.cspell.json

@@ -8,6 +8,7 @@
     "EQAs",
     "analagous",
     "addrs",
+    "Tiering",
     "subscriberpayloaddto",
     "adresses",
     "APIJSON",
@@ -727,7 +728,8 @@
     "liquified",
     "autoload",
     "novugo",
-    "titleize"
+    "titleize",
+    "oklch"
   ],
   "flagWords": [],
   "patterns": [

.github/actions/docker/build-api/action.yml

@@ -89,7 +89,7 @@ runs:
         docker tag novu-api $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
         docker run --network=host --name api -dit --env NODE_ENV=test $REGISTRY/$REPOSITORY:$IMAGE_TAG
-        docker run --network=host appropriate/curl --retry 10 --retry-delay 5 --retry-connrefused http://127.0.0.1:1337/v1/health-check | grep 'ok'
+        docker run --network=host appropriate/curl --retry 10 --retry-delay 5 --retry-connrefused http://127.0.0.1:1336/v1/health-check | grep 'ok'
 
         echo "IMAGE=$REGISTRY/$REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
 

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+
+updates:
+
+  # Maintain dependencies for Docker Compose
+  - package-ecosystem: "docker-compose"
+    directory: "/docker/community/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/dev-deploy-api.yml

@@ -20,16 +20,16 @@ env:
   NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
 
 jobs:
-  test_api:
-    uses: ./.github/workflows/reusable-api-e2e.yml
-    with:
-      ee: true
-      job-name: 'novu/api-ee'
-    secrets: inherit
+  # test_api:
+  #   uses: ./.github/workflows/reusable-api-e2e.yml
+  #   with:
+  #     ee: true
+  #     job-name: 'novu/api-ee'
+  #   secrets: inherit
 
   deploy_dev_api:
     runs-on: ubuntu-latest
-    needs: test_api
+    # needs: test_api
     timeout-minutes: 80
     environment: Development
     permissions:

.github/workflows/on-pr.yml

@@ -256,14 +256,14 @@ jobs:
   #   with:
   #     ee: true
 
-  # test_e2e_dashboard:
-  #   name: E2E test Dashboard app
-  #   needs: [get-affected]
-  #   if: ${{ contains(fromJson(needs.get-affected.outputs.test-e2e), '@novu/dashboard') }}
-  #   uses: ./.github/workflows/reusable-dashboard-e2e.yml
-  #   secrets: inherit
-  #   with:
-  #     ee: true
+  test_e2e_dashboard:
+    name: E2E test Dashboard app
+    needs: [get-affected]
+    if: ${{ contains(fromJson(needs.get-affected.outputs.test-e2e), '@novu/dashboard') }}
+    uses: ./.github/workflows/reusable-dashboard-e2e.yml
+    secrets: inherit
+    with:
+      ee: true
 
   test_e2e_widget:
     name: E2E test Widget

.github/workflows/prod-deploy-api.yml

@@ -30,9 +30,6 @@ jobs:
         with:
           submodules: true
 
-      - name: build api
-        run: pnpm build:api --skip-nx-cache
-
       - name: Set Up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
@@ -77,7 +74,7 @@ jobs:
           docker tag novu-api $REGISTRY/$REPOSITORY:$IMAGE_TAG
 
           docker run --network=host --name api -dit --env NODE_ENV=test $REGISTRY/$REPOSITORY:$IMAGE_TAG
-          docker run --network=host appropriate/curl --retry 10 --retry-delay 5 --retry-connrefused http://127.0.0.1:1337/v1/health-check | grep 'ok'
+          docker run --network=host appropriate/curl --retry 10 --retry-delay 5 --retry-connrefused http://127.0.0.1:1336/v1/health-check | grep 'ok'
 
           docker push $REGISTRY/$REPOSITORY:prod
           docker push $REGISTRY/$REPOSITORY:latest

.github/workflows/prod-deploy-worker.yml

@@ -30,9 +30,6 @@ jobs:
         with:
           submodules: true
 
-      - name: build worker
-        run: pnpm build:worker --skip-nx-cache
-
       - name: Set Up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:

.github/workflows/prod-deploy-ws.yml

@@ -31,9 +31,6 @@ jobs:
         run: |
           echo "BULL_MQ_PRO_NPM_TOKEN=${{ secrets.BULL_MQ_PRO_NPM_TOKEN }}" >> $GITHUB_ENV
 
-      - name: build ws
-        run: pnpm build:ws
-
       - name: Set Up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:

.github/workflows/reusable-api-e2e.yml

@@ -107,12 +107,6 @@ jobs:
         if: ${{ needs.check_submodule_token.outputs.has_token == 'true' && inputs.ee }}
         env:
           LAUNCH_DARKLY_SDK_KEY: ${{ secrets.LAUNCH_DARKLY_SDK_KEY }}
-          CI_EE_TEST: true
-          CLERK_ENABLED: true
-          CLERK_ISSUER_URL: ${{ vars.CLERK_ISSUER_URL }}
-          CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
-          CLERK_WEBHOOK_SECRET: ${{ secrets.CLERK_WEBHOOK_SECRET }}
-          CLERK_LONG_LIVED_TOKEN: ${{ secrets.CLERK_LONG_LIVED_TOKEN }}
         run: |
           pnpm --filter @novu/api-service test:e2e:novu-v2
 

.github/workflows/reusable-dashboard-e2e.yml

@@ -28,8 +28,8 @@ jobs:
       fail-fast: false
       matrix:
         # run 4 copies of the current job in parallel
-        containers: [1, 2, 3, 4]
-        total: [4]
+        containers: [1]
+        total: [1]
 
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
@@ -68,6 +68,30 @@ jobs:
         with:
           submodules: true
 
+      - name: Create .env file for the Dashboard app
+        working-directory: apps/dashboard
+        run: |
+          touch .env
+          echo VITE_LAUNCH_DARKLY_CLIENT_SIDE_ID=${{ secrets.LAUNCH_DARKLY_CLIENT_SIDE_ID }} >> .env
+          echo VITE_API_HOSTNAME=http://127.0.0.1:1336 >> .env
+          echo VITE_WEBSOCKET_HOSTNAME=http://127.0.0.1:1340 >> .env
+          echo VITE_LEGACY_DASHBOARD_URL=http://127.0.0.1:4200 >> .env
+          echo VITE_CLERK_PUBLISHABLE_KEY=${{ secrets.CLERK_E2E_PUBLISHABLE_KEY }} >> .env
+
+      - name: Create .env file for the Playwright
+        working-directory: apps/dashboard
+        run: |
+          touch .env.playwright
+          echo NOVU_ENTERPRISE=true >> .env.playwright
+          echo NEW_RELIC_ENABLED=false >> .env.playwright
+          echo NEW_RELIC_APP_NAME=Novu >> .env.playwright
+          echo MONGO_URL=mongodb://127.0.0.1:27017/novu-test >> .env.playwright
+          echo API_URL=http://127.0.0.1:1336 >> .env.playwright
+          echo CLERK_ENABLED=true >> .env.playwright
+          echo CLERK_PUBLISHABLE_KEY=${{ secrets.CLERK_E2E_PUBLISHABLE_KEY }} >> .env.playwright
+          echo CLERK_SECRET_KEY=${{ secrets.CLERK_E2E_SECRET_KEY }} >> .env.playwright
+          echo NODE_ENV=test >> .env.playwright
+
       - uses: mansagroup/nrwl-nx-action@v3
         with:
           targets: build
@@ -77,30 +101,33 @@ jobs:
       - uses: ./.github/actions/start-localstack
       - uses: ./.github/actions/setup-redis-cluster
 
-      - uses: ./.github/actions/run-backend
-        with:
-          cypress_github_oauth_client_id: ${{ secrets.CYPRESS_GITHUB_OAUTH_CLIENT_ID }}
-          cypress_github_oauth_client_secret: ${{ secrets.CYPRESS_GITHUB_OAUTH_CLIENT_SECRET }}
-          launch_darkly_sdk_key: ${{ secrets.LAUNCH_DARKLY_SDK_KEY }}
-          ci_ee_test: ${{ steps.determine_run_type.outputs.enterprise_run }}
+      - name: Start API in TEST
+        env:
+          CI_EE_TEST: true
+          CLERK_ENABLED: true
+          CLERK_ISSUER_URL: https://neat-mole-83.clerk.accounts.dev
+          CLERK_SECRET_KEY: ${{ secrets.CLERK_E2E_SECRET_KEY }}
+        run: |
+          cd apps/api && pnpm start:test &
+
+      - name: Start Worker
+        shell: bash
+        env:
+          NODE_ENV: 'test'
+          PORT: '1342'
+          CI_EE_TEST: true
+        run: cd apps/worker && pnpm start:test &
+
+      - name: Wait on API and Worker
+        shell: bash
+        run: wait-on --timeout=180000 http://127.0.0.1:1336/v1/health-check http://127.0.0.1:1342/v1/health-check
 
       - name: Start WS
         run: |
           cd apps/ws && pnpm start:test &
 
-      - name: Start Novu Dashboard
-        working-directory: apps/dashboard
-        env:
-          REACT_APP_API_URL: http://127.0.0.1:1336
-          REACT_APP_WS_URL: http://127.0.0.1:1340
-          REACT_APP_WEBHOOK_URL: http://127.0.0.1:1341
-          # Disable LaunchDarkly client-side SDK in the test environment to reduce E2E flakiness
-          REACT_APP_LAUNCH_DARKLY_CLIENT_SIDE_ID: ''
-          NOVU_ENTERPRISE: ${{ steps.determine_run_type.outputs.enterprise_run }}
-        run: pnpm start:static:build &
-
       - name: Wait on Services
-        run: wait-on --timeout=180000 http://127.0.0.1:1340/v1/health-check http://127.0.0.1:4201/
+        run: wait-on --timeout=180000 http://127.0.0.1:1340/v1/health-check
 
       - name: Install Playwright
         working-directory: apps/dashboard

.github/workflows/scripts/validate-submodule-sync.sh

@@ -0,0 +1,97 @@
+#!/bin/bash
+
+# Configuration
+SUBMODULES_TOKEN="$SUBMODULES_TOKEN"
+TARGET_BRANCH="${1:-next}"  
+SOURCE_SUBMODULE=".source"
+TIMEOUT_SECONDS=5  # Timeout after 5 seconds
+
+# Validate inputs
+if [ -z "$SUBMODULES_TOKEN" ]; then
+  echo "Error: SUBMODULES_TOKEN variable is required."
+  exit 1
+fi
+
+echo "
+🔍 Starting submodule synchronization check...
+"
+
+# Step 1: Fetch the latest commit hash from the private repository's target branch
+echo "📡 Fetching latest commit hash from private repository..."
+echo "   Branch: $TARGET_BRANCH"
+echo ""
+
+PRIVATE_REPO_URL_WITH_TOKEN="https://$SUBMODULES_TOKEN@github.com/novuhq/packages-enterprise.git"
+PRIVATE_BRANCH_HASH=$(timeout $TIMEOUT_SECONDS git ls-remote "$PRIVATE_REPO_URL_WITH_TOKEN" "refs/heads/$TARGET_BRANCH" | awk '{print $1}')
+
+if [ $? -eq 124 ]; then
+  echo "❌ Error: Operation timed out after $TIMEOUT_SECONDS seconds."
+  echo "   The git ls-remote command took too long to complete."
+  echo "   Please check:"
+  echo "   - Network connectivity"
+  echo "   - GitHub API availability"
+  echo "   - VPN or proxy settings if applicable"
+  echo ""
+  exit 1
+fi
+
+if [ -z "$PRIVATE_BRANCH_HASH" ]; then
+  echo "❌ Error: Failed to fetch commit hash from private repository."
+  echo "   Possible reasons:"
+  echo "   - No access to the private repository"
+  echo "   - Network connectivity issues"
+  echo "   - Invalid repository URL or branch"
+  echo "   - Branch '$TARGET_BRANCH' might not exist"
+  echo "   Please check your access and ensure the branch exists."
+  echo ""
+  exit 1
+fi
+echo "✅ Successfully fetched private repository hash"
+echo "   Commit hash: $PRIVATE_BRANCH_HASH"
+echo ""
+
+# Step 2: Get the current commit hash from the .source submodule
+echo "📂 Checking .source submodule..."
+if [ ! -d "$SOURCE_SUBMODULE" ]; then
+  echo "❌ Error: .source submodule directory not found!"
+  echo "   Please ensure:"
+  echo "   1. Submodules are properly initialized (git submodule init)"
+  echo "   2. Submodules are updated (git submodule update)"
+  echo "   3. You're in the correct directory"
+  echo ""
+  exit 1
+fi
+
+MAIN_BRANCH_HASH=$(cd "$SOURCE_SUBMODULE" && git rev-parse HEAD)
+if [ -z "$MAIN_BRANCH_HASH" ]; then
+  echo "❌ Error: Failed to get commit hash from .source submodule."
+  echo "   Please ensure:"
+  echo "   1. The submodule contains a valid git repository"
+  echo "   2. You have necessary permissions"
+  echo ""
+  exit 1
+fi
+echo "✅ Successfully retrieved submodule hash"
+echo "   Commit hash: $MAIN_BRANCH_HASH"
+echo ""
+
+# Step 3: Compare the hashes
+echo "🔄 Comparing repository states..."
+if [ "$MAIN_BRANCH_HASH" != "$PRIVATE_BRANCH_HASH" ]; then
+  echo "❌ Synchronization check failed!"
+  echo "   The .source submodule is out of sync with the private repository."
+  echo ""
+  echo "   Current state:"
+  echo "   - Private repo hash ($TARGET_BRANCH):  $PRIVATE_BRANCH_HASH"
+  echo "   - Submodule hash:            $MAIN_BRANCH_HASH"
+  echo ""
+  echo "   To fix this:"
+  echo "   1. Ensure the private repository's '$TARGET_BRANCH' branch is up to date"
+  echo "   2. Ensure the monorepo repository point to the '$TARGET_BRANCH' branch at the private repository"
+  echo ""
+  exit 1
+else
+  echo "✅ Success! Everything is in sync."
+  echo "   Both repositories are at commit: $MAIN_BRANCH_HASH"
+  echo ""
+fi

.github/workflows/validate-submodule-sync.yaml

@@ -0,0 +1,62 @@
+name: Validate Submodule Sync
+
+# This workflow validates submodule synchronization when PRs are opened/updated and when changes are pushed to main branches.
+# Logic:
+# 1. Triggers on PR events (open/update) and pushes to next/main/prod branches
+# 2. First checks if SUBMODULES_TOKEN secret exists
+# 3. If token exists, proceeds to validate submodule sync
+# 4. Uses a validation script to ensure submodules are properly synchronized
+
+on:
+  pull_request:
+    branches:
+      - next
+      - main
+      - prod
+    types:
+      - opened
+      - synchronize
+  push:
+    branches:
+      - next
+      - main
+      - prod
+
+jobs:
+  check_submodule_token:
+    name: Check if the secret exists or not.
+    runs-on: ubuntu-latest
+    outputs:
+      has_token: ${{ steps.secret-check.outputs.has_token }}
+    steps:
+      - name: Check if secret exists
+        id: secret-check
+        run: |
+          if [[ -n "${{ secrets.SUBMODULES_TOKEN }}" ]]; then
+            echo "::set-output name=has_token::true"
+          else
+            echo "::set-output name=has_token::false"
+          fi
+
+  validate-submodule-sync:
+    runs-on: ubuntu-latest
+    needs: [check_submodule_token]
+    if: needs.check_submodule_token.outputs.has_token == 'true'
+
+    steps:
+      - name: Checkout main repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: true
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+
+      - name: Run validation script
+        run: |
+          # Ensure the script is executable
+          chmod +x .github/workflows/scripts/validate-submodule-sync.sh
+
+          # Run the script with arguments
+          .github/workflows/scripts/validate-submodule-sync.sh ${{ github.base_ref }}
+        env:
+          SUBMODULES_TOKEN: ${{ secrets.SUBMODULES_TOKEN }}