fix(auth): resolve signup duplicate key & session conflicts

- fix(auth): use admin client to bypass RLS for profile upsert (fixes 42501/23505)
- fix(auth): sign out existing session before callback exchange to prevent wrong-profile redirect
- fix(ui): restore brand orange primary color in dark mode
- fix(types): add missing frequency types in ScheduledPayrollClient
- chore(deps): remove unused @stacks/stacking, @stacks/storage, @stacks/profile
- refactor(stacks): remove dead Blockstack SDK fallbacks (authenticate, showBlockstackConnect)
- refactor(auth): remove unused supabase client from login page
- chore: update git remote to Quaddlab and bump Next.js README badge to 16
- test: add clear-all-users cleanup script

Author: Wutche

README.md

@@ -16,7 +16,7 @@
   <img src="https://img.shields.io/badge/NETWORK-STACKS_TESTNET-5546FF?style=for-the-badge&logo=stacks&logoColor=white" />
   <img src="https://img.shields.io/badge/ASSETS-BTC_%7C_STX-FF6B00?style=for-the-badge&logo=bitcoin&logoColor=white" />
   <img src="https://img.shields.io/badge/CONTRACT-CLARITY_2.1-71717A?style=for-the-badge&logo=docsdotrs&logoColor=white" />
-  <img src="https://img.shields.io/badge/FRONTEND-NEXT.JS_15-000000?style=for-the-badge&logo=nextdotjs&logoColor=white" />
+  <img src="https://img.shields.io/badge/FRONTEND-NEXT.JS_16-000000?style=for-the-badge&logo=nextdotjs&logoColor=white" />
   <img src="https://img.shields.io/badge/DATA-SUPABASE_POSTGRES-3FCF8E?style=for-the-badge&logo=supabase&logoColor=white" />
 </p>
 

package-lock.json

@@ -24,9 +24,6 @@
     "@stacks/connect-react": "^23.1.4",
     "@stacks/encryption": "^7.3.1",
     "@stacks/network": "^7.3.1",
-    "@stacks/profile": "^7.3.1",
-    "@stacks/stacking": "^7.3.1",
-    "@stacks/storage": "^7.3.1",
     "@stacks/transactions": "^7.3.1",
     "@supabase/ssr": "^0.8.0",
     "@supabase/supabase-js": "^2.89.0",

package.json

@@ -0,0 +1,92 @@
+/**
+ * One-off script to clear all users from Supabase (auth + profiles).
+ * Run with: npx tsx scripts/clear-all-users.ts
+ * 
+ * ⚠️ This deletes ALL users and profiles. Use only in development.
+ */
+
+import { createClient } from '@supabase/supabase-js'
+import { readFileSync } from 'fs'
+import { resolve } from 'path'
+
+// Parse .env.local manually (no dotenv dependency needed)
+function loadEnv(): Record<string, string> {
+  const envPath = resolve(__dirname, '..', '.env.local')
+  const content = readFileSync(envPath, 'utf-8')
+  const env: Record<string, string> = {}
+  for (const line of content.split('\n')) {
+    const trimmed = line.trim()
+    if (!trimmed || trimmed.startsWith('#')) continue
+    const eqIndex = trimmed.indexOf('=')
+    if (eqIndex === -1) continue
+    const key = trimmed.slice(0, eqIndex).trim()
+    let value = trimmed.slice(eqIndex + 1).trim()
+    // Strip surrounding quotes
+    if ((value.startsWith('"') && value.endsWith('"')) ||
+        (value.startsWith("'") && value.endsWith("'"))) {
+      value = value.slice(1, -1)
+    }
+    env[key] = value
+  }
+  return env
+}
+
+const env = loadEnv()
+const url = env.NEXT_PUBLIC_SUPABASE_URL
+const serviceKey = env.SUPABASE_SERVICE_ROLE_KEY
+
+if (!url || !serviceKey) {
+  console.error('❌ Missing NEXT_PUBLIC_SUPABASE_URL or SUPABASE_SERVICE_ROLE_KEY in .env.local')
+  process.exit(1)
+}
+
+const supabase = createClient(url, serviceKey, {
+  auth: { autoRefreshToken: false, persistSession: false }
+})
+
+async function clearAllUsers() {
+  console.log('🗑️  Clearing all users from Supabase...\n')
+
+  // 1. Delete all profiles first (foreign key dependency)
+  const { error: profilesError } = await supabase
+    .from('profiles')
+    .delete()
+    .neq('id', '00000000-0000-0000-0000-000000000000') // deletes all rows
+
+  if (profilesError) {
+    console.error('❌ Error deleting profiles:', profilesError.message)
+  } else {
+    console.log('✅ All profiles deleted')
+  }
+
+  // 2. List all auth users
+  const { data: usersData, error: listError } = await supabase.auth.admin.listUsers()
+
+  if (listError) {
+    console.error('❌ Error listing users:', listError.message)
+    return
+  }
+
+  const users = usersData?.users || []
+  console.log(`📋 Found ${users.length} auth user(s)\n`)
+
+  if (users.length === 0) {
+    console.log('✅ No users to delete — database is already clean!')
+    return
+  }
+
+  // 3. Delete each auth user
+  for (const user of users) {
+    const { error: deleteError } = await supabase.auth.admin.deleteUser(user.id)
+    if (deleteError) {
+      console.error(`❌ Failed to delete ${user.email}: ${deleteError.message}`)
+    } else {
+      console.log(`✅ Deleted: ${user.email} (${user.id})`)
+    }
+  }
+
+  console.log('\n🎉 Done! All users and profiles have been cleared.')
+  console.log('   You can now sign up with a fresh account.')
+}
+
+clearAllUsers().catch(console.error)

scripts/clear-all-users.ts

@@ -8,7 +8,6 @@ import { Card, CardContent, CardHeader, CardTitle, CardDescription } from "@/com
 import { Input } from "@/components/ui/input"
 import { Label } from "@/components/ui/label"
 
-import { createClient } from "@/lib/supabase"
 import { login } from "@/app/actions/auth"
 import { useRouter } from "next/navigation"
 import { Loader2 } from "lucide-react"
@@ -21,7 +20,6 @@ export default function LoginPage() {
   const [isLoading, setIsLoading] = React.useState(false)
   const { showNotification } = useNotification()
   const router = useRouter()
-  const supabase = createClient()
   return (
     <div className="min-h-[calc(100vh-64px-137px)] flex items-center justify-center p-4">
       <div className="w-full max-w-md space-y-8 animate-in fade-in zoom-in duration-500">

src/app/(marketing)/login/page.tsx

@@ -33,10 +33,12 @@ export async function signUp(formData: {
   }
 
   if (user) {
-    // Insert into profiles table
-    const { error: profileError } = await supabase
+    // Use the admin client (service role key) to bypass RLS for profile creation.
+    // The regular anon client can't write to the profiles table due to RLS policies.
+    const adminClient = await createAdminClient()
+    const { error: profileError } = await adminClient
       .from('profiles')
-      .insert([
+      .upsert(
         {
           id: user.id,
           role: formData.role,
@@ -46,13 +48,13 @@ export async function signUp(formData: {
           default_currency: formData.default_currency,
           organization_type: formData.organization_type,
           updated_at: new Date().toISOString(),
-        }
-      ])
+        },
+        { onConflict: 'id' }
+      )
 
     if (profileError) {
       console.error('Error creating profile:', profileError)
-      // We don't necessarily want to fail the whole signup if profile creation fails,
-      // but we should log it. In a production app, we might want more robust handling.
+      return { error: `Account created but profile setup failed: ${profileError.message}. Please try logging in or contact support.` }
     }
   }
 

src/app/actions/auth.ts

@@ -27,6 +27,11 @@ export async function GET(request: Request) {
         },
       }
     )
+    // Sign out any existing session before exchanging the code.
+    // This prevents the confirmation link from landing on a stale/wrong profile
+    // when the user is already logged into a different account.
+    await supabase.auth.signOut()
+
     const { error } = await supabase.auth.exchangeCodeForSession(code)
     if (!error) {
       return NextResponse.redirect(`${origin}${next}`)

src/app/auth/callback/route.ts

@@ -56,7 +56,7 @@ interface ScheduleItem {
 interface PayrollSchedule {
   id: string;
   name: string;
-  frequency: "weekly" | "monthly";
+  frequency: "minutes" | "hourly" | "daily" | "weekly" | "monthly";
   pay_day: number;
   status: "draft" | "ready" | "processing" | "paid";
   next_run_at: string | null;
@@ -398,12 +398,9 @@ export default function ScheduledPayrollPage({
           // First mark as ready
           await handleMarkReady(schedule.id);
         }
-        // Then run payroll - note: this triggers wallet popup but doesn't wait for approval
-        // Success notifications are handled in the onFinish callback of executeBatchPayroll
+
         await handleRunPayroll(schedule);
       }
-      // Don't show success here - the individual onFinish callbacks handle success notifications
-      // after the user actually approves each transaction on-chain
     } catch (err: any) {
       showNotification(
         "error",

src/app/dashboard/payroll/scheduled/ScheduledPayrollClient.tsx

@@ -73,8 +73,8 @@
   --card-foreground: oklch(0.985 0 0);
   --popover: oklch(0.205 0 0);
   --popover-foreground: oklch(0.985 0 0);
-  --primary: oklch(0.922 0 0);
-  --primary-foreground: oklch(0.205 0 0);
+  --primary: #ff6b00;
+  --primary-foreground: #ffffff;
   --secondary: oklch(0.269 0 0);
   --secondary-foreground: oklch(0.985 0 0);
   --muted: oklch(0.269 0 0);

src/app/globals.css

@@ -54,10 +54,8 @@ export function useStacks() {
     };
 
     try {
-      // Try multiple export names to handle different package versions/bundlers
-      const connectFn = StacksConnect.showConnect || 
-                       (StacksConnect as any).authenticate || 
-                       (StacksConnect as any).showBlockstackConnect;
+      // @stacks/connect v8 exports showConnect directly
+      const connectFn = StacksConnect.showConnect;
 
       if (typeof connectFn === 'function') {
         connectFn(authOptions);