Changelog

Integrated LiteLLM-compatible LLM proxy for AI-powered analysis directly inside the tools.

• NewHAR Analyser — AI Suggestions panel for OIDC error rows: streams analysis from a local LLM with Okta-specific troubleshooting steps
• NewHAR Analyser — 'Copy for LLM' button copies the full structured context (endpoint, params, error details) ready to paste into ChatGPT, Gemini, or Claude
• NewExtensions — AI Template Builder: chat panel (Sheet) powered by LLM to convert sample JSON into {{user.*}} / {{faker.*}} templates with iterative refinement
• NewNew API routes: /api/ai/suggest (streaming OIDC error analysis) and /api/ai/json-template (streaming JSON-to-template conversion)
• NewLLM configuration via .env.local: LLM_BASE_URL, LLM_API_KEY, LLM_MODEL — compatible with any OpenAI-compatible proxy (LiteLLM, Ollama, etc.)
• ImprovedAI prompts include structured URL params, form-body params, and parsed Okta error fields for specific (non-generic) responses

Full SCIM schema extension builder — add arbitrary attributes to user responses on the fly without modifying stored data.

• NewSchema Extensions page: create named extension schemas (URN-based), toggle per tenant, define fields
• NewFour field source types: User Property (dot-path), Random (Faker.js generator), Static value, Raw JSON (complex objects / arrays)
• NewTemplate interpolation engine: {{user.*}} and {{faker.*}} expressions inside Raw JSON string values, resolved per-request
• NewSpread mode: empty-named Raw JSON field with an object value merges its keys directly into the extension root
• NewReference card: full table of user properties with descriptions, Faker generator categories with expressions, and link to fakerjs.dev docs
• NewEnable/disable Switch per extension — uses shadcn Switch with proper ARIA role, keyboard support, and in-flight guard preventing race conditions
• ImprovedExtension config cached for 30 s server-side; cache invalidated on every write — zero overhead on normal user responses
• ImprovedBroken into individual components: constants.ts, raw-json-editor.tsx, field-row.tsx, extension-card.tsx, reference-card.tsx

Okta brand colors, icon refresh, dark mode fixes, and component-level style consistency pass.

• ImprovedPrimary color updated to Okta brand blue (#1662DD → oklch(0.54 0.20 268)) across buttons, links, active states, and focus rings
• FixedDark mode: --primary-foreground was set to a dark navy value causing unreadable text on primary buttons — corrected to near-white
• FixedDark mode: Okta SVG logo now uses dark:invert so it renders white in dark mode
• ImprovedSidebar icons refreshed: LayoutDashboard, Webhook (API), Layers (Groups), ScrollText (Logs), Puzzle (Extensions), Activity (HAR), LockKeyhole (JWE)
• ImprovedTheme toggle replaced with flat ghost icon button (Moon/Sun via resolvedTheme) — no border, hover-only highlight
• ImprovedGitHub header link matches theme toggle style — icon-only, flat, hover highlight
• ImprovedUser menu: colored avatar (deterministic from user ID), MoreHorizontal icon, userId shown in dropdown, redirects to /login on sign-out
• ImprovedGenerate Mock button uses bg-primary with correct dark mode handling; Reset button uses destructive hover style
• ImprovedAll copy buttons across the app trigger toast.success('Copied to clipboard') consistently

Full rewrite of the JWE/JWT decoder to support all key types Okta uses.

• ImprovedAuto-detects JWE (5 parts) vs JWT (3 parts) — JWTs decode without a key
• NewKey type support: RSA private (RSA-OAEP), EC private (ECDH-ES), symmetric (dir+AES), and JWKS (tries each key automatically)
• NewOutput tabs: JWE Header, JWT Header / Claims, Raw — all rendered with JsonViewer
• NewToken type badge (JWE / JWT) with algorithm info displayed in output header
• ImprovedProper jose.importJWK() usage — old code passed raw JWK objects directly which only worked by accident for some key types
• ImprovedUI redesigned to match current design patterns — header bars with icons, no messy className overrides

Brand new network traffic analysis tool inspired by Chrome DevTools, with Okta-specific intelligence.

• NewHAR file upload with drag-and-drop; parses Chrome DevTools .har exports
• NewChrome DevTools-style network table: method (colored text), status (colored text), URL, type, size, time, waterfall
• NewOIDC endpoint detection: 20+ Okta patterns (authorize, token, userinfo, JWKS, IDX…) highlighted with phase badges
• NewOkta request header detection (x-okta-*): rows highlighted with indigo badge
• NewBottom detail drawer: Headers, URL Params (OIDC only), Preview, Response, Timing tabs; resizable with drag handle
• NewURL Params tab: annotates every OIDC parameter with plain-English descriptions; decode button for base64url values (state, request, id_token)
• NewSplunk tab: fetches /.well-known/okta-organization to get org cell, builds index="{cell}*" "{requestId}" query with copy button
• NewFilter bar with URL search and type pills (All / Fetch/XHR / Doc / CSS / JS / Font / Img / OIDC)
• NewWaterfall column with proportional timing bars (TTFB + download)
• NewStatus bar showing request count, bytes transferred, total load time

Full OAuth 2.0 authorization code middleware so Okta SCIM provisioning can authenticate via your Okta org.

• NewGET /api/[userId]/oauth2/authorize — Phase 1: proxies to Okta auth server with relay-state encoding; Phase 2: relays code back to SCIM client
• NewPOST /api/[userId]/oauth2/token — exchanges authorization code with Okta using OKTA_SIGNING_CLIENT/SECRET, returns real access token
• FixedPrevious implementation used redirect() from next/navigation (wrong in route handlers) and had hardcoded Vercel URLs
• ImprovedState parameter encodes both redirect_uri AND client state as base64url JSON to survive the round-trip through Okta
• NewapiHelper: Okta JWT validation — Bearer tokens are now verified against Okta's JWKS; chain is session → stored API key → Okta JWT → 401
• ImprovedAPI page redesigned: SCIM endpoint at top, OAuth endpoint cards (method badge + URL in one row), accordion for setup steps

Log viewer improvements and a unified API configuration page.

• ImprovedLog viewer: lazy loading (20/page), load-more button, refresh, skeleton loading rows, expandable request/response with JsonViewer
• ImprovedLog viewer: method and status shown as plain colored text (blue/green/amber/red) matching HAR analyser style — no Badge components
• ImprovedLog viewer: column headers use uppercase tracking-wide pattern consistent with other tables
• NewAPI page: SCIM endpoint card at top (Server icon, teal), two OAuth endpoint cards (Zap / KeyRound icons with method badge + copyable URL)
• NewAPI page: Client credentials info card, accordion for Okta setup steps (shadcn Accordion)
• ImprovedAPI keys table: Generate New Key button moved next to table header; key rows have colored KeyRound avatar, prefix badge, formatted dates
• FixedAPI keys: revoke now uses toast confirmation (action/cancel) instead of browser confirm()

Inline editing for users and groups, richer table displays, and better mock data generation.

• ImprovedUsers table: colored initials avatar, username + UUID row, title below name, status with CheckCircle2/XCircle icons, group count badge
• NewUsers: expandable row inline editor — edit displayName, name parts, title, locale, timezone, active toggle, primary email; saves via PUT
• ImprovedGroups table: Group ID column, Users icon, member count badge, Last Modified column, hover-expand row
• NewGroups: inline member management — search box loads up to 100 users, autocomplete dropdown, hover-to-remove per member; saves via PUT
• ImprovedGroup enable/disable now syncs bidirectionally: adding/removing a member updates the user's groups[] array and vice versa
• ImprovedGenerate Mock: department-based group names, realistic user profiles (title, userType, locale, timezone), guaranteed group membership for every new user
• ImprovedDataTable: expandable rows via renderExpandedRow prop, page info 'Showing X–Y of Z', ChevronLeft/Right pagination icons

New dashboard with live tenant statistics, API health metrics, and page view tracking.

• NewDashboard: Total Users, Total Groups, Total API Calls, Active API Keys stat cards with icon avatars
• NewDashboard: API health section — success rate gauge, method breakdown bars, user active/inactive split
• NewDashboard: 7-day call volume chart (proportional bar chart using divs, no external library)
• NewDashboard: Top 5 endpoints by call count with relative bars; last 5 failed requests with status badge, path, and timestamp
• NewGET /api/[userId]/scim/v2/stats endpoint aggregates logs, users, groups, API keys, and page views in a single parallel query
• NewPOST /api/[userId]/analytics: page view tracking stored in scim_analytics table; usePageTracking() hook added to all SCIM pages
• NewDashboard: Quick Access grid linking to Users, Groups, API, Logs

Full routing restructure, new tools, and a much more coherent sidebar layout.

• NewSCIM pages moved to /scim/* routes (Dashboard, API Keys, Users, Groups, Logs); old paths redirect
• NewHome page (/) redesigned as a tools overview with SCIM Tool, HAR Analyser, JWE Decoder cards
• NewSidebar: SCIM Tool collapsible (shows sub-pages when on /scim/*), Tools section with HAR Analyser and JWE Decoder
• NewSidebar: SCIM icon navigates to /scim in collapsed mode; chevron toggle is a separate SidebarMenuAction
• ImprovedSidebar collapse state persisted via sidebar_state cookie — no re-expansion on navigation
• NewHAR Analyser page added (client-only, no auth required)
• ImprovedLogin page: custom branded card with Okta logo, error code mapping, no sidebar
• FixedMiddleware: static assets (.svg, .png, images) excluded from auth to fix Okta logo not loading on login page

Foundation: SCIM 2.0 server with Okta OIDC authentication, basic user and group management.

• NewSCIM 2.0 API: Users (GET, POST, PUT, DELETE) and Groups (GET, POST, PUT, PATCH, DELETE)
• NewOAuth2 SCIM protection: session-based (NextAuth) and API key bearer token authentication
• NewMulti-tenant architecture: all data scoped by userId from the authenticated session
• NewNextAuth v4 with Okta OIDC provider; JWT session strategy
• NewSupabase (PostgreSQL) backend: scim_users, scim_groups, scim_logs, api_keys tables
• NewRequest logging: all external SCIM calls logged with request + response data
• NewMock data generator: configurable user/group counts with Faker.js, delete-existing option
• NewJWE decoder: paste private JWK + encrypted token to decrypt and inspect claims