Stasis

We're bringing 100+ hack clubbers from all over the world to Austin, TX for a 4-day hardware hackathon. Design 3 projects, get to build them, and come down to Austin to meet talented teenagers from all over the world!

Development

First, populate the .env based on .env.example. On Hack Club Auth, create an application and set the callback url of http://localhost:3000/api/auth/oauth2/callback/hca

Install docker, then use ./dev.sh to start the dev environment.

Name	Name	Last commit message	Last commit date
Latest commit gusruben move saturday project demos to 4:30 May 16, 2026 ee78fb3 · · May 16, 2026 History 749 Commits
.claude	.claude	fix claude code config	Apr 10, 2026
.github/workflows	.github/workflows	remove GHA docker layer cache + add yarn cache mount + disable daily …	Mar 5, 2026
.vscode	.vscode	better-auth with HCA	Dec 13, 2025
app	app	move saturday project demos to 4:30	May 16, 2026
lib	lib	remove MIN_BITS_FOR_INVENTORY gate	May 16, 2026
prisma	prisma	Rework inventory (3D printer queue, general QOL improvements) (#37 )	May 16, 2026
public	public	remove leftover vercel artifacts	May 7, 2026
scripts	scripts	many attendance page chagnes	May 5, 2026
types	types	fix Web Serial types missing from /flash build	May 6, 2026
.dockerignore	.dockerignore	coolify pls work (docker compose changes)	Jan 13, 2026
.env.example	.env.example	add integrations projects API with bearer auth	May 12, 2026
.gitignore	.gitignore	remove leftover vercel artifacts	May 7, 2026
.impeccable.md	.impeccable.md	add colored dropdown component to attendance admin	May 5, 2026
AGENTS.md	AGENTS.md	Prelaunch mode ui	Feb 5, 2026
CLAUDE.md	CLAUDE.md	let admins bypass INVENTORY_HIDDEN and other inventory gates	May 13, 2026
Dockerfile	Dockerfile	skip standalone output and Sentry build plugin for local builds	Mar 27, 2026
README.md	README.md	add stasis logo	Feb 14, 2026
SPEC.md	SPEC.md	* Fix 3 critical security/logic issues in inventory system - Verify caller is a team member or admin before allowing member removal (previously any authenticated user could kick anyone off any team) - Exclude cancelled orders from maxPerTeam quota calculations in both item display and order validation queries - Verify SSE subscribers belong to the requested team (or are admin) to prevent cross-team event snooping Co-Authored-By: Claude Opus 4.6 * Security hardening: comprehensive inventory system audit fixes - Add input sanitization (DOMPurify) to all user-supplied fields across inventory routes (team names, locations, item names, descriptions) - Fix IDOR: require team membership/admin to add members or view team details - Fix authorization: restrict member removal to self-leave or admin only - Fix race condition: use Serializable isolation on order stock transactions - Remove email from non-admin API responses to protect minor PII - Add requireInventoryAccess() gate to items, tools, teams, orders, rentals - Validate quantity (positive int), floor (1-N range), location (max 200 chars), team name (max 100 chars), imageUrl (HTTPS-only, rejects javascript:/data:) - Add audit logging for all user actions (order place/cancel, rental create, team create/join/leave/delete/rename, member add/kick, badge assign) - Cap SSE connections (50/key, 500 total) to prevent DoS - Block team deletion when active orders or rentals exist - Fix shop purchase error re-throw that could leak internal state - Add import hardening (500 item cap, Infinity blocked, sanitized strings) Co-Authored-By: Claude Opus 4.6 * Add migration for inventory audit action enum values Co-Authored-By: Claude Opus 4.6 * Fix inventory prerender error with loading boundary * Fix Copilot review issues: inventory validation, notifications, team permissions * Fix Copilot review round 2: race conditions, validation, cart limits, partial checkout * Fix Copilot review round 3: lookup type mismatch, cart tracking, config NaN guard, import validation * Fix Copilot review round 4: SSE cleanup, import error handling, loading state, Slack escaping * Fix Copilot review round 5: team race conditions, nullable names, lock check, state refresh * Fix Copilot review round 6: rename race condition, tool input type guards * Fix Copilot review round 7: order state machine, cancel idempotency, serialization errors * Fix maxPerTeam input min value to match server validation --------- Co-authored-by: Amp Co-authored-by: Claude Opus 4.6 Co-authored-by: Clay Nicholson <[email protected]>ithub.com>uthored-by: Clay Nicholson <[email protected]>" class="Link--secondary" href="https://github.com/hackclub/stasis/commit/892929ef6badd6983c5293d1e8bb8093dfe30e18">Add inventory system for in-person hackathon (#13 * Fix 3 critical security/logic issues in inventory system - Verify caller is a team member or admin before allowing member removal (previously any authenticated user could kick anyone off any team) - Exclude cancelled orders from maxPerTeam quota calculations in both item display and order validation queries - Verify SSE subscribers belong to the requested team (or are admin) to prevent cross-team event snooping Co-Authored-By: Claude Opus 4.6 * Security hardening: comprehensive inventory system audit fixes - Add input sanitization (DOMPurify) to all user-supplied fields across inventory routes (team names, locations, item names, descriptions) - Fix IDOR: require team membership/admin to add members or view team details - Fix authorization: restrict member removal to self-leave or admin only - Fix race condition: use Serializable isolation on order stock transactions - Remove email from non-admin API responses to protect minor PII - Add requireInventoryAccess() gate to items, tools, teams, orders, rentals - Validate quantity (positive int), floor (1-N range), location (max 200 chars), team name (max 100 chars), imageUrl (HTTPS-only, rejects javascript:/data:) - Add audit logging for all user actions (order place/cancel, rental create, team create/join/leave/delete/rename, member add/kick, badge assign) - Cap SSE connections (50/key, 500 total) to prevent DoS - Block team deletion when active orders or rentals exist - Fix shop purchase error re-throw that could leak internal state - Add import hardening (500 item cap, Infinity blocked, sanitized strings) Co-Authored-By: Claude Opus 4.6 * Add migration for inventory audit action enum values Co-Authored-By: Claude Opus 4.6 * Fix inventory prerender error with loading boundary * Fix Copilot review issues: inventory validation, notifications, team permissions * Fix Copilot review round 2: race conditions, validation, cart limits, partial checkout * Fix Copilot review round 3: lookup type mismatch, cart tracking, config NaN guard, import validation * Fix Copilot review round 4: SSE cleanup, import error handling, loading state, Slack escaping * Fix Copilot review round 5: team race conditions, nullable names, lock check, state refresh * Fix Copilot review round 6: rename race condition, tool input type guards * Fix Copilot review round 7: order state machine, cancel idempotency, serialization errors * Fix maxPerTeam input min value to match server validation --------- Co-authored-by: Amp Co-authored-by: Claude Opus 4.6 Co-authored-by: Clay Nicholson <[email protected]>ithub.com>uthored-by: Clay Nicholson <[email protected]>" class="Link--secondary" href="https://github.com/hackclub/stasis/commit/892929ef6badd6983c5293d1e8bb8093dfe30e18">)	Apr 14, 2026
dev.sh	dev.sh	Use migrate deploy in dev.sh to avoid unnecessary migration prompts	Mar 31, 2026
docker-compose-local-debug.yaml	docker-compose-local-debug.yaml	setup prisma and postgres docker dev env	Dec 12, 2025
docker-compose.yaml	docker-compose.yaml	various fixes	Mar 3, 2026
eslint.config.mjs	eslint.config.mjs	initial commit	Dec 11, 2025
instrumentation-client.ts	instrumentation-client.ts	filter out nothingburger seer browser error	Mar 4, 2026
instrumentation.ts	instrumentation.ts	* Fix 3 critical security/logic issues in inventory system - Verify caller is a team member or admin before allowing member removal (previously any authenticated user could kick anyone off any team) - Exclude cancelled orders from maxPerTeam quota calculations in both item display and order validation queries - Verify SSE subscribers belong to the requested team (or are admin) to prevent cross-team event snooping Co-Authored-By: Claude Opus 4.6 * Security hardening: comprehensive inventory system audit fixes - Add input sanitization (DOMPurify) to all user-supplied fields across inventory routes (team names, locations, item names, descriptions) - Fix IDOR: require team membership/admin to add members or view team details - Fix authorization: restrict member removal to self-leave or admin only - Fix race condition: use Serializable isolation on order stock transactions - Remove email from non-admin API responses to protect minor PII - Add requireInventoryAccess() gate to items, tools, teams, orders, rentals - Validate quantity (positive int), floor (1-N range), location (max 200 chars), team name (max 100 chars), imageUrl (HTTPS-only, rejects javascript:/data:) - Add audit logging for all user actions (order place/cancel, rental create, team create/join/leave/delete/rename, member add/kick, badge assign) - Cap SSE connections (50/key, 500 total) to prevent DoS - Block team deletion when active orders or rentals exist - Fix shop purchase error re-throw that could leak internal state - Add import hardening (500 item cap, Infinity blocked, sanitized strings) Co-Authored-By: Claude Opus 4.6 * Add migration for inventory audit action enum values Co-Authored-By: Claude Opus 4.6 * Fix inventory prerender error with loading boundary * Fix Copilot review issues: inventory validation, notifications, team permissions * Fix Copilot review round 2: race conditions, validation, cart limits, partial checkout * Fix Copilot review round 3: lookup type mismatch, cart tracking, config NaN guard, import validation * Fix Copilot review round 4: SSE cleanup, import error handling, loading state, Slack escaping * Fix Copilot review round 5: team race conditions, nullable names, lock check, state refresh * Fix Copilot review round 6: rename race condition, tool input type guards * Fix Copilot review round 7: order state machine, cancel idempotency, serialization errors * Fix maxPerTeam input min value to match server validation --------- Co-authored-by: Amp Co-authored-by: Claude Opus 4.6 Co-authored-by: Clay Nicholson <[email protected]>ithub.com>uthored-by: Clay Nicholson <[email protected]>" class="Link--secondary" href="https://github.com/hackclub/stasis/commit/892929ef6badd6983c5293d1e8bb8093dfe30e18">Add inventory system for in-person hackathon (#13 * Fix 3 critical security/logic issues in inventory system - Verify caller is a team member or admin before allowing member removal (previously any authenticated user could kick anyone off any team) - Exclude cancelled orders from maxPerTeam quota calculations in both item display and order validation queries - Verify SSE subscribers belong to the requested team (or are admin) to prevent cross-team event snooping Co-Authored-By: Claude Opus 4.6 * Security hardening: comprehensive inventory system audit fixes - Add input sanitization (DOMPurify) to all user-supplied fields across inventory routes (team names, locations, item names, descriptions) - Fix IDOR: require team membership/admin to add members or view team details - Fix authorization: restrict member removal to self-leave or admin only - Fix race condition: use Serializable isolation on order stock transactions - Remove email from non-admin API responses to protect minor PII - Add requireInventoryAccess() gate to items, tools, teams, orders, rentals - Validate quantity (positive int), floor (1-N range), location (max 200 chars), team name (max 100 chars), imageUrl (HTTPS-only, rejects javascript:/data:) - Add audit logging for all user actions (order place/cancel, rental create, team create/join/leave/delete/rename, member add/kick, badge assign) - Cap SSE connections (50/key, 500 total) to prevent DoS - Block team deletion when active orders or rentals exist - Fix shop purchase error re-throw that could leak internal state - Add import hardening (500 item cap, Infinity blocked, sanitized strings) Co-Authored-By: Claude Opus 4.6 * Add migration for inventory audit action enum values Co-Authored-By: Claude Opus 4.6 * Fix inventory prerender error with loading boundary * Fix Copilot review issues: inventory validation, notifications, team permissions * Fix Copilot review round 2: race conditions, validation, cart limits, partial checkout * Fix Copilot review round 3: lookup type mismatch, cart tracking, config NaN guard, import validation * Fix Copilot review round 4: SSE cleanup, import error handling, loading state, Slack escaping * Fix Copilot review round 5: team race conditions, nullable names, lock check, state refresh * Fix Copilot review round 6: rename race condition, tool input type guards * Fix Copilot review round 7: order state machine, cancel idempotency, serialization errors * Fix maxPerTeam input min value to match server validation --------- Co-authored-by: Amp Co-authored-by: Claude Opus 4.6 Co-authored-by: Clay Nicholson <[email protected]>ithub.com>uthored-by: Clay Nicholson <[email protected]>" class="Link--secondary" href="https://github.com/hackclub/stasis/commit/892929ef6badd6983c5293d1e8bb8093dfe30e18">)	Apr 14, 2026
mdx-components.tsx	mdx-components.tsx	various fixes	Mar 3, 2026
middleware.ts	middleware.ts	Rework inventory (3D printer queue, general QOL improvements) (#37 )	May 16, 2026
next.config.ts	next.config.ts	remove leftover vercel artifacts	May 7, 2026
package.json	package.json	speed up admin review and add keyboard shortcuts	Apr 30, 2026
postcss.config.mjs	postcss.config.mjs	initial commit	Dec 11, 2025
prisma.config.ts	prisma.config.ts	add migration to do	Jan 14, 2026
promote-to-prod.sh	promote-to-prod.sh	show committer name in promote to prod script	Apr 8, 2026
pronouns.csv	pronouns.csv	attendance	May 5, 2026
sentry.edge.config.ts	sentry.edge.config.ts	disable sentry on dev and titles for timeline	Feb 1, 2026
sentry.server.config.ts	sentry.server.config.ts	disable sentry on dev and titles for timeline	Feb 1, 2026
slack thumbnail.png	slack thumbnail.png	Change OS ticket price to 250 + update ogimg	Mar 7, 2026
stasis-main.zip	stasis-main.zip	Basic frontend ported from svelte version	Dec 11, 2025
tmp_query.sql	tmp_query.sql	Ion know	Mar 4, 2026
tsconfig.json	tsconfig.json	initial commit	Dec 11, 2025
yarn.lock	yarn.lock	speed up admin review and add keyboard shortcuts	Apr 30, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Stasis

Development

About

Packages 1

Contributors 13

Languages

Folders and files

Latest commit

History

Repository files navigation

Stasis

Development

About

Resources

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages 1

Contributors 13

Languages