@floless/app 0.9.1 → 0.10.0

package/dist/floless-server.cjs

@@ -52055,10 +52055,10 @@ function jwtExpiry(jwt) {
 var NetworkError = class extends Error {
   network = true;
 };
-async function ensureFreshToken() {
+async function resolveToken() {
   const t = readTokens();
-  if (!t) return null;
-  if (Date.now() < t.expiresAt - REFRESH_SKEW_MS) return t.accessToken;
+  if (!t) return { token: null, reason: "signed-out" };
+  if (Date.now() < t.expiresAt - REFRESH_SKEW_MS) return { token: t.accessToken };
   let res;
   try {
     res = await fetch(`${env().apiBase}/auth/refresh`, {
@@ -52070,13 +52070,16 @@ async function ensureFreshToken() {
     throw new NetworkError("refresh failed (network)");
   }
   if (res.status >= 500) throw new NetworkError(`refresh failed (${res.status})`);
-  if (!res.ok) return null;
+  if (!res.ok) return { token: null, reason: "session-expired" };
   const body = await res.json();
   const access = body.data?.tokens?.access;
   const refresh = body.data?.tokens?.refresh ?? t.refreshToken;
-  if (!access) return null;
+  if (!access) return { token: null, reason: "session-expired" };
   storeTokens({ accessToken: access, refreshToken: refresh, expiresAt: jwtExpiry(access), issuedAt: Date.now() });
-  return access;
+  return { token: access };
+}
+async function ensureFreshToken() {
+  return (await resolveToken()).token;
 }
 function mapUserStatus(u) {
   switch (u.accountType) {
@@ -52087,7 +52090,7 @@ function mapUserStatus(u) {
     case "expired_trial":
       return { state: "expired", plan: u.subscription?.tier, expiresAt: u.trial?.trialExpiresAt };
     default:
-      return { state: "unlicensed" };
+      return { state: "unlicensed", reason: "no-subscription" };
   }
 }
 function signInUrl() {
@@ -52111,27 +52114,28 @@ async function getLicenseStatus(opts = {}) {
   const url = signInUrl();
   if (seatLost) {
     mem = null;
-    return { state: "unlicensed", signInUrl: url };
+    return { state: "unlicensed", reason: "seat-taken", signInUrl: url };
   }
   if (!opts.force && mem && Date.now() - mem.at < MEM_CACHE_MS) return mem.status;
   const finish = (s) => {
     mem = { at: Date.now(), status: s };
     return s;
   };
-  let token;
+  let resolved;
   try {
-    token = await ensureFreshToken();
+    resolved = await resolveToken();
   } catch {
     return finish(offlineFallback(url));
   }
-  if (!token) return finish({ state: "unlicensed", signInUrl: url });
+  if (resolved.token === null) return finish({ state: "unlicensed", reason: resolved.reason, signInUrl: url });
+  const token = resolved.token;
   let res;
   try {
     res = await fetch(`${env().apiBase}/user/status`, { headers: { Authorization: `Bearer ${token}` } });
   } catch {
     return finish(offlineFallback(url));
   }
-  if (res.status === 401) return finish({ state: "unlicensed", signInUrl: url });
+  if (res.status === 401) return finish({ state: "unlicensed", reason: "session-expired", signInUrl: url });
   if (res.status >= 500) return finish(offlineFallback(url));
   if (!res.ok) return finish({ state: "unlicensed", signInUrl: url });
   let mapped;
@@ -52357,7 +52361,7 @@ function appVersion() {
   return resolveVersion({
     isSea: isSea2(),
     sqVersionXml: readSqVersionXml(),
-    define: true ? "0.9.1" : void 0,
+    define: true ? "0.10.0" : void 0,
     pkgVersion: readPkgVersion()
   });
 }
@@ -52367,7 +52371,7 @@ function resolveChannel(s) {
   return "dev";
 }
 function appChannel() {
-  return resolveChannel({ isSea: isSea2(), define: true ? "0.9.1" : void 0 });
+  return resolveChannel({ isSea: isSea2(), define: true ? "0.10.0" : void 0 });
 }
 
 // oauth-presets.ts
@@ -52464,6 +52468,45 @@ function bakeFloSource(source, inputs) {
   return doc.toString();
 }
 
+// report-badge.ts
+var BADGE_MARKER = "fla-credit";
+var DEFAULT_URL = "https://floless.io/made-with-floless?utm_source=report_badge";
+function escapeAttr(value) {
+  return value.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+function badgeHtml(url) {
+  return `
+<style>
+  #fla-credit { margin-top: 32px; padding-top: 16px; border-top: 1px solid rgba(0,0,0,0.10); display: flex; justify-content: flex-end; }
+  #fla-badge { display: inline-flex; align-items: center; height: 26px; padding: 0 10px; border-radius: 999px; background: #161d28; border: 1px solid #2a3548; box-shadow: 0 1px 4px rgba(0,0,0,0.18); text-decoration: none; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", system-ui, sans-serif; font-size: 11px; line-height: 1; transition: background 0.15s ease, border-color 0.15s ease; }
+  #fla-badge:hover { background: rgba(74,158,255,0.10); border-color: #2c5f9e; }
+  #fla-badge:focus-visible { outline: 2px solid #4a9eff; outline-offset: 2px; }
+  #fla-badge .fla-prefix { color: #9aa5b6; font-weight: 400; }
+  #fla-badge .fla-name { color: #4a9eff; font-weight: 600; margin-left: 4px; }
+  #fla-badge:hover .fla-name { color: #67b3ff; }
+  @media print { #fla-badge { background: transparent; border-color: #9aa5b6; box-shadow: none; } #fla-badge .fla-prefix { color: #555; } #fla-badge .fla-name { color: #1a56c4; } }
+</style>
+<div id="${BADGE_MARKER}">
+  <a id="fla-badge" href="${escapeAttr(url)}" target="_blank" rel="noopener noreferrer" aria-label="Made with FloLess \u2014 visit floless.io">
+    <span class="fla-prefix">Made with</span><span class="fla-name">FloLess</span>
+  </a>
+</div>`.trim();
+}
+function injectBadge(html, opts = {}) {
+  if (!html || !html.trim()) return html;
+  if (html.includes(`id="${BADGE_MARKER}"`)) return html;
+  const badge = badgeHtml(opts.url ?? DEFAULT_URL);
+  let last = -1;
+  for (const m of html.matchAll(/<\/body\s*>/gi)) last = m.index ?? last;
+  return last === -1 ? `${html}
+${badge}` : `${html.slice(0, last)}${badge}
+${html.slice(last)}`;
+}
+function withBadge(report, opts) {
+  if (!report) return report;
+  return { ...report, html: injectBadge(report.html, opts) };
+}
+
 // index.ts
 var import_node_crypto5 = require("node:crypto");
 
@@ -56529,9 +56572,9 @@ async function startServer() {
     req.url.startsWith("/api/report-issue") || req.url.startsWith("/api/update") || req.url.startsWith("/api/aware/update") || // Release notes are a read-only display surface for the update pills — a local control,
     // no workspace data, never spawns `aware`. Exempt like the other update routes.
     req.url.startsWith("/api/release-notes")) return;
-    const { state: state2, signInUrl: signInUrl2 } = await getLicenseStatus();
+    const { state: state2, reason, signInUrl: signInUrl2 } = await getLicenseStatus();
     if (state2 !== "valid" && state2 !== "offline-grace") {
-      return reply.status(402).send({ ok: false, error: "subscription required", state: state2, signInUrl: signInUrl2 });
+      return reply.status(402).send({ ok: false, error: "subscription required", state: state2, reason, signInUrl: signInUrl2 });
     }
   });
   app.addHook("onRequest", async (req, reply) => {
@@ -56862,7 +56905,8 @@ async function startServer() {
           return { id: c.integration, label: friendlyIntegrationName(c.integration) };
         }
       }
-    } catch {
+    } catch (err) {
+      console.warn(`[floless] credential-issue detection failed for app "${id}" (treating as no credential issue):`, err);
     }
     return null;
   }
@@ -56903,7 +56947,7 @@ async function startServer() {
       broadcast({ type: "run-started", id, dryRun: !!dryRun, simulate: !!simulate, runId: result.runId });
       for (const ev of events) broadcast({ type: "trace", id, event: ev });
       broadcast({ type: "run-ended", id, runId: result.runId });
-      const report = extractReportHtml(events);
+      const report = withBadge(extractReportHtml(events));
       const credentialIssue = !simulate && hasAuthFailure(events) ? await detectCredentialIssue(id) : null;
       return { ok: true, runId: result.runId, tracePath: result.tracePath, events, report, credentialIssue };
     }
@@ -56961,7 +57005,7 @@ async function startServer() {
       broadcast({ type: "debug-ended", id, nodeId });
       const r = result.result ?? {};
       const html = typeof r.html === "string" ? r.html : null;
-      return { ok: true, result, report: html ? { nodeId, html } : null };
+      return { ok: true, result, report: withBadge(html ? { nodeId, html } : null) };
     }
   );
   app.get("/api/routines", async () => ({

package/dist/web/aware.js

@@ -2654,7 +2654,7 @@
         reloadTimer = setTimeout(() => loadApp(currentId).catch(reportErr), 250);
       } else if (m.type === 'seat-taken') {
         // This session's seat was claimed by another device (newest-login-wins).
-        showToast('Your session was taken over on another device — sign in to continue.', 'err');
+        showToast('Signed in on another device — sign in here to continue.', 'err');
         recheckLicenseAndGate();
       }
     };
@@ -3832,10 +3832,33 @@
   // We fetch NO workspace data while ungated. The license endpoints stay open.
   function renderGate(status) {
     if (document.getElementById('license-gate')) return;
-    const expired = status.state === 'expired';
     // signInUrl is server-generated, but escape it anyway before it lands in an
     // innerHTML href — a crafted FLOLESS_WEB_BASE shouldn't be able to break out.
     const subUrl = escapeHtml(status.signInUrl || 'https://floless.io');
+    // Gate copy is driven by WHY the user is locked out. `state==='expired'` is a
+    // distinct (trial-expiry) state; every other gated case carries a `reason`.
+    // `secondary:null` omits the cross-sell link (session-expired / seat-taken).
+    // Keys must mirror the server's LicenseReason values (+ the 'expired' state);
+    // an unmapped/new reason falls back to 'signed-out' copy below.
+    const reason = status.state === 'expired' ? 'expired' : status.reason;
+    const COPY = {
+      expired: { headline: 'Your subscription has expired',
+        body: 'Renew your FloLess subscription to keep using floless.app.',
+        secondary: { label: 'Manage subscription →', href: subUrl } },
+      'no-subscription': { headline: 'Subscription required',
+        body: 'A FloLess subscription is required to use floless.app. Sign in to continue.',
+        secondary: { label: 'No subscription yet? Subscribe →', href: subUrl } },
+      'session-expired': { headline: 'Please sign in again',
+        body: 'Your sign-in has expired. Signing in takes a few seconds.',
+        secondary: null },
+      'seat-taken': { headline: 'Signed in on another device',
+        body: 'floless.app can run on one device at a time. Sign in here to use it on this device.',
+        secondary: null },
+      'signed-out': { headline: 'Sign in to continue',
+        body: 'Sign in with your FloLess account to use floless.app.',
+        secondary: { label: 'No subscription yet? Subscribe →', href: subUrl } },
+    };
+    const copy = COPY[reason] || COPY['signed-out']; // neutral fallback for an unknown/absent reason
     const style = document.createElement('style');
     style.textContent = `
       #license-gate{position:fixed;inset:0;z-index:99999;display:flex;align-items:center;justify-content:center;
@@ -3868,13 +3891,11 @@
           <path class="mark-node" d="M138.092 174.908C148.53 174.908 156.992 166.446 156.992 156.008C156.992 145.57 148.53 137.108 138.092 137.108C127.654 137.108 119.192 145.57 119.192 156.008C119.192 166.446 127.654 174.908 138.092 174.908Z" fill="white" stroke="currentColor" stroke-width="8.72093" stroke-linecap="round" stroke-linejoin="round"/>
           <path class="mark-node" d="M149.714 43.6142C160.152 43.6142 168.614 35.1523 168.614 24.7141C168.614 14.2758 160.152 5.81396 149.714 5.81396C139.276 5.81396 130.814 14.2758 130.814 24.7141C130.814 35.1523 139.276 43.6142 149.714 43.6142Z" fill="white" stroke="currentColor" stroke-width="8.72093" stroke-linecap="round" stroke-linejoin="round"/>
         </svg></div>
-        <h1>${expired ? 'Your subscription has expired' : 'Subscription required'}</h1>
-        <p>${expired
-          ? 'Renew your FloLess subscription to keep using floless.app.'
-          : 'floless.app runs on your FloLess subscription. Sign in to continue.'}</p>
+        <h1>${escapeHtml(copy.headline)}</h1>
+        <p>${escapeHtml(copy.body)}</p>
         <button id="lg-signin" class="primary">Sign in at floless.io</button>
         <p class="lg-status" id="lg-status"></p>
-        <a class="lg-sub" href="${subUrl}" target="_blank" rel="noopener">${expired ? 'Manage subscription →' : 'No subscription yet? Subscribe →'}</a>
+        ${copy.secondary ? `<a class="lg-sub" href="${copy.secondary.href}" target="_blank" rel="noopener">${escapeHtml(copy.secondary.label)}</a>` : ''}
         <p class="lg-version" id="lg-version"></p>
       </div>`;
     document.body.appendChild(wrap);
@@ -3946,7 +3967,7 @@
         } catch { /* still failing — fall through to gate */ }
       }
       if (effectivelyLicensed) bootWorkspace();
-      else renderGate(effectiveStatus || { state: 'none' });
+      else renderGate(effectiveStatus || { state: 'unlicensed' });
     };
 
     // Setup-first: if AWARE isn't ready, show the overlay and DEFER routing until it

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@floless/app",
-  "version": "0.9.1",
+  "version": "0.10.0",
   "type": "module",
   "description": "Thin localhost host for floless.app — serves web/ and shells the aware CLI. No engine, no LLM.",
   "bin": {