jettypod 4.4.118 → 4.4.121

package/apps/dashboard/vite.config.ts

@@ -0,0 +1,33 @@
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react-swc'
+import tailwindcss from '@tailwindcss/vite'
+import path from 'path'
+
+export default defineConfig({
+  plugins: [
+    react(),
+    tailwindcss(),
+  ],
+  resolve: {
+    alias: {
+      '@': path.resolve(__dirname, '.'),
+    },
+  },
+  server: {
+    port: 1420,
+    strictPort: true,
+  },
+  build: {
+    outDir: 'dist',
+    emptyOutDir: true,
+    rollupOptions: {
+      output: {
+        manualChunks: {
+          'vendor-motion': ['framer-motion'],
+          'vendor-dnd': ['@dnd-kit/core', '@dnd-kit/utilities'],
+          'vendor-markdown': ['react-markdown', 'remark-gfm'],
+        },
+      },
+    },
+  },
+})

package/apps/update-server/src/index.ts

@@ -58,10 +58,41 @@ interface StripeCheckoutSession {
   subscription: string;
 }
 
+interface TauriPlatformArtifact {
+  url: string;
+  signature: string;
+}
+
+interface TauriUpdateManifest {
+  version: string;
+  notes: string;
+  pub_date: string;
+  platforms: Record<string, TauriPlatformArtifact>;
+}
+
 // ─── JWT ────────────────────────────────────────────────────────────
 
 const JWT_EXPIRY = 30 * 24 * 60 * 60; // 30 days
 
+// Cache imported CryptoKeys to avoid re-importing on every JWT operation
+const cryptoKeyCache = new Map<string, CryptoKey>();
+
+async function getHmacKey(secret: string, usage: 'sign' | 'verify'): Promise<CryptoKey> {
+  const cacheKey = `${secret}:${usage}`;
+  let key = cryptoKeyCache.get(cacheKey);
+  if (!key) {
+    key = await crypto.subtle.importKey(
+      'raw',
+      new TextEncoder().encode(secret),
+      { name: 'HMAC', hash: 'SHA-256' },
+      false,
+      [usage]
+    );
+    cryptoKeyCache.set(cacheKey, key);
+  }
+  return key;
+}
+
 async function signJWT(payload: JWTPayload, secret: string): Promise<string> {
   const header = { alg: 'HS256', typ: 'JWT' };
   const encode = (obj: unknown) =>
@@ -71,13 +102,7 @@ async function signJWT(payload: JWTPayload, secret: string): Promise<string> {
   const payloadB64 = encode(payload);
   const signingInput = `${headerB64}.${payloadB64}`;
 
-  const key = await crypto.subtle.importKey(
-    'raw',
-    new TextEncoder().encode(secret),
-    { name: 'HMAC', hash: 'SHA-256' },
-    false,
-    ['sign']
-  );
+  const key = await getHmacKey(secret, 'sign');
   const sig = await crypto.subtle.sign('HMAC', key, new TextEncoder().encode(signingInput));
   const sigB64 = btoa(String.fromCharCode(...new Uint8Array(sig)))
     .replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
@@ -92,13 +117,7 @@ async function verifyJWT(token: string, secret: string): Promise<JWTPayload | nu
   const [headerB64, payloadB64, sigB64] = parts;
   const signingInput = `${headerB64}.${payloadB64}`;
 
-  const key = await crypto.subtle.importKey(
-    'raw',
-    new TextEncoder().encode(secret),
-    { name: 'HMAC', hash: 'SHA-256' },
-    false,
-    ['verify']
-  );
+  const key = await getHmacKey(secret, 'verify');
 
   const sigBytes = Uint8Array.from(
     atob(sigB64.replace(/-/g, '+').replace(/_/g, '/')),
@@ -176,37 +195,9 @@ async function validateAccess(
     return { valid: false, error: 'Invalid customer token' };
   }
 
-  const headers = { Authorization: `Bearer ${env.STRIPE_SECRET_KEY}` };
-
-  const subResponse = await fetch(
-    `https://api.stripe.com/v1/customers/${encodeURIComponent(customerId)}/subscriptions?status=active&limit=1`,
-    { headers }
-  );
-
-  if (subResponse.ok) {
-    const subData = (await subResponse.json()) as { data: unknown[] };
-    if (subData.data && subData.data.length > 0) {
-      return { valid: true };
-    }
-  } else if (subResponse.status === 404) {
-    return { valid: false, error: 'Customer not found' };
-  }
-
-  const chargeResponse = await fetch(
-    `https://api.stripe.com/v1/charges?customer=${encodeURIComponent(customerId)}&limit=1`,
-    { headers }
-  );
-
-  if (chargeResponse.ok) {
-    const chargeData = (await chargeResponse.json()) as {
-      data: Array<{ paid: boolean; refunded: boolean }>;
-    };
-    const hasSuccessfulPayment = chargeData.data?.some(
-      (charge) => charge.paid && !charge.refunded
-    );
-    if (hasSuccessfulPayment) {
-      return { valid: true };
-    }
+  const plan = await determinePlanFromStripe(customerId, env);
+  if (plan !== 'free') {
+    return { valid: true };
   }
 
   return { valid: false, error: 'No active subscription or purchase found' };
@@ -318,6 +309,16 @@ async function googleAuthCallback(request: Request, env: Env): Promise<Response>
 
 const OTP_TTL = 300; // 5 minutes
 const OTP_LENGTH = 6;
+const OTP_SEND_RATE_LIMIT = 5; // max sends per window
+const OTP_VERIFY_RATE_LIMIT = 10; // max verify attempts per window
+const RATE_LIMIT_WINDOW = 900; // 15 minutes
+
+async function checkRateLimit(kv: KVNamespace, key: string, limit: number): Promise<boolean> {
+  const current = parseInt(await kv.get(key) || '0', 10);
+  if (current >= limit) return false;
+  await kv.put(key, String(current + 1), { expirationTtl: RATE_LIMIT_WINDOW });
+  return true;
+}
 
 function generateOTP(): string {
   const array = new Uint32Array(1);
@@ -326,18 +327,28 @@ function generateOTP(): string {
 }
 
 async function handleSendOTP(request: Request, env: Env): Promise<Response> {
-  const body = (await request.json()) as { email?: string };
+  let body: { email?: string };
+  try {
+    body = (await request.json()) as { email?: string };
+  } catch {
+    return Response.json({ error: 'Invalid request body' }, { status: 400 });
+  }
   const email = body.email?.trim().toLowerCase();
 
   if (!email || !email.includes('@')) {
     return Response.json({ error: 'Valid email required' }, { status: 400 });
   }
 
+  const allowed = await checkRateLimit(env.AUTH_KV, `rate:otp-send:${email}`, OTP_SEND_RATE_LIMIT);
+  if (!allowed) {
+    return Response.json({ error: 'Too many requests. Try again later.' }, { status: 429 });
+  }
+
   const code = generateOTP();
 
   await env.AUTH_KV.put(`otp:${email}`, code, { expirationTtl: OTP_TTL });
 
-  await fetch('https://api.resend.com/emails', {
+  const emailRes = await fetch('https://api.resend.com/emails', {
     method: 'POST',
     headers: {
       Authorization: `Bearer ${env.RESEND_API_KEY}`,
@@ -351,11 +362,21 @@ async function handleSendOTP(request: Request, env: Env): Promise<Response> {
     }),
   });
 
+  if (!emailRes.ok) {
+    console.error('Failed to send OTP email:', emailRes.status, await emailRes.text());
+    return Response.json({ error: 'Failed to send email' }, { status: 502 });
+  }
+
   return Response.json({ sent: true });
 }
 
 async function handleVerifyOTP(request: Request, env: Env): Promise<Response> {
-  const body = (await request.json()) as { email?: string; code?: string };
+  let body: { email?: string; code?: string };
+  try {
+    body = (await request.json()) as { email?: string; code?: string };
+  } catch {
+    return Response.json({ error: 'Invalid request body' }, { status: 400 });
+  }
   const email = body.email?.trim().toLowerCase();
   const code = body.code?.trim();
 
@@ -363,6 +384,11 @@ async function handleVerifyOTP(request: Request, env: Env): Promise<Response> {
     return Response.json({ error: 'Email and code required' }, { status: 400 });
   }
 
+  const allowed = await checkRateLimit(env.AUTH_KV, `rate:otp-verify:${email}`, OTP_VERIFY_RATE_LIMIT);
+  if (!allowed) {
+    return Response.json({ error: 'Too many attempts. Try again later.' }, { status: 429 });
+  }
+
   const storedCode = await env.AUTH_KV.get(`otp:${email}`);
   if (!storedCode || storedCode !== code) {
     return Response.json({ error: 'Invalid or expired code' }, { status: 401 });
@@ -504,11 +530,17 @@ async function incrementUsage(db: D1Database, userId: string): Promise<void> {
 // ─── Authenticated Route Handlers ───────────────────────────────────
 
 async function handleGetMe(user: JWTPayload, env: Env): Promise<Response> {
-  // Check D1 for current plan (may differ from JWT if webhook updated it)
-  const dbUser = await env.AUTH_DB.prepare('SELECT * FROM users WHERE id = ?').bind(user.sub).first<User>();
+  // Run user fetch and usage check in parallel to avoid sequential DB queries
+  const [dbUser, usageFromJwt] = await Promise.all([
+    env.AUTH_DB.prepare('SELECT * FROM users WHERE id = ?').bind(user.sub).first<User>(),
+    checkUsageLimit(env.AUTH_DB, user.sub, user.plan),
+  ]);
   const currentPlan = dbUser?.plan || user.plan;
 
-  const usage = await checkUsageLimit(env.AUTH_DB, user.sub, currentPlan);
+  // If plan changed from JWT, re-check usage with correct plan
+  const usage = currentPlan !== user.plan
+    ? await checkUsageLimit(env.AUTH_DB, user.sub, currentPlan)
+    : usageFromJwt;
 
   const response: Record<string, unknown> = {
     user: { id: user.sub, email: user.email, plan: currentPlan },
@@ -539,7 +571,12 @@ async function handleUsageIncrement(user: JWTPayload, env: Env): Promise<Respons
 }
 
 async function handleLinkStripe(request: Request, user: JWTPayload, env: Env): Promise<Response> {
-  const body = (await request.json()) as { customerId?: string };
+  let body: { customerId?: string };
+  try {
+    body = (await request.json()) as { customerId?: string };
+  } catch {
+    return Response.json({ error: 'Invalid request body' }, { status: 400 });
+  }
   const customerId = body.customerId;
 
   if (!customerId?.startsWith('cus_')) {
@@ -588,6 +625,68 @@ async function determinePlanFromStripe(customerId: string, env: Env): Promise<st
   return 'free';
 }
 
+// ─── Platform Telemetry ─────────────────────────────────────────────
+
+function logUpdateCheck(request: Request, platform: 'electron' | 'tauri', meta: Record<string, string> = {}): void {
+  const userAgent = request.headers.get('User-Agent') || 'unknown';
+  console.log(JSON.stringify({
+    event: 'update_check',
+    platform,
+    user_agent: userAgent,
+    ...meta,
+  }));
+}
+
+// ─── Tauri Update ──────────────────────────────────────────────────
+
+/** Compare two semver strings. Returns 1 if a > b, -1 if a < b, 0 if equal. */
+function compareSemver(a: string, b: string): number {
+  const pa = a.replace(/^v/, '').split('.').map(Number);
+  const pb = b.replace(/^v/, '').split('.').map(Number);
+  for (let i = 0; i < 3; i++) {
+    const diff = (pa[i] || 0) - (pb[i] || 0);
+    if (diff !== 0) return diff > 0 ? 1 : -1;
+  }
+  return 0;
+}
+
+async function handleTauriUpdate(
+  target: string,
+  arch: string,
+  currentVersion: string,
+  requestUrl: URL,
+  env: Env
+): Promise<Response> {
+  const object = await env.RELEASE_ARTIFACTS.get('tauri-releases.json');
+  if (!object) {
+    return Response.json({ error: 'No Tauri releases available' }, { status: 404 });
+  }
+
+  const manifest = (await object.json()) as TauriUpdateManifest;
+  const platformKey = `${target}-${arch}`;
+  const platform = manifest.platforms[platformKey];
+
+  if (!platform) {
+    return Response.json({ error: `Unsupported platform: ${platformKey}` }, { status: 404 });
+  }
+
+  if (compareSemver(manifest.version, currentVersion) <= 0) {
+    return new Response('', { status: 204 });
+  }
+
+  const downloadUrl = platform.url.startsWith('http')
+    ? platform.url
+    : `${requestUrl.origin}/updates/download/${platform.url}`;
+
+  return Response.json({
+    version: manifest.version,
+    notes: manifest.notes,
+    pub_date: manifest.pub_date,
+    url: downloadUrl,
+    signature: platform.signature,
+  });
+}
+
 // ─── Existing Route Handlers ────────────────────────────────────────
 
 async function handleUpdateManifest(env: Env): Promise<Response> {
@@ -599,7 +698,7 @@ async function handleUpdateManifest(env: Env): Promise<Response> {
   return new Response(object.body, {
     headers: {
       'Content-Type': 'text/yaml',
-      'Cache-Control': 'no-cache',
+      'Cache-Control': 'public, max-age=3600, must-revalidate',
       'ETag': object.httpEtag,
     },
   });
@@ -634,22 +733,54 @@ async function handleArtifactDownload(pathname: string, env: Env): Promise<Respo
   });
 }
 
+async function handleTauriPublicDownload(platformKey: string, env: Env): Promise<Response | null> {
+  const object = await env.RELEASE_ARTIFACTS.get('tauri-releases.json');
+  if (!object) return null;
+
+  const manifest = (await object.json()) as TauriUpdateManifest;
+  const platform = manifest.platforms[platformKey];
+  if (!platform?.url) return null;
+
+  const filename = platform.url;
+  const artifact = await env.RELEASE_ARTIFACTS.get(filename);
+  if (!artifact) return null;
+
+  const contentType = filename.endsWith('.dmg')
+    ? 'application/x-apple-diskimage'
+    : filename.endsWith('.AppImage')
+      ? 'application/x-executable'
+      : 'application/octet-stream';
+
+  return new Response(artifact.body, {
+    headers: {
+      'Content-Type': contentType,
+      'Content-Length': artifact.size.toString(),
+      'Content-Disposition': `attachment; filename="${filename}"`,
+      'Cache-Control': 'public, max-age=86400',
+      'ETag': artifact.httpEtag,
+    },
+  });
+}
+
 async function handlePublicDownload(arch: string, env: Env): Promise<Response> {
-  // Parse latest-mac.yml to find current filenames
+  // Try Tauri artifacts first
+  const platformKey = arch === 'arm64' ? 'darwin-aarch64' : 'darwin-x86_64';
+  const tauriResponse = await handleTauriPublicDownload(platformKey, env);
+  if (tauriResponse) return tauriResponse;
+
+  // Fall back to Electron manifest (latest-mac.yml) during transition
   const manifest = await env.RELEASE_ARTIFACTS.get('latest-mac.yml');
   if (!manifest) {
     return Response.json({ error: 'No releases available' }, { status: 404 });
   }
 
   const yml = await manifest.text();
-  // Find DMG filenames from the manifest
   const dmgFiles = [...yml.matchAll(/url:\s*(\S+\.dmg)/g)].map(m => m[1]);
 
   let filename: string | undefined;
   if (arch === 'arm64') {
     filename = dmgFiles.find(f => f.includes('arm64'));
   } else {
-    // x64 — the one without arm64
     filename = dmgFiles.find(f => !f.includes('arm64'));
   }
 
@@ -667,6 +798,7 @@ async function handlePublicDownload(arch: string, env: Env): Promise<Response> {
       'Content-Type': 'application/x-apple-diskimage',
       'Content-Length': object.size.toString(),
       'Content-Disposition': `attachment; filename="${filename}"`,
+      'Cache-Control': 'public, max-age=86400',
       'ETag': object.httpEtag,
     },
   });
@@ -692,13 +824,7 @@ async function verifyStripeSignature(
   if (age > 300) return false;
 
   const signedPayload = `${timestamp}.${payload}`;
-  const key = await crypto.subtle.importKey(
-    'raw',
-    new TextEncoder().encode(secret),
-    { name: 'HMAC', hash: 'SHA-256' },
-    false,
-    ['sign']
-  );
+  const key = await getHmacKey(secret, 'sign');
   const sig = await crypto.subtle.sign(
     'HMAC',
     key,
@@ -834,30 +960,33 @@ async function handleCheckoutSuccess(url: URL, env: Env): Promise<Response> {
     return new Response('Invalid session', { status: 400 });
   }
 
-  const session = (await response.json()) as StripeCheckoutSession;
-  const customerId = session.customer;
-
   return new Response(
     `<!DOCTYPE html>
 <html>
-<head><title>JettyPod — Subscription Activated</title>
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>JettyPod \u2014 Subscription Activated</title>
 <style>
-  body { font-family: -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; background: #fafafa; }
-  .card { background: white; padding: 48px; border-radius: 16px; box-shadow: 0 2px 8px rgba(0,0,0,0.08); text-align: center; max-width: 440px; }
-  h1 { color: #1a1a1a; margin-bottom: 8px; }
-  p { color: #666; line-height: 1.6; }
-  .customer-id { background: #f0f0f0; padding: 12px 20px; border-radius: 8px; font-family: monospace; font-size: 16px; margin: 24px 0; user-select: all; cursor: pointer; }
-  .hint { font-size: 13px; color: #999; }
-</style></head>
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; background: #F6F5F0; }
+  .card { background: white; padding: 48px 56px; border-radius: 16px; box-shadow: 0 1px 2px rgba(0,0,0,0.06), 0 4px 16px rgba(0,0,0,0.06); text-align: center; max-width: 440px; }
+  .check { width: 56px; height: 56px; background: #E8EEEF; border-radius: 50%; display: flex; align-items: center; justify-content: center; margin: 0 auto 24px; }
+  .check svg { width: 28px; height: 28px; color: #4A6365; }
+  h1 { color: #18181b; margin: 0 0 12px; font-size: 24px; letter-spacing: -0.025em; }
+  p { color: #52525b; line-height: 1.6; margin: 0; font-size: 15px; }
+  .cta { display: inline-block; margin-top: 32px; background: #819D9F; color: white; text-decoration: none; padding: 12px 32px; border-radius: 12px; font-size: 15px; font-weight: 500; box-shadow: 0 1px 2px rgba(0,0,0,0.06), 0 4px 12px rgba(129,157,159,0.2); transition: filter 0.15s; }
+  .cta:hover { filter: brightness(1.05); }
+</style>
+</head>
 <body>
 <div class="card">
-  <h1>Payment Successful!</h1>
-  <p>Copy your customer ID and paste it into JettyPod:</p>
-  <div class="customer-id" onclick="navigator.clipboard.writeText('${customerId}')">${customerId}</div>
-  <p class="hint">Click to copy. Then paste it in the JettyPod app.</p>
+  <div class="check"><svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2.5"><path stroke-linecap="round" stroke-linejoin="round" d="M5 13l4 4L19 7"/></svg></div>
+  <h1>You're all set!</h1>
+  <p>Your subscription is active. Head back to JettyPod to get started.</p>
+  <a class="cta" href="jettypod://subscription/activated">Open JettyPod</a>
 </div>
 </body></html>`,
-    { headers: { 'Content-Type': 'text/html' } }
+    { headers: { 'Content-Type': 'text/html; charset=utf-8' } }
   );
 }
 
@@ -1012,12 +1141,19 @@ async function handleRequest(request: Request, url: URL, pathname: string, env:
     return handlePublicDownload('arm64', env);
   }
 
+  if (request.method === 'GET' && pathname === '/download/linux') {
+    const response = await handleTauriPublicDownload('linux-x86_64', env);
+    if (response) return response;
+    return Response.json({ error: 'No Linux release available' }, { status: 404 });
+  }
+
   // ── Update routes (paid plan or legacy cus_ token) ─────────────
 
-  // Update manifest
+  // Update manifest (Electron)
   if (request.method === 'GET' && pathname === '/updates/latest-mac.yml') {
     const authError = await authenticateUpdateRequest(request, env);
     if (authError) return authError;
+    logUpdateCheck(request, 'electron');
     return handleUpdateManifest(env);
   }
 
@@ -1028,6 +1164,18 @@ async function handleRequest(request: Request, url: URL, pathname: string, env:
     return handleArtifactDownload(pathname, env);
   }
 
+  // Tauri update manifest — /tauri/:target/:arch/:current_version
+  if (request.method === 'GET' && pathname.startsWith('/tauri/')) {
+    const authError = await authenticateUpdateRequest(request, env);
+    if (authError) return authError;
+    const parts = pathname.split('/').filter(Boolean); // ["tauri", target, arch, version]
+    if (parts.length === 4) {
+      logUpdateCheck(request, 'tauri', { target: parts[1], arch: parts[2], current_version: parts[3] });
+      return handleTauriUpdate(parts[1], parts[2], parts[3], url, env);
+    }
+    return Response.json({ error: 'Invalid update URL format' }, { status: 400 });
+  }
+
   // ── Stripe/checkout routes (existing) ──────────────────────────
 
   if (request.method === 'POST' && pathname === '/checkout/create-session') {

package/claude-hooks/global-guardrails.js

@@ -245,28 +245,29 @@ function evaluateBashCommand(command, inputRef, cwd) {
     }
   }
 
-  // BLOCKED: work merge or tests merge from inside a worktree
-  // This prevents shell CWD corruption when worktree is deleted
+  // BLOCKED: work merge or tests merge from inside a worktree WITHOUT explicit ID
+  // Merge with explicit ID is safe: the merge command handles CWD internally via
+  // process.chdir() and does NOT delete the worktree (only cleanup does).
+  // Bare merge (no ID) is blocked because getCurrentWork() relies on branch detection
+  // which breaks after process.chdir() moves away from the worktree.
   if (/jettypod\s+(work|tests)\s+merge\b/.test(strippedCommand)) {
     const isInWorktree = cwd && cwd.includes('.jettypod-work');
-    if (isInWorktree) {
-      // Extract main repo path and work item ID for helpful error message
+    const hasExplicitId = /merge\s+\d+/.test(strippedCommand);
+    if (isInWorktree && !hasExplicitId) {
       const mainRepoPath = cwd.split('.jettypod-work')[0].replace(/\/$/, '');
-      const workIdMatch = strippedCommand.match(/merge\s+(\d+)/);
-      const workId = workIdMatch ? workIdMatch[1] : '<id>';
 
       return {
         allowed: false,
-        message: 'Cannot merge from inside a worktree',
-        hint: `Current CWD: ${cwd}
-Main repo:   ${mainRepoPath}
+        message: 'Cannot merge from inside a worktree without an explicit work item ID',
+        hint: `Provide the work item ID explicitly:
 
-Run these as TWO SEPARATE Bash calls:
+  jettypod work merge <id>
 
-  1. cd ${mainRepoPath}
-  2. jettypod work merge ${workId}
+This works from anywhere — the merge command handles CWD internally.
+After merge, cd to main repo before cleanup:
 
-Why: Hooks check CWD before 'cd &&' executes, so chained commands fail.`
+  cd ${mainRepoPath}
+  jettypod work cleanup <id>`
       };
     }
   }

package/crates/jettypod-cli/Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "jettypod-cli"
+version = "0.1.0"
+edition = "2021"
+description = "JettyPod workflow CLI"
+
+[[bin]]
+name = "jettypod"
+path = "src/main.rs"
+
+[dependencies]
+jettypod-core = { path = "../jettypod-core" }
+clap = { version = "4", features = ["derive"] }
+tokio = { workspace = true, features = ["rt-multi-thread", "macros"] }
+anyhow = { workspace = true }
+log = { workspace = true }
+serde_json = { workspace = true }
+chrono = { workspace = true }
+rusqlite = { version = "0.31", features = ["bundled"] }