v2.407.7 - Nudj Platform Documentation

Medium⭐⭐⭐ Complexity

Overview

v2.407.7 focuses on improving data consistency and reducing friction in the admin interface. This release resolves issues preventing reward editors from saving changes, introduces unified cache management to eliminate stale data, and enhances MCP tool integration with automatic community context injection.

Key Changes

Admin Interface Fixes

Rich-Text Reward Configuration — Rewards configured with rich-text descriptions are now fully editable. The fix removes stale code-variant fields that were blocking saves with validation errors, even for unrelated changes like title edits. A database migration cleans up existing affected rewards. Query Cache Management — Administrators now see up-to-date data immediately after making changes. A new unified cache invalidation system ensures challenges, rewards, achievements, posts, and leaderboards refresh across all relevant list and detail views, eliminating the need for manual page refreshes. Automatic Community Context — MCP tools (challenges, rewards, leaderboards, etc.) now automatically know which community to operate on when called from within the admin panel. This reduces manual parameter passing and prevents accidental cross-community operations. Loyalty Hub Deep-Link — The Loyalty Hub setup wizard now connects directly to the theme editor for real-time customization, and future Nudges feature is marked as coming soon.

User Experience

Widget Session Security — Widget iframe session cookies now use CHIPS (Partitioned) mode for proper cross-origin isolation, improving session reliability in embedded scenarios. Environment Configuration — Shopify API credentials are now properly deployed to the dev pipeline for local testing.

Highlights for Platform Admins

Rich-Text Rewards Now Editable – Rewards with rich-text redemption instructions can be saved without validation errors, even when making simple edits
Instant Cache Updates – All admin views refresh automatically after mutations, eliminating stale data across challenges, rewards, achievements, posts, and leaderboards
Community-Aware Tools – MCP tools automatically inject active community context, reducing parameter overhead and preventing cross-community mistakes
Direct Loyalty Hub Customization – Theme setup links directly to the editor for immediate visual feedback

Technical Details

Rich-Text Reward Fix (NJ-1349)

The issue: When AI-generated or complex reward configurations contained rich-text redemption types, stale fields from the code variant (like store and prefix) were persisted to the database. The admin form’s schema validation declared these fields as undefined for rich-text variants, causing saves to fail with “Expected undefined, received string” errors. This blocked all saves, including unrelated changes. Solution:

Modified the form normalization logic to conditionally include variant-specific fields
Clear code-only fields when switching redemption types
Added migration 20260629144256-unset_store_on_noncode_rewards.ts to clean ~50 affected rewards

Cache Invalidation System (WS-567)

Previously, mutations triggered selective cache invalidation using manual query key lists across 20+ components. This led to inconsistencies and stale UI states. Solution:

Created invalidate-admin-entity-queries.ts with centralized matchers for each entity type
Matchers include all related queries: list views, detail views, distribution details, nav status
Standardized invalidation across challenges, rewards, achievements, posts, leaderboards, and more
Single source of truth reduces maintenance burden and prevents missed cache tags

Community Context in MCP Tools (NJ-1295)

Tools no longer require the client to explicitly pass communityId when operating on community-scoped resources. Behavior:

Community-scoped tools (challenges, leaderboards, rewards, etc.) auto-inject communityId from context
Non-scoped tools (reward_assets, achievements, communities list) remain unaffected
Explicit communityId in parameters is preserved (enables tool flexibility)
Tests cover all scenarios: auto-inject, explicit override, non-scoped tools, specialized tools

Widget iframe session cookies now use SameSite=None; Secure; Partitioned to comply with browser third-party cookie restrictions. Details:

Detects widget=1 in callback path to identify widget iframe scenarios
Re-issues NextAuth session token with Partitioned flag
Includes off-origin redirect defense: validates all redirects stay on-origin
Comprehensive test suite covers happy path, attacker scenarios, and edge cases

Per-App Changes

Admin App

Type: Fix
Changes:
- Rich-text reward validation fixed; rewards are now fully editable
- Unified cache invalidation system for all entities
- MCP tools auto-inject community context
- Enhanced tests for entity cache invalidation

User App

Type: Fix
Changes:
- Widget iframe session cookies use CHIPS (Partitioned)
- Cross-origin session handling improved
- Off-origin redirect defense added

Database

Type: Fix
Changes:
- New migration: 20260629144256-unset_store_on_noncode_rewards.ts cleans stale reward configs

Contributors

erek_d@me.com

2 commits · +2,989 −64

jamescockayne

2 commits · +320 −2

dch@wenudj.com

2 commits · +814 −217

solicshop@gmail.com

1 commit · +119 −2

Release Stats

Total Commits: 8
Total Changes: 38 files changed, +4,464 lines, −286 lines
Size: Medium
Complexity: ⭐⭐⭐

Released: June 30, 2026

​Overview

​Key Changes

​Admin Interface Fixes

​User Experience

​Highlights for Platform Admins

​Technical Details

​Rich-Text Reward Fix (NJ-1349)

​Cache Invalidation System (WS-567)

​Community Context in MCP Tools (NJ-1295)

​Widget Session Partitioning (NUDJ-0000)

​Per-App Changes

​Admin App

​User App

​Database

​Contributors

​Release Stats