jettypod 4.4.115 → 4.4.118

package/apps/dashboard/electron/main.js

@@ -1,4 +1,4 @@
-const { app, BrowserWindow, Menu, dialog } = require('electron');
+const { app, BrowserWindow, Menu, dialog, shell } = require('electron');
 const { spawn, execSync } = require('child_process');
 const path = require('path');
 const fs = require('fs');
@@ -7,6 +7,7 @@ const { WebSocketServer } = require('ws');
 const { registerIpcHandlers, closeDb } = require('./ipc-handlers');
 const { ingestCucumberResults, closeIngesterDb } = require('./test-results-ingester');
 const { autoUpdater } = require('electron-updater');
+const sessionManager = require('./session-manager');
 
 // Track child processes and servers for cleanup
 let nextProcess = null;
@@ -145,8 +146,39 @@ function getMainWindow() {
 // WebSocket configuration
 const WS_PORT = 47808;
 
+// Persistent log file for diagnostics
+const LOG_DIR = path.join(app.getPath('home'), 'Library', 'Logs', 'jettypod');
+const LOG_FILE = path.join(LOG_DIR, 'main.log');
+const MAX_LOG_SIZE = 5 * 1024 * 1024; // 5MB
+
+let logStream = null;
+
+function initLogFile() {
+  try {
+    fs.mkdirSync(LOG_DIR, { recursive: true });
+    // Rotate if too large
+    if (fs.existsSync(LOG_FILE)) {
+      const stats = fs.statSync(LOG_FILE);
+      if (stats.size > MAX_LOG_SIZE) {
+        const rotated = `${LOG_FILE}.1`;
+        if (fs.existsSync(rotated)) fs.unlinkSync(rotated);
+        fs.renameSync(LOG_FILE, rotated);
+      }
+    }
+    logStream = fs.createWriteStream(LOG_FILE, { flags: 'a' });
+  } catch {
+    // Fall back to console-only logging
+  }
+}
+
+initLogFile();
+
 function log(msg) {
-  console.log(`[Electron] ${msg}`);
+  const line = `[${new Date().toISOString()}] [Electron] ${msg}`;
+  console.log(line);
+  if (logStream) {
+    logStream.write(line + '\n');
+  }
 }
 
 /**
@@ -198,6 +230,7 @@ function getShellEnv() {
 
   // Common paths where npm/node might be installed (fallback for users who have it)
   const additionalPaths = [
+    `${home}/.claude/local`,                   // Official Claude Code install script
     '/usr/local/bin',                          // Homebrew (Intel Mac) / common location
     '/opt/homebrew/bin',                       // Homebrew (Apple Silicon)
     '/opt/homebrew/sbin',
@@ -566,7 +599,7 @@ function startTestResultsPolling() {
 
         // Ingest results into SQLite before broadcasting
         try {
-          const count = ingestCucumberResults(projectRoot);
+          const count = ingestCucumberResults(testResultsPath);
           if (count > 0) {
             log(`[WS] Ingested ${count} test results into database`);
           }
@@ -948,7 +981,10 @@ module.exports = {
   writeLastSelectedProject,
   installClaudeCode,
   updateClaudeCode,
-  getClaudeCodeInstalled
+  getClaudeCodeInstalled,
+  getClaudeCodeAuthenticated,
+  checkClaudeCodeAuthenticated,
+  loginClaudeCode
 };
 
 // ==================== Application Menu ====================
@@ -1069,7 +1105,19 @@ function buildApplicationMenu() {
         {
           label: 'Check for Updates',
           click: async () => {
+            const headers = sessionManager.getUpdaterHeaders();
+            if (!headers.Authorization) {
+              dialog.showMessageBox({
+                type: 'warning',
+                title: 'Update Check Unavailable',
+                message: 'Not signed in.',
+                detail: 'Please sign in to check for updates.',
+                buttons: ['OK']
+              });
+              return;
+            }
             log('[AutoUpdate] Manual check for updates...');
+            autoUpdater.requestHeaders = headers;
             try {
               const result = await autoUpdater.checkForUpdates();
               if (result && result.updateInfo) {
@@ -1124,16 +1172,20 @@ function createWindow() {
 
   windows.add(mainWindow);
 
-  // Determine start URL based on access code, Claude Code, and project status
+  // Determine start URL based on auth state, Claude Code, and project status
   let startUrl;
-  if (isPackaged && !isAccessGranted()) {
-    // Access code required - show access code screen (production only)
-    startUrl = 'http://localhost:3000/access-code';
-    log('Access not granted, showing access code screen');
+  if (isPackaged && !isAuthenticated()) {
+    // Auth required - show login screen (production only)
+    startUrl = 'http://localhost:3000/login';
+    log('No auth token, showing login screen');
   } else if (!claudeCodeInstalled) {
     // Claude Code is required - show install screen
     startUrl = 'http://localhost:3000/install-claude';
     log('Claude Code not installed, showing install screen');
+  } else if (!claudeCodeAuthenticated) {
+    // Claude Code installed but not authenticated - show connect screen
+    startUrl = 'http://localhost:3000/connect-claude';
+    log('Claude Code not authenticated, showing connect screen');
   } else {
     // Check if we have a valid project configured
     const hasProject = hasValidProject(projectRoot);
@@ -1260,8 +1312,10 @@ function cleanup() {
 
 // ==================== Claude Code Detection ====================
 
-// Track whether Claude Code is installed (checked on startup)
+// Track whether Claude Code is installed and authenticated (checked on startup)
 let claudeCodeInstalled = false;
+let claudeCodeAuthenticated = false;
+let claudeCodeNeedsUpdate = false;
 
 /**
  * Check if Claude Code CLI is installed
@@ -1269,12 +1323,14 @@ let claudeCodeInstalled = false;
  * @returns {boolean} true if Claude Code is installed
  */
 function checkClaudeCodeInstalled() {
+  const shellEnv = getShellEnv();
+  log(`[ClaudeCode] Checking with PATH: ${shellEnv.PATH}`);
   try {
-    execSync('which claude', { encoding: 'utf-8', stdio: 'pipe', env: getShellEnv() });
-    log('[ClaudeCode] Claude Code is installed');
+    const which = execSync('which claude', { encoding: 'utf-8', stdio: 'pipe', env: shellEnv }).trim();
+    log(`[ClaudeCode] Claude Code found at: ${which}`);
     return true;
   } catch {
-    log('[ClaudeCode] Claude Code is NOT installed');
+    log('[ClaudeCode] Claude Code is NOT installed (not found in PATH)');
     return false;
   }
 }
@@ -1377,6 +1433,143 @@ function getClaudeCodeInstalled() {
   return claudeCodeInstalled;
 }
 
+function getClaudeCodeAuthenticated() {
+  return claudeCodeAuthenticated;
+}
+
+/**
+ * Check if Claude Code CLI is authenticated.
+ * Runs a lightweight command that requires auth to succeed.
+ * On any unexpected failure, defaults to false (shows connect screen)
+ * so the user can authenticate rather than hitting a broken state.
+ * @returns {boolean} true if Claude Code is authenticated
+ */
+function checkClaudeCodeAuthenticated() {
+  if (!claudeCodeInstalled) return false;
+  const shellEnv = getShellEnv();
+  try {
+    // claude -p with a simple prompt fails fast if not authenticated
+    execSync('claude -p "ping" --output-format text', {
+      encoding: 'utf-8',
+      stdio: 'pipe',
+      env: shellEnv,
+      timeout: 15000
+    });
+    log('[ClaudeCode] Claude Code is authenticated');
+    return true;
+  } catch (err) {
+    const stderr = (err.stderr || '').toString();
+    const stdout = (err.stdout || '').toString();
+    const message = err.message || '';
+
+    // Timeout — cli hung, don't block startup, show connect screen
+    if (err.killed || message.includes('ETIMEDOUT') || message.includes('timed out')) {
+      log('[ClaudeCode] Auth check timed out, defaulting to unauthenticated');
+      return false;
+    }
+
+    // Outdated CLI — flag for auto-update
+    const combined = stderr + stdout + message;
+    if (combined.includes('needs an update') || combined.includes('needs_update')) {
+      log('[ClaudeCode] CLI is outdated, flagging for auto-update');
+      claudeCodeNeedsUpdate = true;
+      return false;
+    }
+
+    // Auth-related errors — definitely not authenticated
+    if (stderr.includes('not logged in') || stderr.includes('login') ||
+        stdout.includes('not logged in') || stdout.includes('login')) {
+      log('[ClaudeCode] Claude Code is NOT authenticated');
+      return false;
+    }
+
+    // Any other error (network, spawn failure, unexpected crash) —
+    // default to unauthenticated so user sees the connect screen
+    // rather than silently failing in the main app
+    log(`[ClaudeCode] Auth check failed, defaulting to unauthenticated: ${stderr || stdout || message}`);
+    return false;
+  }
+}
+
+/**
+ * Spawn `claude` to trigger browser-based OAuth authentication.
+ * The CLI auto-detects missing credentials and starts the OAuth flow,
+ * printing an auth URL to stdout/stderr. We capture it and open it
+ * with shell.openExternal() since the spawned process has no TTY.
+ * @returns {Promise<{success: boolean, error?: string}>}
+ */
+function loginClaudeCode() {
+  return new Promise((resolve) => {
+    const shellEnv = getShellEnv();
+    log('[ClaudeCode] Starting claude auth flow...');
+
+    const loginProcess = spawn(getUserShell(), ['-lc', 'claude'], {
+      env: shellEnv,
+      stdio: 'pipe'
+    });
+
+    let stdout = '';
+    let stderr = '';
+    let urlOpened = false;
+
+    const tryOpenUrl = (text) => {
+      if (urlOpened) return;
+      // Match OAuth/auth URLs the CLI prints for non-TTY environments
+      const urlMatch = text.match(/https?:\/\/\S+/);
+      if (urlMatch) {
+        const url = urlMatch[0];
+        log(`[ClaudeCode] Found auth URL, opening in browser: ${url}`);
+        shell.openExternal(url);
+        urlOpened = true;
+      }
+    };
+
+    loginProcess.stdout.on('data', (data) => {
+      const chunk = data.toString();
+      stdout += chunk;
+      log(`[ClaudeCode] stdout: ${chunk.trim()}`);
+      tryOpenUrl(chunk);
+    });
+
+    loginProcess.stderr.on('data', (data) => {
+      const chunk = data.toString();
+      stderr += chunk;
+      log(`[ClaudeCode] stderr: ${chunk.trim()}`);
+      tryOpenUrl(chunk);
+    });
+
+    loginProcess.on('close', async (code) => {
+      if (code === 0) {
+        claudeCodeAuthenticated = true;
+        log('[ClaudeCode] Auth completed successfully');
+        resolve({ success: true });
+      } else if (stderr.includes('needs an update') || stderr.includes('needs_update') ||
+                 stdout.includes('needs an update') || stdout.includes('needs_update')) {
+        log('[ClaudeCode] CLI outdated during login, running auto-update...');
+        const updateResult = await updateClaudeCode();
+        if (updateResult.success) {
+          log('[ClaudeCode] Auto-update succeeded, retrying login');
+          claudeCodeNeedsUpdate = false;
+          // Retry login after update
+          const retryResult = await loginClaudeCode();
+          resolve(retryResult);
+        } else {
+          log(`[ClaudeCode] Auto-update failed: ${updateResult.error}`);
+          resolve({ success: false, error: 'Claude Code needs an update but the update failed. Please run "claude update" manually.' });
+        }
+      } else {
+        log(`[ClaudeCode] Auth failed with code ${code}: ${stderr}`);
+        resolve({ success: false, error: stderr || `Auth exited with code ${code}` });
+      }
+    });
+
+    loginProcess.on('error', (err) => {
+      log(`[ClaudeCode] Auth spawn error: ${err.message}`);
+      resolve({ success: false, error: err.message });
+    });
+  });
+}
+
 // ==================== PATH Setup ====================
 
 const SYMLINK_PATH = '/usr/local/bin/jettypod';
@@ -1421,8 +1614,11 @@ async function setupPathOnFirstLaunch() {
 
   log('[PATH] Setting up PATH with admin privileges...');
 
-  // Use osascript to run ln with admin privileges
-  const script = `do shell script "ln -sf '${bundledPath}' '${SYMLINK_PATH}'" with administrator privileges`;
+  // Use osascript to run ln with admin privileges.
+  // mkdir -p ensures the parent directory exists (e.g. /usr/local/bin may not
+  // exist on fresh Apple Silicon Macs which use /opt/homebrew/bin by default).
+  const symlinkDir = path.dirname(SYMLINK_PATH);
+  const script = `do shell script "mkdir -p '${symlinkDir}' && ln -sf '${bundledPath}' '${SYMLINK_PATH}'" with administrator privileges`;
 
   try {
     execSync(`osascript -e '${script}'`, { encoding: 'utf-8' });
@@ -1433,35 +1629,84 @@ async function setupPathOnFirstLaunch() {
   }
 }
 
-// ==================== Access Code Gating ====================
+// ==================== Subscription & Access ====================
 
 /**
- * Get path to access-granted.json file
+ * Get path to subscription.json file
  * Stored in Electron's userData directory (~/.config/JettyPod/)
  */
-function getAccessGrantedPath() {
-  return path.join(app.getPath('userData'), 'access-granted.json');
+function getSubscriptionPath() {
+  return path.join(app.getPath('userData'), 'subscription.json');
+}
+
+/**
+ * Get the path to the auth state file.
+ * Stored alongside subscription.json in Electron's userData directory.
+ */
+function getAuthPath() {
+  return path.join(app.getPath('userData'), 'auth.json');
+}
+
+/**
+ * Check if there's a stored auth token (JWT).
+ * Does NOT validate the token — just checks if auth.json exists with a token.
+ */
+function isAuthenticated() {
+  const authPath = getAuthPath();
+  if (!fs.existsSync(authPath)) {
+    log('[Auth] No auth.json found');
+    return false;
+  }
+
+  try {
+    const data = JSON.parse(fs.readFileSync(authPath, 'utf-8'));
+    if (data.token) {
+      log('[Auth] Auth token found');
+      return true;
+    }
+  } catch (error) {
+    log(`[Auth] Error reading auth file: ${error.message}`);
+  }
+
+  return false;
+}
+
+/**
+ * Read the Stripe customer ID from subscription config.
+ * Returns null if no subscription is stored.
+ * Written by the Stripe checkout flow (chore #1000535).
+ */
+function getSubscriptionCustomerId() {
+  const subPath = getSubscriptionPath();
+  if (!fs.existsSync(subPath)) return null;
+  try {
+    const data = JSON.parse(fs.readFileSync(subPath, 'utf-8'));
+    return data.customerId || null;
+  } catch (error) {
+    log(`[Subscription] Error reading subscription file: ${error.message}`);
+    return null;
+  }
 }
 
 /**
- * Check if app access has been granted via access code
- * @returns {boolean} True if access has been granted
+ * Check if there's an active subscription stored locally.
+ * Full validation against Stripe happens on update check / app refresh.
  */
-function isAccessGranted() {
-  const accessPath = getAccessGrantedPath();
-  if (!fs.existsSync(accessPath)) {
-    log('[Access] No access-granted.json found');
+function isSubscriptionActive() {
+  const subPath = getSubscriptionPath();
+  if (!fs.existsSync(subPath)) {
+    log('[Subscription] No subscription.json found');
     return false;
   }
 
   try {
-    const data = JSON.parse(fs.readFileSync(accessPath, 'utf-8'));
-    if (data.activated) {
-      log('[Access] Access granted');
+    const data = JSON.parse(fs.readFileSync(subPath, 'utf-8'));
+    if (data.customerId) {
+      log('[Subscription] Active subscription found');
       return true;
     }
   } catch (error) {
-    log(`[Access] Error reading access file: ${error.message}`);
+    log(`[Subscription] Error reading subscription file: ${error.message}`);
   }
 
   return false;
@@ -1652,18 +1897,120 @@ autoUpdater.on('update-downloaded', (info) => {
 
 // ==================== App Lifecycle ====================
 
+// Register jettypod:// protocol for OAuth callback
+if (!isPackaged) {
+  // Dev mode: pass app path so macOS can route the URL to this Electron instance
+  app.setAsDefaultProtocolClient('jettypod', process.execPath, [path.resolve(process.argv[1])]);
+} else {
+  app.setAsDefaultProtocolClient('jettypod');
+}
+
+/**
+ * Decode a JWT payload without verifying the signature.
+ * Used to extract user info (email, plan) from the token before saving.
+ */
+function decodeJWTPayload(token) {
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+    const payload = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+    return JSON.parse(Buffer.from(payload, 'base64').toString('utf-8'));
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Handle a jettypod:// protocol URL (OAuth callback).
+ * Saves the token + decoded user info to auth.json and navigates to the dashboard.
+ */
+function handleProtocolUrl(url) {
+  log(`[Auth] Protocol handler received: ${url}`);
+
+  try {
+    const parsed = new URL(url);
+    // jettypod://auth/callback parses as hostname='auth', pathname='/callback'
+    const isAuthCallback =
+      (parsed.hostname === 'auth' && parsed.pathname === '/callback') ||
+      parsed.pathname === '//auth/callback' ||
+      parsed.pathname === '/auth/callback';
+    if (isAuthCallback) {
+      const token = parsed.searchParams.get('token');
+      if (token && mainWindow) {
+        // Decode JWT to extract user info (sub, email, plan)
+        const payload = decodeJWTPayload(token);
+        const user = payload ? { id: payload.sub, email: payload.email, plan: payload.plan } : undefined;
+
+        // Save auth.json with token AND user data
+        const authPath = path.join(app.getPath('userData'), 'auth.json');
+        const dir = path.dirname(authPath);
+        if (!fs.existsSync(dir)) {
+          fs.mkdirSync(dir, { recursive: true });
+        }
+        fs.writeFileSync(authPath, JSON.stringify({ token, user, savedAt: new Date().toISOString() }, null, 2));
+        log('[Auth] Token + user data saved from OAuth callback');
+
+        // Navigate to main page
+        mainWindow.loadURL('http://localhost:3000');
+        mainWindow.focus();
+      }
+    }
+  } catch (error) {
+    log(`[Auth] Error handling protocol URL: ${error.message}`);
+  }
+}
+
+// Single-instance lock: ensure deep links are routed to the existing instance
+const gotTheLock = app.requestSingleInstanceLock();
+
+if (!gotTheLock) {
+  // Another instance is already running — quit this one.
+  // The URL (if any) will be forwarded to the existing instance via 'second-instance'.
+  app.quit();
+} else {
+  // On macOS, protocol URLs for a running app arrive via 'open-url'.
+  app.on('open-url', (event, url) => {
+    event.preventDefault();
+    handleProtocolUrl(url);
+  });
+
+  // On Windows/Linux (and macOS second-instance fallback), the URL arrives here.
+  app.on('second-instance', (_event, commandLine) => {
+    // The protocol URL is typically the last argument
+    const url = commandLine.find(arg => arg.startsWith('jettypod://'));
+    if (url) {
+      handleProtocolUrl(url);
+    }
+    // Focus the main window
+    if (mainWindow) {
+      if (mainWindow.isMinimized()) mainWindow.restore();
+      mainWindow.focus();
+    }
+  });
+}
+
 app.whenReady().then(async () => {
   log('Electron app ready');
 
+  // Start session manager (handles auth heartbeat + auto-updater token)
+  sessionManager.setLogger(log);
+  if (isAuthenticated()) {
+    sessionManager.start();
+  }
+
   // Check for updates in the background (only in packaged app)
-  if (isPackaged) {
-    log('[AutoUpdate] Checking for updates...');
-    try {
-      await autoUpdater.checkForUpdatesAndNotify();
-    } catch (error) {
-      // Log error but don't crash - auto-update failures shouldn't prevent app launch
-      console.error('[AutoUpdate] Failed to check for updates:', error.message);
-      log(`[AutoUpdate] Update check failed: ${error.message}`);
+  if (isPackaged && isAuthenticated()) {
+    const headers = sessionManager.getUpdaterHeaders();
+    if (headers.Authorization) {
+      autoUpdater.requestHeaders = headers;
+      log('[AutoUpdate] Checking for updates with JWT...');
+      try {
+        await autoUpdater.checkForUpdatesAndNotify();
+      } catch (error) {
+        log(`[AutoUpdate] Update check failed: ${error.message}`);
+      }
+    } else {
+      log('[AutoUpdate] Skipping update check - no auth token');
     }
   }
 
@@ -1672,6 +2019,37 @@ app.whenReady().then(async () => {
   claudeCodeInstalled = checkClaudeCodeInstalled();
   log(`Claude Code installed: ${claudeCodeInstalled}`);
 
+  // Check if Claude Code is authenticated (only if installed)
+  // Wrapped in try/catch so a catastrophic failure here doesn't crash startup
+  if (claudeCodeInstalled) {
+    try {
+      claudeCodeAuthenticated = checkClaudeCodeAuthenticated();
+    } catch (err) {
+      log(`[ClaudeCode] Auth check crashed unexpectedly: ${err.message}`);
+      claudeCodeAuthenticated = false;
+    }
+
+    // Auto-update if CLI is outdated, then retry auth check
+    if (!claudeCodeAuthenticated && claudeCodeNeedsUpdate) {
+      log('[ClaudeCode] CLI outdated, running auto-update...');
+      const updateResult = await updateClaudeCode();
+      if (updateResult.success) {
+        log('[ClaudeCode] Auto-update succeeded, retrying auth check');
+        claudeCodeNeedsUpdate = false;
+        try {
+          claudeCodeAuthenticated = checkClaudeCodeAuthenticated();
+        } catch (err) {
+          log(`[ClaudeCode] Auth re-check crashed: ${err.message}`);
+          claudeCodeAuthenticated = false;
+        }
+      } else {
+        log(`[ClaudeCode] Auto-update failed: ${updateResult.error}`);
+      }
+    }
+
+    log(`Claude Code authenticated: ${claudeCodeAuthenticated}`);
+  }
+
   // Setup PATH on first launch (creates symlink to /usr/local/bin)
   await setupPathOnFirstLaunch();
 

package/apps/dashboard/electron/preload.js

@@ -46,6 +46,7 @@ contextBridge.exposeInMainWorld('electronAPI', {
 
     // Project info
     getProjectName: () => ipcRenderer.invoke('db:getProjectName'),
+
   },
 
   // Claude subprocess management
@@ -76,6 +77,7 @@ contextBridge.exposeInMainWorld('electronAPI', {
   // Project operations
   project: {
     openDialog: () => ipcRenderer.invoke('dialog:openProject'),
+    newProject: () => ipcRenderer.invoke('dialog:newProject'),
     getRecent: () => ipcRenderer.invoke('projects:getRecent'),
     addRecent: (path) => ipcRenderer.invoke('projects:addRecent', path),
     openRecent: (path) => ipcRenderer.invoke('projects:openRecent', path),
@@ -85,13 +87,30 @@ contextBridge.exposeInMainWorld('electronAPI', {
   claudeCode: {
     install: () => ipcRenderer.invoke('claudeCode:install'),
     isInstalled: () => ipcRenderer.invoke('claudeCode:isInstalled'),
+    isAuthenticated: () => ipcRenderer.invoke('claudeCode:isAuthenticated'),
+    login: () => ipcRenderer.invoke('claudeCode:login'),
     update: () => ipcRenderer.invoke('claudeCode:update'),
   },
 
-  // Access code gating
-  access: {
-    validate: (code) => ipcRenderer.invoke('access:validate', code),
-    getStatus: () => ipcRenderer.invoke('access:getStatus'),
+  // Subscription gating (legacy)
+  subscription: {
+    createCheckout: (plan) => ipcRenderer.invoke('subscription:createCheckout', plan),
+    activate: (customerId) => ipcRenderer.invoke('subscription:activate', customerId),
+    getStatus: () => ipcRenderer.invoke('subscription:getStatus'),
+  },
+
+  // Billing
+  billing: {
+    openCustomerPortal: () => ipcRenderer.invoke('billing:openCustomerPortal'),
+  },
+
+  // Auth (JWT-based)
+  auth: {
+    loginWithGoogle: () => ipcRenderer.invoke('auth:loginWithGoogle'),
+    saveToken: (token, user) => ipcRenderer.invoke('auth:saveToken', token, user),
+    getStatus: () => ipcRenderer.invoke('auth:getStatus'),
+    getToken: () => ipcRenderer.invoke('auth:getToken'),
+    logout: () => ipcRenderer.invoke('auth:logout'),
   },
 
   // Shell operations