=== BUG REPRODUCTION KIT ===

Bug title: Blank dashboard after login for some users

Original report: “Some users report that the dashboard is blank after they log in. It does not happen for everyone.”

Bug category: Frontend UI bug, authentication/session bug, permissions bug, data loading bug, intermittent or segment-specific bug

Severity: High

Reason: The dashboard is a core post-login experience. If users cannot see it, they may be blocked from using the product.

Priority: P1

Affected area: Post-login dashboard, dashboard API calls, authentication state, user permissions, frontend rendering, empty states

Known information:

• The dashboard appears blank after login.
• The issue affects some users, not all users.
• The issue happens after authentication.
• The affected user segment is not yet known.

Missing information:

• Which roles are affected?
• Which plans are affected?
• Which browsers/devices are affected?
• Is the page completely white or is the dashboard shell visible?
• Are there console errors?
• Are dashboard API requests returning 401, 403, 500, or empty data?
• Did this start after a recent deployment?
• Does refreshing the page fix it?
• Are feature flags or experiments involved?

Expected behavior: After login, users should see the dashboard shell, navigation, widgets, loading states if needed, and either real data or a helpful empty state.

Actual behavior: Some users see a blank dashboard after login.

Reproduction hypotheses:

1. A frontend render error occurs when dashboard data contains null or unexpected fields. Confidence: High

2. A permissions mismatch causes the dashboard API to return 403 for certain roles, and the frontend does not show an error state. Confidence: Medium to high

3. A feature flag or plan configuration hides all dashboard widgets and leaves no empty state. Confidence: Medium

4. A stale or expired session causes dashboard data requests to fail immediately after login. Confidence: Medium

5. Older migrated accounts are missing required dashboard data. Confidence: Medium

Environment matrix:

• Environment: production, staging
• User role: owner, admin, member, viewer
• Account plan: free, paid, enterprise
• Account age: new account, older migrated account
• Browser: Chrome, Safari, Firefox, Edge
• Device: desktop, tablet, mobile
• Auth state: fresh login, refreshed session, expired session
• Feature flags: dashboard redesign enabled/disabled
• Data state: no projects, many projects, missing profile data

Primary reproduction path:

1. Open staging with a test account matching an affected user segment.
2. Log out fully and clear session storage/cookies if safe.
3. Log in with the test account.
4. Observe whether the dashboard shell appears.
5. Open browser developer tools.
6. Check console errors.
7. Check network requests for dashboard APIs.
8. Record response statuses and sanitized response shapes.
9. Repeat with owner, admin, member, and viewer roles.
10. Repeat with a new account, empty account, and older migrated account.

Evidence to collect:

• Affected user role and plan
• Browser, device, and OS
• Timestamp
• Screenshot or screen recording
• Console errors with secrets removed
• Network status codes for dashboard API requests
• Request ID for failed API calls
• Sanitized response shape
• Recent deployment or feature flag changes
• Whether refresh fixes the issue

Logging plan: Add safe logging around dashboard API requests, auth middleware, and frontend error boundaries.

Log:

• request ID
• hashed user ID
• user role
• plan type
• route name
• response status
• sanitized error code
• feature flag state
• timestamp

Do not log: passwords, raw tokens, cookies, API keys, private user content, or unnecessary personal data.

Likely root causes:

1. Unhandled null or unexpected dashboard data causing a frontend crash
2. Permission or role mismatch causing API failure
3. Missing empty state for users with no dashboard records
4. Feature flag combination hiding all widgets
5. Migration issue affecting older accounts
6. Session refresh issue after login

Test plan: Unit tests:

• Dashboard widgets handle null, empty, and partial data.
• Role and plan visibility rules return expected widget sets.
• Empty state appears when no dashboard data exists.

Integration tests:

• Dashboard API returns valid data for owner, admin, member, and viewer roles.
• Unauthorized users receive safe error responses.
• Migrated accounts return valid dashboard payloads.

E2E tests:

• Login redirects to dashboard successfully.
• Dashboard renders for each role and plan.
• Dashboard shows empty state for new accounts.
• Dashboard shows error state when API fails.
• Feature flag combinations do not create a blank page.

AI coding agent prompt: Investigate a SaaS dashboard bug where some users see a blank dashboard immediately after login. Do not rewrite the dashboard broadly. First inspect dashboard rendering, dashboard API calls, auth/session handling, role and plan permissions, feature flags, empty states, and frontend error boundaries. Identify whether the blank page is caused by frontend render failure, failed API response, missing data, permissions mismatch, migrated account data, or feature flag configuration. Add or describe failing tests for the affected scenario. Make the smallest safe fix. Do not log passwords, raw tokens, cookies, API keys, private user content, or unnecessary personal data. Verify that the dashboard renders for owner, admin, member, viewer, new accounts, empty accounts, and migrated accounts. Return root cause, files changed, fix summary, tests added or run, verification checklist, and remaining risks.

Fix verification checklist:

• Affected users can log in and see dashboard content or a helpful empty state.
• No blank dashboard appears.
• Console has no render-blocking errors.
• Dashboard API responses are handled safely.
• 401/403/500 responses show useful error states.
• New accounts show empty state.
• Older migrated accounts render correctly.
• Role permissions remain correct.
• Feature flag combinations do not hide all content.
• Regression tests pass.
• No sensitive data is logged.

Regression prevention plan:

• Add dashboard smoke test after login.
• Add role-based dashboard integration tests.
• Add empty-state tests.
• Add frontend error boundary monitoring.
• Add feature flag combination tests.
• Add migration validation for dashboard-required fields.
• Add release checklist item for post-login dashboard rendering.

Risk and safety notes: Because this bug may involve authentication, permissions, and user-specific data, use sanitized logs, non-production test accounts when possible, and human review before changing access-control logic.