@bonginkan/maria 4.3.32 → 4.3.34

package/dist/server/express-server.js

@@ -5158,22 +5158,22 @@ var init_from = __esm({
     init_file();
     init_fetch_blob();
     ({ stat } = fs.promises);
-    blobFromSync = (path3, type) => fromBlob(fs.statSync(path3), path3, type);
-    blobFrom = (path3, type) => stat(path3).then((stat2) => fromBlob(stat2, path3, type));
-    fileFrom = (path3, type) => stat(path3).then((stat2) => fromFile(stat2, path3, type));
-    fileFromSync = (path3, type) => fromFile(fs.statSync(path3), path3, type);
-    fromBlob = (stat2, path3, type = "") => new fetch_blob_default([new BlobDataItem({
-      path: path3,
+    blobFromSync = (path4, type) => fromBlob(fs.statSync(path4), path4, type);
+    blobFrom = (path4, type) => stat(path4).then((stat2) => fromBlob(stat2, path4, type));
+    fileFrom = (path4, type) => stat(path4).then((stat2) => fromFile(stat2, path4, type));
+    fileFromSync = (path4, type) => fromFile(fs.statSync(path4), path4, type);
+    fromBlob = (stat2, path4, type = "") => new fetch_blob_default([new BlobDataItem({
+      path: path4,
       size: stat2.size,
       lastModified: stat2.mtimeMs,
       start: 0
     })], { type });
-    fromFile = (stat2, path3, type = "") => new file_default([new BlobDataItem({
-      path: path3,
+    fromFile = (stat2, path4, type = "") => new file_default([new BlobDataItem({
+      path: path4,
       size: stat2.size,
       lastModified: stat2.mtimeMs,
       start: 0
-    })], path.basename(path3), { type, lastModified: stat2.mtimeMs });
+    })], path.basename(path4), { type, lastModified: stat2.mtimeMs });
     BlobDataItem = class _BlobDataItem {
       #path;
       #start;
@@ -6815,6 +6815,45 @@ var init_src = __esm({
     supportedSchemas = /* @__PURE__ */ new Set(["data:", "http:", "https:"]);
   }
 });
+
+// src/services/media-orchestrator/image-post.ts
+var image_post_exports = {};
+__export(image_post_exports, {
+  processImageOptional: () => processImageOptional
+});
+async function processImageOptional(bytes, format, keepExif, targetSize) {
+  try {
+    const sharp = (await import('sharp')).default;
+    let img = sharp(bytes).toColourspace("srgb");
+    if (targetSize && Number.isFinite(targetSize.width) && Number.isFinite(targetSize.height)) {
+      const width = Math.max(1, Math.floor(targetSize.width));
+      const height = Math.max(1, Math.floor(targetSize.height));
+      img = img.resize(width, height, { fit: "cover" });
+    }
+    if (keepExif) img = img.withMetadata();
+    const qEnv = Number(process.env.MARIA_SHARP_QUALITY || "80");
+    const quality = Number.isFinite(qEnv) ? Math.max(1, Math.min(100, Math.floor(qEnv))) : 80;
+    const alphaMode = String(process.env.MARIA_SHARP_ALPHA || "").toLowerCase();
+    if (format === "jpg" && alphaMode !== "preserve") {
+      img = img.flatten({ background: { r: 255, g: 255, b: 255 } });
+    }
+    switch (format) {
+      case "png":
+        return await img.png().toBuffer();
+      case "webp":
+        return await img.webp({ quality }).toBuffer();
+      case "jpg":
+        return await img.jpeg({ mozjpeg: true, quality }).toBuffer();
+    }
+    return bytes;
+  } catch {
+    return bytes;
+  }
+}
+var init_image_post = __esm({
+  "src/services/media-orchestrator/image-post.ts"() {
+  }
+});
 var rateLimitStore = /* @__PURE__ */ new Map();
 var RATE_LIMITS = {
   "/image:FREE": { windowMs: 3e3, requests: 1 },
@@ -6844,11 +6883,11 @@ function getRateLimitConfig(endpoint, plan) {
   const key = `${endpoint}:${plan.toUpperCase()}`;
   return RATE_LIMITS[key] || RATE_LIMITS.default;
 }
-function getEndpointCategory(path3) {
-  if (path3.includes("/image")) return "/image";
-  if (path3.includes("/video")) return "/video";
-  if (path3.includes("/code")) return "/code";
-  if (path3.includes("/chat")) return "/chat";
+function getEndpointCategory(path4) {
+  if (path4.includes("/image")) return "/image";
+  if (path4.includes("/video")) return "/video";
+  if (path4.includes("/code")) return "/code";
+  if (path4.includes("/chat")) return "/chat";
   return "default";
 }
 async function rateLimitMiddleware(req, res, next) {
@@ -7105,6 +7144,14 @@ var GeminiMediaProvider = class {
   async generateImage(req) {
     const modelName = this.primaryModel;
     const promptPreview = String(req.prompt ?? "").replace(/\s+/g, " ").slice(0, 200);
+    const targetMime = (() => {
+      const fmt = (req.format || "png").toLowerCase();
+      if (fmt === "jpg") return "image/jpeg";
+      if (fmt === "jpeg") return "image/jpeg";
+      if (fmt === "png") return "image/png";
+      if (fmt === "webp") return "image/webp";
+      return "image/png";
+    })();
     let resp;
     try {
       resp = await this.ai.models.generateContent({
@@ -7112,7 +7159,7 @@ var GeminiMediaProvider = class {
         contents: [{ role: "user", parts: [{ text: String(req.prompt) }] }],
         generationConfig: {
           responseModalities: ["IMAGE"],
-          responseMimeType: `image/${req.format || "png"}`
+          responseMimeType: targetMime
         }
       });
     } catch (err) {
@@ -7134,7 +7181,7 @@ var GeminiMediaProvider = class {
       const mime = p?.inlineData?.mimeType || p?.inline_data?.mime_type || p?.inline_data?.mimeType || p?.inlineData?.mime_type;
       if (data) {
         const buf = Buffer.from(String(data), "base64");
-        if (buf.length > 0) return { bytes: buf, mime: typeof mime === "string" ? mime : `image/${req.format}` };
+        if (buf.length > 0) return { bytes: buf, mime: typeof mime === "string" ? mime : targetMime };
       }
     }
     try {
@@ -7147,7 +7194,7 @@ var GeminiMediaProvider = class {
       const bytesB64 = img0?.imageBytes || img0?.bytesBase64Encoded;
       if (bytesB64) {
         const buf = Buffer.from(String(bytesB64), "base64");
-        if (buf.length > 0) return { bytes: buf, mime: `image/${req.format || "png"}` };
+        if (buf.length > 0) return { bytes: buf, mime: targetMime };
       }
     } catch {
     }
@@ -7167,148 +7214,6 @@ var GeminiMediaProvider = class {
   }
 };
 
-// src/config/plans/free-plan.json
-var free_plan_default = {
-  id: "free",
-  name: "Free",
-  displayName: "Free Plan",
-  priceUsd: 0,
-  priceJpy: 0,
-  status: "active",
-  features: {
-    priority: "community",
-    support: "community",
-    accessLevel: "basic"
-  },
-  buckets: {
-    req: 100,
-    tokens: 15e4,
-    code: 20,
-    attachment: 5,
-    image: 25,
-    video: 5
-  },
-  models: [
-    "google:gemini-2.5-flash",
-    "google:gemini-2.0-flash"
-  ],
-  imageModels: [
-    "google:imagen-4-fast",
-    "google:gemini-2.5-image"
-  ],
-  videoModels: [
-    "google:veo-3-fast",
-    "google:veo-2.0-generate-001"
-  ],
-  costRules: {
-    longContextTokens: {
-      threshold: 8e3,
-      multiplier: 2,
-      description: "Long context (>8k tokens) consumes 2x"
-    },
-    imageGen: {
-      multiplier: 1,
-      description: "1 image = 1 image bucket consumption"
-    },
-    videoGen: {
-      multiplier: 1,
-      description: "1 video = 1 video bucket consumption"
-    }
-  },
-  limits: {
-    image: {
-      maxSize: "1024x1024",
-      maxWidth: 1024,
-      maxHeight: 1024,
-      maxCountPerCall: 1,
-      formats: ["png", "jpg", "jpeg", "webp", "svg"],
-      monthlyLimit: 25
-    },
-    video: {
-      maxDurationSec: 8,
-      minDurationSec: 6,
-      maxCountPerCall: 1,
-      aspectWhitelist: ["16:9", "9:16", "1:1"],
-      personGeneration: "DONT_ALLOW",
-      monthlyLimit: 5
-    },
-    code: {
-      maxTokensPerRequest: 8e3,
-      maxOutputTokens: 2048,
-      temperature: {
-        min: 0.1,
-        max: 0.2,
-        default: 0.15
-      }
-    },
-    rateLimit: {
-      requestsPerSecond: 0.33,
-      description: "1 request per 3 seconds"
-    }
-  },
-  fileSave: {
-    allowExtensions: [
-      ".ts",
-      ".tsx",
-      ".js",
-      ".jsx",
-      ".py",
-      ".java",
-      ".go",
-      ".rs",
-      ".html",
-      ".css",
-      ".scss",
-      ".json",
-      ".yml",
-      ".yaml",
-      ".sql",
-      ".csv",
-      ".md",
-      ".sh",
-      ".bash",
-      ".png",
-      ".jpg",
-      ".jpeg",
-      ".webp",
-      ".svg"
-    ],
-    maxFileSizeMB: 10,
-    naming: {
-      convention: "kebab-case",
-      pattern: "^[a-z0-9-_]+\\.[a-z]+$"
-    },
-    dirs: {
-      default: "outputs",
-      images: "outputs/images",
-      videos: "outputs/videos",
-      code: "outputs/code"
-    }
-  },
-  ui: {
-    badge: "FREE",
-    badgeColor: "#4CAF50",
-    description: "Perfect for getting started with AI development",
-    highlights: [
-      "100 requests/month",
-      "Gemini 2.5 Flash for code",
-      "25 images/month (1024px)",
-      "5 videos/month (8 sec)",
-      "Community support"
-    ]
-  },
-  telemetry: {
-    trackingEnabled: true,
-    anonymousId: true,
-    events: [
-      "model_usage",
-      "command_execution",
-      "error_rate",
-      "latency"
-    ]
-  }
-};
-
 // src/services/intelligent-model-selector/IMSFacade.ts
 init_SecretManagerIntegration();
 
@@ -8580,11 +8485,921 @@ I can still help summarize, clarify, or suggest next steps. Try again in a momen
   }
 };
 var IMSFacade_default = IMSFacade;
+var DEFAULT_STATE = {
+  events: {},
+  customers: {},
+  subscriptions: {},
+  invoices: {},
+  entitlements: {},
+  usage: {}
+};
+var SubscriptionStore = class {
+  filePath;
+  state = null;
+  loadPromise = null;
+  queue = Promise.resolve();
+  constructor(filePath) {
+    this.filePath = filePath ?? path__namespace.default.resolve(process.cwd(), "data", "subscription-state.json");
+  }
+  async ensureLoaded() {
+    if (this.state) {
+      return;
+    }
+    if (!this.loadPromise) {
+      this.loadPromise = this.loadStateFromDisk();
+    }
+    await this.loadPromise;
+  }
+  async loadStateFromDisk() {
+    try {
+      const raw = await fsp__namespace.default.readFile(this.filePath, "utf8");
+      const parsed = JSON.parse(raw);
+      this.state = {
+        events: parsed.events ?? {},
+        customers: parsed.customers ?? {},
+        subscriptions: parsed.subscriptions ?? {},
+        invoices: parsed.invoices ?? {},
+        entitlements: parsed.entitlements ?? {},
+        usage: parsed.usage ?? {}
+      };
+    } catch (error) {
+      if (error?.code === "ENOENT") {
+        this.state = { ...DEFAULT_STATE };
+        await this.persist();
+        return;
+      }
+      throw error;
+    }
+  }
+  async persist() {
+    if (!this.state) {
+      return;
+    }
+    const directory = path__namespace.default.dirname(this.filePath);
+    await fsp__namespace.default.mkdir(directory, { recursive: true });
+    const payload = JSON.stringify(this.state, null, 2);
+    await fsp__namespace.default.writeFile(this.filePath, payload, "utf8");
+  }
+  runExclusive(task) {
+    const result = this.queue.then(task);
+    this.queue = result.then(() => void 0).catch(() => void 0);
+    return result;
+  }
+  async markEventReceived(event) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const existing = state.events[event.id];
+      if (!existing) {
+        state.events[event.id] = {
+          id: event.id,
+          type: event.type,
+          status: "received",
+          receivedAt: now,
+          stripeCreatedAt: event.created ? new Date(event.created * 1e3).toISOString() : void 0
+        };
+        await this.persist();
+        return "new";
+      }
+      if (existing.status === "processed") {
+        return "duplicate";
+      }
+      state.events[event.id] = {
+        ...existing,
+        type: event.type,
+        status: existing.status === "failed" ? "received" : existing.status,
+        receivedAt: existing.receivedAt ?? now
+      };
+      await this.persist();
+      return "pending";
+    });
+  }
+  async markEventProcessed(eventId) {
+    await this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const state = this.state;
+      const existing = state.events[eventId];
+      if (!existing) {
+        return;
+      }
+      state.events[eventId] = {
+        ...existing,
+        status: "processed",
+        processedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        error: void 0
+      };
+      await this.persist();
+    });
+  }
+  async markEventFailed(eventId, error) {
+    await this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const state = this.state;
+      const existing = state.events[eventId];
+      if (!existing) {
+        return;
+      }
+      state.events[eventId] = {
+        ...existing,
+        status: "failed",
+        error: error instanceof Error ? error.message : String(error)
+      };
+      await this.persist();
+    });
+  }
+  async upsertCustomer(record) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const existing = state.customers[record.id];
+      const createdAt = existing?.createdAt ?? record.createdAt ?? now;
+      const nextRecord = {
+        id: record.id,
+        uid: record.uid ?? existing?.uid,
+        email: record.email ?? existing?.email,
+        metadata: {
+          ...existing?.metadata ?? {},
+          ...record.metadata ?? {}
+        },
+        createdAt,
+        updatedAt: record.updatedAt ?? now
+      };
+      state.customers[record.id] = nextRecord;
+      await this.persist();
+      return nextRecord;
+    });
+  }
+  async getCustomer(customerId) {
+    await this.ensureLoaded();
+    const state = this.state;
+    const record = state.customers[customerId];
+    return record ? { ...record, metadata: record.metadata ? { ...record.metadata } : void 0 } : void 0;
+  }
+  async upsertSubscription(record) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const existing = state.subscriptions[record.id];
+      const createdAt = existing?.createdAt ?? record.createdAt ?? now;
+      const nextRecord = {
+        id: record.id,
+        customerId: record.customerId,
+        uid: record.uid ?? existing?.uid,
+        status: record.status,
+        planId: record.planId,
+        pendingPlanId: record.pendingPlanId !== void 0 ? record.pendingPlanId : existing?.pendingPlanId ?? null,
+        pendingPlanEffectiveAt: record.pendingPlanEffectiveAt !== void 0 ? record.pendingPlanEffectiveAt : existing?.pendingPlanEffectiveAt ?? null,
+        cancelAt: record.cancelAt ?? null,
+        cancelAtPeriodEnd: record.cancelAtPeriodEnd ?? false,
+        canceledAt: record.canceledAt ?? null,
+        currentPeriodStart: record.currentPeriodStart,
+        currentPeriodEnd: record.currentPeriodEnd,
+        trialEnd: record.trialEnd ?? null,
+        latestInvoiceId: record.latestInvoiceId ?? existing?.latestInvoiceId,
+        latestInvoiceStatus: record.latestInvoiceStatus ?? existing?.latestInvoiceStatus,
+        latestInvoiceAmount: record.latestInvoiceAmount ?? existing?.latestInvoiceAmount,
+        metadata: {
+          ...existing?.metadata ?? {},
+          ...record.metadata ?? {}
+        },
+        createdAt,
+        updatedAt: record.updatedAt ?? now
+      };
+      state.subscriptions[record.id] = nextRecord;
+      await this.persist();
+      return nextRecord;
+    });
+  }
+  async getSubscription(subscriptionId) {
+    await this.ensureLoaded();
+    const state = this.state;
+    const record = state.subscriptions[subscriptionId];
+    if (!record) {
+      return void 0;
+    }
+    return {
+      ...record,
+      metadata: record.metadata ? { ...record.metadata } : void 0
+    };
+  }
+  async findSubscriptionByCustomer(customerId) {
+    await this.ensureLoaded();
+    const state = this.state;
+    return Object.values(state.subscriptions).find((sub) => sub.customerId === customerId);
+  }
+  async recordInvoice(record) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const state = this.state;
+      state.invoices[record.id] = { ...record };
+      await this.persist();
+      return state.invoices[record.id];
+    });
+  }
+  async setEntitlements(uid, planId, features) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const record = {
+        uid,
+        planId,
+        features: [...features],
+        updatedAt: now
+      };
+      state.entitlements[uid] = record;
+      await this.persist();
+      return record;
+    });
+  }
+  async setUsage(params) {
+    return this.runExclusive(async () => {
+      await this.ensureLoaded();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const state = this.state;
+      const key = `${params.uid}:${params.periodId}`;
+      const existing = state.usage[key];
+      const used = existing?.used ?? {
+        requests: 0,
+        tokens: 0,
+        code: 0,
+        attachment: 0
+      };
+      const remaining = {
+        requests: Math.max(0, params.limits.requests - used.requests),
+        tokens: Math.max(0, params.limits.tokens - used.tokens),
+        code: Math.max(0, params.limits.code - used.code),
+        attachment: Math.max(0, params.limits.attachment - used.attachment)
+      };
+      const record = {
+        uid: params.uid,
+        planId: params.planId,
+        periodId: params.periodId,
+        limits: { ...params.limits },
+        used,
+        remaining,
+        createdAt: existing?.createdAt ?? now,
+        updatedAt: now
+      };
+      state.usage[key] = record;
+      await this.persist();
+      return record;
+    });
+  }
+  async getUsage(uid, periodId) {
+    await this.ensureLoaded();
+    const key = `${uid}:${periodId}`;
+    const record = this.state.usage[key];
+    if (!record) {
+      return void 0;
+    }
+    return {
+      ...record,
+      limits: { ...record.limits },
+      used: { ...record.used },
+      remaining: { ...record.remaining }
+    };
+  }
+  async getEntitlements(uid) {
+    await this.ensureLoaded();
+    const record = this.state.entitlements[uid];
+    if (!record) {
+      return void 0;
+    }
+    return {
+      ...record,
+      features: [...record.features]
+    };
+  }
+  async snapshot() {
+    await this.ensureLoaded();
+    const state = this.state;
+    return JSON.parse(JSON.stringify(state));
+  }
+};
+var subscription_store_default = SubscriptionStore;
+var PLAN_PRIORITY = {
+  free: 0,
+  starter: 1,
+  pro: 2,
+  ultra: 3
+};
+var PLAN_CONFIG = {
+  free: {
+    entitlements: [
+      "core.cli.basic",
+      "ai.chat.basic",
+      "usage.metrics.basic"
+    ],
+    quota: {
+      requests: 100,
+      tokens: 5e4,
+      code: 30,
+      attachment: 10
+    }
+  },
+  starter: {
+    entitlements: [
+      "core.cli.basic",
+      "ai.chat.basic",
+      "ai.chat.priority",
+      "usage.metrics.expanded",
+      "workspace.multi-device"
+    ],
+    quota: {
+      requests: 500,
+      tokens: 25e4,
+      code: 200,
+      attachment: 50
+    }
+  },
+  pro: {
+    entitlements: [
+      "core.cli.basic",
+      "ai.chat.priority",
+      "ai.code.advanced",
+      "orchestrator.code",
+      "usage.metrics.expanded",
+      "workspace.multi-device",
+      "api.webhooks"
+    ],
+    quota: {
+      requests: 2e3,
+      tokens: 1e6,
+      code: 1e3,
+      attachment: 200
+    }
+  },
+  ultra: {
+    entitlements: [
+      "core.cli.basic",
+      "ai.chat.priority",
+      "ai.code.advanced",
+      "orchestrator.code",
+      "orchestrator.media",
+      "monitoring.analytics",
+      "api.webhooks",
+      "support.priority"
+    ],
+    quota: {
+      requests: 1e4,
+      tokens: 5e6,
+      code: 5e3,
+      attachment: 1e3
+    }
+  }
+};
+var PLAN_ALIAS_MAP = {
+  starterannual: "starter",
+  "starter-annual": "starter",
+  "starter_yearly": "starter",
+  "starter-yearly": "starter",
+  starteryearly: "starter",
+  proannual: "pro",
+  "pro-annual": "pro",
+  "pro_yearly": "pro",
+  "pro-yearly": "pro",
+  proyearly: "pro",
+  ultraannual: "ultra",
+  "ultra-annual": "ultra",
+  "ultra_yearly": "ultra",
+  "ultra-yearly": "ultra",
+  ultrayearly: "ultra"
+};
+function sanitizeKey(value) {
+  return value.trim().toLowerCase().replace(/[^a-z0-9-]/g, "");
+}
+function toIso(timestamp) {
+  if (!timestamp) {
+    return null;
+  }
+  return new Date(timestamp * 1e3).toISOString();
+}
+function formatPeriodId(date) {
+  const instance = typeof date === "number" ? new Date(date) : date;
+  const year = instance.getUTCFullYear();
+  const month = String(instance.getUTCMonth() + 1).padStart(2, "0");
+  return `${year}${month}`;
+}
+function extractId(value) {
+  if (!value) {
+    return void 0;
+  }
+  if (typeof value === "string") {
+    return value;
+  }
+  return value.id ?? void 0;
+}
+function extractMetadataPlan(metadata) {
+  if (!metadata) {
+    return void 0;
+  }
+  const keys = ["planId", "plan_id", "plan", "plan-id", "plan_name"];
+  for (const key of keys) {
+    const value = metadata[key];
+    if (value && value.trim()) {
+      return value.trim();
+    }
+  }
+  return void 0;
+}
+function extractUidFromMetadata(metadata) {
+  if (!metadata) {
+    return void 0;
+  }
+  const keys = ["uid", "userId", "user_id", "customer_uid"];
+  for (const key of keys) {
+    const value = metadata[key];
+    if (value && value.trim()) {
+      return value.trim();
+    }
+  }
+  return void 0;
+}
+var StripeWebhookService = class {
+  secret;
+  toleranceSeconds;
+  store;
+  pricePlanMap = /* @__PURE__ */ new Map();
+  productPlanMap = /* @__PURE__ */ new Map();
+  constructor(options) {
+    if (!options.secret) {
+      throw new Error("Stripe webhook secret must be provided");
+    }
+    this.secret = options.secret;
+    this.toleranceSeconds = options.toleranceSeconds ?? 300;
+    this.store = options.store ?? new subscription_store_default();
+    this.registerEnvPlanMappings();
+    if (options.priceIdMap) {
+      for (const [id, plan] of Object.entries(options.priceIdMap)) {
+        this.pricePlanMap.set(sanitizeKey(id), plan);
+      }
+    }
+    if (options.productIdMap) {
+      for (const [id, plan] of Object.entries(options.productIdMap)) {
+        this.productPlanMap.set(sanitizeKey(id), plan);
+      }
+    }
+  }
+  verifySignature(rawBody, signatureHeader) {
+    if (!signatureHeader) {
+      throw new Error("Stripe signature header is missing");
+    }
+    const header = Array.isArray(signatureHeader) ? signatureHeader.join(",") : signatureHeader;
+    const { timestamp, signatures } = this.parseSignatureHeader(header);
+    if (!timestamp || signatures.length === 0) {
+      throw new Error("Stripe signature header is invalid");
+    }
+    const timestampSeconds = Number(timestamp);
+    if (!Number.isFinite(timestampSeconds)) {
+      throw new Error("Stripe signature timestamp is invalid");
+    }
+    const nowSeconds = Math.floor(Date.now() / 1e3);
+    if (Math.abs(nowSeconds - timestampSeconds) > this.toleranceSeconds) {
+      throw new Error("Stripe signature timestamp outside of tolerance window");
+    }
+    const signedPayload = `${timestamp}.${rawBody.toString("utf8")}`;
+    const expected = crypto.createHmac("sha256", this.secret).update(signedPayload).digest("hex");
+    const expectedBuffer = Buffer.from(expected, "hex");
+    const isValid = signatures.some((signature) => {
+      const signatureBuffer = Buffer.from(signature, "hex");
+      if (signatureBuffer.length !== expectedBuffer.length) {
+        return false;
+      }
+      return crypto.timingSafeEqual(signatureBuffer, expectedBuffer);
+    });
+    if (!isValid) {
+      throw new Error("Stripe signature verification failed");
+    }
+  }
+  parseEvent(rawBody) {
+    try {
+      const parsed = JSON.parse(rawBody.toString("utf8"));
+      if (!parsed || typeof parsed !== "object" || !parsed.id || !parsed.type) {
+        throw new Error("Invalid event payload");
+      }
+      return parsed;
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Unknown error";
+      throw new Error(`Failed to parse Stripe event payload: ${message}`);
+    }
+  }
+  async processEvent(event) {
+    const receipt = await this.store.markEventReceived({
+      id: event.id,
+      type: event.type,
+      created: event.created
+    });
+    if (receipt === "duplicate") {
+      return;
+    }
+    try {
+      switch (event.type) {
+        case "checkout.session.completed":
+          await this.handleCheckoutSession(event);
+          break;
+        case "customer.subscription.created":
+          await this.handleSubscriptionCreated(event);
+          break;
+        case "customer.subscription.updated":
+          await this.handleSubscriptionUpdated(event);
+          break;
+        case "customer.subscription.deleted":
+          await this.handleSubscriptionDeleted(event);
+          break;
+        case "invoice.payment_succeeded":
+          await this.handleInvoicePayment(event, true);
+          break;
+        case "invoice.payment_failed":
+          await this.handleInvoicePayment(event, false);
+          break;
+        default:
+          console.info(`Unhandled Stripe event type: ${event.type}`);
+      }
+      await this.store.markEventProcessed(event.id);
+    } catch (error) {
+      await this.store.markEventFailed(event.id, error);
+      throw error;
+    }
+  }
+  parseSignatureHeader(signatureHeader) {
+    const parts = signatureHeader.split(",");
+    let timestamp;
+    const signatures = [];
+    for (const part of parts) {
+      const [key, value] = part.trim().split("=");
+      if (key === "t") {
+        timestamp = value;
+      } else if (key.startsWith("v")) {
+        signatures.push(value);
+      }
+    }
+    return { timestamp, signatures };
+  }
+  registerEnvPlanMappings() {
+    const mapping = [
+      [process.env.STRIPE_PRICE_STARTER, "starter"],
+      [process.env.STRIPE_PRICE_STARTER_ANNUAL, "starter"],
+      [process.env.STRIPE_PRICE_PRO, "pro"],
+      [process.env.STRIPE_PRICE_PRO_ANNUAL, "pro"],
+      [process.env.STRIPE_PRICE_ULTRA, "ultra"],
+      [process.env.STRIPE_PRICE_ULTRA_ANNUAL, "ultra"]
+    ];
+    mapping.forEach(([id, plan]) => {
+      if (id && id.trim()) {
+        this.pricePlanMap.set(sanitizeKey(id), plan);
+      }
+    });
+    const productMapping = [
+      [process.env.STRIPE_PRODUCT_STARTER, "starter"],
+      [process.env.STRIPE_PRODUCT_PRO, "pro"],
+      [process.env.STRIPE_PRODUCT_ULTRA, "ultra"]
+    ];
+    productMapping.forEach(([id, plan]) => {
+      if (id && id.trim()) {
+        this.productPlanMap.set(sanitizeKey(id), plan);
+      }
+    });
+  }
+  normalizePlanId(planId) {
+    if (!planId) {
+      return "free";
+    }
+    const key = sanitizeKey(planId);
+    if (PLAN_CONFIG[key]) {
+      return key;
+    }
+    const alias = PLAN_ALIAS_MAP[key];
+    if (alias) {
+      return alias;
+    }
+    return "free";
+  }
+  resolvePlanFromSubscription(subscription) {
+    const metadataPlan = extractMetadataPlan(subscription.metadata);
+    if (metadataPlan) {
+      return this.normalizePlanId(metadataPlan);
+    }
+    const items = subscription.items?.data ?? [];
+    for (const item of items) {
+      const itemMetadataPlan = extractMetadataPlan(item.metadata);
+      if (itemMetadataPlan) {
+        return this.normalizePlanId(itemMetadataPlan);
+      }
+      const priceMetadataPlan = extractMetadataPlan(item.price?.metadata);
+      if (priceMetadataPlan) {
+        return this.normalizePlanId(priceMetadataPlan);
+      }
+      const planMetadataPlan = extractMetadataPlan(item.plan?.metadata);
+      if (planMetadataPlan) {
+        return this.normalizePlanId(planMetadataPlan);
+      }
+      const priceId = item.price?.id;
+      if (priceId) {
+        const mapped = this.pricePlanMap.get(sanitizeKey(priceId));
+        if (mapped) {
+          return mapped;
+        }
+      }
+      const productId = extractId(item.price?.product ?? item.plan?.product ?? null);
+      if (productId) {
+        const mapped = this.productPlanMap.get(sanitizeKey(productId));
+        if (mapped) {
+          return mapped;
+        }
+      }
+      const nickname = item.price?.nickname;
+      if (nickname) {
+        const candidate = this.normalizePlanId(nickname);
+        if (candidate !== "free") {
+          return candidate;
+        }
+      }
+    }
+    return "free";
+  }
+  getPlanConfig(planId) {
+    return PLAN_CONFIG[planId] ?? PLAN_CONFIG.free;
+  }
+  async applyPlanEntitlements(uid, planId, subscription, overridePeriod) {
+    const config = this.getPlanConfig(planId);
+    await this.store.setEntitlements(uid, planId, config.entitlements);
+    const periodStart = overridePeriod?.start ?? subscription?.current_period_start;
+    overridePeriod?.end ?? subscription?.current_period_end;
+    const periodId = periodStart ? formatPeriodId(new Date(periodStart * 1e3)) : formatPeriodId(Date.now());
+    await this.store.setUsage({
+      uid,
+      planId,
+      periodId,
+      limits: config.quota
+    });
+  }
+  comparePlanPriority(a, b) {
+    return PLAN_PRIORITY[a] - PLAN_PRIORITY[b];
+  }
+  async resolveUid(customerId, ...metadataSources) {
+    for (const metadata of metadataSources) {
+      const uidFromMetadata = extractUidFromMetadata(metadata);
+      if (uidFromMetadata) {
+        return uidFromMetadata;
+      }
+    }
+    if (customerId) {
+      const customer = await this.store.getCustomer(customerId);
+      return customer?.uid;
+    }
+    return void 0;
+  }
+  async handleCheckoutSession(event) {
+    const session = event.data.object;
+    const customerId = extractId(session.customer ?? null);
+    const uid = await this.resolveUid(customerId, session.metadata);
+    if (!customerId) {
+      console.warn("checkout.session.completed received without customer id", { sessionId: session.id });
+      return;
+    }
+    const metadata = {};
+    if (session.metadata) {
+      for (const [key, value] of Object.entries(session.metadata)) {
+        if (typeof value === "string") {
+          metadata[key] = value;
+        }
+      }
+    }
+    await this.store.upsertCustomer({
+      id: customerId,
+      uid,
+      email: session.customer_email ?? void 0,
+      metadata: {
+        ...metadata,
+        lastCheckoutSessionId: session.id,
+        lastCheckoutMode: session.mode ?? void 0
+      }
+    });
+  }
+  async handleSubscriptionCreated(event) {
+    const subscription = event.data.object;
+    const customerId = extractId(subscription.customer);
+    if (!customerId) {
+      throw new Error(`Subscription ${subscription.id} missing customer id`);
+    }
+    const planId = this.resolvePlanFromSubscription(subscription);
+    const uid = await this.resolveUid(customerId, subscription.metadata);
+    const customerRecord = {
+      id: customerId,
+      uid,
+      email: typeof subscription.customer === "object" ? subscription.customer.email ?? void 0 : void 0,
+      metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    await this.store.upsertCustomer(customerRecord);
+    await this.store.upsertSubscription({
+      id: subscription.id,
+      customerId,
+      uid,
+      status: subscription.status,
+      planId,
+      pendingPlanId: null,
+      pendingPlanEffectiveAt: null,
+      cancelAt: toIso(subscription.cancel_at),
+      cancelAtPeriodEnd: subscription.cancel_at_period_end ?? false,
+      canceledAt: toIso(subscription.canceled_at),
+      currentPeriodStart: toIso(subscription.current_period_start) ?? (/* @__PURE__ */ new Date()).toISOString(),
+      currentPeriodEnd: toIso(subscription.current_period_end) ?? (/* @__PURE__ */ new Date()).toISOString(),
+      trialEnd: toIso(subscription.trial_end),
+      metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0
+    });
+    if (uid) {
+      await this.applyPlanEntitlements(uid, planId, subscription);
+    }
+  }
+  async handleSubscriptionUpdated(event) {
+    const subscription = event.data.object;
+    const customerId = extractId(subscription.customer);
+    if (!customerId) {
+      throw new Error(`Subscription ${subscription.id} missing customer id`);
+    }
+    const existing = await this.store.getSubscription(subscription.id);
+    const resolvedPlan = this.resolvePlanFromSubscription(subscription);
+    const uid = await this.resolveUid(customerId, subscription.metadata, existing?.metadata);
+    const planChange = existing ? this.comparePlanPriority(resolvedPlan, existing.planId) : 0;
+    let effectivePlan = resolvedPlan;
+    let pendingPlan = existing?.pendingPlanId ?? null;
+    let pendingEffectiveAt = existing?.pendingPlanEffectiveAt ?? null;
+    if (existing) {
+      if (planChange < 0) {
+        effectivePlan = existing.planId;
+        pendingPlan = resolvedPlan;
+        pendingEffectiveAt = toIso(subscription.current_period_end) ?? toIso(subscription.cancel_at) ?? existing.currentPeriodEnd;
+      } else {
+        pendingPlan = null;
+        pendingEffectiveAt = null;
+        if (planChange > 0 && uid) {
+          await this.applyPlanEntitlements(uid, resolvedPlan, subscription);
+        }
+      }
+    } else if (uid) {
+      await this.applyPlanEntitlements(uid, resolvedPlan, subscription);
+    }
+    await this.store.upsertSubscription({
+      id: subscription.id,
+      customerId,
+      uid,
+      status: subscription.status,
+      planId: effectivePlan,
+      pendingPlanId: pendingPlan,
+      pendingPlanEffectiveAt: pendingEffectiveAt,
+      cancelAt: toIso(subscription.cancel_at),
+      cancelAtPeriodEnd: subscription.cancel_at_period_end ?? false,
+      canceledAt: toIso(subscription.canceled_at),
+      currentPeriodStart: toIso(subscription.current_period_start) ?? existing?.currentPeriodStart ?? (/* @__PURE__ */ new Date()).toISOString(),
+      currentPeriodEnd: toIso(subscription.current_period_end) ?? existing?.currentPeriodEnd ?? (/* @__PURE__ */ new Date()).toISOString(),
+      trialEnd: toIso(subscription.trial_end),
+      metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0
+    });
+    if (uid) {
+      await this.store.upsertCustomer({
+        id: customerId,
+        uid,
+        metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0
+      });
+    }
+  }
+  async handleSubscriptionDeleted(event) {
+    const subscription = event.data.object;
+    const customerId = extractId(subscription.customer);
+    const existing = await this.store.getSubscription(subscription.id);
+    const uid = await this.resolveUid(customerId, subscription.metadata, existing?.metadata);
+    await this.store.upsertSubscription({
+      id: subscription.id,
+      customerId: customerId ?? existing?.customerId ?? "unknown",
+      uid: uid ?? existing?.uid,
+      status: "canceled",
+      planId: "free",
+      pendingPlanId: null,
+      pendingPlanEffectiveAt: null,
+      cancelAt: toIso(subscription.cancel_at),
+      cancelAtPeriodEnd: subscription.cancel_at_period_end ?? false,
+      canceledAt: toIso(subscription.canceled_at) ?? (/* @__PURE__ */ new Date()).toISOString(),
+      currentPeriodStart: toIso(subscription.current_period_start) ?? existing?.currentPeriodStart ?? (/* @__PURE__ */ new Date()).toISOString(),
+      currentPeriodEnd: toIso(subscription.current_period_end) ?? existing?.currentPeriodEnd ?? (/* @__PURE__ */ new Date()).toISOString(),
+      trialEnd: toIso(subscription.trial_end),
+      metadata: subscription.metadata && Object.keys(subscription.metadata).length > 0 ? { ...subscription.metadata } : void 0
+    });
+    if (uid) {
+      await this.applyPlanEntitlements(uid, "free", subscription);
+    }
+  }
+  async handleInvoicePayment(event, succeeded) {
+    const invoice = event.data.object;
+    const subscriptionId = extractId(invoice.subscription ?? null);
+    if (!subscriptionId) {
+      console.warn("Invoice received without subscription id", { invoiceId: invoice.id });
+      return;
+    }
+    const subscription = await this.store.getSubscription(subscriptionId);
+    if (!subscription) {
+      console.warn("Invoice received for unknown subscription", { invoiceId: invoice.id, subscriptionId });
+      return;
+    }
+    const customerId = extractId(invoice.customer ?? subscription.customerId);
+    await this.store.recordInvoice({
+      id: invoice.id,
+      subscriptionId,
+      customerId,
+      amountPaid: (invoice.amount_paid ?? 0) / 100,
+      currency: invoice.currency ?? "usd",
+      status: succeeded ? "succeeded" : "failed",
+      paidAt: invoice.created ? new Date(invoice.created * 1e3).toISOString() : (/* @__PURE__ */ new Date()).toISOString(),
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      periodStart: toIso(invoice.lines?.data?.[0]?.period?.start ?? invoice.period_start ?? null),
+      periodEnd: toIso(invoice.lines?.data?.[0]?.period?.end ?? invoice.period_end ?? null),
+      hostedInvoiceUrl: invoice.hosted_invoice_url ?? void 0
+    });
+    if (!succeeded) {
+      await this.store.upsertSubscription({
+        id: subscription.id,
+        customerId: subscription.customerId,
+        uid: subscription.uid,
+        status: subscription.status,
+        planId: subscription.planId,
+        pendingPlanId: subscription.pendingPlanId ?? null,
+        pendingPlanEffectiveAt: subscription.pendingPlanEffectiveAt ?? null,
+        cancelAt: subscription.cancelAt ?? null,
+        cancelAtPeriodEnd: subscription.cancelAtPeriodEnd ?? false,
+        canceledAt: subscription.canceledAt ?? null,
+        currentPeriodStart: subscription.currentPeriodStart,
+        currentPeriodEnd: subscription.currentPeriodEnd,
+        trialEnd: subscription.trialEnd ?? null,
+        latestInvoiceId: invoice.id,
+        latestInvoiceStatus: "failed",
+        latestInvoiceAmount: (invoice.amount_paid ?? 0) / 100
+      });
+      return;
+    }
+    const fallbackPeriodStart = subscription.currentPeriodStart ? Date.parse(subscription.currentPeriodStart) / 1e3 : void 0;
+    const fallbackPeriodEnd = subscription.currentPeriodEnd ? Date.parse(subscription.currentPeriodEnd) / 1e3 : void 0;
+    const periodStart = invoice.lines?.data?.[0]?.period?.start ?? invoice.period_start ?? fallbackPeriodStart;
+    const periodEnd = invoice.lines?.data?.[0]?.period?.end ?? invoice.period_end ?? fallbackPeriodEnd;
+    let nextPlanId = subscription.planId;
+    let pendingPlanId = subscription.pendingPlanId ?? null;
+    let pendingEffectiveAt = subscription.pendingPlanEffectiveAt ?? null;
+    if (subscription.pendingPlanId) {
+      nextPlanId = subscription.pendingPlanId;
+      pendingPlanId = null;
+      pendingEffectiveAt = null;
+      if (subscription.uid) {
+        await this.applyPlanEntitlements(subscription.uid, nextPlanId, null, { start: periodStart, end: periodEnd });
+      }
+    } else if (subscription.uid) {
+      await this.applyPlanEntitlements(subscription.uid, subscription.planId, null, { start: periodStart, end: periodEnd });
+    }
+    await this.store.upsertSubscription({
+      id: subscription.id,
+      customerId: subscription.customerId,
+      uid: subscription.uid,
+      status: subscription.status,
+      planId: nextPlanId,
+      pendingPlanId,
+      pendingPlanEffectiveAt: pendingEffectiveAt,
+      cancelAt: subscription.cancelAt ?? null,
+      cancelAtPeriodEnd: subscription.cancelAtPeriodEnd ?? false,
+      canceledAt: subscription.canceledAt ?? null,
+      currentPeriodStart: periodStart ? toIso(periodStart) ?? subscription.currentPeriodStart : subscription.currentPeriodStart,
+      currentPeriodEnd: periodEnd ? toIso(periodEnd) ?? subscription.currentPeriodEnd : subscription.currentPeriodEnd,
+      trialEnd: subscription.trialEnd ?? null,
+      latestInvoiceId: invoice.id,
+      latestInvoiceStatus: "succeeded",
+      latestInvoiceAmount: (invoice.amount_paid ?? 0) / 100
+    });
+  }
+};
+var stripe_webhook_service_default = StripeWebhookService;
 
 // src/server/express-server.ts
 var jobIndex = /* @__PURE__ */ new Map();
 var app = express__default.default();
 var port = process.env.PORT || 8080;
+var subscriptionStore = new subscription_store_default();
+var stripeWebhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
+var stripeWebhookService = null;
+if (stripeWebhookSecret) {
+  try {
+    stripeWebhookService = new stripe_webhook_service_default({
+      secret: stripeWebhookSecret,
+      store: subscriptionStore
+    });
+  } catch (error) {
+    stripeWebhookService = null;
+    console.error("Failed to initialize Stripe webhook service:", error);
+  }
+} else {
+  console.warn("STRIPE_WEBHOOK_SECRET is not configured; Stripe webhook endpoint will be disabled.");
+}
 app.use(helmet__default.default());
 app.use(cors__default.default());
 app.use(compression__default.default({
@@ -8593,6 +9408,7 @@ app.use(compression__default.default({
     return compression.filter(req, res);
   }
 }));
+app.use("/api/stripe/webhook", express__default.default.raw({ type: "application/json" }));
 app.use(express__default.default.json({ limit: "10mb" }));
 app.use(express__default.default.urlencoded({ extended: true }));
 try {
@@ -8621,7 +9437,7 @@ app.get("/api/status", (req, res) => {
 app.get("/", (req, res) => {
   res.json({
     name: "MARIA CODE API",
-    version: "4.3.32",
+    version: "4.3.34",
     status: "running",
     environment: process.env.NODE_ENV || "development",
     endpoints: {
@@ -8636,6 +9452,30 @@ app.get("/", (req, res) => {
     timestamp: (/* @__PURE__ */ new Date()).toISOString()
   });
 });
+app.post("/api/stripe/webhook", async (req, res) => {
+  if (!stripeWebhookService) {
+    return res.status(503).json({ error: "Stripe webhook processing is not configured" });
+  }
+  const signature = req.headers["stripe-signature"];
+  const rawBody = Buffer.isBuffer(req.body) ? req.body : Buffer.from(typeof req.body === "string" ? req.body : JSON.stringify(req.body ?? {}), "utf8");
+  try {
+    stripeWebhookService.verifySignature(rawBody, signature);
+  } catch (error) {
+    console.error("Stripe webhook signature verification failed:", error);
+    return res.status(400).json({ error: "Invalid Stripe signature" });
+  }
+  let event;
+  try {
+    event = stripeWebhookService.parseEvent(rawBody);
+  } catch (error) {
+    console.error("Stripe webhook payload parsing failed:", error);
+    return res.status(400).json({ error: "Invalid Stripe payload" });
+  }
+  stripeWebhookService.processEvent(event).catch((error) => {
+    console.error("Stripe webhook processing error:", error);
+  });
+  return res.sendStatus(200);
+});
 function classifyMediaError(err) {
   const raw = err;
   const msg = String(raw?.message || raw || "unknown error");
@@ -8650,7 +9490,7 @@ function classifyMediaError(err) {
     return { status: 422, code: "policy_violation", message: "Request was blocked by provider policy", hint: "Modify the prompt to comply with safety policies" };
   }
   if (lower2.includes("no inline image returned") || lower2.includes("no video returned") || lower2.includes("refus")) {
-    return { status: 422, code: "content_refused", message: "Model refused or returned no content", hint: "Try rephrasing the prompt or a different model" };
+    return { status: 422, code: "content_refused", message: "Model refused or returned no content", hint: "Try rephrasing the prompt" };
   }
   if (lower2.includes("timeout")) {
     return { status: 504, code: "timeout", message: "Generation timed out", hint: "Please retry later" };
@@ -8684,6 +9524,106 @@ async function decodeFirebaseToken(token) {
     return null;
   }
 }
+function getCurrentPeriodId() {
+  const now = /* @__PURE__ */ new Date();
+  return `${now.getUTCFullYear()}${String(now.getUTCMonth() + 1).padStart(2, "0")}`;
+}
+function nextMonthResetISO() {
+  const d = /* @__PURE__ */ new Date();
+  d.setUTCMonth(d.getUTCMonth() + 1, 1);
+  d.setUTCHours(0, 0, 0, 0);
+  return d.toISOString();
+}
+var PLAN_LIMITS = {
+  free: { req: 300, tokens: 5e4, code: 40, attachment: 5 },
+  starter: { req: 1400, tokens: 1e6, code: 300, attachment: 50 },
+  "starter-annual": { req: 1400, tokens: 1e6, code: 300, attachment: 50 },
+  pro: { req: 5e3, tokens: 35e5, code: 1200, attachment: 200 },
+  "pro-annual": { req: 5e3, tokens: 35e5, code: 1200, attachment: 200 },
+  ultra: { req: 1e4, tokens: 5e6, code: 5e3, attachment: 500 },
+  "ultra-annual": { req: 1e4, tokens: 5e6, code: 5e3, attachment: 500 },
+  enterprise: { req: -1, tokens: -1, code: -1, attachment: -1 }
+};
+function planName(planId) {
+  const names = {
+    free: "Free",
+    starter: "Starter",
+    "starter-annual": "Starter (\u5E74\u984D)",
+    pro: "Pro",
+    "pro-annual": "Pro (\u5E74\u984D)",
+    ultra: "Ultra",
+    "ultra-annual": "Ultra (\u5E74\u984D)",
+    enterprise: "Enterprise"
+  };
+  return names[planId] || "Free";
+}
+async function getUserPlanAndLimits(uid) {
+  const db = await getFirestoreSafe();
+  const fallback = { planId: "free", limits: PLAN_LIMITS.free };
+  if (!db) return fallback;
+  try {
+    const snap = await db.collection("user_subscriptions").doc(uid).get();
+    const pid = snap.exists && snap.data()?.planId ? String(snap.data().planId) : "free";
+    return { planId: pid, limits: PLAN_LIMITS[pid] || PLAN_LIMITS.free };
+  } catch {
+    return fallback;
+  }
+}
+async function ensureUsageDoc(uid) {
+  const db = await getFirestoreSafe();
+  if (!db) return { ref: null, data: null, planId: "free", limits: PLAN_LIMITS.free };
+  const periodId = getCurrentPeriodId();
+  const { planId: pid, limits } = await getUserPlanAndLimits(uid);
+  const ref = db.collection("users").doc(uid).collection("usage").doc(periodId);
+  const snap = await ref.get();
+  if (!snap.exists) {
+    const nowISO = (/* @__PURE__ */ new Date()).toISOString();
+    const init = {
+      periodId,
+      createdAt: nowISO,
+      updatedAt: nowISO,
+      resetAt: nextMonthResetISO(),
+      limits,
+      remain: limits,
+      used: { req: 0, tokens: 0, code: 0, attachment: 0 }
+    };
+    await ref.set(init, { merge: true });
+    return { ref, data: init, planId: pid, limits };
+  }
+  return { ref, data: snap.data(), planId: pid, limits };
+}
+async function applyConsumption(uid, consumption, idemKey) {
+  const db = await getFirestoreSafe();
+  if (!db) return null;
+  const { ref, data, planId: pid, limits } = await ensureUsageDoc(uid);
+  const nowISO = (/* @__PURE__ */ new Date()).toISOString();
+  if (idemKey) {
+    const idemRef = ref.collection("consumptions").doc(idemKey);
+    const idemSnap = await idemRef.get();
+    if (!idemSnap.exists) await idemRef.set({ createdAt: nowISO, consumption });
+    else return data;
+  }
+  const toNum = (v) => typeof v === "number" && isFinite(v) ? v : 0;
+  const incReq = toNum(consumption.requests) + toNum(consumption.req);
+  const incTokens = toNum(consumption.tokens);
+  const incCode = toNum(consumption.code) + toNum(consumption.image) + toNum(consumption.video);
+  const incAttachment = toNum(consumption.attachment);
+  const used = data?.used || { req: 0, tokens: 0, code: 0, attachment: 0 };
+  const newUsed = {
+    req: Math.max(0, used.req + incReq),
+    tokens: Math.max(0, used.tokens + incTokens),
+    code: Math.max(0, used.code + incCode),
+    attachment: Math.max(0, used.attachment + incAttachment)
+  };
+  const remain = {
+    req: limits.req < 0 ? -1 : Math.max(0, limits.req - newUsed.req),
+    tokens: limits.tokens < 0 ? -1 : Math.max(0, limits.tokens - newUsed.tokens),
+    code: limits.code < 0 ? -1 : Math.max(0, limits.code - newUsed.code),
+    attachment: limits.attachment < 0 ? -1 : Math.max(0, limits.attachment - newUsed.attachment)
+  };
+  await ref.set({ used: newUsed, remain, updatedAt: nowISO }, { merge: true });
+  return { ...data || {}, used: newUsed, remain, limits, periodId: getCurrentPeriodId(), updatedAt: nowISO };
+}
 app.get("/api/user/profile", async (req, res) => {
   try {
     const authHeader = req.headers.authorization || "";
@@ -8704,19 +9644,21 @@ app.get("/api/user/profile", async (req, res) => {
       if (Array.isArray(ids["github.com"]) && ids["github.com"].length > 0) provider = "github";
       else if (Array.isArray(ids["google.com"]) && ids["google.com"].length > 0) provider = "google";
     }
-    const plan = "FREE";
+    const { planId: pid, limits } = await getUserPlanAndLimits(uid);
+    const periodRef = await ensureUsageDoc(uid);
+    const currentUsedReq = Number(periodRef?.data?.used?.req || 0);
     const response2 = {
       id: uid,
       email,
       name: displayName,
       provider: provider || "unknown",
-      plan,
+      plan: String(pid).toUpperCase(),
       usage: {
-        requests: 0,
-        requestLimit: 1e3,
-        tokens: 0,
-        tokenLimit: 5e5,
-        resetDate: new Date(Date.now() + 30 * 24 * 60 * 60 * 1e3).toISOString()
+        requests: currentUsedReq,
+        requestLimit: limits.req < 0 ? Number.MAX_SAFE_INTEGER : limits.req,
+        tokens: Number(periodRef?.data?.used?.tokens || 0),
+        tokenLimit: limits.tokens < 0 ? Number.MAX_SAFE_INTEGER : limits.tokens,
+        resetDate: periodRef?.data?.resetAt || nextMonthResetISO()
       },
       models: ["gpt-5", "gemini-2.5-pro"]
     };
@@ -8827,7 +9769,9 @@ app.post("/api/v1/image", rateLimitMiddleware, async (req, res) => {
     const decoded = await decodeFirebaseToken(idToken).catch(() => null);
     if (!decoded) return res.status(401).json({ error: "unauthorized", message: "Invalid login session", hint: "Re-login to continue" });
     const uid = decoded?.uid || decoded?.sub || "current";
-    const { prompt, model, size = "1024x1024", format = "png", count = 1, seed } = req.body || {};
+    const { prompt, model, size = "1024x1024", format: formatRaw = "png", count = 1, seed } = req.body || {};
+    const fmt0 = String(formatRaw || "png").toLowerCase();
+    const format = fmt0 === "jpeg" ? "jpg" : ["png", "jpg", "webp"].includes(fmt0) ? fmt0 : "png";
     if (!prompt) return res.status(400).json({ error: "bad_request", message: "prompt required" });
     const m2 = /^(\d{2,4})x(\d{2,4})$/.exec(String(size));
     if (!m2) return res.status(400).json({ error: "bad_request", message: "size must be WxH" });
@@ -8837,7 +9781,13 @@ app.post("/api/v1/image", rateLimitMiddleware, async (req, res) => {
     const buffers = [];
     for (let i2 = 0; i2 < Math.max(1, Math.min(8, Number(count || 1))); i2++) {
       const r2 = await provider.generateImage({ prompt, width: w, height: h2, format, seed: (seed ?? 0) + i2 });
-      buffers.push(r2.bytes);
+      const processed = await (await Promise.resolve().then(() => (init_image_post(), image_post_exports))).processImageOptional(
+        r2.bytes,
+        String(format),
+        false,
+        { width: w, height: h2 }
+      );
+      buffers.push(processed);
     }
     const promptHash = hashPrompt(prompt);
     const manifest = {
@@ -8858,10 +9808,10 @@ app.post("/api/v1/image", rateLimitMiddleware, async (req, res) => {
       uid
     });
     const idemKey = req.headers["idempotency-key"] || void 0;
-    await recordConsumption(uid, { requests: 1, image: Math.max(1, buffers.length) }, idemKey);
+    await applyConsumption(uid, { requests: 1, image: Math.max(1, buffers.length) }, idemKey);
     const filesInline = buffers.map((b, idx) => ({
       file: saved.files[idx] || "",
-      mime: `image/${format}`,
+      mime: format === "jpg" ? "image/jpeg" : `image/${format}`,
       bytesBase64: b.toString("base64")
     }));
     return res.json({ success: true, data: { url: saved.manifestPath, files: saved.files, filesInline, jobId: manifest.trace } });
@@ -9103,7 +10053,7 @@ app.post("/api/v1/video", rateLimitMiddleware, async (req, res) => {
     const idToken = auth.substring("Bearer ".length).trim();
     const decoded = await decodeFirebaseToken(idToken).catch(() => null);
     const uid = decoded?.uid || decoded?.sub || "current";
-    await recordConsumption(uid, { requests: 1, video: 1 }, idemKey);
+    await applyConsumption(uid, { requests: 1, video: 1 }, idemKey);
     jobIndex.set(String(manifest.trace), {
       id: String(manifest.trace),
       status: "completed",
@@ -9156,6 +10106,12 @@ app.get("/api/v1/jobs/:id", async (req, res) => {
 });
 app.post("/api/v1/code", rateLimitMiddleware, async (req, res) => {
   try {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
     const { prompt, language = "typescript", model = "gpt-4" } = req.body;
     if (!prompt) {
       return res.status(400).json({
@@ -9163,6 +10119,8 @@ app.post("/api/v1/code", rateLimitMiddleware, async (req, res) => {
         message: "Prompt is required"
       });
     }
+    const idemKey = req.headers["idempotency-key"] || void 0;
+    await applyConsumption(uid, { requests: 1, code: 1 }, idemKey);
     return res.json({
       success: true,
       data: {
@@ -9186,6 +10144,12 @@ function example() {
 });
 app.post("/api/v1/chat", rateLimitMiddleware, async (req, res) => {
   try {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
     const { message, model = "gpt-4" } = req.body;
     if (!message) {
       return res.status(400).json({
@@ -9193,6 +10157,8 @@ app.post("/api/v1/chat", rateLimitMiddleware, async (req, res) => {
         message: "Message is required"
       });
     }
+    const idemKey = req.headers["idempotency-key"] || void 0;
+    await applyConsumption(uid, { requests: 1 }, idemKey);
     return res.json({
       success: true,
       data: {
@@ -9215,13 +10181,18 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
     if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
     const { prompt, taskType } = req.body || {};
     if (!prompt) return res.status(400).json({ error: "bad_request", message: "prompt required" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    const idemKey = req.headers["idempotency-key"] || void 0;
     if (process.env.MARIA_TELEMETRY === "1") {
       try {
         console.log(JSON.stringify({ ev: "ai_proxy_request", taskType: taskType || "unknown", promptLen: String(prompt).length }));
       } catch {
       }
     }
-    const sanitizeKey = (v) => {
+    const sanitizeKey2 = (v) => {
       if (!v) return void 0;
       let k = String(v).trim();
       if (!k) return void 0;
@@ -9246,7 +10217,7 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
         return {};
       }
     })();
-    const gemKey = sanitizeKey(keys?.googleApiKey || process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY);
+    const gemKey = sanitizeKey2(keys?.googleApiKey || process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY);
     if (gemKey) {
       try {
         const { GoogleGenerativeAI: GoogleGenerativeAI2 } = await import('@google/generative-ai');
@@ -9261,6 +10232,12 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
           } catch {
           }
         }
+        const consumption2 = { requests: 1 };
+        if (taskType === "code" || taskType === "evaluation") consumption2.code = 1;
+        try {
+          await applyConsumption(uid, consumption2, idemKey);
+        } catch {
+        }
         return res.json({ data: { content: content2, routedModel: { vendor: "google", family: "gemini", name: modelName, reason: taskType || "code" } } });
       } catch (e2) {
         console.warn("[AI Proxy] Gemini path failed, falling back to OpenAI:", e2?.message || e2);
@@ -9272,7 +10249,7 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
         }
       }
     }
-    const openaiKey = sanitizeKey(keys?.openaiApiKey || process.env.OPENAI_API_KEY);
+    const openaiKey = sanitizeKey2(keys?.openaiApiKey || process.env.OPENAI_API_KEY);
     if (!openaiKey) {
       if (process.env.MARIA_TELEMETRY === "1") {
         try {
@@ -9286,6 +10263,7 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
     const client = new OpenAI2({ apiKey: openaiKey });
     let model = process.env.MARIA_CODE_MODEL || "gpt-5-mini";
     let content = "";
+    let totalTokens = 0;
     try {
       const r2 = await client.responses.create({
         model,
@@ -9295,6 +10273,12 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
         ]
       });
       content = r2?.output_text || r2?.content?.[0]?.text || "";
+      const u = r2?.usage;
+      if (u) {
+        const inTok = Number(u.input_tokens || u.inputTokens || 0);
+        const outTok = Number(u.output_tokens || u.outputTokens || 0);
+        totalTokens = Number(u.total_tokens || u.totalTokens || inTok + outTok || 0);
+      }
     } catch (_e) {
       model = "gpt-4o-mini";
       const r2 = await client.chat.completions.create({
@@ -9305,6 +10289,8 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
         ]
       });
       content = r2.choices?.[0]?.message?.content || "";
+      const u2 = r2?.usage;
+      if (u2) totalTokens = Number(u2.total_tokens || 0);
     }
     if (process.env.MARIA_TELEMETRY === "1") {
       try {
@@ -9312,6 +10298,13 @@ app.post("/v1/ai-proxy", rateLimitMiddleware, async (req, res) => {
       } catch {
       }
     }
+    const consumption = { requests: 1 };
+    if (totalTokens > 0) consumption.tokens = totalTokens;
+    if (taskType === "code" || taskType === "evaluation") consumption.code = 1;
+    try {
+      await applyConsumption(uid, consumption, idemKey);
+    } catch {
+    }
     return res.json({ data: { content, routedModel: { vendor: "openai", family: "gpt", name: model, reason: taskType || "code" } } });
   } catch (error) {
     console.error("[AI Proxy] Error:", error);
@@ -9339,89 +10332,35 @@ async function getFirestoreSafe() {
     return null;
   }
 }
-function calcNextReset() {
-  const d = /* @__PURE__ */ new Date();
-  d.setUTCMonth(d.getUTCMonth() + 1, 1);
-  d.setUTCHours(0, 0, 0, 0);
-  return d.toISOString();
-}
-async function recordConsumption(uid, consumption, idempotencyKey) {
-  const db = await getFirestoreSafe();
-  if (!db) return;
-  const docPath = `projects/default/usage/${uid}`;
-  const usageRef = db.doc(docPath);
-  const nowISO = (/* @__PURE__ */ new Date()).toISOString();
-  if (idempotencyKey) {
-    const idemRef = db.doc(`projects/default/usage/${uid}/consumptions/${idempotencyKey}`);
-    const idemSnap = await idemRef.get();
-    if (idemSnap.exists) return;
-    await idemRef.set({ createdAt: nowISO, consumption });
-  }
-  const snap = await usageRef.get();
-  let data = snap.exists ? snap.data() : null;
-  if (!data) {
-    data = {
-      plan: { name: "FREE", limits: { requests: free_plan_default.buckets.req } },
-      monthly: {
-        requests: { used: 0, limit: free_plan_default.buckets.req },
-        image: { used: 0, limit: free_plan_default.buckets.image },
-        video: { used: 0, limit: free_plan_default.buckets.video },
-        code: { used: 0, limit: free_plan_default.buckets.code },
-        resetAt: calcNextReset()
-      },
-      updatedAt: nowISO
-    };
-  }
-  const m2 = data.monthly || {};
-  if (consumption?.requests) m2.requests.used = Math.max(0, (m2.requests.used || 0) + Number(consumption.requests));
-  if (consumption?.image) m2.image.used = Math.max(0, (m2.image.used || 0) + Number(consumption.image));
-  if (consumption?.video) m2.video.used = Math.max(0, (m2.video.used || 0) + Number(consumption.video));
-  if (consumption?.code) m2.code.used = Math.max(0, (m2.code.used || 0) + Number(consumption.code));
-  data.monthly = m2;
-  data.updatedAt = nowISO;
-  await usageRef.set(data, { merge: true });
-}
 app.get("/api/v1/usage", rateLimitMiddleware, async (req, res) => {
   try {
     const auth = req.headers.authorization;
     if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
-    const db = await getFirestoreSafe();
-    const uid = "current";
-    const docPath = `projects/default/usage/${uid}`;
-    let data = null;
-    if (db) {
-      const snap = await db.doc(docPath).get();
-      data = snap.exists ? snap.data() : null;
-      if (!data) {
-        data = {
-          plan: { name: "FREE", limits: { requests: free_plan_default.buckets.req } },
-          monthly: {
-            requests: { used: 0, limit: free_plan_default.buckets.req },
-            image: { used: 0, limit: free_plan_default.buckets.image },
-            video: { used: 0, limit: free_plan_default.buckets.video },
-            code: { used: 0, limit: free_plan_default.buckets.code },
-            resetAt: calcNextReset()
-          },
-          updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-        };
-        await db.doc(docPath).set(data);
-      }
-      const historySnap = await db.collection(`projects/default/usage/${uid}/consumptions`).orderBy("createdAt", "desc").limit(20).get();
-      const history = historySnap.docs.map((d) => ({ id: d.id, ...d.data() }));
-      data.history = history;
-    } else {
-      data = {
-        plan: { name: "FREE", limits: { requests: free_plan_default.buckets.req } },
-        monthly: {
-          requests: { used: 0, limit: free_plan_default.buckets.req },
-          image: { used: 0, limit: free_plan_default.buckets.image },
-          video: { used: 0, limit: free_plan_default.buckets.video },
-          code: { used: 0, limit: free_plan_default.buckets.code },
-          resetAt: calcNextReset()
-        }
-      };
-    }
-    return res.json(data);
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    const { planId: pid, limits } = await getUserPlanAndLimits(uid);
+    const { data } = await ensureUsageDoc(uid);
+    const periodId = getCurrentPeriodId();
+    const used = data?.used || { req: 0, tokens: 0, code: 0, attachment: 0 };
+    const remain = data?.remain || limits;
+    const percentage = {
+      req: limits.req > 0 ? Math.round(used.req / limits.req * 100) : 0,
+      tokens: limits.tokens > 0 ? Math.round(used.tokens / limits.tokens * 100) : 0,
+      code: limits.code > 0 ? Math.round(used.code / limits.code * 100) : 0,
+      attachment: limits.attachment > 0 ? Math.round(used.attachment / limits.attachment * 100) : 0
+    };
+    return res.json({
+      periodId,
+      planCode: pid,
+      planName: planName(pid),
+      used,
+      remain,
+      limits,
+      percentage,
+      resetAt: data?.resetAt || nextMonthResetISO()
+    });
   } catch (e2) {
     console.error("[Usage] GET error", e2);
     return res.status(500).json({ error: "internal_error" });
@@ -9433,18 +10372,23 @@ app.post("/api/v1/usage", rateLimitMiddleware, async (req, res) => {
     if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
     const { consumption } = req.body || {};
     const idemKey = req.headers["idempotency-key"] || void 0;
-    const db = await getFirestoreSafe();
-    const uid = "current";
-    const docPath = `projects/default/usage/${uid}`;
-    let data = null;
-    if (db) {
-      await recordConsumption(uid, consumption || {}, idemKey);
-      const snap = await db.doc(docPath).get();
-      data = snap.exists ? snap.data() : { ok: true };
-    } else {
-      data = { ok: true };
-    }
-    return res.json(data);
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    await applyConsumption(uid, consumption || {}, idemKey);
+    const { data } = await ensureUsageDoc(uid);
+    const { planId: pid, limits } = await getUserPlanAndLimits(uid);
+    const periodId = getCurrentPeriodId();
+    const used = data?.used || { req: 0, tokens: 0, code: 0, attachment: 0 };
+    const remain = data?.remain || limits;
+    const percentage = {
+      req: limits.req > 0 ? Math.round(used.req / limits.req * 100) : 0,
+      tokens: limits.tokens > 0 ? Math.round(used.tokens / limits.tokens * 100) : 0,
+      code: limits.code > 0 ? Math.round(used.code / limits.code * 100) : 0,
+      attachment: limits.attachment > 0 ? Math.round(used.attachment / limits.attachment * 100) : 0
+    };
+    return res.json({ periodId, planCode: pid, planName: planName(pid), used, remain, limits, percentage, resetAt: data?.resetAt || nextMonthResetISO() });
   } catch (e2) {
     console.error("[Usage] POST error", e2);
     return res.status(500).json({ error: "internal_error" });