@holdyourvoice/hyv 2.9.2 → 2.9.4

package/CHANGELOG.md

@@ -2,6 +2,20 @@
 
 All notable CLI changes. Also mirrored to [holdyourvoice.com/changelog](https://holdyourvoice.com/changelog) for user-facing releases.
 
+## [2.9.4] — 2026-06-12
+
+### Fixed
+- Welcome step 4 — one sign-in only; opens dashboard billing tab (no second Google login on marketing site)
+- `hyv plan --upgrade` opens authenticated dashboard billing instead of public pricing page
+
+### Changed
+- Step 4 copy tightened; spinners while account + profile sync run
+
+## [2.9.3] — 2026-06-12
+
+### Fixed
+- Browser signup OAuth — clearer error when Google denies; server fix for `redirect_uri_mismatch` (requires API deploy)
+
 ## [2.9.2] — 2026-06-12
 
 ### Changed

package/dist/index.js

@@ -4612,40 +4612,6 @@ var require_source = __commonJS({
 });
 
 // src/lib/config.ts
-var config_exports = {};
-__export(config_exports, {
-  API_BASE: () => API_BASE,
-  AUTH_FILE: () => AUTH_FILE,
-  CACHE_DIR: () => CACHE_DIR,
-  CONFIG_FILE: () => CONFIG_FILE,
-  HYV_DIR: () => HYV_DIR,
-  LAST_SESSION_FILE: () => LAST_SESSION_FILE,
-  PROFILES_DIR: () => PROFILES_DIR,
-  QUEUE_DIR: () => QUEUE_DIR,
-  appendSecureLine: () => appendSecureLine,
-  assertSafeOAuthUrl: () => assertSafeOAuthUrl,
-  assertSafeOpenUrl: () => assertSafeOpenUrl,
-  assertSafeProfileName: () => assertSafeProfileName,
-  clearAuth: () => clearAuth,
-  clearQueuedSignals: () => clearQueuedSignals,
-  cliApiUrl: () => cliApiUrl,
-  ensureHyvDir: () => ensureHyvDir,
-  getQueuedSignals: () => getQueuedSignals,
-  getToken: () => getToken,
-  isInitialized: () => isInitialized,
-  listCachedProfiles: () => listCachedProfiles,
-  profilePathForName: () => profilePathForName,
-  queueSignal: () => queueSignal,
-  readAuth: () => readAuth,
-  readCachedProfile: () => readCachedProfile,
-  readConfig: () => readConfig,
-  readLastEditSession: () => readLastEditSession,
-  saveLastEditSession: () => saveLastEditSession,
-  writeAuth: () => writeAuth,
-  writeCachedProfile: () => writeCachedProfile,
-  writeConfig: () => writeConfig,
-  writeSecureFile: () => writeSecureFile
-});
 function validateApiBase(raw) {
   const trimmed = raw.replace(/\/$/, "");
   let parsed;
@@ -4666,7 +4632,7 @@ function cliApiUrl(apiPath) {
   const p = apiPath.startsWith("/") ? apiPath : `/${apiPath}`;
   return `${API_BASE}${p}`;
 }
-function assertSafeOpenUrl(url) {
+function assertSafeOpenUrl2(url) {
   let parsed;
   try {
     parsed = new URL(url);
@@ -4737,10 +4703,6 @@ function ensureHyvDir() {
     }
   }
 }
-function writeSecureFile(filePath, content) {
-  ensureHyvDir();
-  fs.writeFileSync(filePath, content, { mode: 384 });
-}
 function appendSecureLine(filePath, line, dir) {
   if (dir) {
     if (!fs.existsSync(dir))
@@ -4779,11 +4741,6 @@ function writeAuth(auth) {
   ensureHyvDir();
   fs.writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2), { mode: 384 });
 }
-function clearAuth() {
-  if (fs.existsSync(AUTH_FILE)) {
-    fs.unlinkSync(AUTH_FILE);
-  }
-}
 function readConfig() {
   try {
     if (!fs.existsSync(CONFIG_FILE))
@@ -4854,17 +4811,6 @@ function queueSignal(signal) {
   const filePath = path.join(QUEUE_DIR, `${id}.json`);
   fs.writeFileSync(filePath, JSON.stringify(signal, null, 2), { mode: 384 });
 }
-function clearQueuedSignals() {
-  try {
-    if (!fs.existsSync(QUEUE_DIR))
-      return;
-    const files = fs.readdirSync(QUEUE_DIR).filter((f) => f.endsWith(".json"));
-    for (const f of files) {
-      fs.unlinkSync(path.join(QUEUE_DIR, f));
-    }
-  } catch {
-  }
-}
 function saveLastEditSession(session) {
   ensureHyvDir();
   const data = { ...session, saved_at: (/* @__PURE__ */ new Date()).toISOString() };
@@ -5355,6 +5301,7 @@ __export(auth_exports, {
   authenticatedRequest: () => authenticatedRequest,
   checkSession: () => checkSession,
   getValidToken: () => getValidToken,
+  openAuthenticatedDashboard: () => openAuthenticatedDashboard,
   refreshToken: () => refreshToken,
   verifyOAuthState: () => verifyOAuthState
 });
@@ -5479,6 +5426,15 @@ async function authenticateWithBrowser() {
       if (url.pathname === "/callback") {
         const code = url.searchParams.get("code");
         const state = url.searchParams.get("state");
+        const oauthError = url.searchParams.get("error");
+        if (oauthError) {
+          res.writeHead(400, { "Content-Type": "text/html" });
+          res.end(`<h1>Authentication failed</h1><p>${escapeHtml(oauthError)}</p>`);
+          clearTimeout(timeout);
+          server.close();
+          reject(new Error(`Google sign-in failed: ${oauthError}`));
+          return;
+        }
         if (!code || !state) {
           res.writeHead(400, { "Content-Type": "text/html" });
           res.end("<h1>Authentication failed</h1><p>Missing code or state.</p>");
@@ -5534,6 +5490,23 @@ async function authenticateWithBrowser() {
   writeAuth(authData);
   return authData;
 }
+async function openAuthenticatedDashboard(opts = {}) {
+  const response = await authenticatedRequest(cliApiUrl("/cli/auth/web-handoff"), {
+    method: "POST",
+    body: {
+      next: opts.next || "/dashboard",
+      tab: opts.tab || "billing"
+    }
+  });
+  if (response.status !== 200) {
+    throw new Error("Could not open dashboard \u2014 try https://holdyourvoice.com/dashboard");
+  }
+  const { url } = response.data;
+  if (!url) {
+    throw new Error("Dashboard handoff URL missing");
+  }
+  await (0, import_open.default)(assertSafeOpenUrl(url));
+}
 async function refreshToken(tokenOverride) {
   const token = tokenOverride || readAuth()?.token;
   if (!token)
@@ -5625,7 +5598,7 @@ function printFreePaidMatrix(opts = {}) {
   First month $1 \u2192 ${PRICING_URL}`));
   console.log(import_chalk2.default.dim("  hyv init  |  hyv plan --upgrade\n"));
 }
-var import_chalk2, NPX_EXAMPLES, FREE_CLI_COMMANDS, PAID_FEATURES, FREE_WEB_TOOLS, COMMUNITY_URL, PRICING_URL;
+var import_chalk2, NPX_EXAMPLES, FREE_CLI_COMMANDS, PAID_FEATURES, FREE_WEB_TOOLS, COMMUNITY_URL, PRICING_URL, DASHBOARD_BILLING_URL;
 var init_free_paid = __esm({
   "src/lib/free-paid.ts"() {
     "use strict";
@@ -5673,6 +5646,7 @@ var init_free_paid = __esm({
     ];
     COMMUNITY_URL = "https://holdyourvoice.com/community";
     PRICING_URL = "https://holdyourvoice.com/#pricing";
+    DASHBOARD_BILLING_URL = "https://holdyourvoice.com/dashboard?tab=billing";
   }
 });
 
@@ -11443,12 +11417,12 @@ function buildStepGuide(step, profileName) {
       return [
         "### Step 4 \u2014 save & unlock",
         "",
-        "Explain warmly: their profile is local-only until they sign up. A free account backs it up and syncs across machines.",
+        "Explain warmly: local profile until signup. One browser sign-in via CLI \u2014 then open dashboard billing (no second login).",
         "Paid unlock is **$1 for the first month** \u2014 profiles that learn, hybrid rewrite, dashboard.",
         "Scanning/fix/MCP stay free forever without an account.",
         "",
-        "1. `hyv init` \u2014 browser signup",
-        "2. `hyv plan --upgrade` \u2014 $1 first month",
+        "1. `hyv init` or welcome step 4 \u2014 single Google sign-in from terminal",
+        "2. Dashboard opens on billing tab \u2014 user picks plan there",
         "",
         `Pricing: ${PRICING_URL}`
       ].join("\n");
@@ -11775,14 +11749,13 @@ async function stepTest(profileName) {
 }
 async function stepSignup(profileName) {
   console.log(import_chalk12.default.bold("\nstep 4 \xB7 save & unlock\n"));
-  console.log("  your voice profile is saved locally \u2014 that's enough to scan and test.");
-  console.log("  but it won't follow you to another machine, and it won't get sharper");
-  console.log("  every time you rewrite.\n");
-  console.log("  a free account backs up your profile and syncs it everywhere you use hyv.");
-  console.log("  upgrade when you're ready: " + import_chalk12.default.bold("$1 for your first month") + ", then full");
-  console.log("  access to profiles that learn, hybrid rewrite, and your dashboard.\n");
+  console.log("  your profile works on this machine. scan anything, anytime \u2014 free forever.");
+  console.log("");
+  console.log("  create a free account to back it up and sync everywhere.");
+  console.log("  then unlock learning for " + import_chalk12.default.bold("$1 your first month") + " \u2014 profiles that");
+  console.log("  get sharper every rewrite, hybrid rewrites, and your dashboard.\n");
   console.log(import_chalk12.default.dim("  free forever (no account): scan, fix, check, mcp"));
-  console.log(import_chalk12.default.dim("  paid unlock: learning loop, rich rewrites, sync across devices\n"));
+  console.log(import_chalk12.default.dim("  $1 first month: learning loop, rich rewrites, sync across devices\n"));
   const ready = await askYesNo("  create your free account now? ($1 first month to unlock everything)");
   if (!ready) {
     console.log(import_chalk12.default.dim("\n  no rush \u2014 your profile stays on this machine."));
@@ -11794,18 +11767,25 @@ async function stepSignup(profileName) {
     return;
   }
   if (!isInitialized() || !getToken()) {
-    console.log(import_chalk12.default.cyan("\n  opening browser for signup...\n"));
-    await authenticateWithBrowser();
+    console.log(import_chalk12.default.cyan("\n  opening browser for signup (one sign-in)...\n"));
+    await withSpinner("creating your account\u2026", () => authenticateWithBrowser());
+    await briefPause();
+    console.log(import_chalk12.default.green("  \u2713 account created"));
+  } else {
+    console.log(import_chalk12.default.dim("\n  already signed in \u2014 syncing profile..."));
   }
   const content = fs13.readFileSync(
     path13.join(os7.homedir(), ".hyv", "profiles", `${profileName}.md`),
     "utf-8"
   );
   try {
-    const response = await authenticatedRequest(cliApiUrl("/cli/profiles/new"), {
-      method: "POST",
-      body: { name: profileName, content, source: "welcome" }
-    });
+    const response = await withSpinner(
+      "syncing profile\u2026",
+      () => authenticatedRequest(cliApiUrl("/cli/profiles/new"), {
+        method: "POST",
+        body: { name: profileName, content, source: "welcome" }
+      })
+    );
     if (response.status === 200) {
       console.log(import_chalk12.default.green("  \u2713 profile synced to your account"));
     } else {
@@ -11814,12 +11794,15 @@ async function stepSignup(profileName) {
   } catch {
     console.log(import_chalk12.default.yellow("  profile saved locally \u2014 run `hyv sync` after you upgrade"));
   }
-  console.log(import_chalk12.default.cyan("\n  opening pricing \u2014 $1 first month to unlock learning + sync..."));
-  const { default: open3 } = await Promise.resolve().then(() => __toESM(require_open()));
-  const { assertSafeOpenUrl: assertSafeOpenUrl2 } = await Promise.resolve().then(() => (init_config(), config_exports));
-  await open3(assertSafeOpenUrl2(PRICING_URL));
+  try {
+    console.log(import_chalk12.default.cyan("\n  opening billing in your dashboard ($1 first month)..."));
+    await withSpinner("opening dashboard\u2026", () => openAuthenticatedDashboard({ tab: "billing" }));
+    await briefPause();
+  } catch {
+    console.log(import_chalk12.default.yellow("  could not auto-open dashboard \u2014 visit holdyourvoice.com/dashboard"));
+  }
   markStepComplete("signup");
-  console.log(import_chalk12.default.dim("\n  or run: hyv plan --upgrade\n"));
+  console.log(import_chalk12.default.dim("\n  you're signed in \u2014 pick a plan in billing, no second login.\n"));
 }
 async function runInteractiveWelcome() {
   recordEvent("welcome_interactive");
@@ -16845,28 +16828,15 @@ async function showPlan() {
   }
 }
 async function upgradePlan() {
-  console.log(import_chalk14.default.cyan("\nOpening checkout...\n"));
-  const response = await authenticatedRequest(
-    cliApiUrl("/cli/subscribe"),
-    {
-      method: "POST",
-      body: { plan: "individual" }
-    }
-  );
-  if (response.status === 200) {
-    const data = response.data;
-    const checkoutUrl = data.checkout_url;
-    if (checkoutUrl) {
-      console.log(import_chalk14.default.dim("Opening browser..."));
-      await (0, import_open2.default)(assertSafeOpenUrl(checkoutUrl));
-      console.log(import_chalk14.default.green("\n\u2713 Checkout opened in browser"));
-      console.log(import_chalk14.default.dim("Complete the checkout to activate your plan."));
-    } else {
-      console.log(import_chalk14.default.yellow("No checkout URL received."));
-    }
-  } else {
-    console.log(import_chalk14.default.yellow("Could not create checkout session."));
-    console.log(import_chalk14.default.dim("Visit https://holdyourvoice.com/pricing to subscribe."));
+  console.log(import_chalk14.default.cyan("\nOpening billing in your dashboard ($1 first month)...\n"));
+  try {
+    await openAuthenticatedDashboard({ tab: "billing" });
+    console.log(import_chalk14.default.green("\n\u2713 Dashboard opened \u2014 you're already signed in"));
+    console.log(import_chalk14.default.dim("Pick a plan in billing. No second login."));
+  } catch {
+    console.log(import_chalk14.default.yellow("Could not open dashboard automatically."));
+    console.log(import_chalk14.default.dim(`Visit ${DASHBOARD_BILLING_URL} after running hyv init`));
+    console.log(import_chalk14.default.dim(`Or see plans: ${PRICING_URL}`));
   }
 }
 async function openBillingPortal() {
@@ -16880,7 +16850,7 @@ async function openBillingPortal() {
     const portalUrl = data.portal_url;
     if (portalUrl) {
       console.log(import_chalk14.default.dim("Opening browser..."));
-      await (0, import_open2.default)(assertSafeOpenUrl(portalUrl));
+      await (0, import_open2.default)(assertSafeOpenUrl2(portalUrl));
       console.log(import_chalk14.default.green("\n\u2713 Billing portal opened"));
     } else {
       console.log(import_chalk14.default.yellow("No portal URL received."));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@holdyourvoice/hyv",
-  "version": "2.9.2",
+  "version": "2.9.4",
   "description": "Free local AI writing scan for cursor & claude. MCP server, 220+ pattern detection, voice profiles. npx @holdyourvoice/hyv welcome",
   "main": "dist/index.js",
   "bin": {