Documentation Index
Fetch the complete documentation index at: https://docs.hyperauth.dev/llms.txt
Use this file to discover all available pages before exploring further.
Updates
Prometheus metrics endpoint on the orchestrator. Self-hosted deployments can now scrapeGET /metrics for database query counts, query-duration histograms, connection-pool acquire waits, and total connections. The endpoint emits standard Prometheus text exposition and is intended for in-cluster scraping.Automatic audit-log partition management. The orchestrator now extends audit_events monthly partitions automatically via a scheduled Inngest job, with coverage pre-provisioned through February 2027. Operators no longer need to roll partitions by hand to keep audit ingestion healthy.Postgres operations runbook. A new runbook in the backend repo (docs/runbooks/postgres.md) documents connection topology, backups, migrations, the partition cron, observability, and the decommission gate for teams running HyperAuth themselves.New features
Live event tail for the dashboard. A new server-sent events stream (GET /v1/console/events) pushes audit events, session changes, webhook activity, and credential updates to the dashboard in real time. Streams are scoped per app via the channel and app query parameters. Connections authenticate with a short-lived (5-minute) UCAN passed as a query token and send heartbeats every 25 seconds. If a subscriber falls behind its 1000-event queue, the server emits a rewind-required sentinel so the client can resync. Expired tokens close the stream with a token-expired event. Enable it in the dashboard by setting NEXT_PUBLIC_HYPERAUTH_ENABLE_LIVE=true. See Architecture.New features
Email-code authentication flow. A new passwordless sign-in path that sends a one-time code over email and mints a session SBT once verified. Available in the SDK widget today; drop it into any app alongside passkey sign-in. See Authentication.@hyperauth/widget package. An embeddable, zero-config auth widget — inline, overlay, or full-page — with built-in flows for passkey and email-code sign-in. Style it with your host CSS or use the bundled theme. See UI components.Postgres control-plane on the orchestrator. The orchestrator now ships with a Postgres 17 service and a Drizzle ORM client. This lays the foundation for the control-plane tables that back upcoming admin and console endpoints. If you run the orchestrator locally, docker compose now starts a postgres service with a healthcheck and a named volume. Two new environment variables wire it up: DATABASE_URL (required) and DATABASE_MAX_CONNECTIONS (defaults to 10). Three scripts manage migrations: bun run db:generate, bun run db:migrate, and bun run db:studio. No schema is published yet; the first tables ship in the next release.HyperAuth dashboard preview. The console app is live in preview, with pages for apps, auth methods, branding, policies, users, sessions, credentials, API keys, webhooks, audit logs, team, and billing. Onboarding walks new operators through their first app. Pages render against a stable data boundary, with live /v1/console/* endpoints rolling out per resource.Email-verify orchestrator (backend). A new Inngest-powered backend service handles email code delivery, expiry sweeps, session minting, and revocation end-to-end. Self-hosters get a deployable orchestrator image; SDK users get a faster, more reliable email flow. See Deploy.Updates
HyperAuth provider in the dashboard. The HyperAuth admin dashboard now boots the SDK at the app root, with the required Content Security Policy directives emitted automatically in production. NewNEXT_PUBLIC_HYPERAUTH_* environment variables let self-hosters point the dashboard at their own enclave, vault, and chain. See Configuration.Pimlico bundler error mapping. Userop submission now surfaces structured errors from the Pimlico bundler instead of raw RPC payloads, so failed transactions are easier to diagnose. See Bundler API.Bug fixes
Smart account safety check.AccountHelper now rejects a zero address in its constructor, preventing accidental deployment against an unset entrypoint. See Contracts reference.