@ramonclaudio/create-vexpo 0.1.2 → 0.1.4

package/dist/templates/default/scripts/README.md

@@ -4,29 +4,45 @@ Build and maintenance scripts. Setup orchestration lives in the published `vexpo
 
 ## What's in this directory
 
-| Script                 | What it does                                                                                                                    |
-| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
-| `clean.ts`             | Trash + reinstall. `--metro` for cache-only nuke (Metro/Babel/Haste). `--state` also wipes `.setup-state.json`.                 |
-| `rotate-apple-jwt.mjs` | Re-signs the Apple Sign In `client_secret` JWT from env vars only. Used by `.eas/workflows/rotate-apple-jwt.yml` every 90 days. |
-| `_run.mjs`             | Runtime selector for `clean.ts`. Picks `bun` if available, falls back to `tsx`. Not used by the CLI.                            |
+| Script                 | What it does                                                                                                                                                                                                                        |
+| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `clean.ts`             | Trash + reinstall. `--metro` for cache-only nuke (Metro/Haste/node-compile-cache). `--state` also wipes `.setup-state.json`.                                                                                                        |
+| `gen-update-cert.mjs`  | One-shot OTA update code-signing setup. Wraps `npx expo-updates codesigning:generate`, writes `certs/certificate.pem` (committed) and `../keys/private-key.pem` (gitignored). Run via `npm run updates:gen-cert -- --name "<Org>"`. |
+| `rotate-apple-jwt.mjs` | Re-signs the Apple Sign In `client_secret` JWT from env vars only. Used by `.eas/workflows/rotate-apple-jwt.yml` every 90 days.                                                                                                     |
+| `_run.mjs`             | Runtime selector for `clean.ts`. Picks `bun` if available, falls back to `tsx`. Not used by the CLI.                                                                                                                                |
 
 Anything else (preflight checks, env validation, version bumps) lives in the `vexpo` CLI or in `eas-cli` directly.
 
+## Cleaning
+
+```bash
+npm run clean              # trash + reinstall
+npm run clean:metro        # just Metro/Haste/node-compile-cache
+npm run clean:state        # also wipe .setup-state.json
+```
+
+These run through `_run.mjs`, which picks `bun` if it's on PATH and falls back to `tsx`. To call it without the npm script: `node scripts/_run.mjs scripts/clean.ts --metro`.
+
 ## Setup orchestration
 
-Use the `vexpo` CLI:
+Use the `vexpo` CLI. `lite` and `full` are alternatives, pick the path you need:
 
 ```bash
 npx vexpo lite               # dev-mode setup (Convex + Better Auth only)
 npx vexpo full               # full provisioning to TestFlight-ready
+```
+
+The rest are independent maintenance commands, run them when you need them:
+
+```bash
 npx vexpo doctor             # cross-source drift detection
-npx vexpo env push           # sync from .env.local + .env.prod to Convex/EAS
+npx vexpo env push           # sync from .env.local + .env.prod to Convex and EAS
 npx vexpo apple asc-key      # validate ASC API key
 npx vexpo apple services-id  # attach SIWA capability to App ID
 npx vexpo apple jwt          # sign client_secret JWT, push to Convex
 ```
 
-Version bumps run through `eas build:version:set` / `eas build:version:sync` (`appVersionSource: "remote"` in `eas.json` puts EAS in charge of the version).
+Version bumps run through `eas build:version:set` or `eas build:version:sync`. `appVersionSource: "remote"` in `eas.json` puts EAS in charge of the version.
 
 The CLI itself ships from [`@ramonclaudio/vexpo` on npm](https://www.npmjs.com/package/@ramonclaudio/vexpo). Source lives at [`github.com/ramonclaudio/vexpo`](https://github.com/ramonclaudio/vexpo).
 

package/dist/templates/default/scripts/clean.ts

@@ -152,7 +152,7 @@ const HELP = `${BOLD}vexpo clean${RESET}
 ${BOLD}Usage:${RESET}
   ${DIM}npm run clean${RESET}                wipe caches, keep lockfile, frozen install
   ${DIM}npm run clean --all${RESET}          also wipe lockfile + convex/_generated
-  ${DIM}npm run clean --metro${RESET}        just Metro/Haste/Babel caches
+  ${DIM}npm run clean --metro${RESET}        just Metro/Haste/node-compile caches
   ${DIM}npm run clean --state${RESET}        also wipe .setup-state.json
   ${DIM}npm run clean --no-install${RESET}   wipe everything but skip reinstall
   ${DIM}npm run clean --help${RESET}
@@ -172,7 +172,7 @@ after install to rebuild the Convex bindings. Use when the lockfile
 is suspect or you want a true clean-slate reinstall.
 
 ${BOLD}--state${RESET} additionally wipes .setup-state.json so the next
-${DIM}npm run setup${RESET} re-probes every phase against external services
+${DIM}npx vexpo full${RESET} re-probes every phase against external services
 (slower, but the cure when state has drifted from reality).
 
 Bundlers (Metro, expo CLI, react-native start, Watchman) are stopped
@@ -474,7 +474,7 @@ async function stepSetupState(): Promise<void> {
     return;
   }
   await trashPaths([path]);
-  ok("trashed .setup-state.json (next `npm run setup` re-probes every phase)");
+  ok("trashed .setup-state.json (next `npx vexpo full` re-probes every phase)");
 }
 
 async function stepInstall(pm: PM): Promise<void> {

package/dist/templates/default/scripts/gen-update-cert.mjs

@@ -76,7 +76,9 @@ console.log(`1. Commit ${CERT.replace(`${PROJECT}/`, "")} (it's a public cert).`
 console.log(`2. Upload the private key to EAS as a file-type secret:`);
 console.log(`   eas env:create --environment production --visibility secret \\`);
 console.log(`     --type file --name EAS_UPDATE_PRIVATE_KEY --value ${KEY}`);
-console.log(`3. Keep ${KEY} off committed surface. The .gitignore already covers it.`);
+console.log(
+  `3. Keep ${KEY} off committed surface. It lands in ../keys/, outside the repo, so git never sees it.`,
+);
 console.log(
   `4. The next \`expo prebuild\` picks up the cert automatically. Run \`npm run prebuild\`.`,
 );

package/dist/templates/default/src/app/(app)/_layout.tsx

@@ -1,9 +1,11 @@
-import { Stack } from "expo-router";
+import { Stack, router } from "expo-router";
 import { useQuery } from "convex/react";
+import { useEffect } from "react";
 
 import { api } from "@/convex/_generated/api";
 import { authClient } from "@/lib/auth-client";
 import { useDeepLinkHandler } from "@/hooks/use-deep-link";
+import { useOnboarding } from "@/hooks/use-onboarding";
 import { useColors } from "@/hooks/use-theme";
 import { useMotionScreenOptions } from "@/hooks/use-motion-screen-options";
 import { useReducedMotion } from "@/hooks/use-reduced-motion";
@@ -28,6 +30,18 @@ export default function AppLayout() {
   const me = useQuery(api.users.getMe, isAuthenticated ? {} : "skip");
   const isAccountDeleted = !!me?.deletedAt;
 
+  // First-launch gate. `seen` reads SecureStore-backed localStorage
+  // synchronously, so there is no async flash. Wait for `me` to resolve
+  // (undefined while loading) before routing so a fresh authed user lands
+  // on welcome only once the account state is known. Welcome is registered
+  // inside the authed guard below, so this only fires for signed-in users.
+  const { seen } = useOnboarding();
+  useEffect(() => {
+    if (isAuthenticated && me !== undefined && !isAccountDeleted && !seen) {
+      router.replace("/welcome");
+    }
+  }, [isAuthenticated, me, isAccountDeleted, seen]);
+
   useDeepLinkHandler();
 
   const colors = useColors();

package/dist/templates/default/src/app/(app)/auth/forgot-password.tsx

@@ -53,6 +53,9 @@ export default function ForgotPasswordScreen() {
   // mode, but a deeplinked navigation could still land here.
   useEffect(() => {
     if (providers !== undefined && providers.emailFeatures === false) {
+      announce(
+        "Password reset is unavailable until email verification is set up. Run npx vexpo full.",
+      );
       router.replace("/auth/sign-in");
     }
   }, [providers]);

package/dist/templates/default/src/app/(app)/auth/reset-password.tsx

@@ -72,6 +72,9 @@ export default function ResetPasswordScreen() {
   // in lite mode (`REQUIRE_EMAIL_VERIFICATION` unset).
   useEffect(() => {
     if (providers !== undefined && providers.emailFeatures === false) {
+      announce(
+        "Password reset is unavailable until email verification is set up. Run npx vexpo full.",
+      );
       router.replace("/auth/sign-in");
     }
   }, [providers]);

package/dist/templates/default/src/app/(app)/auth/sign-up.tsx

@@ -315,7 +315,9 @@ export default function SignUpScreen() {
             <Text
               modifiers={[dfont({ size: 16 }), foregroundStyle(colors.mutedForeground as string)]}
             >
-              A verification code will be sent to confirm your email.
+              {emailFeatures
+                ? "A verification code will be sent to confirm your email."
+                : "Sign up and you're in. No email to confirm."}
             </Text>
           </VStack>
 

package/dist/templates/default/src/app/(app)/privacy.tsx

@@ -1,4 +1,4 @@
-import { useState, type ComponentProps } from "react";
+import { type ComponentProps } from "react";
 import { openSettings } from "expo-linking";
 import {
   Host,
@@ -27,13 +27,14 @@ import { useSymbolSize } from "@/lib/dynamic-symbol-size";
 import { Button as ButtonTokens } from "@/constants/layout";
 
 import { haptics } from "@/lib/haptics";
+import { useShareAnalytics } from "@/lib/preferences";
 import { useColors } from "@/hooks/use-theme";
 
 export default function PrivacyScreen() {
   const dfont = useDynamicFont();
   const symbolSize = useSymbolSize();
   const colors = useColors();
-  const [analyticsEnabled, setAnalyticsEnabled] = useState(true);
+  const [analyticsEnabled, setAnalyticsEnabled] = useShareAnalytics();
 
   const handleOpenSettings = () => {
     haptics.light();

package/dist/templates/default/src/app/(app)/restore-account.tsx

@@ -18,7 +18,7 @@
  */
 
 import { router } from "expo-router";
-import { useActionState, useState } from "react";
+import { startTransition, useActionState, useState } from "react";
 import { Image as ExpoImage } from "expo-image";
 import { Button, Host, Spacer, Text, VStack } from "@expo/ui/swift-ui";
 import {
@@ -158,7 +158,7 @@ export default function RestoreAccountScreen() {
           <ProminentButton
             testID="restore-account-restore"
             label={restorePending ? "Restoring…" : "Restore Account"}
-            onPress={() => restore()}
+            onPress={() => startTransition(() => restore())}
             disabled={restorePending || signingOut}
           />
           <Button

package/dist/templates/default/src/app/(app)/sessions.tsx

@@ -69,7 +69,7 @@ export default function SessionsScreen() {
   const { data: current } = authClient.useSession();
   const currentToken = current?.session?.token ?? null;
   const [sessions, setSessions] = useState<SessionRow[] | null>(null);
-  const [loadError, setLoadError] = useState(false);
+  const [loadError, setLoadError] = useState<"network" | "stale" | null>(null);
   const [revoking, setRevoking] = useState<string | null>(null);
   const [confirmToken, setConfirmToken] = useState<string | null>(null);
 
@@ -77,10 +77,13 @@ export default function SessionsScreen() {
     try {
       const res = await authClient.listSessions();
       if (res.error) {
-        setLoadError(true);
+        // Better Auth freshness-gates session management (freshAge in
+        // convex/auth.ts). A stale session gets 403 SESSION_NOT_FRESH, which
+        // no retry can fix, only a fresh sign-in can.
+        setLoadError(res.error.code === "SESSION_NOT_FRESH" ? "stale" : "network");
         return;
       }
-      setLoadError(false);
+      setLoadError(null);
       const rows = (res.data ?? []).map((s) => ({
         id: s.id,
         token: s.token,
@@ -91,7 +94,7 @@ export default function SessionsScreen() {
       }));
       setSessions(rows);
     } catch {
-      setLoadError(true);
+      setLoadError("network");
     }
   };
 
@@ -124,7 +127,14 @@ export default function SessionsScreen() {
   return (
     <Host testID="sessions-screen" style={{ flex: 1, backgroundColor: colors.background }}>
       {sessions === null ? (
-        loadError ? (
+        loadError === "stale" ? (
+          <ContentUnavailable
+            testID="sessions-stale"
+            title="Sign in again to manage sessions"
+            systemImage="lock.shield"
+            description="For your security, managing sessions needs a recent sign-in. Sign out, sign back in, and come back here."
+          />
+        ) : loadError ? (
           <ContentUnavailable
             testID="sessions-error"
             title="Couldn't load sessions"

package/dist/templates/default/src/components/ui/convex-error.tsx

@@ -1,7 +1,5 @@
 import { ConvexError } from "convex/values";
 
-import { ErrorText } from "./status-text";
-
 export function formatError(err: unknown): string {
   if (err instanceof ConvexError) {
     const data = err.data as unknown;
@@ -14,8 +12,3 @@ export function formatError(err: unknown): string {
   if (err instanceof Error) return err.message;
   return "An unexpected error occurred";
 }
-
-export function ConvexErrorView({ error, testID }: { error: unknown; testID?: string }) {
-  if (error === undefined || error === null) return null;
-  return <ErrorText testID={testID}>{formatError(error)}</ErrorText>;
-}

package/dist/templates/default/src/constants/ui.ts

@@ -5,17 +5,6 @@ export const Opacity = {
   muted: 0.6,
 } as const;
 
-export const Material = {
-  ultraThin: 20,
-  thin: 40,
-  regular: 60,
-  thick: 80,
-  ultraThick: 95,
-  bar: 50,
-} as const;
-
-export type MaterialLevel = keyof typeof Material;
-
 export const Shadow = {
   sm: "0 1px 2px",
   md: "0 2px 4px",

package/dist/templates/default/src/lib/dev-menu.ts

@@ -9,6 +9,11 @@ import { checkForUpdate } from "@/lib/updates";
 import { setTheme } from "@/hooks/use-theme";
 import { reloadApp } from "./app";
 
+// Mirror how `auth-client.ts` resolves the scheme so the secure-storage
+// keys we clear match the ones `@better-auth/expo` actually wrote.
+const rawScheme = Constants.expoConfig?.scheme;
+const scheme = Array.isArray(rawScheme) ? rawScheme[0] : rawScheme;
+
 type SessionResponse = { data?: { session?: { id?: string } } | null };
 
 async function copyAuthSessionId() {
@@ -50,8 +55,12 @@ export function registerDevMenuItems() {
     {
       name: "Clear Secure Storage",
       callback: () => {
-        SecureStore.deleteItemAsync("better-auth_session_token").catch(() => {});
-        SecureStore.deleteItemAsync("better-auth_refresh_token").catch(() => {});
+        // `@better-auth/expo` keys its SecureStore entries off `storagePrefix`,
+        // which `auth-client.ts` sets to the app scheme (falling back to
+        // "better-auth"). It writes `<prefix>_cookie` and `<prefix>_session_data`.
+        const prefix = scheme ?? "better-auth";
+        SecureStore.deleteItemAsync(`${prefix}_cookie`).catch(() => {});
+        SecureStore.deleteItemAsync(`${prefix}_session_data`).catch(() => {});
         console.log("[DevMenu] Secure storage cleared");
       },
     },

package/dist/templates/default/src/lib/preferences.ts

@@ -7,6 +7,7 @@ export type ReduceMotionPref = "system" | "always" | "never";
 const hapticsStore = createStorage<boolean>("pref.hapticsEnabled", true);
 const reduceMotionStore = createStorage<ReduceMotionPref>("pref.reduceMotion", "system");
 const debugEnabledStore = createStorage<boolean>("pref.debugEnabled", __DEV__);
+const analyticsStore = createStorage<boolean>("pref.shareAnalytics", true);
 
 export const preferences = {
   hapticsEnabled: () => hapticsStore.get(),
@@ -17,6 +18,9 @@ export const preferences = {
 
   debugEnabled: () => debugEnabledStore.get(),
   setDebugEnabled: (v: boolean) => debugEnabledStore.set(v),
+
+  shareAnalytics: () => analyticsStore.get(),
+  setShareAnalytics: (v: boolean) => analyticsStore.set(v),
 };
 
 export function useHapticsEnabled(): [boolean, (v: boolean) => void] {
@@ -41,3 +45,8 @@ export function useDebugEnabled(): [boolean, (v: boolean) => void] {
   );
   return [v, debugEnabledStore.set];
 }
+
+export function useShareAnalytics(): [boolean, (v: boolean) => void] {
+  const v = useSyncExternalStore(analyticsStore.subscribe, analyticsStore.get, analyticsStore.get);
+  return [v, analyticsStore.set];
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ramonclaudio/create-vexpo",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Scaffold a new vexpo project. Expo SDK 56 + Convex + Better Auth + Resend, wired for iOS, real auth, real push, real OTA, real App Store submission.",
   "keywords": [
     "better-auth",
@@ -48,7 +48,8 @@
     "dev": "tsup --watch",
     "prepublishOnly": "npm run build",
     "typecheck": "tsc --noEmit",
-    "test": "echo '(create-vexpo: no per-package tests yet. covered by template e2e)'"
+    "test": "echo '(create-vexpo: no unit tests; see test:e2e)'",
+    "test:e2e": "npm run build && __tests__/e2e/run.sh"
   },
   "dependencies": {
     "commander": "^15.0.0",