Single Tenant

.dockerignore

@@ -6,6 +6,14 @@
 # Ignore bundler config.
 /.bundle
 
+# Ignore documentation
+/docs/
+/README.md
+/CLAUDE.md
+/AGENTS.md
+/STYLE.md
+/CONTRIBUTING.md
+
 # Ignore all environment files (except templates).
 /.env*
 !/.env*.erb

.github/dependabot.yml

@@ -30,4 +30,3 @@ updates:
     open-pull-requests-limit: 10
     cooldown:
       default-days: 7
-      semver-major-days: 14

.github/workflows/ci-checks.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: ruby/setup-ruby@v1
         with:
           ruby-version: .ruby-version
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: ruby/setup-ruby@v1
         with:
           ruby-version: .ruby-version

.github/workflows/publish-image.yml

@@ -39,13 +39,13 @@ jobs:
       IMAGE_NAME: ${{ github.repository }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6
 
       - name: Set up Docker Buildx
         uses: docker/[email protected]
 
       - name: Log in to GHCR
-        uses: docker/login-action@v3.5.0
+        uses: docker/login-action@v3.6.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -62,7 +62,7 @@ jobs:
 
       - name: Extract Docker metadata (tags, labels) with arch suffix
         id: meta
-        uses: docker/metadata-action@v5.8.0
+        uses: docker/metadata-action@v5.10.0
         with:
           images: ${{ steps.vars.outputs.canonical }}
           tags: |
@@ -118,7 +118,7 @@ jobs:
         uses: docker/[email protected]
 
       - name: Log in to GHCR
-        uses: docker/login-action@v3.5.0
+        uses: docker/login-action@v3.6.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -135,7 +135,7 @@ jobs:
 
       - name: Compute base tags (no suffix)
         id: meta
-        uses: docker/metadata-action@v5.8.0
+        uses: docker/metadata-action@v5.10.0
         with:
           images: ${{ steps.vars.outputs.canonical }}
           tags: |
@@ -179,7 +179,7 @@ jobs:
           done <<< "$tags"
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.9.2
+        uses: sigstore/cosign-installer@v4.0.0
 
       - name: Cosign sign all tags (keyless OIDC)
         shell: bash

.github/workflows/test.yml

@@ -56,7 +56,7 @@ jobs:
       - name: Install system packages
         run: sudo apt-get update && sudo apt-get install --no-install-recommends -y libsqlite3-0 libvips curl ffmpeg
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - uses: ruby/setup-ruby@v1
         with:

.gitleaks.toml

@@ -6,4 +6,6 @@ paths = [
   '''log''',
   '''tmp''',
   '''.*\.yml\.enc''',
+  '''docs/''',
+  '''test/''',
 ]

.gitleaksignore

@@ -1,9 +1,3 @@
 d8463077:gems/fizzy-saas/bin/setup:generic-api-key:54
 c4073c1c:app/models/integration/basecamp.rb:generic-api-key:3
 c4073c1c:app/models/integration/basecamp.rb:generic-api-key:4
-02a42167:test/models/webhook_test.rb:slack-webhook-url:57
-2fc9215b:test/models/webhook/delivery_test.rb:slack-webhook-url:156
-2fc9215b:test/models/webhook_test.rb:slack-webhook-url:57
-a515ea3b:test/fixtures/webhooks.yml:generic-api-key:5
-a515ea3b:test/fixtures/webhooks.yml:generic-api-key:11
-1f21c12c:test/vcr_cassettes/command/ai/translator_test-test_combine_commands_and_filters.yml:github-oauth:73012

Gemfile.lock

@@ -13,7 +13,7 @@ GIT
 
 GIT
   remote: https://github.com/rails/rails.git
-  revision: bf81d40a91880c059ce9d0447219385a2c8e4a15
+  revision: 0636a79d1bf268db6cdbbc6327106d08c3ff3751
   branch: ast-immediate-variants-process-locally
   specs:
     actioncable (8.2.0.alpha)

Gemfile.saas.lock

@@ -21,7 +21,7 @@ GIT
 
 GIT
   remote: https://github.com/basecamp/fizzy-saas
-  revision: 43dbc896ce7b6a08194a92ddd1695d3f1ebf554b
+  revision: a14df11b57818697df4b2cc7b6a43e762ebaa196
   specs:
     fizzy-saas (0.1.0)
       audits1984
@@ -82,7 +82,7 @@ GIT
 
 GIT
   remote: https://github.com/rails/rails.git
-  revision: bf81d40a91880c059ce9d0447219385a2c8e4a15
+  revision: 0636a79d1bf268db6cdbbc6327106d08c3ff3751
   branch: ast-immediate-variants-process-locally
   specs:
     actioncable (8.2.0.alpha)

README.md

@@ -38,6 +38,8 @@ We've added comments to that file to highlight what each setting needs to be, bu
 - `proxy/ssl` and `proxy/host`: Kamal can set up SSL certificates for you automatically. To enable that, set the hostname again as `host`. If you don't want SSL for some reason, you can set `ssl: false` to turn it off.
 - `env/clear/MAILER_FROM_ADDRESS`: This is the email address that Fizzy will send emails from. It should usually be an address from the same domain where you're running Fizzy.
 - `env/clear/SMTP_ADDRESS`: The address of an SMTP server that you can send email through. You can use a 3rd-party service for this, like Sendgrid or Postmark, in which case their documentation will tell you what to use for this.
+- `env/clear/MULTI_TENANT`: Set to `false` to enable single-tenant mode (disable multi-account signups).
+
 
 Fizzy also requires a few environment variables to be set up, some of which contain secrets.
 The simplest way to do this is to put them in a file called `.kamal/secrets`.
@@ -93,6 +95,25 @@ After the first deploy is done, any subsequent steps won't need to do that initi
 bin/kamal deploy
 ```
 
+## File storage (Active Storage)
+
+Production uses the local disk service by default. To use any other service defined in `config/storage.yml`, set `ACTIVE_STORAGE_SERVICE`.
+
+To use the included `s3` service, set:
+
+- `ACTIVE_STORAGE_SERVICE=s3`
+- `S3_ACCESS_KEY_ID`
+- `S3_BUCKET` (defaults to `fizzy-#{Rails.env}-activestorage`)
+- `S3_REGION` (defaults to `us-east-1`)
+- `S3_SECRET_ACCESS_KEY`
+
+Optional for S3-compatible endpoints:
+
+- `S3_ENDPOINT`
+- `S3_FORCE_PATH_STYLE=true`
+- `S3_REQUEST_CHECKSUM_CALCULATION` (defaults to `when_supported`)
+- `S3_RESPONSE_CHECKSUM_VALIDATION` (defaults to `when_supported`)
+
 ## Development
 
 ### Setting up

app/assets/stylesheets/access-tokens.css

@@ -0,0 +1,19 @@
+.access_tokens_table {
+  border-collapse: collapse;
+  inline-size: 100%;
+
+  td, th {
+    border-block-end: 1px solid var(--color-ink-light);
+    padding-inline: var(--inline-space);
+    text-align: start;
+  }
+
+  th {
+    font-size: var(--text-x-small);
+    text-transform: uppercase;
+  }
+
+  tr:nth-of-type(even) {
+    background-color: var(--color-ink-lightest);
+  }
+}

app/assets/stylesheets/lexxy.css

@@ -295,6 +295,10 @@
 
     max-height: 200px;
     overflow: scroll;
+
+    &:is(.lexxy-prompt-menu--visible) {
+      padding: var(--lexxy-prompt-padding);
+    }
   }
 
   .lexxy-prompt-menu--visible {

app/assets/stylesheets/nav.css

@@ -219,6 +219,15 @@
     }
   }
 
+  .nav__blank-slate {
+    font-size: var(--text-small);
+    margin: 1rem auto;
+
+    .nav:has(.popup__item:not([hidden])) & {
+      display: none;
+    }
+  }
+
   .nav__footer {
     background-color: var(--color-canvas);
     border-block-start: 1px solid var(--color-ink-lighter);

app/assets/stylesheets/utilities.css

@@ -116,6 +116,8 @@
     pointer-events: none;
   }
 
+  .cursor-pointer { cursor: pointer; }
+
   /* Padding */
   .pad { padding: var(--block-space) var(--inline-space); }
   .pad-double { padding: var(--block-space-double) var(--inline-space-double); }

app/controllers/account/join_codes_controller.rb

@@ -9,8 +9,11 @@ def edit
   end
 
   def update
-    @join_code.update!(join_code_params)
-    redirect_to account_join_code_path
+    if @join_code.update(join_code_params)
+      redirect_to account_join_code_path
+    else
+      render :edit, status: :unprocessable_entity
+    end
   end
 
   def destroy

app/controllers/boards/columns_controller.rb

@@ -3,21 +3,41 @@ class Boards::ColumnsController < ApplicationController
 
   before_action :set_column, only: %i[ show update destroy ]
 
+  def index
+    @columns = @board.columns.sorted
+    fresh_when etag: @columns
+  end
+
   def show
     set_page_and_extract_portion_from @column.cards.active.latest.with_golden_first.preloaded
     fresh_when etag: @page.records
   end
 
   def create
     @column = @board.columns.create!(column_params)
+
+    respond_to do |format|
+      format.turbo_stream
+      format.json { head :created, location: board_column_path(@board, @column, format: :json) }
+    end
   end
 
   def update
     @column.update!(column_params)
+
+    respond_to do |format|
+      format.turbo_stream
+      format.json { head :no_content }
+    end
   end
 
   def destroy
     @column.destroy
+
+    respond_to do |format|
+      format.turbo_stream
+      format.json { head :no_content }
+    end
   end
 
   private

app/controllers/boards_controller.rb

@@ -1,9 +1,13 @@
 class BoardsController < ApplicationController
   include FilterScoped
 
-  before_action :set_board, except: %i[ new create ]
+  before_action :set_board, except: %i[ index new create ]
   before_action :ensure_permission_to_admin_board, only: %i[ update destroy ]
 
+  def index
+    set_page_and_extract_portion_from Current.user.boards
+  end
+
   def show
     if @filter.used?(ignore_boards: true)
       show_filtered_cards
@@ -18,7 +22,11 @@ def new
 
   def create
     @board = Board.create! board_params.with_defaults(all_access: true)
-    redirect_to board_path(@board)
+
+    respond_to do |format|
+      format.html { redirect_to board_path(@board) }
+      format.json { head :created, location: board_path(@board, format: :json) }
+    end
   end
 
   def edit
@@ -31,16 +39,25 @@ def update
     @board.update! board_params
     @board.accesses.revise granted: grantees, revoked: revokees if grantees_changed?
 
-    if @board.accessible_to?(Current.user)
-      redirect_to edit_board_path(@board), notice: "Saved"
-    else
-      redirect_to root_path, notice: "Saved (you were removed from the board)"
+    respond_to do |format|
+      format.html do
+        if @board.accessible_to?(Current.user)
+          redirect_to edit_board_path(@board), notice: "Saved"
+        else
+          redirect_to root_path, notice: "Saved (you were removed from the board)"
+        end
+      end
+      format.json { head :no_content }
     end
   end
 
   def destroy
     @board.destroy
-    redirect_to root_path
+
+    respond_to do |format|
+      format.html { redirect_to root_path }
+      format.json { head :no_content }
+    end
   end
 
   private

app/controllers/cards/assignments_controller.rb

@@ -9,5 +9,10 @@ def new
 
   def create
     @card.toggle_assignment @board.users.active.find(params[:assignee_id])
+
+    respond_to do |format|
+      format.turbo_stream
+      format.json { head :no_content }
+    end
   end
 end

app/controllers/cards/boards_controller.rb

@@ -11,7 +11,11 @@ def edit
 
   def update
     @card.move_to(@board)
-    redirect_to @card
+
+    respond_to do |format|
+      format.html { redirect_to @card }
+      format.json { head :no_content }
+    end
   end
 
   private

app/controllers/cards/closures_controller.rb

@@ -3,11 +3,19 @@ class Cards::ClosuresController < ApplicationController
 
   def create
     @card.close
-    render_card_replacement
+
+    respond_to do |format|
+      format.turbo_stream { render_card_replacement }
+      format.json { head :no_content }
+    end
   end
 
   def destroy
     @card.reopen
-    render_card_replacement
+
+    respond_to do |format|
+      format.turbo_stream { render_card_replacement }
+      format.json { head :no_content }
+    end
   end
 end