* refactor: unify server admin tools into dashboard pages with server selector
Replace the per-server Advanced dropdown (Traefik file system, Docker
containers, swarm overview, swarm nodes, schedules) with a server
selector on the existing dashboard routes, defaulting to the Dokploy
server. Pages are now available in cloud too, since the dropdown was
the only entry point there; the cloud-only monitoring modal moves to
an icon button on the server card.
* feat: add frontend-design skill and enhance dashboard UI components
- Introduced a new skill for creating high-quality frontend designs, emphasizing intentional aesthetics and detailed guidelines for implementation.
- Updated the Traefik system component to improve the user experience when no files or directories are found, incorporating new icons and a more informative layout.
- Enhanced the server filter component with improved loading states, user prompts, and a more visually appealing design, including badges and better server information display.
* [autofix.ci] apply automated fixes
* style: adjust Card component layout in schedules page for improved responsiveness
- Modified the Card component in the schedules page to ensure it utilizes full width while maintaining the minimum height, enhancing the overall layout and user experience.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: use canEditDeployGitSource for git provider access on existing deploys
Replaces the simple userId ownership check with a new canEditDeployGitSource
function that correctly handles all role/sharing scenarios. Owner always has
access; admin and member only if they own the provider or it is shared with
the org — being assigned via accessedGitProviders (enterprise) only grants
permission to connect new deploys, not to edit the git source of existing ones.
Adds 26 unit tests covering owner, admin, member (with/without enterprise
license), shared providers, and the key regression case from issue #4469.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* refactor: improve restore logging for database backups
- Updated restore functions across various database types (Postgres, MySQL, MongoDB, MariaDB, LibSQL, and Compose) to provide clearer logging messages.
- Replaced generic command execution logs with specific messages indicating the database being restored and the source backup file.
- This change enhances the clarity of restore operations and aids in troubleshooting by providing more context in the logs.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: strip credentials from service-level API responses
Registry passwords and S3 destination credentials were being returned
in service `.one` tRPC endpoints to any user with service-level read
access. Reported by Nihon Kohden Corporation security team.
- Strip registry `password` from `findApplicationById` via Drizzle `columns: { password: false }`
- Strip destination `accessKey`/`secretAccessKey` from all DB service finders (postgres, mysql, mariadb, mongo, libsql, compose, backup, volume-backups)
- Add `findRegistryByIdWithCredentials` for internal use only
- Builders and upload utils now load registry credentials by ID at execution time
- `createRollback` enriches `fullContext` with registry credentials before persisting to DB so rollback execution has what it needs
- Remove `findApplicationByIdWithCredentials` and `ApplicationNestedWithCredentials` — no longer needed
- Backup execution utils load full destination via `findDestinationById` at runtime instead of reading from the joined relation
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Docker Swarm's default start-first update order causes new database
containers to fail with 'DBPathInUse' because two containers compete
for the same data volume simultaneously. Docker then rolls back the
update, silently reverting any env var or config changes.
Using stop-first ensures the old container is stopped before the new
one starts, preventing volume lock conflicts across all database types.
Fixes#4550
Fixes#4553
- Replace z.coerce.number() with a custom transform that converts empty strings to undefined instead of 0
- Add value={field.value ?? ""} to numeric inputs so they visually clear when reset to undefined
- Enhanced the `apiReadTraefikConfig` schema by reintroducing path validation logic to prevent directory traversal attacks and unauthorized access.
- The validation now includes checks for null bytes and ensures paths start with a defined main Traefik path, improving security and robustness.
These changes strengthen the integrity of the configuration handling by ensuring only valid paths are accepted.
- Introduced a new SQL migration file `0171_lucky_echo.sql` to modify the foreign key constraint on the `sso_provider` table, changing the `ON DELETE` behavior from `cascade` to `set null`.
- Updated the journal to include the new migration version and its associated tag.
- Added a snapshot file for version 7 of the database schema, reflecting the current state of the `sso_provider` and other related tables.
These changes enhance the integrity of the database by ensuring that user references are set to null instead of being deleted when the referenced user is removed.
- Updated the alert block in the HandleForwardAuth component to provide clearer requirements for deploying the authentication proxy.
- Added a DnsHelperModal to assist with DNS configuration in the ForwardAuthServers component.
- Refined API input schemas for forward authentication operations to improve type safety and clarity.
- Removed the obsolete forward-auth SSO design document to streamline documentation.
These changes improve the user experience and maintainability of the forward authentication feature across the application.
Deleted the `.github/workflows/pr-quality.yml` file, which contained the configuration for the PR Quality workflow. This removal streamlines the repository by eliminating unused workflow files.
- Replaced `forwardAuthProviderId` with `forwardAuthEnabled` in the domain schema to simplify the configuration of forward authentication.
- Updated related tests to reflect this change, ensuring consistency across the application.
- Introduced a new SQL migration to create the `forward_auth_settings` table for managing authentication domains and their configurations.
This refactor enhances the clarity and maintainability of the forward authentication logic within the application.
- Deleted several SQL migration files related to the `webServerSettings` and `schedule` tables, which included adding and dropping columns and constraints.
- Removed snapshots corresponding to the deleted migrations to maintain consistency in the database schema history.
This cleanup enhances the maintainability of the migration history by removing outdated and unused files.
- Added the `VALID_BRANCH_REGEX` import to all Git provider components to ensure consistent branch validation.
- Removed duplicate imports of `VALID_BRANCH_REGEX` to streamline the code and improve readability.
This change enhances maintainability by centralizing branch validation logic across the application.
- Removed the selection of SSO providers from the UI, streamlining the process to enable/disable SSO for domains.
- Updated the API to eliminate the need for a provider ID when enabling forward authentication, relying on the configured settings instead.
- Enhanced user feedback by updating toast messages to reflect the current state of SSO authentication.
- Improved the UI layout for better clarity on SSO status and actions.
This refactor enhances the user experience by simplifying the SSO configuration process and ensuring clearer communication of actions taken.
Changed the schedule scoping in the schedule utility to use organizationId instead of userId, ensuring that schedules are shared across all owners and admins within the same organization. This aligns with the recent changes to enhance organizational resource management.
Consolidated import statements across multiple provider components by removing duplicate imports of VALID_BRANCH_REGEX. Improved the readability of the permission test for denied access by simplifying the expect statement. Additionally, added copy-to-clipboard functionality in relevant components to enhance user experience.
Bumped the version of dokploy to v0.29.7. Updated test descriptions for clarity, specifically renaming the test suite to reflect the roles of "owner" and "admin." Added new tests to ensure that members are denied access to various org-level enterprise resources, improving coverage and validation of permission checks.
Updated the permission check logic to specifically identify "owner" and "admin" roles as privileged static roles, enhancing clarity and accuracy in permission validation. This change ensures that only users with these roles are granted access to enterprise-only resources.
* fix: scope dokploy-server schedules to organization instead of user
Replaces userId with organizationId on the schedule table so that
global (dokploy-server) schedules are shared across all owners and
admins of the same organization, while remaining isolated between
different organizations.
Includes a data migration that backfills organizationId from the
owner membership record for any existing dokploy-server schedules.
Closes#4300
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
- Added a new `forward_auth_settings` table to manage authentication domains and their configurations.
- Introduced UI components for handling forward authentication, including enabling/disabling SSO for domains and selecting SSO providers.
- Updated existing tests to include validation for the new `forwardAuthProviderId` field in domain configurations.
- Enhanced the dashboard to integrate forward authentication management, allowing users to configure SSO settings directly from the application interface.
This update improves the flexibility and security of application authentication by allowing integration with various identity providers.
* fix: scope dokploy-server schedules to organization instead of user
Replaces userId with organizationId on the schedule table so that
global (dokploy-server) schedules are shared across all owners and
admins of the same organization, while remaining isolated between
different organizations.
Includes a data migration that backfills organizationId from the
owner membership record for any existing dokploy-server schedules.
Closes#4300
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix(migrate-auth-secret): exit cleanly when there are no 2FA records
The empty-records branch of `main()` returned without calling
`process.exit(0)`, leaving the Drizzle Postgres connection pool
holding the event loop open. The `migrate-auth-secret` process
then hangs indefinitely after printing "No 2FA records found,
nothing to migrate." causing the upstream `0.29.3.sh` security
migration script (which calls this via `docker exec`) to never
reach its final `docker service update` step that mounts the new
Docker Secret. Operators end up with the new secret created but
the dokploy service still configured with the hardcoded
`BETTER_AUTH_SECRET`, while believing the migration completed.
Match the success branch a few lines below which already does
`process.exit(0)`, and the pattern used in sibling scripts
`reset-password.ts` and `reset-2fa.ts`.
Closes#4392
* feat(compose): add import from base64 in create service dropdown
Adds an "Import" option to the Create Service dropdown that lets users
paste a base64-encoded compose export, preview the template (compose YAML,
domains, envs, mounts) before confirming, and create the service only on
confirm. Adds a `previewTemplate` tRPC procedure that processes the base64
without touching the DB, with server access validation via session.
* [autofix.ci] apply automated fixes
* Enhance version synchronization workflow to include SDK repository
- Updated the GitHub Actions workflow to sync versioning across MCP, CLI, and SDK repositories.
- Added steps to bump the version in the SDK repository and regenerate tools from the latest OpenAPI spec.
- Improved commit message formatting to include source and release information for all repositories.
- Ensured successful synchronization messages for each repository after the version update.
* feat(deployment): add readLogs procedure to fetch deployment logs
- Introduced a new `readLogs` procedure that allows users to retrieve logs for a specific deployment by providing the deployment ID and an optional tail parameter.
- Implemented permission checks to ensure users have access to the requested logs.
- Enhanced log retrieval for both cloud and non-cloud environments, utilizing appropriate commands based on the server context.
Resolve https://github.com/Dokploy/mcp/issues/14
* feat(deployment): add server access validation for deployment actions
- Implemented server access validation in deployment procedures to ensure users can only access deployments associated with their active organization.
- Added checks to throw an UNAUTHORIZED error if a user attempts to access a deployment linked to a server outside their organization.
This enhancement improves security and access control within the deployment management system.
* feat(organization): prevent inviting users with owner role
- Added validation to prevent users from being invited with the owner role in the organization and user routers.
- Implemented TRPCError responses to ensure proper error handling when attempting to assign the owner role.
This change enhances role management and security within the organization structure.
https://github.com/Dokploy/dokploy/security/advisories/GHSA-fm9p-wmpw-gxjh
* feat(user): implement session cleanup on user update
- Added functionality to delete old sessions when a user updates their password, ensuring that only the current session remains active.
- This change enhances security by preventing unauthorized access from previous sessions after a password change.
Close here https://github.com/Dokploy/dokploy/security/advisories/GHSA-rr9m-w87g-46f3
* feat(settings): add copy button to server IP in web server settings (#4397)
* fix: copy Dokploy server IP when clicking server badge (#4390)
* fix: copy Dokploy server IP when clicking server badge
When a service runs on the local Dokploy server (no remote server),
clicking the server badge did nothing because `data.server` is null.
Now falls back to the server IP from settings so the badge always
copies an IP address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(copy-ip): implement IP address copying functionality across database service components
- Added the ability to copy the server IP address to the clipboard when clicking the server badge in various database service components (Libsql, MariaDB, MongoDB, MySQL, PostgreSQL, Redis).
- Integrated the `copy-to-clipboard` library and `sonner` for user feedback upon successful copy action.
- Ensured fallback to the server IP from settings when the service data is not available, enhancing user experience and functionality.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
* fix: responsive layout (#4391)
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
* fix: automatically converting username to lowercase both in creation of register, and build for extra. (#4382)
* fix: allow square brackets in zip path validation for Next.js dynamic routes (#4468)
* fix: allow square brackets in zip drop path validation for Next.js dynamic routes
ZIP uploads containing Next.js dynamic route files (e.g. app/api/[id]/route.ts,
pages/[slug].tsx) were rejected by readValidDirectory because the path regex
did not include square bracket characters.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: prevent webhook deploy crash when commit data lacks modified files (#4470)
shouldDeploy passed undefined/null entries from commit.modified straight
into micromatch, which throws "Expected input to be a string" and fails
every webhook deployment when watch paths are configured. Filter out
non-string values before matching.
* fix: add type="button" to TooltipTrigger in form components to prevent accidental submission (#4422)
Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
* fix: enable comment toggle shortcut in env variable editor (#4402) (#4473)
* fix: add tls=true label for domains when certificateType is none (#4018) (#4474)
* fix: add tls=true label for compose domains when certificateType is none (#4018)
* test: cover tls=true label for certificateType none, require https
* fix: scope tls fix to compose labels, leave traefik file config unchanged (#4018)
* chore: update version to v0.29.5 in package.json
* chore(deps): upgrade next to 16.2.6 (#4477)
Upgraded next dependency in apps/dokploy to 16.2.6 exactly. Verified typescript typecheck passes successfully.
* feat: add self-hosted enterprise restrictions (remote-servers-only, enforce-sso) (#4511)
* feat: add self-hosted enterprise restrictions (remote-servers-only, enforce-sso)
- Add `remoteServersOnly` field to webServerSettings: prevents creating services
on the local Dokploy VM, forcing all deployments to remote servers. Validated
in all 8 service routers (application, compose, postgres, mysql, mongo, redis,
mariadb, libsql).
- Add `enforceSSO` field to webServerSettings: hides the email/password login
form and shows only the SSO button on the login page.
- Both settings are enterprise-only (enterpriseProcedure) and self-hosted-only
(blocked at the API level when IS_CLOUD=true).
- UI toggles added to the SSO settings page under a new "Self-hosted
Restrictions" card (hidden in cloud). Login page reads enforceSSO from
getServerSideProps to avoid client-side flash.
- Migrations: 0167_fresh_goliath.sql, 0168_long_justice.sql
* fix: add missing final newlines to migration files
* refactor: improve code formatting for better readability in multiple components
- Adjusted formatting in `add-application.tsx`, `add-compose.tsx`, and `add-database.tsx` to enhance readability by adding line breaks and consistent indentation.
- Updated `toggle-enforce-sso.tsx` to simplify the Switch component's props.
- Reformatted imports in `index.tsx` and `sso.tsx` for consistency.
- Cleaned up conditional statements in various router files for improved clarity.
* fix: add enforceSSO to test mock
* fix: grant create and delete SSH key permissions when canAccessToSSHKeys is enabled for members (#4512)
* fix: use create permission for basic auth delete instead of delete (#4513)
* fix: wrap long server names and keep actions menu visible (#4434)
On settings/servers, a long server name in the card title (h3) did not
wrap and overflowed its container, overlapping nearby content and
squeezing the three-dots actions menu until it disappeared.
Allow the title block to shrink and wrap (min-w-0 + break-words), keep
the server icon and the actions trigger from being crushed (shrink-0),
and add gap between the title and the actions button.
* chore: update version to v0.29.6 in package.json
* fix: preserve HOME in compose deploy so --with-registry-auth can read docker config (#4485)
The compose/stack deploy command runs under `env -i PATH="$PATH"`, which
clears the environment except for PATH. That strips HOME, so when the
generated command is `docker stack deploy --prune --with-registry-auth`
the docker CLI cannot resolve `~/.docker/config.json` (e.g.
`/root/.docker/config.json`) and ships no registry credentials to the
swarm. Private-registry images then fail to pull on the nodes:
image registry.example.com/... could not be accessed on a registry to
record its digest. Each node will access ... independently
while the deploy still logs "Docker Compose Deployed: ✅".
Keep PATH isolation but preserve HOME so docker can read its config for
both `stack deploy --with-registry-auth` and `compose up -d --build`.
Add a regression test asserting the generated command preserves
`HOME="$HOME"` for both stack and docker-compose deploys.
Fixes#4401
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
Co-authored-by: ngenohkevin <ngenohkevin19@gmail.com>
Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Volodymyr Kravchuk <volodymyr.kravch@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Nahidujjaman Hridoy <75487507+nhridoy@users.noreply.github.com>
Co-authored-by: Francis <9560564+Baker@users.noreply.github.com>
Co-authored-by: mixelburg <52622705+mixelburg@users.noreply.github.com>
Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
Co-authored-by: Jasael <67719321+jasael@users.noreply.github.com>
Co-authored-by: Philippe Parage <69145356+pparage@users.noreply.github.com>
Co-authored-by: youcef zr <93142224+youcefzemmar@users.noreply.github.com>
The compose/stack deploy command runs under `env -i PATH="$PATH"`, which
clears the environment except for PATH. That strips HOME, so when the
generated command is `docker stack deploy --prune --with-registry-auth`
the docker CLI cannot resolve `~/.docker/config.json` (e.g.
`/root/.docker/config.json`) and ships no registry credentials to the
swarm. Private-registry images then fail to pull on the nodes:
image registry.example.com/... could not be accessed on a registry to
record its digest. Each node will access ... independently
while the deploy still logs "Docker Compose Deployed: ✅".
Keep PATH isolation but preserve HOME so docker can read its config for
both `stack deploy --with-registry-auth` and `compose up -d --build`.
Add a regression test asserting the generated command preserves
`HOME="$HOME"` for both stack and docker-compose deploys.
Fixes#4401
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
On settings/servers, a long server name in the card title (h3) did not
wrap and overflowed its container, overlapping nearby content and
squeezing the three-dots actions menu until it disappeared.
Allow the title block to shrink and wrap (min-w-0 + break-words), keep
the server icon and the actions trigger from being crushed (shrink-0),
and add gap between the title and the actions button.
* feat: add self-hosted enterprise restrictions (remote-servers-only, enforce-sso)
- Add `remoteServersOnly` field to webServerSettings: prevents creating services
on the local Dokploy VM, forcing all deployments to remote servers. Validated
in all 8 service routers (application, compose, postgres, mysql, mongo, redis,
mariadb, libsql).
- Add `enforceSSO` field to webServerSettings: hides the email/password login
form and shows only the SSO button on the login page.
- Both settings are enterprise-only (enterpriseProcedure) and self-hosted-only
(blocked at the API level when IS_CLOUD=true).
- UI toggles added to the SSO settings page under a new "Self-hosted
Restrictions" card (hidden in cloud). Login page reads enforceSSO from
getServerSideProps to avoid client-side flash.
- Migrations: 0167_fresh_goliath.sql, 0168_long_justice.sql
* fix: add missing final newlines to migration files
* refactor: improve code formatting for better readability in multiple components
- Adjusted formatting in `add-application.tsx`, `add-compose.tsx`, and `add-database.tsx` to enhance readability by adding line breaks and consistent indentation.
- Updated `toggle-enforce-sso.tsx` to simplify the Switch component's props.
- Reformatted imports in `index.tsx` and `sso.tsx` for consistency.
- Cleaned up conditional statements in various router files for improved clarity.
* fix: add enforceSSO to test mock
* fix(migrate-auth-secret): exit cleanly when there are no 2FA records
The empty-records branch of `main()` returned without calling
`process.exit(0)`, leaving the Drizzle Postgres connection pool
holding the event loop open. The `migrate-auth-secret` process
then hangs indefinitely after printing "No 2FA records found,
nothing to migrate." causing the upstream `0.29.3.sh` security
migration script (which calls this via `docker exec`) to never
reach its final `docker service update` step that mounts the new
Docker Secret. Operators end up with the new secret created but
the dokploy service still configured with the hardcoded
`BETTER_AUTH_SECRET`, while believing the migration completed.
Match the success branch a few lines below which already does
`process.exit(0)`, and the pattern used in sibling scripts
`reset-password.ts` and `reset-2fa.ts`.
Closes#4392
* feat(compose): add import from base64 in create service dropdown
Adds an "Import" option to the Create Service dropdown that lets users
paste a base64-encoded compose export, preview the template (compose YAML,
domains, envs, mounts) before confirming, and create the service only on
confirm. Adds a `previewTemplate` tRPC procedure that processes the base64
without touching the DB, with server access validation via session.
* [autofix.ci] apply automated fixes
* Enhance version synchronization workflow to include SDK repository
- Updated the GitHub Actions workflow to sync versioning across MCP, CLI, and SDK repositories.
- Added steps to bump the version in the SDK repository and regenerate tools from the latest OpenAPI spec.
- Improved commit message formatting to include source and release information for all repositories.
- Ensured successful synchronization messages for each repository after the version update.
* feat(deployment): add readLogs procedure to fetch deployment logs
- Introduced a new `readLogs` procedure that allows users to retrieve logs for a specific deployment by providing the deployment ID and an optional tail parameter.
- Implemented permission checks to ensure users have access to the requested logs.
- Enhanced log retrieval for both cloud and non-cloud environments, utilizing appropriate commands based on the server context.
Resolve https://github.com/Dokploy/mcp/issues/14
* feat(deployment): add server access validation for deployment actions
- Implemented server access validation in deployment procedures to ensure users can only access deployments associated with their active organization.
- Added checks to throw an UNAUTHORIZED error if a user attempts to access a deployment linked to a server outside their organization.
This enhancement improves security and access control within the deployment management system.
* feat(organization): prevent inviting users with owner role
- Added validation to prevent users from being invited with the owner role in the organization and user routers.
- Implemented TRPCError responses to ensure proper error handling when attempting to assign the owner role.
This change enhances role management and security within the organization structure.
https://github.com/Dokploy/dokploy/security/advisories/GHSA-fm9p-wmpw-gxjh
* feat(user): implement session cleanup on user update
- Added functionality to delete old sessions when a user updates their password, ensuring that only the current session remains active.
- This change enhances security by preventing unauthorized access from previous sessions after a password change.
Close here https://github.com/Dokploy/dokploy/security/advisories/GHSA-rr9m-w87g-46f3
* feat(settings): add copy button to server IP in web server settings (#4397)
* fix: copy Dokploy server IP when clicking server badge (#4390)
* fix: copy Dokploy server IP when clicking server badge
When a service runs on the local Dokploy server (no remote server),
clicking the server badge did nothing because `data.server` is null.
Now falls back to the server IP from settings so the badge always
copies an IP address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(copy-ip): implement IP address copying functionality across database service components
- Added the ability to copy the server IP address to the clipboard when clicking the server badge in various database service components (Libsql, MariaDB, MongoDB, MySQL, PostgreSQL, Redis).
- Integrated the `copy-to-clipboard` library and `sonner` for user feedback upon successful copy action.
- Ensured fallback to the server IP from settings when the service data is not available, enhancing user experience and functionality.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
* fix: responsive layout (#4391)
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
* fix: automatically converting username to lowercase both in creation of register, and build for extra. (#4382)
* fix: allow square brackets in zip path validation for Next.js dynamic routes (#4468)
* fix: allow square brackets in zip drop path validation for Next.js dynamic routes
ZIP uploads containing Next.js dynamic route files (e.g. app/api/[id]/route.ts,
pages/[slug].tsx) were rejected by readValidDirectory because the path regex
did not include square bracket characters.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: prevent webhook deploy crash when commit data lacks modified files (#4470)
shouldDeploy passed undefined/null entries from commit.modified straight
into micromatch, which throws "Expected input to be a string" and fails
every webhook deployment when watch paths are configured. Filter out
non-string values before matching.
* fix: add type="button" to TooltipTrigger in form components to prevent accidental submission (#4422)
Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
* fix: enable comment toggle shortcut in env variable editor (#4402) (#4473)
* fix: add tls=true label for domains when certificateType is none (#4018) (#4474)
* fix: add tls=true label for compose domains when certificateType is none (#4018)
* test: cover tls=true label for certificateType none, require https
* fix: scope tls fix to compose labels, leave traefik file config unchanged (#4018)
* chore: update version to v0.29.5 in package.json
---------
Signed-off-by: Nahidujjaman Hridoy <hridoyboss12@gmail.com>
Co-authored-by: ngenohkevin <ngenohkevin19@gmail.com>
Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Volodymyr Kravchuk <volodymyr.kravch@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Nahidujjaman Hridoy <75487507+nhridoy@users.noreply.github.com>
Co-authored-by: Francis <9560564+Baker@users.noreply.github.com>
Co-authored-by: mixelburg <52622705+mixelburg@users.noreply.github.com>
Co-authored-by: Maks Pikov <mixelburg@users.noreply.github.com>
shouldDeploy passed undefined/null entries from commit.modified straight
into micromatch, which throws "Expected input to be a string" and fails
every webhook deployment when watch paths are configured. Filter out
non-string values before matching.
* fix: allow square brackets in zip drop path validation for Next.js dynamic routes
ZIP uploads containing Next.js dynamic route files (e.g. app/api/[id]/route.ts,
pages/[slug].tsx) were rejected by readValidDirectory because the path regex
did not include square bracket characters.
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix: copy Dokploy server IP when clicking server badge
When a service runs on the local Dokploy server (no remote server),
clicking the server badge did nothing because `data.server` is null.
Now falls back to the server IP from settings so the badge always
copies an IP address.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(copy-ip): implement IP address copying functionality across database service components
- Added the ability to copy the server IP address to the clipboard when clicking the server badge in various database service components (Libsql, MariaDB, MongoDB, MySQL, PostgreSQL, Redis).
- Integrated the `copy-to-clipboard` library and `sonner` for user feedback upon successful copy action.
- Ensured fallback to the server IP from settings when the service data is not available, enhancing user experience and functionality.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mauricio Siu <siumauricio@icloud.com>
- Added functionality to delete old sessions when a user updates their password, ensuring that only the current session remains active.
- This change enhances security by preventing unauthorized access from previous sessions after a password change.
Close here https://github.com/Dokploy/dokploy/security/advisories/GHSA-rr9m-w87g-46f3
- Added validation to prevent users from being invited with the owner role in the organization and user routers.
- Implemented TRPCError responses to ensure proper error handling when attempting to assign the owner role.
This change enhances role management and security within the organization structure.
https://github.com/Dokploy/dokploy/security/advisories/GHSA-fm9p-wmpw-gxjh
- Implemented server access validation in deployment procedures to ensure users can only access deployments associated with their active organization.
- Added checks to throw an UNAUTHORIZED error if a user attempts to access a deployment linked to a server outside their organization.
This enhancement improves security and access control within the deployment management system.
- Introduced a new `readLogs` procedure that allows users to retrieve logs for a specific deployment by providing the deployment ID and an optional tail parameter.
- Implemented permission checks to ensure users have access to the requested logs.
- Enhanced log retrieval for both cloud and non-cloud environments, utilizing appropriate commands based on the server context.
Resolve https://github.com/Dokploy/mcp/issues/14
- Updated the GitHub Actions workflow to sync versioning across MCP, CLI, and SDK repositories.
- Added steps to bump the version in the SDK repository and regenerate tools from the latest OpenAPI spec.
- Improved commit message formatting to include source and release information for all repositories.
- Ensured successful synchronization messages for each repository after the version update.
Adds an "Import" option to the Create Service dropdown that lets users
paste a base64-encoded compose export, preview the template (compose YAML,
domains, envs, mounts) before confirming, and create the service only on
confirm. Adds a `previewTemplate` tRPC procedure that processes the base64
without touching the DB, with server access validation via session.
The empty-records branch of `main()` returned without calling
`process.exit(0)`, leaving the Drizzle Postgres connection pool
holding the event loop open. The `migrate-auth-secret` process
then hangs indefinitely after printing "No 2FA records found,
nothing to migrate." causing the upstream `0.29.3.sh` security
migration script (which calls this via `docker exec`) to never
reach its final `docker service update` step that mounts the new
Docker Secret. Operators end up with the new secret created but
the dokploy service still configured with the hardcoded
`BETTER_AUTH_SECRET`, while believing the migration completed.
Match the success branch a few lines below which already does
`process.exit(0)`, and the pattern used in sibling scripts
`reset-password.ts` and `reset-2fa.ts`.
Closes#4392
- Modified the regex pattern in the `readValidDirectory` function to allow for a wider range of characters, including colons, improving the validation of directory names.
- This change enhances input integrity by ensuring valid directory formats are accepted.
- Implemented a new workflow step to clone the SDK repository and update the OpenAPI specification.
- Configured Git user details for the sync operation and added a commit message format that includes source and update timestamp.
- Ensured successful synchronization of OpenAPI documentation to the SDK repository.
- Changed the path of the `migrate-auth-secret` script from the root directory to the `scripts` folder for better organization and clarity in the project structure.
- Added a regex validation for branch names in Bitbucket, Git, Gitea, GitHub, and GitLab provider schemas to ensure consistent and valid branch formats.
- Refactored the branch validation logic to improve readability and maintainability across the schemas.
- Enhanced input integrity by ensuring all provider schemas adhere to the same branch name validation rules.
- Added a new script `migrate-auth-secret.ts` to facilitate the migration of 2FA secrets when changing the BETTER_AUTH_SECRET.
- Updated `package.json` to include a command for running the migration script.
- Refactored the handling of BETTER_AUTH_SECRET to improve security by removing the hardcoded default and introducing a fallback mechanism using environment variables or Docker secrets.
- Updated the authentication logic to utilize the new `betterAuthSecret` function for retrieving the secret.
- Introduced a new validation schema for registry URLs, ensuring they conform to a specific format (hostname[:port]) and disallow shell metacharacters.
- Updated the `createSchema`, `apiCreateRegistry`, and `apiTestRegistry` functions to utilize the new registry URL validation.
- Improved security and input integrity for registry URL fields.
- Updated the `removeRegistry` function to escape the registry URL during logout to prevent command injection vulnerabilities.
- Updated the `destinationPath` field in the upload file schema to include a regex validation, ensuring only alphanumeric characters, dots, dashes, underscores, and forward slashes are allowed.
- Added a corresponding regex check in the `uploadFileToContainer` function to validate the destination path before processing, improving input integrity and preventing errors.
- Updated the WebSocket server to encode the log path in base64 before executing the tail command on the remote server.
- Added validation to ensure the directory name adheres to a specified regex pattern, improving input integrity for directory paths.
- Modified the `writeConfigRemote` function to encode the Traefik configuration in base64 before saving it to the remote YAML file.
- This change ensures that the configuration is correctly handled and prevents potential issues with special characters in the config.
- Introduced a regex validation for branch names in Bitbucket, Git, Gitea, GitHub, and GitLab provider schemas to ensure valid branch formats.
- Updated the corresponding schemas to include the new validation rule, enhancing input integrity and preventing potential errors.
- Added a utility for branch validation in the server utils.
- Updated the schedule form schema to include an optional 'description' field.
- Enhanced the form to allow users to input a description for each schedule.
- Modified the schedule display component to show the description if available.
- Added a database migration to include the 'description' column in the schedule table.
Introduced an optional 'isolated' boolean property in the CompleteTemplate interface to manage isolated deployment settings. Added tests to verify default behavior (isolated=true) and explicit settings (isolated=true/false) in the deployment configuration.
This change enhances template flexibility for deployment configurations.
Templates using network_mode: host (e.g. cloudflared) can now declare
isolated = false in their [config] section to prevent Dokploy from
injecting networks into the compose, which would cause a Docker error.
Default behavior (isolated = true) is unchanged for all existing templates.
Fixes#4366
Cards with descriptions appeared taller than those without, causing
the 'Created at' and service count text to be misaligned across cards
in the same row.
- Add flex-col and mt-auto to project cards so footer sticks to bottom
- Add h-full to service card Link and Card so they fill the grid cell
Three stray debug console.log calls had been left in production code paths:
- restore-backup.tsx: logged the full form payload on every backup restore
submission.
- add-database.tsx: logged the libsql `enableNamespaces` field value from
inside a `render` callback, firing on every re-render of the parent form.
- project.ts (duplicateProject mutation): logged the freshly-created
target project/environment row on the server on every duplicate.
No behaviour change; strictly removes log noise.
Add 10s AbortSignal timeout to all template fetch calls so they fail
cleanly instead of hanging indefinitely when templates.dokploy.com is
unreachable. Add try/catch to getTags endpoint which was missing error
handling, causing a 500 instead of returning an empty list.
Closes#4282
Replace permanent (301) redirects with temporary (302) redirects across
all pages that check authentication state in getServerSideProps.
Permanent redirects are cached by the browser indefinitely, causing a
bug where users had to manually refresh after login: the browser would
cache the unauthenticated redirect (dashboard → login page) and replay
it even after a successful login, preventing navigation to the dashboard.
Fixes#4220
Closes#3909
The previous 10s interval triggered a DB query (SELECT 1) 360 times/hour,
keeping Node.js heap under constant pressure and preventing the GC from
reclaiming memory efficiently. Increasing to 30s reduces query load by 3x.
Also adds start-period=60s to avoid false failures during startup.
- Added a maximum length constraint of 255 characters for the email input field.
- Updated validation schema to include a message for exceeding the maximum length.
- Added `sendInvitationEmail` function to send invitation emails when a new organization is created in the cloud environment.
- Updated email template to enhance the invitation message and included a direct link for users to accept the invitation.
- Refactored email sending logic in the user router to utilize the new invitation email rendering function.
- Improved organization invitation email design for better user experience.
- Implemented checks in the WebSocket server setups for Docker container logs, terminal, and deployment logs to ensure users can only access resources associated with their active organization.
- Enhanced security by closing WebSocket connections if the organization ID does not match the session's active organization ID.
Prevents owner/admin users of one organization from accessing servers,
destinations, and Docker Swarm join tokens belonging to other organizations
by validating organizationId on all endpoints that accept serverId or
destinationId as direct input.
- cluster: validate serverId org on getNodes, addWorker, addManager, removeWorker
- deployment: validate serverId org on allByServer
- backup: validate destinationId + serverId org on listBackupFiles
- volume-backups: validate destinationId + serverId org on restoreVolumeBackupWithLogs
- wss: validate server org on docker-container-logs, docker-container-terminal,
listen-deployment, and terminal WebSocket handlers
- auth: fix TypeScript type for API key metadata parsing
Allows users to quickly copy the AI-generated log analysis to their
clipboard from the analyze-logs popover, matching the copy UX used in
the deployment and docker logs views.
Made-with: Cursor
- Added comprehensive permission checks for creating, updating, and deleting schedules based on user roles (owner/admin) and schedule types (server/dokploy-server).
- Implemented restrictions for cloud users to prevent managing host-level schedules and changing schedule types.
- Improved access control for server-level schedules to ensure users can only manage schedules associated with their organization.
The search filter on the Requests tab was incorrectly filtering by
RequestPath instead of RequestHost, causing "filter by name" to match
URL paths rather than hostnames. Updated the placeholder text to
reflect the correct field being searched.
Fixes#4249
- Adjusted the Card component to have a minimum height of 85vh for better visual consistency.
- Ensured the inner div has a full height to enhance the layout structure.
- Replace individual project and server queries with a consolidated homeStats query to streamline data retrieval for the dashboard.
- Update the ShowHome component to utilize homeStats for displaying project, environment, application, and service counts, along with their status breakdown.
- Enhance data handling for user permissions to ensure accurate statistics based on user access levels.
- Home: 4 KPI cards (projects, services, deploys/7d, status list),
server column with icon in recent deployments, empty state with
icon, dashboard card frame to match other pages.
- Include libsql in project services count sort.
- Fix bulk actions in environment page: libsql was missing from
start, stop, move, delete and deploy handlers.
Adds a new /dashboard/home landing with welcome header, KPI cards
(deploys/24h, build, CPU, memory) and a recent deployments list.
Home is now the post-login landing and the destination for permission
fallback redirects across the app. Projects remains accessible from
the sidebar.
Update the version retrieval command in the GitHub Actions workflow to strip the 'v' prefix from the version number in package.json. This change ensures that the version format is consistent for downstream processes.
Modify the GitHub Actions workflow to clone the MCP and CLI repositories into temporary directories instead of the current directory. This change improves the organization of the workflow and ensures that the latest OpenAPI specification is correctly referenced during the synchronization process.
Enhance the GitHub Actions workflow by adding a workflow_dispatch trigger, allowing manual execution of the version synchronization process. This provides greater flexibility in managing version updates for MCP and CLI repositories.
Update the GitHub Actions workflow to bump the version in package.json after installing dependencies, ensuring that the version is not overwritten by pnpm install. This change enhances the reliability of version synchronization for both MCP and CLI repositories.
Change the logger's disabled property to be dependent on the NODE_ENV variable, ensuring logging is disabled in production for improved performance and security.
- Add `sendOnSignIn: true` to emailVerification config so unverified users
receive a new verification email when they attempt to sign in
- Create styled verification email template matching the invoice email design
- Extract `sendVerificationEmail` helper to keep auth.ts clean
- Show friendly message on login when email is not verified
Enhance the TagSelector component to display a message when no tags are created, prompting users to add tags. This improves user experience by providing clear feedback in the UI.
Update the GitHub Actions workflow to include regeneration of tools from the latest OpenAPI specification and ensure the latest openapi.json is copied to the CLI repository. This improves the consistency and accuracy of the versioning and API documentation across both repositories.
Implement a GitHub Actions workflow to automatically sync the version from the Dokploy repository to the MCP and CLI repositories upon release. This includes cloning the repositories, updating the package.json version, and committing the changes with relevant metadata, ensuring consistent versioning across platforms.
Implement workflows to sync the OpenAPI specification to both the MCP and CLI repositories. This includes cloning the repositories, updating the openapi.json file, and committing the changes with relevant metadata. The process ensures that the OpenAPI documentation is consistently updated across multiple platforms.
Integrate a new component, ShowContainerNetworks, to display network details for each container in the dashboard. This includes a dialog that shows network information such as IP address, gateway, and MAC address, enhancing the container management capabilities.
Add a new "View Mounts" action to the container dropdown that displays
volume and bind mounts in a formatted table (type, source, destination,
mode, read/write). Also add "View Config" and "Terminal" actions to the
compose containers tab which previously only had logs and lifecycle actions.
Right-click on service cards to quickly Start, Deploy, Stop, or Delete
a service without navigating into it. Uses shadcn/ui ContextMenu
component built on @radix-ui/react-context-menu. Delete action shows
a confirmation dialog. LibSQL services are excluded since they lack
standard mutation endpoints.
Change the audit action from "kill" to "stop" for the containerKill function to better reflect the operation being performed. This aligns the logging with the intended action and improves clarity in audit records.
Change restartContainer, startContainer, stopContainer, and killContainer
endpoints to use service.read instead of docker.read so members with
access to the compose can use container lifecycle actions.
Add a Containers tab to the compose service page that lists all
containers with their state, status, and container ID. Each container
has a dropdown menu with lifecycle actions: View Logs, Restart, Start,
Stop, and Kill.
- Add containerStart, containerStop, containerKill functions to docker service
- Add corresponding tRPC procedures with server ownership checks and audit logging
- Update containerRestart to support remote servers via serverId
- Create ShowComposeContainers component with table view and action menu
- Add Containers tab between Deployments and Backups, gated by docker.read permission
- Simplified code formatting for better readability in various components.
- Updated job scheduling functions to handle errors gracefully, ensuring that failures in scheduling do not disrupt the overall process.
- Enhanced logging for better traceability of job scheduling issues.
These changes improve code maintainability and user experience by providing clearer error messages and more organized code structure.
- Added customer update fields for automatic name and address handling during subscription creation.
- Enabled billing address collection and tax ID collection for improved compliance and billing accuracy.
These changes enhance the Stripe payment process by ensuring necessary customer information is captured and managed effectively.
- Introduced a new feature allowing users to enable or disable invoice email notifications in the billing settings.
- Implemented email notifications for successful invoice payments and payment failures, enhancing user communication regarding billing.
- Updated the database schema to include a new column for storing user preferences on invoice notifications.
- Added corresponding email templates for invoice notifications and payment failure alerts.
These changes improve user experience by keeping users informed about their billing status and actions required.
When both stripPath and internalPath are configured, addPrefix was pushed
before stripPrefix causing incorrect path rewriting (e.g. /app/v2/public/api
instead of /app/v2/api). Traefik executes middlewares in array order, so
stripPrefix must come first.
Closes#4061
When users set a custom docker compose command without the -p flag,
Docker Compose defaults to using the directory name (code) as the
project name. If the custom command is later removed, Dokploy uses
-p appName, creating a new stack while the old one remains running.
Injecting COMPOSE_PROJECT_NAME=appName into the .env ensures the
project name is always consistent regardless of the command used.
Closes#4019
Commands were chained with && so if the project directory was missing,
cd would fail and docker compose down would never execute — leaving
containers and volumes running. Use semicolons to run each command
independently, matching the existing stack deletion pattern.
Closes#4064
- Updated the AnalyzeLogs component to display a message and button for configuring AI providers when none are available, improving user guidance.
- Added a link to the settings page for easy access to AI provider configuration.
- Integrated new icon for the configuration button to enhance UI clarity.
These changes improve the user experience by ensuring users are informed about the need to set up AI providers for log analysis.
- Updated the `getContainerLogs` function to accept either an application name or container ID, improving flexibility in log retrieval.
- Simplified the command execution logic by consolidating the remote and local execution paths.
- Added a new parameter to directly use container IDs, streamlining the process for users.
These changes enhance the usability of the logging feature, allowing for more efficient access to container logs.
- Implemented a new `readLogs` procedure across various routers (application, compose, libsql, mariadb, mongo, mysql, postgres, redis) to enable users to retrieve logs from containers.
- Each procedure includes input validation for parameters such as `tail`, `since`, and `search`, ensuring robust access control and authorization checks.
- Enhanced the `getContainerLogs` service to support fetching logs from both Docker containers and services, improving the logging capabilities of the application.
This feature enhances observability and troubleshooting for users by providing direct access to container logs.
- Corrected the API URL for Z.AI by removing the trailing slash.
- Modified the AI router mutation to include context and added access control to ensure users can only access their organization's AI settings.
These changes improve the accuracy of the API integration and enhance security by enforcing organizational access restrictions.
- Introduced the AnalyzeLogs component for analyzing logs using AI, allowing users to select AI providers and view analysis results.
- Integrated AnalyzeLogs into the ShowDeployment and DockerLogsId components, enabling log analysis for both build and runtime contexts.
- Updated the AI router to include a new endpoint for log analysis, which processes logs and returns structured insights.
- Enhanced the AI provider selection logic to support new providers, including Z.AI and MiniMax.
This feature enhances the user experience by providing actionable insights from logs, improving troubleshooting and operational efficiency.
Add allForApps endpoint that returns only sshKeyId and name using protectedProcedure instead of withPermission, so members can select SSH keys in the git provider dropdown without needing access to the SSH Keys management panel.
closes#4069
Move server.listen() before the initialization block so the HTTP server
is already responding when Docker healthchecks begin. Previously, slow
operations like SMTP timeouts in sendDokployRestartNotifications() could
block the server from listening, causing healthcheck failures and
container restarts.
Closes#4049
The catch block was swallowing the real error from the ntfy server,
making it impossible to diagnose connection failures (e.g. SSL, DNS,
auth issues). Now the underlying error message is included in the
tRPC error response.
Closes#4047
- Change compose.loadServices permission from service:create to service:read
since loading services from a compose file is a read-only operation
- Add saveEnvironment endpoint to compose router with envVars:write permission
- Update show-environment.tsx to use saveEnvironment mutations instead of
generic update mutations for all service types (compose, databases)
Closes#4052
The actions array in Slack attachments requires Interactive Components
to be configured on the Slack app, which causes notifications to fail.
Replaces with a Details field using mrkdwn hyperlink syntax and adds
mrkdwn_in to ensure the link renders as clickable.
Closes#4053
writeDomainsToCompose reads the compose file in Node.js before the
shell script runs, so patches applied as shell commands were being
overwritten by the stale pre-patch content.
Split patch execution into a separate step that runs before
getBuildComposeCommand, so the file is already patched when Node.js
reads it for domain injection.
Also added missing patch support to rebuildCompose which was skipping
patches entirely on redeploys.
Closes#4113
The naive split(":").pop() approach treated the port number in
registry URLs (e.g. registry:5000/image) as the image tag.
Now uses lastIndexOf(":") and checks if the suffix matches a port
followed by a path (digits + slash), consistent with extractImageName.
Closes#4082
- Normalize emails with toLowerCase().trim() before comparing
- Wrap getUserByToken in try/catch since it throws TRPCError on miss,
rethrow as APIError for consistent error responses
Also checks that the invitation is not expired and has not already been
used before allowing account creation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Updated the authentication process to check if the email of the user matches the email associated with the invitation token.
- Improved error handling for cases where the user is not found or the email does not match the invitation.
- Added `isEnterpriseCloud` field to the user schema to enhance user differentiation for enterprise cloud services.
- This change supports the ongoing updates to billing and subscription management for enterprise users.
- Introduced `isEnterpriseCloud` boolean field in the user schema to differentiate enterprise users.
- Updated billing UI to display specific information for enterprise cloud users, including a dedicated section for managing subscriptions.
- Modified API webhook logic to handle subscription updates and server management based on the `isEnterpriseCloud` status.
- Introduced `accessedServers` field in user permissions schema and member table.
- Implemented server access validation across various API routers to ensure users can only access permitted servers.
- Added a new query to fetch accessible server IDs based on user roles and licenses.
- Updated UI components to support server selection in user permissions.
Resolve conflicts:
- Integrate credentials-based user provisioning with canary changes
- Use withPermission("member", "create") instead of adminProcedure
- Adopt standardSchemaResolver, inviteMember mutation, and custom roles from canary
- Restrict credentials flow to non-cloud environments
- Enhanced the `formatSizeValue`, `formatMemUsage`, and `formatIOValue` functions to handle edge cases more effectively.
- Updated regex and condition checks to ensure proper parsing of input strings, improving overall reliability in formatting size values.
- Introduced a tabbed layout in the ShowSwarmOverviewModal to separate the overview and containers views.
- Added ShowSwarmContainers component to the containers tab, improving the organization of information.
- Integrated Card component for better styling and presentation of the containers section.
- Introduced new components for handling various empty states in the Swarm containers dashboard, including `SwarmNotAvailable`, `ServicesError`, `NoServices`, and `NoRunningContainers`.
- Added `SummaryCards` component to display key metrics such as node count, down nodes, service count, and running containers.
- Enhanced the `ShowSwarmContainers` component to integrate the new empty states and summary cards, improving user feedback and overall experience.
- Introduced a new optional `icon` field to the application schema, allowing for icon uploads.
- Implemented validation to ensure the icon size does not exceed 2MB, enhancing data integrity.
- Updated the ShowIconSettings component to include a dialog for icon selection and upload.
- Added functionality to handle file uploads, including validation for file types and sizes.
- Implemented icon removal feature within the dialog.
- Refactored icon selection logic to improve user experience and maintainability.
- Adjusted the application page to integrate the updated ShowIconSettings component.
- Added `dompurify` for sanitizing SVG icons to prevent XSS vulnerabilities.
- Introduced `simple-icons` for a collection of SVG icons, enhancing the icon selection feature.
- Updated the `ShowIconSettings` component to utilize the new icon management logic.
- Removed the obsolete `icons.json` file and replaced it with a new `bundled-icons.ts` file for better structure and maintainability.
- Adjusted related API and component files to accommodate the new icon handling approach.
- Added logic to conditionally set the custom entry point based on the useCustomEntrypoint flag.
- Updated the onCheckedChange handler to clear the custom entry point value when the switch is turned off, improving form state management.
- Introduced a new SQL script to add a "middlewares" column to the "domain" table with a default value of an empty text array.
- Updated the journal to include the new migration entry for version 0161.
- Added a snapshot file for version 7, detailing the schema changes for the "account" and "apikey" tables.
- Introduced a new SQL script to set the default value for the "dockerImage" column in the "mongo" table.
- Updated the journal to include the new migration entry for version 0160.
- Added a snapshot file for version 7, detailing the schema for the "account" and "apikey" tables.
- Updated password validation in MariaDB, MongoDB, MySQL, Postgres, and Redis routers to enforce a regex pattern that restricts invalid characters.
- Introduced a consistent error message for invalid passwords to improve user guidance and ensure database compatibility.
- Refactored password validation logic in the schema files to utilize shared constants for regex and messages, promoting code reuse and maintainability.
- Added confirmation password field and validation to the `UpdateDatabasePassword` component.
- Refactored password update logic in MariaDB, MongoDB, MySQL, Postgres, and Redis routers to utilize database transactions for improved reliability.
- Ensured consistent handling of password updates across all database types, enhancing user experience and security.
- Improved error messages when updating the database password to provide clearer guidance based on the error type.
- Added specific feedback for cases where the database container is not running, prompting users to start the service before attempting to change the password.
- Introduced a new `UpdateDatabasePassword` component to facilitate password updates for database credentials.
- Implemented password change mutations in the respective API routers for MariaDB, MongoDB, MySQL, Postgres, and Redis.
- Enhanced user experience by providing success notifications upon successful password updates.
- Updated UI components to include the new password update functionality, ensuring consistency across different database types.
- Added a new section to the certificate details view to show associated server information, including the server name and IP address, enhancing the visibility of server-related data for each certificate.
- Updated the API to include server data when fetching certificates.
- Updated the `extractExpirationDate` and `extractCommonName` functions to return null instead of throwing errors when encountering unexpected structures in the certificate data. This change enhances the robustness of the certificate parsing logic.
- Eliminated the `autoRenew` field from the certificate schema, API router, and related components to streamline certificate management.
- Updated form handling and validation logic accordingly to reflect the removal of the auto-renew feature.
- Modified the access control settings for the 'certificate' resource to allow 'update' permissions for admin and owner roles.
- Updated the certificate router to use the new permission structure for the update mutation.
- Introduced `APP_NAME_REGEX` and `APP_NAME_MESSAGE` constants in `schema.ts` for consistent app name validation across `add-application.tsx`, `add-compose.tsx`, and `add-database.tsx`.
- Updated regex and error message in the respective schemas to utilize the new constants, improving maintainability and readability.
- Updated the `templates` procedure in the compose router to use `protectedProcedure` instead of `publicProcedure`, enhancing access control for this endpoint.
- Introduced a new column `bookmarkedTemplates` to the user table to store user-specific template bookmarks.
- Updated API methods to manage bookmarked templates, replacing the deprecated user_template_bookmarks table.
- Adjusted queries to retrieve and toggle bookmarks directly from the user record.
- Added DockerDiskUsageChart component to visualize Docker disk usage data.
- Refactored existing chart components (DockerBlockChart, DockerCpuChart, DockerDiskChart, DockerMemoryChart, DockerNetworkChart) to use a consistent ChartContainer and updated chart configurations.
- Improved tooltip functionality and styling across all charts for better user experience.
- Integrated new API endpoint for fetching Docker disk usage data.
- Replaced protectedProcedure with withPermission for the uploadFileToContainer mutation to enhance permission management.
- Improved code clarity by removing unnecessary imports.
- Consolidated the file upload logic for both remote and local servers into a single command.
- Removed redundant temporary file handling and streamlined error management.
- Improved code readability by reducing complexity in the uploadFileToContainer function.
- Restored the type import for UploadFileToContainer in the upload file modal component.
- Updated useForm to correctly utilize the UploadFileToContainer type for improved type safety.
- Changed zodResolver import to standardSchemaResolver for improved schema handling.
- Adjusted Dropzone layout for better visual alignment and user experience.
- Removed unused uploadProcedure from the Docker router to streamline the API.
- Replaced inline timestamp generation with the new getBackupTimestamp function across various backup modules (compose, libsql, mariadb, mongo, mysql, postgres, web-server, and volume-backups).
- Improved code readability and maintainability by centralizing timestamp formatting logic.
- Updated conditional checks for customEntrypoint to use a more concise syntax.
- Ensured consistent handling of HTTPS configurations across domain management functions.
- Improved code readability and maintainability by streamlining logic in addDomainToCompose and manageDomain functions.
- Implemented tests to verify the addition of stripPath and internalPath middlewares for custom entrypoints.
- Ensured correct path prefixing in router rules and combined middleware functionality.
- Added checks to confirm that redirect-to-https is not added for custom entrypoints even when HTTPS is enabled.
- Enhanced tests for router configuration with custom entrypoints, including path handling and TLS settings.
- Updated the repository cloning functions to prioritize internal URLs for Gitea and GitLab, enhancing security and access control.
- Ensured fallback to external URLs if internal ones are not available.
- Changed the anonymous async function to a named function `runRestore` for better readability.
- Enhanced error handling to log specific error messages during the restore process.
Updated the orderBy clause in the schedules query to sort by the createdAt field instead of the name, ensuring schedules are returned in the order they were created.
- Replaced `createSchema.pick` with `z.object` for `apiFindOneLibsql` and `apiFindMountByApplicationId` to enforce stricter validation.
- Ensured `libsqlId`, `serviceType`, and `serviceId` are required strings with minimum length constraints.
- Added loading state for the sharing toggle in the UI to prevent user interaction during processing.
- Enhanced authorization logic in the API to ensure that both user and organization ownership are validated before allowing sharing of Git providers.
- Improved error handling in the license key deactivation process to log failures for better debugging.
- Added functionality to toggle sharing of Git providers with the organization.
- Introduced a new column "sharedWithOrganization" in the git_provider table to track sharing status.
- Updated user permissions to include accessedGitProviders, allowing for more granular access control.
- Enhanced API routes to support fetching accessible Git providers based on user roles and permissions.
- Implemented UI components for managing Git provider sharing and permissions in the dashboard.
- Added dokployBackup parameter to various notification functions and schemas to support backup notifications.
- Updated HandleNotifications component to include dokployBackup in notification payloads.
- Enhanced notification utilities to accommodate new backup notification types across multiple channels.
- Introduced a new boolean column "dokployBackup" in the "notification" table with a default value of false.
- Added journal entry for version 7 tagged as "0156_fair_vargas" to track this schema change.
- Created a new snapshot file for version 7 to reflect the updated database schema.
- Introduced a new switch control in the notifications settings to enable or disable actions triggered by Dokploy backup creation.
- Enhanced user interface for better interaction with notification settings.
- Consolidated command execution for removing Traefik config files by using a single command string.
- Enhanced error handling to log issues encountered during the removal process for both local and remote configurations.
- Updated createCustomNotification, createLarkNotification, createMattermostNotification, and updateMattermostNotification to include volumeBackup as a parameter, enhancing notification capabilities.
- Introduced regex validation for the `additionalFlags` field to ensure proper flag formatting.
- Updated error handling in the API router to provide clearer feedback on validation issues.
- Refactored the database schema to align with the new validation rules for additionalFlags.
- Added a new validation module for destination-related checks.
- Refactored the `additionalFlags` field to use a structured object format, allowing for better validation and management of flag values.
- Replaced the textarea input with a dynamic list of input fields, enabling users to add or remove flags easily.
- Updated form handling to accommodate the new structure, ensuring proper data mapping during form submission.
- Introduced an optional `additionalFlags` field in the destination schema to allow users to specify extra parameters.
- Updated the form in the dashboard to include a textarea for entering additional flags.
- Modified the API router to handle the new `additionalFlags` input when creating or updating destinations.
- Adjusted database schema to accommodate the new field in the destination table.
- Added RemoveContainerDialog component for user confirmation before removing a Docker container.
- Integrated the dialog into the container management UI.
- Implemented server-side logic for container removal, including permission checks and error handling.
- Updated API router to include the new removeContainer mutation.
- Changed webhookUrl validation to ensure it is a valid URL.
- Updated input types for createMattermostNotification and updateMattermostNotification functions to use z.infer for better type inference.
- Refactored sendMattermostNotification to improve error handling and payload construction.
- Integrated MattermostIcon into the ShowNotifications component to support Mattermost notification type.
- Enhanced the user interface to visually represent Mattermost notifications alongside existing notification types.
- Introduced a new SQL file to alter the notificationType and create a Mattermost table.
- Added a foreign key relationship between the notification table and the new Mattermost table.
- Updated the journal and snapshot metadata to reflect these changes.
- Added FormDescription to clarify user requirements in the server handling component.
- Updated alert messages to inform users about connecting as root or non-root with passwordless sudo access.
- Introduced new status rows in the validation component to display privilege mode and Docker group membership.
- Implemented validation functions for sudo access and Docker group membership in the server setup scripts, ensuring proper permissions are checked during setup.
- Created a new SQL type for 'libsql' and established a corresponding table with necessary fields and constraints.
- Updated existing tables (backup, mount, volume_backup) to include foreign key references to 'libsql'.
- Enhanced the libsql schema in the application to support additional fields such as stopGracePeriodSwarm and endpointSpecSwarm.
- Adjusted form handling and validation to accommodate the new libsql service type, improving overall integration and functionality.
- Updated various swarm form components to include 'libsql' as a valid service type.
- Enhanced query and mutation handling for 'libsql' across multiple forms, ensuring comprehensive integration.
- Adjusted form schemas and data handling to accommodate 'libsql' service requirements, improving overall functionality.
- Created a new SQL type for 'libsql' and added it to the serviceType enum.
- Established a 'libsql' table with necessary fields and constraints.
- Updated existing tables (backup, mount, volume_backup) to include foreign key references to 'libsql'.
- Adjusted the mount schema to incorporate 'libsql' as a valid service type, enhancing service management capabilities.
- Updated service type checks in the getBaseFilesPath and getServerId functions to use application and service IDs for better clarity and reliability.
- Removed redundant service type checks and adjusted logic to enhance maintainability.
- Added 'libsql' to the server relations in the schema for improved service management.
- Added 'libsql' to the Services type in add-permissions.tsx for improved service management.
- Implemented extraction logic for 'libsql' services in the extractServices function.
- Updated project router to include 'libsql' in service filters and response columns, ensuring comprehensive data handling for libsql services.
- Modified the database name assignment in the RestoreBackup component to include 'iku.db' for the 'libsql' database type.
- Updated input disabling logic in both HandleBackup and RestoreBackup components to disable inputs for both 'web-server' and 'libsql' database types, enhancing user experience and preventing invalid input.
- Eliminated the ForceUpdate property from the TaskTemplate during service updates to streamline the update process.
- Adjusted the service update logic to focus on essential settings without the unnecessary increment of ForceUpdate.
- Replaced zodResolver import with standardSchemaResolver for improved schema handling.
- Refactored DockerProviderSchema to streamline validation logic and enhance readability.
- Updated external port validation to check for empty values and ensure proper error handling.
- Adjusted service access checks in the libsql router for better permission management.
- Removed unused imports from the ShowProjects component for better clarity.
- Updated LibsqlIcon dimensions to use relative units for improved responsiveness.
- Adjusted icon size in the EnvironmentPage for consistency with other icons.
- Added LibsqlIcon and updated ServiceCollections to include 'libsql'.
- Replaced BreadcrumbSidebar with AdvanceBreadcrumb in the Libsql service page for improved navigation consistency.
- Enhanced SERVICE_QUERY_KEYS and SERVICE_ICONS to accommodate libsql integration.
- Updated mutation hooks in the ShowExternalLibsqlCredentials and ShowGeneralLibsql components to use 'isPending' instead of 'isLoading' for better clarity in loading state representation.
- Adjusted button loading states accordingly to reflect the new naming convention.
- Updated backup and restore functionalities to include support for the 'libsql' database type.
- Enhanced the backup process with new methods for running and restoring libsql backups.
- Modified existing components and schemas to accommodate libsql, including updates to the database type enumerations and backup schemas.
- Removed obsolete bottomless replication features from the libsql schema.
- Updated related UI components to reflect changes in backup handling for libsql.
- Created a new SQL file defining the 'libsql' table with various fields including 'libsqlId', 'name', and 'databaseUser'.
- Added foreign key constraints linking 'libsql' to 'mount', 'volume_backup', 'environment', and 'server' tables.
- Updated the 'mount' and 'volume_backup' tables to include a new 'libsqlId' column and removed the obsolete 'serviceType' column.
- Added journal entry for the new schema version.
- Upgraded 'next' version from 16.1.6 to 16.2.0 in both pnpm-lock.yaml and package.json.
- Updated related dependency versions for '@trpc/next' and '@trpc/react-query' to align with the new 'next' version.
- Adjusted version hashes for better consistency in '@better-auth' packages.
- Simplified the payload construction for tag creation and updates in the HandleTag component.
- Improved code readability by consolidating the conditional logic for tagId handling.
- Added error handling for user permission fetching in the server-side props.
- Implemented a check for tag read permissions, redirecting unauthorized users to the home page.
- Enhanced the overall structure of the server-side logic for better clarity and maintainability.
- Replaced role-based access control with permission-based checks for tag visibility in the side menu.
- Updated API route handlers to utilize protected procedures for tag queries, enhancing security and consistency in permission management.
- Integrated user permissions for tag creation, updating, and deletion in the TagManager component.
- Updated API routes to enforce permission checks for tag operations.
- Added new permissions for managing tags in the roles configuration.
- Improved error handling for unauthorized access in tag-related operations.
- Added a new HandleTag component to manage tag creation and updates with validation.
- Integrated color selection and real-time preview for tags.
- Updated tag management references in TagFilter and TagSelector components to use the new HandleTag component.
- Introduced new SQL migration to create 'project_tag' and 'tag' tables.
- Added unique constraints and foreign key relationships to ensure data integrity.
- Updated journal and snapshot metadata to reflect the new migration.
- Bumped the version of @dokploy/trpc-openapi in both package.json and pnpm-lock.yaml.
- Removed unnecessary metadata from the dropDeployment procedure in application.ts.
- Added health check functionality for PostgreSQL, Redis, and Traefik services before updating the web server.
- Introduced a modal state management system to guide users through the verification and update process.
- Updated UI components to display service health status and relevant messages during the update workflow.
- Refactored the update server button to reflect the latest version and availability of updates.
- Changed the authorization check for deleting an API key to use referenceId instead of userId, ensuring proper validation against the current user's ID.
- Modified the apikey table to drop the user_id column and replace it with reference_id, establishing a foreign key relationship with the user table.
- Added config_id column with a default value to the apikey table.
- Updated related code in the account schema and user service to reflect these changes.
- Enhanced the journal and snapshot files to include the latest schema updates.
- Introduced predefined role presets with default permissions for viewer, developer, deployer, and devops roles to streamline custom role creation.
- Enhanced the UI to allow users to start from a preset role, improving the user experience in managing custom roles.
- Updated imports and adjusted component formatting for better readability.
- Enhanced code readability by adjusting formatting in the ShowBilling component, ensuring consistent line breaks and indentation.
- Updated the ShowUsers component to improve the layout of the warning message for users with custom roles without a valid license, maintaining clarity in the alert presentation.
- Introduced an AlertBlock to notify users with custom roles that a valid Enterprise license is required for those roles to function.
- Implemented logic to check for users assigned to custom roles and display a warning if the license is invalid.
- Replaced single server quantity state with separate states for hobby and startup server quantities.
- Adjusted calculations and UI elements to reflect the new state management for each tier.
- Ensured proper handling of server quantity in pricing calculations and button states.
- Updated the error message formatting in both database and volume backup notification functions to limit the displayed message length, ensuring better readability and preventing overflow.
- Introduced a new settings.json file to define permissions for various Bash commands and set the default mode to bypassPermissions.
- Updated the version in package.json to v0.28.7.
- Updated the mechanizeDockerContainer function to conditionally use authConfig when creating a Docker service, ensuring proper service creation based on authentication settings.
- Updated the rsync command in the runWebServerBackup function to exclude the 'volume-backups/' directory, ensuring that unnecessary data is not copied during the backup process.
- Removed TimeBadge from the ShowProjects component and integrated it into the BreadcrumbSidebar.
- Added a query to determine if the environment is cloud-based, allowing for conditional display of the TimeBadge.
- Updated layout in BreadcrumbSidebar for improved spacing and organization.
- Replaced direct state checks with a derived variable `isCollapsed` for better readability and maintainability.
- Updated class names and conditions in the SidebarLogo component to use the new `isCollapsed` variable.
- Adjusted overflow behavior in Sidebar and SidebarContent components for improved layout management.
- Added new components for displaying and managing audit logs, including a data table and filters for user actions.
- Introduced a custom roles management interface, allowing users to create and modify roles with specific permissions.
- Updated permission checks to ensure proper access control for audit logs and custom roles.
- Refactored existing components to integrate new functionality and improve user experience.
- Replaced the delete operation with an update for organization roles, ensuring existing roles are modified instead of removed.
- Adjusted the return value to reflect the updated role instead of a newly created entry.
- Reintroduced the audit logging functionality for role updates.
- Deleted the old SQL files for organization_role and audit_log.
- Introduced new SQL file defining organization_role and audit_log with updated foreign key constraints and indexes.
- Updated metadata snapshots to reflect the new table structures and relationships.
- Adjusted access control permissions for backup and notification operations to include update capabilities.
- Introduced new test files for permission checks, including `check-permission.test.ts`, `enterprise-only-resources.test.ts`, `resolve-permissions.test.ts`, and `service-access.test.ts`.
- Implemented permission checks in various components to ensure actions are gated by user permissions, including `ShowTraefikConfig`, `UpdateTraefikConfig`, `ShowVolumes`, `ShowDomains`, and others.
- Enhanced the logic for displaying UI elements based on user permissions, ensuring that only authorized users can access or modify resources.
When editing a notification, only the notification.all query cache was
invalidated. The notification.one query retained stale data, causing
the edit form to display previous values on subsequent edits.
Switch from z.instanceof(FormData) to uploadFileSchema (zod-form-data)
so the OpenAPI generator produces a proper multipart/form-data spec
with typed fields (zip as binary, applicationId, dropBuildPath).
Regenerate openapi.json with the drop-deployment endpoint included.
Enable file upload deployments via the public API, unlocking CI/CD workflows
similar to `railway up`. Users can now programmatically deploy by uploading
zip archives.
Depends on: Dokploy/trpc-openapi multipart/form-data support
- Added @codemirror/search version 6.6.0.
- Updated @codemirror/view to version 6.39.15 across multiple files.
- Adjusted imports in code-editor.tsx to include search functionality.
This update ensures compatibility with the latest features and improvements in the CodeMirror library.
Updated the createMount mutation to return the promise from createMount directly, enhancing readability. Additionally, adjusted the serviceType schema definition for clarity by removing the default value assignment.
Updated components to use the new API method for fetching the active organization, improving consistency across the codebase. This change enhances maintainability and aligns with recent API updates.
Updated the event fetching logic to utilize Promise.all for concurrent API calls, enhancing performance. Adjusted the UI table layout by modifying the column span for better alignment and presentation of the empty queue state. Introduced constants for maximum events to improve code clarity.
Added self-hosted and production configuration examples for Inngest to the .env.example file. This enhancement provides clearer guidance for developers on setting up the Inngest integration.
Added a new endpoint to fetch deployment jobs for a server, integrating with the Inngest API to retrieve job details. Updated the queue management system to support centralized job retrieval for cloud environments, improving the deployment monitoring experience. Enhanced the UI to include action buttons for job cancellation and improved error handling for job fetching.
Introduced a new deployments page that includes a table for viewing all application and compose deployments, as well as a queue table for monitoring deployment jobs. Updated the sidebar to include a link to the new deployments section. Enhanced the API to support centralized deployment queries and job queue retrieval, improving overall deployment management and visibility.
Added helper functions to format status labels and execution durations in the requests dashboard. Updated the display logic to show "N/A" for zero status and improved duration representation in microseconds and milliseconds. This enhances the clarity and usability of the request logs for better monitoring and analysis.
Added the 'name' column to the project API response structure to enhance the data returned for project queries. This change improves the clarity and usability of the API by ensuring that project names are included in the response, facilitating better data handling for clients.
Removed unused imports and redundant code in the project dashboard component to enhance readability. Updated the API project router to streamline the data structure by eliminating unnecessary domain retrievals, while ensuring essential application and compose details are still included. This refactor improves maintainability and optimizes data handling for the project management interface.
Replaced the existing project query with the new `allForPermissions` endpoint to enhance data retrieval for server monitoring settings. This change aligns with recent API enhancements aimed at improving permissions management.
Introduced a new API endpoint `allForPermissions` to retrieve projects along with their environments and services specifically for admin users. This enhancement allows for a more comprehensive permissions UI by including detailed information about each environment and its associated applications, improving the overall user experience in managing permissions.
Updated the mysql configuration in the environment service to include specific column selections for the server object. This change improves data structure clarity and allows for more precise data handling in future queries.
Eliminated the 'env' property from the duplicateEnvironment function to streamline the code and improve clarity. This change enhances maintainability by removing unnecessary parameters.
Updated project and environment services to include specific column selections for various database entities. This improves data retrieval efficiency and allows for more granular control over the returned data structure. Added columns for application, mariadb, mongo, mysql, postgres, redis, and compose entities, as well as enhancements to the environment query structure.
Implemented a search feature in application, compose, environment, mariadb, mongo, mysql, postgres, project, and redis routers. Each search allows filtering by various parameters and respects user permissions based on their role. The search queries utilize optimized conditions for efficient data retrieval.
Docker Swarm's default FailureAction is "pause". When a task fails or is
terminated early during a rolling update, Swarm pauses the update and
stops ALL reconciliation — orphan containers persist indefinitely, even
when healthy. This is the root cause of orphan container issues reported
in production (services showing Replicas: N/1 with multiple healthy
containers that never get cleaned up).
Setting FailureAction to "rollback" makes Swarm automatically revert to
the previous working service spec on failure, preventing orphans while
preserving service availability. Also adds a default RollbackConfig with
Order: "start-first" to match the update config (Docker defaults rollback
to "stop-first" otherwise).
Only affects the default config — users who have configured their own
updateConfigSwarm/rollbackConfigSwarm are not affected.
Relates to #1669, #2223, #2911, #2150
Change Drizzle column mode from "bigint" to "number" for stopGracePeriodSwarm
across all 6 service schemas. This fixes JSON.stringify failing silently in the
@dokploy/trpc-openapi adapter, which unlike the tRPC endpoint does not use
superjson and cannot serialize BigInt values.
No database migration needed — only the JS representation changes. The values
are nanosecond grace periods that fit safely within Number.MAX_SAFE_INTEGER.
Also adds onError logging and export const config to the OpenAPI route handler
to match the tRPC route and improve debuggability.
Fixes#3793
This fixes keyboard shortcuts (Ctrl+S, Ctrl+B, Ctrl+J, Ctrl+K) not working with non-English keyboard layouts (e.g., Russian, French AZERTY, German QWERTZ).
Fixes#3495
switchers
- Create AdvanceBreadcrumb component with searchable dropdowns
- Add project selector with environment expansion support
- Add service selector for quick switching between services
- Add environment selector badge for multi-environment projects
- Replace BreadcrumbSidebar with new component across all service pages
- Update projects page, environment page, and all service detail pages
(application, compose, postgres, mysql, mariadb, redis, mongo)
Add tag management system that allows users to create, edit, and delete
tags scoped to their organization, and assign them to projects for
better organization and filtering.
- Add tag and project_tag database schemas with Drizzle migration
- Add tRPC router for tag CRUD and project-tag assignment operations
- Add tag management page in Settings with color picker
- Add tag selector to project create/edit form
- Add tag filter to project list with localStorage persistence
- Display tag badges on project cards
When called with an empty array, `docker service ps` receives no
SERVICE argument and fails with "requires at least 1 argument".
Return early with [] when appNames is empty.
getSwarmNodes was changed to return [] on error, but the existing
SwarmMonitorCard checks `if (!nodes)` to detect failures. Since ![]
is false, the error state was silently skipped, breaking the Overview
tab for users without Docker Swarm initialized.
Reverted to return undefined on error (original behavior) so the
existing Overview tab error handling continues to work. The Containers
tab already handles nodes === undefined explicitly.
TL;DR: New "Containers" tab on the Swarm page showing which containers
run on which nodes, with live CPU/Memory/Block I/O/Network I/O metrics
refreshing every 5 seconds. Comprehensive edge case handling guides
users through prerequisites (swarm init, registry, service deployment).
---
## New Files
- `apps/dokploy/components/dashboard/swarm/containers/show-swarm-containers.tsx`
Main component: data fetching, error/empty states, summary cards,
and the node-grouped container layout.
- `apps/dokploy/components/dashboard/swarm/containers/node-section.tsx`
Collapsible per-node section with container table, role badge,
and down-node indicator.
- `apps/dokploy/components/dashboard/swarm/containers/container-row.tsx`
Table row for a single container: state badge with error tooltip,
formatted CPU/memory/IO metrics.
- `apps/dokploy/components/dashboard/swarm/containers/utils.ts`
Formatting helpers for docker stats values (CPU %, memory, I/O).
- `apps/dokploy/components/dashboard/swarm/containers/types.ts`
Shared TypeScript interfaces (ContainerStat, ContainerInfo, SwarmNode,
NodeGroup).
## Modified Files
- `apps/dokploy/pages/dashboard/swarm.tsx`
Added Tabs (Overview / Containers) wrapping existing SwarmMonitorCard
and the new ShowSwarmContainers component.
- `apps/dokploy/server/api/routers/swarm.ts`
Added `getContainerStats` tRPC endpoint calling `getAllContainerStats`,
following existing auth/validation patterns.
- `packages/server/src/services/docker.ts`
- Added `getAllContainerStats()` — runs `docker stats --no-stream` for
cluster-wide container metrics.
- Fixed `getSwarmNodes`, `getNodeApplications`, `getApplicationInfo` to
return `[]` instead of `undefined` on errors (prevents tRPC
serialization crashes) and added `console.error` logging.
- Added empty stdout guard (`if (!stdout.trim()) return []`) to prevent
`JSON.parse("")` crashes when no services exist.
## Features
- Container table per node: name, image, state, CPU %, memory usage,
block I/O, and network I/O
- Resource formatting: values rounded to 1 decimal (2.711MiB → 2.7 MiB),
CPU to 1 decimal (0.00% → 0.0%)
- Node role badges (Leader / Reachable / Worker) on each section header
- Error tooltips: hover the status badge to see Docker error details
- Down/drained node detection with red indicator dot and warning banner
- Multi-node metrics banner explaining docker stats manager-only limitation
- Unscheduled services footer for services scaled to 0 replicas
- Contextual empty/error states with actionable guidance, doc links to
Dokploy docs and Docker Swarm guide, and links to Cluster Settings
## Edge Cases Handled
1. Swarm not initialized (tRPC error or undefined data)
2. Docker command failures (stderr / non-zero exit)
3. Swarm active but no services deployed
4. Services exist but no running containers
5. Containers with Docker errors (shown in tooltip + error alert)
6. Nodes down or drained (cross-referenced from node list)
7. Multi-node setups (metrics only from manager node)
8. Services scaled to 0 replicas (separated from running containers)
9. Empty stdout from docker commands (no JSON.parse crash)
- Introduced a new SQL migration script `0130_abandoned_dagger.sql` to add the `customEntrypoint` column to the `domain` table.
- Updated the journal entry in `_journal.json` to reflect this new migration.
- Created a snapshot file `0130_snapshot.json` to capture the current state of the database schema after this migration.
- Deleted the SQL script `0122_sleepy_aqueduct.sql` which added a `customEntrypoint` column to the `domain` table.
- Removed the corresponding journal entry from `_journal.json` to clean up migration history.
- Deleted the snapshot file `0122_snapshot.json` as it is no longer needed.
- Redesigned InputOTP component with modern visual boxes
- Added native password manager support (Dashlane, 1Password, etc.)
- Implemented automatic cursor movement on input/delete
- Removed legacy slot-based components (InputOTPGroup, InputOTPSlot, InputOTPSeparator)
- Updated login page and 2FA setup to use new component
- Enhanced UX with hover effects, focus states, and filled state styling
The new InputOTP component uses a hidden native input with autoComplete='one-time-code'
for password manager compatibility while displaying modern rounded boxes with smooth
animations and visual feedback.
description: Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
license: Complete terms in LICENSE.txt
---
This skill guides creation of distinctive, production-grade frontend interfaces that avoid generic "AI slop" aesthetics. Implement real working code with exceptional attention to aesthetic details and creative choices.
The user provides frontend requirements: a component, page, application, or interface to build. They may include context about the purpose, audience, or technical constraints.
## Design Thinking
Before coding, understand the context and commit to a BOLD aesthetic direction:
- **Purpose**: What problem does this interface solve? Who uses it?
- **Tone**: Pick an extreme: brutally minimal, maximalist chaos, retro-futuristic, organic/natural, luxury/refined, playful/toy-like, editorial/magazine, brutalist/raw, art deco/geometric, soft/pastel, industrial/utilitarian, etc. There are so many flavors to choose from. Use these for inspiration but design one that is true to the aesthetic direction.
- **Differentiation**: What makes this UNFORGETTABLE? What's the one thing someone will remember?
**CRITICAL**: Choose a clear conceptual direction and execute it with precision. Bold maximalism and refined minimalism both work - the key is intentionality, not intensity.
Then implement working code (HTML/CSS/JS, React, Vue, etc.) that is:
- Production-grade and functional
- Visually striking and memorable
- Cohesive with a clear aesthetic point-of-view
- Meticulously refined in every detail
## Frontend Aesthetics Guidelines
Focus on:
- **Typography**: Choose fonts that are beautiful, unique, and interesting. Avoid generic fonts like Arial and Inter; opt instead for distinctive choices that elevate the frontend's aesthetics; unexpected, characterful font choices. Pair a distinctive display font with a refined body font.
- **Color & Theme**: Commit to a cohesive aesthetic. Use CSS variables for consistency. Dominant colors with sharp accents outperform timid, evenly-distributed palettes.
- **Motion**: Use animations for effects and micro-interactions. Prioritize CSS-only solutions for HTML. Use Motion library for React when available. Focus on high-impact moments: one well-orchestrated page load with staggered reveals (animation-delay) creates more delight than scattered micro-interactions. Use scroll-triggering and hover states that surprise.
- **Spatial Composition**: Unexpected layouts. Asymmetry. Overlap. Diagonal flow. Grid-breaking elements. Generous negative space OR controlled density.
- **Backgrounds & Visual Details**: Create atmosphere and depth rather than defaulting to solid colors. Add contextual effects and textures that match the overall aesthetic. Apply creative forms like gradient meshes, noise textures, geometric patterns, layered transparencies, dramatic shadows, decorative borders, custom cursors, and grain overlays.
NEVER use generic AI-generated aesthetics like overused font families (Inter, Roboto, Arial, system fonts), cliched color schemes (particularly purple gradients on white backgrounds), predictable layouts and component patterns, and cookie-cutter design that lacks context-specific character.
Interpret creatively and make unexpected choices that feel genuinely designed for the context. No design should be the same. Vary between light and dark themes, different fonts, different aesthetics. NEVER converge on common choices (Space Grotesk, for example) across generations.
**IMPORTANT**: Match implementation complexity to the aesthetic vision. Maximalist designs need elaborate code with extensive animations and effects. Minimalist or refined designs need restraint, precision, and careful attention to spacing, typography, and subtle details. Elegance comes from executing the vision well.
Remember: Claude is capable of extraordinary creative work. Don't hold back, show what can truly be created when thinking outside the box and committing fully to a distinctive vision.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Mauricio Siu