@oaklandzoo/ostup 0.10.0 → 0.11.0

package/README.md

@@ -24,6 +24,14 @@ When you run this tool, it will:
    (Better Auth + guarded dashboard + settings), blog (MDX posts + RSS
    + sitemap). Your first deploy shows a working homepage and day-one
    flow, not a blank Next.js welcome.
+8. Optionally pass `--private` to ship an **app-level default-deny**
+   project on Vercel Hobby: middleware blocks every request except
+   sign-in/up + audit-health, blob helpers default to `access: 'private'`,
+   image optimizer cannot proxy external URLs, rate limiting and audit
+   logging are wired. Run `ostup doctor --privacy <url>` after deploy to
+   verify. Toggle on/off an existing project with `ostup private add` /
+   `ostup private remove` (manifest at `.ostup/private.json` makes the
+   remove cleanly revertable).
 
 ## Quick Start
 

package/bin/cli.mjs

@@ -11,7 +11,7 @@ loadDotEnv();
 
 const PKG_ROOT = resolve(dirname(fileURLToPath(import.meta.url)), '..');
 
-const SUBCOMMANDS = new Set(['init', 'update', 'brief', 'export-pro', 'doctor', 'bootstrap']);
+const SUBCOMMANDS = new Set(['init', 'update', 'brief', 'export-pro', 'doctor', 'bootstrap', 'private']);
 
 async function readPkg() {
   const raw = await readFile(resolve(PKG_ROOT, 'package.json'), 'utf8');
@@ -45,6 +45,10 @@ function parseArgs(argv) {
     else if (a === '--output') flags.output = argv[++i];
     else if (a.startsWith('--output=')) flags.output = a.slice('--output='.length);
     else if (a === '--white-label') flags.whiteLabel = true;
+    else if (a === '--private') flags.private = true;
+    else if (a === '--privacy') flags.privacy = true;
+    else if (a === '--url') flags.url = argv[++i];
+    else if (a.startsWith('--url=')) flags.url = a.slice('--url='.length);
     else if (a === '--no-log') flags.noLog = true;
     else if (a === '--skip-bootstrap') flags.skipBootstrap = true;
     else if (a === '--no-install') flags.noInstall = true;
@@ -78,6 +82,8 @@ function printHelp() {
       '  brief               Run the 10-question operator intake; write docs/brief.md + brief.json.',
       '  export-pro          Bundle brief + brand + content + initial PRD into a ZIP for client handoff.',
       '  doctor              Self-diagnosis: tool detection + auth + permissions + disk + Chrome. Read-only.',
+      '  doctor --privacy    Probe a deployed URL for default-deny enforcement (privacy mode).',
+      '  private add|remove|status   Apply, undo, or report on app-level privacy (default-deny middleware).',
       '  update              Refresh bundled templates from the pinned source.',
       '',
       'Flags for `ostup init`:',
@@ -89,6 +95,7 @@ function printHelp() {
       '  --ingest <path>     Copy operator materials from <path> into inputs/.',
       '  --brief <path>      Load a brief.json from <path> and write brief files + apply profile overlay.',
       '  --white-label       Strip OSTUP / Goodshin attribution from generated docs (Studio tier).',
+      '  --private           App-level default-deny: middleware, blob proxy, image-optimizer lock, audit + rate-limit, CLAUDE.md Part 20. Refused with --profile saas-dashboard.',
       '  --kit-only          Drop the markdown kit into a target dir, no GitHub or Vercel.',
       '  --config <path>     Read .ostup-config.yml from this path (kit-only mode).',
       '  --skip-bootstrap    Skip the in-CLI tool detection / install step (advanced).',
@@ -193,7 +200,7 @@ if (subcommand === 'export-pro') {
 if (subcommand === 'doctor') {
   const { runDoctor, printDoctorReport } = await import('../src/doctor.mjs');
   try {
-    const result = await runDoctor();
+    const result = await runDoctor({ flags });
     process.stdout.write(printDoctorReport(result));
     process.exit(result.failCount > 0 ? 1 : 0);
   } catch (err) {
@@ -202,6 +209,25 @@ if (subcommand === 'doctor') {
   }
 }
 
+if (subcommand === 'private') {
+  const action = subPositional[0] || 'status';
+  const { runPrivate } = await import('../src/private-cmd.mjs');
+  try {
+    await runPrivate({ action, flags, cwd: process.cwd() });
+    process.exit(0);
+  } catch (err) {
+    process.stderr.write(`${err.message}\n`);
+    const userErrors = new Set([
+      'PRIVATE_SAAS_CONFLICT',
+      'PRIVATE_NOT_APPLIED',
+      'PRIVATE_ALREADY_APPLIED',
+      'PRIVATE_DIRTY',
+      'PRIVATE_UNKNOWN_ACTION',
+    ]);
+    process.exit(userErrors.has(err.code) ? 1 : 2);
+  }
+}
+
 if (subcommand === 'bootstrap') {
   const { runBootstrapStandalone } = await import('../src/bootstrap.mjs');
   try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oaklandzoo/ostup",
-  "version": "0.10.0",
+  "version": "0.11.0",
   "description": "Scaffolds a new repo with the Ostup Agent Kit pre-installed: slash commands, doc templates, and a clean working state.",
   "type": "module",
   "bin": {

package/src/doctor-privacy.mjs

@@ -0,0 +1,103 @@
+// doctor-privacy.mjs: HTTP probes for ostup doctor --privacy.
+// Auto-detects deployed URL from .vercel/project.json; --url overrides.
+
+import { readFile } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+
+const PROBE_PATHS = [
+  '/api/health',
+  '/api/contact',
+  '/api/booking/request',
+  '/api/account/settings',
+  '/api/blob/test.jpg',
+  '/uploads/test.jpg',
+  '/_next/image?url=https%3A%2F%2Fexample.com%2Ftest.jpg&w=64&q=75',
+  '/dashboard',
+  '/dashboard/settings',
+];
+
+const AUDIT_HEALTH_PATH = '/api/audit/health';
+
+export async function detectDeployedUrl(cwd = process.cwd()) {
+  const projectJson = join(cwd, '.vercel', 'project.json');
+  if (!existsSync(projectJson)) return null;
+  try {
+    const raw = await readFile(projectJson, 'utf8');
+    const data = JSON.parse(raw);
+    if (data.productionDomain) {
+      const host = String(data.productionDomain).replace(/^https?:\/\//, '');
+      return `https://${host}`;
+    }
+    if (data.production_alias) {
+      const host = String(data.production_alias).replace(/^https?:\/\//, '');
+      return `https://${host}`;
+    }
+    if (data.projectId) {
+      return null; // We could shell out to `vercel inspect`, but skip in v1.
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+async function probeOne(baseUrl, path, fetchImpl = fetch) {
+  const url = `${baseUrl.replace(/\/+$/, '')}${path}`;
+  try {
+    const res = await fetchImpl(url, {
+      method: 'GET',
+      redirect: 'manual',
+      headers: { 'user-agent': 'ostup-doctor-privacy/1.0' },
+    });
+    return { url, status: res.status, ok: res.status === 401 || res.status === 404 || res.status === 403 || (res.status >= 300 && res.status < 400) };
+  } catch (err) {
+    return { url, status: 0, ok: false, error: err instanceof Error ? err.message : String(err) };
+  }
+}
+
+async function probeAuditHealth(baseUrl, fetchImpl = fetch) {
+  const url = `${baseUrl.replace(/\/+$/, '')}${AUDIT_HEALTH_PATH}`;
+  try {
+    const res = await fetchImpl(url, { method: 'GET', headers: { 'user-agent': 'ostup-doctor-privacy/1.0' } });
+    if (!res.ok) return { url, status: res.status, ok: false };
+    const body = await res.json().catch(() => null);
+    return { url, status: res.status, ok: body?.ok === true, body };
+  } catch (err) {
+    return { url, status: 0, ok: false, error: err instanceof Error ? err.message : String(err) };
+  }
+}
+
+export async function runPrivacyChecks({ url, cwd = process.cwd(), report, fetchImpl = fetch } = {}) {
+  let baseUrl = url;
+  if (!baseUrl) baseUrl = await detectDeployedUrl(cwd);
+  if (!baseUrl) {
+    report('fail', 'privacy url', 'could not resolve deployed URL. Pass --url <vercel-url> or run from a Vercel-linked project dir.');
+    return;
+  }
+  report('ok', 'privacy url', baseUrl);
+
+  for (const p of PROBE_PATHS) {
+    const result = await probeOne(baseUrl, p, fetchImpl);
+    if (result.error) {
+      report('warn', `probe ${p}`, `network error: ${result.error}`);
+      continue;
+    }
+    if (result.ok) {
+      report('ok', `probe ${p}`, `${result.status} (denied as expected)`);
+    } else {
+      report('fail', `probe ${p}`, `${result.status} (expected 401/403/404/redirect; got 2xx)`);
+    }
+  }
+
+  const audit = await probeAuditHealth(baseUrl, fetchImpl);
+  if (audit.error) {
+    report('warn', 'probe audit-health', `network error: ${audit.error}`);
+  } else if (audit.ok) {
+    report('ok', 'probe audit-health', `${audit.status} (audit pipeline wired)`);
+  } else {
+    report('fail', 'probe audit-health', `${audit.status} (audit pipeline NOT wired)`);
+  }
+}
+
+export { PROBE_PATHS, AUDIT_HEALTH_PATH };

package/src/doctor.mjs

@@ -25,7 +25,7 @@ function runCapture(cmd) {
   }
 }
 
-export async function runDoctor() {
+export async function runDoctor({ flags = {} } = {}) {
   const findings = [];
   let okCount = 0;
   let failCount = 0;
@@ -38,6 +38,12 @@ export async function runDoctor() {
     else warnCount++;
   }
 
+  if (flags.privacy) {
+    const { runPrivacyChecks } = await import('./doctor-privacy.mjs');
+    await runPrivacyChecks({ url: flags.url, report });
+    return { findings, okCount, warnCount, failCount };
+  }
+
   // === Tool detection (shared with bootstrap) ===
   const detection = detectAll();
   for (const f of detection.found) {

package/src/mvp-flow.mjs

@@ -134,6 +134,16 @@ export async function runMvp({ flags = {}, cwd = process.cwd() } = {}) {
     }
   }
 
+  if (flags.private) {
+    const { applyPrivate } = await import('./private.mjs');
+    const profile = brief?.scaffold?.profile || null;
+    const priv = await applyPrivate({ targetDir, profile });
+    process.stdout.write(
+      `[private] applied default-deny. ${priv.touched.length} file(s) touched. ` +
+        `rate-limit backend: ${priv.useKvRateLimit ? 'kv' : 'in-memory'}\n`,
+    );
+  }
+
   await exec('git-init',  'git', ['init'], { cwd: targetDir });
   await exec('git-branch','git', ['branch', '-M', 'main'], { cwd: targetDir });
   await exec('git-add',   'git', ['add', '.'], { cwd: targetDir });

package/src/private-cmd.mjs

@@ -0,0 +1,35 @@
+// private-cmd.mjs: ostup private add|remove|status subcommand.
+
+import { applyPrivate, removePrivate, statusPrivate, PrivateError } from './private.mjs';
+
+export async function runPrivate({ action = 'status', flags = {}, cwd = process.cwd() } = {}) {
+  if (action === 'add') {
+    const result = await applyPrivate({ targetDir: cwd, force: !!flags.force });
+    process.stdout.write(
+      `[private] applied. ${result.touched.length} file(s) touched. ` +
+        `rate-limit backend: ${result.useKvRateLimit ? 'kv' : 'in-memory'}\n`,
+    );
+    process.stdout.write(`[private] manifest: .ostup/private.json (run 'ostup private remove' to undo)\n`);
+    return;
+  }
+  if (action === 'remove') {
+    const result = await removePrivate({ targetDir: cwd, force: !!flags.force });
+    process.stdout.write(`[private] removed. ${result.restored.length} file(s) reverted.\n`);
+    return;
+  }
+  if (action === 'status') {
+    const result = await statusPrivate({ targetDir: cwd });
+    if (!result.applied) {
+      process.stdout.write(`[private] not applied. Run 'ostup private add' to enable.\n`);
+      return;
+    }
+    process.stdout.write(`[private] applied at ${result.manifest.appliedAt}\n`);
+    process.stdout.write(`[private] rate-limit backend: ${result.manifest.useKvRateLimit ? 'kv' : 'in-memory'}\n`);
+    process.stdout.write(`[private] files under management:\n`);
+    for (const op of result.manifest.ops) {
+      process.stdout.write(`  ${op.kind === 'created' ? '+' : '~'} ${op.path}\n`);
+    }
+    return;
+  }
+  throw new PrivateError('PRIVATE_UNKNOWN_ACTION', `unknown action '${action}'. Use: add | remove | status`);
+}

package/src/private.mjs

@@ -0,0 +1,215 @@
+// private.mjs: applyPrivate post-processor. Lays down default-deny middleware,
+// blob proxy, audit + rate-limit libs, locked next.config, CLAUDE.md Part 20.
+// Captures original content of patched files for clean rollback by `ostup private remove`.
+
+import { readFile, writeFile, mkdir, rm } from 'node:fs/promises';
+import { existsSync, readFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const PKG_ROOT = resolve(dirname(fileURLToPath(import.meta.url)), '..');
+const PRIVATE_TEMPLATES = resolve(PKG_ROOT, 'templates', 'private');
+
+const SAAS_CONFLICT_MSG =
+  '--private is not compatible with the saas-dashboard profile. ' +
+  'saas-dashboard already provides Better Auth + a session-checking middleware.ts. ' +
+  'Layering default-deny on top creates two competing matchers.\n\n' +
+  'Pick one:\n' +
+  '  - Use --private alone for a generic single-user-protected app\n' +
+  '  - Use --profile saas-dashboard alone for the SaaS shell';
+
+export const PRIVATE_MANIFEST_PATH = '.ostup/private.json';
+
+class PrivateError extends Error {
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+  }
+}
+
+function detectSaas(targetDir, profile) {
+  if (profile === 'saas-dashboard') return true;
+  const pkgPath = join(targetDir, 'package.json');
+  if (!existsSync(pkgPath)) return false;
+  try {
+    const pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));
+    const deps = { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) };
+    return Boolean(deps['better-auth']);
+  } catch {
+    return false;
+  }
+}
+
+function plannedOperations(targetDir, useKvRateLimit) {
+  // Each op: { kind: 'create'|'patch', dest: <relative path>, src: <template relpath>|null, patcher?: fn }
+  const rateLimitSrc = useKvRateLimit ? 'lib-rate-limit-kv.ts' : 'lib-rate-limit-memory.ts';
+  return [
+    { kind: 'create', dest: 'middleware.ts', src: 'middleware.ts' },
+    { kind: 'create', dest: 'next.config.ts', src: 'next.config.ts' },
+    { kind: 'create', dest: 'app/api/blob/[...path]/route.ts', src: 'api-blob-proxy.ts' },
+    { kind: 'create', dest: 'app/api/audit/health/route.ts', src: 'api-audit-health.ts' },
+    { kind: 'create', dest: 'lib/audit.ts', src: 'lib-audit.ts' },
+    { kind: 'create', dest: 'lib/rate-limit.ts', src: rateLimitSrc },
+    { kind: 'patch', dest: 'CLAUDE.md', src: 'CLAUDE_PART_20.md', mode: 'append' },
+    { kind: 'patch', dest: 'app/layout.tsx', src: null, mode: 'layout-robots' },
+  ];
+}
+
+async function loadTemplate(rel) {
+  return readFile(join(PRIVATE_TEMPLATES, rel), 'utf8');
+}
+
+function patchLayoutRobots(body) {
+  // Inject `robots: { index: false, follow: false }` into the metadata export, if present.
+  // Idempotent: skip if already contains "robots:".
+  if (/robots\s*:/.test(body)) return body;
+  // Match: export const metadata: Metadata = {  ...  };
+  const re = /(export\s+const\s+metadata\s*:\s*Metadata\s*=\s*\{)([^}]*)(\})/;
+  if (!re.test(body)) return body;
+  return body.replace(re, (_full, open, inner, close) => {
+    const trimmed = inner.replace(/\s*$/, '');
+    const sep = trimmed.endsWith(',') ? '' : (trimmed.length > 0 ? ',' : '');
+    const insert = `${trimmed}${sep}\n  robots: { index: false, follow: false },\n`;
+    return `${open}${insert}${close}`;
+  });
+}
+
+function envMentions(targetDir, names) {
+  for (const file of ['.env', '.env.local', '.env.production', '.env.example']) {
+    const p = join(targetDir, file);
+    if (!existsSync(p)) continue;
+    try {
+      const body = readFileSync(p, 'utf8');
+      for (const n of names) {
+        if (new RegExp(`^${n}=`, 'm').test(body)) return true;
+      }
+    } catch {}
+  }
+  return false;
+}
+
+export async function applyPrivate({ targetDir, profile = null, force = false } = {}) {
+  if (detectSaas(targetDir, profile)) {
+    throw new PrivateError('PRIVATE_SAAS_CONFLICT', SAAS_CONFLICT_MSG);
+  }
+
+  const manifestPath = join(targetDir, PRIVATE_MANIFEST_PATH);
+  if (existsSync(manifestPath) && !force) {
+    throw new PrivateError(
+      'PRIVATE_ALREADY_APPLIED',
+      `${PRIVATE_MANIFEST_PATH} already exists. Run 'ostup private remove' first, or pass --force.`,
+    );
+  }
+
+  const useKv = envMentions(targetDir, ['KV_URL', 'KV_REST_API_URL']);
+  const ops = plannedOperations(targetDir, useKv);
+
+  const performed = [];
+
+  for (const op of ops) {
+    const destPath = join(targetDir, op.dest);
+
+    if (op.kind === 'create') {
+      if (existsSync(destPath) && !force) {
+        throw new PrivateError(
+          'PRIVATE_DIRTY',
+          `${op.dest} already exists; refusing to overwrite without --force.`,
+        );
+      }
+      const content = await loadTemplate(op.src);
+      await mkdir(dirname(destPath), { recursive: true });
+      await writeFile(destPath, content, 'utf8');
+      performed.push({ kind: 'created', path: op.dest });
+    } else if (op.kind === 'patch') {
+      if (!existsSync(destPath)) {
+        // Patching a missing file is a soft-skip (e.g. no app/layout.tsx exists).
+        continue;
+      }
+      const prior = await readFile(destPath, 'utf8');
+      let next;
+      if (op.mode === 'append') {
+        const addition = await loadTemplate(op.src);
+        if (prior.includes('# PART 20: PRIVACY DEFAULT-DENY')) {
+          continue;
+        }
+        next = prior + addition;
+      } else if (op.mode === 'layout-robots') {
+        next = patchLayoutRobots(prior);
+        if (next === prior) continue;
+      } else {
+        continue;
+      }
+      await writeFile(destPath, next, 'utf8');
+      performed.push({ kind: 'patched', path: op.dest, prior });
+    }
+  }
+
+  await mkdir(dirname(manifestPath), { recursive: true });
+  await writeFile(
+    manifestPath,
+    JSON.stringify(
+      {
+        appliedAt: new Date().toISOString(),
+        useKvRateLimit: useKv,
+        ops: performed,
+      },
+      null,
+      2,
+    ) + '\n',
+    'utf8',
+  );
+
+  return { applied: true, touched: performed.map((p) => p.path), useKvRateLimit: useKv };
+}
+
+export async function removePrivate({ targetDir, force = false } = {}) {
+  const manifestPath = join(targetDir, PRIVATE_MANIFEST_PATH);
+  if (!existsSync(manifestPath)) {
+    throw new PrivateError('PRIVATE_NOT_APPLIED', `${PRIVATE_MANIFEST_PATH} not found; nothing to remove.`);
+  }
+  const manifest = JSON.parse(await readFile(manifestPath, 'utf8'));
+  const restored = [];
+
+  // Walk in reverse so dependent files come back in the right order.
+  for (const op of [...manifest.ops].reverse()) {
+    const p = join(targetDir, op.path);
+    if (op.kind === 'created') {
+      if (existsSync(p)) {
+        await rm(p, { force: true });
+        restored.push({ kind: 'deleted', path: op.path });
+      }
+    } else if (op.kind === 'patched') {
+      if (!existsSync(p)) {
+        if (!force) {
+          throw new PrivateError(
+            'PRIVATE_DIRTY',
+            `${op.path} is gone; cannot restore. Re-add the file or pass --force to skip.`,
+          );
+        }
+        continue;
+      }
+      // Optional: integrity check against prior. Skipped in v1.
+      await writeFile(p, op.prior, 'utf8');
+      restored.push({ kind: 'restored', path: op.path });
+    }
+  }
+
+  await rm(manifestPath, { force: true });
+  // Best-effort: remove empty .ostup/ dir.
+  try {
+    await rm(join(targetDir, '.ostup'), { recursive: false });
+  } catch {}
+
+  return { restored: restored.map((r) => r.path) };
+}
+
+export async function statusPrivate({ targetDir } = {}) {
+  const manifestPath = join(targetDir, PRIVATE_MANIFEST_PATH);
+  if (!existsSync(manifestPath)) {
+    return { applied: false, manifest: null };
+  }
+  const manifest = JSON.parse(await readFile(manifestPath, 'utf8'));
+  return { applied: true, manifest };
+}
+
+export { PrivateError };

package/templates/.claude/commands/add-storage.md

@@ -62,7 +62,17 @@ Confirm `.env.local` got the new keys. Common ones:
 npm install @vercel/<type>
 ```
 
-Create `src/lib/<type>.ts` with typed helpers. Example for blob:
+### Privacy mode check (before writing blob helpers)
+
+Before writing `src/lib/blob.ts`, check whether this project is in privacy mode by looking for `.ostup/private.json` at the project root OR a `# PART 20: PRIVACY DEFAULT-DENY` section in `CLAUDE.md`. If either is present:
+
+- Default the helper to `access: 'private'` (not `'public'`).
+- Also scaffold `app/api/blob/[...path]/route.ts` as the auth-checked proxy if it does not already exist (the `--private` applier may have already created it). Do NOT serve blob URLs directly to the client.
+- Skip the `vercel blob create-store --access public` flag from Step 3. Re-create the store without `--access public` if it was already created public.
+
+### Blob helper template
+
+Default (no privacy mode):
 
 ```typescript
 // src/lib/blob.ts
@@ -81,6 +91,26 @@ export async function deleteFile(url: string) {
 }
 ```
 
+Privacy mode:
+
+```typescript
+// src/lib/blob.ts
+import { put, list, del } from '@vercel/blob';
+
+export async function uploadFile(path: string, body: Blob | ArrayBuffer | string) {
+  // access: 'private' is mandatory in privacy mode. Serve via /api/blob/[...path] proxy.
+  return put(path, body, { access: 'private' as 'private' });
+}
+
+export async function listFiles(prefix?: string) {
+  return list({ prefix });
+}
+
+export async function deleteFile(url: string) {
+  return del(url);
+}
+```
+
 Match the project's existing TypeScript conventions (named exports, no defaults, etc.).
 
 ## Step 6: update AGENTS.md

package/templates/private/CLAUDE_PART_20.md

@@ -0,0 +1,30 @@
+
+---
+
+# PART 20: PRIVACY DEFAULT-DENY (--private mode)
+
+This project was scaffolded with `--private` (or `ostup private add` was later run on it). Default-deny is mandatory. Treat the rules below as hard rules per Part 3.
+
+## Hard rules
+
+1. **Do NOT widen the middleware matcher.** The `middleware.ts` matcher at the project root is intentionally strict. Adding paths to its exclusion list ungates them across the entire app. Any change MUST be reviewed for whether it accidentally exposes user content.
+
+2. **All `@vercel/blob` helpers default to `access: 'private'`.** Generated `src/lib/blob.ts` and any blob helper code uses `access: 'private'`. To serve a blob to authenticated users, route it through `app/api/blob/[...path]/route.ts` (the auth-checked proxy). Never set `access: 'public'` unless the file is truly safe to expose to the open internet.
+
+3. **Do NOT change `next.config.ts` -> `images.remotePatterns`.** It is intentionally empty (`[]`). Adding blob hosts would let `/_next/image?url=<blob-url>` proxy private blobs around auth.
+
+4. **`/_next/image` is auth-gated.** The matcher deliberately does NOT exclude `/_next/image`. This blocks public abuse of the image optimizer for any URL the matcher does not already allow.
+
+5. **Rate limiting is wired in middleware.** Default: `/api/*` 60 req/min/IP, everything else 600 req/min/IP. Adjust `src/lib/rate-limit.ts` constants. Removing the rate-limit call from middleware requires explicit operator review.
+
+6. **Audit log every blocked request.** Every 401/429 goes through `src/lib/audit.ts` -> `console.log` -> Vercel Logs. Do not silence the audit logger.
+
+7. **The audit-health endpoint at `/api/audit/health` is the only intentionally public route in privacy mode.** It confirms the audit pipeline is wired. Used by `ostup doctor --privacy` to verify the deploy.
+
+## Verification
+
+Run `ostup doctor --privacy <deployed-url>` after every deploy. It probes a list of suspicious paths without cookies and asserts they return 401 or 404. Any 200 is a privacy regression.
+
+## To undo
+
+If privacy mode is no longer needed, run `ostup private remove` from the project root. The applier captured original file contents in `.ostup/private.json`; remove will restore them.

package/templates/private/api-audit-health.ts

@@ -0,0 +1,9 @@
+import { NextResponse } from 'next/server';
+
+export async function GET() {
+  return NextResponse.json({
+    ok: true,
+    pipeline: 'wired',
+    privacy: '--private',
+  });
+}

package/templates/private/api-blob-proxy.ts

@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server';
+import { head } from '@vercel/blob';
+import { audit } from '@/lib/audit';
+
+const SESSION_COOKIE_NAMES = ['better-auth.session_token', 'authjs.session-token', 'session_token'];
+
+export async function GET(req: Request, { params }: { params: Promise<{ path: string[] }> }) {
+  const cookieHeader = req.headers.get('cookie') || '';
+  const hasSession = SESSION_COOKIE_NAMES.some((name) => cookieHeader.includes(`${name}=`));
+  if (!hasSession) {
+    audit({
+      ts: new Date().toISOString(),
+      path: new URL(req.url).pathname,
+      ip: req.headers.get('x-forwarded-for')?.split(',')[0]?.trim() || 'unknown',
+      method: 'GET',
+      ua: req.headers.get('user-agent') || '',
+      reason: 'no_session',
+      status: 401,
+    });
+    return new NextResponse('Unauthorized', { status: 401 });
+  }
+
+  const { path } = await params;
+  const blobPath = path.join('/');
+  try {
+    const blob = await head(blobPath);
+    if (!blob) return new NextResponse('Not Found', { status: 404 });
+    const upstream = await fetch(blob.url);
+    if (!upstream.ok || !upstream.body) return new NextResponse('Not Found', { status: 404 });
+    return new NextResponse(upstream.body, {
+      headers: {
+        'content-type': blob.contentType || 'application/octet-stream',
+        'cache-control': 'private, no-store',
+        'x-robots-tag': 'noindex, nofollow',
+      },
+    });
+  } catch {
+    return new NextResponse('Not Found', { status: 404 });
+  }
+}

package/templates/private/lib-audit.ts

@@ -0,0 +1,18 @@
+export type AuditEntry = {
+  ts: string;
+  path: string;
+  ip: string;
+  method: string;
+  ua: string;
+  reason: 'no_session' | 'rate_limit' | 'invalid_token';
+  status: number;
+};
+
+const IGNORE_PATHS: string[] = [
+  '/api/audit/health',
+];
+
+export function audit(entry: AuditEntry): void {
+  if (IGNORE_PATHS.some((p) => entry.path.startsWith(p))) return;
+  console.log(`[audit] ${JSON.stringify(entry)}`);
+}

package/templates/private/lib-rate-limit-kv.ts

@@ -0,0 +1,21 @@
+import { kv } from '@vercel/kv';
+
+const LIMITS: { test: (path: string) => boolean; perMin: number }[] = [
+  { test: (p) => p.startsWith('/api/'), perMin: 60 },
+  { test: () => true, perMin: 600 },
+];
+
+export async function rateLimit({ ip, path }: { ip: string; path: string }): Promise<{ ok: boolean; retryAfterSeconds: number }> {
+  const limit = LIMITS.find((l) => l.test(path))!;
+  const minute = Math.floor(Date.now() / 60_000);
+  const key = `rl:${ip}:${minute}:${limit.perMin}`;
+  const count = await kv.incr(key);
+  if (count === 1) {
+    await kv.expire(key, 65);
+  }
+  if (count > limit.perMin) {
+    const retryAfterSeconds = 60 - (Math.floor(Date.now() / 1000) % 60);
+    return { ok: false, retryAfterSeconds };
+  }
+  return { ok: true, retryAfterSeconds: 0 };
+}

package/templates/private/lib-rate-limit-memory.ts

@@ -0,0 +1,25 @@
+type Bucket = { count: number; resetAt: number };
+
+const buckets = new Map<string, Bucket>();
+
+const LIMITS: { test: (path: string) => boolean; perMin: number }[] = [
+  { test: (p) => p.startsWith('/api/'), perMin: 60 },
+  { test: () => true, perMin: 600 },
+];
+
+export async function rateLimit({ ip, path }: { ip: string; path: string }): Promise<{ ok: boolean; retryAfterSeconds: number }> {
+  const limit = LIMITS.find((l) => l.test(path))!;
+  const key = `${ip}::${limit.perMin}`;
+  const now = Date.now();
+  const bucket = buckets.get(key);
+
+  if (!bucket || bucket.resetAt < now) {
+    buckets.set(key, { count: 1, resetAt: now + 60_000 });
+    return { ok: true, retryAfterSeconds: 0 };
+  }
+  if (bucket.count >= limit.perMin) {
+    return { ok: false, retryAfterSeconds: Math.ceil((bucket.resetAt - now) / 1000) };
+  }
+  bucket.count += 1;
+  return { ok: true, retryAfterSeconds: 0 };
+}

package/templates/private/middleware.ts

@@ -0,0 +1,60 @@
+import { NextResponse } from 'next/server';
+import type { NextRequest } from 'next/server';
+import { rateLimit } from '@/lib/rate-limit';
+import { audit } from '@/lib/audit';
+
+const SESSION_COOKIE_NAMES = ['better-auth.session_token', 'authjs.session-token', 'session_token'];
+
+function getIp(req: NextRequest): string {
+  const xff = req.headers.get('x-forwarded-for');
+  if (xff) return xff.split(',')[0].trim();
+  return req.headers.get('x-real-ip') || 'unknown';
+}
+
+export async function middleware(req: NextRequest) {
+  const ip = getIp(req);
+  const path = req.nextUrl.pathname;
+  const method = req.method;
+  const ua = req.headers.get('user-agent') || '';
+
+  const rl = await rateLimit({ ip, path });
+  if (!rl.ok) {
+    audit({ ts: new Date().toISOString(), path, ip, method, ua, reason: 'rate_limit', status: 429 });
+    return new NextResponse('Too Many Requests', {
+      status: 429,
+      headers: {
+        'retry-after': String(rl.retryAfterSeconds),
+        'x-robots-tag': 'noindex, nofollow',
+      },
+    });
+  }
+
+  const hasSession = SESSION_COOKIE_NAMES.some((name) => req.cookies.get(name)?.value);
+  if (!hasSession) {
+    audit({ ts: new Date().toISOString(), path, ip, method, ua, reason: 'no_session', status: 401 });
+    if (method === 'GET' && req.headers.get('accept')?.includes('text/html')) {
+      const url = req.nextUrl.clone();
+      url.pathname = '/sign-in';
+      url.searchParams.set('next', path);
+      return NextResponse.redirect(url);
+    }
+    return new NextResponse('Unauthorized', {
+      status: 401,
+      headers: { 'x-robots-tag': 'noindex, nofollow' },
+    });
+  }
+
+  const res = NextResponse.next();
+  res.headers.set('x-robots-tag', 'noindex, nofollow');
+  return res;
+}
+
+export const config = {
+  // Default-deny matcher.
+  // Bypassed: /login, /signup, /sign-in, /sign-up, /api/auth/*, /api/audit/health,
+  //           /_next/static/*, /favicon.ico, /robots.txt.
+  // NOTE: /_next/image is deliberately NOT excluded. The image optimizer must be
+  // auth-gated too. Otherwise /_next/image?url=<blob-url> would proxy private blobs
+  // around auth.
+  matcher: ['/((?!login|signup|sign-in|sign-up|api/auth|api/audit/health|_next/static|favicon\\.ico|robots\\.txt).*)'],
+};

package/templates/private/next.config.ts

@@ -0,0 +1,14 @@
+import type { NextConfig } from 'next';
+
+const nextConfig: NextConfig = {
+  images: {
+    // Intentionally empty. The Next.js image optimizer cannot proxy any external
+    // host. This is required for privacy mode: if a private blob URL were added
+    // here, /_next/image?url=<blob-url> would serve the blob around auth.
+    //
+    // To serve user uploads with auth, use the /api/blob/[...path] proxy route.
+    remotePatterns: [],
+  },
+};
+
+export default nextConfig;