@bonginkan/maria 4.3.31 → 4.3.33

package/dist/server/express-server.js

@@ -5158,22 +5158,22 @@ var init_from = __esm({
     init_file();
     init_fetch_blob();
     ({ stat } = fs.promises);
-    blobFromSync = (path3, type) => fromBlob(fs.statSync(path3), path3, type);
-    blobFrom = (path3, type) => stat(path3).then((stat2) => fromBlob(stat2, path3, type));
-    fileFrom = (path3, type) => stat(path3).then((stat2) => fromFile(stat2, path3, type));
-    fileFromSync = (path3, type) => fromFile(fs.statSync(path3), path3, type);
-    fromBlob = (stat2, path3, type = "") => new fetch_blob_default([new BlobDataItem({
-      path: path3,
+    blobFromSync = (path4, type) => fromBlob(fs.statSync(path4), path4, type);
+    blobFrom = (path4, type) => stat(path4).then((stat2) => fromBlob(stat2, path4, type));
+    fileFrom = (path4, type) => stat(path4).then((stat2) => fromFile(stat2, path4, type));
+    fileFromSync = (path4, type) => fromFile(fs.statSync(path4), path4, type);
+    fromBlob = (stat2, path4, type = "") => new fetch_blob_default([new BlobDataItem({
+      path: path4,
       size: stat2.size,
       lastModified: stat2.mtimeMs,
       start: 0
     })], { type });
-    fromFile = (stat2, path3, type = "") => new file_default([new BlobDataItem({
-      path: path3,
+    fromFile = (stat2, path4, type = "") => new file_default([new BlobDataItem({
+      path: path4,
       size: stat2.size,
       lastModified: stat2.mtimeMs,
       start: 0
-    })], path.basename(path3), { type, lastModified: stat2.mtimeMs });
+    })], path.basename(path4), { type, lastModified: stat2.mtimeMs });
     BlobDataItem = class _BlobDataItem {
       #path;
       #start;
@@ -6844,11 +6844,11 @@ function getRateLimitConfig(endpoint, plan) {
   const key = `${endpoint}:${plan.toUpperCase()}`;
   return RATE_LIMITS[key] || RATE_LIMITS.default;
 }
-function getEndpointCategory(path3) {
-  if (path3.includes("/image")) return "/image";
-  if (path3.includes("/video")) return "/video";
-  if (path3.includes("/code")) return "/code";
-  if (path3.includes("/chat")) return "/chat";
+function getEndpointCategory(path4) {
+  if (path4.includes("/image")) return "/image";
+  if (path4.includes("/video")) return "/video";
+  if (path4.includes("/code")) return "/code";
+  if (path4.includes("/chat")) return "/chat";
   return "default";
 }
 async function rateLimitMiddleware(req, res, next) {
@@ -8580,11 +8580,921 @@ I can still help summarize, clarify, or suggest next steps. Try again in a momen
   }
 };
 var IMSFacade_default = IMSFacade;
+var DEFAULT_STATE = {
+  events: {},
+  customers: {},
+  subscriptions: {},
+  invoices: {},
+  entitlements: {},
+  usage: {}
+};
+var SubscriptionStore = class {
+  filePath;
+  state = null;
+  loadPromise = null;
+  queue = Promise.resolve();
+  constructor(filePath) {
+    this.filePath = filePath ?? path__namespace.default.resolve(process.cwd(), "data", "subscription-state.json");
+  }
+  async ensureLoaded() {
+    if (this.state) {
+      return;
+    }
+    if (!this.loadPromise) {
+      this.loadPromise = this.loadStateFromDisk();
+    }
+    await this.loadPromise;
+  }
+  async loadStateFromDisk() {
+    try {
+      const raw = await fsp__namespace.default.readFile(this.filePath, "utf8");
+      const parsed = JSON.parse(raw);
+      this.state = {
+        events: parsed.events ?? {},
+        customers: parsed.customers ?? {},
+        subscriptions: parsed.subscriptions ?? {},
+        invoices: parsed.invoices ?? {},
+        entitlements: parsed.entitlements ?? {},
+        usage: parsed.usage ?? {}
+      };
+    } catch (error) {
+      if (error?.code === "ENOENT") {
+        this.state = { ...DEFAULT_STATE };
+        await this.persist();
+        return;
+      }
+      throw error;
+    }
+  }
+  async persist() {
+    if (!this.state) {
+      return;
+    }
+    const directory = path__namespace.default.dirname(this.filePath);
+    await fsp__namespace.default.mkdir(directory, { recursive: true });
+    const payload = JSON.stringify(this.state, null, 2);
+    await fsp__namespace.default.writeFile(this.filePath, payload, "utf8");
+  }
+  runExclusive(task) {
+    const result = this.queue.then(task);
+    this.queue = result.then(() => void 0).catch(() => void 0);
+    return result;
+  }
+  async markEventReceived(event) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const existing = state.events[event.id];
+      if (!existing) {
+        state.events[event.id] = {
+          id: event.id,
+          type: event.type,
+          status: "received",
+          receivedAt: now,
+          stripeCreatedAt: event.created ? new Date(event.created * 1e3).toISOString() : void 0
+        };
+        await this.persist();
+        return "new";
+      }
+      if (existing.status === "processed") {
+        return "duplicate";
+      }
+      state.events[event.id] = {
+        ...existing,
+        type: event.type,
+        status: existing.status === "failed" ? "received" : existing.status,
+        receivedAt: existing.receivedAt ?? now
+      };
+      await this.persist();
+      return "pending";
+    });
+  }
+  async markEventProcessed(eventId) {
+    await this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const state = this.state;
+      const existing = state.events[eventId];
+      if (!existing) {
+        return;
+      }
+      state.events[eventId] = {
+        ...existing,
+        status: "processed",
+        processedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        error: void 0
+      };
+      await this.persist();
+    });
+  }
+  async markEventFailed(eventId, error) {
+    await this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const state = this.state;
+      const existing = state.events[eventId];
+      if (!existing) {
+        return;
+      }
+      state.events[eventId] = {
+        ...existing,
+        status: "failed",
+        error: error instanceof Error ? error.message : String(error)
+      };
+      await this.persist();
+    });
+  }
+  async upsertCustomer(record) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const existing = state.customers[record.id];
+      const createdAt = existing?.createdAt ?? record.createdAt ?? now;
+      const nextRecord = {
+        id: record.id,
+        uid: record.uid ?? existing?.uid,
+        email: record.email ?? existing?.email,
+        metadata: {
+          ...existing?.metadata ?? {},
+          ...record.metadata ?? {}
+        },
+        createdAt,
+        updatedAt: record.updatedAt ?? now
+      };
+      state.customers[record.id] = nextRecord;
+      await this.persist();
+      return nextRecord;
+    });
+  }
+  async getCustomer(customerId) {
+    await this.ensureLoaded();
+    const state = this.state;
+    const record = state.customers[customerId];
+    return record ? { ...record, metadata: record.metadata ? { ...record.metadata } : void 0 } : void 0;
+  }
+  async upsertSubscription(record) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const existing = state.subscriptions[record.id];
+      const createdAt = existing?.createdAt ?? record.createdAt ?? now;
+      const nextRecord = {
+        id: record.id,
+        customerId: record.customerId,
+        uid: record.uid ?? existing?.uid,
+        status: record.status,
+        planId: record.planId,
+        pendingPlanId: record.pendingPlanId !== void 0 ? record.pendingPlanId : existing?.pendingPlanId ?? null,
+        pendingPlanEffectiveAt: record.pendingPlanEffectiveAt !== void 0 ? record.pendingPlanEffectiveAt : existing?.pendingPlanEffectiveAt ?? null,
+        cancelAt: record.cancelAt ?? null,
+        cancelAtPeriodEnd: record.cancelAtPeriodEnd ?? false,
+        canceledAt: record.canceledAt ?? null,
+        currentPeriodStart: record.currentPeriodStart,
+        currentPeriodEnd: record.currentPeriodEnd,
+        trialEnd: record.trialEnd ?? null,
+        latestInvoiceId: record.latestInvoiceId ?? existing?.latestInvoiceId,
+        latestInvoiceStatus: record.latestInvoiceStatus ?? existing?.latestInvoiceStatus,
+        latestInvoiceAmount: record.latestInvoiceAmount ?? existing?.latestInvoiceAmount,
+        metadata: {
+          ...existing?.metadata ?? {},
+          ...record.metadata ?? {}
+        },
+        createdAt,
+        updatedAt: record.updatedAt ?? now
+      };
+      state.subscriptions[record.id] = nextRecord;
+      await this.persist();
+      return nextRecord;
+    });
+  }
+  async getSubscription(subscriptionId) {
+    await this.ensureLoaded();
+    const state = this.state;
+    const record = state.subscriptions[subscriptionId];
+    if (!record) {
+      return void 0;
+    }
+    return {
+      ...record,
+      metadata: record.metadata ? { ...record.metadata } : void 0
+    };
+  }
+  async findSubscriptionByCustomer(customerId) {
+    await this.ensureLoaded();
+    const state = this.state;
+    return Object.values(state.subscriptions).find((sub) => sub.customerId === customerId);
+  }
+  async recordInvoice(record) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const state = this.state;
+      state.invoices[record.id] = { ...record };
+      await this.persist();
+      return state.invoices[record.id];
+    });
+  }
+  async setEntitlements(uid, planId, features) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const record = {
+        uid,
+        planId,
+        features: [...features],
+        updatedAt: now
+      };
+      state.entitlements[uid] = record;
+      await this.persist();
+      return record;
+    });
+  }
+  async setUsage(params) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const key = `${params.uid}:${params.periodId}`;
+      const existing = state.usage[key];
+      const used = existing?.used ?? {
+        requests: 0,
+        tokens: 0,
+        code: 0,
+        attachment: 0
+      };
+      const remaining = {
+        requests: Math.max(0, params.limits.requests - used.requests),
+        tokens: Math.max(0, params.limits.tokens - used.tokens),
+        code: Math.max(0, params.limits.code - used.code),
+        attachment: Math.max(0, params.limits.attachment - used.attachment)
+      };
+      const record = {
+        uid: params.uid,
+        planId: params.planId,
+        periodId: params.periodId,
+        limits: { ...params.limits },
+        used,
+        remaining,
+        createdAt: existing?.createdAt ?? now,
+        updatedAt: now
+      };
+      state.usage[key] = record;
+      await this.persist();
+      return record;
+    });
+  }
+  async getUsage(uid, periodId) {
+    await this.ensureLoaded();
+    const key = `${uid}:${periodId}`;
+    const record = this.state.usage[key];
+    if (!record) {
+      return void 0;
+    }
+    return {
+      ...record,
+      limits: { ...record.limits },
+      used: { ...record.used },
+      remaining: { ...record.remaining }
+    };
+  }
+  async getEntitlements(uid) {
+    await this.ensureLoaded();
+    const record = this.state.entitlements[uid];
+    if (!record) {
+      return void 0;
+    }
+    return {
+      ...record,
+      features: [...record.features]
+    };
+  }
+  async snapshot() {
+    await this.ensureLoaded();
+    const state = this.state;
+    return JSON.parse(JSON.stringify(state));
+  }
+};
+var subscription_store_default = SubscriptionStore;
+var PLAN_PRIORITY = {
+  free: 0,
+  starter: 1,
+  pro: 2,
+  ultra: 3
+};
+var PLAN_CONFIG = {
+  free: {
+    entitlements: [
+      "core.cli.basic",
+      "ai.chat.basic",
+      "usage.metrics.basic"
+    ],
+    quota: {
+      requests: 100,
+      tokens: 5e4,
+      code: 30,
+      attachment: 10
+    }
+  },
+  starter: {
+    entitlements: [
+      "core.cli.basic",
+      "ai.chat.basic",
+      "ai.chat.priority",
+      "usage.metrics.expanded",
+      "workspace.multi-device"
+    ],
+    quota: {
+      requests: 500,
+      tokens: 25e4,
+      code: 200,
+      attachment: 50
+    }
+  },
+  pro: {
+    entitlements: [
+      "core.cli.basic",
+      "ai.chat.priority",
+      "ai.code.advanced",
+      "orchestrator.code",
+      "usage.metrics.expanded",
+      "workspace.multi-device",
+      "api.webhooks"
+    ],
+    quota: {
+      requests: 2e3,
+      tokens: 1e6,
+      code: 1e3,
+      attachment: 200
+    }
+  },
+  ultra: {
+    entitlements: [
+      "core.cli.basic",
+      "ai.chat.priority",
+      "ai.code.advanced",
+      "orchestrator.code",
+      "orchestrator.media",
+      "monitoring.analytics",
+      "api.webhooks",
+      "support.priority"
+    ],
+    quota: {
+      requests: 1e4,
+      tokens: 5e6,
+      code: 5e3,
+      attachment: 1e3
+    }
+  }
+};
+var PLAN_ALIAS_MAP = {
+  starterannual: "starter",
+  "starter-annual": "starter",
+  "starter_yearly": "starter",
+  "starter-yearly": "starter",
+  starteryearly: "starter",
+  proannual: "pro",
+  "pro-annual": "pro",
+  "pro_yearly": "pro",
+  "pro-yearly": "pro",
+  proyearly: "pro",
+  ultraannual: "ultra",
+  "ultra-annual": "ultra",
+  "ultra_yearly": "ultra",
+  "ultra-yearly": "ultra",
+  ultrayearly: "ultra"
+};
+function sanitizeKey(value) {
+  return value.trim().toLowerCase().replace(/[^a-z0-9-]/g, "");
+}
+function toIso(timestamp) {
+  if (!timestamp) {
+    return null;
+  }
+  return new Date(timestamp * 1e3).toISOString();
+}
+function formatPeriodId(date) {
+  const instance = typeof date === "number" ? new Date(date) : date;
+  const year = instance.getUTCFullYear();
+  const month = String(instance.getUTCMonth() + 1).padStart(2, "0");
+  return `${year}${month}`;
+}
+function extractId(value) {
+  if (!value) {
+    return void 0;
+  }
+  if (typeof value === "string") {
+    return value;
+  }
+  return value.id ?? void 0;
+}
+function extractMetadataPlan(metadata) {
+  if (!metadata) {
+    return void 0;
+  }
+  const keys = ["planId", "plan_id", "plan", "plan-id", "plan_name"];
+  for (const key of keys) {
+    const value = metadata[key];
+    if (value && value.trim()) {
+      return value.trim();
+    }
+  }
+  return void 0;
+}
+function extractUidFromMetadata(metadata) {
+  if (!metadata) {
+    return void 0;
+  }
+  const keys = ["uid", "userId", "user_id", "customer_uid"];
+  for (const key of keys) {
+    const value = metadata[key];
+    if (value && value.trim()) {
+      return value.trim();
+    }
+  }
+  return void 0;
+}
+var StripeWebhookService = class {
+  secret;
+  toleranceSeconds;
+  store;
+  pricePlanMap = /* @__PURE__ */ new Map();
+  productPlanMap = /* @__PURE__ */ new Map();
+  constructor(options) {
+    if (!options.secret) {
+      throw new Error("Stripe webhook secret must be provided");
+    }
+    this.secret = options.secret;
+    this.toleranceSeconds = options.toleranceSeconds ?? 300;
+    this.store = options.store ?? new subscription_store_default();
+    this.registerEnvPlanMappings();
+    if (options.priceIdMap) {
+      for (const [id, plan] of Object.entries(options.priceIdMap)) {
+        this.pricePlanMap.set(sanitizeKey(id), plan);
+      }
+    }
+    if (options.productIdMap) {
+      for (const [id, plan] of Object.entries(options.productIdMap)) {
+        this.productPlanMap.set(sanitizeKey(id), plan);
+      }
+    }
+  }
+  verifySignature(rawBody, signatureHeader) {
+    if (!signatureHeader) {
+      throw new Error("Stripe signature header is missing");
+    }
+    const header = Array.isArray(signatureHeader) ? signatureHeader.join(",") : signatureHeader;
+    const { timestamp, signatures } = this.parseSignatureHeader(header);
+    if (!timestamp || signatures.length === 0) {
+      throw new Error("Stripe signature header is invalid");
+    }
+    const timestampSeconds = Number(timestamp);
+    if (!Number.isFinite(timestampSeconds)) {
+      throw new Error("Stripe signature timestamp is invalid");
+    }
+    const nowSeconds = Math.floor(Date.now() / 1e3);
+    if (Math.abs(nowSeconds - timestampSeconds) > this.toleranceSeconds) {
+      throw new Error("Stripe signature timestamp outside of tolerance window");
+    }
+    const signedPayload = `${timestamp}.${rawBody.toString("utf8")}`;
+    const expected = crypto.createHmac("sha256", this.secret).update(signedPayload).digest("hex");
+    const expectedBuffer = Buffer.from(expected, "hex");
+    const isValid = signatures.some((signature) => {
+      const signatureBuffer = Buffer.from(signature, "hex");
+      if (signatureBuffer.length !== expectedBuffer.length) {
+        return false;
+      }
+      return crypto.timingSafeEqual(signatureBuffer, expectedBuffer);
+    });
+    if (!isValid) {
+      throw new Error("Stripe signature verification failed");
+    }
+  }
+  parseEvent(rawBody) {
+    try {
+      const parsed = JSON.parse(rawBody.toString("utf8"));
+      if (!parsed || typeof parsed !== "object" || !parsed.id || !parsed.type) {
+        throw new Error("Invalid event payload");
+      }
+      return parsed;
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Unknown error";
+      throw new Error(`Failed to parse Stripe event payload: ${message}`);
+    }
+  }
+  async processEvent(event) {
+    const receipt = await this.store.markEventReceived({
+      id: event.id,
+      type: event.type,
+      created: event.created
+    });
+    if (receipt === "duplicate") {
+      return;
+    }
+    try {
+      switch (event.type) {
+        case "checkout.session.completed":
+          await this.handleCheckoutSession(event);
+          break;
+        case "customer.subscription.created":
+          await this.handleSubscriptionCreated(event);
+          break;
+        case "customer.subscription.updated":
+          await this.handleSubscriptionUpdated(event);
+          break;
+        case "customer.subscription.deleted":
+          await this.handleSubscriptionDeleted(event);
+          break;
+        case "invoice.payment_succeeded":
+          await this.handleInvoicePayment(event, true);
+          break;
+        case "invoice.payment_failed":
+          await this.handleInvoicePayment(event, false);
+          break;
+        default:
+          console.info(`Unhandled Stripe event type: ${event.type}`);
+      }
+      await this.store.markEventProcessed(event.id);
+    } catch (error) {
+      await this.store.markEventFailed(event.id, error);
+      throw error;
+    }
+  }
+  parseSignatureHeader(signatureHeader) {
+    const parts = signatureHeader.split(",");
+    let timestamp;
+    const signatures = [];
+    for (const part of parts) {
+      const [key, value] = part.trim().split("=");
+      if (key === "t") {
+        timestamp = value;
+      } else if (key.startsWith("v")) {
+        signatures.push(value);
+      }
+    }
+    return { timestamp, signatures };
+  }
+  registerEnvPlanMappings() {
+    const mapping = [
+      [process.env.STRIPE_PRICE_STARTER, "starter"],
+      [process.env.STRIPE_PRICE_STARTER_ANNUAL, "starter"],
+      [process.env.STRIPE_PRICE_PRO, "pro"],
+      [process.env.STRIPE_PRICE_PRO_ANNUAL, "pro"],
+      [process.env.STRIPE_PRICE_ULTRA, "ultra"],
+      [process.env.STRIPE_PRICE_ULTRA_ANNUAL, "ultra"]
+    ];
+    mapping.forEach(([id, plan]) => {
+      if (id && id.trim()) {
+        this.pricePlanMap.set(sanitizeKey(id), plan);
+      }
+    });
+    const productMapping = [
+      [process.env.STRIPE_PRODUCT_STARTER, "starter"],
+      [process.env.STRIPE_PRODUCT_PRO, "pro"],
+      [process.env.STRIPE_PRODUCT_ULTRA, "ultra"]
+    ];
+    productMapping.forEach(([id, plan]) => {
+      if (id && id.trim()) {
+        this.productPlanMap.set(sanitizeKey(id), plan);
+      }
+    });
+  }
+  normalizePlanId(planId) {
+    if (!planId) {
+      return "free";
+    }
+    const key = sanitizeKey(planId);
+    if (PLAN_CONFIG[key]) {
+      return key;
+    }
+    const alias = PLAN_ALIAS_MAP[key];
+    if (alias) {
+      return alias;
+    }
+    return "free";
+  }
+  resolvePlanFromSubscription(subscription) {
+    const metadataPlan = extractMetadataPlan(subscription.metadata);
+    if (metadataPlan) {
+      return this.normalizePlanId(metadataPlan);
+    }
+    const items = subscription.items?.data ?? [];
+    for (const item of items) {
+      const itemMetadataPlan = extractMetadataPlan(item.metadata);
+      if (itemMetadataPlan) {
+        return this.normalizePlanId(itemMetadataPlan);
+      }
+      const priceMetadataPlan = extractMetadataPlan(item.price?.metadata);
+      if (priceMetadataPlan) {
+        return this.normalizePlanId(priceMetadataPlan);
+      }
+      const planMetadataPlan = extractMetadataPlan(item.plan?.metadata);
+      if (planMetadataPlan) {
+        return this.normalizePlanId(planMetadataPlan);
+      }
+      const priceId = item.price?.id;
+      if (priceId) {
+        const mapped = this.pricePlanMap.get(sanitizeKey(priceId));
+        if (mapped) {
+          return mapped;
+        }
+      }
+      const productId = extractId(item.price?.product ?? item.plan?.product ?? null);
+      if (productId) {
+        const mapped = this.productPlanMap.get(sanitizeKey(productId));
+        if (mapped) {
+          return mapped;
+        }
+      }
+      const nickname = item.price?.nickname;
+      if (nickname) {
+        const candidate = this.normalizePlanId(nickname);
+        if (candidate !== "free") {
+          return candidate;
+        }
+      }
+    }
+    return "free";
+  }
+  getPlanConfig(planId) {
+    return PLAN_CONFIG[planId] ?? PLAN_CONFIG.free;
+  }
+  async applyPlanEntitlements(uid, planId, subscription, overridePeriod) {
+    const config = this.getPlanConfig(planId);
+    await this.store.setEntitlements(uid, planId, config.entitlements);
+    const periodStart = overridePeriod?.start ?? subscription?.current_period_start;
+    overridePeriod?.end ?? subscription?.current_period_end;
+    const periodId = periodStart ? formatPeriodId(new Date(periodStart * 1e3)) : formatPeriodId(Date.now());
+    await this.store.setUsage({
+      uid,
+      planId,
+      periodId,
+      limits: config.quota
+    });
+  }
+  comparePlanPriority(a, b) {
+    return PLAN_PRIORITY[a] - PLAN_PRIORITY[b];
+  }
+  async resolveUid(customerId, ...metadataSources) {
+    for (const metadata of metadataSources) {
+      const uidFromMetadata = extractUidFromMetadata(metadata);
+      if (uidFromMetadata) {
+        return uidFromMetadata;
+      }
+    }
+    if (customerId) {
+      const customer = await this.store.getCustomer(customerId);
+      return customer?.uid;
+    }
+    return void 0;
+  }
+  async handleCheckoutSession(event) {
+    const session = event.data.object;
+    const customerId = extractId(session.customer ?? null);
+    const uid = await this.resolveUid(customerId, session.metadata);
+    if (!customerId) {
+      console.warn("checkout.session.completed received without customer id", { sessionId: session.id });
+      return;
+    }
+    const metadata = {};
+    if (session.metadata) {
+      for (const [key, value] of Object.entries(session.metadata)) {
+        if (typeof value === "string") {
+          metadata[key] = value;
+        }
+      }
+    }
+    await this.store.upsertCustomer({
+      id: customerId,
+      uid,
+      email: session.customer_email ?? void 0,
+      metadata: {
+        ...metadata,
+        lastCheckoutSessionId: session.id,
+        lastCheckoutMode: session.mode ?? void 0
+      }
+    });
+  }
+  async handleSubscriptionCreated(event) {
+    const subscription = event.data.object;
+    const customerId = extractId(subscription.customer);
+    if (!customerId) {
+      throw new Error(`Subscription ${subscription.id} missing customer id`);
+    }
+    const planId = this.resolvePlanFromSubscription(subscription);
+    const uid = await this.resolveUid(customerId, subscription.metadata);
+    const customerRecord = {
+      id: customerId,
+      uid,
+      email: typeof subscription.customer === "object" ? subscription.customer.email ?? void 0 : void 0,
+      metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    await this.store.upsertCustomer(customerRecord);
+    await this.store.upsertSubscription({
+      id: subscription.id,
+      customerId,
+      uid,
+      status: subscription.status,
+      planId,
+      pendingPlanId: null,
+      pendingPlanEffectiveAt: null,
+      cancelAt: toIso(subscription.cancel_at),
+      cancelAtPeriodEnd: subscription.cancel_at_period_end ?? false,
+      canceledAt: toIso(subscription.canceled_at),
+      currentPeriodStart: toIso(subscription.current_period_start) ?? (/* @__PURE__ */ new Date()).toISOString(),
+      currentPeriodEnd: toIso(subscription.current_period_end) ?? (/* @__PURE__ */ new Date()).toISOString(),
+      trialEnd: toIso(subscription.trial_end),
+      metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0
+    });
+    if (uid) {
+      await this.applyPlanEntitlements(uid, planId, subscription);
+    }
+  }
+  async handleSubscriptionUpdated(event) {
+    const subscription = event.data.object;
+    const customerId = extractId(subscription.customer);
+    if (!customerId) {
+      throw new Error(`Subscription ${subscription.id} missing customer id`);
+    }
+    const existing = await this.store.getSubscription(subscription.id);
+    const resolvedPlan = this.resolvePlanFromSubscription(subscription);
+    const uid = await this.resolveUid(customerId, subscription.metadata, existing?.metadata);
+    const planChange = existing ? this.comparePlanPriority(resolvedPlan, existing.planId) : 0;
+    let effectivePlan = resolvedPlan;
+    let pendingPlan = existing?.pendingPlanId ?? null;
+    let pendingEffectiveAt = existing?.pendingPlanEffectiveAt ?? null;
+    if (existing) {
+      if (planChange < 0) {
+        effectivePlan = existing.planId;
+        pendingPlan = resolvedPlan;
+        pendingEffectiveAt = toIso(subscription.current_period_end) ?? toIso(subscription.cancel_at) ?? existing.currentPeriodEnd;
+      } else {
+        pendingPlan = null;
+        pendingEffectiveAt = null;
+        if (planChange > 0 && uid) {
+          await this.applyPlanEntitlements(uid, resolvedPlan, subscription);
+        }
+      }
+    } else if (uid) {
+      await this.applyPlanEntitlements(uid, resolvedPlan, subscription);
+    }
+    await this.store.upsertSubscription({
+      id: subscription.id,
+      customerId,
+      uid,
+      status: subscription.status,
+      planId: effectivePlan,
+      pendingPlanId: pendingPlan,
+      pendingPlanEffectiveAt: pendingEffectiveAt,
+      cancelAt: toIso(subscription.cancel_at),
+      cancelAtPeriodEnd: subscription.cancel_at_period_end ?? false,
+      canceledAt: toIso(subscription.canceled_at),
+      currentPeriodStart: toIso(subscription.current_period_start) ?? existing?.currentPeriodStart ?? (/* @__PURE__ */ new Date()).toISOString(),
+      currentPeriodEnd: toIso(subscription.current_period_end) ?? existing?.currentPeriodEnd ?? (/* @__PURE__ */ new Date()).toISOString(),
+      trialEnd: toIso(subscription.trial_end),
+      metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0
+    });
+    if (uid) {
+      await this.store.upsertCustomer({
+        id: customerId,
+        uid,
+        metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0
+      });
+    }
+  }
+  async handleSubscriptionDeleted(event) {
+    const subscription = event.data.object;
+    const customerId = extractId(subscription.customer);
+    const existing = await this.store.getSubscription(subscription.id);
+    const uid = await this.resolveUid(customerId, subscription.metadata, existing?.metadata);
+    await this.store.upsertSubscription({
+      id: subscription.id,
+      customerId: customerId ?? existing?.customerId ?? "unknown",
+      uid: uid ?? existing?.uid,
+      status: "canceled",
+      planId: "free",
+      pendingPlanId: null,
+      pendingPlanEffectiveAt: null,
+      cancelAt: toIso(subscription.cancel_at),
+      cancelAtPeriodEnd: subscription.cancel_at_period_end ?? false,
+      canceledAt: toIso(subscription.canceled_at) ?? (/* @__PURE__ */ new Date()).toISOString(),
+      currentPeriodStart: toIso(subscription.current_period_start) ?? existing?.currentPeriodStart ?? (/* @__PURE__ */ new Date()).toISOString(),
+      currentPeriodEnd: toIso(subscription.current_period_end) ?? existing?.currentPeriodEnd ?? (/* @__PURE__ */ new Date()).toISOString(),
+      trialEnd: toIso(subscription.trial_end),
+      metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0
+    });
+    if (uid) {
+      await this.applyPlanEntitlements(uid, "free", subscription);
+    }
+  }
+  async handleInvoicePayment(event, succeeded) {
+    const invoice = event.data.object;
+    const subscriptionId = extractId(invoice.subscription ?? null);
+    if (!subscriptionId) {
+      console.warn("Invoice received without subscription id", { invoiceId: invoice.id });
+      return;
+    }
+    const subscription = await this.store.getSubscription(subscriptionId);
+    if (!subscription) {
+      console.warn("Invoice received for unknown subscription", { invoiceId: invoice.id, subscriptionId });
+      return;
+    }
+    const customerId = extractId(invoice.customer ?? subscription.customerId);
+    await this.store.recordInvoice({
+      id: invoice.id,
+      subscriptionId,
+      customerId,
+      amountPaid: (invoice.amount_paid ?? 0) / 100,
+      currency: invoice.currency ?? "usd",
+      status: succeeded ? "succeeded" : "failed",
+      paidAt: invoice.created ? new Date(invoice.created * 1e3).toISOString() : (/* @__PURE__ */ new Date()).toISOString(),
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      periodStart: toIso(invoice.lines?.data?.[0]?.period?.start ?? invoice.period_start ?? null),
+      periodEnd: toIso(invoice.lines?.data?.[0]?.period?.end ?? invoice.period_end ?? null),
+      hostedInvoiceUrl: invoice.hosted_invoice_url ?? void 0
+    });
+    if (!succeeded) {
+      await this.store.upsertSubscription({
+        id: subscription.id,
+        customerId: subscription.customerId,
+        uid: subscription.uid,
+        status: subscription.status,
+        planId: subscription.planId,
+        pendingPlanId: subscription.pendingPlanId ?? null,
+        pendingPlanEffectiveAt: subscription.pendingPlanEffectiveAt ?? null,
+        cancelAt: subscription.cancelAt ?? null,
+        cancelAtPeriodEnd: subscription.cancelAtPeriodEnd ?? false,
+        canceledAt: subscription.canceledAt ?? null,
+        currentPeriodStart: subscription.currentPeriodStart,
+        currentPeriodEnd: subscription.currentPeriodEnd,
+        trialEnd: subscription.trialEnd ?? null,
+        latestInvoiceId: invoice.id,
+        latestInvoiceStatus: "failed",
+        latestInvoiceAmount: (invoice.amount_paid ?? 0) / 100
+      });
+      return;
+    }
+    const fallbackPeriodStart = subscription.currentPeriodStart ? Date.parse(subscription.currentPeriodStart) / 1e3 : void 0;
+    const fallbackPeriodEnd = subscription.currentPeriodEnd ? Date.parse(subscription.currentPeriodEnd) / 1e3 : void 0;
+    const periodStart = invoice.lines?.data?.[0]?.period?.start ?? invoice.period_start ?? fallbackPeriodStart;
+    const periodEnd = invoice.lines?.data?.[0]?.period?.end ?? invoice.period_end ?? fallbackPeriodEnd;
+    let nextPlanId = subscription.planId;
+    let pendingPlanId = subscription.pendingPlanId ?? null;
+    let pendingEffectiveAt = subscription.pendingPlanEffectiveAt ?? null;
+    if (subscription.pendingPlanId) {
+      nextPlanId = subscription.pendingPlanId;
+      pendingPlanId = null;
+      pendingEffectiveAt = null;
+      if (subscription.uid) {
+        await this.applyPlanEntitlements(subscription.uid, nextPlanId, null, { start: periodStart, end: periodEnd });
+      }
+    } else if (subscription.uid) {
+      await this.applyPlanEntitlements(subscription.uid, subscription.planId, null, { start: periodStart, end: periodEnd });
+    }
+    await this.store.upsertSubscription({
+      id: subscription.id,
+      customerId: subscription.customerId,
+      uid: subscription.uid,
+      status: subscription.status,
+      planId: nextPlanId,
+      pendingPlanId,
+      pendingPlanEffectiveAt: pendingEffectiveAt,
+      cancelAt: subscription.cancelAt ?? null,
+      cancelAtPeriodEnd: subscription.cancelAtPeriodEnd ?? false,
+      canceledAt: subscription.canceledAt ?? null,
+      currentPeriodStart: periodStart ? toIso(periodStart) ?? subscription.currentPeriodStart : subscription.currentPeriodStart,
+      currentPeriodEnd: periodEnd ? toIso(periodEnd) ?? subscription.currentPeriodEnd : subscription.currentPeriodEnd,
+      trialEnd: subscription.trialEnd ?? null,
+      latestInvoiceId: invoice.id,
+      latestInvoiceStatus: "succeeded",
+      latestInvoiceAmount: (invoice.amount_paid ?? 0) / 100
+    });
+  }
+};
+var stripe_webhook_service_default = StripeWebhookService;
 
 // src/server/express-server.ts
 var jobIndex = /* @__PURE__ */ new Map();
 var app = express__default.default();
 var port = process.env.PORT || 8080;
+var subscriptionStore = new subscription_store_default();
+var stripeWebhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
+var stripeWebhookService = null;
+if (stripeWebhookSecret) {
+  try {
+    stripeWebhookService = new stripe_webhook_service_default({
+      secret: stripeWebhookSecret,
+      store: subscriptionStore
+    });
+  } catch (error) {
+    stripeWebhookService = null;
+    console.error("Failed to initialize Stripe webhook service:", error);
+  }
+} else {
+  console.warn("STRIPE_WEBHOOK_SECRET is not configured; Stripe webhook endpoint will be disabled.");
+}
 app.use(helmet__default.default());
 app.use(cors__default.default());
 app.use(compression__default.default({
@@ -8593,6 +9503,7 @@ app.use(compression__default.default({
     return compression.filter(req, res);
   }
 }));
+app.use("/api/stripe/webhook", express__default.default.raw({ type: "application/json" }));
 app.use(express__default.default.json({ limit: "10mb" }));
 app.use(express__default.default.urlencoded({ extended: true }));
 try {
@@ -8621,7 +9532,7 @@ app.get("/api/status", (req, res) => {
 app.get("/", (req, res) => {
   res.json({
     name: "MARIA CODE API",
-    version: "4.3.31",
+    version: "4.3.33",
     status: "running",
     environment: process.env.NODE_ENV || "development",
     endpoints: {
@@ -8636,6 +9547,30 @@ app.get("/", (req, res) => {
     timestamp: (/* @__PURE__ */ new Date()).toISOString()
   });
 });
+app.post("/api/stripe/webhook", async (req, res) => {
+  if (!stripeWebhookService) {
+    return res.status(503).json({ error: "Stripe webhook processing is not configured" });
+  }
+  const signature = req.headers["stripe-signature"];
+  const rawBody = Buffer.isBuffer(req.body) ? req.body : Buffer.from(typeof req.body === "string" ? req.body : JSON.stringify(req.body ?? {}), "utf8");
+  try {
+    stripeWebhookService.verifySignature(rawBody, signature);
+  } catch (error) {
+    console.error("Stripe webhook signature verification failed:", error);
+    return res.status(400).json({ error: "Invalid Stripe signature" });
+  }
+  let event;
+  try {
+    event = stripeWebhookService.parseEvent(rawBody);
+  } catch (error) {
+    console.error("Stripe webhook payload parsing failed:", error);
+    return res.status(400).json({ error: "Invalid Stripe payload" });
+  }
+  stripeWebhookService.processEvent(event).catch((error) => {
+    console.error("Stripe webhook processing error:", error);
+  });
+  return res.sendStatus(200);
+});
 function classifyMediaError(err) {
   const raw = err;
   const msg = String(raw?.message || raw || "unknown error");
@@ -9221,7 +10156,7 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
       } catch {
       }
     }
-    const sanitizeKey = (v) => {
+    const sanitizeKey2 = (v) => {
       if (!v) return void 0;
       let k = String(v).trim();
       if (!k) return void 0;
@@ -9246,7 +10181,7 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
         return {};
       }
     })();
-    const gemKey = sanitizeKey(keys?.googleApiKey || process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY);
+    const gemKey = sanitizeKey2(keys?.googleApiKey || process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY);
     if (gemKey) {
       try {
         const { GoogleGenerativeAI: GoogleGenerativeAI2 } = await import('@google/generative-ai');
@@ -9272,7 +10207,7 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
         }
       }
     }
-    const openaiKey = sanitizeKey(keys?.openaiApiKey || process.env.OPENAI_API_KEY);
+    const openaiKey = sanitizeKey2(keys?.openaiApiKey || process.env.OPENAI_API_KEY);
     if (!openaiKey) {
       if (process.env.MARIA_TELEMETRY === "1") {
         try {