fraim-framework 2.0.177 → 2.0.180

package/dist/src/ai-hub/desktop-main.js

@@ -8,7 +8,6 @@ const electron_1 = require("electron");
 const path_1 = __importDefault(require("path"));
 const fs_1 = __importDefault(require("fs"));
 const server_1 = require("./server");
-const db_service_1 = require("../fraim/db-service");
 const cert_store_1 = require("./cert-store");
 const office_sideload_1 = require("./office-sideload");
 // ---------------------------------------------------------------------------
@@ -24,7 +23,8 @@ let isQuitting = false; // distinguishes window-close (→ tray) from app-quit
 // ---------------------------------------------------------------------------
 function tryCreateDbService() {
     try {
-        return new db_service_1.FraimDbService();
+        const loaded = require('../fraim/db-service');
+        return new loaded.FraimDbService();
     }
     catch {
         return undefined;

package/dist/src/ai-hub/server.js

@@ -110,6 +110,16 @@ function loadPersonaCapabilityModule() {
 function getProtectedPersonaForHubJob(jobName) {
     return loadPersonaCapabilityModule()?.getProtectedPersonaForJob(jobName) ?? null;
 }
+const FRAIM_INTERNAL_JOB_IDS = new Set([
+    'contribute-to-fraim',
+    'create-registry-asset',
+    'extract-ashley-learnings',
+    'file-fraim-issue',
+    'praise-fraim',
+    'run-on-remote-hub',
+    'setup-remote-hub',
+    'update-registry-override',
+]);
 function listHubPersonaBundles() {
     return loadPersonaCapabilityModule()?.listPersonaCapabilityBundles() ?? [];
 }
@@ -147,6 +157,9 @@ function createDefaultDbService() {
         return undefined;
     }
 }
+function supportsManagerSeatAssignments(dbService) {
+    return typeof dbService.countHubManagerAssignments === 'function';
+}
 class AiHubRunRegistry {
     constructor() {
         this.runs = new Map();
@@ -1246,6 +1259,23 @@ class AiHubServer {
         this.app.get('/api/health', (_req, res) => {
             res.json({ status: 'ok', service: 'fraim-ai-hub' });
         });
+        // Issue #659: Inbound auth middleware for remote-exposed hubs.
+        // Activated only when FRAIM_HUB_AUTH_TOKEN env var is set. Gates all
+        // /api/ai-hub/* routes. /health and /api/health are registered above
+        // this block and are never gated.
+        if (process.env.FRAIM_HUB_AUTH_TOKEN) {
+            const expectedToken = process.env.FRAIM_HUB_AUTH_TOKEN;
+            this.app.use('/api/ai-hub', (req, res, next) => {
+                const token = req.headers['x-hub-auth'];
+                if (typeof token !== 'string' ||
+                    token.length !== expectedToken.length ||
+                    !(0, crypto_1.timingSafeEqual)(Buffer.from(token), Buffer.from(expectedToken))) {
+                    res.status(401).json({ error: 'Unauthorized' });
+                    return;
+                }
+                next();
+            });
+        }
         this.registerRoutes();
     }
     getApp() {
@@ -1363,7 +1393,9 @@ class AiHubServer {
         // Issue #566 (R7): jobs already carry `personalized` from catalog discovery
         // (true for the fraim/personalized-employee layer). The Hub renders a plain
         // "Personalized" marking from that flag — no author/attribution is tracked.
-        const jobs = rawJobs.map((job) => ({
+        const jobs = rawJobs
+            .filter((job) => !FRAIM_INTERNAL_JOB_IDS.has(job.id))
+            .map((job) => ({
             ...job,
             requiredPersonaKey: getProtectedPersonaForHubJob(job.id),
         }));
@@ -1853,6 +1885,23 @@ class AiHubServer {
             if (!state) {
                 return { personas: fallbackPersonas, subscriptionActive: false, workspaceId: null, userKey: null };
             }
+            // Legacy bypass: persona gating is not active for this workspace, so all personas are accessible.
+            // Mirrors the evaluatePersonaAccess legacy bypass in persona-entitlement-service.ts.
+            if (!state.subscriptionActive) {
+                const legacySeatCount = supportsManagerSeatAssignments(this.dbService) ? 0 : 1;
+                const allPersonas = allBundles.map((bundle) => ({
+                    key: bundle.personaKey,
+                    displayName: bundle.catalogMetadata.displayName,
+                    role: bundle.catalogMetadata.role,
+                    avatarUrl: buildHubPersonaAvatarUrl(bundle.personaKey),
+                    pricingLabel: '',
+                    status: 'hired',
+                    hireUrl: buildHubPersonaHireUrl(bundle.personaKey, bundle.defaultHireMode),
+                    seatCount: legacySeatCount,
+                    seatsInUse: 0,
+                }));
+                return { personas: allPersonas, subscriptionActive: false, workspaceId: state.workspaceId, userKey: state.userId ?? null };
+            }
             const hiredKeys = new Set(state.entitlements
                 .filter((e) => e.status === 'active')
                 .map((e) => e.personaKey));

package/dist/src/api/admin/payments.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.listPayments = listPayments;
+async function listPayments(req, res, paymentRepo) {
+    try {
+        const { plan, status, startDate, endDate, limit = '50', offset = '0', } = req.query;
+        // Parse and validate parameters
+        const filters = {
+            limit: Math.min(parseInt(limit) || 50, 100),
+            offset: parseInt(offset) || 0,
+        };
+        if (plan)
+            filters.plan = plan;
+        if (status)
+            filters.status = status;
+        if (startDate)
+            filters.startDate = new Date(startDate);
+        if (endDate)
+            filters.endDate = new Date(endDate);
+        // Query payments
+        const { payments, total } = await paymentRepo.listPayments(filters);
+        res.json({
+            payments,
+            total,
+            limit: filters.limit,
+            offset: filters.offset,
+        });
+    }
+    catch (error) {
+        console.error('❌ Error listing payments:', error);
+        res.status(500).json({ error: 'Failed to list payments', details: error.message });
+    }
+}

package/dist/src/api/admin/sales-leads.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.listSalesLeads = listSalesLeads;
+async function listSalesLeads(req, res, dbService) {
+    try {
+        const { limit = '50', } = req.query;
+        // Parse and validate parameters
+        const limitNum = Math.min(parseInt(limit) || 50, 100);
+        // Query sales inquiries using existing collection
+        const inquiries = await dbService.getSalesInquiries(limitNum);
+        res.json({
+            leads: inquiries,
+            total: inquiries.length,
+            limit: limitNum,
+        });
+    }
+    catch (error) {
+        console.error('❌ Error listing sales inquiries:', error);
+        res.status(500).json({ error: 'Failed to list sales inquiries', details: error.message });
+    }
+}

package/dist/src/api/payment/create-session.js

@@ -0,0 +1,338 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCheckoutSession = createCheckoutSession;
+const stripe_1 = require("../../config/stripe");
+const payment_calculator_1 = require("../../utils/payment-calculator");
+const persona_hiring_1 = require("../../config/persona-hiring");
+async function createCheckoutSession(req, res, paymentRepo, dbService) {
+    try {
+        const { plan } = req.body;
+        // Validation
+        if (!plan || !['self-served', 'managed', 'persona-hire', 'bootcamp'].includes(plan)) {
+            return res.status(400).json({ error: 'Invalid plan. Must be "self-served", "managed", "persona-hire", or "bootcamp"' });
+        }
+        if (plan === 'persona-hire') {
+            return await createPersonaHireSession(req.body, res, paymentRepo);
+        }
+        if (plan === 'bootcamp') {
+            return await createBootcampSession(req.body, res, paymentRepo);
+        }
+        const { numberOfUsers, email, company, founderDiscount, billingCycle } = req.body;
+        if (!numberOfUsers || numberOfUsers < 1 || numberOfUsers > 1000) {
+            return res.status(400).json({ error: 'Invalid numberOfUsers. Must be between 1 and 1000' });
+        }
+        if (!email || !email.includes('@')) {
+            return res.status(400).json({ error: 'Valid email is required' });
+        }
+        if (!billingCycle || !['monthly', 'annual'].includes(billingCycle)) {
+            return res.status(400).json({ error: 'Invalid billingCycle. Must be "monthly" or "annual"' });
+        }
+        // Auto-lookup identity-based partner discount (email-level takes priority over domain-level)
+        const partnerEntry = await dbService.lookupPartnerDiscount(email);
+        // Validate founder discount if requested and no partner discount overrides it
+        if (founderDiscount && !partnerEntry) {
+            const validation = (0, payment_calculator_1.validateFounderEmail)(email);
+            if (!validation.valid) {
+                return res.status(400).json({ error: validation.reason });
+            }
+        }
+        // Calculate payment amount (founder discount affects displayed amount)
+        const applyFounderForCalc = founderDiscount && !partnerEntry;
+        const legacyPlan = plan;
+        const { amount, discountAmount } = (0, payment_calculator_1.calculatePaymentAmount)(legacyPlan, numberOfUsers, billingCycle, Boolean(applyFounderForCalc));
+        // Determine which coupon to apply: partner discount takes priority over founder
+        const appliedCouponId = partnerEntry
+            ? partnerEntry.couponId
+            : (founderDiscount ? 'FOUNDER90' : null);
+        // Create or retrieve Stripe customer
+        const customers = await stripe_1.stripe.customers.list({ email, limit: 1 });
+        let customer;
+        if (customers.data.length > 0) {
+            customer = customers.data[0];
+        }
+        else {
+            customer = await stripe_1.stripe.customers.create({
+                email,
+                metadata: {
+                    company: company || '',
+                    plan,
+                    numberOfUsers: numberOfUsers.toString(),
+                },
+            });
+        }
+        const recurringInterval = billingCycle === 'monthly' ? 'month' : 'year';
+        // Build Stripe checkout session config (subscription mode, always collect card)
+        const sessionConfig = {
+            customer: customer.id,
+            payment_method_types: ['card'],
+            line_items: [
+                {
+                    price_data: {
+                        currency: stripe_1.STRIPE_CONFIG.currency,
+                        product_data: {
+                            name: `FRAIM ${plan === 'self-served' ? 'Self-Served' : 'Managed'} Plan`,
+                            description: `${numberOfUsers} user${numberOfUsers > 1 ? 's' : ''} - ${billingCycle === 'monthly' ? 'Monthly' : 'Annual'} billing`,
+                        },
+                        unit_amount: Math.round(amount / numberOfUsers),
+                        recurring: {
+                            interval: recurringInterval,
+                        },
+                    },
+                    quantity: numberOfUsers,
+                },
+            ],
+            mode: 'subscription',
+            payment_method_collection: 'always',
+            success_url: `${stripe_1.STRIPE_CONFIG.successUrl}?session_id={CHECKOUT_SESSION_ID}`,
+            cancel_url: stripe_1.STRIPE_CONFIG.cancelUrl,
+            subscription_data: {
+                metadata: {
+                    plan,
+                    numberOfUsers: numberOfUsers.toString(),
+                    founderDiscount: founderDiscount ? 'true' : 'false',
+                    partnerDiscountMatch: partnerEntry ? partnerEntry.match : '',
+                    appliedCouponId: appliedCouponId || '',
+                    billingCycle,
+                    company: company || '',
+                },
+            },
+            metadata: {
+                plan,
+                numberOfUsers: numberOfUsers.toString(),
+                founderDiscount: founderDiscount ? 'true' : 'false',
+                partnerDiscountMatch: partnerEntry ? partnerEntry.match : '',
+                appliedCouponId: appliedCouponId || '',
+                discountAmount: discountAmount.toString(),
+                billingCycle,
+                company: company || '',
+            },
+        };
+        // Apply coupon if one was selected
+        if (appliedCouponId) {
+            let coupon;
+            if (appliedCouponId === 'FOUNDER90') {
+                try {
+                    coupon = await stripe_1.stripe.coupons.retrieve('FOUNDER90');
+                }
+                catch {
+                    coupon = await stripe_1.stripe.coupons.create({
+                        id: 'FOUNDER90',
+                        percent_off: 90,
+                        duration: 'forever',
+                        name: 'Founder Discount (90% Off)',
+                    });
+                }
+            }
+            else if (appliedCouponId === 'PARTNER100') {
+                try {
+                    coupon = await stripe_1.stripe.coupons.retrieve('PARTNER100');
+                }
+                catch {
+                    coupon = await stripe_1.stripe.coupons.create({
+                        id: 'PARTNER100',
+                        percent_off: 100,
+                        duration: 'forever',
+                        name: 'Partner Discount (100% Off)',
+                    });
+                }
+            }
+            else {
+                coupon = await stripe_1.stripe.coupons.retrieve(appliedCouponId);
+            }
+            sessionConfig.discounts = [{ coupon: coupon.id }];
+        }
+        const session = await stripe_1.stripe.checkout.sessions.create(sessionConfig);
+        // Increment partner discount use count
+        if (partnerEntry) {
+            await dbService.incrementPartnerDiscountUseCount(partnerEntry._id);
+        }
+        // Create payment record in database
+        await paymentRepo.createPayment({
+            email,
+            company,
+            plan: plan,
+            numberOfUsers,
+            billingCycle: billingCycle,
+            amount,
+            currency: stripe_1.STRIPE_CONFIG.currency,
+            founderDiscount: founderDiscount && !partnerEntry ? true : false,
+            appliedCouponId: appliedCouponId || undefined,
+            discountAmount: appliedCouponId ? discountAmount : undefined,
+            status: 'pending',
+            stripeCustomerId: customer.id,
+            stripePaymentIntentId: '', // Will be updated by webhook
+            stripeCheckoutSessionId: session.id,
+            timestamp: new Date(),
+        });
+        res.json({
+            sessionId: session.id,
+            sessionUrl: session.url,
+        });
+    }
+    catch (error) {
+        console.error('❌ Error creating checkout session:', error);
+        res.status(500).json({ error: 'Failed to create checkout session', details: error.message });
+    }
+}
+async function createPersonaHireSession(body, res, paymentRepo) {
+    const { email, company, personaKey, hireMode, founderDiscount } = body;
+    if (!email || !email.includes('@')) {
+        return res.status(400).json({ error: 'Valid email is required' });
+    }
+    if (!personaKey || !(0, persona_hiring_1.isPersonaHireKey)(personaKey)) {
+        return res.status(400).json({ error: 'Invalid personaKey for persona-hire checkout' });
+    }
+    if (!hireMode || !['job', 'fulltime'].includes(hireMode)) {
+        return res.status(400).json({ error: 'Invalid hireMode. Must be "job" or "fulltime"' });
+    }
+    if (founderDiscount) {
+        const validation = (0, payment_calculator_1.validateFounderEmail)(email);
+        if (!validation.valid) {
+            return res.status(400).json({ error: validation.reason });
+        }
+    }
+    const typedPersonaKey = personaKey;
+    const typedHireMode = hireMode;
+    const persona = persona_hiring_1.PERSONA_HIRE_CATALOG[typedPersonaKey];
+    const baseAmount = (0, persona_hiring_1.getPersonaHireAmountCents)(typedPersonaKey, typedHireMode);
+    const amount = founderDiscount ? Math.round(baseAmount * 0.10) : baseAmount;
+    const metadata = {
+        plan: 'persona-hire',
+        personaKey: typedPersonaKey,
+        personaName: persona.displayName,
+        personaRole: persona.role,
+        hireMode: typedHireMode,
+        billingCycle: typedHireMode === 'fulltime' ? 'monthly' : '',
+        company: company || '',
+    };
+    const hubBaseUrl = process.env.FRAIM_HUB_BASE_URL;
+    const successUrl = hubBaseUrl
+        ? `${hubBaseUrl}/ai-hub/payment-success?session_id={CHECKOUT_SESSION_ID}&email=${encodeURIComponent(email)}`
+        : `${stripe_1.STRIPE_CONFIG.successUrl}?session_id={CHECKOUT_SESSION_ID}`;
+    const sessionConfig = {
+        customer_email: email,
+        payment_method_types: ['card'],
+        success_url: successUrl,
+        cancel_url: stripe_1.STRIPE_CONFIG.cancelUrl,
+        metadata,
+    };
+    if (typedHireMode === 'fulltime') {
+        sessionConfig.mode = 'subscription';
+        sessionConfig.payment_method_collection = 'always';
+        sessionConfig.line_items = [
+            {
+                price_data: {
+                    currency: stripe_1.STRIPE_CONFIG.currency,
+                    product_data: {
+                        name: `${persona.displayName} Full-Time Hire`,
+                        description: `${persona.role} - billed monthly`,
+                    },
+                    unit_amount: amount,
+                    recurring: {
+                        interval: 'month',
+                    },
+                },
+                quantity: 1,
+            },
+        ];
+        sessionConfig.subscription_data = { metadata };
+    }
+    else {
+        sessionConfig.mode = 'payment';
+        sessionConfig.line_items = [
+            {
+                price_data: {
+                    currency: stripe_1.STRIPE_CONFIG.currency,
+                    product_data: {
+                        name: `${persona.displayName} Per-Job Hire`,
+                        description: `${persona.role} - one scoped job`,
+                    },
+                    unit_amount: amount,
+                },
+                quantity: 1,
+            },
+        ];
+    }
+    const session = await stripe_1.stripe.checkout.sessions.create(sessionConfig);
+    await paymentRepo.createPayment({
+        email,
+        company,
+        plan: 'persona-hire',
+        numberOfUsers: 1,
+        billingCycle: 'monthly',
+        amount,
+        currency: stripe_1.STRIPE_CONFIG.currency,
+        founderDiscount: founderDiscount ?? false,
+        status: 'pending',
+        stripeCustomerId: typeof session.customer === 'string' ? session.customer : (session.customer?.id ?? ''),
+        stripePaymentIntentId: '',
+        stripeCheckoutSessionId: session.id,
+        timestamp: new Date(),
+        metadata,
+    });
+    return res.json({
+        sessionId: session.id,
+        sessionUrl: session.url,
+    });
+}
+const BOOTCAMP_PRICE_CENTS = 199500; // $1,995
+async function createBootcampSession(body, res, paymentRepo) {
+    const { email, company, founderDiscount } = body;
+    if (!email || !email.includes('@')) {
+        return res.status(400).json({ error: 'Valid email is required' });
+    }
+    if (founderDiscount) {
+        const validation = (0, payment_calculator_1.validateFounderEmail)(email);
+        if (!validation.valid) {
+            return res.status(400).json({ error: validation.reason });
+        }
+    }
+    const amount = founderDiscount ? Math.round(BOOTCAMP_PRICE_CENTS * 0.10) : BOOTCAMP_PRICE_CENTS;
+    const customers = await stripe_1.stripe.customers.list({ email, limit: 1 });
+    const customer = customers.data[0] || await stripe_1.stripe.customers.create({
+        email,
+        metadata: { company: company || '', plan: 'bootcamp' },
+    });
+    const metadata = {
+        plan: 'bootcamp',
+        company: company || '',
+    };
+    const session = await stripe_1.stripe.checkout.sessions.create({
+        customer: customer.id,
+        payment_method_types: ['card'],
+        mode: 'payment',
+        success_url: `${stripe_1.STRIPE_CONFIG.successUrl}?session_id={CHECKOUT_SESSION_ID}`,
+        cancel_url: stripe_1.STRIPE_CONFIG.cancelUrl,
+        metadata,
+        line_items: [
+            {
+                price_data: {
+                    currency: stripe_1.STRIPE_CONFIG.currency,
+                    product_data: {
+                        name: 'FRAIM Manager Bootcamp',
+                        description: '4-week cohort · 1 seat · live sessions + capstone',
+                    },
+                    unit_amount: amount,
+                },
+                quantity: 1,
+            },
+        ],
+    });
+    await paymentRepo.createPayment({
+        email,
+        company,
+        plan: 'bootcamp',
+        numberOfUsers: 1,
+        billingCycle: 'monthly',
+        amount,
+        currency: stripe_1.STRIPE_CONFIG.currency,
+        founderDiscount: founderDiscount ?? false,
+        status: 'pending',
+        stripeCustomerId: customer.id,
+        stripePaymentIntentId: '',
+        stripeCheckoutSessionId: session.id,
+        timestamp: new Date(),
+        metadata,
+    });
+    return res.json({ sessionId: session.id, sessionUrl: session.url });
+}

package/dist/src/api/payment/dashboard-link.js

@@ -0,0 +1,149 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveDashboardLinkForCheckoutSession = resolveDashboardLinkForCheckoutSession;
+exports.getDashboardLinkFromCheckoutSession = getDashboardLinkFromCheckoutSession;
+const stripe_1 = require("../../config/stripe");
+const feature_flags_1 = require("../../config/feature-flags");
+const dashboard_access_1 = require("../../services/dashboard-access");
+const persona_entitlement_service_1 = require("../../services/persona-entitlement-service");
+function isCheckoutSessionReadyForDashboard(session) {
+    const status = session.status;
+    const paymentStatus = session.payment_status;
+    const isComplete = status === 'complete';
+    const isPaidOrNoPaymentRequired = paymentStatus === 'paid' || paymentStatus === 'no_payment_required';
+    return isComplete && isPaidOrNoPaymentRequired;
+}
+function getSessionCustomerId(session) {
+    if (!session.customer)
+        return null;
+    return typeof session.customer === 'string' ? session.customer : session.customer.id;
+}
+function getSessionSubscriptionId(session) {
+    if (!session.subscription)
+        return null;
+    return typeof session.subscription === 'string' ? session.subscription : session.subscription.id;
+}
+async function resolveSessionEmail(session, customerId, customerRetriever) {
+    const customerDetailsEmail = session.customer_details?.email;
+    if (customerDetailsEmail)
+        return customerDetailsEmail.toLowerCase();
+    if (!customerId)
+        return null;
+    try {
+        const customer = await customerRetriever(customerId);
+        if (!('deleted' in customer) && customer.email) {
+            return customer.email.toLowerCase();
+        }
+    }
+    catch {
+        // Fallback: return null and let caller decide.
+    }
+    return null;
+}
+function extractSubscriptionPeriodEnd(subscription) {
+    if (!subscription)
+        return null;
+    const rootPeriodEnd = subscription.current_period_end;
+    if (typeof rootPeriodEnd === 'number' && rootPeriodEnd > 0) {
+        return new Date(rootPeriodEnd * 1000);
+    }
+    const itemEnds = (subscription.items?.data || [])
+        .map((item) => item?.current_period_end)
+        .filter((value) => typeof value === 'number' && value > 0);
+    if (itemEnds.length > 0) {
+        return new Date(Math.min(...itemEnds) * 1000);
+    }
+    return null;
+}
+async function resolveDashboardLinkForCheckoutSession(sessionId, dbService, deps = {}) {
+    if (!sessionId || !sessionId.startsWith('cs_')) {
+        return { ok: false, status: 400, error: 'Invalid session_id' };
+    }
+    const sessionRetriever = deps.sessionRetriever || ((id) => stripe_1.stripe.checkout.sessions.retrieve(id));
+    const customerRetriever = deps.customerRetriever || ((id) => stripe_1.stripe.customers.retrieve(id));
+    const subscriptionRetriever = deps.subscriptionRetriever || ((id) => stripe_1.stripe.subscriptions.retrieve(id));
+    let session;
+    try {
+        session = await sessionRetriever(sessionId);
+    }
+    catch (error) {
+        return { ok: false, status: 500, error: `Failed to load checkout session: ${error?.message || error}` };
+    }
+    if (!isCheckoutSessionReadyForDashboard(session)) {
+        return { ok: false, status: 409, error: 'Checkout session is not complete yet' };
+    }
+    const customerId = getSessionCustomerId(session);
+    const subscriptionId = getSessionSubscriptionId(session);
+    const email = await resolveSessionEmail(session, customerId, customerRetriever);
+    if ((0, feature_flags_1.isPersonaEntitlementsEnabled)() && session.metadata?.plan === 'persona-hire') {
+        await (0, persona_entitlement_service_1.syncPersonaEntitlementFromCheckoutSession)(dbService, {
+            ...session,
+            customer_details: session.customer_details || (email ? { email } : undefined)
+        }, 'dashboard-link');
+    }
+    let subscription = null;
+    if (subscriptionId) {
+        try {
+            subscription = await subscriptionRetriever(subscriptionId);
+        }
+        catch (error) {
+            console.warn(`⚠️ Could not retrieve subscription ${subscriptionId} for dashboard link: ${error?.message || error}`);
+        }
+    }
+    const nextBillingDate = extractSubscriptionPeriodEnd(subscription);
+    let apiKey = customerId ? await dbService.getApiKeyByStripeCustomerId(customerId) : null;
+    if (!apiKey && email) {
+        apiKey = await dbService.getApiKeyByUserId(email);
+    }
+    if (apiKey) {
+        const updatePatch = {
+            tier: 'paid-subscription',
+            status: 'active',
+            expiresAt: null,
+        };
+        if (customerId)
+            updatePatch.stripeCustomerId = customerId;
+        if (subscriptionId)
+            updatePatch.stripeSubscriptionId = subscriptionId;
+        if (nextBillingDate)
+            updatePatch.currentPeriodEnd = nextBillingDate;
+        await dbService.updateApiKey(apiKey.key, updatePatch);
+    }
+    else {
+        if (!email) {
+            return { ok: false, status: 404, error: 'Could not resolve customer email for session' };
+        }
+        const newKey = dbService.generateApiKey(email, 'default');
+        await dbService.createApiKey({
+            key: newKey,
+            userId: email,
+            orgId: 'default',
+            tier: 'paid-subscription',
+            status: 'active',
+            expiresAt: null,
+            stripeCustomerId: customerId,
+            stripeSubscriptionId: subscriptionId,
+            currentPeriodEnd: nextBillingDate,
+            cancelAt: null,
+            suspendedAt: null,
+            suspensionReason: null,
+            lastUsedAt: null,
+            apiCallCount: 0,
+            personaSystemActive: (0, feature_flags_1.isPersonaEntitlementsEnabled)() || undefined
+        });
+        apiKey = { key: newKey, userId: email };
+    }
+    if (!apiKey) {
+        return { ok: false, status: 500, error: 'Could not resolve API key for checkout session' };
+    }
+    const dashboardUrl = await (0, dashboard_access_1.createDashboardAccessUrl)(dbService, apiKey.userId, apiKey.key);
+    return { ok: true, dashboardUrl };
+}
+async function getDashboardLinkFromCheckoutSession(req, res, dbService) {
+    const sessionId = req.query.session_id;
+    const resolved = await resolveDashboardLinkForCheckoutSession(sessionId, dbService);
+    if (!resolved.ok) {
+        return res.status(resolved.status).json({ error: resolved.error });
+    }
+    return res.json({ dashboardUrl: resolved.dashboardUrl });
+}

package/dist/src/api/payment/session-details.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getSessionDetails = getSessionDetails;
+const stripe_1 = require("../../config/stripe");
+async function getSessionDetails(req, res) {
+    const sessionId = req.query.session_id;
+    if (!sessionId || !sessionId.startsWith('cs_')) {
+        return res.status(400).json({ error: 'Invalid session_id' });
+    }
+    try {
+        const session = await stripe_1.stripe.checkout.sessions.retrieve(sessionId);
+        const meta = session.metadata || {};
+        const amountTotal = session.amount_total ?? 0; // cents
+        res.json({
+            plan: meta.plan || null,
+            personaKey: meta.personaKey || null,
+            personaName: meta.personaName || null,
+            personaRole: meta.personaRole || null,
+            hireMode: meta.hireMode || null,
+            numberOfUsers: meta.numberOfUsers ? parseInt(meta.numberOfUsers) : null,
+            billingCycle: meta.billingCycle || null,
+            amountTotal, // cents
+            currency: session.currency || 'usd',
+            appliedCouponId: meta.appliedCouponId || null,
+        });
+    }
+    catch (error) {
+        console.error('❌ Error fetching session details:', error.message);
+        res.status(500).json({ error: 'Failed to fetch session details' });
+    }
+}