I Shipped...

22 October 2025

a fix to eliminate critical security vulnerabilities

A number of the packages we depend on have become outdated and have security vulnerabilities. I took care of updating these packages to their latest versions and fixed the issues caused by API changes (particularly for Better Auth).

21 October 2025

an update to our ImageDefinition docs which makes it more maintainable

Our previous ImageDefinition docs were spread over four files, representing a nightmare for maintainability. I consolidated them into a single file, merging all the content and code samples together to make it easier to avoid mistakes and reduce repetition.

17 October 2025

a new Not Found page

Our previous ‘not found’ page was not particularly useful or professional. The new ‘not found’ page includes a search widget to allow users to find whatever content it was they were looking for when they landed on the ‘not found’ page.

an update to our create-jazz-app utility to ensure that only the appropriate llms-full.txt is fetched

Currently, the create-jazz-app CLI tool fetches an llms-full.txt file which contains a summary of all the content contained in the docs, regardless of framework.

However, since my previous PR got merged, we’re generating framework-specific llms-full.txt files, which will be a) smaller and b) less confusing for LLMs, so now, only the appropriate llms-full.txt gets pulled.

an update to our CLI tool to make sure that the correct llms-full.txt is fetched based on the user's framework

We’re approaching the culmination of all the work I’ve been doing to make the docs more LLM-friendly. This update to our CLI tool makes sure that only the appropriate, framework-specific variant of the llms-full.txt is fetched when a user initialises a project using our tool.

16 October 2025

enhancements to our llms.txt files

I continued developing our llms.txt files. There are three main components to this PR:\

  1. Now, if a user wants to access a markdown version of a particular docs page, they can simply append `.md` to the URL, and it will be served as markdown (this is in line with https://llmstxt.org/#proposal)
  2. Further, the content is now accessible on a framework-by-framework basis. This means that each page does not include irrelevant information relating to other frameworks.
  3. Finally, there are now framework specific llms-full.txt

14 October 2025

a new section for our docs offering performance tips for advanced users

I created a new section in our docs which covers advanced performance tips for the 20% of users who need to push harder on performance than the majority.

13 October 2025

an update to our CLI tool which adds more options

Our CLI tool allows you to get started quickly building with Jazz by running npx create-jazz-app. This update gives some more starter options to users running the CLI tool.

a new way to create invites to groups

So far, our users have been able to create invite links which target specific CoValues. But there’s no way to easily get the inviteSecret_ for processing however the user likes.

I created a couple of methods (Group.createInvite(groupId, role) and group.$jazz.createInvite(role) which allow you to manually get the secret, and process it how you like using Account.acceptInvite(). I also improved the API for acceptInvite so that if the invite is not specified, it’s assumed to be a group invitation.

12 October 2025

updates to the way we generate our docs export for LLMs to consume

Previously, our LLMs text file was done simply by searching and replacing naively.

I introduced a step where our docs are rendered out as pure markdown before they are exported. This allows us to mock specific components so we can do things like render the tabbed code group component sensibly.

9 October 2025

a fix to our homepage after an update caused overflow on basically every element, resulting in scrollbars appearing everywhere.

There was a PR which introduced a bug where buttons all had additional absolutely positioned content after them, which resulted in every section containing a button to horizontally overflow its container, resulting in unsightly scrollbars popping up all over the website. I fixed it.

an update to our CLI which makes sure that the latest docs are always fetched when a new project is initialised

We have a tool which allows you to run create-jazz-app with some options to get a new Jazz app set up. This tool was cloning a specific part of our monorepo where a static build of our docs had been copied. However, this had fallen out of date, and so we were wasting our users’ time, bandwidth, and worse, seeding their AI agents with incorrect, outdated data.

I introduced functionality to fetch the latest docs from our website to save for AIs to refer to.

8 October 2025

a fix for ugly scrollbar display when using macOS trackpads

macOS defaults to using a weird overlay scroll bar when you’re using a trackpad, which meant that the scrollbars were rendering over content, which looked ugly and unprofessional. I fixed it.

7 October 2025

some extensive changes to our navigation menu

We were starting to outgrow our existing nav structure for docs, with tens of articles and only two hierarchical levels. I extended the hierarchy to allow a third level of nesting, as well as collapsible subheadings in the nav menu.

6 October 2025

updates to the quickstart guide for authentication which illustrates how to add a recovery key using passphrase authentication

Jazz allows you to authenticate in many different ways. One way is using passkeys, and this was covered in the authentication quickstart guide I published last week. This adds an additional authentication method, passphrases, and shows how to use the two different authentication methods in conjunction to create an effective ‘recovery key’ option.

fixes for our end-to-end tests which were failing in CI due to incorrect imports caused by our test runners upgrading slowly to Node 22.19

We have some automated tests that run when we add new code to our repositories. For a while now, the end-to-end tests have been failing. I spent some time digging into the reasons for this, and fixed the tests so that they no longer fail when newer versions of Node are used to run the tests.

2 October 2025

an enhancement to our existing server-side rendering agent which allows it to be used outside of React

Our existing SSR agent was recommended for use to allow Server-Side Rendering in Next.js apps. However, I realised that the module itself is written in pure TypeScript, and there’s no good reason for it to be React-only. I modified the Svelte provider, changed the export, and updated the docs, as well as creating a small example app demonstrating how the SSR agent can be used to perform Server-Side Rendering in SvelteKit too.

30 September 2025

two quickstart guides, one for authentication and one for groups & permissions

Most of our users need basic features like authentication and collaboration in their apps, but the guides we have are currently very reference-y and not so much practical implementation guides.

I wrote one guide that covers permissions in Jazz using groups, and how to share data and collaborate on it, and a second which shows how to add passkey authentication into your app using the basic passkey UI.

This should make it easier for users to build an app with the kind of features a real-world app needs.

an improvement to our docs, consolidating our various bits of copy for 'getting an API key' into a reusable component

I created a GetAPIKey snippet which can be re-used all over the docs to have a single, consistent message regarding API keys, and allow us to simplify updating and maintaining all these references.

The snippet can also optionally display how the API key can be used.

an improvement for our existing CodeGroup component's copy function

We have a CodeGroup component which allows us to display some code with a copy button. This CodeGroup allows us to write special comments like // [!code --:1] to mark a line as ‘removed’. However, these were still being copied, resulting in inaccurate code snippets being copied when users clicked the button.

This PR removes those lines from the copied text.

29 September 2025

a fix to our passkey implementation which increases the challenge length to 20 bytes

In principle, according to the WebAuthn spec, cryptographic challenges should be at least 16 bytes long, however in our existing implementation, we had 3 bytes. Although this is technically within spec, it was causing issues for some users using third party passkey managers such as KeePassXC.

This PR builds on previous work and extends the challenge length to 20 bytes.

a fix to the discriminated union docs to make it clearer what operations we do and don't support

Due to various challenges with TypeScript generics, we can’t make the $jazz.ensureLoaded, $jazz.set and $jazz.subscribe methods typesafe on discriminated unions. This was causing warnings for one of our adopters in their project.

Although this was previously covered in the docs, it was hidden towards the bottom of the page.

This PR makes it clearer and more prominent.

an option for the Svelte provider which allows users to pass a configuration option identifying their credentials

By default, all credentials are stored under jazz but this makes it impossible to avoid namespace clashes (for example, if you have multiple apps running on the same domain, or in case you want to do local development of more than one Jazz app at a time.

This PR extends on work that was already done to add an option to the Svelte provider, allowing users to specify the prefix under which their credentials will be stored.

25 September 2025

documentation of a couple of TypeScript options that Jazz doesn't work well with.

When users try to build their applications, TypeScript will compile Jazz as part of their dependencies. However, there are a couple of options that Jazz doesn’t currently work well with. This PR makes it clear to users what options need to be set for compilation to work properly.

an enhanced and completely reworked version of the Subscriptions & Deep Loading article

Our documentation on how to subscribe to CoValues and load them deeply was complex and difficult to reason about. I simplified, consolidated the examples, and created new illustrative content to make it clearer and easier to understand for users of varying knowledge levels.

23 September 2025

an update to the docs encouraging users to sign up for API keys rather than using their email address

We launched our cloud dashboard recently, allowing users to sign up for API keys rather than using their email address. However, across all of our docs, we had verbiage that users should use their email as a temporary API key.

This PR addresses that by changing the wording to drive traffic to our dashboard instead of recommending email addresses.

22 September 2025

a fix for the responsive image component to avoid an ugly flash of alt text

We have a component in React, React Native and Svelte which can be used to display images with progressive sizes. Although we have an option to show a placeholder, and loading this is normally fast, in case there is a slower load (e.g. network issue, etc.), then there is a flash where the browser’s default placeholder will be displayed (normally just the alt text of the image).

This PR fixes that by instead setting the image to a transparent single pixel (which gets stretched as needed to fit the image based on the size needed by the user). Instead of getting a flash of alt text, nothing will display instead, until the Image Definition is loaded, at which point the default behaviour (show the placeholder or the alt text) will kick in.

18 September 2025

quickstart guides for React, Svelte and Server Workers for Jazz

Previously, users who wanted to get started with Jazz could either use the command line tool to scaffold a project, or they could work through an installation tutorial which covers the practical side of getting Jazz added to an app, but doesn’t guide folks to an ‘ah ha!’ moment.

I wrote a quickstart guide which works for both React and Svelte, and added a follow up which shows how to use Jazz on the server with a worker. These guides will help users understand the core concepts of Jazz.

16 September 2025

a small docs update to clarify how to use recursive references.

Our existing docs explained how to use getters to recursively reference schemas, but weren’t very clear about how to avoid ReferenceErrors caused by schemas creating circular references which resulted in references being evaluated while they were still in the temporal dead zone.

I added some additional keywords and explanation to help folks find these docs more easily when they’re searching, as well as explaining the use cases in a bit more detail.

12 September 2025

an update to the Svelte InviteListener so that it listens to hash change events.

Web pages often have ‘links’ that can change part of the page without reloading the whole thing. These changes sometimes show different content depending on the link. In Jazz, we can invite people to collaborate on data using links, and we need to notice when someone follows a link.

Previously, the code that checks the URL for invitations only checked once — when the component first appeared on the page. That worked if the person opened the page fresh, but it wouldn’t notice if the URL changed later (for example, if someone clicked a link that added extra info to the URL, called a ‘hash’).

What I did was adjust the code so it also watches for changes to that part of the URL — the hash — so it reacts immediately whenever someone follows a link, not just on page load. That way, no invitation is missed, no matter how the user navigates.