content-grade 1.0.4 → 1.0.6

package/dist/index.html

@@ -14,7 +14,7 @@
       }
       #root { min-height: 100vh; }
     </style>
-    <script type="module" crossorigin src="/assets/index-BUN69TiT.js"></script>
+    <script type="module" crossorigin src="/assets/index-Bc3ZrBgH.js"></script>
   </head>
   <body>
     <div id="root"></div>

package/dist-server/server/app.js

@@ -6,6 +6,8 @@ import Fastify from 'fastify';
 import cors from '@fastify/cors';
 import { registerDemoRoutes } from './routes/demos.js';
 import { registerStripeRoutes } from './routes/stripe.js';
+import { registerAnalyticsRoutes } from './routes/analytics.js';
+import { registerLicenseRoutes } from './routes/license.js';
 export async function createApp(opts = {}) {
     const app = Fastify({
         logger: opts.logger ?? { level: 'warn' },
@@ -28,6 +30,8 @@ export async function createApp(opts = {}) {
     });
     registerDemoRoutes(app);
     registerStripeRoutes(app);
+    registerAnalyticsRoutes(app);
+    registerLicenseRoutes(app);
     app.get('/api/health', async () => ({
         status: 'alive',
         uptime: process.uptime(),

package/dist-server/server/db.js

@@ -75,5 +75,51 @@ function migrate(db) {
       product_key TEXT NOT NULL,
       created_at DATETIME DEFAULT CURRENT_TIMESTAMP
     );
+
+    CREATE TABLE IF NOT EXISTS funnel_events (
+      id INTEGER PRIMARY KEY,
+      event TEXT NOT NULL,
+      ip_hash TEXT,
+      tool TEXT,
+      email TEXT,
+      metadata TEXT,
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    );
+
+    CREATE TABLE IF NOT EXISTS cli_telemetry (
+      id INTEGER PRIMARY KEY,
+      install_id TEXT NOT NULL,
+      event TEXT NOT NULL,
+      command TEXT,
+      duration_ms INTEGER,
+      success INTEGER,
+      exit_code INTEGER,
+      score REAL,
+      content_type TEXT,
+      version TEXT,
+      platform TEXT,
+      node_version TEXT,
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_funnel_events_event ON funnel_events(event);
+    CREATE INDEX IF NOT EXISTS idx_funnel_events_created ON funnel_events(created_at);
+    CREATE INDEX IF NOT EXISTS idx_cli_telemetry_install ON cli_telemetry(install_id);
+    CREATE INDEX IF NOT EXISTS idx_cli_telemetry_command ON cli_telemetry(command);
+
+    CREATE TABLE IF NOT EXISTS license_keys (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      key TEXT UNIQUE NOT NULL,
+      email TEXT NOT NULL,
+      stripe_customer_id TEXT,
+      product_key TEXT NOT NULL DEFAULT 'contentgrade_pro',
+      status TEXT NOT NULL DEFAULT 'active',
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      last_validated_at DATETIME,
+      validation_count INTEGER DEFAULT 0
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_license_keys_key ON license_keys(key);
+    CREATE INDEX IF NOT EXISTS idx_license_keys_email ON license_keys(email);
   `);
 }

package/dist-server/server/routes/analytics.js

@@ -0,0 +1,283 @@
+import { createHash } from 'crypto';
+import { readFileSync, existsSync } from 'fs';
+import { resolve, dirname } from 'path';
+import { fileURLToPath } from 'url';
+import { getDb } from '../db.js';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const METRICS_PATH = resolve(__dirname, '../../data/metrics.json');
+const ALLOWED_FUNNEL_EVENTS = new Set([
+    'free_limit_hit',
+    'upgrade_clicked',
+    'checkout_started',
+    'checkout_completed',
+    'pro_unlocked',
+    'email_captured',
+    'tool_used',
+]);
+function hashIp(ip) {
+    return createHash('sha256').update(ip).digest('hex');
+}
+function todayUTC() {
+    return new Date().toISOString().slice(0, 10);
+}
+function sevenDaysAgo() {
+    const d = new Date();
+    d.setDate(d.getDate() - 7);
+    return d.toISOString().slice(0, 10);
+}
+function thirtyDaysAgo() {
+    const d = new Date();
+    d.setDate(d.getDate() - 30);
+    return d.toISOString().slice(0, 10);
+}
+export function registerAnalyticsRoutes(app) {
+    // ── CLI telemetry receiver ────────────────────────────────────────────────
+    // Receives events from CLI users who have opted in to telemetry.
+    // Always returns 200 — never interrupt a CLI session for analytics.
+    app.post('/api/telemetry', async (req) => {
+        try {
+            const body = req.body;
+            if (!body || typeof body.install_id !== 'string' || !body.install_id) {
+                return { ok: true }; // silently accept malformed — never fail callers
+            }
+            const db = getDb();
+            db.prepare(`
+        INSERT INTO cli_telemetry
+          (install_id, event, command, duration_ms, success, exit_code, score, content_type, version, platform, node_version)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      `).run(String(body.install_id).slice(0, 64), String(body.event ?? 'unknown').slice(0, 64), body.command ? String(body.command).slice(0, 64) : null, typeof body.duration_ms === 'number' ? Math.round(body.duration_ms) : null, typeof body.success === 'boolean' ? (body.success ? 1 : 0) : null, typeof body.exit_code === 'number' ? body.exit_code : null, typeof body.score === 'number' ? body.score : null, body.content_type ? String(body.content_type).slice(0, 64) : null, body.version ? String(body.version).slice(0, 32) : null, body.platform ? String(body.platform).slice(0, 32) : null, body.nodeVersion ? String(body.nodeVersion).slice(0, 32) : null);
+        }
+        catch {
+            // never fail — telemetry is non-critical
+        }
+        return { ok: true };
+    });
+    // ── Frontend funnel event recorder ───────────────────────────────────────
+    // Tracks conversion funnel: free_limit_hit → upgrade_clicked → checkout_started → checkout_completed
+    app.post('/api/analytics/event', async (req) => {
+        const body = req.body;
+        const event = (body?.event ?? '').trim();
+        if (!ALLOWED_FUNNEL_EVENTS.has(event)) {
+            return { ok: false, error: 'Unknown event type' };
+        }
+        try {
+            const db = getDb();
+            const ipHash = hashIp(req.ip);
+            const email = body?.email ? String(body.email).slice(0, 255).toLowerCase() : null;
+            const tool = body?.tool ? String(body.tool).slice(0, 64) : null;
+            const metadata = body?.metadata ? JSON.stringify(body.metadata).slice(0, 1000) : null;
+            db.prepare(`
+        INSERT INTO funnel_events (event, ip_hash, tool, email, metadata)
+        VALUES (?, ?, ?, ?, ?)
+      `).run(event, ipHash, tool, email, metadata);
+        }
+        catch {
+            // silently accept — never fail the frontend
+        }
+        return { ok: true };
+    });
+    // ── Analytics summary ─────────────────────────────────────────────────────
+    // Aggregated metrics for the operator dashboard.
+    // Returns: funnel, cli commands, tool usage, conversions.
+    app.get('/api/analytics/summary', async (_req, reply) => {
+        try {
+            const db = getDb();
+            const since30 = thirtyDaysAgo();
+            const since7 = sevenDaysAgo();
+            const today = todayUTC();
+            // Funnel: last 30 days
+            const funnelRows = db.prepare(`
+        SELECT event, COUNT(*) as count
+        FROM funnel_events
+        WHERE date(created_at) >= ?
+        GROUP BY event
+      `).all(since30);
+            const funnel = {};
+            for (const r of funnelRows)
+                funnel[r.event] = r.count;
+            // Conversion rate: upgrade_clicked → checkout_completed
+            const upgradeClicked = funnel['upgrade_clicked'] ?? 0;
+            const checkoutCompleted = funnel['checkout_completed'] ?? 0;
+            const conversionRate = upgradeClicked > 0
+                ? Math.round((checkoutCompleted / upgradeClicked) * 100)
+                : 0;
+            // CLI: unique installs, commands, success rate (last 30 days)
+            const cliStats = db.prepare(`
+        SELECT
+          COUNT(DISTINCT install_id) as unique_installs,
+          COUNT(*) as total_commands,
+          SUM(CASE WHEN success = 1 THEN 1 ELSE 0 END) as successful,
+          SUM(CASE WHEN success = 0 THEN 1 ELSE 0 END) as failed,
+          AVG(duration_ms) as avg_duration_ms
+        FROM cli_telemetry
+        WHERE date(created_at) >= ?
+      `).get(since30);
+            // CLI: commands by type
+            const commandBreakdown = db.prepare(`
+        SELECT command, COUNT(*) as count, AVG(duration_ms) as avg_ms
+        FROM cli_telemetry
+        WHERE date(created_at) >= ? AND command IS NOT NULL
+        GROUP BY command
+        ORDER BY count DESC
+      `).all(since30);
+            // Tool usage from usage_tracking (web dashboard tools)
+            const toolUsage7d = db.prepare(`
+        SELECT endpoint, SUM(count) as total
+        FROM usage_tracking
+        WHERE date >= ?
+        GROUP BY endpoint
+        ORDER BY total DESC
+      `).all(since7);
+            const toolUsage30d = db.prepare(`
+        SELECT endpoint, SUM(count) as total
+        FROM usage_tracking
+        WHERE date >= ?
+        GROUP BY endpoint
+        ORDER BY total DESC
+      `).all(since30);
+            // Daily active unique IPs (last 7 days, web tools)
+            const dau7d = db.prepare(`
+        SELECT date, COUNT(DISTINCT ip_hash) as unique_ips, SUM(count) as requests
+        FROM usage_tracking
+        WHERE date >= ?
+        GROUP BY date
+        ORDER BY date DESC
+      `).all(since7);
+            // Today's usage
+            const todayUsage = db.prepare(`
+        SELECT SUM(count) as total, COUNT(DISTINCT ip_hash) as unique_ips
+        FROM usage_tracking
+        WHERE date = ?
+      `).get(today);
+            // Email captures (leads)
+            const emailCaptures = db.prepare(`
+        SELECT COUNT(*) as total, COUNT(DISTINCT email) as unique_emails
+        FROM email_captures
+        WHERE date(created_at) >= ?
+      `).get(since30);
+            return {
+                period: { from: since30, to: today },
+                funnel: {
+                    events: funnel,
+                    conversion_rate_pct: conversionRate,
+                    free_limit_hits_30d: funnel['free_limit_hit'] ?? 0,
+                    upgrade_clicks_30d: upgradeClicked,
+                    checkout_completions_30d: checkoutCompleted,
+                },
+                cli: {
+                    unique_installs_30d: cliStats?.unique_installs ?? 0,
+                    total_commands_30d: cliStats?.total_commands ?? 0,
+                    success_rate_pct: cliStats?.total_commands > 0
+                        ? Math.round(((cliStats.successful ?? 0) / cliStats.total_commands) * 100)
+                        : 0,
+                    avg_duration_ms: cliStats?.avg_duration_ms ? Math.round(cliStats.avg_duration_ms) : null,
+                    command_breakdown: commandBreakdown,
+                },
+                web: {
+                    tool_usage_7d: toolUsage7d,
+                    tool_usage_30d: toolUsage30d,
+                    daily_active_users_7d: dau7d,
+                    today: {
+                        total_requests: todayUsage?.total ?? 0,
+                        unique_ips: todayUsage?.unique_ips ?? 0,
+                    },
+                },
+                leads: {
+                    email_captures_30d: emailCaptures?.total ?? 0,
+                    unique_emails_30d: emailCaptures?.unique_emails ?? 0,
+                },
+                generated_at: new Date().toISOString(),
+            };
+        }
+        catch (err) {
+            reply.status(500);
+            return { error: 'Failed to fetch analytics', detail: String(err) };
+        }
+    });
+    // ── npm + GitHub traffic snapshot ─────────────────────────────────────────
+    // Reads data/metrics.json written by scripts/metrics.js (npm + GitHub API).
+    // Returns the latest snapshot (last entry in the array), or a 204 if no data yet.
+    app.get('/api/analytics/npm-stats', async (_req, reply) => {
+        try {
+            if (!existsSync(METRICS_PATH)) {
+                reply.status(204);
+                return { message: 'No metrics snapshot yet. Run: npm run metrics' };
+            }
+            const raw = readFileSync(METRICS_PATH, 'utf8').trim();
+            if (!raw) {
+                reply.status(204);
+                return { message: 'Metrics file is empty.' };
+            }
+            const snapshots = JSON.parse(raw);
+            if (!Array.isArray(snapshots) || snapshots.length === 0) {
+                reply.status(204);
+                return { message: 'No snapshots in metrics file.' };
+            }
+            // Return latest snapshot + history summary
+            const latest = snapshots[snapshots.length - 1];
+            return {
+                latest,
+                snapshot_count: snapshots.length,
+                oldest_snapshot: snapshots[0].timestamp ?? null,
+                newest_snapshot: latest.timestamp ?? null,
+            };
+        }
+        catch (err) {
+            reply.status(500);
+            return { error: 'Failed to read metrics snapshot', detail: String(err) };
+        }
+    });
+    // ── Recent funnel events (for debugging/operator view) ────────────────────
+    app.get('/api/analytics/funnel', async (_req, reply) => {
+        try {
+            const db = getDb();
+            const rows = db.prepare(`
+        SELECT event, tool, date(created_at) as date, COUNT(*) as count
+        FROM funnel_events
+        WHERE date(created_at) >= ?
+        GROUP BY event, tool, date(created_at)
+        ORDER BY date(created_at) DESC, event
+      `).all(thirtyDaysAgo());
+            return { funnel_by_day: rows };
+        }
+        catch (err) {
+            reply.status(500);
+            return { error: String(err) };
+        }
+    });
+    // ── npm download stats (proxied from npm registry) ────────────────────────
+    // Fetches public download counts for the content-grade npm package.
+    // Cached server-side for 1 hour to avoid hammering the npm API.
+    let _npmCache = null;
+    const NPM_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour
+    app.get('/api/analytics/npm-downloads', async (_req, reply) => {
+        try {
+            const now = Date.now();
+            if (_npmCache && (now - _npmCache.fetchedAt) < NPM_CACHE_TTL_MS) {
+                return _npmCache.data;
+            }
+            const [lastWeek, lastMonth, lastYear] = await Promise.all([
+                fetch('https://api.npmjs.org/downloads/point/last-week/content-grade').then(r => r.json()).catch(() => null),
+                fetch('https://api.npmjs.org/downloads/point/last-month/content-grade').then(r => r.json()).catch(() => null),
+                fetch('https://api.npmjs.org/downloads/point/last-year/content-grade').then(r => r.json()).catch(() => null),
+            ]);
+            // Daily breakdown for the last 30 days
+            const daily = await fetch('https://api.npmjs.org/downloads/range/last-month/content-grade')
+                .then(r => r.json())
+                .catch(() => null);
+            const result = {
+                last_week: lastWeek?.downloads ?? null,
+                last_month: lastMonth?.downloads ?? null,
+                last_year: lastYear?.downloads ?? null,
+                daily_30d: daily?.downloads ?? [],
+                fetched_at: new Date().toISOString(),
+            };
+            _npmCache = { data: result, fetchedAt: now };
+            return result;
+        }
+        catch (err) {
+            reply.status(500);
+            return { error: 'Failed to fetch npm stats', detail: String(err) };
+        }
+    });
+}

package/dist-server/server/routes/demos.js

@@ -8,7 +8,7 @@ import { hasActiveSubscriptionLive, hasPurchased } from '../services/stripe.js';
 const FREE_TIER_LIMIT = 50;
 const PRO_TIER_LIMIT = 100;
 const HEADLINE_GRADER_ENDPOINT = 'headline-grader';
-const UPGRADE_URL = 'https://contentgrade.ai/#pricing';
+const UPGRADE_URL = 'https://content-grade.github.io/Content-Grade/';
 function freeGateMsg(what) {
     return `Free daily limit reached (${FREE_TIER_LIMIT}/day). ${what} — upgrade to Pro at ${UPGRADE_URL}`;
 }
@@ -42,6 +42,13 @@ function resetUsage(ipHash, endpoint) {
 // Pro users (active subscription) get PRO_TIER_LIMIT instead of FREE_TIER_LIMIT.
 // AudienceDecoder passes productKey='audiencedecoder_report' to check one-time purchase.
 // Verifies subscription status against Stripe API directly (5-min cache) instead of a stale DB flag.
+function recordFunnelEvent(event, ipHash, tool, email) {
+    try {
+        const db = getDb();
+        db.prepare('INSERT INTO funnel_events (event, ip_hash, tool, email) VALUES (?, ?, ?, ?)').run(event, ipHash, tool ?? null, email ?? null);
+    }
+    catch { /* non-critical */ }
+}
 async function checkRateLimit(ipHash, endpoint, email, productKey) {
     if (email) {
         const isPro = productKey
@@ -57,6 +64,7 @@ async function checkRateLimit(ipHash, endpoint, email, productKey) {
     }
     const count = getUsageCount(ipHash, endpoint);
     if (count >= FREE_TIER_LIMIT) {
+        recordFunnelEvent('free_limit_hit', ipHash, endpoint, email);
         return { allowed: false, remaining: 0, limit: FREE_TIER_LIMIT, isPro: false };
     }
     return { allowed: true, remaining: FREE_TIER_LIMIT - count, limit: FREE_TIER_LIMIT, isPro: false };

package/dist-server/server/routes/license.js

@@ -0,0 +1,53 @@
+import { validateLicenseKey, getLicenseKeysForEmail } from '../services/license.js';
+import { hasActiveSubscription } from '../services/stripe.js';
+// Simple in-memory rate limiter: max 10 calls per IP per minute
+const _validateRateLimiter = new Map();
+function checkRateLimit(ip) {
+    const now = Date.now();
+    const entry = _validateRateLimiter.get(ip);
+    if (!entry || entry.resetAt < now) {
+        _validateRateLimiter.set(ip, { count: 1, resetAt: now + 60_000 });
+        return true;
+    }
+    if (entry.count >= 10)
+        return false;
+    entry.count++;
+    return true;
+}
+export function registerLicenseRoutes(app) {
+    app.get('/api/license/my-keys', async (req, reply) => {
+        const query = req.query;
+        const email = (query.email ?? '').trim().toLowerCase();
+        if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+            reply.status(400);
+            return { error: 'Valid email required' };
+        }
+        const keys = getLicenseKeysForEmail(email);
+        return { keys };
+    });
+    app.post('/api/license/validate', async (req, reply) => {
+        const ip = req.ip ?? 'unknown';
+        if (!checkRateLimit(ip)) {
+            reply.status(429);
+            return { valid: false, message: 'Too many requests. Try again in a minute.' };
+        }
+        const body = req.body;
+        const key = (body?.key ?? '').trim();
+        if (!key) {
+            reply.status(400);
+            return { valid: false, message: 'key required' };
+        }
+        const result = validateLicenseKey(key);
+        if (!result.valid) {
+            return { valid: false, message: 'Invalid or expired license key.' };
+        }
+        // Also verify Stripe subscription is still active for subscription-based keys
+        if (result.productKey === 'contentgrade_pro' && result.email) {
+            const subActive = hasActiveSubscription(result.email);
+            if (!subActive) {
+                return { valid: false, message: 'Subscription is no longer active. Please renew at content-grade.github.io/Content-Grade.' };
+            }
+        }
+        return { valid: true, email: result.email, productKey: result.productKey };
+    });
+}

package/dist-server/server/routes/stripe.js

@@ -1,4 +1,5 @@
 import { getStripe, isStripeConfigured, isAudienceDecoderConfigured, hasActiveSubscription, hasPurchased, getCustomerStripeId, upsertCustomer, saveSubscription, updateSubscriptionStatus, updateSubscriptionPeriod, saveOneTimePurchase, } from '../services/stripe.js';
+import { upsertLicenseKey, getLicenseKeysForEmail, validateLicenseKey } from '../services/license.js';
 export function registerStripeRoutes(app) {
     app.post('/api/stripe/create-checkout-session', async (req, reply) => {
         const body = req.body;
@@ -91,6 +92,9 @@ export function registerStripeRoutes(app) {
                         status: 'active',
                         current_period_end: 0,
                     });
+                    // Generate and store license key for CLI pro access
+                    const licenseKey = upsertLicenseKey(email, stripeCustomerId, 'contentgrade_pro');
+                    console.log(`[stripe] License key issued for ${email}: ${licenseKey.slice(0, 10)}...`);
                 }
                 else if (data.mode === 'payment' && email && stripeCustomerId) {
                     saveOneTimePurchase({
@@ -118,6 +122,68 @@ export function registerStripeRoutes(app) {
         }
         return { received: true };
     });
+    app.post('/api/stripe/billing-portal', async (req, reply) => {
+        const body = req.body;
+        const email = (body?.email ?? '').trim().toLowerCase();
+        if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+            reply.status(400);
+            return { error: 'Valid email required.' };
+        }
+        const stripe = getStripe();
+        if (!stripe) {
+            reply.status(503);
+            return { error: 'Stripe not configured' };
+        }
+        const customerId = getCustomerStripeId(email);
+        if (!customerId) {
+            reply.status(404);
+            return { error: 'No Stripe customer found for this email. Please use the email you used to subscribe.' };
+        }
+        try {
+            const publicUrl = process.env.PUBLIC_URL || 'http://localhost:4000';
+            const session = await stripe.billingPortal.sessions.create({
+                customer: customerId,
+                return_url: body?.returnUrl ?? publicUrl,
+            });
+            return { url: session.url };
+        }
+        catch (err) {
+            reply.status(500);
+            return { error: `Billing portal failed: ${err.message}` };
+        }
+    });
+    // Returns the license key for a Pro subscriber — used by CLI activate flow
+    app.get('/api/stripe/license-key', async (req, reply) => {
+        const query = req.query;
+        const email = (query.email ?? '').trim().toLowerCase();
+        if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+            reply.status(400);
+            return { error: 'Valid email required.' };
+        }
+        if (!hasActiveSubscription(email)) {
+            reply.status(403);
+            return { error: 'No active Content-Grade Pro subscription found for this email.' };
+        }
+        // Retroactively generate a key for subscribers who paid before this feature existed
+        const customerId = getCustomerStripeId(email);
+        const licenseKey = upsertLicenseKey(email, customerId ?? undefined, 'contentgrade_pro');
+        return { licenseKey, email };
+    });
+    // Validates a license key — used by CLI to confirm key is genuine
+    app.post('/api/stripe/validate-license', async (req, reply) => {
+        const body = req.body;
+        const key = (body?.key ?? '').trim();
+        if (!key) {
+            reply.status(400);
+            return { error: 'key required' };
+        }
+        const result = validateLicenseKey(key);
+        if (!result.valid) {
+            reply.status(403);
+            return { valid: false, error: 'Invalid or revoked license key.' };
+        }
+        return { valid: true, email: result.email, productKey: result.productKey };
+    });
     app.get('/api/stripe/subscription-status', async (req, reply) => {
         const query = req.query;
         const email = (query.email ?? '').trim().toLowerCase();
@@ -125,10 +191,13 @@ export function registerStripeRoutes(app) {
             reply.status(400);
             return { error: 'email required' };
         }
+        const keys = getLicenseKeysForEmail(email);
+        const activeLicenseKey = keys.find(k => k.status === 'active')?.key ?? null;
         return {
             active: hasActiveSubscription(email),
             audiencedecoder: hasPurchased(email, 'audiencedecoder_report'),
             plan: hasActiveSubscription(email) ? 'contentgrade_pro' : null,
+            licenseKey: activeLicenseKey,
             configured: isStripeConfigured(),
             audienceDecoderConfigured: isAudienceDecoderConfigured(),
         };

package/dist-server/server/services/license.js

@@ -0,0 +1,38 @@
+import crypto from 'crypto';
+import { getDb } from '../db.js';
+export function generateLicenseKey() {
+    const bytes = crypto.randomBytes(8);
+    const hex = bytes.toString('hex').toUpperCase();
+    return `CG-${hex.slice(0, 4)}-${hex.slice(4, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}`;
+}
+export function upsertLicenseKey(email, stripeCustomerId, productKey = 'contentgrade_pro') {
+    const db = getDb();
+    const existing = db.prepare(`SELECT key FROM license_keys WHERE email = ? AND product_key = ? AND status = 'active' LIMIT 1`).get(email, productKey);
+    if (existing)
+        return existing.key;
+    const key = generateLicenseKey();
+    db.prepare(`
+    INSERT INTO license_keys (key, email, stripe_customer_id, product_key, status)
+    VALUES (?, ?, ?, ?, 'active')
+  `).run(key, email, stripeCustomerId ?? null, productKey);
+    return key;
+}
+export function validateLicenseKey(key) {
+    const db = getDb();
+    const row = db.prepare(`SELECT key, email, product_key, status FROM license_keys WHERE key = ? LIMIT 1`).get(key);
+    if (!row)
+        return { valid: false };
+    db.prepare(`
+    UPDATE license_keys SET last_validated_at = CURRENT_TIMESTAMP, validation_count = validation_count + 1 WHERE key = ?
+  `).run(key);
+    if (row.status !== 'active')
+        return { valid: false, status: row.status };
+    return { valid: true, email: row.email, productKey: row.product_key, status: row.status };
+}
+export function getLicenseKeysForEmail(email) {
+    const rows = getDb().prepare(`SELECT key, product_key, status, created_at FROM license_keys WHERE email = ? ORDER BY created_at DESC`).all(email);
+    return rows.map(r => ({ key: r.key, productKey: r.product_key, status: r.status, createdAt: r.created_at }));
+}
+export function revokeLicenseKey(key) {
+    getDb().prepare(`UPDATE license_keys SET status = 'revoked' WHERE key = ?`).run(key);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "content-grade",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "AI-powered content analysis CLI. Score any blog post, landing page, or ad copy in under 30 seconds — runs on Claude CLI, no API key needed.",
   "type": "module",
   "bin": {
@@ -58,10 +58,10 @@
     "github-traffic": "node scripts/github-traffic.js"
   },
   "dependencies": {
-    "@fastify/cors": "^9.0.1",
-    "@fastify/static": "^7.0.4",
+    "@fastify/cors": "^11.2.0",
+    "@fastify/static": "^9.0.0",
     "better-sqlite3": "^9.4.3",
-    "fastify": "^4.28.1",
+    "fastify": "^5.8.2",
     "stripe": "^14.21.0"
   },
   "pnpm": {
@@ -76,14 +76,14 @@
     "@types/react": "^18.3.0",
     "@types/react-dom": "^18.3.0",
     "@vitejs/plugin-react": "^4.3.0",
-    "@vitest/coverage-v8": "^2.1.0",
+    "@vitest/coverage-v8": "^3.2.4",
     "concurrently": "^8.2.2",
     "react": "^18.3.0",
     "react-dom": "^18.3.0",
     "react-router-dom": "^6.23.0",
     "tsx": "^4.16.0",
     "typescript": "^5.5.0",
-    "vite": "^5.4.0",
-    "vitest": "^2.1.0"
+    "vite": "^6.4.1",
+    "vitest": "^3.2.4"
   }
 }