v0.1.87

What's Changed

• test: suppress flyctl fixture output by @Ronak-D-Shah in #157
• INS-305 Expand declarative config apply coverage by @Fermionic-Lyu in #156

New Contributors

• @Ronak-D-Shah made their first contribution in #157

Full Changelog: v0.1.86...v0.1.87

v0.1.86

Republish CLI through the GitHub release workflow so the build receives the PostHog API key injection. This replaces the manually published 0.1.85 artifact, which was built with analytics disabled.

v0.1.84

What's Changed

• feat(cli): write AGENTS.md into project root for bare agent harnesses (INS-187) by @tonychang04 in #139
• Report marketplace download via TemplateMarket edge function by @CarmenDou in #142
• feat(posthog): track cli_posthog_invoked on posthog setup by @CarmenDou in #143

Full Changelog: v0.1.82...v0.1.84

v0.1.82

What's Changed

• feat(cli)!: require --file for functions deploy by @tonychang04 in #134
• feat(cli): add --marketplace flag to create by @CarmenDou in #137

Full Changelog: v0.1.81...v0.1.82

v0.1.81

What's Changed

• feat(cli): track config apply/plan/export in PostHog by @tonychang04 in #131
• refactor(posthog): always defer wizard to user by @CarmenDou in #132

Full Changelog: v0.1.80...v0.1.81

v0.1.80

What's Changed

• feat(posthog): delegate SDK install to @posthog/wizard by @CarmenDou in #129

Full Changelog: v0.1.79...v0.1.80

v0.1.79

What's new

TOML config-as-code (#127)

• [auth] adds require_email_verification, verify_email_method ("code" | "link"), reset_password_method
• [auth.password] policy block: min_length, require_number, require_lowercase, require_uppercase, require_special_char
• Partial blocks supported (default-keep semantics — unspecified fields preserve live)
• Per-field capability gating — a backend exposing the policy piecemeal still applies the supported subset
• Hardened: shape-guarded reads of auth, allowedRedirectUrls, smtpConfig, deployments.customSlug so malformed metadata responses degrade gracefully instead of crashing config plan / export

Internal refactor

• New lib/config-metadata.ts consolidates /api/metadata projection — apply, plan, and export now share a single source of truth; fixes a latent plan.ts bug that only read allowedRedirectUrls

Full diff: v0.1.78...v0.1.79

v0.1.76

What's new

• fix(link): poll for real database password after project becomes active (#122). Fixes first-link masked DATABASE_URL for freshly-created cloud projects — the platform sets `status=active` before the password generator populates, so `/api/metadata/database-password` would briefly return `********` itself and our splice silently no-op'd. Now we detect the mask and poll up to ~20s for the real value.
• feat(cli): config-as-code via `insforge config export|plan|apply` (#109). Manage auth-side settings (allowed redirect URLs, etc.) declaratively in `insforge.toml`, with structured per-section diff and capability probing so an older backend doesn't silently drop fields.

PRs

• #122 — fix(link): poll for real database password
• #109 — feat(cli): config-as-code + env() validation + compute port fix

v0.1.74

What's new

When the user opts into Better Auth via link --auth better-auth or create --auth better-auth, the CLI now also installs the upstream better-auth/skills pack alongside insforge/agent-skills and find-skills. Agents get the provider's own scaffolding patterns (BA setup, email/password, 2FA, organizations, etc.) without a second manual install step.

The install is folded into the existing installSkills function — no extra round-trip, no per-call-site bolt-on. Future auth providers can be added with a single entry in the lookup table.

PRs

• #119 — feat(skills): install better-auth/skills when --auth better-auth
• #121 — bump to version 0.1.74

v0.1.73

Re-link UX fix

• #117 — `refreshStaleEnvDefaults` now treats any DATABASE_URL with a `:****@` masked password as stale and refreshes it from the platform-provided real password on re-link.

  Users who linked any cloud project under 0.1.71 or earlier had `postgresql://postgres:********@cloud-host/db?sslmode=require` in `.env.local` (the cloud's `/database-connection-string` endpoint masks the password; the splice via `/database-password` only landed in 0.1.72). Re-linking under 0.1.72 didn't fix it because the masked URL doesn't match the manifest's localhost default, so the existing value just stayed — and BA's pg pool would fail every sign-up with `password authentication failed for user "postgres"`.

  0.1.73: re-running `link --auth better-auth` in such a project now writes the real password to `.env.local` automatically.