- SessionCreated event now carries only domain data (no isFirstSession)
- Mails listener uses ordered guard clauses, deferring the DB query
until cheaper checks pass
- Drop $user Document allocation in favour of direct array access
- Inline FileName validator and $smtpEnabled into their use sites
- Extract $isBranded to eliminate duplicate APP_BRANDED_EMAIL_BASE_TEMPLATE check
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Moves session alert email side effect out of the account controller
into a dedicated `Mails` listener that reacts to a new `SessionCreated`
bus event. The event is now always dispatched on session creation; the
listener owns all conditional logic (first session, sessionAlerts flag,
email-link sessions, user email presence).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Swap the order of createDocument('sessions') and purgeCachedDocument('users')
in the email/password session creation flow. Previously, the cache was purged
before the session was written, opening a race window in Swoole's async
environment where a concurrent account.get() could re-cache the user with no
sessions, causing sessionVerify to fail with a 401. This matches the correct
ordering already used by the token-based flows (magic URL, OTP, phone).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Optimize updateDocument() calls across the codebase to pass only changed
attributes as sparse Document objects rather than full documents. This is
more efficient because updateDocument() internally performs array_merge().
Changes:
- Updated 58 files to use sparse Document objects
- Added Performance Patterns section to AGENTS.md with optimization guidelines
- Applied pattern to Workers, Functions, Sites, Teams, VCS modules
- Updated app/controllers/api files (account, users, messaging)
- Updated app infrastructure files (realtime, general, init/resources, shared/api)
Exceptions maintained:
- Migration files (need full document updates by design)
- Cases with 6+ attributes (marginal benefit)
- Complex nested relationship logic
Updated the handling of OAuth provider configurations to ensure that defaults are set when parameters are missing. This change improves error handling by checking for null values and ensuring class existence before proceeding with OAuth operations.
- Upgrade utopia-php/cli from 0.15 to 0.22
- Upgrade utopia-php/analytics from 0.10 to 0.15
- Upgrade utopia-php/orchestration from 0.9 to 0.19
- Use dev branches for utopia-php/framework and utopia-php/platform
- Remove utopia-php/swoole dependency (merged into framework)
- Migrate Utopia\CLI\Console to Utopia\Console across all files
- Migrate Utopia\Http to Utopia\Http\Http namespace
- Migrate Utopia\Swoole\Files to Utopia\Http\Files (now instance-based)
- Convert static CLI::setResource() calls to instance-based Dependency API
- Fix StatsResources task named parameter mismatch
loks0n
Harsh Mahajan
Chirag Aggarwal
Matej Bačo
Harsh Mahajan
eldadfux
Jake Barnby
Hemachandar
fogelito
Damodar Lohani