npm - jettypod - Versions diffs - 4.4.120 → 4.4.121 - Mend

jettypod 4.4.120 → 4.4.121

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/.env +2 -1
package/Cargo.lock +6450 -0
package/Cargo.toml +35 -0
package/README.md +5 -1
package/TAURI-MIGRATION-PLAN.md +840 -0
package/apps/dashboard/app/connect-claude/page.tsx +5 -6
package/apps/dashboard/app/decision/[id]/page.tsx +54 -49
package/apps/dashboard/app/demo/gates/page.tsx +3 -5
package/apps/dashboard/app/design-system/page.tsx +1 -1
package/apps/dashboard/app/globals.css +74 -2
package/apps/dashboard/app/install-claude/page.tsx +3 -5
package/apps/dashboard/app/login/page.tsx +17 -20
package/apps/dashboard/app/page.tsx +101 -48
package/apps/dashboard/app/settings/page.tsx +60 -12
package/apps/dashboard/app/signup/page.tsx +14 -17
package/apps/dashboard/app/subscribe/page.tsx +0 -2
package/apps/dashboard/app/tests/page.tsx +37 -4
package/apps/dashboard/app/welcome/page.tsx +12 -15
package/apps/dashboard/app/work/[id]/page.tsx +90 -75
package/apps/dashboard/app/work/[id]/proof/page.tsx +1489 -0
package/apps/dashboard/components/AppShell.tsx +70 -61
package/apps/dashboard/components/CardMenu.tsx +0 -1
package/apps/dashboard/components/ClaudePanel.tsx +541 -283
package/apps/dashboard/components/ClaudePanelInput.tsx +23 -4
package/apps/dashboard/components/ConnectClaudeScreen.tsx +1 -5
package/apps/dashboard/components/CopyableId.tsx +1 -2
package/apps/dashboard/components/DetailReviewActions.tsx +11 -20
package/apps/dashboard/components/DragContext.tsx +132 -62
package/apps/dashboard/components/DraggableCard.tsx +3 -5
package/apps/dashboard/components/DropZone.tsx +5 -6
package/apps/dashboard/components/EditableDetailDescription.tsx +6 -12
package/apps/dashboard/components/EditableDetailTitle.tsx +6 -13
package/apps/dashboard/components/EditableTitle.tsx +0 -1
package/apps/dashboard/components/ElapsedTimer.tsx +15 -3
package/apps/dashboard/components/EpicGroup.tsx +100 -70
package/apps/dashboard/components/GateCard.tsx +0 -1
package/apps/dashboard/components/GateChoiceCard.tsx +1 -2
package/apps/dashboard/components/InstallClaudeScreen.tsx +1 -5
package/apps/dashboard/components/JettyLoader.tsx +0 -1
package/apps/dashboard/components/KanbanBoard.tsx +319 -173
package/apps/dashboard/components/KanbanCard.tsx +341 -107
package/apps/dashboard/components/LazyCard.tsx +62 -0
package/apps/dashboard/components/LazyMarkdown.tsx +0 -1
package/apps/dashboard/components/MainNav.tsx +24 -25
package/apps/dashboard/components/MessageBlock.tsx +93 -16
package/apps/dashboard/components/ModeStartCard.tsx +0 -1
package/apps/dashboard/components/OnboardingWelcome.tsx +0 -1
package/apps/dashboard/components/PlaceholderCard.tsx +0 -1
package/apps/dashboard/components/ProjectSwitcher.tsx +20 -20
package/apps/dashboard/components/PrototypeTimeline.tsx +47 -26
package/apps/dashboard/components/RealTimeKanbanWrapper.tsx +308 -223
package/apps/dashboard/components/RealTimeTestsWrapper.tsx +303 -160
package/apps/dashboard/components/ReviewFooter.tsx +12 -14
package/apps/dashboard/components/SessionList.tsx +0 -1
package/apps/dashboard/components/SubscribeContent.tsx +40 -11
package/apps/dashboard/components/TestTree.tsx +1 -2
package/apps/dashboard/components/TipCard.tsx +2 -4
package/apps/dashboard/components/Toast.tsx +0 -1
package/apps/dashboard/components/TypeIcon.tsx +7 -8
package/apps/dashboard/components/ViewModeToolbar.tsx +104 -0
package/apps/dashboard/components/WaveCompletionAnimation.tsx +5 -17
package/apps/dashboard/components/WelcomeScreen.tsx +2 -6
package/apps/dashboard/components/WorkItemHeader.tsx +0 -1
package/apps/dashboard/components/WorkItemTree.tsx +2 -4
package/apps/dashboard/components/settings/AccountSection.tsx +27 -13
package/apps/dashboard/components/settings/AiContextSection.tsx +89 -0
package/apps/dashboard/components/settings/ContextDocumentsSection.tsx +317 -0
package/apps/dashboard/components/settings/EnvVarsSection.tsx +20 -73
package/apps/dashboard/components/settings/GeneralSection.tsx +137 -26
package/apps/dashboard/components/settings/ProjectStackSection.tsx +948 -0
package/apps/dashboard/components/settings/SettingsLayout.tsx +0 -1
package/apps/dashboard/components/ui/Button.tsx +1 -1
package/apps/dashboard/components/ui/Input.tsx +1 -1
package/apps/dashboard/components.json +1 -1
package/apps/dashboard/contexts/ClaudeSessionContext.tsx +611 -358
package/apps/dashboard/contexts/ConnectionStatusContext.tsx +0 -1
package/apps/dashboard/contexts/UsageContext.tsx +62 -31
package/apps/dashboard/dev.sh +35 -0
package/apps/dashboard/eslint.config.mjs +9 -9
package/apps/dashboard/hooks/useWebSocket.ts +138 -83
package/apps/dashboard/index.html +73 -0
package/apps/dashboard/lib/data-bridge.ts +722 -0
package/apps/dashboard/lib/db.ts +69 -1302
package/apps/dashboard/lib/environment-config.ts +173 -0
package/apps/dashboard/lib/environment-verification.ts +119 -0
package/apps/dashboard/lib/kanban-utils.ts +226 -26
package/apps/dashboard/lib/proof-run.ts +495 -0
package/apps/dashboard/lib/proof-scenario-runner.ts +346 -0
package/apps/dashboard/lib/service-recovery.ts +326 -0
package/apps/dashboard/lib/session-state-machine.ts +1 -0
package/apps/dashboard/lib/session-state-utils.ts +0 -164
package/apps/dashboard/lib/session-stream-manager.ts +253 -122
package/apps/dashboard/lib/stream-manager-registry.ts +46 -6
package/apps/dashboard/lib/tauri-bridge.ts +102 -0
package/apps/dashboard/lib/tauri.ts +106 -0
package/apps/dashboard/lib/utils.ts +3 -3
package/apps/dashboard/next-env.d.ts +1 -1
package/apps/dashboard/package.json +21 -33
package/apps/dashboard/public/bug-icon.png +0 -0
package/apps/dashboard/public/buoy-icon.png +0 -0
package/apps/dashboard/public/in-flight-seagull.png +0 -0
package/apps/dashboard/public/pier-icon.png +0 -0
package/apps/dashboard/public/star-icon.png +0 -0
package/apps/dashboard/public/wrench-icon.png +0 -0
package/apps/dashboard/scripts/tauri-build.js +228 -0
package/apps/dashboard/scripts/upload-tauri-to-r2.js +125 -0
package/apps/dashboard/src/main.tsx +12 -0
package/apps/dashboard/src/router.tsx +107 -0
package/apps/dashboard/src/vite-env.d.ts +1 -0
package/apps/dashboard/tsconfig.json +7 -12
package/apps/dashboard/tsconfig.tsbuildinfo +1 -1
package/apps/dashboard/vite.config.ts +33 -0
package/apps/update-server/src/index.ts +167 -30
package/claude-hooks/global-guardrails.js +14 -13
package/crates/jettypod-cli/Cargo.toml +19 -0
package/crates/jettypod-cli/src/commands.rs +1249 -0
package/crates/jettypod-cli/src/main.rs +595 -0
package/crates/jettypod-core/Cargo.toml +26 -0
package/crates/jettypod-core/build.rs +98 -0
package/crates/jettypod-core/migrations/V1__baseline.sql +197 -0
package/crates/jettypod-core/migrations/V2__work_items_indexes.sql +6 -0
package/crates/jettypod-core/migrations/V3__qa_steps.sql +2 -0
package/crates/jettypod-core/src/auth.rs +294 -0
package/crates/jettypod-core/src/config.rs +397 -0
package/crates/jettypod-core/src/db/mod.rs +507 -0
package/crates/jettypod-core/src/db/recovery.rs +114 -0
package/crates/jettypod-core/src/db/startup.rs +101 -0
package/crates/jettypod-core/src/db/validate.rs +149 -0
package/crates/jettypod-core/src/error.rs +76 -0
package/crates/jettypod-core/src/git.rs +458 -0
package/crates/jettypod-core/src/lib.rs +20 -0
package/crates/jettypod-core/src/sessions.rs +625 -0
package/crates/jettypod-core/src/skills.rs +556 -0
package/crates/jettypod-core/src/work.rs +1086 -0
package/crates/jettypod-core/src/worktree.rs +628 -0
package/crates/jettypod-core/src/ws.rs +767 -0
package/cucumber-test.cjs +6 -0
package/jettypod.js +96 -4
package/lib/bdd-preflight.js +96 -0
package/lib/merge-lock.js +111 -253
package/lib/migrations/030-rejection-round-columns.js +54 -0
package/lib/migrations/031-session-isolation-index.js +17 -0
package/lib/work-commands/index.js +58 -16
package/lib/work-tracking/index.js +108 -8
package/package.json +1 -1
package/skills-templates/bug-mode/SKILL.md +43 -1
package/skills-templates/chore-mode/SKILL.md +40 -1
package/skills-templates/design-system-selection/SKILL.md +273 -0
package/skills-templates/epic-planning/SKILL.md +14 -0
package/skills-templates/feature-planning/SKILL.md +90 -1
package/skills-templates/production-mode/SKILL.md +20 -0
package/skills-templates/simple-improvement/SKILL.md +39 -2
package/skills-templates/speed-mode/SKILL.md +10 -15
package/skills-templates/stable-mode/SKILL.md +47 -0
package/apps/dashboard/README.md +0 -36
package/apps/dashboard/app/api/claude/[workItemId]/message/route.ts +0 -446
package/apps/dashboard/app/api/claude/[workItemId]/pin/route.ts +0 -24
package/apps/dashboard/app/api/claude/[workItemId]/route.ts +0 -280
package/apps/dashboard/app/api/claude/sessions/[sessionId]/content/route.ts +0 -52
package/apps/dashboard/app/api/claude/sessions/[sessionId]/message/route.ts +0 -525
package/apps/dashboard/app/api/claude/sessions/[sessionId]/pin/route.ts +0 -24
package/apps/dashboard/app/api/claude/sessions/cleanup/route.ts +0 -34
package/apps/dashboard/app/api/claude/sessions/route.ts +0 -184
package/apps/dashboard/app/api/decisions/[id]/route.ts +0 -25
package/apps/dashboard/app/api/internal/set-project/route.ts +0 -17
package/apps/dashboard/app/api/kanban/route.ts +0 -15
package/apps/dashboard/app/api/settings/env-vars/route.ts +0 -125
package/apps/dashboard/app/api/settings/general/route.ts +0 -21
package/apps/dashboard/app/api/tests/route.ts +0 -9
package/apps/dashboard/app/api/tests/run/route.ts +0 -82
package/apps/dashboard/app/api/tests/run/stream/route.ts +0 -71
package/apps/dashboard/app/api/tests/undefined/route.ts +0 -9
package/apps/dashboard/app/api/usage/route.ts +0 -17
package/apps/dashboard/app/api/work/[id]/description/route.ts +0 -21
package/apps/dashboard/app/api/work/[id]/epic/route.ts +0 -21
package/apps/dashboard/app/api/work/[id]/order/route.ts +0 -21
package/apps/dashboard/app/api/work/[id]/route.ts +0 -35
package/apps/dashboard/app/api/work/[id]/status/route.ts +0 -63
package/apps/dashboard/app/api/work/[id]/title/route.ts +0 -21
package/apps/dashboard/app/layout.tsx +0 -55
package/apps/dashboard/components/UpgradeBanner.tsx +0 -30
package/apps/dashboard/electron/ipc-handlers.js +0 -1026
package/apps/dashboard/electron/main.js +0 -2306
package/apps/dashboard/electron/preload.js +0 -125
package/apps/dashboard/electron/session-manager.js +0 -163
package/apps/dashboard/electron-builder.config.js +0 -357
package/apps/dashboard/hooks/useClaudeSessions.ts +0 -299
package/apps/dashboard/lib/backlog-parser.ts +0 -50
package/apps/dashboard/lib/claude-process-manager.ts +0 -529
package/apps/dashboard/lib/db-bridge.ts +0 -283
package/apps/dashboard/lib/prototypes.ts +0 -202
package/apps/dashboard/lib/test-results-db.ts +0 -307
package/apps/dashboard/lib/tests.ts +0 -282
package/apps/dashboard/next.config.js +0 -66
package/apps/dashboard/postcss.config.mjs +0 -7
package/apps/dashboard/public/bug-icon.svg +0 -9
package/apps/dashboard/public/buoy-icon.svg +0 -9
package/apps/dashboard/public/file.svg +0 -1
package/apps/dashboard/public/globe.svg +0 -1
package/apps/dashboard/public/in-flight-seagull.svg +0 -9
package/apps/dashboard/public/next.svg +0 -1
package/apps/dashboard/public/pier-icon.svg +0 -14
package/apps/dashboard/public/star-icon.svg +0 -9
package/apps/dashboard/public/vercel.svg +0 -1
package/apps/dashboard/public/window.svg +0 -1
package/apps/dashboard/public/wrench-icon.svg +0 -9
package/apps/dashboard/scripts/download-node.js +0 -104
package/apps/dashboard/scripts/upload-to-r2.js +0 -89

package/apps/dashboard/vite.config.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react-swc'
+import tailwindcss from '@tailwindcss/vite'
+import path from 'path'
+export default defineConfig({
+  plugins: [
+    react(),
+    tailwindcss(),
+  ],
+  resolve: {
+    alias: {
+      '@': path.resolve(__dirname, '.'),
+    },
+  },
+  server: {
+    port: 1420,
+    strictPort: true,
+  },
+  build: {
+    outDir: 'dist',
+    emptyOutDir: true,
+    rollupOptions: {
+      output: {
+        manualChunks: {
+          'vendor-motion': ['framer-motion'],
+          'vendor-dnd': ['@dnd-kit/core', '@dnd-kit/utilities'],
+          'vendor-markdown': ['react-markdown', 'remark-gfm'],
+        },
+      },
+    },
+  },
+})

package/apps/update-server/src/index.ts CHANGED Viewed

@@ -58,10 +58,41 @@ interface StripeCheckoutSession {
   subscription: string;
 }
+interface TauriPlatformArtifact {
+  url: string;
+  signature: string;
+}
+interface TauriUpdateManifest {
+  version: string;
+  notes: string;
+  pub_date: string;
+  platforms: Record<string, TauriPlatformArtifact>;
+}
 // ─── JWT ────────────────────────────────────────────────────────────
 const JWT_EXPIRY = 30 * 24 * 60 * 60; // 30 days
+// Cache imported CryptoKeys to avoid re-importing on every JWT operation
+const cryptoKeyCache = new Map<string, CryptoKey>();
+async function getHmacKey(secret: string, usage: 'sign' | 'verify'): Promise<CryptoKey> {
+  const cacheKey = `${secret}:${usage}`;
+  let key = cryptoKeyCache.get(cacheKey);
+  if (!key) {
+    key = await crypto.subtle.importKey(
+      'raw',
+      new TextEncoder().encode(secret),
+      { name: 'HMAC', hash: 'SHA-256' },
+      false,
+      [usage]
+    );
+    cryptoKeyCache.set(cacheKey, key);
+  }
+  return key;
+}
 async function signJWT(payload: JWTPayload, secret: string): Promise<string> {
   const header = { alg: 'HS256', typ: 'JWT' };
   const encode = (obj: unknown) =>
@@ -71,13 +102,7 @@ async function signJWT(payload: JWTPayload, secret: string): Promise<string> {
   const payloadB64 = encode(payload);
   const signingInput = `${headerB64}.${payloadB64}`;
-  const key = await crypto.subtle.importKey(
-    'raw',
-    new TextEncoder().encode(secret),
-    { name: 'HMAC', hash: 'SHA-256' },
-    false,
-    ['sign']
-  );
+  const key = await getHmacKey(secret, 'sign');
   const sig = await crypto.subtle.sign('HMAC', key, new TextEncoder().encode(signingInput));
   const sigB64 = btoa(String.fromCharCode(...new Uint8Array(sig)))
     .replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
@@ -92,13 +117,7 @@ async function verifyJWT(token: string, secret: string): Promise<JWTPayload | nu
   const [headerB64, payloadB64, sigB64] = parts;
   const signingInput = `${headerB64}.${payloadB64}`;
-  const key = await crypto.subtle.importKey(
-    'raw',
-    new TextEncoder().encode(secret),
-    { name: 'HMAC', hash: 'SHA-256' },
-    false,
-    ['verify']
-  );
+  const key = await getHmacKey(secret, 'verify');
   const sigBytes = Uint8Array.from(
     atob(sigB64.replace(/-/g, '+').replace(/_/g, '/')),
@@ -329,7 +348,7 @@ async function handleSendOTP(request: Request, env: Env): Promise<Response> {
   await env.AUTH_KV.put(`otp:${email}`, code, { expirationTtl: OTP_TTL });
-  await fetch('https://api.resend.com/emails', {
+  const emailRes = await fetch('https://api.resend.com/emails', {
     method: 'POST',
     headers: {
       Authorization: `Bearer ${env.RESEND_API_KEY}`,
@@ -343,6 +362,11 @@ async function handleSendOTP(request: Request, env: Env): Promise<Response> {
     }),
   });
+  if (!emailRes.ok) {
+    console.error('Failed to send OTP email:', emailRes.status, await emailRes.text());
+    return Response.json({ error: 'Failed to send email' }, { status: 502 });
+  }
   return Response.json({ sent: true });
 }
@@ -506,11 +530,17 @@ async function incrementUsage(db: D1Database, userId: string): Promise<void> {
 // ─── Authenticated Route Handlers ───────────────────────────────────
 async function handleGetMe(user: JWTPayload, env: Env): Promise<Response> {
-  // Check D1 for current plan (may differ from JWT if webhook updated it)
-  const dbUser = await env.AUTH_DB.prepare('SELECT * FROM users WHERE id = ?').bind(user.sub).first<User>();
+  // Run user fetch and usage check in parallel to avoid sequential DB queries
+  const [dbUser, usageFromJwt] = await Promise.all([
+    env.AUTH_DB.prepare('SELECT * FROM users WHERE id = ?').bind(user.sub).first<User>(),
+    checkUsageLimit(env.AUTH_DB, user.sub, user.plan),
+  ]);
   const currentPlan = dbUser?.plan || user.plan;
-  const usage = await checkUsageLimit(env.AUTH_DB, user.sub, currentPlan);
+  // If plan changed from JWT, re-check usage with correct plan
+  const usage = currentPlan !== user.plan
+    ? await checkUsageLimit(env.AUTH_DB, user.sub, currentPlan)
+    : usageFromJwt;
   const response: Record<string, unknown> = {
     user: { id: user.sub, email: user.email, plan: currentPlan },
@@ -595,6 +625,68 @@ async function determinePlanFromStripe(customerId: string, env: Env): Promise<st
   return 'free';
 }
+// ─── Platform Telemetry ─────────────────────────────────────────────
+function logUpdateCheck(request: Request, platform: 'electron' | 'tauri', meta: Record<string, string> = {}): void {
+  const userAgent = request.headers.get('User-Agent') || 'unknown';
+  console.log(JSON.stringify({
+    event: 'update_check',
+    platform,
+    user_agent: userAgent,
+    ...meta,
+  }));
+}
+// ─── Tauri Update ──────────────────────────────────────────────────
+/** Compare two semver strings. Returns 1 if a > b, -1 if a < b, 0 if equal. */
+function compareSemver(a: string, b: string): number {
+  const pa = a.replace(/^v/, '').split('.').map(Number);
+  const pb = b.replace(/^v/, '').split('.').map(Number);
+  for (let i = 0; i < 3; i++) {
+    const diff = (pa[i] || 0) - (pb[i] || 0);
+    if (diff !== 0) return diff > 0 ? 1 : -1;
+  }
+  return 0;
+}
+async function handleTauriUpdate(
+  target: string,
+  arch: string,
+  currentVersion: string,
+  requestUrl: URL,
+  env: Env
+): Promise<Response> {
+  const object = await env.RELEASE_ARTIFACTS.get('tauri-releases.json');
+  if (!object) {
+    return Response.json({ error: 'No Tauri releases available' }, { status: 404 });
+  }
+  const manifest = (await object.json()) as TauriUpdateManifest;
+  const platformKey = `${target}-${arch}`;
+  const platform = manifest.platforms[platformKey];
+  if (!platform) {
+    return Response.json({ error: `Unsupported platform: ${platformKey}` }, { status: 404 });
+  }
+  if (compareSemver(manifest.version, currentVersion) <= 0) {
+    return new Response('', { status: 204 });
+  }
+  const downloadUrl = platform.url.startsWith('http')
+    ? platform.url
+    : `${requestUrl.origin}/updates/download/${platform.url}`;
+  return Response.json({
+    version: manifest.version,
+    notes: manifest.notes,
+    pub_date: manifest.pub_date,
+    url: downloadUrl,
+    signature: platform.signature,
+  });
+}
 // ─── Existing Route Handlers ────────────────────────────────────────
 async function handleUpdateManifest(env: Env): Promise<Response> {
@@ -606,7 +698,7 @@ async function handleUpdateManifest(env: Env): Promise<Response> {
   return new Response(object.body, {
     headers: {
       'Content-Type': 'text/yaml',
-      'Cache-Control': 'no-cache',
+      'Cache-Control': 'public, max-age=3600, must-revalidate',
       'ETag': object.httpEtag,
     },
   });
@@ -641,22 +733,54 @@ async function handleArtifactDownload(pathname: string, env: Env): Promise<Respo
   });
 }
+async function handleTauriPublicDownload(platformKey: string, env: Env): Promise<Response | null> {
+  const object = await env.RELEASE_ARTIFACTS.get('tauri-releases.json');
+  if (!object) return null;
+  const manifest = (await object.json()) as TauriUpdateManifest;
+  const platform = manifest.platforms[platformKey];
+  if (!platform?.url) return null;
+  const filename = platform.url;
+  const artifact = await env.RELEASE_ARTIFACTS.get(filename);
+  if (!artifact) return null;
+  const contentType = filename.endsWith('.dmg')
+    ? 'application/x-apple-diskimage'
+    : filename.endsWith('.AppImage')
+      ? 'application/x-executable'
+      : 'application/octet-stream';
+  return new Response(artifact.body, {
+    headers: {
+      'Content-Type': contentType,
+      'Content-Length': artifact.size.toString(),
+      'Content-Disposition': `attachment; filename="${filename}"`,
+      'Cache-Control': 'public, max-age=86400',
+      'ETag': artifact.httpEtag,
+    },
+  });
+}
 async function handlePublicDownload(arch: string, env: Env): Promise<Response> {
-  // Parse latest-mac.yml to find current filenames
+  // Try Tauri artifacts first
+  const platformKey = arch === 'arm64' ? 'darwin-aarch64' : 'darwin-x86_64';
+  const tauriResponse = await handleTauriPublicDownload(platformKey, env);
+  if (tauriResponse) return tauriResponse;
+  // Fall back to Electron manifest (latest-mac.yml) during transition
   const manifest = await env.RELEASE_ARTIFACTS.get('latest-mac.yml');
   if (!manifest) {
     return Response.json({ error: 'No releases available' }, { status: 404 });
   }
   const yml = await manifest.text();
-  // Find DMG filenames from the manifest
   const dmgFiles = [...yml.matchAll(/url:\s*(\S+\.dmg)/g)].map(m => m[1]);
   let filename: string | undefined;
   if (arch === 'arm64') {
     filename = dmgFiles.find(f => f.includes('arm64'));
   } else {
-    // x64 — the one without arm64
     filename = dmgFiles.find(f => !f.includes('arm64'));
   }
@@ -700,13 +824,7 @@ async function verifyStripeSignature(
   if (age > 300) return false;
   const signedPayload = `${timestamp}.${payload}`;
-  const key = await crypto.subtle.importKey(
-    'raw',
-    new TextEncoder().encode(secret),
-    { name: 'HMAC', hash: 'SHA-256' },
-    false,
-    ['sign']
-  );
+  const key = await getHmacKey(secret, 'sign');
   const sig = await crypto.subtle.sign(
     'HMAC',
     key,
@@ -1023,12 +1141,19 @@ async function handleRequest(request: Request, url: URL, pathname: string, env:
     return handlePublicDownload('arm64', env);
   }
+  if (request.method === 'GET' && pathname === '/download/linux') {
+    const response = await handleTauriPublicDownload('linux-x86_64', env);
+    if (response) return response;
+    return Response.json({ error: 'No Linux release available' }, { status: 404 });
+  }
   // ── Update routes (paid plan or legacy cus_ token) ─────────────
-  // Update manifest
+  // Update manifest (Electron)
   if (request.method === 'GET' && pathname === '/updates/latest-mac.yml') {
     const authError = await authenticateUpdateRequest(request, env);
     if (authError) return authError;
+    logUpdateCheck(request, 'electron');
     return handleUpdateManifest(env);
   }
@@ -1039,6 +1164,18 @@ async function handleRequest(request: Request, url: URL, pathname: string, env:
     return handleArtifactDownload(pathname, env);
   }
+  // Tauri update manifest — /tauri/:target/:arch/:current_version
+  if (request.method === 'GET' && pathname.startsWith('/tauri/')) {
+    const authError = await authenticateUpdateRequest(request, env);
+    if (authError) return authError;
+    const parts = pathname.split('/').filter(Boolean); // ["tauri", target, arch, version]
+    if (parts.length === 4) {
+      logUpdateCheck(request, 'tauri', { target: parts[1], arch: parts[2], current_version: parts[3] });
+      return handleTauriUpdate(parts[1], parts[2], parts[3], url, env);
+    }
+    return Response.json({ error: 'Invalid update URL format' }, { status: 400 });
+  }
   // ── Stripe/checkout routes (existing) ──────────────────────────
   if (request.method === 'POST' && pathname === '/checkout/create-session') {

package/claude-hooks/global-guardrails.js CHANGED Viewed

@@ -245,28 +245,29 @@ function evaluateBashCommand(command, inputRef, cwd) {
     }
   }
-  // BLOCKED: work merge or tests merge from inside a worktree
-  // This prevents shell CWD corruption when worktree is deleted
+  // BLOCKED: work merge or tests merge from inside a worktree WITHOUT explicit ID
+  // Merge with explicit ID is safe: the merge command handles CWD internally via
+  // process.chdir() and does NOT delete the worktree (only cleanup does).
+  // Bare merge (no ID) is blocked because getCurrentWork() relies on branch detection
+  // which breaks after process.chdir() moves away from the worktree.
   if (/jettypod\s+(work|tests)\s+merge\b/.test(strippedCommand)) {
     const isInWorktree = cwd && cwd.includes('.jettypod-work');
-    if (isInWorktree) {
-      // Extract main repo path and work item ID for helpful error message
+    const hasExplicitId = /merge\s+\d+/.test(strippedCommand);
+    if (isInWorktree && !hasExplicitId) {
       const mainRepoPath = cwd.split('.jettypod-work')[0].replace(/\/$/, '');
-      const workIdMatch = strippedCommand.match(/merge\s+(\d+)/);
-      const workId = workIdMatch ? workIdMatch[1] : '<id>';
       return {
         allowed: false,
-        message: 'Cannot merge from inside a worktree',
-        hint: `Current CWD: ${cwd}
-Main repo:   ${mainRepoPath}
+        message: 'Cannot merge from inside a worktree without an explicit work item ID',
+        hint: `Provide the work item ID explicitly:
-Run these as TWO SEPARATE Bash calls:
+  jettypod work merge <id>
-  1. cd ${mainRepoPath}
-  2. jettypod work merge ${workId}
+This works from anywhere — the merge command handles CWD internally.
+After merge, cd to main repo before cleanup:
-Why: Hooks check CWD before 'cd &&' executes, so chained commands fail.`
+  cd ${mainRepoPath}
+  jettypod work cleanup <id>`
       };
     }
   }

package/crates/jettypod-cli/Cargo.toml ADDED Viewed

@@ -0,0 +1,19 @@
+[package]
+name = "jettypod-cli"
+version = "0.1.0"
+edition = "2021"
+description = "JettyPod workflow CLI"
+[[bin]]
+name = "jettypod"
+path = "src/main.rs"
+[dependencies]
+jettypod-core = { path = "../jettypod-core" }
+clap = { version = "4", features = ["derive"] }
+tokio = { workspace = true, features = ["rt-multi-thread", "macros"] }
+anyhow = { workspace = true }
+log = { workspace = true }
+serde_json = { workspace = true }
+chrono = { workspace = true }
+rusqlite = { version = "0.31", features = ["bundled"] }