chore: update versions (#2724)

This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @nhost/apollo@7.1.2

### Patch Changes

-   @nhost/nhost-js@3.1.5

## @nhost/react-apollo@12.0.2

### Patch Changes

-   @nhost/apollo@7.1.2
-   @nhost/react@3.5.2

## @nhost/react-urql@9.0.2

### Patch Changes

-   @nhost/react@3.5.2

## @nhost/hasura-auth-js@2.5.2

### Patch Changes

- a03fb2c: fix: deep clone machine context to prevent mutations in
nested objects during initial session setup

## @nhost/nextjs@2.1.16

### Patch Changes

-   @nhost/react@3.5.2

## @nhost/nhost-js@3.1.5

### Patch Changes

-   Updated dependencies [a03fb2c]
    -   @nhost/hasura-auth-js@2.5.2

## @nhost/react@3.5.2

### Patch Changes

-   @nhost/nhost-js@3.1.5

## @nhost/vue@2.6.2

### Patch Changes

-   @nhost/nhost-js@3.1.5

## @nhost/docs@2.13.0

### Minor Changes

-   6fb0cc2: fix: minor improvements to compute resources' docs
-   66bd450: chore: various improvements

## @nhost/dashboard@1.16.3

### Patch Changes

- 87a37cf: fix: remove unnecessary isPlatform check from verify button
disable logic on custom domains
    -   @nhost/react-apollo@12.0.2
    -   @nhost/nextjs@2.1.16

## @nhost-examples/cli@0.3.7

### Patch Changes

-   @nhost/nhost-js@3.1.5

## @nhost-examples/codegen-react-apollo@0.4.7

### Patch Changes

-   @nhost/react@3.5.2
-   @nhost/react-apollo@12.0.2

## @nhost-examples/codegen-react-query@0.4.7

### Patch Changes

-   @nhost/react@3.5.2

## @nhost-examples/codegen-react-urql@0.3.7

### Patch Changes

-   @nhost/react@3.5.2
-   @nhost/react-urql@9.0.2

## @nhost-examples/multi-tenant-one-to-many@2.2.7

### Patch Changes

-   @nhost/nhost-js@3.1.5

## @nhost-examples/nextjs@0.3.7

### Patch Changes

-   @nhost/react@3.5.2
-   @nhost/react-apollo@12.0.2
-   @nhost/nextjs@2.1.16

## @nhost-examples/node-storage@0.2.7

### Patch Changes

-   @nhost/nhost-js@3.1.5

## @nhost-examples/nextjs-server-components@0.4.7

### Patch Changes

-   @nhost/nhost-js@3.1.5

## @nhost-examples/react-apollo@0.8.7

### Patch Changes

-   @nhost/react@3.5.2
-   @nhost/react-apollo@12.0.2

## @nhost-examples/react-gqty@1.2.7

### Patch Changes

-   @nhost/react@3.5.2

## @nhost-examples/vue-apollo@0.6.7

### Patch Changes

-   @nhost/nhost-js@3.1.5
-   @nhost/apollo@7.1.2
-   @nhost/vue@2.6.2

## @nhost-examples/vue-quickstart@0.2.7

### Patch Changes

-   @nhost/apollo@7.1.2
-   @nhost/vue@2.6.2

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

dashboard/CHANGELOG.md

@@ -1,5 +1,60 @@
 # @nhost/dashboard
 
+## 1.16.3
+
+### Patch Changes
+
+- 87a37cf: fix: remove unnecessary isPlatform check from verify button disable logic on custom domains
+  - @nhost/react-apollo@12.0.2
+  - @nhost/nextjs@2.1.16
+
+## 1.16.2
+
+### Patch Changes
+
+- a9413af: fix: update `GetAllWorkspacesAndProjects` query polling to use exponential backoff
+  - @nhost/react-apollo@12.0.1
+  - @nhost/nextjs@2.1.15
+
+## 1.16.1
+
+### Patch Changes
+
+- @nhost/react-apollo@12.0.0
+- @nhost/nextjs@2.1.14
+
+## 1.16.0
+
+### Minor Changes
+
+- c6d5c5c: feat: add toggle switch to enable/disable public access in the database settings
+
+## 1.15.2
+
+### Patch Changes
+
+- @nhost/react-apollo@11.0.4
+- @nhost/nextjs@2.1.13
+
+## 1.15.1
+
+### Patch Changes
+
+- @nhost/react-apollo@11.0.3
+- @nhost/nextjs@2.1.12
+
+## 1.15.0
+
+### Minor Changes
+
+- a7bde37: feat: send metadata in the edit form
+
+### Patch Changes
+
+- 1bc615b: feat: improve error message handling in `ErrorToast` component
+  - @nhost/react-apollo@11.0.2
+  - @nhost/nextjs@2.1.11
+
 ## 1.14.0
 
 ### Minor Changes

dashboard/e2e/e2e-tests-project/.gitignore

@@ -0,0 +1,2 @@
+.secrets
+.nhost

dashboard/e2e/e2e-tests-project/nhost/config.yaml

@@ -0,0 +1 @@
+version: 3

dashboard/e2e/e2e-tests-project/nhost/emails/bg/email-confirm-change/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Потвърдете смяната на вашия имейл</h2>
+  <p>Използвайте посочения линк, за да повърдите смяната на имейл:</p>
+  <p>
+    <a href="${link}">
+      Смени имейл
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/bg/email-confirm-change/subject.txt

@@ -0,0 +1 @@
+Потвърждение за смяна на имейл

dashboard/e2e/e2e-tests-project/nhost/emails/bg/email-verify/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Потвърдете вашия имейл</h2>
+  <p>Използвайте посочения линк, за да потвърдите вашия имейл:</p>
+  <p>
+    <a href="${link}">
+      Потвърдете имейл
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/bg/email-verify/subject.txt

@@ -0,0 +1 @@
+Потвърждаване на имейл

dashboard/e2e/e2e-tests-project/nhost/emails/bg/password-reset/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Смяна на парола</h2>
+  <p>Използвайте посочения линк, за да смените вашата парола:</p>
+  <p>
+    <a href="${link}">
+      Смяна на парола
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/bg/password-reset/subject.txt

@@ -0,0 +1 @@
+Смяна на парола

dashboard/e2e/e2e-tests-project/nhost/emails/bg/signin-passwordless-sms/body.txt

@@ -0,0 +1 @@
+Вашият код е ${code}.

dashboard/e2e/e2e-tests-project/nhost/emails/bg/signin-passwordless/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Магически линк за вход</h2>
+  <p>Използвайте посочения линк за защитен и бърз вход:</p>
+  <p>
+    <a href="${link}">
+      Вход
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/bg/signin-passwordless/subject.txt

@@ -0,0 +1 @@
+Магически линк за вход

dashboard/e2e/e2e-tests-project/nhost/emails/cs/email-confirm-change/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Potvrzení změny emailové adresy</h2>
+  <p>Použijte tento odkaz k potvrzení změny emailové adresy:</p>
+  <p>
+    <a href="${link}">
+      Změnit email
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/cs/email-confirm-change/subject.txt

@@ -0,0 +1 @@
+Změna vaší emailové adresy

dashboard/e2e/e2e-tests-project/nhost/emails/cs/email-verify/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Ověření emailové adresy</h2>
+  <p>Použijte tento odkaz k ověření vaší emailové adresy:</p>
+  <p>
+    <a href="${link}">
+      Ověřit emailovou adresu
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/cs/email-verify/subject.txt

@@ -0,0 +1 @@
+Ověření vaší emailové adresy

dashboard/e2e/e2e-tests-project/nhost/emails/cs/password-reset/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Obnova hesla</h2>
+  <p>Použijte tento odkaz k obnovení vašeho hesla:</p>
+  <p>
+    <a href="${link}">
+      Obnova hesla
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/cs/password-reset/subject.txt

@@ -0,0 +1 @@
+Obnova hesla

dashboard/e2e/e2e-tests-project/nhost/emails/cs/signin-passwordless-sms/body.txt

@@ -0,0 +1 @@
+Váš kód je ${code}.

dashboard/e2e/e2e-tests-project/nhost/emails/cs/signin-passwordless/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Magický odkaz</h2>
+  <p>Použijte tento odkaz k bezpečnému přihlášení:</p>
+  <p>
+    <a href="${link}">
+      Přihlášení
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/cs/signin-passwordless/subject.txt

@@ -0,0 +1 @@
+Bezpečný odkaz k přihlášení

dashboard/e2e/e2e-tests-project/nhost/emails/en/email-confirm-change/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Confirm Email Change</h2>
+  <p>Use this link to confirm changing email:</p>
+  <p>
+    <a href="${link}">
+      Change email
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/en/email-confirm-change/subject.txt

@@ -0,0 +1 @@
+Change your email address

dashboard/e2e/e2e-tests-project/nhost/emails/en/email-verify/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Verify Email</h2>
+  <p>Use this link to verify your email:</p>
+  <p>
+    <a href="${link}">
+      Verify Email
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/en/email-verify/subject.txt

@@ -0,0 +1 @@
+Verify your email

dashboard/e2e/e2e-tests-project/nhost/emails/en/password-reset/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Reset Password</h2>
+  <p>Use this link to reset your password:</p>
+  <p>
+    <a href="${link}">
+      Reset password
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/en/password-reset/subject.txt

@@ -0,0 +1 @@
+Reset your password

dashboard/e2e/e2e-tests-project/nhost/emails/en/signin-passwordless-sms/body.txt

@@ -0,0 +1 @@
+Your code is ${code}.

dashboard/e2e/e2e-tests-project/nhost/emails/en/signin-passwordless/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Magic Link</h2>
+  <p>Use this link to securely sign in:</p>
+  <p>
+    <a href="${link}">
+      Sign In
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/en/signin-passwordless/subject.txt

@@ -0,0 +1 @@
+Secure sign-in link

dashboard/e2e/e2e-tests-project/nhost/emails/es/email-confirm-change/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Confirmar cambio de correo electrónico</h2>
+  <p>Utiliza el siguiente enlace para confirmar el cambio de correo:</p>
+  <p>
+    <a href="${link}">
+      Cambiar correo electrónico
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/es/email-confirm-change/subject.txt

@@ -0,0 +1 @@
+Cambiar dirección de correo electrónico

dashboard/e2e/e2e-tests-project/nhost/emails/es/email-verify/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Verificar correo electrónico</h2>
+  <p>Utilza el siguiente enlace para verificar tu correo:</p>
+  <p>
+    <a href="${link}">
+      Verificar correo electrónico
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/es/email-verify/subject.txt

@@ -0,0 +1 @@
+Verifica tu correo electrónico

dashboard/e2e/e2e-tests-project/nhost/emails/es/password-reset/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Recuperar contraseña</h2>
+  <p>Utiliza el siguiente enlace para recuperar tu contraseña:</p>
+  <p>
+    <a href="${link}">
+      Recuperar contraseña
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/es/password-reset/subject.txt

@@ -0,0 +1 @@
+Recuperar contraseña

dashboard/e2e/e2e-tests-project/nhost/emails/es/signin-passwordless-sms/body.txt

@@ -0,0 +1 @@
+Tu código es ${code}.

dashboard/e2e/e2e-tests-project/nhost/emails/es/signin-passwordless/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Enlace mágico</h2>
+  <p>Utiliza este enlace para iniciar sesión de forma segura:</p>
+  <p>
+    <a href="${link}">
+      Iniciar sesión
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/es/signin-passwordless/subject.txt

@@ -0,0 +1 @@
+Enlace de acceso seguro

dashboard/e2e/e2e-tests-project/nhost/emails/fr/email-confirm-change/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Confirmer changement de courriel</h2>
+  <p>Utilisez ce lien pour confirmer le changement de courriel :</p>
+  <p>
+    <a href="${link}">
+      Changer courriel
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/fr/email-confirm-change/subject.txt

@@ -0,0 +1 @@
+Changez votre adresse courriel

dashboard/e2e/e2e-tests-project/nhost/emails/fr/email-verify/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>V&eacute;rifiez votre courriel</h2>
+  <p>Utilisez ce lien pour v&eacute;rifier votre courriel :</p>
+  <p>
+    <a href="${link}">
+      V&eacute;rifier courriel
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/fr/email-verify/subject.txt

@@ -0,0 +1 @@
+Vérifier votre courriel

dashboard/e2e/e2e-tests-project/nhost/emails/fr/password-reset/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>R&eacute;initialiser votre mot de passe</h2>
+  <p>Utilisez ce lien pour r&eacute;initialiser votre mot de passe :</p>
+  <p>
+    <a href="${link}">
+      R&eacute;initialiser mot de passe
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/fr/password-reset/subject.txt

@@ -0,0 +1 @@
+Réinitialiser votre mot de passe

dashboard/e2e/e2e-tests-project/nhost/emails/fr/signin-passwordless-sms/body.txt

@@ -0,0 +1 @@
+Votre code est ${code}.

dashboard/e2e/e2e-tests-project/nhost/emails/fr/signin-passwordless/body.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8" />
+</head>
+
+<body>
+  <h2>Lien magique</h2>
+  <p>Utilisez ce lien pour vous connecter de fa&ccedil;on s&eacute;curisée :</p>
+  <p>
+    <a href="${link}">
+      Connexion
+    </a>
+  </p>
+</body>
+
+</html>

dashboard/e2e/e2e-tests-project/nhost/emails/fr/signin-passwordless/subject.txt

@@ -0,0 +1 @@
+Lien de connexion sécurisé

dashboard/e2e/e2e-tests-project/nhost/emails/test/email-verify/body.html

@@ -0,0 +1,8 @@
+${link},
+${displayName},
+${email},
+${ticket},
+${redirectTo},
+${serverUrl},
+${clientUrl},
+${locale},

dashboard/e2e/e2e-tests-project/nhost/emails/test/email-verify/subject.txt

@@ -0,0 +1 @@
+${link}, ${displayName}, ${email}, ${ticket}, ${redirectTo}, ${serverUrl}, ${clientUrl}, ${locale}

dashboard/e2e/e2e-tests-project/nhost/nhost.toml

@@ -0,0 +1,151 @@
+[global]
+
+[hasura]
+version = 'v2.33.4-ce'
+adminSecret = '{{ secrets.HASURA_GRAPHQL_ADMIN_SECRET }}'
+webhookSecret = '{{ secrets.NHOST_WEBHOOK_SECRET }}'
+
+[[hasura.jwtSecrets]]
+type = 'HS256'
+key = '{{ secrets.HASURA_GRAPHQL_JWT_SECRET }}'
+
+[hasura.settings]
+corsDomain = ['*']
+devMode = true
+enableAllowList = false
+enableConsole = true
+enableRemoteSchemaPermissions = false
+enabledAPIs = ['metadata', 'graphql', 'pgdump', 'config']
+liveQueriesMultiplexedRefetchInterval = 1000
+stringifyNumericTypes = false
+
+[hasura.logs]
+level = 'warn'
+
+[hasura.events]
+httpPoolSize = 100
+
+[functions]
+[functions.node]
+version = 18
+
+[auth]
+version = '0.24.1'
+
+[auth.elevatedPrivileges]
+mode = 'disabled'
+
+[auth.redirections]
+clientUrl = 'http://localhost:3000'
+
+[auth.signUp]
+enabled = true
+disableNewUsers = false
+
+[auth.user]
+[auth.user.roles]
+default = 'user'
+allowed = ['user', 'me']
+
+[auth.user.locale]
+default = 'en'
+allowed = ['en']
+
+[auth.user.gravatar]
+enabled = true
+default = 'blank'
+rating = 'g'
+
+[auth.user.email]
+
+[auth.user.emailDomains]
+
+[auth.session]
+[auth.session.accessToken]
+expiresIn = 900
+
+[auth.session.refreshToken]
+expiresIn = 2592000
+
+[auth.method]
+[auth.method.anonymous]
+enabled = false
+
+[auth.method.emailPasswordless]
+enabled = false
+
+[auth.method.emailPassword]
+hibpEnabled = false
+emailVerificationRequired = true
+passwordMinLength = 9
+
+[auth.method.smsPasswordless]
+enabled = false
+
+[auth.method.oauth]
+[auth.method.oauth.apple]
+enabled = false
+
+[auth.method.oauth.azuread]
+tenant = 'common'
+enabled = false
+
+[auth.method.oauth.bitbucket]
+enabled = false
+
+[auth.method.oauth.discord]
+enabled = false
+
+[auth.method.oauth.facebook]
+enabled = false
+
+[auth.method.oauth.github]
+enabled = false
+
+[auth.method.oauth.gitlab]
+enabled = false
+
+[auth.method.oauth.google]
+enabled = false
+
+[auth.method.oauth.linkedin]
+enabled = false
+
+[auth.method.oauth.spotify]
+enabled = false
+
+[auth.method.oauth.strava]
+enabled = false
+
+[auth.method.oauth.twitch]
+enabled = false
+
+[auth.method.oauth.twitter]
+enabled = false
+
+[auth.method.oauth.windowslive]
+enabled = false
+
+[auth.method.oauth.workos]
+enabled = false
+
+[auth.method.webauthn]
+enabled = false
+
+[auth.method.webauthn.attestation]
+timeout = 60000
+
+[auth.totp]
+enabled = false
+
+[postgres]
+version = '14.6-20240129-1'
+
+[provider]
+
+[storage]
+version = '0.6.0'
+
+[observability]
+[observability.grafana]
+adminPassword = '{{ secrets.GRAFANA_ADMIN_PASSWORD }}'

dashboard/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/dashboard",
-  "version": "1.14.0",
+  "version": "1.16.3",
   "private": true,
   "scripts": {
     "preinstall": "npx only-allow pnpm",

dashboard/src/components/ui/v2/ErrorToast/ErrorToast.tsx

@@ -29,10 +29,10 @@ const getInternalErrorMessage = (
 
   if (error.name === 'ApolloError') {
     // @ts-ignore
-    const internalError = error.graphQLErrors?.[0]?.extensions?.internal as {
-      error: { message: string };
-    };
-    return internalError?.error?.message || null;
+    const graphqlError = error.graphQLErrors?.[0];
+    const graphqlExtensionsError = graphqlError?.extensions?.internal
+      ?.error as { message: string };
+    return graphqlError.message || graphqlExtensionsError?.message || null;
   }
 
   if (error instanceof Error) {

dashboard/src/features/authentication/users/components/EditUserForm/EditUserForm.tsx

@@ -31,9 +31,10 @@ import { yupResolver } from '@hookform/resolvers/yup';
 import { useTheme } from '@mui/material';
 import { format } from 'date-fns';
 import kebabCase from 'just-kebab-case';
+import debounce from 'lodash.debounce';
 import Image from 'next/image';
 import type { RemoteAppUser } from 'pages/[workspaceSlug]/[appSlug]/users';
-import { useEffect, useState } from 'react';
+import { useCallback, useEffect, useMemo, useState } from 'react';
 import { FormProvider, useForm } from 'react-hook-form';
 import * as Yup from 'yup';
 
@@ -76,6 +77,21 @@ export const EditUserFormValidationSchema = Yup.object({
   locale: Yup.string(),
   defaultRole: Yup.string(),
   roles: Yup.array().of(Yup.boolean()),
+  metadata: Yup.string().test(
+    'is-valid-json',
+    'Metadata must be valid JSON or empty',
+    (value) => {
+      if (value === '') {
+        return true;
+      } // Allow empty string as valid input
+      try {
+        JSON.parse(value);
+        return true;
+      } catch (error) {
+        return false;
+      }
+    },
+  ),
 });
 
 export type EditUserFormValues = Yup.InferType<
@@ -116,14 +132,55 @@ export default function EditUserForm({
       locale: user.locale,
       defaultRole: user.defaultRole,
       roles: roles.map((role) => Object.values(role)[0]),
+      metadata: user?.metadata ? JSON.stringify(user.metadata, null, 2) : '',
     },
   });
 
   const {
     register,
+    setError,
+    clearErrors,
     formState: { errors, dirtyFields, isSubmitting, isValidating },
   } = form;
 
+  const handleMetadataError = useMemo(() => {
+    const debouncedSetError = debounce((value) => {
+      try {
+        JSON.parse(value);
+        // Only set an error if JSON parsing fails
+      } catch (error) {
+        setError('metadata', {
+          type: 'manual',
+          message: 'Invalid JSON format',
+        });
+      }
+    }, 500);
+
+    return {
+      call: debouncedSetError,
+      cancel: debouncedSetError.cancel, // lodash debounce provides a cancel method to stop the delayed function
+    };
+  }, [setError]);
+
+  const handleMetadataChange = useCallback(
+    (event: React.ChangeEvent<HTMLInputElement>) => {
+      const { value } = event.target;
+      if (value === '') {
+        clearErrors('metadata'); // Clear errors when the input is explicitly cleared
+        handleMetadataError.cancel(); // Cancel any debounced error checks
+      } else {
+        try {
+          JSON.parse(value);
+          clearErrors('metadata'); // Clear errors when valid JSON is entered
+          handleMetadataError.cancel(); // Cancel pending debounced error checks
+        } catch (error) {
+          handleMetadataError.call(value); // Call the debounced error setter
+        }
+      }
+    },
+    [clearErrors, handleMetadataError],
+  );
+
   const isDirty = Object.keys(dirtyFields).length > 0;
 
   useEffect(() => {
@@ -467,6 +524,28 @@ export default function EditUserForm({
               </div>
             </Box>
           )}
+          <Box component="section" className="grid grid-flow-row gap-8 p-6">
+            <Input
+              {...register('metadata', { onChange: handleMetadataChange })}
+              id="metadata"
+              label="Metadata"
+              variant="inline"
+              hideEmptyHelperText
+              error={!!errors.metadata}
+              fullWidth
+              multiline
+              inputProps={{
+                className: 'resize-y min-h-[130px]',
+              }}
+              helperText={
+                errors.metadata
+                  ? errors.metadata.message
+                  : 'Enter valid JSON. This can be a number, boolean, array, or object.'
+              }
+              maxRows={100}
+              autoComplete="off"
+            />
+          </Box>
         </Box>
 
         <Box className="grid w-full flex-shrink-0 snap-end grid-flow-col justify-between gap-3 place-self-end border-t-1 p-2">

dashboard/src/features/authentication/users/components/UsersBody/UsersBody.tsx

@@ -113,6 +113,9 @@ export default function UsersBody({ users, onSubmit }: UsersBodyProps) {
           phoneNumber: values.phoneNumber,
           phoneNumberVerified: values.phoneNumberVerified,
           locale: values.locale,
+          ...(values?.metadata !== undefined && values.metadata !== ''
+            ? { metadata: JSON.parse(values.metadata) }
+            : { metadata: null }),
         },
       },
     });

dashboard/src/features/database/settings/components/DatabaseConnectionInfo/DatabaseConnectionInfo.tsx

@@ -1,3 +1,7 @@
+import { ApplyLocalSettingsDialog } from '@/components/common/ApplyLocalSettingsDialog';
+import { useDialog } from '@/components/common/DialogProvider';
+import { useUI } from '@/components/common/UIProvider';
+import { Form } from '@/components/form/Form';
 import { SettingsContainer } from '@/components/layout/SettingsContainer';
 import { ActivityIndicator } from '@/components/ui/v2/ActivityIndicator';
 import { Alert } from '@/components/ui/v2/Alert';
@@ -7,11 +11,32 @@ import type { InputProps } from '@/components/ui/v2/Input';
 import { Input } from '@/components/ui/v2/Input';
 import { InputAdornment } from '@/components/ui/v2/InputAdornment';
 import { useCurrentWorkspaceAndProject } from '@/features/projects/common/hooks/useCurrentWorkspaceAndProject';
+import { useIsPlatform } from '@/features/projects/common/hooks/useIsPlatform';
 import { generateAppServiceUrl } from '@/features/projects/common/utils/generateAppServiceUrl';
+import { useLocalMimirClient } from '@/hooks/useLocalMimirClient';
 import { copy } from '@/utils/copy';
-import { useGetPostgresSettingsQuery } from '@/utils/__generated__/graphql';
+import { execPromiseWithErrorToast } from '@/utils/execPromiseWithErrorToast';
+import {
+  useGetPostgresSettingsQuery,
+  useUpdateConfigMutation,
+} from '@/utils/__generated__/graphql';
+import { yupResolver } from '@hookform/resolvers/yup';
+import { FormProvider, useForm } from 'react-hook-form';
+import * as Yup from 'yup';
+
+const databasePublicAccessValidationSchema = Yup.object({
+  enablePublicAccess: Yup.bool(),
+});
+
+type DatabasePublicAccessFormValues = Yup.InferType<
+  typeof databasePublicAccessValidationSchema
+>;
 
 export default function DatabaseConnectionInfo() {
+  const { openDialog } = useDialog();
+  const isPlatform = useIsPlatform();
+  const { maintenanceActive } = useUI();
+  const localMimirClient = useLocalMimirClient();
   const { currentProject } = useCurrentWorkspaceAndProject();
 
   const { data, loading, error } = useGetPostgresSettingsQuery({
@@ -19,6 +44,61 @@ export default function DatabaseConnectionInfo() {
     fetchPolicy: 'cache-only',
   });
 
+  const [updateConfig] = useUpdateConfigMutation({
+    ...(!isPlatform ? { client: localMimirClient } : {}),
+  });
+
+  const enablePublicAccess =
+    !!data?.config?.postgres?.resources?.enablePublicAccess;
+
+  const form = useForm<DatabasePublicAccessFormValues>({
+    reValidateMode: 'onSubmit',
+    defaultValues: {
+      enablePublicAccess,
+    },
+    resolver: yupResolver(databasePublicAccessValidationSchema),
+  });
+
+  async function handleSubmit(formValues: DatabasePublicAccessFormValues) {
+    const updateConfigPromise = updateConfig({
+      variables: {
+        appId: currentProject.id,
+        config: {
+          postgres: {
+            resources: {
+              enablePublicAccess: formValues.enablePublicAccess,
+            },
+          },
+        },
+      },
+    });
+
+    await execPromiseWithErrorToast(
+      async () => {
+        await updateConfigPromise;
+        form.reset(formValues);
+
+        if (!isPlatform) {
+          openDialog({
+            title: 'Apply your changes',
+            component: <ApplyLocalSettingsDialog />,
+            props: {
+              PaperProps: {
+                className: 'max-w-2xl',
+              },
+            },
+          });
+        }
+      },
+      {
+        loadingMessage: 'Database settings are being updated...',
+        successMessage: 'Database settings have been updated successfully.',
+        errorMessage:
+          "An error occurred while trying to update the project's database settings.",
+      },
+    );
+  }
+
   if (loading) {
     return (
       <ActivityIndicator
@@ -76,49 +156,72 @@ export default function DatabaseConnectionInfo() {
     },
   ];
 
-  return (
-    <SettingsContainer
-      title="Connection Info"
-      description="Connect directly to the Postgres database with this information."
-      slotProps={{ footer: { className: 'hidden' } }}
-      className="grid grid-cols-6 gap-4 pb-2"
-    >
-      {settingsDatabaseCustomInputs.map(
-        ({ name, label, className, value: inputValue }) => (
-          <Input
-            key={name}
-            label={label}
-            required
-            disabled
-            value={inputValue}
-            className={className}
-            slotProps={{ inputRoot: { className: '!pr-8 truncate' } }}
-            fullWidth
-            hideEmptyHelperText
-            endAdornment={
-              <InputAdornment position="end" className="absolute right-2">
-                <Button
-                  sx={{ minWidth: 0, padding: 0 }}
-                  color="secondary"
-                  variant="borderless"
-                  onClick={(e) => {
-                    e.stopPropagation();
-                    copy(inputValue as string, `${label}`);
-                  }}
-                >
-                  <CopyIcon className="h-4 w-4" />
-                </Button>
-              </InputAdornment>
-            }
-          />
-        ),
-      )}
+  const { formState } = form;
 
-      <Alert severity="info" className="col-span-6 text-left">
-        To connect to the Postgres database directly, generate a new password,
-        securely save it, and then modify your connection string with the newly
-        created password.
-      </Alert>
-    </SettingsContainer>
+  return (
+    <FormProvider {...form}>
+      <Form onSubmit={handleSubmit}>
+        <SettingsContainer
+          title="Public access"
+          description={
+            enablePublicAccess
+              ? 'Connect directly to the Postgres database with this information.'
+              : 'Enable public access to your Postgres database.'
+          }
+          slotProps={{
+            submitButton: {
+              disabled: !formState.isDirty || maintenanceActive,
+              loading: formState.isSubmitting,
+            },
+          }}
+          className="grid grid-cols-6 gap-4 pb-2"
+          switchId="enablePublicAccess"
+          showSwitch
+        >
+          {enablePublicAccess && (
+            <>
+              {settingsDatabaseCustomInputs.map(
+                ({ name, label, className, value: inputValue }) => (
+                  <Input
+                    key={name}
+                    label={label}
+                    required
+                    disabled
+                    value={inputValue}
+                    className={className}
+                    slotProps={{ inputRoot: { className: '!pr-8 truncate' } }}
+                    fullWidth
+                    hideEmptyHelperText
+                    endAdornment={
+                      <InputAdornment
+                        position="end"
+                        className="absolute right-2"
+                      >
+                        <Button
+                          sx={{ minWidth: 0, padding: 0 }}
+                          color="secondary"
+                          variant="borderless"
+                          onClick={(e) => {
+                            e.stopPropagation();
+                            copy(inputValue as string, `${label}`);
+                          }}
+                        >
+                          <CopyIcon className="w-4 h-4" />
+                        </Button>
+                      </InputAdornment>
+                    }
+                  />
+                ),
+              )}
+              <Alert severity="info" className="col-span-6 text-left">
+                To connect to the Postgres database directly, generate a new
+                password, securely save it, and then modify your connection
+                string with the newly created password.
+              </Alert>
+            </>
+          )}
+        </SettingsContainer>
+      </Form>
+    </FormProvider>
   );
 }

dashboard/src/features/database/settings/gql/getPostgresSettings.gql

@@ -13,6 +13,7 @@ query GetPostgresSettings($appId: uuid!) {
         storage {
           capacity
         }
+        enablePublicAccess
       }
     }
   }

dashboard/src/features/projects/common/components/Announcements/Announcements.tsx

@@ -5,7 +5,9 @@ import { useGetAnnouncementsQuery } from '@/utils/__generated__/graphql';
 import formatDistance from 'date-fns/formatDistance';
 
 export default function Announcements() {
-  const { data, loading, error } = useGetAnnouncementsQuery();
+  const { data, loading, error } = useGetAnnouncementsQuery({
+    fetchPolicy: 'cache-first',
+  });
 
   const announcements = data?.announcements || [];
 

dashboard/src/features/projects/custom-domains/settings/components/VerifyDomain/VerifyDomain.tsx

@@ -131,7 +131,7 @@ export default function VerifyDomain({
         </div>
         {isPlatform ? (
           <Button
-            disabled={loading || !hostname || isPlatform}
+            disabled={loading || !hostname}
             onClick={handleVerifyDomain}
             className="mt-4 sm:absolute sm:bottom-0 sm:right-0 sm:mt-0"
           >

dashboard/src/gql/app/settings/updateConfig.graphql

@@ -6,6 +6,7 @@ mutation UpdateConfig($appId: uuid!, $config: ConfigConfigUpdateInput!) {
         storage {
           capacity
         }
+        enablePublicAccess
       }
     }
     ai {

dashboard/src/gql/remote-app/getUsers.graphql

@@ -11,6 +11,7 @@ fragment RemoteAppGetUsers on users {
   defaultRole
   lastSeen
   locale
+  metadata
   roles {
     id
     role

dashboard/src/pages/index.tsx

@@ -7,41 +7,55 @@ import { Button } from '@/components/ui/v2/Button';
 import { Text } from '@/components/ui/v2/Text';
 import { WorkspaceAndProjectList } from '@/features/projects/common/components/WorkspaceAndProjectList';
 import { WorkspaceSidebar } from '@/features/projects/common/components/WorkspaceSidebar';
-import { useGetAllWorkspacesAndProjectsQuery } from '@/utils/__generated__/graphql';
+import {
+  useGetAllWorkspacesAndProjectsQuery,
+  type GetAllWorkspacesAndProjectsQuery,
+} from '@/utils/__generated__/graphql';
+import { NetworkStatus } from '@apollo/client';
 import { darken } from '@mui/system';
 import { useUserData } from '@nhost/nextjs';
 import NavLink from 'next/link';
-import type { ReactElement } from 'react';
-import { useEffect } from 'react';
+import { useState, type ReactElement } from 'react';
 
 export default function IndexPage() {
   const user = useUserData();
-  const { data, loading, startPolling, stopPolling } =
+  const [, setPollInterval] = useState(1_000);
+
+  // keep polling for workspaces until there is a workspace available.
+  // We do this because when a user signs up a workspace is created automatically
+  // and the serverless function can take some time to complete.
+  const { data, startPolling, stopPolling, networkStatus } =
     useGetAllWorkspacesAndProjectsQuery({
       skip: !user,
+      notifyOnNetworkStatusChange: true,
+      onError: () => {
+        // When there's an error (graphql, network error) apply an exponential backoff strategy
+        setPollInterval((prevInterval) => {
+          const newInterval = Math.min(60_000, prevInterval * 2);
+          startPolling(newInterval);
+          return newInterval;
+        });
+      },
+      onCompleted: (queryData: GetAllWorkspacesAndProjectsQuery) => {
+        if (!queryData?.workspaces.length) {
+          setPollInterval(1000);
+          startPolling(1000);
+        } else {
+          setPollInterval(0);
+          stopPolling();
+        }
+      },
     });
 
+  // keep showing loading indicator while polling
+  const loading = networkStatus === NetworkStatus.loading;
+
   const numberOfProjects = data?.workspaces.reduce(
     (projectCount, currentWorkspace) =>
       projectCount + currentWorkspace.projects.length,
     0,
   );
 
-  // keep polling for workspaces until there is a workspace available.
-  // We do this because when a user signs up a workspace is created automatically
-  // and the serverless function can take some time to complete.
-  useEffect(() => {
-    startPolling(1000);
-  }, [startPolling]);
-
-  useEffect(() => {
-    if (!data?.workspaces.length) {
-      return;
-    }
-
-    stopPolling();
-  }, [data?.workspaces, stopPolling]);
-
   if ((!data && loading) || !user) {
     return <LoadingScreen />;
   }

dashboard/src/utils/__generated__/graphql.ts

@@ -1804,6 +1804,7 @@ export type ConfigPostgresInsertInput = {
 export type ConfigPostgresResources = {
   __typename?: 'ConfigPostgresResources';
   compute?: Maybe<ConfigResourcesCompute>;
+  enablePublicAccess?: Maybe<Scalars['Boolean']>;
   networking?: Maybe<ConfigNetworking>;
   /** Number of replicas for a service */
   replicas?: Maybe<Scalars['ConfigUint8']>;
@@ -1815,6 +1816,7 @@ export type ConfigPostgresResourcesComparisonExp = {
   _not?: InputMaybe<ConfigPostgresResourcesComparisonExp>;
   _or?: InputMaybe<Array<ConfigPostgresResourcesComparisonExp>>;
   compute?: InputMaybe<ConfigResourcesComputeComparisonExp>;
+  enablePublicAccess?: InputMaybe<ConfigBooleanComparisonExp>;
   networking?: InputMaybe<ConfigNetworkingComparisonExp>;
   replicas?: InputMaybe<ConfigUint8ComparisonExp>;
   storage?: InputMaybe<ConfigPostgresStorageComparisonExp>;
@@ -1822,6 +1824,7 @@ export type ConfigPostgresResourcesComparisonExp = {
 
 export type ConfigPostgresResourcesInsertInput = {
   compute?: InputMaybe<ConfigResourcesComputeInsertInput>;
+  enablePublicAccess?: InputMaybe<Scalars['Boolean']>;
   networking?: InputMaybe<ConfigNetworkingInsertInput>;
   replicas?: InputMaybe<Scalars['ConfigUint8']>;
   storage?: InputMaybe<ConfigPostgresStorageInsertInput>;
@@ -1829,6 +1832,7 @@ export type ConfigPostgresResourcesInsertInput = {
 
 export type ConfigPostgresResourcesUpdateInput = {
   compute?: InputMaybe<ConfigResourcesComputeUpdateInput>;
+  enablePublicAccess?: InputMaybe<Scalars['Boolean']>;
   networking?: InputMaybe<ConfigNetworkingUpdateInput>;
   replicas?: InputMaybe<Scalars['ConfigUint8']>;
   storage?: InputMaybe<ConfigPostgresStorageUpdateInput>;
@@ -2524,7 +2528,9 @@ export type ConfigSystemConfigPostgres = {
   __typename?: 'ConfigSystemConfigPostgres';
   connectionString: ConfigSystemConfigPostgresConnectionString;
   database: Scalars['String'];
+  disk?: Maybe<ConfigSystemConfigPostgresDisk>;
   enabled?: Maybe<Scalars['Boolean']>;
+  majorVersion?: Maybe<Scalars['String']>;
 };
 
 export type ConfigSystemConfigPostgresComparisonExp = {
@@ -2533,7 +2539,9 @@ export type ConfigSystemConfigPostgresComparisonExp = {
   _or?: InputMaybe<Array<ConfigSystemConfigPostgresComparisonExp>>;
   connectionString?: InputMaybe<ConfigSystemConfigPostgresConnectionStringComparisonExp>;
   database?: InputMaybe<ConfigStringComparisonExp>;
+  disk?: InputMaybe<ConfigSystemConfigPostgresDiskComparisonExp>;
   enabled?: InputMaybe<ConfigBooleanComparisonExp>;
+  majorVersion?: InputMaybe<ConfigStringComparisonExp>;
 };
 
 export type ConfigSystemConfigPostgresConnectionString = {
@@ -2568,16 +2576,44 @@ export type ConfigSystemConfigPostgresConnectionStringUpdateInput = {
   storage?: InputMaybe<Scalars['String']>;
 };
 
+export type ConfigSystemConfigPostgresDisk = {
+  __typename?: 'ConfigSystemConfigPostgresDisk';
+  iops?: Maybe<Scalars['ConfigUint32']>;
+  tput?: Maybe<Scalars['ConfigUint32']>;
+};
+
+export type ConfigSystemConfigPostgresDiskComparisonExp = {
+  _and?: InputMaybe<Array<ConfigSystemConfigPostgresDiskComparisonExp>>;
+  _not?: InputMaybe<ConfigSystemConfigPostgresDiskComparisonExp>;
+  _or?: InputMaybe<Array<ConfigSystemConfigPostgresDiskComparisonExp>>;
+  iops?: InputMaybe<ConfigUint32ComparisonExp>;
+  tput?: InputMaybe<ConfigUint32ComparisonExp>;
+};
+
+export type ConfigSystemConfigPostgresDiskInsertInput = {
+  iops?: InputMaybe<Scalars['ConfigUint32']>;
+  tput?: InputMaybe<Scalars['ConfigUint32']>;
+};
+
+export type ConfigSystemConfigPostgresDiskUpdateInput = {
+  iops?: InputMaybe<Scalars['ConfigUint32']>;
+  tput?: InputMaybe<Scalars['ConfigUint32']>;
+};
+
 export type ConfigSystemConfigPostgresInsertInput = {
   connectionString: ConfigSystemConfigPostgresConnectionStringInsertInput;
   database: Scalars['String'];
+  disk?: InputMaybe<ConfigSystemConfigPostgresDiskInsertInput>;
   enabled?: InputMaybe<Scalars['Boolean']>;
+  majorVersion?: InputMaybe<Scalars['String']>;
 };
 
 export type ConfigSystemConfigPostgresUpdateInput = {
   connectionString?: InputMaybe<ConfigSystemConfigPostgresConnectionStringUpdateInput>;
   database?: InputMaybe<Scalars['String']>;
+  disk?: InputMaybe<ConfigSystemConfigPostgresDiskUpdateInput>;
   enabled?: InputMaybe<Scalars['Boolean']>;
+  majorVersion?: InputMaybe<Scalars['String']>;
 };
 
 export type ConfigSystemConfigUpdateInput = {
@@ -2659,14 +2695,6 @@ export type Metrics = {
   value: Scalars['float64'];
 };
 
-export type StatsDailyLiveFreeApps = {
-  __typename?: 'StatsDailyLiveFreeApps';
-  avg: Scalars['Int'];
-  max: Scalars['Int'];
-  min: Scalars['Int'];
-  raw: Array<Scalars['Int']>;
-};
-
 export type StatsLiveApps = {
   __typename?: 'StatsLiveApps';
   appID: Array<Scalars['uuid']>;
@@ -11798,6 +11826,7 @@ export type Mutation_Root = {
   billingUpdatePersistentVolume: Scalars['Boolean'];
   billingUpdateReports: Scalars['Boolean'];
   billingUploadReports: Scalars['Boolean'];
+  changeDatabaseVersion: Scalars['Boolean'];
   /** delete single row from the table: "apps" */
   deleteApp?: Maybe<Apps>;
   /** delete single row from the table: "app_states" */
@@ -12483,6 +12512,14 @@ export type Mutation_RootBillingUpdateReportsArgs = {
 };
 
 
+/** mutation root */
+export type Mutation_RootChangeDatabaseVersionArgs = {
+  appID: Scalars['uuid'];
+  force?: InputMaybe<Scalars['Boolean']>;
+  version: Scalars['String'];
+};
+
+
 /** mutation root */
 export type Mutation_RootDeleteAppArgs = {
   id: Scalars['uuid'];
@@ -15988,12 +16025,6 @@ export type Query_Root = {
   softwareVersions: Array<Software_Versions>;
   /** fetch aggregated fields from the table: "software_versions" */
   softwareVersionsAggregate: Software_Versions_Aggregate;
-  /**
-   * Returns the per-day number of free live apps in the given time range, as well as the min, max and avg.
-   *
-   * Requests that returned a 4xx or 5xx status code are not counted as live traffic.
-   */
-  statsDailyLiveFreeApps: StatsDailyLiveFreeApps;
   /**
    * Returns lists of apps that have some live traffic in the give time range.
    * From defaults to 24 hours ago and to defaults to now.
@@ -16003,6 +16034,8 @@ export type Query_Root = {
   statsLiveApps: StatsLiveApps;
   systemConfig?: Maybe<ConfigSystemConfig>;
   systemConfigs: Array<ConfigAppSystemConfig>;
+  /** Returns system logs for a given application */
+  systemLogs: Array<Log>;
   /** fetch data from the table: "auth.users" using primary key columns */
   user?: Maybe<Users>;
   /** fetch data from the table: "auth.users" */
@@ -17051,12 +17084,6 @@ export type Query_RootSoftwareVersionsAggregateArgs = {
 };
 
 
-export type Query_RootStatsDailyLiveFreeAppsArgs = {
-  from?: InputMaybe<Scalars['Timestamp']>;
-  to?: InputMaybe<Scalars['Timestamp']>;
-};
-
-
 export type Query_RootStatsLiveAppsArgs = {
   from?: InputMaybe<Scalars['Timestamp']>;
   to?: InputMaybe<Scalars['Timestamp']>;
@@ -17073,6 +17100,14 @@ export type Query_RootSystemConfigsArgs = {
 };
 
 
+export type Query_RootSystemLogsArgs = {
+  action: Scalars['String'];
+  appID: Scalars['String'];
+  from?: InputMaybe<Scalars['Timestamp']>;
+  to?: InputMaybe<Scalars['Timestamp']>;
+};
+
+
 export type Query_RootUserArgs = {
   id: Scalars['uuid'];
 };
@@ -22662,7 +22697,7 @@ export type GetPostgresSettingsQueryVariables = Exact<{
 }>;
 
 
-export type GetPostgresSettingsQuery = { __typename?: 'query_root', systemConfig?: { __typename?: 'ConfigSystemConfig', postgres: { __typename?: 'ConfigSystemConfigPostgres', database: string } } | null, config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', postgres?: { __typename?: 'ConfigPostgres', version?: string | null, resources?: { __typename?: 'ConfigPostgresResources', storage?: { __typename?: 'ConfigPostgresStorage', capacity: any } | null } | null } | null } | null };
+export type GetPostgresSettingsQuery = { __typename?: 'query_root', systemConfig?: { __typename?: 'ConfigSystemConfig', postgres: { __typename?: 'ConfigSystemConfigPostgres', database: string } } | null, config?: { __typename: 'ConfigConfig', id: 'ConfigConfig', postgres?: { __typename?: 'ConfigPostgres', version?: string | null, resources?: { __typename?: 'ConfigPostgresResources', enablePublicAccess?: boolean | null, storage?: { __typename?: 'ConfigPostgresStorage', capacity: any } | null } | null } | null } | null };
 
 export type ResetDatabasePasswordMutationVariables = Exact<{
   appId: Scalars['String'];
@@ -22894,7 +22929,7 @@ export type UpdateConfigMutationVariables = Exact<{
 }>;
 
 
-export type UpdateConfigMutation = { __typename?: 'mutation_root', updateConfig: { __typename?: 'ConfigConfig', id: 'ConfigConfig', postgres?: { __typename?: 'ConfigPostgres', resources?: { __typename?: 'ConfigPostgresResources', storage?: { __typename?: 'ConfigPostgresStorage', capacity: any } | null } | null } | null, ai?: { __typename?: 'ConfigAI', version?: string | null, webhookSecret: string, autoEmbeddings?: { __typename?: 'ConfigAIAutoEmbeddings', synchPeriodMinutes?: any | null } | null, openai: { __typename?: 'ConfigAIOpenai', organization?: string | null, apiKey: string }, resources: { __typename?: 'ConfigAIResources', compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any } } } | null } };
+export type UpdateConfigMutation = { __typename?: 'mutation_root', updateConfig: { __typename?: 'ConfigConfig', id: 'ConfigConfig', postgres?: { __typename?: 'ConfigPostgres', resources?: { __typename?: 'ConfigPostgresResources', enablePublicAccess?: boolean | null, storage?: { __typename?: 'ConfigPostgresStorage', capacity: any } | null } | null } | null, ai?: { __typename?: 'ConfigAI', version?: string | null, webhookSecret: string, autoEmbeddings?: { __typename?: 'ConfigAIAutoEmbeddings', synchPeriodMinutes?: any | null } | null, openai: { __typename?: 'ConfigAIOpenai', organization?: string | null, apiKey: string }, resources: { __typename?: 'ConfigAIResources', compute: { __typename?: 'ConfigComputeResources', cpu: any, memory: any } } } | null } };
 
 export type UnpauseApplicationMutationVariables = Exact<{
   appId: Scalars['uuid'];
@@ -23098,7 +23133,7 @@ export type GetRemoteAppMetricsQueryVariables = Exact<{ [key: string]: never; }>
 
 export type GetRemoteAppMetricsQuery = { __typename?: 'query_root', filesAggregate: { __typename?: 'files_aggregate', aggregate?: { __typename?: 'files_aggregate_fields', count: number, sum?: { __typename?: 'files_sum_fields', size?: number | null } | null } | null }, usersAggregate: { __typename?: 'users_aggregate', aggregate?: { __typename?: 'users_aggregate_fields', count: number } | null } };
 
-export type RemoteAppGetUsersFragment = { __typename?: 'users', id: any, createdAt: any, displayName: string, avatarUrl: string, email?: any | null, emailVerified: boolean, phoneNumber?: string | null, phoneNumberVerified: boolean, disabled: boolean, defaultRole: string, lastSeen?: any | null, locale: string, roles: Array<{ __typename?: 'authUserRoles', id: any, role: string }>, userProviders: Array<{ __typename?: 'authUserProviders', id: any, providerId: string }> };
+export type RemoteAppGetUsersFragment = { __typename?: 'users', id: any, createdAt: any, displayName: string, avatarUrl: string, email?: any | null, emailVerified: boolean, phoneNumber?: string | null, phoneNumberVerified: boolean, disabled: boolean, defaultRole: string, lastSeen?: any | null, locale: string, metadata?: any | null, roles: Array<{ __typename?: 'authUserRoles', id: any, role: string }>, userProviders: Array<{ __typename?: 'authUserProviders', id: any, providerId: string }> };
 
 export type RemoteAppGetUsersQueryVariables = Exact<{
   where: Users_Bool_Exp;
@@ -23107,7 +23142,7 @@ export type RemoteAppGetUsersQueryVariables = Exact<{
 }>;
 
 
-export type RemoteAppGetUsersQuery = { __typename?: 'query_root', users: Array<{ __typename?: 'users', id: any, createdAt: any, displayName: string, avatarUrl: string, email?: any | null, emailVerified: boolean, phoneNumber?: string | null, phoneNumberVerified: boolean, disabled: boolean, defaultRole: string, lastSeen?: any | null, locale: string, roles: Array<{ __typename?: 'authUserRoles', id: any, role: string }>, userProviders: Array<{ __typename?: 'authUserProviders', id: any, providerId: string }> }>, filteredUsersAggreggate: { __typename?: 'users_aggregate', aggregate?: { __typename?: 'users_aggregate_fields', count: number } | null }, usersAggregate: { __typename?: 'users_aggregate', aggregate?: { __typename?: 'users_aggregate_fields', count: number } | null } };
+export type RemoteAppGetUsersQuery = { __typename?: 'query_root', users: Array<{ __typename?: 'users', id: any, createdAt: any, displayName: string, avatarUrl: string, email?: any | null, emailVerified: boolean, phoneNumber?: string | null, phoneNumberVerified: boolean, disabled: boolean, defaultRole: string, lastSeen?: any | null, locale: string, metadata?: any | null, roles: Array<{ __typename?: 'authUserRoles', id: any, role: string }>, userProviders: Array<{ __typename?: 'authUserProviders', id: any, providerId: string }> }>, filteredUsersAggreggate: { __typename?: 'users_aggregate', aggregate?: { __typename?: 'users_aggregate_fields', count: number } | null }, usersAggregate: { __typename?: 'users_aggregate', aggregate?: { __typename?: 'users_aggregate_fields', count: number } | null } };
 
 export type RemoteAppGetUsersCustomQueryVariables = Exact<{
   where: Users_Bool_Exp;
@@ -23124,7 +23159,7 @@ export type RemoteAppGetUsersWholeQueryVariables = Exact<{
 }>;
 
 
-export type RemoteAppGetUsersWholeQuery = { __typename?: 'query_root', users: Array<{ __typename?: 'users', id: any, createdAt: any, displayName: string, avatarUrl: string, email?: any | null, emailVerified: boolean, phoneNumber?: string | null, phoneNumberVerified: boolean, disabled: boolean, defaultRole: string, lastSeen?: any | null, locale: string, roles: Array<{ __typename?: 'authUserRoles', id: any, role: string }>, userProviders: Array<{ __typename?: 'authUserProviders', id: any, providerId: string }> }>, usersAggregate: { __typename?: 'users_aggregate', aggregate?: { __typename?: 'users_aggregate_fields', count: number } | null } };
+export type RemoteAppGetUsersWholeQuery = { __typename?: 'query_root', users: Array<{ __typename?: 'users', id: any, createdAt: any, displayName: string, avatarUrl: string, email?: any | null, emailVerified: boolean, phoneNumber?: string | null, phoneNumberVerified: boolean, disabled: boolean, defaultRole: string, lastSeen?: any | null, locale: string, metadata?: any | null, roles: Array<{ __typename?: 'authUserRoles', id: any, role: string }>, userProviders: Array<{ __typename?: 'authUserProviders', id: any, providerId: string }> }>, usersAggregate: { __typename?: 'users_aggregate', aggregate?: { __typename?: 'users_aggregate_fields', count: number } | null } };
 
 export type TotalUsersQueryVariables = Exact<{ [key: string]: never; }>;
 
@@ -23623,6 +23658,7 @@ export const RemoteAppGetUsersFragmentDoc = gql`
   defaultRole
   lastSeen
   locale
+  metadata
   roles {
     id
     role
@@ -24036,6 +24072,7 @@ export const GetPostgresSettingsDocument = gql`
         storage {
           capacity
         }
+        enablePublicAccess
       }
     }
   }
@@ -25399,6 +25436,7 @@ export const UpdateConfigDocument = gql`
         storage {
           capacity
         }
+        enablePublicAccess
       }
     }
     ai {

docs/CHANGELOG.md

@@ -1,5 +1,30 @@
 # @nhost/docs
 
+## 2.13.0
+
+### Minor Changes
+
+- 6fb0cc2: fix: minor improvements to compute resources' docs
+- 66bd450: chore: various improvements
+
+## 2.12.0
+
+### Minor Changes
+
+- d5077c7: feat: added docs about how to connect to postgres
+
+## 2.11.0
+
+### Minor Changes
+
+- c6dc7f4: chore: docs: add Nhost client reference
+
+## 2.10.3
+
+### Patch Changes
+
+- a58c5cf: fix: broken link
+
 ## 2.10.2
 
 ### Patch Changes

docs/guides/auth/custom-jwts.mdx

@@ -0,0 +1,176 @@
+---
+title: Custom JWTs
+description: Creating custom JWTs
+icon: ghost
+---
+
+In some cases it is necessary to act on behalf of a user. While the Auth service doesn't allow that it is not difficult to implement such functionality as a serverless function. Below you can find an example of a function that can generate a valid access token for your application with customized values. For details read the docstring in the function itself.
+
+Feel free to adapt to your needs.
+
+### Dependencies
+
+```
+npm install jsonwebtoken
+```
+
+### Function
+
+Create a file under `functions` (for instance `/functions/custom-jwts.ts`), with the following contents:
+
+```js
+import { Request, Response } from 'express'
+import process from 'process'
+import jwt from 'jsonwebtoken'
+
+// function to extract jwt from the request
+const getJwt = (req: Request): string | null => {
+    const authHeader = req.headers.authorization
+    if (!authHeader) {
+        return null
+    }
+
+    const parts = authHeader.split(' ')
+    if (parts.length !== 2) {
+        return null
+    }
+
+    const [scheme, token] = parts
+    if (!/^Bearer$/i.test(scheme)) {
+        return null
+    }
+
+    return token
+}
+
+// validate jwt token is valid and caller is either an admin or an operator
+const jwtIsAuthorized = (req: Request, key: string): string => {
+    const token = getJwt(req)
+    if (!token) {
+        return ""
+    }
+
+    try {
+        const decoded = jwt.verify(token, key)
+
+        const claims = decoded['https://hasura.io/jwt/claims']
+        if ( !claims || !claims['x-hasura-allowed-roles'] ) {
+            return ""
+        }
+
+        if (
+            claims['x-hasura-allowed-roles'].includes('admin') ||
+            claims['x-hasura-allowed-roles'].includes('operator')
+        ) {
+            return decoded.sub
+        }
+
+        return ""
+    } catch (e) {
+        return ""
+    }
+}
+
+/*
+This is a sample function that generates a JWT token to impersonate users.
+
+Authorization:
+
+- send a valid JWT token with the request. The token should have the `admin` or `operator` role.
+- send the `x-hasura-admin-secret` header with the request
+
+Body:
+
+A json object with the following keys:
+
+- `userId` (string): the user id for which the token is generated
+- `defaultRole` (string): the default role for the userId
+- `allowedRoles` (array of strings): the roles that the userId can assume
+
+Returns:
+
+A json object with the following keys:
+
+- `accessToken` (string) - The generated access token
+
+
+In addition to the typical JWT claims generated by Nhost, the token generated by this function will have the following claims:
+
+- `x-hasura-on-behalf-of`: the user id of the caller or `admin` if the caller used the `x-hasura-admin-secret` header
+
+You are free to modify this function to suit your needs.
+*/
+export default (req: Request, res: Response) => {
+    let authorizedCaller = ""
+    if (req.headers['x-hasura-admin-secret'] === process.env.HASURA_GRAPHQL_ADMIN_SECRET) {
+        authorizedCaller = "admin"
+    }
+
+    const jwtSecret = JSON.parse(process.env.NHOST_JWT_SECRET)
+    if (!authorizedCaller) {
+        authorizedCaller = jwtIsAuthorized(req, jwtSecret.key)
+    }
+
+    if (!authorizedCaller) {
+        return res.status(401).json({ message: 'Unauthorized' })
+    }
+
+    // extract from json in the body
+    const {userId, defaultRole, allowedRoles} = req.body
+    if (!userId || !defaultRole || !allowedRoles) {
+        return res.status(400).json({ message: 'Bad request' })
+    }
+
+    let token = jwt.sign({
+      "exp": Math.floor(Date.now() / 1000) + 60 * 60, // 1 hour
+      "https://hasura.io/jwt/claims": {
+        "x-hasura-allowed-roles": allowedRoles,
+        "x-hasura-default-role": defaultRole,
+        "x-hasura-user-id": userId,
+        "x-hasura-user-is-anonymous": "false",
+        "x-hasura-on-behalf-of": authorizedCaller
+      },
+      "iat": Math.floor(Date.now() / 1000),
+      "iss": "custom-lambda",
+      "sub": userId,
+    }, jwtSecret.key);
+
+    res.status(200).json(
+        {
+            accessToken: token,
+        },
+    )
+}
+```
+
+Now you can call it like:
+
+```
+curl -X POST \
+    -H "Content-Type: application/json" \
+    -H "x-hasura-admin-secret: nhost-admin-secret" \
+    -d '{"userId": "FFAB5354-C5EB-42C1-8BC3-AD21D2297883", "defaultRole": "user", "allowedRoles": ["user", "me"]}' \
+    https://local.functions.nhost.run/v1/custom-jwt
+{"accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTcxNDIyMTMsImh0dHBzOi8vaGFzdXJhLmlvL2p3dC9jbGFpbXMiOnsieC1oYXN1cmEtYWxsb3dlZC1yb2xlcyI6WyJ1c2VyIiwibWUiXSwieC1oYXN1cmEtZGVmYXVsdC1yb2xlIjoidXNlciIsIngtaGFzdXJhLXVzZXItaWQiOiJGRkFCNTM1NC1DNUVCLTQyQzEtOEJDMy1BRDIxRDIyOTc4ODMiLCJ4LWhhc3VyYS11c2VyLWlzLWFub255bW91cyI6ImZhbHNlIiwieC1oYXN1cmEtb24tYmVoYWxmLW9mIjoiYWRtaW4ifSwiaWF0IjoxNzE3MTM4NjEzLCJpc3MiOiJjdXN0b20tbGFtYmRhIiwic3ViIjoiRkZBQjUzNTQtQzVFQi00MkMxLThCQzMtQUQyMUQyMjk3ODgzIn0.bRhzJvXMdkQA8aXPH95uMT17WHED2rSRq3gE21Vp3Ak"}
+```
+
+The new token should be a valid token for your application with the custom values requested:
+
+```json
+{
+  "exp": 1717141288,
+  "https://hasura.io/jwt/claims": {
+    "x-hasura-allowed-roles": [
+      "a",
+      "b"
+    ],
+    "x-hasura-default-role": "user",
+    "x-hasura-user-id": "FFAB5354-C5EB-42C1-8BC3-AD21D2297883",
+    "x-hasura-user-is-anonymous": "false",
+    "x-hasura-on-behalf-of": "admin"
+  },
+  "iat": 1717137688,
+  "iss": "custom-lambda",
+  "sub": "FFAB5354-C5EB-42C1-8BC3-AD21D2297883"
+}
+```

docs/guides/auth/social/sign-in-apple.mdx

@@ -93,3 +93,7 @@ nhost.auth.signIn({
   provider: 'apple'
 })
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/auth/social/sign-in-discord.mdx

@@ -41,3 +41,7 @@ nhost.auth.signIn({
   provider: 'discord'
 })
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/auth/social/sign-in-facebook.mdx

@@ -64,3 +64,7 @@ nhost.auth.signIn({
   provider: 'facebook'
 })
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/auth/social/sign-in-github.mdx

@@ -49,3 +49,7 @@ nhost.auth.signIn({
   provider: "github",
 });
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/auth/social/sign-in-google.mdx

@@ -73,3 +73,7 @@ nhost.auth.signIn({
   provider: 'google'
 })
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/auth/social/sign-in-linkedin.mdx

@@ -64,3 +64,7 @@ nhost.auth.signIn({
   provider: 'linkedin'
 })
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/auth/social/sign-in-spotify.mdx

@@ -49,3 +49,7 @@ nhost.auth.signIn({
   provider: 'spotify'
 })
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/auth/social/sign-in-twitch.mdx

@@ -43,3 +43,7 @@ nhost.auth.signIn({
   provider: 'twitch'
 })
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/auth/social/sign-in-workos.mdx

@@ -63,3 +63,7 @@ nhost.auth.signIn({
   provider: 'workos'
 })
 ```
+
+<Note>
+To use your own domain for the callback URL refer to the [custom domains](/platform/custom-domains) documentation.
+</Note>

docs/guides/database/access.mdx

@@ -0,0 +1,43 @@
+---
+title: Accessing the Database
+description: How to access the database directly using the connection string
+icon: key
+---
+
+In most cases you will not need to access the database directly, choosing to interact with the data via the Graphql API, however, if you need direct access to postgres you can access it via the connection string.
+
+
+# Nhost Run
+
+You can find details on how to connect to the database from an [Nhost Run](/product/run) service [here](/guides/run/networking#connecting-to-the-nhost-stack). If you don't know the password you can set a new password in the dashboard:
+
+  **Project Dashboard -> Settings -> Database**
+
+![reset password](/images/guides/database/access/reset.png)
+
+# Public Access
+
+For security reasons, by default your database won't be accessible online. If you need to access it directly from the Internet, first you will need to enable public access (enabling public access will also show the connection details):
+
+<Tabs>
+<Tab title="Dashboard">
+  **Project Dashboard -> Settings -> Database**
+
+  ![public access](/images/guides/database/access/public.png)
+
+</Tab>
+<Tab title="Config">
+```toml
+[postgres.resources]
+enablePublicAccess = true
+```
+</Tab>
+</Tabs>
+
+<Note>
+Public access to your database utilizes [pgbouncer](http://www.pgbouncer.org). As this pooler is shared infrastructure the pooler will still be available even if your database has no public access configured. The pooler will simply not have access to your database.
+</Note>
+
+# Functions
+
+[Functions](/product/functions) run on a separate network, which means in order to access the database you will first need to [make it public](#public-access).

docs/guides/database/performance.mdx

@@ -16,7 +16,7 @@ In case your Postgres service is not meeting your performance expectations, you
 
 4. Evaluate the usage of indexes in your database. Identify queries that could benefit from additional indexes and strategically add them to improve query performance.
 
-5. Increase the disk size to increase [disk performance](/platform/compute-resources#disk-performance). Keep in mind increasing the disk size isn't reversible and increasing the memory of the service may yield better results. This is mostly useful when your data is very volatile and the postgres cache can't work effectively. Only attempt to increase disk for performance reasons if your reads and writes are very high and increasing memory isn't effective.
+5. If the problem is related to IOPS, consider increasing [disk performance](/platform/compute-resources#disk-performance).
 
 By implementing these steps, you can effectively address performance concerns and enhance the overall performance of your Postgres service.
 

docs/mint.json

@@ -96,7 +96,7 @@
     },
     {
       "group": "Database",
-      "pages": ["guides/database/configuring-postgres", "guides/database/extensions", "guides/database/performance"]
+      "pages": ["guides/database/configuring-postgres", "guides/database/access", "guides/database/extensions", "guides/database/performance"]
     },
     {
         "group": "AI",
@@ -134,7 +134,8 @@
         "guides/auth/sign-in-phone-number",
         "guides/auth/sign-in-webauthn",
         "guides/auth/elevated-permissions",
-        "guides/auth/email-templates"
+        "guides/auth/email-templates",
+        "guides/auth/custom-jwts"
       ]
     },
     {
@@ -298,6 +299,10 @@
           "group": "JavaScript",
           "icon": "js",
           "pages": [
+            {
+              "group": "nhost-js",
+              "pages": ["reference/javascript/nhost-js/nhost-client", "reference/javascript/nhost-js/set-role", "reference/javascript/nhost-js/unset-role"]
+            },
             {
               "group": "Auth",
               "pages": [
@@ -338,7 +343,10 @@
                 "reference/javascript/storage/get-public-url",
                 "reference/javascript/storage/delete",
                 "reference/javascript/storage/set-access-token",
-                "reference/javascript/storage/set-admin-secret"
+                "reference/javascript/storage/set-admin-secret",
+                "reference/javascript/storage/set-headers",
+                "reference/javascript/storage/unset-headers",
+                "reference/javascript/storage/get-headers"
               ]
             },
             {
@@ -347,7 +355,10 @@
                 "reference/javascript/graphql/nhost-graphql-client",
                 "reference/javascript/graphql/get-url",
                 "reference/javascript/graphql/set-access-token",
-                "reference/javascript/graphql/request"
+                "reference/javascript/graphql/request",
+                "reference/javascript/graphql/set-headers",
+                "reference/javascript/graphql/unset-headers",
+                "reference/javascript/graphql/get-headers"
               ]
             },
             {

docs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nhost/docs",
-  "version": "2.10.2",
+  "version": "2.13.0",
   "private": true,
   "scripts": {
     "start": "mintlify dev"

docs/platform/compute-resources.mdx

@@ -72,6 +72,28 @@ To setup dedicated resources for your project, you can either use the Dashboard
   </Tab>
 </Tabs>
 
+### Bursting with Dedicated Compute
+
+When using dedicated compute we allow your application to use more than its alloted CPU resources if those resources are available. This means what we are calling dedicated compute is, in fact, guaranteed compute. For instance:
+
+<div align="center">
+<img width="300" src="/images/platform/compute-resources/guaranteed-resources.png" alt="resource allocation" />
+</div>
+
+In the graph above we can see three applications assigned to the same node, each with its own dedicated compute (the solid lines block). However, all applications are allowed to use the non-solid region of compute as long as the rest of the projects are not using it:
+
+<div align="center">
+<img width="300" src="/images/platform/compute-resources/resource-utilization.png" alt="resource utilization" />
+</div>
+
+Above we can see three different scenarios:
+
+- In scenario A the green application is barely using its alloted CPU so if the other applications need it, they can borrow it.
+- Similarly, in scenario B the green application can borrow resources if it needs it from other applications if those aren't using them.
+- In the case all applications need to use all of their resources, nobody can steal from each other as resources are guaranteed per application.
+
+This borrowing of resources is convenient in case of short and unexpected bursts, however, as those are not guaranteed you shouldn't rely on them for sustained usage.
+
 ## Disk Performance
 
 By default disks are provisioned with a capacity for 3000 IOPS and 125 Mbps of throughput. If you need higher performance don't hesitate to contact us.

docs/platform/custom-domains.mdx

@@ -18,7 +18,7 @@ The following examples assume we are configuring custom domains at `*.custom-dom
     1. Add a CNAME record in your DNS provider for each of the services you want a custom domain for, and click "Verify". The verification might take a few seconds to succeed.
     2. Once the verification succeeds, click "Save" to update your project.
 
-    ![Custom Domains](./images/platform/custom-domains/custom-domains.png)
+    ![Custom Domains](./images/platform/custom-domains/custom-domains-dashboard.png)
 
   </Tab>
 
@@ -62,3 +62,16 @@ fqdn = ['my-service.custom-domain.com']
   </Tab>
 </Tabs>
 
+
+<Note>
+After configuring your custom domains don't forget to update your Nhost client to make use of them. For instance, when using our [SDK](/reference/javascript/nhost-js/nhost-client):
+
+```js
+const nhost = new NhostClient({
+  authUrl: 'https://auth.custom-domain.com/v1',
+  storageUrl: 'https://subdomain.storage.region.nhost.run/v1',
+  graphqlUrl: 'https://hasura.custom-domain.com/v1/graphql',
+  functionsUrl: 'https://functions.custom-domain.com/v1'
+})
+```
+</Note>

docs/product/ai.mdx

@@ -50,7 +50,7 @@ In addition, thanks to [pgvector](https://github.com/pgvector/pgvector) you can
 <CardGroup cols={4}>
   <Card title="Enabling Service" icon="square-1" href="../guides/ai/enabling-service">
   </Card>
-  <Card title="Local Development" icon="square-2" href="../guides/ai/local_development">
+  <Card title="Local Development" icon="square-2" href="../guides/ai/local-development">
   </Card>
   <Card title="Auto-Embeddings" icon="square-3" href="../guides/ai/auto-embeddings">
   </Card>

docs/reference/javascript/graphql/get-headers.mdx

@@ -0,0 +1,10 @@
+---
+title: getHeaders()
+sidebarTitle: getHeaders()
+---
+
+Use `nhost.graphql.getHeaders` to get the global headers sent with all graphql requests
+
+```ts
+nhost.graphql.getHeaders()
+```

docs/reference/javascript/graphql/set-headers.mdx

@@ -0,0 +1,20 @@
+---
+title: setHeaders()
+sidebarTitle: setHeaders()
+---
+
+Use `nhost.graphql.setHeaders` to set global headers to be sent in all subsequent graphql requests
+
+```ts
+nhost.graphql.setHeaders({
+  'x-hasura-role': 'admin'
+})
+```
+
+## Parameters
+
+---
+
+**<span className="parameter-name">headers</span>** <span className="optional-status">optional</span> <code>Record&lt;string, string&gt;</code>
+
+---

docs/reference/javascript/graphql/unset-headers.mdx

@@ -0,0 +1,11 @@
+---
+title: unsetHeaders()
+sidebarTitle: unsetHeaders()
+---
+
+Use `nhost.graphql.unsetHeaders` to remove global headers sent with all requests, except for the role header to preserve
+the role set by 'setRole' method.
+
+```ts
+nhost.graphql.unsetHeaders()
+```

docs/reference/javascript/nhost-js/nhost-client.mdx

@@ -0,0 +1,51 @@
+---
+title: NhostClient
+description: The Nhost client is the entry point to Nhost services.
+---
+
+# `NhostClient`
+
+```ts
+// Create a new Nhost client from subdomain and region.
+const nhost = new NhostClient({ subdomain, region })
+```
+
+```ts
+// Create a new Nhost client from individual service URLs (custom domains, self-hosting, etc).
+const nhost = new NhostClient({
+  authUrl: 'my-auth-service-url',
+  storageUrl: 'my-storage-service-url',
+  graphqlUrl: 'my-graphql-service-url',
+  functionsUrl: 'my-functions-service-url'
+})
+```
+
+```ts
+// Create a new Nhost client for local development.
+const nhost = new NhostClient({ subdomain: 'local' })
+```
+
+## Parameters
+
+---
+
+**<span className="parameter-name">\_\_namedParameters</span>** <span className="optional-status">required</span> [`NhostClientConstructorParams`](/reference/javascript/nhost-js/types/nhost-client-constructor-params)
+
+| Property                                                                                                            | Type                                                                            | Required | Notes                                                                                                                                    |
+| :------------------------------------------------------------------------------------------------------------------ | :------------------------------------------------------------------------------ | :------: | :--------------------------------------------------------------------------------------------------------------------------------------- |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>adminSecret</span>         | <code>string</code>                                                             |          | When set, the admin secret is sent as a header, `x-hasura-admin-secret`, for all requests to GraphQL, Storage, and Serverless Functions. |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>functionsUrl</span>        | <code>string</code>                                                             |          |                                                                                                                                          |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>storageUrl</span>          | <code>string</code>                                                             |          |                                                                                                                                          |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>graphqlUrl</span>          | <code>string</code>                                                             |          |                                                                                                                                          |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>authUrl</span>             | <code>string</code>                                                             |          |                                                                                                                                          |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>region</span>              | <code>string</code>                                                             |          | Project region (e.g. `eu-central-1`) Project region is not required during local development (when `subdomain` is `localhost`)           |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>subdomain</span>           | <code>string</code>                                                             |          | Project subdomain (e.g. `ieingiwnginwnfnegqwvdqwdwq`) Use `localhost` during local development                                           |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>devTools</span>            | <code>boolean</code>                                                            |          | Activate devTools e.g. the ability to connect to the xstate inspector                                                                    |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>autoSignIn</span>          | <code>boolean</code>                                                            |          | When set to true, will parse the url on startup to check if it contains a refresh token to start the session with                        |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>autoRefreshToken</span>    | <code>boolean</code>                                                            |          | When set to true, will automatically refresh token before it expires                                                                     |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>clientStorage</span>       | [`ClientStorage`](/reference/javascript/nhost-js/types/client-storage)          |          | Object where the refresh token will be persisted and read locally.                                                                       |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>clientStorageType</span>   | [`ClientStorageType`](/reference/javascript/nhost-js/types/client-storage-type) |          | Define a way to get information about the refresh token and its exipration date.                                                         |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>refreshIntervalTime</span> | <code>number</code>                                                             |          | Time interval until token refreshes, in seconds                                                                                          |
+| <span className="parameter-name"><span className="light-grey">\_\_namedParameters.</span>start</span>               | <code>boolean</code>                                                            |          |                                                                                                                                          |
+
+---

docs/reference/javascript/nhost-js/set-role.mdx

@@ -0,0 +1,29 @@
+---
+title: setRole()
+sidebarTitle: setRole()
+---
+
+Use `nhost.setRole` to set the user role for all subsequent GraphQL, storage, and functions calls.
+Underneath, this method sets the `x-hasura-role` header on the graphql, storage,
+and functions clients.
+
+```ts
+nhost.graphql.setHeaders({ 'x-hasura-role': role })
+nhost.storage.setHeaders({ 'x-hasura-role': role })
+nhost.functions.setHeaders({ 'x-hasura-role': role })
+```
+
+Note: Exercise caution when mixing the use of `setRole` along with `setHeaders` when setting the
+`x-hasura-role` header, as the last call will override any previous ones.
+
+```ts
+nhost.setRole('admin')
+```
+
+## Parameters
+
+---
+
+**<span className="parameter-name">role</span>** <span className="optional-status">required</span> <code>string</code>
+
+---

docs/reference/javascript/nhost-js/types/client-storage-type.mdx

@@ -0,0 +1,18 @@
+---
+title: ClientStorageType
+sidebarTitle: ClientStorageType
+description: No description provided.
+---
+
+# `ClientStorageType`
+
+```ts
+type ClientStorageType =
+  | 'capacitor'
+  | 'custom'
+  | 'expo-secure-storage'
+  | 'localStorage'
+  | 'react-native'
+  | 'web'
+  | 'cookie'
+```

docs/reference/javascript/nhost-js/types/client-storage.mdx

@@ -0,0 +1,55 @@
+---
+title: ClientStorage
+sidebarTitle: ClientStorage
+description: No description provided.
+---
+
+# `ClientStorage`
+
+## Parameters
+
+---
+
+**<span className="parameter-name">customSet</span>** <span className="optional-status">optional</span> <code>(key: string, value: null &#124; string) =&gt; void &#124; Promise&lt;void&gt;</code>
+
+---
+
+**<span className="parameter-name">customGet</span>** <span className="optional-status">optional</span> <code>(key: string) =&gt; null &#124; string &#124; Promise&lt;null &#124; string&gt;</code>
+
+---
+
+**<span className="parameter-name">deleteItemAsync</span>** <span className="optional-status">optional</span> <code>(key: string) =&gt; void</code>
+
+---
+
+**<span className="parameter-name">getItemAsync</span>** <span className="optional-status">optional</span> <code>(key: string) =&gt; any</code>
+
+---
+
+**<span className="parameter-name">setItemAsync</span>** <span className="optional-status">optional</span> <code>(key: string, value: string) =&gt; void</code>
+
+---
+
+**<span className="parameter-name">remove</span>** <span className="optional-status">optional</span> <code>(options: &#123; key: string &#125;) =&gt; void</code>
+
+---
+
+**<span className="parameter-name">get</span>** <span className="optional-status">optional</span> <code>(options: &#123; key: string &#125;) =&gt; any</code>
+
+---
+
+**<span className="parameter-name">set</span>** <span className="optional-status">optional</span> <code>(options: &#123; key: string, value: string &#125;) =&gt; void</code>
+
+---
+
+**<span className="parameter-name">removeItem</span>** <span className="optional-status">optional</span> <code>(key: string) =&gt; void</code>
+
+---
+
+**<span className="parameter-name">getItem</span>** <span className="optional-status">optional</span> <code>(key: string) =&gt; any</code>
+
+---
+
+**<span className="parameter-name">setItem</span>** <span className="optional-status">optional</span> <code>(\_key: string, \_value: string) =&gt; void</code>
+
+---

docs/reference/javascript/nhost-js/types/nhost-client-constructor-params.mdx

@@ -0,0 +1,118 @@
+---
+title: NhostClientConstructorParams
+sidebarTitle: NhostClientConstructorParams
+description: No description provided.
+---
+
+# `NhostClientConstructorParams`
+
+## Parameters
+
+---
+
+**<span className="parameter-name">start</span>** <span className="optional-status">optional</span> <code>boolean</code>
+
+---
+
+**<span className="parameter-name">refreshIntervalTime</span>** <span className="optional-status">optional</span> <code>number</code>
+
+Time interval until token refreshes, in seconds
+
+---
+
+**<span className="parameter-name">clientStorageType</span>** <span className="optional-status">optional</span> [`ClientStorageType`](/reference/javascript/nhost-js/types/client-storage-type)
+
+Define a way to get information about the refresh token and its exipration date.
+
+**`@default`**
+
+`web`
+
+---
+
+**<span className="parameter-name">clientStorage</span>** <span className="optional-status">optional</span> [`ClientStorage`](/reference/javascript/nhost-js/types/client-storage)
+
+Object where the refresh token will be persisted and read locally.
+
+Recommended values:
+
+- `'web'` and `'cookies'`: no value is required
+- `'react-native'`: `import Storage from @react-native-async-storage/async-storage`
+- `'cookies'`: `localStorage`
+- `'custom'`: an object that defines the following methods:
+  - `setItem` or `setItemAsync`
+  - `getItem` or `getItemAsync`
+  - `removeItem`
+- `'capacitor'`: `import { Storage } from @capacitor/storage`
+- `'expo-secure-store'`: `import * as SecureStore from 'expo-secure-store'`
+
+| Property                                                                                                  | Type                                                                                         | Required | Notes |
+| :-------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------- | :------: | :---- |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>setItem</span>         | <code>(\_key: string, \_value: string) =&gt; void</code>                                     |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>getItem</span>         | <code>(key: string) =&gt; any</code>                                                         |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>removeItem</span>      | <code>(key: string) =&gt; void</code>                                                        |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>set</span>             | <code>(options: &#123; key: string, value: string &#125;) =&gt; void</code>                  |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>get</span>             | <code>(options: &#123; key: string &#125;) =&gt; any</code>                                  |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>remove</span>          | <code>(options: &#123; key: string &#125;) =&gt; void</code>                                 |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>setItemAsync</span>    | <code>(key: string, value: string) =&gt; void</code>                                         |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>getItemAsync</span>    | <code>(key: string) =&gt; any</code>                                                         |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>deleteItemAsync</span> | <code>(key: string) =&gt; void</code>                                                        |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>customGet</span>       | <code>(key: string) =&gt; null &#124; string &#124; Promise&lt;null &#124; string&gt;</code> |          |       |
+| <span className="parameter-name"><span className="light-grey">clientStorage.</span>customSet</span>       | <code>(key: string, value: null &#124; string) =&gt; void &#124; Promise&lt;void&gt;</code>  |          |       |
+
+---
+
+**<span className="parameter-name">autoRefreshToken</span>** <span className="optional-status">optional</span> <code>boolean</code>
+
+When set to true, will automatically refresh token before it expires
+
+---
+
+**<span className="parameter-name">autoSignIn</span>** <span className="optional-status">optional</span> <code>boolean</code>
+
+When set to true, will parse the url on startup to check if it contains a refresh token to start the session with
+
+---
+
+**<span className="parameter-name">devTools</span>** <span className="optional-status">optional</span> <code>boolean</code>
+
+Activate devTools e.g. the ability to connect to the xstate inspector
+
+---
+
+**<span className="parameter-name">subdomain</span>** <span className="optional-status">optional</span> <code>string</code>
+
+Project subdomain (e.g. `ieingiwnginwnfnegqwvdqwdwq`)
+Use `localhost` during local development
+
+---
+
+**<span className="parameter-name">region</span>** <span className="optional-status">optional</span> <code>string</code>
+
+Project region (e.g. `eu-central-1`)
+Project region is not required during local development (when `subdomain` is `localhost`)
+
+---
+
+**<span className="parameter-name">authUrl</span>** <span className="optional-status">optional</span> <code>string</code>
+
+---
+
+**<span className="parameter-name">graphqlUrl</span>** <span className="optional-status">optional</span> <code>string</code>
+
+---
+
+**<span className="parameter-name">storageUrl</span>** <span className="optional-status">optional</span> <code>string</code>
+
+---
+
+**<span className="parameter-name">functionsUrl</span>** <span className="optional-status">optional</span> <code>string</code>
+
+---
+
+**<span className="parameter-name">adminSecret</span>** <span className="optional-status">optional</span> <code>string</code>
+
+When set, the admin secret is sent as a header, `x-hasura-admin-secret`,
+for all requests to GraphQL, Storage, and Serverless Functions.
+
+---

docs/reference/javascript/nhost-js/unset-role.mdx

@@ -0,0 +1,14 @@
+---
+title: unsetRole()
+sidebarTitle: unsetRole()
+---
+
+Use `nhost.unsetRole` to unset the user role for all subsequent graphql, storage and functions calls.
+Underneath, this method removes the `x-hasura-role` header from the graphql, storage and functions clients.
+
+Note: Exercise caution when mixing the use of `unsetRole` along with `setHeaders` when setting the
+`x-hasura-role` header, as the last call will override any previous ones.
+
+```ts
+nhost.unsetRole()
+```

docs/reference/javascript/storage/download.mdx

@@ -22,6 +22,6 @@ const { file, error } = await nhost.storage.download({ fileId: '<File-ID>' })
 | <span className="parameter-name"><span className="light-grey">params.</span>quality</span> | <code>number</code>                       |          | Image quality, between 1 and 100, 100 being the best quality |
 | <span className="parameter-name"><span className="light-grey">params.</span>height</span>  | <code>number</code>                       |          | Image height, in pixels                                      |
 | <span className="parameter-name"><span className="light-grey">params.</span>width</span>   | <code>number</code>                       |          | Image width, in pixels                                       |
-| <span className="parameter-name"><span className="light-grey">params.</span>headers</span> | <code>Record&lt;string, string&gt;</code> |          | Optional headers to be sent with the request                 |
+| <span className="parameter-name"><span className="light-grey">params.</span>headers</span> | <code>Record&lt;string, string&gt;</code> |          |                                                              |
 
 ---

docs/reference/javascript/storage/get-headers.mdx

@@ -0,0 +1,10 @@
+---
+title: getHeaders()
+sidebarTitle: getHeaders()
+---
+
+Use `nhost.storage.getHeaders` to get global headers sent with all storage requests.
+
+```ts
+nhost.storage.getHeaders()
+```

docs/reference/javascript/storage/get-presigned-url.mdx

@@ -24,12 +24,13 @@ console.log('expiration: ', presignedUrl.expiration)
 
 **<span className="parameter-name">params</span>** <span className="optional-status">required</span> [`StorageGetPresignedUrlParams`](/reference/javascript/storage/types/storage-get-presigned-url-params)
 
-| Property                                                                                   | Type                | Required | Notes                                                        |
-| :----------------------------------------------------------------------------------------- | :------------------ | :------: | :----------------------------------------------------------- |
-| <span className="parameter-name"><span className="light-grey">params.</span>fileId</span>  | <code>string</code> |    ✔️    |                                                              |
-| <span className="parameter-name"><span className="light-grey">params.</span>blur</span>    | <code>number</code> |          | Image blur, between 0 and 100                                |
-| <span className="parameter-name"><span className="light-grey">params.</span>quality</span> | <code>number</code> |          | Image quality, between 1 and 100, 100 being the best quality |
-| <span className="parameter-name"><span className="light-grey">params.</span>height</span>  | <code>number</code> |          | Image height, in pixels                                      |
-| <span className="parameter-name"><span className="light-grey">params.</span>width</span>   | <code>number</code> |          | Image width, in pixels                                       |
+| Property                                                                                   | Type                                      | Required | Notes                                                        |
+| :----------------------------------------------------------------------------------------- | :---------------------------------------- | :------: | :----------------------------------------------------------- |
+| <span className="parameter-name"><span className="light-grey">params.</span>fileId</span>  | <code>string</code>                       |    ✔️    |                                                              |
+| <span className="parameter-name"><span className="light-grey">params.</span>blur</span>    | <code>number</code>                       |          | Image blur, between 0 and 100                                |
+| <span className="parameter-name"><span className="light-grey">params.</span>quality</span> | <code>number</code>                       |          | Image quality, between 1 and 100, 100 being the best quality |
+| <span className="parameter-name"><span className="light-grey">params.</span>height</span>  | <code>number</code>                       |          | Image height, in pixels                                      |
+| <span className="parameter-name"><span className="light-grey">params.</span>width</span>   | <code>number</code>                       |          | Image width, in pixels                                       |
+| <span className="parameter-name"><span className="light-grey">params.</span>headers</span> | <code>Record&lt;string, string&gt;</code> |          |                                                              |
 
 ---

docs/reference/javascript/storage/set-headers.mdx

@@ -0,0 +1,22 @@
+---
+title: setHeaders()
+sidebarTitle: setHeaders()
+---
+
+Use `nhost.storage.setHeaders` to set global headers to be sent for all subsequent storage requests.
+
+```ts
+nhost.storage.setHeaders({
+  'x-hasura-role': 'admin'
+})
+```
+
+## Parameters
+
+---
+
+**<span className="parameter-name">headers</span>** <span className="optional-status">optional</span> <code>Record&lt;string, string&gt;</code>
+
+key value headers object
+
+---

docs/reference/javascript/storage/types/api-delete-params.mdx

@@ -10,6 +10,10 @@ description: No description provided.
 
 ---
 
+**<span className="parameter-name">headers</span>** <span className="optional-status">optional</span> <code>Record&lt;string, string&gt;</code>
+
+---
+
 **<span className="parameter-name">fileId</span>** <span className="optional-status">required</span> <code>string</code>
 
 ---