentication/settings/components/GravatarSettings';
 import { MFASettings } from '@/features/authentication/settings/components/MFASettings';
@@ -43,7 +44,7 @@ export default function SettingsAuthenticationPage() {
 
   return (
     <Container
-      className="grid max-w-5xl grid-flow-row bg-transparent gap-y-6"
+      className="grid max-w-5xl grid-flow-row gap-y-6 bg-transparent"
       rootClassName="bg-transparent"
     >
       <AuthServiceVersionSettings />
@@ -55,6 +56,7 @@ export default function SettingsAuthenticationPage() {
       <SessionSettings />
       <GravatarSettings />
       <DisableNewUsersSettings />
+      <ConcealErrorsSettings />
     </Container>
   );
 }

dashboard/src/pages/signup.tsx

@@ -10,6 +10,7 @@ import { Text } from '@/components/ui/v2/Text';
 import { getToastStyleProps } from '@/utils/constants/settings';
 import { nhost } from '@/utils/nhost';
 import { yupResolver } from '@hookform/resolvers/yup';
+import { Turnstile } from '@marsidev/react-turnstile';
 import { styled } from '@mui/material';
 import { useSignUpEmailPassword } from '@nhost/nextjs';
 import { useRouter } from 'next/router';
@@ -39,6 +40,9 @@ export default function SignUpPage() {
   const [loading, setLoading] = useState(false);
   const router = useRouter();
 
+  // x-cf-turnstile-response
+  const [turnstileResponse, setTurnstileResponse] = useState(null);
+
   const form = useForm<SignUpFormValues>({
     reValidateMode: 'onSubmit',
     defaultValues: {
@@ -66,11 +70,27 @@ export default function SignUpPage() {
     password,
     displayName,
   }: SignUpFormValues) {
+    if (!turnstileResponse) {
+      toast.error(
+        'Please complete the signup verification challenge to continue.',
+        getToastStyleProps(),
+      );
+
+      return;
+    }
+
     try {
       const { needsEmailVerification } = await signUpEmailPassword(
         email,
         password,
-        { displayName },
+        {
+          displayName,
+        },
+        {
+          headers: {
+            'x-cf-turnstile-response': turnstileResponse,
+          },
+        },
       );
 
       if (needsEmailVerification) {
@@ -94,7 +114,7 @@ export default function SignUpPage() {
         Sign Up
       </Text>
 
-      <Box className="grid grid-flow-row gap-4 rounded-md border bg-transparent p-6 lg:p-12">
+      <Box className="grid grid-flow-row gap-4 p-6 bg-transparent border rounded-md lg:p-12">
         <Button
           variant="borderless"
           className="!bg-white !text-black hover:ring-2 hover:ring-white hover:ring-opacity-50 disabled:!text-black disabled:!text-opacity-60"
@@ -122,7 +142,7 @@ export default function SignUpPage() {
 
         <div className="relative py-2">
           <Text
-            className="absolute left-0 right-0 top-1/2 mx-auto w-12 -translate-y-1/2 bg-black px-2 text-center text-sm"
+            className="absolute left-0 right-0 w-12 px-2 mx-auto text-sm text-center -translate-y-1/2 bg-black top-1/2"
             color="disabled"
           >
             OR
@@ -172,6 +192,12 @@ export default function SignUpPage() {
               helperText={formState.errors.password?.message}
             />
 
+            <Turnstile
+              siteKey={process.env.NEXT_PUBLIC_TURNSTILE_SITE_KEY}
+              options={{ theme: 'dark', size: 'flexible' }}
+              onSuccess={setTurnstileResponse}
+            />
+
             <Button
               variant="outlined"
               color="secondary"
@@ -188,7 +214,7 @@ export default function SignUpPage() {
 
         <Divider className="!my-2" />
 
-        <Text color="secondary" className="text-center text-sm">
+        <Text color="secondary" className="text-sm text-center">
           By signing up, you agree to our{' '}
           <NavLink
             href="https://nhost.io/legal/terms-of-service"
@@ -212,7 +238,7 @@ export default function SignUpPage() {
         </Text>
       </Box>
 
-      <Text color="secondary" className="text-center text-base lg:text-lg">
+      <Text color="secondary" className="text-base text-center lg:text-lg">
         Already have an account?{' '}
         <NavLink href="/signin" color="white" className="font-medium">
           Sign In

dashboard/src/utils/__generated__/graphql.ts

@@ -199,6 +199,7 @@ export type ConfigAuth = {
   __typename?: 'ConfigAuth';
   elevatedPrivileges?: Maybe<ConfigAuthElevatedPrivileges>;
   method?: Maybe<ConfigAuthMethod>;
+  misc?: Maybe<ConfigAuthMisc>;
   rateLimit?: Maybe<ConfigAuthRateLimit>;
   redirections?: Maybe<ConfigAuthRedirections>;
   /** Resources for the service */
@@ -224,6 +225,7 @@ export type ConfigAuthComparisonExp = {
   _or?: InputMaybe<Array<ConfigAuthComparisonExp>>;
   elevatedPrivileges?: InputMaybe<ConfigAuthElevatedPrivilegesComparisonExp>;
   method?: InputMaybe<ConfigAuthMethodComparisonExp>;
+  misc?: InputMaybe<ConfigAuthMiscComparisonExp>;
   rateLimit?: InputMaybe<ConfigAuthRateLimitComparisonExp>;
   redirections?: InputMaybe<ConfigAuthRedirectionsComparisonExp>;
   resources?: InputMaybe<ConfigResourcesComparisonExp>;
@@ -257,6 +259,7 @@ export type ConfigAuthElevatedPrivilegesUpdateInput = {
 export type ConfigAuthInsertInput = {
   elevatedPrivileges?: InputMaybe<ConfigAuthElevatedPrivilegesInsertInput>;
   method?: InputMaybe<ConfigAuthMethodInsertInput>;
+  misc?: InputMaybe<ConfigAuthMiscInsertInput>;
   rateLimit?: InputMaybe<ConfigAuthRateLimitInsertInput>;
   redirections?: InputMaybe<ConfigAuthRedirectionsInsertInput>;
   resources?: InputMaybe<ConfigResourcesInsertInput>;
@@ -687,6 +690,26 @@ export type ConfigAuthMethodWebauthnUpdateInput = {
   relyingParty?: InputMaybe<ConfigAuthMethodWebauthnRelyingPartyUpdateInput>;
 };
 
+export type ConfigAuthMisc = {
+  __typename?: 'ConfigAuthMisc';
+  concealErrors?: Maybe<Scalars['Boolean']>;
+};
+
+export type ConfigAuthMiscComparisonExp = {
+  _and?: InputMaybe<Array<ConfigAuthMiscComparisonExp>>;
+  _not?: InputMaybe<ConfigAuthMiscComparisonExp>;
+  _or?: InputMaybe<Array<ConfigAuthMiscComparisonExp>>;
+  concealErrors?: InputMaybe<ConfigBooleanComparisonExp>;
+};
+
+export type ConfigAuthMiscInsertInput = {
+  concealErrors?: InputMaybe<Scalars['Boolean']>;
+};
+
+export type ConfigAuthMiscUpdateInput = {
+  concealErrors?: InputMaybe<Scalars['Boolean']>;
+};
+
 export type ConfigAuthRateLimit = {
   __typename?: 'ConfigAuthRateLimit';
   bruteForce?: Maybe<ConfigRateLimit>;
@@ -873,6 +896,7 @@ export type ConfigAuthTotpUpdateInput = {
 export type ConfigAuthUpdateInput = {
   elevatedPrivileges?: InputMaybe<ConfigAuthElevatedPrivilegesUpdateInput>;
   method?: InputMaybe<ConfigAuthMethodUpdateInput>;
+  misc?: InputMaybe<ConfigAuthMiscUpdateInput>;
   rateLimit?: InputMaybe<ConfigAuthRateLimitUpdateInput>;
   redirections?: InputMaybe<ConfigAuthRedirectionsUpdateInput>;
   resources?: InputMaybe<ConfigResourcesUpdateInput>;
@@ -1388,6 +1412,29 @@ export type ConfigGlobalUpdateInput = {
 export type ConfigGrafana = {
   __typename?: 'ConfigGrafana';
   adminPassword: Scalars['String'];
+  alerting?: Maybe<ConfigGrafanaAlerting>;
+  contacts?: Maybe<ConfigGrafanaContacts>;
+  smtp?: Maybe<ConfigGrafanaSmtp>;
+};
+
+export type ConfigGrafanaAlerting = {
+  __typename?: 'ConfigGrafanaAlerting';
+  enabled?: Maybe<Scalars['Boolean']>;
+};
+
+export type ConfigGrafanaAlertingComparisonExp = {
+  _and?: InputMaybe<Array<ConfigGrafanaAlertingComparisonExp>>;
+  _not?: InputMaybe<ConfigGrafanaAlertingComparisonExp>;
+  _or?: InputMaybe<Array<ConfigGrafanaAlertingComparisonExp>>;
+  enabled?: InputMaybe<ConfigBooleanComparisonExp>;
+};
+
+export type ConfigGrafanaAlertingInsertInput = {
+  enabled?: InputMaybe<Scalars['Boolean']>;
+};
+
+export type ConfigGrafanaAlertingUpdateInput = {
+  enabled?: InputMaybe<Scalars['Boolean']>;
 };
 
 export type ConfigGrafanaComparisonExp = {
@@ -1395,14 +1442,255 @@ export type ConfigGrafanaComparisonExp = {
   _not?: InputMaybe<ConfigGrafanaComparisonExp>;
   _or?: InputMaybe<Array<ConfigGrafanaComparisonExp>>;
   adminPassword?: InputMaybe<ConfigStringComparisonExp>;
+  alerting?: InputMaybe<ConfigGrafanaAlertingComparisonExp>;
+  contacts?: InputMaybe<ConfigGrafanaContactsComparisonExp>;
+  smtp?: InputMaybe<ConfigGrafanaSmtpComparisonExp>;
+};
+
+export type ConfigGrafanaContacts = {
+  __typename?: 'ConfigGrafanaContacts';
+  discord?: Maybe<Array<ConfigGrafanacontactsDiscord>>;
+  emails?: Maybe<Array<Scalars['String']>>;
+  pagerduty?: Maybe<Array<ConfigGrafanacontactsPagerduty>>;
+  slack?: Maybe<Array<ConfigGrafanacontactsSlack>>;
+  webhook?: Maybe<Array<ConfigGrafanacontactsWebhook>>;
+};
+
+export type ConfigGrafanaContactsComparisonExp = {
+  _and?: InputMaybe<Array<ConfigGrafanaContactsComparisonExp>>;
+  _not?: InputMaybe<ConfigGrafanaContactsComparisonExp>;
+  _or?: InputMaybe<Array<ConfigGrafanaContactsComparisonExp>>;
+  discord?: InputMaybe<ConfigGrafanacontactsDiscordComparisonExp>;
+  emails?: InputMaybe<ConfigStringComparisonExp>;
+  pagerduty?: InputMaybe<ConfigGrafanacontactsPagerdutyComparisonExp>;
+  slack?: InputMaybe<ConfigGrafanacontactsSlackComparisonExp>;
+  webhook?: InputMaybe<ConfigGrafanacontactsWebhookComparisonExp>;
+};
+
+export type ConfigGrafanaContactsInsertInput = {
+  discord?: InputMaybe<Array<ConfigGrafanacontactsDiscordInsertInput>>;
+  emails?: InputMaybe<Array<Scalars['String']>>;
+  pagerduty?: InputMaybe<Array<ConfigGrafanacontactsPagerdutyInsertInput>>;
+  slack?: InputMaybe<Array<ConfigGrafanacontactsSlackInsertInput>>;
+  webhook?: InputMaybe<Array<ConfigGrafanacontactsWebhookInsertInput>>;
+};
+
+export type ConfigGrafanaContactsUpdateInput = {
+  discord?: InputMaybe<Array<ConfigGrafanacontactsDiscordUpdateInput>>;
+  emails?: InputMaybe<Array<Scalars['String']>>;
+  pagerduty?: InputMaybe<Array<ConfigGrafanacontactsPagerdutyUpdateInput>>;
+  slack?: InputMaybe<Array<ConfigGrafanacontactsSlackUpdateInput>>;
+  webhook?: InputMaybe<Array<ConfigGrafanacontactsWebhookUpdateInput>>;
 };
 
 export type ConfigGrafanaInsertInput = {
   adminPassword: Scalars['String'];
+  alerting?: InputMaybe<ConfigGrafanaAlertingInsertInput>;
+  contacts?: InputMaybe<ConfigGrafanaContactsInsertInput>;
+  smtp?: InputMaybe<ConfigGrafanaSmtpInsertInput>;
+};
+
+export type ConfigGrafanaSmtp = {
+  __typename?: 'ConfigGrafanaSmtp';
+  host: Scalars['String'];
+  password: Scalars['String'];
+  port: Scalars['ConfigPort'];
+  sender: Scalars['String'];
+  user: Scalars['String'];
+};
+
+export type ConfigGrafanaSmtpComparisonExp = {
+  _and?: InputMaybe<Array<ConfigGrafanaSmtpComparisonExp>>;
+  _not?: InputMaybe<ConfigGrafanaSmtpComparisonExp>;
+  _or?: InputMaybe<Array<ConfigGrafanaSmtpComparisonExp>>;
+  host?: InputMaybe<ConfigStringComparisonExp>;
+  password?: InputMaybe<ConfigStringComparisonExp>;
+  port?: InputMaybe<ConfigPortComparisonExp>;
+  sender?: InputMaybe<ConfigStringComparisonExp>;
+  user?: InputMaybe<ConfigStringComparisonExp>;
+};
+
+export type ConfigGrafanaSmtpInsertInput = {
+  host: Scalars['String'];
+  password: Scalars['String'];
+  port: Scalars['ConfigPort'];
+  sender: Scalars['String'];
+  user: Scalars['String'];
+};
+
+export type ConfigGrafanaSmtpUpdateInput = {
+  host?: InputMaybe<Scalars['String']>;
+  password?: InputMaybe<Scalars['String']>;
+  port?: InputMaybe<Scalars['ConfigPort']>;
+  sender?: InputMaybe<Scalars['String']>;
+  user?: InputMaybe<Scalars['String']>;
 };
 
 export type ConfigGrafanaUpdateInput = {
   adminPassword?: InputMaybe<Scalars['String']>;
+  alerting?: InputMaybe<ConfigGrafanaAlertingUpdateInput>;
+  contacts?: InputMaybe<ConfigGrafanaContactsUpdateInput>;
+  smtp?: InputMaybe<ConfigGrafanaSmtpUpdateInput>;
+};
+
+export type ConfigGrafanacontactsDiscord = {
+  __typename?: 'ConfigGrafanacontactsDiscord';
+  avatarUrl: Scalars['String'];
+  url: Scalars['String'];
+};
+
+export type ConfigGrafanacontactsDiscordComparisonExp = {
+  _and?: InputMaybe<Array<ConfigGrafanacontactsDiscordComparisonExp>>;
+  _not?: InputMaybe<ConfigGrafanacontactsDiscordComparisonExp>;
+  _or?: InputMaybe<Array<ConfigGrafanacontactsDiscordComparisonExp>>;
+  avatarUrl?: InputMaybe<ConfigStringComparisonExp>;
+  url?: InputMaybe<ConfigStringComparisonExp>;
+};
+
+export type ConfigGrafanacontactsDiscordInsertInput = {
+  avatarUrl: Scalars['String'];
+  url: Scalars['String'];
+};
+
+export type ConfigGrafanacontactsDiscordUpdateInput = {
+  avatarUrl?: InputMaybe<Scalars['String']>;
+  url?: InputMaybe<Scalars['String']>;
+};
+
+export type ConfigGrafanacontactsPagerduty = {
+  __typename?: 'ConfigGrafanacontactsPagerduty';
+  class: Scalars['String'];
+  component: Scalars['String'];
+  group: Scalars['String'];
+  integrationKey: Scalars['String'];
+  severity: Scalars['String'];
+};
+
+export type ConfigGrafanacontactsPagerdutyComparisonExp = {
+  _and?: InputMaybe<Array<ConfigGrafanacontactsPagerdutyComparisonExp>>;
+  _not?: InputMaybe<ConfigGrafanacontactsPagerdutyComparisonExp>;
+  _or?: InputMaybe<Array<ConfigGrafanacontactsPagerdutyComparisonExp>>;
+  class?: InputMaybe<ConfigStringComparisonExp>;
+  component?: InputMaybe<ConfigStringComparisonExp>;
+  group?: InputMaybe<ConfigStringComparisonExp>;
+  integrationKey?: InputMaybe<ConfigStringComparisonExp>;
+  severity?: InputMaybe<ConfigStringComparisonExp>;
+};
+
+export type ConfigGrafanacontactsPagerdutyInsertInput = {
+  class: Scalars['String'];
+  component: Scalars['String'];
+  group: Scalars['String'];
+  integrationKey: Scalars['String'];
+  severity: Scalars['String'];
+};
+
+export type ConfigGrafanacontactsPagerdutyUpdateInput = {
+  class?: InputMaybe<Scalars['String']>;
+  component?: InputMaybe<Scalars['String']>;
+  group?: InputMaybe<Scalars['String']>;
+  integrationKey?: InputMaybe<Scalars['String']>;
+  severity?: InputMaybe<Scalars['String']>;
+};
+
+export type ConfigGrafanacontactsSlack = {
+  __typename?: 'ConfigGrafanacontactsSlack';
+  endpointURL: Scalars['String'];
+  iconEmoji: Scalars['String'];
+  iconURL: Scalars['String'];
+  mentionChannel: Scalars['String'];
+  mentionGroups: Array<Scalars['String']>;
+  mentionUsers: Array<Scalars['String']>;
+  recipient: Scalars['String'];
+  token: Scalars['String'];
+  url: Scalars['String'];
+  username: Scalars['String'];
+};
+
+export type ConfigGrafanacontactsSlackComparisonExp = {
+  _and?: InputMaybe<Array<ConfigGrafanacontactsSlackComparisonExp>>;
+  _not?: InputMaybe<ConfigGrafanacontactsSlackComparisonExp>;
+  _or?: InputMaybe<Array<ConfigGrafanacontactsSlackComparisonExp>>;
+  endpointURL?: InputMaybe<ConfigStringComparisonExp>;
+  iconEmoji?: InputMaybe<ConfigStringComparisonExp>;
+  iconURL?: InputMaybe<ConfigStringComparisonExp>;
+  mentionChannel?: InputMaybe<ConfigStringComparisonExp>;
+  mentionGroups?: InputMaybe<ConfigStringComparisonExp>;
+  mentionUsers?: InputMaybe<ConfigStringComparisonExp>;
+  recipient?: InputMaybe<ConfigStringComparisonExp>;
+  token?: InputMaybe<ConfigStringComparisonExp>;
+  url?: InputMaybe<ConfigStringComparisonExp>;
+  username?: InputMaybe<ConfigStringComparisonExp>;
+};
+
+export type ConfigGrafanacontactsSlackInsertInput = {
+  endpointURL: Scalars['String'];
+  iconEmoji: Scalars['String'];
+  iconURL: Scalars['String'];
+  mentionChannel: Scalars['String'];
+  mentionGroups: Array<Scalars['String']>;
+  mentionUsers: Array<Scalars['String']>;
+  recipient: Scalars['String'];
+  token: Scalars['String'];
+  url: Scalars['String'];
+  username: Scalars['String'];
+};
+
+export type ConfigGrafanacontactsSlackUpdateInput = {
+  endpointURL?: InputMaybe<Scalars['String']>;
+  iconEmoji?: InputMaybe<Scalars['String']>;
+  iconURL?: InputMaybe<Scalars['String']>;
+  mentionChannel?: InputMaybe<Scalars['String']>;
+  mentionGroups?: InputMaybe<Array<Scalars['String']>>;
+  mentionUsers?: InputMaybe<Array<Scalars['String']>>;
+  recipient?: InputMaybe<Scalars['String']>;
+  token?: InputMaybe<Scalars['String']>;
+  url?: InputMaybe<Scalars['String']>;
+  username?: InputMaybe<Scalars['String']>;
+};
+
+export type ConfigGrafanacontactsWebhook = {
+  __typename?: 'ConfigGrafanacontactsWebhook';
+  authorizationCredentials: Scalars['String'];
+  authorizationScheme: Scalars['String'];
+  httpMethod: Scalars['String'];
+  maxAlerts: Scalars['Int'];
+  password: Scalars['String'];
+  url: Scalars['String'];
+  username: Scalars['String'];
+};
+
+export type ConfigGrafanacontactsWebhookComparisonExp = {
+  _and?: InputMaybe<Array<ConfigGrafanacontactsWebhookComparisonExp>>;
+  _not?: InputMaybe<ConfigGrafanacontactsWebhookComparisonExp>;
+  _or?: InputMaybe<Array<ConfigGrafanacontactsWebhookComparisonExp>>;
+  authorizationCredentials?: InputMaybe<ConfigStringComparisonExp>;
+  authorizationScheme?: InputMaybe<ConfigStringComparisonExp>;
+  httpMethod?: InputMaybe<ConfigStringComparisonExp>;
+  maxAlerts?: InputMaybe<ConfigIntComparisonExp>;
+  password?: InputMaybe<ConfigStringComparisonExp>;
+  url?: InputMaybe<ConfigStringComparisonExp>;
+  username?: InputMaybe<ConfigStringComparisonExp>;
+};
+
+export type ConfigGrafanacontactsWebhookInsertInput = {
+  authorizationCredentials: Scalars['String'];
+  authorizationScheme: Scalars['String'];
+  httpMethod: Scalars['String'];
+  maxAlerts: Scalars['Int'];
+  password: Scalars['String'];
+  url: Scalars['String'];
+  username: Scalars['String'];
+};
+
+export type ConfigGrafanacontactsWebhookUpdateInput = {
+  authorizationCredentials?: InputMaybe<Scalars['String']>;
+  authorizationScheme?: InputMaybe<Scalars['String']>;
+  httpMethod?: InputMaybe<Scalars['String']>;
+  maxAlerts?: InputMaybe<Scalars['Int']>;
+  password?: InputMaybe<Scalars['String']>;
+  url?: InputMaybe<Scalars['String']>;
+  username?: InputMaybe<Scalars['String']>;
 };
 
 export type ConfigGraphql = {
@@ -1601,6 +1889,8 @@ export type ConfigHasuraSettings = {
   enableRemoteSchemaPermissions?: Maybe<Scalars['Boolean']>;
   /** HASURA_GRAPHQL_ENABLED_APIS */
   enabledAPIs?: Maybe<Array<Scalars['ConfigHasuraAPIs']>>;
+  /** HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS */
+  inferFunctionPermissions?: Maybe<Scalars['Boolean']>;
   /** HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL */
   liveQueriesMultiplexedRefetchInterval?: Maybe<Scalars['ConfigUint32']>;
   /** HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES */
@@ -1617,6 +1907,7 @@ export type ConfigHasuraSettingsComparisonExp = {
   enableConsole?: InputMaybe<ConfigBooleanComparisonExp>;
   enableRemoteSchemaPermissions?: InputMaybe<ConfigBooleanComparisonExp>;
   enabledAPIs?: InputMaybe<ConfigHasuraApIsComparisonExp>;
+  inferFunctionPermissions?: InputMaybe<ConfigBooleanComparisonExp>;
   liveQueriesMultiplexedRefetchInterval?: InputMaybe<ConfigUint32ComparisonExp>;
   stringifyNumericTypes?: InputMaybe<ConfigBooleanComparisonExp>;
 };
@@ -1628,6 +1919,7 @@ export type ConfigHasuraSettingsInsertInput = {
   enableConsole?: InputMaybe<Scalars['Boolean']>;
   enableRemoteSchemaPermissions?: InputMaybe<Scalars['Boolean']>;
   enabledAPIs?: InputMaybe<Array<Scalars['ConfigHasuraAPIs']>>;
+  inferFunctionPermissions?: InputMaybe<Scalars['Boolean']>;
   liveQueriesMultiplexedRefetchInterval?: InputMaybe<Scalars['ConfigUint32']>;
   stringifyNumericTypes?: InputMaybe<Scalars['Boolean']>;
 };
@@ -1639,6 +1931,7 @@ export type ConfigHasuraSettingsUpdateInput = {
   enableConsole?: InputMaybe<Scalars['Boolean']>;
   enableRemoteSchemaPermissions?: InputMaybe<Scalars['Boolean']>;
   enabledAPIs?: InputMaybe<Array<Scalars['ConfigHasuraAPIs']>>;
+  inferFunctionPermissions?: InputMaybe<Scalars['Boolean']>;
   liveQueriesMultiplexedRefetchInterval?: InputMaybe<Scalars['ConfigUint32']>;
   stringifyNumericTypes?: InputMaybe<Scalars['Boolean']>;
 };
@@ -2198,6 +2491,8 @@ export type ConfigRunServiceConfigWithId = {
 export type ConfigRunServiceImage = {
   __typename?: 'ConfigRunServiceImage';
   image: Scalars['String'];
+  /** content of "auths", i.e., { "auths": $THIS } */
+  pullCredentials?: Maybe<Scalars['String']>;
 };
 
 export type ConfigRunServiceImageComparisonExp = {
@@ -2205,14 +2500,17 @@ export type ConfigRunServiceImageComparisonExp = {
   _not?: InputMaybe<ConfigRunServiceImageComparisonExp>;
   _or?: InputMaybe<Array<ConfigRunServiceImageComparisonExp>>;
   image?: InputMaybe<ConfigStringComparisonExp>;
+  pullCredentials?: InputMaybe<ConfigStringComparisonExp>;
 };
 
 export type ConfigRunServiceImageInsertInput = {
   image: Scalars['String'];
+  pullCredentials?: InputMaybe<Scalars['String']>;
 };
 
 export type ConfigRunServiceImageUpdateInput = {
   image?: InputMaybe<Scalars['String']>;
+  pullCredentials?: InputMaybe<Scalars['String']>;
 };
 
 export type ConfigRunServiceNameComparisonExp = {
@@ -22885,7 +23183,7 @@ export type GetAuthenticationSettingsQueryVariables = Exact<{
 }>;
 
 
-export type GetAuthenticationSettingsQuery = { __typename?: 'query_root', config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', auth?: { __typename: 'ConfigAuth', version?: string | null, id: 'ConfigAuth', redirections?: { __typename?: 'ConfigAuthRedirections', clientUrl?: any | null, allowedUrls?: Array<string> | null } | null, totp?: { __typename?: 'ConfigAuthTotp', enabled?: boolean | null, issuer?: string | null } | null, signUp?: { __typename?: 'ConfigAuthSignUp', enabled?: boolean | null } | null, session?: { __typename?: 'ConfigAuthSession', accessToken?: { __typename?: 'ConfigAuthSessionAccessToken', expiresIn?: any | null } | null, refreshToken?: { __typename?: 'ConfigAuthSessionRefreshToken', expiresIn?: any | null } | null } | null, resources?: { __typename?: 'ConfigResources', networking?: { __typename?: 'ConfigNetworking', ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null } | null } | null, user?: { __typename?: 'ConfigAuthUser', email?: { __typename?: 'ConfigAuthUserEmail', allowed?: Array<any> | null, blocked?: Array<any> | null } | null, emailDomains?: { __typename?: 'ConfigAuthUserEmailDomains', allowed?: Array<string> | null, blocked?: Array<string> | null } | null, gravatar?: { __typename?: 'ConfigAuthUserGravatar', enabled?: boolean | null, default?: string | null, rating?: string | null } | null, locale?: { __typename?: 'ConfigAuthUserLocale', allowed?: Array<any> | null, default?: any | null } | null } | null } | null } | null };
+export type GetAuthenticationSettingsQuery = { __typename?: 'query_root', config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', auth?: { __typename: 'ConfigAuth', version?: string | null, id: 'ConfigAuth', redirections?: { __typename?: 'ConfigAuthRedirections', clientUrl?: any | null, allowedUrls?: Array<string> | null } | null, totp?: { __typename?: 'ConfigAuthTotp', enabled?: boolean | null, issuer?: string | null } | null, signUp?: { __typename?: 'ConfigAuthSignUp', enabled?: boolean | null } | null, session?: { __typename?: 'ConfigAuthSession', accessToken?: { __typename?: 'ConfigAuthSessionAccessToken', expiresIn?: any | null } | null, refreshToken?: { __typename?: 'ConfigAuthSessionRefreshToken', expiresIn?: any | null } | null } | null, resources?: { __typename?: 'ConfigResources', networking?: { __typename?: 'ConfigNetworking', ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null } | null } | null, user?: { __typename?: 'ConfigAuthUser', email?: { __typename?: 'ConfigAuthUserEmail', allowed?: Array<any> | null, blocked?: Array<any> | null } | null, emailDomains?: { __typename?: 'ConfigAuthUserEmailDomains', allowed?: Array<string> | null, blocked?: Array<string> | null } | null, gravatar?: { __typename?: 'ConfigAuthUserGravatar', enabled?: boolean | null, default?: string | null, rating?: string | null } | null, locale?: { __typename?: 'ConfigAuthUserLocale', allowed?: Array<any> | null, default?: any | null } | null } | null, misc?: { __typename?: 'ConfigAuthMisc', concealErrors?: boolean | null } | null } | null } | null };
 
 export type GetPostgresSettingsQueryVariables = Exact<{
   appId: Scalars['uuid'];
@@ -22927,14 +23225,14 @@ export type GetBackupPresignedUrlQueryVariables = Exact<{
 
 export type GetBackupPresignedUrlQuery = { __typename?: 'query_root', getBackupPresignedUrl: { __typename?: 'BackupPresignedURL', url: string, expiresAt: any } };
 
-export type ServiceResourcesFragment = { __typename?: 'ConfigConfig', auth?: { __typename?: 'ConfigAuth', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null } | null } | null, hasura: { __typename?: 'ConfigHasura', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null } | null }, postgres?: { __typename?: 'ConfigPostgres', resources?: { __typename?: 'ConfigPostgresResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null } | null } | null, storage?: { __typename?: 'ConfigStorage', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null } | null } | null };
+export type ServiceResourcesFragment = { __typename?: 'ConfigConfig', auth?: { __typename?: 'ConfigAuth', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null } | null } | null, hasura: { __typename?: 'ConfigHasura', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null } | null }, postgres?: { __typename?: 'ConfigPostgres', resources?: { __typename?: 'ConfigPostgresResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null } | null } | null, storage?: { __typename?: 'ConfigStorage', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null } | null } | null };
 
 export type GetResourcesQueryVariables = Exact<{
   appId: Scalars['uuid'];
 }>;
 
 
-export type GetResourcesQuery = { __typename?: 'query_root', config?: { __typename?: 'ConfigConfig', auth?: { __typename?: 'ConfigAuth', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null } | null } | null, hasura: { __typename?: 'ConfigHasura', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null } | null }, postgres?: { __typename?: 'ConfigPostgres', resources?: { __typename?: 'ConfigPostgresResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null } | null } | null, storage?: { __typename?: 'ConfigStorage', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null } | null } | null } | null };
+export type GetResourcesQuery = { __typename?: 'query_root', config?: { __typename?: 'ConfigConfig', auth?: { __typename?: 'ConfigAuth', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null } | null } | null, hasura: { __typename?: 'ConfigHasura', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null } | null }, postgres?: { __typename?: 'ConfigPostgres', resources?: { __typename?: 'ConfigPostgresResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null } | null } | null, storage?: { __typename?: 'ConfigStorage', resources?: { __typename?: 'ConfigResources', replicas?: any | null, compute?: { __typename?: 'ConfigResourcesCompute', cpu: any, memory: any } | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null } | null } | null } | null };
 
 export type GetServerlessFunctionsSettingsQueryVariables = Exact<{
   appId: Scalars['uuid'];
@@ -23487,9 +23785,9 @@ export type GetRunServiceQueryVariables = Exact<{
 }>;
 
 
-export type GetRunServiceQuery = { __typename?: 'query_root', runService?: { __typename?: 'run_service', id: any, subdomain: string, config?: { __typename?: 'ConfigRunServiceConfig', name: any, command?: Array<string> | null, image: { __typename?: 'ConfigRunServiceImage', image: string }, resources: { __typename?: 'ConfigRunServiceResources', replicas: any, compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any }, storage?: Array<{ __typename?: 'ConfigRunServiceResourcesStorage', name: any, path: string, capacity: any }> | null }, environment?: Array<{ __typename?: 'ConfigEnvironmentVariable', name: string, value: string }> | null, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null }> | null } | null } | null };
+export type GetRunServiceQuery = { __typename?: 'query_root', runService?: { __typename?: 'run_service', id: any, subdomain: string, config?: { __typename?: 'ConfigRunServiceConfig', name: any, command?: Array<string> | null, image: { __typename?: 'ConfigRunServiceImage', image: string }, resources: { __typename?: 'ConfigRunServiceResources', replicas: any, compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any }, storage?: Array<{ __typename?: 'ConfigRunServiceResourcesStorage', name: any, path: string, capacity: any }> | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null }, environment?: Array<{ __typename?: 'ConfigEnvironmentVariable', name: string, value: string }> | null, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null }> | null } | null } | null };
 
-export type RunServiceConfigFragment = { __typename?: 'ConfigRunServiceConfig', name: any, command?: Array<string> | null, image: { __typename?: 'ConfigRunServiceImage', image: string }, resources: { __typename?: 'ConfigRunServiceResources', replicas: any, compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any }, storage?: Array<{ __typename?: 'ConfigRunServiceResourcesStorage', name: any, path: string, capacity: any }> | null }, environment?: Array<{ __typename?: 'ConfigEnvironmentVariable', name: string, value: string }> | null, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null, ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null, rateLimit?: { __typename?: 'ConfigRateLimit', limit: any, interval: string } | null }> | null, healthCheck?: { __typename?: 'ConfigHealthCheck', port: any, initialDelaySeconds?: number | null, probePeriodSeconds?: number | null } | null };
+export type RunServiceConfigFragment = { __typename?: 'ConfigRunServiceConfig', name: any, command?: Array<string> | null, image: { __typename?: 'ConfigRunServiceImage', image: string }, resources: { __typename?: 'ConfigRunServiceResources', replicas: any, compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any }, storage?: Array<{ __typename?: 'ConfigRunServiceResourcesStorage', name: any, path: string, capacity: any }> | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null }, environment?: Array<{ __typename?: 'ConfigEnvironmentVariable', name: string, value: string }> | null, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null, ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null, rateLimit?: { __typename?: 'ConfigRateLimit', limit: any, interval: string } | null }> | null, healthCheck?: { __typename?: 'ConfigHealthCheck', port: any, initialDelaySeconds?: number | null, probePeriodSeconds?: number | null } | null };
 
 export type GetRunServicesQueryVariables = Exact<{
   appID: Scalars['uuid'];
@@ -23499,7 +23797,7 @@ export type GetRunServicesQueryVariables = Exact<{
 }>;
 
 
-export type GetRunServicesQuery = { __typename?: 'query_root', app?: { __typename?: 'apps', runServices: Array<{ __typename?: 'run_service', id: any, createdAt: any, updatedAt: any, subdomain: string, config?: { __typename?: 'ConfigRunServiceConfig', name: any, command?: Array<string> | null, image: { __typename?: 'ConfigRunServiceImage', image: string }, resources: { __typename?: 'ConfigRunServiceResources', replicas: any, compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any }, storage?: Array<{ __typename?: 'ConfigRunServiceResourcesStorage', name: any, path: string, capacity: any }> | null }, environment?: Array<{ __typename?: 'ConfigEnvironmentVariable', name: string, value: string }> | null, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null, ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null, rateLimit?: { __typename?: 'ConfigRateLimit', limit: any, interval: string } | null }> | null, healthCheck?: { __typename?: 'ConfigHealthCheck', port: any, initialDelaySeconds?: number | null, probePeriodSeconds?: number | null } | null } | null }>, runServices_aggregate: { __typename?: 'run_service_aggregate', aggregate?: { __typename?: 'run_service_aggregate_fields', count: number } | null } } | null };
+export type GetRunServicesQuery = { __typename?: 'query_root', app?: { __typename?: 'apps', runServices: Array<{ __typename?: 'run_service', id: any, createdAt: any, updatedAt: any, subdomain: string, config?: { __typename?: 'ConfigRunServiceConfig', name: any, command?: Array<string> | null, image: { __typename?: 'ConfigRunServiceImage', image: string }, resources: { __typename?: 'ConfigRunServiceResources', replicas: any, compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any }, storage?: Array<{ __typename?: 'ConfigRunServiceResourcesStorage', name: any, path: string, capacity: any }> | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null }, environment?: Array<{ __typename?: 'ConfigEnvironmentVariable', name: string, value: string }> | null, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null, ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null, rateLimit?: { __typename?: 'ConfigRateLimit', limit: any, interval: string } | null }> | null, healthCheck?: { __typename?: 'ConfigHealthCheck', port: any, initialDelaySeconds?: number | null, probePeriodSeconds?: number | null } | null } | null }>, runServices_aggregate: { __typename?: 'run_service_aggregate', aggregate?: { __typename?: 'run_service_aggregate_fields', count: number } | null } } | null };
 
 export type GetLocalRunServiceConfigsQueryVariables = Exact<{
   appID: Scalars['uuid'];
@@ -23507,7 +23805,7 @@ export type GetLocalRunServiceConfigsQueryVariables = Exact<{
 }>;
 
 
-export type GetLocalRunServiceConfigsQuery = { __typename?: 'query_root', runServiceConfigs: Array<{ __typename?: 'ConfigRunServiceConfigWithID', serviceID: any, config: { __typename?: 'ConfigRunServiceConfig', name: any, command?: Array<string> | null, image: { __typename?: 'ConfigRunServiceImage', image: string }, resources: { __typename?: 'ConfigRunServiceResources', replicas: any, compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any }, storage?: Array<{ __typename?: 'ConfigRunServiceResourcesStorage', name: any, path: string, capacity: any }> | null }, environment?: Array<{ __typename?: 'ConfigEnvironmentVariable', name: string, value: string }> | null, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null, ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null, rateLimit?: { __typename?: 'ConfigRateLimit', limit: any, interval: string } | null }> | null, healthCheck?: { __typename?: 'ConfigHealthCheck', port: any, initialDelaySeconds?: number | null, probePeriodSeconds?: number | null } | null } }> };
+export type GetLocalRunServiceConfigsQuery = { __typename?: 'query_root', runServiceConfigs: Array<{ __typename?: 'ConfigRunServiceConfigWithID', serviceID: any, config: { __typename?: 'ConfigRunServiceConfig', name: any, command?: Array<string> | null, image: { __typename?: 'ConfigRunServiceImage', image: string }, resources: { __typename?: 'ConfigRunServiceResources', replicas: any, compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any }, storage?: Array<{ __typename?: 'ConfigRunServiceResourcesStorage', name: any, path: string, capacity: any }> | null, autoscaler?: { __typename?: 'ConfigAutoscaler', maxReplicas: any } | null }, environment?: Array<{ __typename?: 'ConfigEnvironmentVariable', name: string, value: string }> | null, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null, ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null, rateLimit?: { __typename?: 'ConfigRateLimit', limit: any, interval: string } | null }> | null, healthCheck?: { __typename?: 'ConfigHealthCheck', port: any, initialDelaySeconds?: number | null, probePeriodSeconds?: number | null } | null } }> };
 
 export type RunServiceRateLimitFragment = { __typename?: 'ConfigRunServiceConfig', name: any, ports?: Array<{ __typename?: 'ConfigRunServicePort', port: any, type: string, publish?: boolean | null, rateLimit?: { __typename?: 'ConfigRateLimit', limit: any, interval: string } | null, ingresses?: Array<{ __typename?: 'ConfigIngress', fqdn?: Array<string> | null }> | null }> | null };
 
@@ -23662,6 +23960,9 @@ export const ServiceResourcesFragmentDoc = gql`
         memory
       }
       replicas
+      autoscaler {
+        maxReplicas
+      }
     }
   }
   hasura {
@@ -23671,6 +23972,9 @@ export const ServiceResourcesFragmentDoc = gql`
         memory
       }
       replicas
+      autoscaler {
+        maxReplicas
+      }
     }
   }
   postgres {
@@ -23680,6 +23984,9 @@ export const ServiceResourcesFragmentDoc = gql`
         memory
       }
       replicas
+      autoscaler {
+        maxReplicas
+      }
     }
   }
   storage {
@@ -23689,6 +23996,9 @@ export const ServiceResourcesFragmentDoc = gql`
         memory
       }
       replicas
+      autoscaler {
+        maxReplicas
+      }
     }
   }
 }
@@ -23976,6 +24286,9 @@ export const RunServiceConfigFragmentDoc = gql`
       capacity
     }
     replicas
+    autoscaler {
+      maxReplicas
+    }
   }
   environment {
     name
@@ -24329,6 +24642,9 @@ export const GetAuthenticationSettingsDocument = gql`
           default
         }
       }
+      misc {
+        concealErrors
+      }
       version
     }
   }
@@ -27720,6 +28036,9 @@ export const GetRunServiceDocument = gql`
           capacity
         }
         replicas
+        autoscaler {
+          maxReplicas
+        }
       }
       environment {
         name

dashboard/src/utils/constants/common/common.ts

@@ -50,6 +50,11 @@ export const RESOURCE_VCPU_STEP = 0.25 * RESOURCE_VCPU_MULTIPLIER;
  */
 export const RESOURCE_MEMORY_STEP = 128;
 
+/**
+ * Number of steps between GiB of RAM when the ratio is locked.
+ */
+export const RESOURCE_MEMORY_LOCKED_STEP = 4 * RESOURCE_MEMORY_STEP;
+
 /**
  * Price per vCPU.
  *

docs/CHANGELOG.md

@@ -1,5 +1,42 @@
 # @nhost/docs
 
+## 2.18.0
+
+### Minor Changes
+
+- c4aa159: feat: added advanced TLS document
+
+### Patch Changes
+
+- 91f0465: feat: added turnstile guide
+
+## 2.17.2
+
+### Patch Changes
+
+- 52a38fe: chore: added pg_ivm extension
+
+## 2.17.1
+
+### Patch Changes
+
+- db2f44d: fix: update rate-limit to reflect reality
+- dda0c67: chore: udpate metrics documentation with managed configuration
+
+## 2.17.0
+
+### Minor Changes
+
+- cffdec5: feat: update react quickstart guide to use the nhost react apollo template
+- 4cf6677: feat: update list of postgres extensions
+
+## 2.16.0
+
+### Minor Changes
+
+- ba55c1b: feat: run: added a guide on using a private registry
+- 3d70c63: feat: added rate-limiter guide for auth service
+
 ## 2.15.0
 
 ### Minor Changes

docs/guides/auth/bot-protection.mdx

@@ -0,0 +1,76 @@
+---
+title: Bot Protection
+description: Use turnstile to protect from bots
+icon: robot
+---
+
+## Overview
+
+To safeguard your Auth API against automated attacks from scripts and bots, you can implement [Cloudflare's Turnstile](https://www.cloudflare.com/en-gb/products/turnstile/). Turnstile offers CAPTCHA-like protection without user friction, as it doesn't require solving puzzles.
+
+![Turnstile Check in Action](/images/guides/auth/turnstile/turnstile.gif)
+
+## Integration Benefits
+
+1. **Selective Protection**: Auth integrates Turnstile specifically for all signup methods.
+2. **API Accessibility**: Other API endpoints remain accessible for legitimate programmatic use.
+3. **Bot Deterrence**: Manual verification during signup discourages unwanted bot activity.
+
+This approach balances security with usability, ensuring robust protection where it matters most.
+
+## Guide
+
+<Steps>
+  <Step title="Create a widget on Cloudflare">
+  Sign up on [Cloudflare](https://dash.cloudflare.com) if you haven't already.
+
+  Go to your account -> Turnstile -> Add Widget. Then:
+  - Set a descriptive name
+  - In the domain, enter your frontend's domain
+  - Set widget mode as "managed"
+
+  Then click on "create" and write down the site key and the secret key.
+  </Step>
+  <Step title="Enable Turnstile integration on auth">
+    Start by adding the following configuration to your Nhost project:
+    <Tabs>
+    <Tab title="Config">
+    ```toml
+    [auth.signUp.turnstile]
+    secretKey = 'turnstileSecretKey'
+    ```
+    </Tab>
+    </Tabs>
+
+    Replace `turnstileSecretKey` with the secret key from the first step.
+  </Step>
+
+  <Step title="Integrate turnstile into your sign up form">
+    To integrate turnstile into your sign up form you can refer to [Cloudfare's documentation](https://developers.cloudflare.com/turnstile/tutorials/login-pages). Just keep in mind a few things:
+
+    - You don't need to do any verification of the response, just pass it to the Auth service on the `/signup/...` request in the header `x-cf-turnstile-response`.
+    - The "server side verification" is done by the auth service and will return a forbidden status error if the header is not present or if the check didn't pass.
+    - You will need to use the site key from step 1 to configure turnstile in your form
+  </Step>
+
+  <Step title="Pass turnstile's response to the signup request">
+  To pass the response as a header change your request to include the header. For instance:
+
+  ```js
+  await signUpEmailPassword(
+     email,
+     password,
+     {
+       displayName,
+     },
+     {
+       headers: {
+         'x-cf-turnstile-response': turnstileResponse,
+       },
+     },
+   );
+  ```
+
+  In the following [PR](https://github.com/nhost/nhost/pull/2897/files) you can see the changes that were needed in our very own dashboard to integrate turnstile.
+  </Step>
+</Steps>

docs/guides/database/extensions.mdx

@@ -4,6 +4,57 @@ description: List of available extensions with Nhost Postgres.
 icon: grid
 ---
 
+## hypopg
+
+HypoPG is a PostgreSQL extension adding support for hypothetical indexes.
+
+An hypothetical -- or virtual -- index is an index that doesn't really exists, and thus doesn't cost CPU, disk or any resource to create. They're useful to know if specific indexes can increase performance for problematic queries, since you can know if PostgreSQL will use these indexes or not without having to spend resources to create them.
+
+### Managing
+
+To install the extension you can create a migration with the following contents:
+
+```sql SQL
+SET ROLE postgres;
+CREATE EXTENSION hypopg;
+```
+
+To uninstall it, you can use the following migration:
+
+```sql SQL
+SET ROLE postgres;
+DROP EXTENSION hypopg;
+```
+
+### Resources
+
+- [GitHub](https://github.com/HypoPG/hypopg)
+- [Documentation](https://hypopg.readthedocs.io/)
+
+## http
+
+HTTP client for PostgreSQL, retrieve a web page from inside the database.
+
+### Managing
+
+To install the extension you can create a migration with the following contents:
+
+```sql SQL
+SET ROLE postgres;
+CREATE EXTENSION http;
+```
+
+To uninstall it, you can use the following migration:
+
+```sql SQL
+SET ROLE postgres;
+DROP EXTENSION http;
+```
+
+### Resources
+
+- [GitHub](https://github.com/pramsey/pgsql-http)
+
 ## postgis
 
 PostGIS extends the capabilities of the PostgreSQL relational database by adding support storing, indexing and querying geographic data.
@@ -84,11 +135,9 @@ DROP EXTENSION pg_cron;
 
 - [GitHub](https://github.com/citusdata/pg_cron)
 
-## hypopg
+## pg_hashids
 
-HypoPG is a PostgreSQL extension adding support for hypothetical indexes.
-
-An hypothetical -- or virtual -- index is an index that doesn't really exists, and thus doesn't cost CPU, disk or any resource to create. They're useful to know if specific indexes can increase performance for problematic queries, since you can know if PostgreSQL will use these indexes or not without having to spend resources to create them.
+Hashids is a small open-source library that generates short, unique, non-sequential ids from numbers. It converts numbers like 347 into strings like “yr8”. You can also decode those ids back. This is useful in bundling several parameters into one or simply using them as short UIDs.
 
 ### Managing
 
@@ -96,20 +145,94 @@ To install the extension you can create a migration with the following contents:
 
 ```sql SQL
 SET ROLE postgres;
-CREATE EXTENSION hypopg;
+CREATE EXTENSION pg_hashids;
 ```
 
 To uninstall it, you can use the following migration:
 
 ```sql SQL
 SET ROLE postgres;
-DROP EXTENSION hypopg;
+DROP EXTENSION pg_hashids;
 ```
 
 ### Resources
 
-- [GitHub](https://github.com/HypoPG/hypopg)
-- [Documentation](https://hypopg.readthedocs.io/)
+- [GitHub](https://github.com/iCyberon/pg_hashids)
+
+## pg_ivm
+
+The pg_ivm module provides Incremental View Maintenance (IVM) feature for PostgreSQL.
+
+Incremental View Maintenance (IVM) is a way to make materialized views up-to-date in which only incremental changes are computed and applied on views rather than recomputing the contents from scratch as REFRESH MATERIALIZED VIEW does. IVM can update materialized views more efficiently than recomputation when only small parts of the view are changed.
+
+### Managing
+
+To install the extension you can create a migration with the following contents:
+
+```sql SQL
+SET ROLE postgres;
+CREATE EXTENSION pg_ivm;
+```
+
+To uninstall it, you can use the following migration:
+
+```sql SQL
+SET ROLE postgres;
+DROP EXTENSION pg_ivm;
+```
+
+### Resources
+
+- [GitHub](https://github.com/sraoss/pg_ivm)
+
+## pg_squeeze
+
+PostgreSQL extension that removes unused space from a table and optionally sorts tuples according to particular index (as if CLUSTER command was executed concurrently with regular reads / writes). In fact we try to replace pg_repack extension.
+
+### Managing
+
+To install the extension you can create a migration with the following contents:
+
+```sql SQL
+SET ROLE postgres;
+CREATE EXTENSION pg_squeeze;
+```
+In addition, you may need to configure the WAL level and replication slots. Check the official documentation for details.
+
+To uninstall it, you can use the following migration:
+
+```sql SQL
+SET ROLE postgres;
+DROP EXTENSION pg_squeeze;
+```
+
+### Resources
+
+- [GitHub](https://github.com/cybertec-postgresql/pg_squeeze)
+
+## pg_stat_statements
+
+The pg_stat_statements module provides a means for tracking planning and execution statistics of all SQL statements executed by a server.
+
+### Managing
+
+To install the extension you can create a migration with the following contents:
+
+```sql SQL
+SET ROLE postgres;
+CREATE EXTENSION pg_stat_statements;
+```
+
+To uninstall it, you can use the following migration:
+
+```sql SQL
+SET ROLE postgres;
+DROP EXTENSION pg_stat_statements;
+```
+
+### Resources
+
+- [Documentation](https://www.postgresql.org/docs/14/pgstatstatements.html)
 
 ## timescaledb
 
@@ -140,50 +263,3 @@ DROP EXTENSION timescaledb;
 - [Documentation](https://docs.timescale.com/)
 - [Website](https://www.timescale.com/)
 
-## pg_stat_statements
-
-The pg_stat_statements module provides a means for tracking planning and execution statistics of all SQL statements executed by a server.
-
-### Managing
-
-To install the extension you can create a migration with the following contents:
-
-```sql SQL
-SET ROLE postgres;
-CREATE EXTENSION pg_stat_statements;
-```
-
-To uninstall it, you can use the following migration:
-
-```sql SQL
-SET ROLE postgres;
-DROP EXTENSION pg_stat_statements;
-```
-
-### Resources
-
-- [Documentation](https://www.postgresql.org/docs/14/pgstatstatements.html)
-
-## http
-
-HTTP client for PostgreSQL, retrieve a web page from inside the database.
-
-### Managing
-
-To install the extension you can create a migration with the following contents:
-
-```sql SQL
-SET ROLE postgres;
-CREATE EXTENSION http;
-```
-
-To uninstall it, you can use the following migration:
-
-```sql SQL
-SET ROLE postgres;
-DROP EXTENSION http;
-```
-
-### Resources
-
-- [GitHub](https://github.com/pramsey/pgsql-http)

docs/guides/quickstarts/react.mdx

@@ -1,149 +1,301 @@
 ---
-title: Setup Nhost with React
+title: Get up and running with Nhost and React
 sidebarTitle: React
 description: Get up and running with Nhost and React
 icon: react
 ---
 
 <Steps>
-  <Step title="Create Project">
-    If you haven't, please create a project through the [Nhost Dashboard](https://app.nhost.io/new).
+  <Step title="Create Nhost Project">
+    Create your project through the [Nhost Dashboard](https://app.nhost.io/new).
   </Step>
 
   <Step title="Setup Database">
-    Navigate to the **SQL Editor** of the database and run the following SQL to create a new table `movies` with some great movies. 
-
-    ```sql SQL Editor
-    CREATE TABLE movies (
-      id SERIAL PRIMARY KEY,
-      title VARCHAR(255) NOT NULL,
-      director VARCHAR(255),
-      release_year INTEGER,
-      genre VARCHAR(100),
-      rating FLOAT
-    );
-
-    INSERT INTO movies (title, director, release_year, genre, rating) VALUES
-      ('Inception', 'Christopher Nolan', 2010, 'Sci-Fi', 8.8),
-      ('The Godfather', 'Francis Ford Coppola', 1972, 'Crime', 9.2),
-      ('Forrest Gump', 'Robert Zemeckis', 1994, 'Drama', 8.8),
-      ('The Matrix', 'Lana Wachowski, Lilly Wachowski', 1999, 'Action', 8.7);
-    ```
+    Navigate to the **SQL Editor** of the database and run the following SQL to create a new table `todos`.
 
     <Warning>Make sure the option `Track this` is enabled</Warning>
 
-    ![SQL Editor](/images/guides/quickstarts/react/sql-editor.png)
-
-  </Step>
-
-  <Step title="permissions">
-    Select the new table `movies` just created, and click in **Edit Permissions** to set the following permissions for the `public` role and `select` action.
-
-    ![Permission Rules](/images/guides/quickstarts/react/permissions.png)
-  </Step>
-
-  <Step title="Setup a React Application">
-    Create a React application using Vite.
-
-    ```bash Terminal 
-    npm create vite@latest nhost-react-quickstart -- --template react
+    ```sql SQL Editor
+    CREATE TABLE todos (
+      id uuid NOT NULL DEFAULT gen_random_uuid(),
+      created_at timestamptz NOT NULL DEFAULT now(),
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      user_id uuid NOT NULL,
+      contents text NOT NULL,
+      PRIMARY KEY (id),
+      FOREIGN KEY (user_id) REFERENCES auth.users(id) ON UPDATE cascade ON DELETE cascade
+    );
     ```
+
+    <Frame caption="Create Todos Table">
+      <img src="/images/guides/quickstarts/react-native/create-table-todos.png" />
+    </Frame>
+
   </Step>
 
-  <Step title="Install the Nhost package for React">
-    Navidate to the React application and install `@nhost/react`. 
+  <Step title="Configure the todos table permissions">
+    To set permissions for the new `todos` table, select the table, click on the `...` to open the actions dialog,
+    then click on **Edit Permissions**. Set the following permissions for the `user` role:
+
+    1. `Insert`
+        - Set `Row insert permissions` to `Without any checks`
+        - Select all columns except `user_id` on `Column insert permissions`
+        - Add a new `Column preset` and set `Column Name` to `user_id` and `Column Value` to `X-Hasura-User-Id`
+        - Save
+
+    <Frame caption="Insert Permissions">
+      <img src="/images/guides/quickstarts/react-native/todos-insert-permissions.png" />
+    </Frame>
+
+    2. `Select`
+        - Set `Row select permissions` to `With custom check` and fill in the following rule:
+            - Set `Where` to `todos.user_id`
+            - Set the operator to `_eq`
+            - Set the value to `X-Hasura-User-Id`
+        - Select all columns except `user_id` on `Column select permissions`
+        - Save
+
+    <Frame caption="Select Permissions">
+      <img src="/images/guides/quickstarts/react-native/todos-select-permissions.png" />
+    </Frame>
+
+    3. `Update`
+        - Set `Row update permissions` to `With custom check` and fill in the following rule:
+            - Set `Where` to `todos.user_id`
+            - Set the operator to `_eq`
+            - Set the value to `X-Hasura-User-Id`
+        - Select all columns except `user_id` on `Column select permissions`
+        - Save
+
+    <Frame caption="Update permissions">
+      <img src="/images/guides/quickstarts/react-native/todos-update-permissions.png" />
+    </Frame>
+
+    4. `Delete`
+        - Set `Row delete permissions` to `With custom check` and fill in the following rule:
+            - Set `Where` to `todos.user_id`
+            - Set the operator to `_eq`
+            - Set the value to `X-Hasura-User-Id`
+        - Save
+
+    <Frame caption="Delete permissions">
+      <img src="/images/guides/quickstarts/react-native/todos-delete-permissions.png" />
+    </Frame>
+
+  </Step>
+
+  <Step title="Configure permissions to enable user file uploads">
+    To enable file uploads by users, set the permissions as follows:
+
+    1. Edit the **files** table permissions
+        1. Navigate to the files table within the [Database tab](https://app.nhost.io/_/_/database/browser/default/storage/files)
+        2. Click on the three dots (...) next to the files table
+        3. Click on **Edit Permissions**
+
+    2. Modify the `Insert` permission for the `user` role:
+          1. Set `Row insert permissions` to `Without any checks`
+          2. Select all columns on `Column insert permissions`
+          4. Save
+
+    <Frame caption="Insert Permissions">
+      <img src="/images/guides/quickstarts/react-native/files-insert-permissions.png" />
+    </Frame>
+
+    3. `Select`
+        - Set `Row select permissions` to `With custom check` and fill in the following rule:
+            - Set `Where` to `files.uploaded_by_user_id`
+            - Set the operator to `_eq`
+            - Set the value to `X-Hasura-User-Id`
+        - Select all columns on `Column select permissions`
+        - Save
+
+    <Frame caption="Select permissions">
+      <img src="/images/guides/quickstarts/react-native/files-select-permissions.png" />
+    </Frame>
+
+  </Step>
+
+  <Step title="Bootstrap your React app">
+    Intialize a new React project using the template [`@nhost/react-apollo`](https://www.npmjs.com/package/@nhost/cra-template-react-apollo)
 
     ```bash Terminal
-    cd nhost-react-quickstart && npm install @nhost/react
+    npx create-react-app myapp --template @nhost/react-apollo
     ```
+
   </Step>
 
-  <Step title="Configure the Nhost client and fetch the list of movies">
+  <Step title="Connect your React app to the Nhost project">
+    Copy your project's `<subdomain>` and `<region>` values available on the dashboard overview
 
-    Create a new file with the following code to creates the Nhost client.
-
-    ```js ./src/lib/nhost.js
-    import { NhostClient } from "@nhost/react";
-
-    export const nhost = new NhostClient({
-      subdomain: "<subdomain>",
-      region: "<region>",
-    })
+    ```tsx src/index.tsx
+    const nhost = new NhostClient({
+      subdomain: "<subdomain>", // replace the subdomain value e.g. "hjcuuqweqwezolpolrep"
+      region: "<region>", // replace the region value e.g. "eu-central-1"
+    });
     ```
 
-    <Note>Replace `<subdomain>` and `<region>` with the subdomain and region for the project</Note>
+  </Step>
 
-    Finally, update `./src/App.jsx` to fetch the list of movies.
+  <Step title="Create the Todos Page and Add It to the Sidebar Navigation">
+    <CodeGroup>
+      ```tsx src/components/routes/app/todos.tsx
+      import { Alert, AlertDescription, AlertTitle } from '@/components/ui/alert'
+      import { Button } from '@/components/ui/button'
+      import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'
+      import { Input } from '@/components/ui/input'
+      import { gql, useMutation } from '@apollo/client'
+      import { useAuthQuery } from '@nhost/react-apollo'
+      import { Check, Info, Plus, Trash } from 'lucide-react'
+      import { useState } from 'react'
+      import { toast } from 'sonner'
 
-    ```js src/App.jsx
-    import { useEffect, useState } from "react";
-    import { NhostProvider } from "@nhost/react";
-    import { nhost } from './lib/nhost'	
+      export default function Todos() {
+        const { data, refetch: refetchTodos } = useAuthQuery<{
+          todos: Array<{
+            id: string
+            contents: string
+          }>
+        }>(gql`
+          query {
+            todos(order_by: { createdAt: desc }) {
+              id
+              contents
+            }
+          }
+        `)
 
-    const getMovies = `
-      query {
-        movies {
-          title
-          genre
-          rating
+        const [contents, setContents] = useState('')
+
+        const [addTodo] = useMutation<{
+          insertTodo?: {
+            id: string
+            contents: string
+          }
+        }>(gql`
+          mutation ($contents: String!) {
+            insertTodo(object: { contents: $contents }) {
+              id
+              contents
+            }
+          }
+        `)
+
+        const [deleteTodo] = useMutation<{
+          deleteNote?: {
+            id: string
+            content: string
+          }
+        }>(gql`
+          mutation deleteTodo($todoId: uuid!) {
+            deleteTodo(id: $todoId) {
+              id
+              contents
+            }
+          }
+        `)
+
+        const handleAddTodo = () => {
+          if (contents) {
+            addTodo({
+              variables: { contents },
+              onCompleted: async () => {
+                setContents('')
+                await refetchTodos()
+              },
+              onError: (error) => {
+                toast.error(error.message)
+              }
+            })
+          }
         }
+
+        const handleDeleteTodo = async (todoId: string) => {
+          await deleteTodo({
+            variables: { todoId },
+            onCompleted: async () => {
+              await refetchTodos()
+            },
+            onError: (error) => {
+              toast.error(error.message)
+            }
+          })
+
+          await refetchTodos()
+        }
+
+        return (
+          <div className="w-full">
+            <Card className="mb-4">
+              <CardHeader>
+                <CardTitle>Todos</CardTitle>
+              </CardHeader>
+            </Card>
+            <Card className="w-full pt-6">
+              <CardContent className="flex flex-col gap-4">
+                <div className="flex flex-row gap-4">
+                  <Input
+                    value={contents}
+                    onChange={(e) => setContents(e.target.value)}
+                    onKeyDown={(e) => e.code === 'Enter' && handleAddTodo()}
+                  />
+                  <Button className="m-0" onClick={handleAddTodo}>
+                    <Plus />
+                    Add
+                  </Button>
+                </div>
+                <div>
+                  {data?.todos.length === 0 && (
+                    <Alert className="w-full">
+                      <Info className="w-4 h-4" />
+                      <AlertTitle>Empty</AlertTitle>
+                      <AlertDescription className="mt-2">Start by adding a todo</AlertDescription>
+                    </Alert>
+                  )}
+                  {data?.todos.map((todo) => (
+                    <div
+                      key={todo.id}
+                      className="flex flex-row items-center justify-between w-full p-4 border-b last:pb-0 last:border-b-0"
+                    >
+                      <div className="flex flex-row gap-2">
+                        <Check className="w-5 h-5" />
+                        <span>{todo.contents}</span>
+                      </div>
+                      <Button variant="ghost" onClick={() => handleDeleteTodo(todo.id)}>
+                        <Trash className="w-5 h-5" />
+                      </Button>
+                    </div>
+                  ))}
+                </div>
+              </CardContent>
+            </Card>
+          </div>
+        )
       }
-    `;  
+      ```
 
-    function App() {
-      return (
-        <NhostProvider nhost={nhost}>
-          <Home />
-        </NhostProvider>
-      );
-    }
+      ```tsx src/components/routes/app/layout.tsx
+      <nav className="flex flex-col items-center gap-4 px-2 sm:py-5">
+      --
+      <Tooltip>
+        <TooltipTrigger asChild>
+          <NavLink
+            to="/todos"
+            className="flex items-center justify-center transition-colors rounded-lg h-9 w-9 text-muted-foreground hover:text-foreground md:h-8 md:w-8 aria-[current]:bg-accent aria-[current]:text-accent-foreground"
+          >
+            <SquareCheckBig className="w-5 h-5" />
+            <span className="sr-only">Todos</span>
+          </NavLink>
+        </TooltipTrigger>
+        <TooltipContent side="right">Todos</TooltipContent>
+      </Tooltip>
+      --
+      </nav>
+      ```
+      </CodeGroup>
 
-    function Home() {
-      const [loading, setLoading] = useState(true);
-      const [movies, setMovies] = useState([]);
-
-      useEffect(() => {
-        async function fetchMovies() {
-          setLoading(true);
-          const { data, error } = await nhost.graphql.request(getMovies);
-
-          setMovies(data.movies);
-          setLoading(false);
-        }
-
-        fetchMovies();
-      }, []);
-
-      return (
-        <div>
-          {loading ? (
-            <p>Loading...</p>
-          ) : (
-            <table>
-              <tbody>
-                {movies.map((movie, index) => (
-                  <tr key={index}>
-                    <td>{movie.title}</td>
-                    <td>{movie.genre}</td>
-                    <td>{movie.rating}</td>
-                  </tr>
-                ))}
-              </tbody>
-            </table>
-          )}
-        </div>
-      );
-    }
-
-    export default App;
-    ```
   </Step>
 
-  <Step title="The end">
-    Run your project with `npm run dev -- --open --port 3000` and enter `http://localhost:3000` in your browser.
+  <Step title="Run the project">
+    Run your project with `npm start` and enter `http://localhost:3000` in your browser.
   </Step>
 </Steps>
-
-```
-
-```

docs/guides/run/networking.mdx

@@ -95,7 +95,7 @@ publish = true
   </Tab>
 </Tabs>
 
-<Info>Currently, only services of type `http` can be exposed to the internet.</Info>
+<Info>Currently, only services of type `http` and `grpc` can be exposed to the internet.</Info>
 
 2. Once the service of type `http` is published, you can connect to it using a URL with the following format:
 
@@ -105,3 +105,21 @@ publish = true
 
   `https://zlbmqjfczuwqvsquujno-3000.svc.eu-central-1.nhost.run`
 
+
+## GRPC
+
+GRPC services are supported, however, they are only supported via [custom domains](/platform/custom-domains). To expose a GRPC service to the internet you can use the following configuration:
+
+``` toml
+...
+
+[[ports]]
+type = "grpc"
+port = 5000
+publish = false
+
+[[ports.ingresses]]
+fqdn = ["grpc.domain.com"]
+
+...
+```

docs/guides/run/registry.mdx

@@ -93,3 +93,56 @@ Wait a few seconds until the project is done updating the new service and visit
 
 ![visit url](/images/guides/run/registry_7.png)
 
+## Using your own private registry
+
+If you are publishing your images in your own private registry you can add pull credentials to your Run configuration so the image can be pulled successfully. To do so follow the next steps:
+
+1. Figure out the credentials you need. This might depend on your registry. For instructions on various registries see the next section.
+2. The credentials will be similar to:
+
+```json
+{
+  "auths": {
+    "https://myregistry.com/v1": {
+      "username": "myuser",
+      "password": "mypassword"
+    }
+  }
+}
+```
+
+3. Create a secret under Settings -> Secrets with the contents of the auth section. For instance:
+
+![pull secret](/images/guides/run/registry_8.png)
+
+Pay attention that **only** the object inside "auths" is to be added.
+
+4. Configure the `pullCredentials` in your run configuration.
+
+```toml
+[image]
+image = 'myprivaterepo/myservice:1.0.1'
+pullCredentials = '{{ secrets.CONTAINER_REGISTRY_CREDENTIALS }}'
+```
+
+Pulling your image should work now.
+
+### Docker Hub Credentials
+
+To create a credential that allows you to pull private images from Docker hub follow the next steps:
+
+1. Login to https://hub.docker.com with a user that can pull the image you want.
+2. Head to "Account Settings" -> "Personal access tokens"
+3. Create a new token with "Read Only" access permissions
+4. Copy the token you got
+
+Your credentials will be:
+
+```json
+{
+  "https://index.docker.io/v1/": {
+    "username":"<yourusername>",
+    "password":"<the_token_you_just_got>"
+  }
+}
+```

docs/mint.json

@@ -76,15 +76,13 @@
         "platform/subdomain",
         "platform/compute-resources",
         "platform/service-replicas",
-        {
-          "group": "Monitoring",
-          "icon": "monitor-waveform",
-          "pages": ["platform/metrics"]
-        },
+        "platform/metrics",
         "platform/environment-variables",
         "platform/secrets",
         "platform/deployments",
-        "platform/custom-domains"
+        "platform/custom-domains",
+        "platform/rate-limits",
+        "platform/tls"
       ]
     },
     {
@@ -158,6 +156,7 @@
         "guides/auth/sign-in-phone-number",
         "guides/auth/sign-in-webauthn",
         "guides/auth/elevated-permissions",
+        "guides/auth/bot-protection",
         "guides/auth/email-templates",
         "guides/auth/custom-jwts"
       ]

docs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/docs",
-  "version": "2.15.0",
+  "version": "2.18.0",
   "private": true,
   "scripts": {
     "start": "mintlify dev"

docs/platform/metrics.mdx

@@ -4,6 +4,10 @@ description: 'Grafana Instance configured and tailored to your project'
 icon: monitor-waveform
 ---
 
+<Info>
+This is a Pro/Team/Enterprise feature. This is not available on Starter projects.
+</Info>
+
 Insights such as response times, resource usage, and error rates, to help you assess the **performance** and **health** of your services.
 
 Metrics helps you analyze the performance of your infrastructure, while identifying bottlenecks and optimizing your applications.
@@ -23,16 +27,130 @@ Your Grafana instance comes pre-defined with dashboards that cover backend servi
 
 ![Grafana](/images/platform/metrics/grafana.png)
 
-### Nhost Dashboard
+## Accessing Grafana
 
-You can find the link to Grafana in your project's dashboard, under **Metrics**. 
+You can find the link to Grafana in your project's dashboard, under **Metrics**.
 
 ![Project Metrics](/images/platform/metrics/nhost-dashboard-metrics.png)
 
+## Configuring Grafana
+
+Grafana comes pre-configured with a datasource with your project's metrics plus a few useful dashboards to observe your projects. In addition, you can enable alerting by configuring one or more contact points and enabling alerts in your configuration file.
+
+<Info>
+The configuration below is open source and can be found [here](https://github.com/nhost/nhost/tree/main/observability/grafana). If you want to see improvements, more rules, better dashboards, more options, etc., don't hesitate to contribute them or open an issue.
+</Info>
+
+### Configure contact points
+
+Contact points in Grafana are lists of integrations that send notifications to specific channels or services when alerts are triggered. Supported contact points are:
+
+- email
+- pagerduty
+- discord
+- slack
+- webhooks
+
+To configure them include one ore more sections in your configuration file:
+
+
+```toml
+[observability.grafana.contacts]
+emails = ['engineering@acme.com']
+
+[[observability.grafana.contacts.pagerduty]]
+integrationKey = 'integration-key'
+severity = 'critical'
+class = 'infra'
+component = 'backend'
+group = 'group'
+
+[[observability.grafana.contacts.discord]]
+url = 'https://discord.com/api/webhooks/...'
+avatarUrl = 'https://discord.com/api/avatar/...'
+
+[[observability.grafana.contacts.slack]]
+recipient = 'recipient'
+token = 'token'
+username = 'username'
+iconEmoji = 'danger'
+iconURL = 'https://...'
+mentionUsers = ['user1', 'user2']
+mentionGroups = ['group1', 'group2']
+mentionChannel = 'channel'
+url = 'https://slack.com/api/webhooks/...'
+endpointURL = 'https://slack.com/api/endpoint/...'
+
+[[observability.grafana.contacts.webhook]]
+url = 'https://webhook.example.com'
+httpMethod = 'POST'
+username = 'user'
+password = 'password'
+authorizationScheme = 'Bearer'
+authorizationCredentials = 'token'
+maxAlerts = 10
+```
+
+Once you have added them to your configuration and deployed them you should be able to see them in your grafana dashboard under "Settings" -> "Contact points" -> "Nhost Managed Contacts":
+
+![contact points](/images/platform/metrics/contact_points.png)
+
+If you click on "View" you should be able to see a test button you can use to ensure your contacts are properly configured.
+
+### SMTP
+
+If you are planning to send emails as part of your alerting, you need to configure some SMTP settings as well. To do so add to your configuration:
+
+```toml
+[observability.grafana.smtp]
+host = 'localhost'
+port = 25
+sender = 'admin@localhost'
+user = 'smtpUser'
+password = 'smtpPassword'
+```
+
+### Alerting
+
+To enable alerting simply add to your configuration:
+
+```toml
+[observability.grafana.alerting]
+enabled = true
+```
+
+This will enable the following rules, which you can find in your grafana dashboard under "Alert rules":
+
+![alert rules](/images/platform/metrics/alert_rules.png)
+
+1. **High CPU usage**
+   - Trigger: CPU usage > 75%
+   - Duration: Sustained for 5-10 minutes
+
+2. **Low disk space**
+   - Trigger: Disk utilization > 75%
+   - Duration: Persistent for 5-10 minutes
+
+3. **Low free memory**
+   - Trigger: Memory usage > 75%
+   - Duration: Continuous for 5-10 minutes
+
+4. **Service restarted due to lack of memory**
+   - Trigger: Any service restart due to memory exhaustion
+   - Duration: Immediate upon occurrence
+
+5. **High request error rate**
+   - Trigger: Request error rate > 25%
+   - Duration: Maintained for 5-10 minutes
+
+After they have been enabling they will start notifying your contact points when the conditions are met. For instance, here is an email sent due to a high error rate:
+
+![email_notification](/images/platform/metrics/email_notification.png)
+
+## Advanced configuration
+
+In addition, Team and Enterprise projects can perform any changes they want. For instance you can add users, configure an OAuth provider for user authentication, add datasources, you can configure your own alerts, etc.
+
 ## Beta
 
 Metrics is in beta, its functionality and pricing might change.
-
-### Limitations
-
-- Dashboards can be updated or created, but they won't persist after a deployment.

docs/platform/rate-limits.mdx

@@ -0,0 +1,112 @@
+---
+title: Rate Limits
+sidebarTitle: Rate Limits
+description: Protecting your service against abuse
+icon: shield
+---
+
+Rate limits in an HTTP API are essential for protecting services against abuse and brute force attacks by restricting the number of requests a client can make within a specified time period. By enforcing rate limits, we can mitigate the risk of unauthorized access, denial of service attacks, and excessive consumption of resources.
+
+Limits work by setting a maximum number of requests (burst amount) allowed for a key within a specified time frame (recovery time). For example, with a limit of 30 requests and a recovery time of 5 minutes, a user can make up to 30 requests before hitting the limit. Additionally, the user receives an extra request every 10 seconds (5 * 60 / 30) until reaching the limit.
+
+## GraphQL/Storage/Functions
+
+You can rate-limit the GraphQL, Storage, and Functions services independently of each other. These rate limits are based on the client IP, and requests made to one service do not count toward the rate limits of another service.
+
+### Configuration
+
+<Tabs>
+<Tab title="Dashboard">
+  **Project Dashboard -> Settings -> Rate Limiting**
+
+  ![Rate limit services](/images/platform/rate-limiting/misc.png)
+
+</Tab>
+<Tab title="Config">
+```toml
+[hasura.rateLimit]
+limit = 100
+interval = '15m'
+
+[functions.rateLimit]
+limit = 100
+interval = '15m'
+
+[storage.rateLimit]
+limit = 100
+interval = '15m'
+```
+</Tab>
+</Tabs>
+
+## Auth
+
+Given that not all endpoints are equally sensitive, Auth supports more complex rate-limiting rules, allowing you to set different configurations depending on the properties of each endpoint.
+
+| Endpoints             | Key | Limits | Description | Minimum version |
+| ----------------------|-----|--------|-------------|-----------------|
+| Any that sends emails<sup>1</sup> | Global | 10 / hour | Not configurable. This limit applies to any project without custom SMTP settings  | 0.33.0 |
+| Any that sends emails<sup>1</sup> | Client IP | 10 / hour | Configurable. This limit applies to any project with custom SMTP settings and is configurable  | 0.33.0 |
+| Any that sends SMS<sup>2</sup> | Client IP | 10 / hour | Configurable. | 0.33.0 |
+| Any endpoint that an attacker may try to brute-force. This includes sign-in and verify endpoints<sup>3</sup> | Client IP | 10 / 5 minutes | Configurable | 0.33.0 |
+| Signup endpoints<sup>4</sup> | Client IP | 10 / 5 minutes | Configurable | 0.33.0 |
+| Any | Client IP | 100 / minute | The total sum of requests to any endpoint (including previous ones) can not exceed this limit | 0.33.0 |
+
+<Note>
+Limits are grouped within a given category. For instance, with a limit of 10 per hour for the sign-in/verify category, if a user attempts to sign in 10 times and then tries to verify an OTP code, the latter will be rate-limited alongside the sign-in attempts.
+</Note>
+
+<sup>1</sup> Paths included:
+- `/signin/passwordless/email`
+- `/user/email/change`
+- `/user/email/send-verification-email`
+- `/user/password/reset`
+- `/signup/email-password` - If email verification enabled
+- `/user/deanonymize` - If email verification enabled
+
+<sup>2</sup> Paths included:
+- `/signin/passwordless/sms`
+
+<sup>3</sup> Paths included:
+- `/signin/*`
+- `*/verify`
+- `*/otp`
+
+<sup>4</sup> Paths included:
+- `/signup/*`
+
+
+### Configuration
+
+<Tabs>
+<Tab title="Dashboard">
+  **Project Dashboard -> Settings -> Rate Limiting**
+
+  ![Rate limit Auth](/images/platform/rate-limiting/auth.png)
+
+</Tab>
+<Tab title="Config">
+```toml
+[auth.rateLimit]
+[auth.rateLimit.emails]
+limit = 10
+interval = '1h'
+
+[auth.rateLimit.sms]
+limit = 10
+interval = '1h'
+
+[auth.rateLimit.bruteForce]
+limit = 10
+interval = '5m'
+
+[auth.rateLimit.signups]
+limit = 10
+interval = '5m'
+
+[auth.rateLimit.global]
+limit = 100
+interval = '1m'
+```
+</Tab>
+</Tabs>

docs/platform/tls.mdx

@@ -0,0 +1,185 @@
+---
+title: TLS Configuration
+description: Advanced TLS settings
+icon: file-certificate
+---
+
+Below you can find some advanced TLS functionality you can enable.
+
+<Warning>
+Advanced TLS settings are only available with [custom domains](/platform/custom-domains)
+</Warning>
+
+## TLS Client Authentication
+
+With TLS Client Authentication you can configure our platform to require clients to include a client certificate signed by a CA of your choosing. If the client doesn't provide a certificate or the certificate isn't signed by the correct CA the request will be denied. If the request includes a valid certificate the request will be forwarded to your service and will include information about the TLS configuration.
+
+To configure TLS client authentication you can use the configuration below:
+
+```toml
+[[functions.resources.ingress]]
+fqdn = ["func.acme.com"]
+
+[functions.resources.networking.ingresses.tls]
+clientCA = "{{ secrets.client_ca }}"
+```
+
+### Headers
+
+The following headers will be added to all successful requests:
+
+- `ssl-client-cert`: The client cetificate that was used
+- `ssl-client-issuer-dn`: Client certificate's issuer DN
+- `ssl-client-subject-dn`: Client certificate;s distinguished name
+- `ssl-client-verify`: Result of the operation. As we only forward requests on success the value should always be `SUCCESS`.
+
+
+### Guide
+
+Here is a quick guide on how to enable TLS client authentication for the functions service using self-signed certificates.
+
+#### Creating the CA
+
+First we need to create a CA that will be used to sign and validate the client certificates.
+
+<Steps>
+    <Step title="Generate the CA private key">
+
+First, we need to create a private key for our Certificate Authority. We'll use a 4096-bit RSA key for strong security.
+
+```
+openssl genrsa -aes256 -out ca.key 4096
+```
+
+This command will prompt you to enter a passphrase to protect the CA private key. Make sure to choose a strong passphrase and keep it safe.
+
+    </Step>
+
+    <Step title="Create the CA certificate">
+Now that we have the private key, let's create a self-signed CA certificate:
+
+```
+openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
+```
+
+This command will prompt you for various details to include in the certificate. The most important field is the Common Name (CN), which should be a descriptive name for your CA.
+    </Step>
+</Steps>
+
+The resulting `ca.key` file will be needed later to sign client certificates while the result `ca.crt` will be needed to validate them.
+
+
+#### Creating client certificates
+
+Now we can proceed to create client certificats. You can repeat the steps below to create as many as you need.
+
+
+<Steps>
+
+<Step title="Generate a private key for the client">
+First, we'll create a private key for the client certificate:
+
+```
+openssl genrsa -out client.key 2048
+```
+</Step>
+
+<Step title="Create a Certificate Signing Request (CSR) for the client">
+
+Now, we'll create a CSR for the client certificate:
+
+```
+openssl req -new -key client.key -out client.csr
+```
+
+Fill in the prompted information. The Common Name (CN) should typically be the name of the client or user.
+
+</Step>
+
+<Step title="Create a configuration file for the client certificate">
+
+Create a file named `client.ext` with the following content:
+
+```
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+extendedKeyUsage = clientAuth
+```
+
+This configuration specifies that the certificate is for client authentication.
+
+</Step>
+
+<Step title="Generate the client certificate">
+
+Now, we'll use our CA to sign the client certificate:
+
+```
+openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365 -sha256 -extfile client.ext
+```
+
+This command will prompt you for the CA private key passphrase you set earlier.
+</Step>
+
+The resulting `client.key` and `client.crt` files will be needed by the user to authenticate requests.
+
+</Steps>
+
+#### Configure your service
+
+With everything in place you can configure your service. Imagine we have an already deployed project and we want to enable this for all functions. First we will head to the dashboard -> project -> settings -> secrets and create a new secret named `CLIENT_CA` with the contents of the `ca.crt` file. Afterwards we will deploy the following configuration:
+
+```toml
+[[functions.resources.networking.ingresses]]
+fqdn = [ "functions.acme.com" ]
+
+[functions.resources.networking.ingresses.tls]
+clientCA = "{{ secrets.CLIENT_CA }}"
+```
+#### Profit
+
+Our project has a function that echoes back request parameters, including headers. We will use this to inspect the TLS headers added to the request and that you can use for further validation if you need it. First, we can query the function without passing any client certificate:
+
+```
+$ curl  https://functions.acme.com/v1/echo
+<html>
+<head><title>400 No required SSL certificate was sent</title></head>
+<body>
+<center><h1>400 Bad Request</h1></center>
+<center>No required SSL certificate was sent</center>
+<hr><center>nginx</center>
+</body>
+</html>
+```
+
+As you can see the request was rejected. Now we can add a valid client certificate and the corresponding key to the request:
+
+
+```
+$ curl --cert client.crt --key client.key https://functions.acme.com/v1/echo | jq
+{
+  "headers": {
+    "accept": "*/*",
+    "ssl-client-cert": "-----BEGIN%20CERTIFICATE-----...ommitted for brevity...-----END%20CERTIFICATE-----%0A",
+    "ssl-client-issuer-dn": "OU=IT,O=Acme Org.,L=Stockholm,ST=Stockholm,C=SE",
+    "ssl-client-subject-dn": "emailAddress=jane@acme.org,OU=IT,O=Acme Org.,L=Sausalito,ST=California,C=US",
+    "ssl-client-verify": "SUCCESS",
+    "user-agent": "curl/8.7.1",
+    "x-forwarded-for": "2001:8b1:8ac9:4100:46b1:3412:1342:9319",
+    "x-forwarded-host": "functions.acme.com",
+    "x-forwarded-port": "443",
+    "x-forwarded-proto": "https",
+    "x-forwarded-scheme": "https",
+    "x-real-ip": "2001:8b1:8ac9:4100:46b1:3412:1342:9319",
+    "x-request-id": "8f80c26ee873bfc9db7ce9073eecd17a",
+    "x-scheme": "https",
+    "content-length": 0
+  },
+  "query": {},
+  "node": "v20.17.0",
+  "arch": "arm64"
+}
+```
+
+With a valid certificate you can see the request went through and it includes the `ssl-client-*` headers providing additional information about it.

examples/cli/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @nhost-examples/cli
 
+## 0.3.12
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
+## 0.3.11
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.9
+
 ## 0.3.10
 
 ### Patch Changes

examples/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/cli",
-  "version": "0.3.10",
+  "version": "0.3.12",
   "main": "src/index.mjs",
   "private": true,
   "scripts": {

examples/codegen-react-apollo/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @nhost-examples/codegen-react-apollo
 
+## 0.4.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-apollo@13.0.0
+
+## 0.4.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
+## 0.4.11
+
+### Patch Changes
+
+- @nhost/react@3.5.6
+- @nhost/react-apollo@12.0.6
+
 ## 0.4.10
 
 ### Patch Changes

examples/codegen-react-apollo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/codegen-react-apollo",
-  "version": "0.4.10",
+  "version": "0.4.13",
   "private": true,
   "scripts": {
     "codegen": "graphql-codegen",
@@ -36,6 +36,6 @@
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
     "typescript": "^4.9.5",
-    "vite": "^5.2.7"
+    "vite": "^5.4.6"
   }
 }

examples/codegen-react-query/CHANGELOG.md

@@ -1,5 +1,24 @@
 # @nhost-examples/codegen-react-query
 
+## 0.4.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+
+## 0.4.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
+## 0.4.11
+
+### Patch Changes
+
+- @nhost/react@3.5.6
+
 ## 0.4.10
 
 ### Patch Changes

examples/codegen-react-query/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/codegen-react-query",
-  "version": "0.4.10",
+  "version": "0.4.13",
   "private": true,
   "scripts": {
     "codegen": "graphql-codegen",
@@ -37,6 +37,6 @@
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
     "typescript": "^4.9.5",
-    "vite": "^5.2.7"
+    "vite": "^5.4.6"
   }
 }

examples/codegen-react-urql/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @nhost-examples/react-urql
 
+## 0.3.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-urql@10.0.0
+
+## 0.3.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
+## 0.3.11
+
+### Patch Changes
+
+- @nhost/react@3.5.6
+- @nhost/react-urql@9.0.6
+
 ## 0.3.10
 
 ### Patch Changes

examples/codegen-react-urql/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/codegen-react-urql",
   "private": true,
-  "version": "0.3.10",
+  "version": "0.3.13",
   "scripts": {
     "dev": "vite",
     "build": "tsc && vite build",
@@ -15,7 +15,7 @@
     "graphql": "16.8.1",
     "react": "18.2.0",
     "react-dom": "18.2.0",
-    "urql": "^3.0.4"
+    "urql": "^3.0.3"
   },
   "devDependencies": {
     "@graphql-codegen/cli": "^5.0.2",
@@ -30,6 +30,6 @@
     "postcss": "^8.4.38",
     "tailwindcss": "^3.4.3",
     "typescript": "^4.9.5",
-    "vite": "^5.2.7"
+    "vite": "^5.4.6"
   }
 }

examples/multi-tenant-one-to-many/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @nhost-examples/multi-tenant-one-to-many
 
+## 2.2.13
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
+## 2.2.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
+## 2.2.11
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.9
+
 ## 2.2.10
 
 ### Patch Changes

examples/multi-tenant-one-to-many/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nhost-examples/multi-tenant-one-to-many",
   "private": true,
-  "version": "2.2.10",
+  "version": "2.2.13",
   "description": "",
   "main": "index.js",
   "scripts": {},
@@ -10,7 +10,7 @@
   "license": "ISC",
   "devDependencies": {
     "@types/express": "^4.17.21",
-    "express": "^4.19.2",
+    "express": "^4.20.0",
     "typescript": "^4.9.5"
   },
   "dependencies": {

examples/nextjs/CHANGELOG.md

@@ -1,5 +1,30 @@
 # @nhost-examples/nextjs
 
+## 0.3.13
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-apollo@13.0.0
+  - @nhost/nextjs@2.1.22
+
+## 0.3.12
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+- Updated dependencies [52a38fe]
+  - @nhost/nextjs@2.1.21
+
+## 0.3.11
+
+### Patch Changes
+
+- @nhost/react@3.5.6
+- @nhost/react-apollo@12.0.6
+- @nhost/nextjs@2.1.20
+
 ## 0.3.10
 
 ### Patch Changes

examples/nextjs/next-env.d.ts

@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/basic-features/typescript for more information.
+// see https://nextjs.org/docs/pages/building-your-application/configuring/typescript for more information.

examples/nextjs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/nextjs",
-  "version": "0.3.10",
+  "version": "0.3.13",
   "private": true,
   "scripts": {
     "dev": "next dev",
@@ -24,7 +24,7 @@
     "@nhost/react": "workspace:^",
     "@nhost/react-apollo": "workspace:^",
     "graphql": "16.8.1",
-    "next": "^14.1.4",
+    "next": "^14.2.10",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "react-icons": "^4.12.0"

examples/node-storage/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @nhost-examples/node-storage
 
+## 0.2.12
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
+## 0.2.11
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.9
+
 ## 0.2.10
 
 ### Patch Changes

examples/node-storage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/node-storage",
-  "version": "0.2.10",
+  "version": "0.2.12",
   "private": true,
   "description": "This is an example of how to use the Storage with Node.js",
   "main": "src/index.mjs",

examples/quickstarts/nextjs-server-components/CHANGELOG.md

@@ -1,5 +1,23 @@
 # @nhost-examples/nextjs-server-components
 
+## 0.4.14
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.10
+
+## 0.4.13
+
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
+## 0.4.12
+
+### Patch Changes
+
+- @nhost/nhost-js@3.1.9
+
 ## 0.4.11
 
 ### Patch Changes

examples/quickstarts/nextjs-server-components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/nextjs-server-components",
-  "version": "0.4.11",
+  "version": "0.4.14",
   "private": true,
   "scripts": {
     "dev": "next dev",
@@ -18,7 +18,7 @@
     "form-data": "^4.0.0",
     "graphql": "16.8.1",
     "js-cookie": "^3.0.5",
-    "next": "^14.1.4",
+    "next": "^14.2.10",
     "postcss": "^8.4.38",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",

examples/quickstarts/sveltekit/.npmrc

@@ -1 +1 @@
-hoist-pattern=[]
+hoist-pattern[]=!@nhost/nhost-js

examples/quickstarts/sveltekit/CHANGELOG.md

@@ -1,5 +1,10 @@
 ---
 
+## 0.4.1
+### Patch Changes
+
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
 ## 0.4.0
 ### Minor Changes
 

examples/quickstarts/sveltekit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost-examples/sveltekit",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "private": true,
   "scripts": {
     "dev": "vite dev",
@@ -14,7 +14,7 @@
   },
   "devDependencies": {
     "@nhost/nhost-js": "^3.1.5",
-    "@playwright/test": "^1.42.1",
+    "@playwright/test": "^1.41.0",
     "@sveltejs/adapter-auto": "^2.1.1",
     "@sveltejs/kit": "^1.30.4",
     "@types/js-cookie": "^3.0.6",
@@ -25,11 +25,11 @@
     "postcss": "^8.4.38",
     "prettier": "^2.8.8",
     "prettier-plugin-svelte": "^2.10.1",
-    "svelte": "^3.59.2",
+    "svelte": "^4.2.19",
     "svelte-check": "^3.6.8",
     "tailwindcss": "^3.4.3",
     "typescript": "^5.4.3",
-    "vite": "^5.2.7",
+    "vite": "^5.4.6",
     "vitest": "^0.25.8"
   },
   "type": "module",

examples/react-apollo/.gitignore

@@ -1,32 +1,27 @@
-# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
-
-# dependencies
-/node_modules
-/.pnp
-.pnp.js
-
-# testing
-/coverage
-
-# production
-/dist
-
-# misc
-.DS_Store
-.env.local
-.env.development.local
-.env.test.local
-.env.production.local
-
+# Logs
+logs
+*.log
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
 
-.nhost
-functions/node_modules
+node_modules
+dist
+dist-ssr
+*.local
 
-/test-results/
-/playwright-report/
-/playwright/.cache/
-storageState.json
-.secrets
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+test-results
+playwright-report

examples/react-apollo/CHANGELOG.md

@@ -1,5 +1,32 @@
 # @nhost-examples/react-apollo
 
+## 1.0.2
+
+### Patch Changes
+
+- Updated dependencies [55d8bb5]
+  - @nhost/react@3.6.0
+  - @nhost/react-apollo@13.0.0
+
+## 1.0.1
+
+### Patch Changes
+
+- 4d6b722: fix: add check for elevated permission before deleting a security key
+- 3dcbacf: fix: add elevated permission check before adding a security key
+- 52a38fe: chore: update dependencies to address security vulnerabilities
+
+## 1.0.0
+
+### Major Changes
+
+- cffdec5: feat: rewrite example using shadcn ui components
+
+### Patch Changes
+
+- @nhost/react@3.5.6
+- @nhost/react-apollo@12.0.6
+
 ## 0.8.11
 
 ### Patch Changes

examples/react-apollo/components.json

@@ -0,0 +1,17 @@
+{
+  "$schema": "https://ui.shadcn.com/schema.json",
+  "style": "default",
+  "rsc": false,
+  "tsx": true,
+  "tailwind": {
+    "config": "tailwind.config.js",
+    "css": "src/styles/globals.css",
+    "baseColor": "slate",
+    "cssVariables": true,
+    "prefix": ""
+  },
+  "aliases": {
+    "components": "@/components",
+    "utils": "@/lib/utils"
+  }
+}

examples/react-apollo/e2e/authenticated/apollo.test.ts

@@ -15,11 +15,13 @@ test('should add an item to the todo list when authenticated with email and pass
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
-  await newPage.getByRole('button', { name: /apollo/i }).click()
-  await expect(newPage.getByText(/todo list/i)).toBeVisible()
+
+  await newPage.getByRole('link', { name: /todos/i }).click()
+  await expect(newPage.getByRole('heading', { name: /todos/i })).toBeVisible()
+
   await newPage.getByRole('textbox').fill(sentence)
   await newPage.getByRole('button', { name: /add/i }).click()
-  await expect(newPage.getByRole('listitem').first()).toHaveText(sentence)
+  await expect(newPage.getByRole('main')).toContainText(sentence)
 })
 
 test('should add an item to the todo list when authenticated anonymously', async ({ page }) => {
@@ -28,11 +30,13 @@ test('should add an item to the todo list when authenticated anonymously', async
   await page.goto('/')
 
   await signInAnonymously({ page })
-  await page.getByRole('button', { name: /apollo/i }).click()
-  await expect(page.getByText(/todo list/i)).toBeVisible()
+
+  await page.getByRole('link', { name: /todos/i }).click()
+  await expect(page.getByRole('heading', { name: /todos/i })).toBeVisible()
+
   await page.getByRole('textbox').fill(sentence)
   await page.getByRole('button', { name: /add/i }).click()
-  await expect(page.getByRole('listitem').first()).toHaveText(sentence)
+  await expect(page.getByRole('main')).toContainText(sentence)
 })
 
 test('should fail when network is not available', async ({ page }) => {
@@ -41,12 +45,12 @@ test('should fail when network is not available', async ({ page }) => {
   await page.goto('/')
 
   await signInAnonymously({ page })
-  await page.getByRole('button', { name: /apollo/i }).click()
-  await expect(page.getByText(/todo list/i)).toBeVisible()
+  await page.getByRole('link', { name: /todos/i }).click()
+  await expect(page.getByRole('heading', { name: /todos/i })).toBeVisible()
 
   await page.route('**', (route) => route.abort('internetdisconnected'))
   await page.getByRole('textbox').fill(sentence)
   await page.getByRole('button', { name: /add/i }).click()
 
-  await expect(page.getByText(/network error/i)).toBeVisible()
+  await expect(page.getByText(/failed to fetch/i)).toBeVisible()
 })

examples/react-apollo/e2e/authenticated/change-email.test.ts

@@ -12,18 +12,28 @@ test('should be able to change email', async ({ page, browser }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
-  await newPage.getByRole('button', { name: /profile/i }).click()
+  await newPage.getByRole('link', { name: /profile/i }).click()
 
   const newEmail = faker.internet.email()
 
   await newPage.getByPlaceholder(/new email/i).fill(newEmail)
-  await newPage.locator('h1:has-text("Change email") + div button:has-text("Change")').click()
 
-  await expect(
-    newPage.getByText(/please check your inbox and follow the link to confirm the email change/i)
-  ).toBeVisible()
+  // await newPage.locator('h1:has-text("Change email") + div button:has-text("Change")').click()
+  await newPage
+    .locator('div')
+    .filter({ hasText: /^Change emailChange$/ })
+    .getByRole('button')
+    .click()
 
-  await newPage.getByRole('button', { name: /sign out/i }).click()
+  // await expect(
+  //   newPage.getByText(/please check your inbox and follow the link to confirm the email change./i)
+  // ).toBeVisible()
+
+  await expect(newPage.getByRole('status')).toContainText(
+    'Please check your inbox and follow the link to confirm the email change.'
+  )
+
+  await newPage.getByRole('link', { name: /sign out/i }).click()
 
   const mailhogPage = await browser.newPage()
 
@@ -35,7 +45,8 @@ test('should be able to change email', async ({ page, browser }) => {
     requestType: 'email-confirm-change'
   })
 
-  await expect(updatedEmailPage.getByText(/profile page/i)).toBeVisible()
+  // await expect(updatedEmailPage.getByText(/profile page/i)).toBeVisible()
+  await expect(updatedEmailPage.getByRole('heading', { name: /profile/i })).toBeVisible()
 })
 
 test('should not accept an invalid email', async ({ page }) => {
@@ -48,12 +59,18 @@ test('should not accept an invalid email', async ({ page }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
-  await newPage.getByRole('button', { name: /profile/i }).click()
+  await newPage.getByRole('link', { name: /profile/i }).click()
 
   const newEmail = faker.random.alphaNumeric()
 
   await newPage.getByPlaceholder(/new email/i).fill(newEmail)
-  await newPage.locator('h1:has-text("Change email") + div button:has-text("Change")').click()
+  // await newPage.locator('h1:has-text("Change email") + div button:has-text("Change")').click()
+
+  await newPage
+    .locator('div')
+    .filter({ hasText: /^Change emailChange$/ })
+    .getByRole('button')
+    .click()
 
   await expect(newPage.getByText(/email is incorrectly formatted/i)).toBeVisible()
 })

examples/react-apollo/e2e/authenticated/change-password.test.ts

@@ -12,15 +12,22 @@ test('should be able to change password', async ({ page }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
-  await newPage.getByRole('button', { name: /profile/i }).click()
+  await newPage.getByRole('link', { name: /profile/i }).click()
 
   const newPassword = faker.internet.password()
 
   await newPage.getByPlaceholder(/new password/i).fill(newPassword)
-  await newPage.locator('h1:has-text("Change password") + div button:has-text("Change")').click()
-  await expect(newPage.getByText(/password changed successfully/i)).toBeVisible()
 
-  await newPage.getByRole('button', { name: /sign out/i }).click()
+  // await newPage.locator('h1:has-text("Change password") + div button:has-text("Change")').click()
+  await newPage
+    .locator('div')
+    .filter({ hasText: /^Change passwordChange$/ })
+    .getByRole('button')
+    .click()
+
+  await expect(newPage.getByText(/password changed successfully./i)).toBeVisible()
+
+  await newPage.getByRole('link', { name: 'Sign out' }).click()
 
   await signInWithEmailAndPassword({ page: newPage, email, password: newPassword })
   await expect(newPage.getByText(/you are authenticated/i)).toBeVisible()
@@ -36,12 +43,18 @@ test('should not accept an invalid email', async ({ page }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
-  await newPage.getByRole('button', { name: /profile/i }).click()
+  await newPage.getByRole('link', { name: /profile/i }).click()
 
   const newPassword = faker.internet.password(2)
 
   await newPage.getByPlaceholder(/new password/i).fill(newPassword)
-  await newPage.locator('h1:has-text("Change password") + div button:has-text("Change")').click()
+  // await newPage.locator('h1:has-text("Change password") + div button:has-text("Change")').click()
+
+  await newPage
+    .locator('div')
+    .filter({ hasText: /^Change passwordChange$/ })
+    .getByRole('button')
+    .click()
 
   await expect(newPage.getByText(/password is incorrectly formatted/i)).toBeVisible()
 })

examples/react-apollo/e2e/authenticated/file-upload.test.ts

@@ -12,10 +12,12 @@ test('should upload a single file', async ({ page }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
-  await newPage.getByRole('button', { name: /storage/i }).click()
+  await newPage.getByRole('link', { name: /storage/i }).click()
 
   await newPage
-    .getByRole('button', { name: /drag a file here or click to select/i })
+    .locator('div')
+    .filter({ hasText: /^Drag a file here or click to select$/ })
+    .nth(1)
     .locator('input[type=file]')
     .setInputFiles({
       buffer: Buffer.from('file contents', 'utf-8'),
@@ -23,7 +25,7 @@ test('should upload a single file', async ({ page }) => {
       mimeType: 'text/plain'
     })
 
-  await expect(newPage.getByText(/successfully uploaded/i)).toBeVisible()
+  await expect(newPage.getByText(/Uploaded successfully/i)).toBeVisible()
 })
 
 test('should upload two files using the same single file uploader', async ({ page }) => {
@@ -36,10 +38,12 @@ test('should upload two files using the same single file uploader', async ({ pag
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
-  await newPage.getByRole('button', { name: /storage/i }).click()
+  await newPage.getByRole('link', { name: /storage/i }).click()
 
   await newPage
-    .getByRole('button', { name: /drag a file here or click to select/i })
+    .locator('div')
+    .filter({ hasText: /^Drag a file here or click to select$/ })
+    .nth(1)
     .locator('input[type=file]')
     .setInputFiles({
       buffer: Buffer.from('file contents 1', 'utf-8'),
@@ -47,10 +51,12 @@ test('should upload two files using the same single file uploader', async ({ pag
       mimeType: 'text/plain'
     })
 
-  await expect(newPage.getByText(/successfully uploaded/i)).toBeVisible()
+  await expect(newPage.getByText(/Uploaded successfully/i)).toBeVisible()
 
   await newPage
-    .getByRole('button', { name: /successfully uploaded/i })
+    .locator('div')
+    .filter({ hasText: /^Uploaded successfully$/ })
+    .nth(1)
     .locator('input[type=file]')
     .setInputFiles({
       buffer: Buffer.from('file contents 2', 'utf-8'),
@@ -58,7 +64,7 @@ test('should upload two files using the same single file uploader', async ({ pag
       mimeType: 'text/plain'
     })
 
-  await expect(newPage.getByText(/successfully uploaded/i)).toBeVisible()
+  await expect(newPage.getByText(/Uploaded successfully/i)).toBeVisible()
 })
 
 test('should upload multiple files at once', async ({ page }) => {
@@ -71,10 +77,12 @@ test('should upload multiple files at once', async ({ page }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
-  await newPage.getByRole('button', { name: /storage/i }).click()
+  await newPage.getByRole('link', { name: /storage/i }).click()
 
   await newPage
-    .getByRole('button', { name: /drag files here or click to select/i })
+    .locator('div')
+    .filter({ hasText: /^Drag a file here or click to select$/ })
+    .nth(3)
     .locator('input[type=file]')
     .setInputFiles([
       {
@@ -89,9 +97,9 @@ test('should upload multiple files at once', async ({ page }) => {
       }
     ])
 
-  await expect(newPage.getByRole('row').nth(0)).toHaveText('file1.txt')
-  await expect(newPage.getByRole('row').nth(1)).toHaveText('file2.txt')
+  await expect(newPage.getByText('file1.txt')).toBeVisible()
+  await expect(newPage.getByText('file2.txt')).toBeVisible()
   await newPage.getByRole('button', { name: /upload/i }).click()
 
-  await expect(newPage.getByText(/successfully uploaded/i)).toBeVisible()
+  await expect(newPage.getByText(/Uploaded successfully/i)).toBeVisible()
 })

examples/react-apollo/e2e/sign-in/auto-sign-in.test.ts

@@ -31,11 +31,11 @@ test('should sign in automatically with a refresh token', async ({ page }) => {
   await clearStorage({ page: newPage })
   await newPage.reload()
 
-  await expect(newPage.getByText(/sign in to the application/i)).toBeVisible()
+  await expect(newPage.getByText(/sign in/i).nth(1)).toBeVisible()
 
   // User should be signed in automatically
-  await newPage.goto(`${baseURL}/profile#refreshToken=${refreshToken}`)
-  await expect(newPage.getByText(/profile page/i)).toBeVisible()
+  await newPage.goto(`${baseURL}/profile?refreshToken=${refreshToken}`)
+  await expect(newPage.getByRole('heading', { name: 'Profile' })).toBeVisible()
 })
 
 test('should fail automatic sign-in when network is not available', async ({ page }) => {
@@ -61,11 +61,11 @@ test('should fail automatic sign-in when network is not available', async ({ pag
   await clearStorage({ page: newPage })
   await newPage.reload()
 
-  await expect(newPage.getByText(/sign in to the application/i)).toBeVisible()
+  await expect(newPage.getByText(/sign in/i).nth(1)).toBeVisible()
   await newPage.route(`${authBackendURL}/**`, (route) => route.abort('internetdisconnected'))
 
   // User should be signed in automatically
-  await newPage.goto(`${baseURL}/profile#refreshToken=${refreshToken}`)
+  await newPage.goto(`${baseURL}/profile?refreshToken=${refreshToken}`)
   await expect(
     newPage.getByText(/could not sign in automatically. retrying to get user information/i)
   ).toBeVisible()

examples/react-apollo/e2e/sign-in/email-password.test.ts

@@ -26,13 +26,13 @@ test.beforeAll(async ({ browser }) => {
 
   const newPage = await verifyEmail({ page, email, context: page.context() })
   await expect(newPage.getByText(/you are authenticated/i)).toBeVisible()
-  await newPage.getByRole('button', { name: /sign out/i }).click()
+  await newPage.getByRole('link', { name: /sign out/i }).click()
 
   page = newPage
 })
 
 test.afterEach(async () => {
-  await page.getByRole('button', { name: /sign out/i }).click()
+  await page.getByRole('link', { name: /sign out/i }).click()
 })
 
 test.afterAll(() => {
@@ -53,7 +53,7 @@ test('should activate and sign in with MFA', async () => {
 
   await signInWithEmailAndPassword({ page, email, password })
   await page.waitForURL(baseURL)
-  await page.getByRole('button', { name: /profile/i }).click()
+  await page.getByRole('link', { name: /profile/i }).click()
   await page.getByRole('button', { name: /generate/i }).click()
 
   const image = page.getByAltText(/qrcode/i)
@@ -70,9 +70,8 @@ test('should activate and sign in with MFA', async () => {
   await page.getByPlaceholder(/enter activation code/i).fill(code)
   await page.getByRole('button', { name: /activate/i }).click()
   await expect(page.getByText(/mfa has been activated/i)).toBeVisible()
-  await page.getByRole('button', { name: /sign out/i }).click()
+  await page.getByRole('link', { name: /sign out/i }).click()
 
-  await page.getByRole('button', { name: /continue with email \+ password/i }).click()
   await signInWithEmailAndPassword({ page, email, password })
   await expect(page.getByText(/send 2-step verification code/i)).toBeVisible()
 

examples/react-apollo/e2e/sign-up/anonymous.test.ts

@@ -16,7 +16,7 @@ test('should deanonymize with email and password', async ({ page, context }) =>
   await page.goto('/')
 
   await signInAnonymously({ page })
-  await page.getByRole('button', { name: /profile/i }).click()
+  await page.getByRole('link', { name: /profile/i }).click()
 
   const userData = await getUserData(page)
 
@@ -24,7 +24,7 @@ test('should deanonymize with email and password', async ({ page, context }) =>
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const authenticatedPage = await verifyEmail({ page, context, email })
-  await authenticatedPage.getByRole('button', { name: /profile/i }).click()
+  await authenticatedPage.getByRole('link', { name: /profile/i }).click()
 
   const updatedUserData = await getUserData(authenticatedPage)
   expect(updatedUserData.id).toBe(userData.id)
@@ -37,7 +37,7 @@ test('should deanonymize with a magic link', async ({ page, context }) => {
   await page.goto('/')
 
   await signInAnonymously({ page })
-  await page.getByRole('button', { name: /profile/i }).click()
+  await page.getByRole('link', { name: /profile/i }).click()
 
   const userData = await getUserData(page)
 
@@ -45,7 +45,7 @@ test('should deanonymize with a magic link', async ({ page, context }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const authenticatedPage = await verifyMagicLink({ page, context, email })
-  await authenticatedPage.getByRole('button', { name: /profile/i }).click()
+  await authenticatedPage.getByRole('link', { name: /profile/i }).click()
 
   const updatedUserData = await getUserData(authenticatedPage)
   expect(updatedUserData.id).toBe(userData.id)

examples/react-apollo/e2e/sign-up/email-password.test.ts

@@ -16,7 +16,7 @@ test('should sign up with email and password', async ({ page, context }) => {
 })
 
 test('should raise an error when trying to sign up with an existing email', async ({ page }) => {
-  page.goto('/')
+  await page.goto('/')
 
   const email = faker.internet.email()
   const password = faker.internet.password()
@@ -27,6 +27,8 @@ test('should raise an error when trying to sign up with an existing email', asyn
   // close modal
   await page.getByRole('dialog').getByRole('button').click()
 
+  await page.goto('/')
+
   await signUpWithEmailAndPassword({ page, email, password })
   await expect(page.getByText(/email already in use/i)).toBeVisible()
 })

examples/react-apollo/e2e/sign-up/email-passwordless.test.ts

@@ -11,8 +11,12 @@ test('should sign up with a magic link', async ({ page, context }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   const authenticatedPage = await verifyMagicLink({ page, context, email })
-  await authenticatedPage.getByRole('button', { name: /home/i }).click()
-  await expect(authenticatedPage.getByText(/you are authenticated/i)).toBeVisible()
+  await authenticatedPage.getByRole('link', { name: /home/i }).click()
+  await expect(
+    authenticatedPage.getByText(
+      /You are authenticated. You have now access to the authorised part of the application./i
+    )
+  ).toBeVisible()
 })
 
 test('should fail when network is not available', async ({ page }) => {

examples/react-apollo/e2e/unauthenticated/authentication-guards.test.ts

@@ -5,10 +5,10 @@ test('should redirect to /sign-in when not authenticated', async ({ page }) => {
   await page.goto(`${baseURL}`)
   await page.waitForURL(`${baseURL}/sign-in`)
 
-  await expect(page.getByText(/sign in to the application/i)).toBeVisible()
+  await expect(page.getByRole('heading', { name: 'Sign In' })).toBeVisible()
 
-  await page.goto(`${baseURL}/apollo`)
+  await page.goto(`${baseURL}/todos`)
   await page.waitForURL(`${baseURL}/sign-in`)
 
-  await expect(page.getByText(/sign in to the application/i)).toBeVisible()
+  await expect(page.getByRole('heading', { name: 'Sign In' })).toBeVisible()
 })

examples/react-apollo/e2e/unauthenticated/forgot-password.test.ts

@@ -13,16 +13,16 @@ test('should reset password', async ({ page, context }) => {
   await expect(page.getByText(/verification email sent/i)).toBeVisible()
 
   await page.goto(`${baseURL}/sign-in`)
-  await page.getByRole('button', { name: /continue with email \+ password/i }).click()
-  await page.getByRole('button', { name: /forgot password?/i }).click()
+  await page.getByRole('link', { name: /continue with email \+ password/i }).click()
+  await page.getByRole('link', { name: /forgot password?/i }).click()
 
-  await page.getByPlaceholder('Email Address').type(email)
+  await page.getByPlaceholder('email').type(email)
   await page.getByRole('button', { name: /reset your password/i }).click()
 
   const authenticatedPage = await resetPassword({ page, context, email })
 
   await authenticatedPage.waitForLoadState()
-  await authenticatedPage.getByRole('button', { name: /profile/i }).click()
+  await authenticatedPage.getByRole('link', { name: /profile/i }).click()
 
-  await expect(authenticatedPage.getByText(/profile page/i)).toBeVisible()
+  await expect(authenticatedPage.getByRole('heading', { name: 'Profile' })).toBeVisible()
 })